Win32/Conficker.B worm infection

[NunChukaKata]

Hello,

I am currently infected with the Win32/Conficker.B virus on my work machine. A little background on it, someone here at work downloaded the virus on one of our network drives which has spread to many machines I assume. Our MIS department has recently swapped servers so it won't spread anymore, but several machines are still infected by this virus. I have run several different scans in and out of safe mode only to have it return. As of today, Malwarebytes no longer recognizes the virus for some reason, but Microsoft Security Essentials is still finding instances of it. I've been dealing with this for over a week now and have had no success removing. It will be greatly appreciated if you can help rid my machine of this nasty virus.

Much obliged,

Jeff D

attach.txt

dds.txt

[Maniac]

Hi Jeff and

As a business computer you need to have a license for using MBAM. Contact the Corporate support they will take care:

http://www.malwarebytes.org/support/corporate/

[NunChukaKata]

Well the thing is I bought an individual license for Malwarebytes for my home computer and I decided to use it on my work computer as well because the antivirus software I was using wouldn't let me remove a virus because I didn't have administrative privileges. Then eventually our MIS department stopped using that antivirus program so all I had was Malwarebytes on it since it was protecting it until I received this virus that is so I tried to download AVG but that didn't work. So I ended up downloading Microsoft Security Essentials. The licensed Malwarebytes is only on my computer and nobody else uses it.

[Maniac]

That's what I need to know. Before we begin I need a new log file from DDS. Furthermore, I would like to explain that Malwarebytes Anti-Malware is software, not Anti-Virus. This means that you are not protected from viruses and still need an antivirus program. The conclusion is that Malwarebytes' Anti-Malware is an additional protection, not essential.

[NunChukaKata]

Understood. Thanks for your help on this and here are the new log files.

attach.txt

dds.txt

[Maniac]

I saw that you ran ComboFix. As I understand, you have made it without the supervision of some trained. That's a great mistake! Please read this guide:

http://www.bleepingcomputer.com/forums/topic273628.html

Now:

Step 1

Anti-Virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash. My suggestion is to uninstall Sophos Anti-Virus (the following too: Sophos AutoUpdate and Sophos Remote Management System) and to keep Microsoft Security Essentials. Finally, reboot your PC.

Step 2

• Launch Malwarebytes' Anti-Malware
  
• Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  
• Go to Scanner tab and select Perform Quick Scan, then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy&Paste the entire report in your next reply.
  

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 3

Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

On completion of the scan click save log, save it to your desktop and post in your next reply

In your next reply, post the following log files:

• Malwarebytes' Anti-Malware log
  
• aswMBR log
  
• a new fresh DDS log

[NunChukaKata]

Here are the logs. For some reason, Malwarebytes doesn't find it anymore and hasn't the past couple of days

aswMBR.txt

attach.txt

dds.txt

mbam-log-2012-08-24 (09-50-21).txt

[Maniac]

Please read my instructions carefully:

Copy&Paste the entire report in your next reply.

On completion of the scan click save log, save it to your desktop and post in your next reply

In your next reply, post the following log files:

[NunChukaKata]

Sorry misunderstood what you said. Just so I'm certain you want me to copy and paste the malwarebytes directly into the reply and have the other logs as attachments? Or copy/paste all logs directly into the reply?

[Maniac]

Do not attach any log files. With each step further saying that the log file must be published a right in your comment, and not be attached. Thus complicate things for you and me and wasting time.

[NunChukaKata]

Understood sorry for the confusion. Here are updated log files:

Malwarebytes:

Malwarebytes Anti-Malware (PRO) 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.24.05

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

dedmanj :: GISWORK2 [administrator]

Protection: Enabled

8/24/2012 10:42:10 AM

mbam-log-2012-08-24 (10-42-10).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 291529

Time elapsed: 7 minute(s), 56 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

aswMBR:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-08-24 10:53:44

-----------------------------

10:53:44.615 OS Version: Windows 5.1.2600 Service Pack 3

10:53:44.615 Number of processors: 2 586 0xF06

10:53:44.615 ComputerName: GISWORK2 UserName: dedmanj

10:53:45.225 Initialize success

10:54:30.762 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-19

10:54:30.762 Disk 0 Vendor: WDC_WD1600AAJS-08PSA0 05.06H05 Size: 152627MB BusType: 3

10:54:30.777 Disk 0 MBR read successfully

10:54:30.777 Disk 0 MBR scan

10:54:30.777 Disk 0 Windows XP default MBR code

10:54:30.777 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152617 MB offset 63

10:54:30.777 Disk 0 scanning sectors +312560640

10:54:30.887 Disk 0 scanning C:\WINDOWS\system32\drivers

10:54:40.732 Service scanning

10:54:48.748 Service MpKsl71359f69 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DB7E70E7-F7F9-4B76-941D-44735EC32F33}\MpKsl71359f69.sys **LOCKED** 32

10:54:57.718 Modules scanning

10:55:03.750 Disk 0 trace - called modules:

10:55:03.765 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS

10:55:03.765 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ac5bab8]

10:55:03.781 3 CLASSPNP.SYS[b80e8fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-19[0x8ac76b00]

10:55:03.781 Scan finished successfully

10:55:09.922 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\dedmanj\Desktop\MBR.dat"

10:55:10.001 The log file has been saved successfully to "C:\Documents and Settings\dedmanj\Desktop\aswMBR.txt"

dds:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.6.2

Run by dedmanj at 10:57:18 on 2012-08-24

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2034 [GMT -5:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

svchost.exe

C:\Program Files\Java\jre7\bin\jqs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe

C:\Program Files\LogMeIn\x86\RaMaint.exe

C:\Program Files\LogMeIn\x86\LogMeIn.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\Neon Responder Service.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Microsoft ActiveSync\wcescomm.exe

C:\WINDOWS\system32\ctfmon.exe

C:\PROGRA~1\MI3AA1~1\rapimgr.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Documents and Settings\dedmanj\Application Data\Dropbox\bin\Dropbox.exe

C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE

C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe

C:\Program Files\iTunes\iTunes.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe

C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe

C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe

C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE

C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE

C:\Documents and Settings\dedmanj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\dedmanj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\dedmanj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\dedmanj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\dedmanj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\dedmanj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = www.msn.com

uInternet Connection Wizard,ShellNext = hxxp://www.slizone.com/

uInternet Settings,ProxyOverride = 192.168.1.*;127.0.0.*;*.local

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -

BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -

uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [soundMan] SOUNDMAN.EXE

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

StartupFolder: c:\docume~1\dedmanj\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\dedmanj\application data\dropbox\bin\Dropbox.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\apcups~1.lnk - c:\program files\apc\apc powerchute personal edition\Display.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

uPolicies-system: EnableLUA = 0 (0x0)

IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll

IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll

IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16}

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

Trusted Zone: microsoft.com\update

DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} - hxxp://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204

DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab

DPF: {4592C0F5-3382-44C6-9F79-BEA2CCBDA2EA} - hxxp://onbase.lebanontn.org/activex/OBXWebSelect.cab

DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1342212263919

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1342212249872

DPF: {7D731A83-6C80-4EA4-9646-5E06A0513274} - hxxp://www.shockwave.com/content/ballistik/sis/slgwebinstall.cab

DPF: {87237C1E-D4C7-4632-88D5-157F4D0258F8} - hxxp://onbase.lebanontn.org/AppNet/activex/OBXWebViewer.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {93D532DD-85FC-4A92-8254-8DB5437D8690} - hxxp://onbase.lebanontn.org/AppNet/activex/OBXPopup.cab

DPF: {A9CEF04E-E6CE-45B5-BFAD-158103BB1007} - hxxp://onbase.lebanontn.org/AppNet/activex/OBXWebSelect.cab

DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} - hxxp://support.f-secure.com/ols/fscax.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {F5876F16-5217-4B38-96F3-C2BB80215302} - hxxp://onbase.lebanontn.org/activex/OBXWebViewer.cab

DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100

TCP: Interfaces\{AF77C8D5-D52F-4A5C-B534-C63748B804AA} : NameServer = 192.168.1.11,192.168.1.88,8.8.8.8

TCP: Interfaces\{C464620F-5B21-484A-A733-9A8D2368D828} : NameServer = 192.168.1.11,192.168.1.5

Handler: sds - {79E0F14C-9C52-4218-89A7-7C4B0563D121} - c:\program files\imagistics\desktop document manager\ExplorerExtensions.dll

Notify: LMIinit - LMIinit.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

mASetup: {B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC} - c:\program files\pixiepack codec pack\InstallerHelper.exe

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\dedmanj\application data\mozilla\firefox\profiles\mv1z7qyd.default\

FF - prefs.js: browser.search.selectedEngine - AVG Secure Search

FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official

FF - prefs.js: keyword.URL - hxxp://search.freecause.com/search?fr=freecause&ourmark=3&type=61615&p=

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064]

R1 MpKsl71359f69;MpKsl71359f69;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{db7e70e7-f7f9-4b76-941d-44735ec32f33}\MpKsl71359f69.sys [2012-8-24 29904]

R2 LeicaCOMM;Leica Virtual COM Port Driver;c:\windows\system32\drivers\SS1VCOMM.sys [2008-10-6 29862]

R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2011-7-6 374184]

R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2011-1-11 12856]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-10-22 47640]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-12-15 655944]

R2 Neon Responder;Neon Responder;c:\windows\Neon Responder Service.exe [2010-3-11 271952]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-12-15 22344]

S0 uuvy;uuvy;c:\windows\system32\drivers\lvlmv.sys --> c:\windows\system32\drivers\lvlmv.sys [?]

S1 jgameenp;jgameenp;\??\c:\windows\system32\drivers\jgameenp.sys --> c:\windows\system32\drivers\jgameenp.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-13 136176]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-7-13 136176]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S4 LMIRfsClientNP;LMIRfsClientNP; [x]

.

=============== Created Last 30 ================

.

2012-08-24 15:12:57 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{db7e70e7-f7f9-4b76-941d-44735ec32f33}\offreg.dll

2012-08-24 14:46:53 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{db7e70e7-f7f9-4b76-941d-44735ec32f33}\MpKsl71359f69.sys

2012-08-24 13:59:12 7023536 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{db7e70e7-f7f9-4b76-941d-44735ec32f33}\mpengine.dll

2012-08-23 13:50:48 7023536 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll

2012-08-22 21:20:34 33280 -c--a-w- c:\windows\system32\dllcache\rundll32.exe

2012-08-22 21:20:34 33280 ----a-w- c:\windows\system32\rundll32.exe

2012-08-22 18:59:36 -------- d-----w- c:\documents and settings\dedmanj\application data\NVIDIA

2012-08-22 17:49:29 292700 ----a-w- c:\windows\system32\nvdrsdb1.bin

2012-08-22 17:49:29 292700 ----a-w- c:\windows\system32\nvdrsdb0.bin

2012-08-22 17:49:29 1 ----a-w- c:\windows\system32\nvdrssel.bin

2012-08-22 17:49:15 -------- d-----w- c:\program files\NVIDIA Corporation

2012-08-21 19:44:59 98816 ----a-w- c:\windows\sed.exe

2012-08-21 19:44:59 518144 ----a-w- c:\windows\SWREG.exe

2012-08-21 19:44:59 256000 ----a-w- c:\windows\PEV.exe

2012-08-21 19:44:59 208896 ----a-w- c:\windows\MBR.exe

2012-08-21 13:30:04 -------- d-----w- c:\windows\system32\winrm

2012-08-21 13:29:53 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$

2012-08-21 13:28:45 -------- d-----w- c:\program files\Windows Desktop Search

2012-08-21 13:27:02 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll

2012-08-21 13:27:02 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll

2012-08-21 13:27:02 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll

2012-08-21 13:26:18 -------- d-----w- c:\program files\Windows Media Connect 2

2012-08-21 13:20:42 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll

2012-08-20 21:17:43 -------- d-----w- c:\program files\Microsoft Security Client

2012-08-16 19:36:09 -------- d-----w- c:\windows\system32\MpEngineStore

2012-08-16 14:21:33 -------- d-----w- c:\documents and settings\dedmanj\application data\ElevatedDiagnostics

2012-08-16 13:56:15 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2012-08-14 20:13:48 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-08-03 13:58:48 -------- d-----w- c:\documents and settings\dedmanj\application data\AVG2012

2012-08-02 12:43:49 -------- d-----w- c:\documents and settings\all users\application data\AVG2012

2012-08-02 12:43:00 -------- d-----w- c:\program files\AVG

2012-08-02 12:39:51 -------- d--h--w- c:\documents and settings\all users\application data\Common Files

2012-08-02 12:39:51 -------- d-----w- c:\documents and settings\all users\application data\MFAData

2012-07-26 17:29:21 -------- d-----w- c:\program files\Barracuda

.

==================== Find3M ====================

.

2012-08-16 13:56:00 143872 ----a-w- c:\windows\system32\javacpl.cpl

2012-08-16 13:55:59 821736 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-08-16 13:55:59 746984 ----a-w- c:\windows\system32\deployJava1.dll

2012-08-14 19:23:33 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-08-14 19:23:33 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-07-13 12:27:47 83392 ----a-w- c:\windows\system32\LMIRfsClientNP.dll

2012-07-13 12:27:47 52128 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll

2012-07-13 12:27:46 87456 ----a-w- c:\windows\system32\LMIinit.dll

2012-07-13 12:27:46 30624 ----a-w- c:\windows\system32\LMIport.dll

2012-07-06 13:58:51 78336 ----a-w- c:\windows\system32\browser.dll

2012-07-04 14:05:18 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-07-03 18:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-03 13:40:15 1866112 ----a-w- c:\windows\system32\win32k.sys

2012-07-02 17:49:33 916992 ----a-w- c:\windows\system32\wininet.dll

2012-07-02 17:49:32 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-07-02 17:49:32 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2012-07-02 12:05:43 385024 ----a-w- c:\windows\system32\html.iec

2012-06-07 01:59:42 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX

2012-06-05 15:50:25 1372672 ----a-w- c:\windows\system32\msxml6.dll

2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll

2012-06-04 22:35:26 222448 ----a-w- c:\windows\system32\muweb.dll

2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 20:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui

2012-06-02 20:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl

2012-06-02 20:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2012-06-02 20:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui

2012-06-02 20:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui

2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll

.

============= FINISH: 10:58:03.50 ===============

attach:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 10/11/2007 3:04:28 PM

System Uptime: 8/24/2012 9:46:14 AM (1 hours ago)

.

Motherboard: Supermicro | | X7DAL

Processor: Intel® Xeon® CPU 5160 @ 3.00GHz | LGA771/CPU1 | 3000/mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 149 GiB total, 76.079 GiB free.

E: is NetworkDisk (NTFS) - 466 GiB total, 272.355 GiB free.

I: is NetworkDisk (NTFS) - 668 GiB total, 405.631 GiB free.

J: is NetworkDisk (NTFS) - 668 GiB total, 405.631 GiB free.

L: is CDROM ()

S: is CDROM ()

V: is NetworkDisk (NTFS) - 466 GiB total, 272.355 GiB free.

W: is NetworkDisk (NTFS) - 668 GiB total, 405.631 GiB free.

X: is NetworkDisk (NTFS) - 584 GiB total, 539.498 GiB free.

Y: is NetworkDisk (FAT) - 112 GiB total, 5.854 GiB free.

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: Intel® PRO/1000 EB Network Connection with I/O Acceleration

Device ID: PCI\VEN_8086&DEV_1096&SUBSYS_000015D9&REV_01\6&1185AD87&0&00100018

Manufacturer: Intel

Name: Intel® PRO/1000 EB Network Connection with I/O Acceleration

PNP Device ID: PCI\VEN_8086&DEV_1096&SUBSYS_000015D9&REV_01\6&1185AD87&0&00100018

Service: e1express

.

Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}

Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard

Device ID: ACPI\PNP0303\5&6B1A51C&0

Manufacturer: (Standard keyboards)

Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard

PNP Device ID: ACPI\PNP0303\5&6B1A51C&0

Service: i8042prt

.

Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}

Description: PS/2 Compatible Mouse

Device ID: ACPI\PNP0F13\5&6B1A51C&0

Manufacturer: Microsoft

Name: PS/2 Compatible Mouse

PNP Device ID: ACPI\PNP0F13\5&6B1A51C&0

Service: i8042prt

.

==== System Restore Points ===================

.

RP1160: 6/21/2012 3:21:26 PM - Removed Free DWG Viewer

RP1161: 6/21/2012 3:26:13 PM - Installed Free DWG Viewer

RP1162: 6/22/2012 5:08:23 PM - System Checkpoint

RP1163: 6/23/2012 5:46:33 PM - System Checkpoint

RP1164: 6/24/2012 6:22:34 PM - System Checkpoint

RP1165: 6/25/2012 6:58:38 PM - System Checkpoint

RP1166: 6/26/2012 7:22:42 PM - System Checkpoint

RP1167: 6/27/2012 8:10:43 PM - System Checkpoint

RP1168: 6/28/2012 8:46:45 PM - System Checkpoint

RP1169: 6/29/2012 9:58:47 PM - System Checkpoint

RP1170: 6/30/2012 10:10:49 PM - System Checkpoint

RP1171: 7/2/2012 12:22:52 AM - System Checkpoint

RP1172: 7/3/2012 12:41:51 AM - System Checkpoint

RP1173: 7/4/2012 1:04:35 AM - System Checkpoint

RP1174: 7/5/2012 1:16:31 AM - System Checkpoint

RP1175: 7/6/2012 1:54:51 PM - System Checkpoint

RP1176: 7/9/2012 9:33:52 AM - System Checkpoint

RP1177: 7/10/2012 12:09:53 PM - System Checkpoint

RP1178: 7/11/2012 12:43:43 PM - System Checkpoint

RP1179: 7/12/2012 1:33:37 PM - System Checkpoint

RP1180: 7/13/2012 7:29:07 AM - Printer Driver LogMeIn Printer Driver Installed

RP1181: 7/13/2012 3:50:07 PM - Software Distribution Service 3.0

RP1182: 7/14/2012 4:17:13 PM - System Checkpoint

RP1183: 7/15/2012 4:26:08 PM - System Checkpoint

RP1184: 7/16/2012 4:47:59 PM - System Checkpoint

RP1185: 7/17/2012 5:37:06 PM - System Checkpoint

RP1186: 7/18/2012 6:02:06 PM - System Checkpoint

RP1187: 7/19/2012 6:26:09 PM - System Checkpoint

RP1188: 7/20/2012 7:26:09 PM - System Checkpoint

RP1189: 7/21/2012 8:26:12 PM - System Checkpoint

RP1190: 7/22/2012 9:26:10 PM - System Checkpoint

RP1191: 7/23/2012 9:50:11 PM - System Checkpoint

RP1192: 7/24/2012 10:38:15 PM - System Checkpoint

RP1193: 7/26/2012 1:50:41 AM - System Checkpoint

RP1194: 7/26/2012 12:28:57 PM - Removed Barracuda Message Archiver Outlook Add-In 2.4.17

RP1195: 7/26/2012 12:29:20 PM - Installed Barracuda Message Archiver Outlook Add-In 2.4.17

RP1196: 7/27/2012 12:43:30 PM - System Checkpoint

RP1197: 7/28/2012 1:26:03 PM - System Checkpoint

RP1198: 7/29/2012 2:26:03 PM - System Checkpoint

RP1199: 7/30/2012 4:45:18 PM - System Checkpoint

RP1200: 7/31/2012 4:58:15 PM - System Checkpoint

RP1201: 8/1/2012 6:17:40 PM - System Checkpoint

RP1202: 8/2/2012 7:42:58 AM - Installed AVG 2012

RP1203: 8/2/2012 7:48:58 AM - Installed AVG 2012

RP1204: 8/2/2012 7:49:10 AM - Removed AVG 2012

RP1205: 8/2/2012 7:55:12 AM - Installed AVG 2012

RP1206: 8/2/2012 8:09:42 AM - Installed AVG 2012

RP1207: 8/2/2012 8:09:58 AM - Removed AVG 2012

RP1208: 8/3/2012 7:52:17 AM - Installed AVG 2012

RP1209: 8/3/2012 8:38:17 AM - Installed AVG 2012

RP1210: 8/3/2012 8:38:27 AM - Removed AVG 2012

RP1211: 8/3/2012 8:55:55 AM - Installed AVG 2012

RP1212: 8/3/2012 9:00:40 AM - Installed AVG 2012

RP1213: 8/3/2012 9:00:55 AM - Removed AVG 2012

RP1214: 8/4/2012 9:46:56 AM - System Checkpoint

RP1215: 8/5/2012 10:47:17 AM - System Checkpoint

RP1216: 8/6/2012 11:39:26 AM - System Checkpoint

RP1217: 8/7/2012 12:44:08 PM - System Checkpoint

RP1218: 8/8/2012 12:49:32 PM - System Checkpoint

RP1219: 8/9/2012 12:51:08 PM - System Checkpoint

RP1220: 8/10/2012 10:50:19 AM - Installed AVG 2012

RP1221: 8/10/2012 10:58:12 AM - Installed AVG 2012

RP1222: 8/10/2012 10:58:19 AM - Removed AVG 2012

RP1223: 8/11/2012 11:23:19 AM - System Checkpoint

RP1224: 8/12/2012 12:23:14 PM - System Checkpoint

RP1225: 8/13/2012 12:47:53 PM - System Checkpoint

RP1226: 8/14/2012 12:50:24 PM - System Checkpoint

RP1227: 8/14/2012 2:05:18 PM - Software Distribution Service 3.0

RP1228: 8/14/2012 2:52:14 PM - Installed AVG 2012

RP1229: 8/14/2012 3:02:11 PM - Installed AVG 2012

RP1230: 8/14/2012 3:03:12 PM - Removed AVG 2012

RP1231: 8/14/2012 3:13:47 PM - Software Distribution Service 3.0

RP1232: 8/15/2012 2:02:33 AM - Software Distribution Service 3.0

RP1233: 8/16/2012 12:24:46 AM - Software Distribution Service 3.0

RP1234: 8/16/2012 8:14:53 AM - Printer Driver Adobe PDF Converter Installed

RP1235: 8/16/2012 8:55:22 AM - Removed Java 7 Update 4

RP1236: 8/16/2012 8:55:51 AM - Installed Java 7 Update 6

RP1237: 8/16/2012 8:57:32 AM - Installed %1 %2.

RP1238: 8/17/2012 12:17:52 AM - Software Distribution Service 3.0

RP1239: 8/18/2012 12:02:56 AM - Software Distribution Service 3.0

RP1240: 8/18/2012 3:34:59 PM - Software Distribution Service 3.0

RP1241: 8/19/2012 12:02:28 AM - Software Distribution Service 3.0

RP1242: 8/19/2012 3:35:07 PM - Software Distribution Service 3.0

RP1243: 8/20/2012 12:02:33 AM - Software Distribution Service 3.0

RP1244: 8/20/2012 4:20:48 PM - Software Distribution Service 3.0

RP1245: 8/21/2012 12:12:03 AM - Software Distribution Service 3.0

RP1246: 8/21/2012 8:21:57 AM - Software Distribution Service 3.0

RP1247: 8/21/2012 11:41:07 PM - Software Distribution Service 3.0

RP1248: 8/22/2012 12:15:36 PM - Software Distribution Service 3.0

RP1249: 8/22/2012 12:36:03 PM - Software Distribution Service 3.0

RP1250: 8/22/2012 12:48:16 PM - Software Distribution Service 3.0

RP1251: 8/23/2012 12:15:01 AM - Software Distribution Service 3.0

RP1252: 8/23/2012 8:50:43 AM - Software Distribution Service 3.0

RP1253: 8/24/2012 8:59:07 AM - Software Distribution Service 3.0

RP1254: 8/24/2012 9:25:51 AM - Removed Sophos Anti-Virus

RP1255: 8/24/2012 9:32:36 AM - Removed Sophos AutoUpdate

RP1256: 8/24/2012 9:34:13 AM - Removed Sophos Remote Management System

.

==== Installed Programs ======================

.

3DVIA Shape for Maps

7-Zip 4.65

Adobe Acrobat 7.0 Standard - English, Français, Deutsch

Adobe Acrobat 7.1.0 Standard - English, Français, Deutsch

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Amazon MP3 Downloader 1.0.15

APC PowerChute Personal Edition

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ArcGIS ArcReader 10

ArcGIS ArcReader 10 Service Pack 1

ArcGIS ArcReader 10 Service Pack 2

ArcGIS Desktop 10

ArcGIS Desktop 10 Service Pack 1

ArcGIS Desktop 10 Service Pack 2

ArcGIS Desktop 10 Service Pack 3

ArcGIS Desktop 10 Service Pack 4

ArcGIS Editor Info

ArcGIS Mobile 10

AviSynth 2.5

Barracuda Message Archiver Outlook Add-In 2.4.17

Bing Maps 3D

Bonjour

CCleaner

Compatibility Pack for the 2007 Office system

Corpscon 6.0.1

Dassault Systemes Software Prerequisites x86

Desktop Document Manager

Dropbox

Eye-Fi Center 3.4

ffdshow [rev 2583] [2009-01-05]

Free DWG Viewer 7.1

GIS DataPRO

Google Chrome

Google Earth

Google Update Helper

GoToMeeting 4.8.0.723

GPS Pathfinder Office

Haali Media Splitter

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB915800-v4)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

HP Business Inkjet 2800

HP Business Inkjet 2800 series

Imagistics im3511/im4511 Series PCL Printer Driver

Imagistics PCL6 T1 Printer Driver

Intel® PRO Network Connections 12.0.36.0

IrfanView (remove only)

iTunes

Java 7 Update 6

Java Auto Updater

Java 6 Update 31

JavaFX 2.1.1

LightScribe 1.8.15.1

LogMeIn

Malwarebytes Anti-Malware version 1.62.0.1300

Microsoft .NET Framework 1.1

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft ActiveSync

Microsoft Application Error Reporting

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

Microsoft Office Access Runtime (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Professional Edition 2003

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft SQL Server 2008 Native Client

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

MobileMe Control Panel

Move Media Player

Mozilla Firefox 9.0.1 (x86 en-US)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Nero 7 Ultra Edition

neroxml

NVIDIA Drivers

Océ WPD

OGA Notifier 2.0.0048.0

PCMark05

PerformanceTest v6.1

PixiePack Codec Pack

Python 2.5 numpy-1.0.3

Python 2.5.1

QuickTime

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

Realtek AC'97 Audio

RealUpgrade 1.1

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft Windows (KB2564958)

Security Update for Windows Internet Explorer 8 (KB2183461)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB2416400)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2530548)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2559049)

Security Update for Windows Internet Explorer 8 (KB2586448)

Security Update for Windows Internet Explorer 8 (KB2647516)

Security Update for Windows Internet Explorer 8 (KB2675157)

Security Update for Windows Internet Explorer 8 (KB2699988)

Security Update for Windows Internet Explorer 8 (KB2722913)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB976325)

Security Update for Windows Internet Explorer 8 (KB978207)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player (KB979402)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows Media Player 9 (KB936782)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2621440)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2641653)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2647518)

Security Update for Windows XP (KB2653956)

Security Update for Windows XP (KB2655992)

Security Update for Windows XP (KB2659262)

Security Update for Windows XP (KB2660465)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB2676562)

Security Update for Windows XP (KB2685939)

Security Update for Windows XP (KB2686509)

Security Update for Windows XP (KB2691442)

Security Update for Windows XP (KB2695962)

Security Update for Windows XP (KB2698365)

Security Update for Windows XP (KB2705219)

Security Update for Windows XP (KB2707511)

Security Update for Windows XP (KB2712808)

Security Update for Windows XP (KB2718523)

Security Update for Windows XP (KB2719985)

Security Update for Windows XP (KB2723135)

Security Update for Windows XP (KB2731847)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB923789)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956390)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958215)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371-v2)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

Sentinel System Driver

SiSoftware Sandra Lite XIIc

TextPad 5

Trimble TrimPix Pro Configuration Center

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Windows Internet Explorer 8 (KB2598845)

Update for Windows Internet Explorer 8 (KB2632503)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB980182)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2492386)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2616676-v2)

Update for Windows XP (KB2641690)

Update for Windows XP (KB2718704)

Update for Windows XP (KB943729)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

Visual C++ 8.0 ATL (x86) WinSXS MSM

Visual C++ 8.0 CRT (x86) WinSXS MSM

VLC media player 2.0.2

WebFldrs XP

WIDCOMM Bluetooth Software

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 8

Windows Management Framework Core

Windows Media Format 11 runtime

Windows Media Player 11

Windows Media Player Firefox Plugin

Windows Mobile Developer Power Toys

Windows Mobile® Device Handbook

Windows XP Service Pack 3

.

==== Event Viewer Messages From Past Week ========

.

8/24/2012 9:32:06 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service Sophos AutoUpdate Service with arguments "-Service" in order to run the server: {BF515489-25C1-472D-8F02-378E6CC06B3C}

8/24/2012 9:31:55 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service Sophos AutoUpdate Service with arguments "-Service" in order to run the server: {7CBCADE4-7AA7-43AE-BD20-D88223B6353E}

8/24/2012 9:29:42 AM, error: NETLOGON [5719] - No Domain Controller is available for domain CITYHALL due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.

8/22/2012 8:54:13 AM, error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Conficker.B&threatid=2147618124 Name: Worm:Win32/Conficker.B ID: 2147618124 Severity: Severe Category: Worm Path: containerfile:_C:\WINDOWS\system32\wtmxv.seg;file:_C:\WINDOWS\system32\wtmxv.seg->(UPX) Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070021 Error description: The process cannot access the file because another process has locked a portion of the file. Signature Version: AV: 1.133.61.0, AS: 1.133.61.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8703.0, NIS: 0.0.0.0

8/22/2012 3:48:30 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips i8042prt intelppm IPSec jgameenp MpFilter MRxSmb NetBIOS NetBT RasAcd Rdbss SAVOnAccessControl SAVOnAccessFilter sptd Tcpip WS2IFSL

8/22/2012 3:48:30 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.

8/22/2012 3:48:30 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.

8/22/2012 3:48:30 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

8/22/2012 3:48:30 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

8/22/2012 3:48:30 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

8/22/2012 12:55:53 AM, error: SAVOnAccessControl [85] -

8/22/2012 12:17:49 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft .NET Framework 1.1 Service Pack 1.

8/21/2012 4:31:03 PM, error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Conficker.B&threatid=2147618124 Name: Worm:Win32/Conficker.B ID: 2147618124 Severity: Severe Category: Worm Path: containerfile:_C:\WINDOWS\system32\wtmxv.seg;file:_C:\WINDOWS\system32\wtmxv.seg->(UPX) Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070020 Error description: The process cannot access the file because it is being used by another process. Signature Version: AV: 1.133.50.0, AS: 1.133.50.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8703.0, NIS: 0.0.0.0

8/21/2012 3:01:19 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt jgameenp sptd

8/21/2012 3:01:19 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Sophos Agent service to connect.

8/21/2012 3:01:19 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the LogMeIn service to connect.

8/21/2012 3:01:19 PM, error: Service Control Manager [7001] - The Sentinel service depends on the Parport service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

8/21/2012 3:01:19 PM, error: Service Control Manager [7000] - The Sophos Agent service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

8/21/2012 2:59:56 PM, error: Print [33] - The PrintQueue Container could not be found because the DNS Domain name could not be retrieved. Error: 6ba

8/21/2012 2:26:09 PM, error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.

8/21/2012 10:16:06 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

8/20/2012 5:00:00 PM, error: Schedule [7901] - The At1.job command failed to start due to the following error: %%2147942402

8/20/2012 3:37:49 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

8/19/2012 10:29:42 PM, error: NETLOGON [5719] - No Domain Controller is available for domain CITYHALL due to the following: The RPC server is unavailable. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.

8/17/2012 9:50:47 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.

8/17/2012 3:14:20 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

8/17/2012 3:14:09 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.2223.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode

8/17/2012 3:14:01 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.2223.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode

8/17/2012 3:09:00 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

.

==== End Of File ===========================

[Maniac]

Good!

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

[NunChukaKata]

ComboFix log:

ComboFix 12-08-24.01 - dedmanj 08/24/2012 11:49:29.3.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2290 [GMT -5:00]

Running from: c:\documents and settings\dedmanj\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\system32\wtmxv.seg

.

.

((((((((((((((((((((((((( Files Created from 2012-07-24 to 2012-08-24 )))))))))))))))))))))))))))))))

.

.

2012-08-24 15:12 . 2012-08-24 15:12 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DB7E70E7-F7F9-4B76-941D-44735EC32F33}\offreg.dll

2012-08-24 14:46 . 2012-08-24 14:46 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DB7E70E7-F7F9-4B76-941D-44735EC32F33}\MpKsl71359f69.sys

2012-08-24 13:59 . 2012-08-01 22:51 7023536 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DB7E70E7-F7F9-4B76-941D-44735EC32F33}\mpengine.dll

2012-08-23 13:50 . 2012-08-01 22:51 7023536 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-08-22 21:20 . 2008-04-14 00:12 33280 -c--a-w- c:\windows\system32\dllcache\rundll32.exe

2012-08-22 21:20 . 2008-04-14 00:12 33280 ----a-w- c:\windows\system32\rundll32.exe

2012-08-22 18:59 . 2012-08-22 18:59 -------- d-----w- c:\documents and settings\dedmanj\Application Data\NVIDIA

2012-08-22 17:49 . 2012-08-22 17:49 292700 ----a-w- c:\windows\system32\nvdrsdb0.bin

2012-08-22 17:49 . 2012-08-22 17:49 1 ----a-w- c:\windows\system32\nvdrssel.bin

2012-08-22 17:49 . 2012-08-22 17:49 292700 ----a-w- c:\windows\system32\nvdrsdb1.bin

2012-08-22 17:49 . 2012-08-22 17:49 -------- d-----w- c:\program files\NVIDIA Corporation

2012-08-22 15:14 . 2012-08-22 15:22 -------- d-----w- c:\documents and settings\jimc

2012-08-21 13:30 . 2012-08-21 13:30 -------- d-----w- c:\windows\system32\winrm

2012-08-21 13:29 . 2012-08-21 13:30 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$

2012-08-21 13:28 . 2012-08-21 14:00 -------- d-----w- c:\program files\Windows Desktop Search

2012-08-21 13:27 . 2008-03-07 17:02 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll

2012-08-21 13:27 . 2008-03-07 17:02 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll

2012-08-21 13:27 . 2008-03-07 17:02 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll

2012-08-21 13:26 . 2012-08-21 13:26 -------- d-----w- c:\program files\Windows Media Connect 2

2012-08-21 13:24 . 2012-08-21 13:25 -------- d-----w- c:\windows\system32\drivers\UMDF

2012-08-21 13:20 . 2011-08-16 10:45 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll

2012-08-20 21:17 . 2012-08-20 21:18 -------- d-----w- c:\program files\Microsoft Security Client

2012-08-20 20:37 . 2012-08-20 20:37 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE

2012-08-17 14:52 . 2012-08-17 14:52 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2012-08-16 19:36 . 2012-08-17 15:06 -------- d-----w- c:\windows\system32\MpEngineStore

2012-08-16 14:21 . 2012-08-16 14:21 -------- d-----w- c:\documents and settings\dedmanj\Application Data\ElevatedDiagnostics

2012-08-16 13:56 . 2012-08-16 13:56 -------- d-----w- c:\program files\Common Files\Java

2012-08-16 13:56 . 2012-08-16 13:56 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2012-08-14 20:13 . 2012-01-31 12:44 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-08-03 13:58 . 2012-08-03 13:58 -------- d-----w- c:\documents and settings\dedmanj\Application Data\AVG2012

2012-08-02 12:43 . 2012-08-14 20:01 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012

2012-08-02 12:43 . 2012-08-02 12:43 -------- d-----w- c:\program files\AVG

2012-08-02 12:39 . 2012-08-14 19:51 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData

2012-08-02 12:39 . 2012-08-02 12:39 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files

2012-07-26 17:29 . 2012-07-26 17:29 -------- d-----w- c:\program files\Barracuda

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-16 13:56 . 2012-03-07 15:38 143872 ----a-w- c:\windows\system32\javacpl.cpl

2012-08-16 13:55 . 2012-05-15 17:55 821736 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-08-16 13:55 . 2010-06-16 12:32 746984 ----a-w- c:\windows\system32\deployJava1.dll

2012-08-14 19:23 . 2012-05-16 18:50 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-08-14 19:23 . 2011-05-17 12:32 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-07-13 12:27 . 2010-10-22 19:05 52128 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll

2012-07-13 12:27 . 2010-10-22 19:05 83392 ----a-w- c:\windows\system32\LMIRfsClientNP.dll

2012-07-13 12:27 . 2010-10-22 19:05 30624 ----a-w- c:\windows\system32\LMIport.dll

2012-07-13 12:27 . 2010-10-22 19:04 87456 ----a-w- c:\windows\system32\LMIinit.dll

2012-07-06 13:58 . 2004-08-04 12:00 78336 ----a-w- c:\windows\system32\browser.dll

2012-07-04 14:05 . 2007-10-11 19:59 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-07-03 18:46 . 2009-12-15 17:15 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-03 13:40 . 2004-08-04 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys

2012-07-02 17:49 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll

2012-07-02 17:49 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-07-02 17:49 . 2004-08-04 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2012-07-02 12:05 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec

2012-06-07 01:59 . 2012-06-07 01:59 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX

2012-06-05 15:50 . 2008-04-14 00:12 1372672 ----a-w- c:\windows\system32\msxml6.dll

2012-06-05 15:50 . 2004-08-04 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll

2012-06-04 22:35 . 2007-10-11 20:01 210968 ----a-w- c:\windows\system32\wuweb.dll

2012-06-04 22:35 . 2007-07-31 00:18 222448 ----a-w- c:\windows\system32\muweb.dll

2012-06-04 04:32 . 2004-08-04 12:00 152576 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 20:19 . 2007-10-11 21:21 22040 ----a-w- c:\windows\system32\wucltui.dll.mui

2012-06-02 20:19 . 2007-10-11 21:21 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2012-06-02 20:19 . 2007-10-11 20:01 329240 ----a-w- c:\windows\system32\wucltui.dll

2012-06-02 20:19 . 2007-10-11 20:01 219160 ----a-w- c:\windows\system32\wuaucpl.cpl

2012-06-02 20:19 . 2012-07-13 20:44 15384 ----a-w- c:\windows\system32\wuapi.dll.mui

2012-06-02 20:19 . 2007-10-11 21:21 45080 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 20:19 . 2007-10-11 20:01 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 20:19 . 2007-10-11 20:01 35864 ----a-w- c:\windows\system32\wups.dll

2012-06-02 20:19 . 2004-08-04 12:00 97304 ----a-w- c:\windows\system32\cdm.dll

2012-06-02 20:19 . 2007-10-11 21:21 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui

2012-06-02 20:19 . 2007-10-11 20:01 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 20:19 . 2007-10-11 20:01 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-05-31 13:22 . 2004-08-04 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll

2012-06-06 14:35 . 2011-03-15 12:27 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((( SnapShot_2012-08-22_21.02.35 )))))))))))))))))))))))))))))))))))))))))

.

+ 2012-08-24 14:46 . 2012-08-24 14:46 16384 c:\windows\temp\Perflib_Perfdata_3c8.dat

+ 2008-04-14 00:12 . 2008-04-14 00:12 30720 c:\windows\system32\dllcache\iisrstas.exe

+ 2008-04-14 00:11 . 2008-04-14 00:11 64512 c:\windows\system32\dllcache\iismap.dll

+ 2008-04-14 00:11 . 2008-04-14 00:11 68608 c:\windows\system32\dllcache\iisext51.dll

+ 2008-04-14 00:12 . 2008-04-14 00:12 20538 c:\windows\system32\dllcache\fpremadm.exe

+ 2008-04-14 00:11 . 2008-04-14 00:11 20541 c:\windows\system32\dllcache\fpexedll.dll

+ 2008-04-14 00:12 . 2008-04-14 00:12 15120 c:\windows\system32\dllcache\fp98sadm.exe

+ 2008-04-14 00:11 . 2008-04-14 00:11 49212 c:\windows\system32\dllcache\fp4awebs.dll

+ 2008-04-14 00:11 . 2008-04-14 00:11 32826 c:\windows\system32\dllcache\fp4avss.dll

+ 2008-04-14 00:11 . 2008-04-14 00:11 41020 c:\windows\system32\dllcache\fp4avnb.dll

+ 2008-04-14 00:11 . 2008-04-14 00:11 49210 c:\windows\system32\dllcache\fp4areg.dll

+ 2008-04-14 00:11 . 2008-04-14 00:11 82035 c:\windows\system32\dllcache\fp4anscp.dll

+ 2004-08-04 12:00 . 2008-04-14 00:11 32768 c:\windows\system32\dllcache\dispex.dll

+ 2008-04-14 00:11 . 2008-04-14 00:11 39936 c:\windows\system32\dllcache\dimsroam.dll

+ 2008-04-14 00:11 . 2008-04-14 00:11 19456 c:\windows\system32\dllcache\dimsntfy.dll

+ 2004-08-04 12:00 . 2008-04-14 00:11 62464 c:\windows\system32\dllcache\cryptsvc.dll

+ 2004-08-04 12:00 . 2008-04-14 00:11 64512 c:\windows\system32\dllcache\cryptnet.dll

+ 2004-08-04 12:00 . 2008-04-14 00:11 53760 c:\windows\system32\dllcache\cryptext.dll

+ 2004-08-04 12:00 . 2008-04-14 00:11 33280 c:\windows\system32\dllcache\cryptdll.dll

+ 2004-08-04 12:00 . 2008-04-14 00:11 74752 c:\windows\system32\dllcache\cryptdlg.dll

+ 2008-04-14 00:11 . 2008-04-14 00:11 46592 c:\windows\system32\dllcache\coadmin.dll

+ 2004-08-04 12:00 . 2008-04-14 00:09 16896 c:\windows\system32\dllcache\cfgmgr32.dll

+ 2008-04-14 00:12 . 2008-04-14 00:12 16439 c:\windows\system32\dllcache\author.exe

+ 2008-04-14 00:11 . 2008-04-14 00:11 20540 c:\windows\system32\dllcache\author.dll

+ 2004-08-04 12:00 . 2008-04-14 00:11 30208 c:\windows\system32\dllcache\atmlib.dll

+ 2004-08-04 12:00 . 2010-03-05 14:37 65536 c:\windows\system32\dllcache\asycfilt.dll

- 2010-03-05 14:37 . 2010-03-05 14:37 65536 c:\windows\system32\dllcache\asycfilt.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 98304 c:\windows\system32\dllcache\ahui.exe

+ 2008-04-14 00:11 . 2008-04-14 00:11 43520 c:\windows\system32\dllcache\admwprox.dll

+ 2008-04-14 00:12 . 2008-04-14 00:12 16439 c:\windows\system32\dllcache\admin.exe

+ 2008-04-14 00:11 . 2008-04-14 00:11 20540 c:\windows\system32\dllcache\admin.dll

+ 2008-04-14 00:11 . 2008-04-14 00:11 7168 c:\windows\system32\dllcache\bitsprx4.dll

+ 2008-04-14 00:11 . 2008-04-14 00:11 133632 c:\windows\system32\dllcache\iisrtl.dll

+ 2007-04-02 16:36 . 2007-04-02 16:36 208896 c:\windows\system32\dllcache\fpmmcsat.dll

+ 2008-04-14 00:11 . 2008-04-14 00:11 598071 c:\windows\system32\dllcache\fpmmc.dll

+ 2008-04-14 00:12 . 2008-04-14 00:12 188494 c:\windows\system32\dllcache\fpcount.exe

+ 2008-04-14 00:12 . 2008-04-14 00:12 109840 c:\windows\system32\dllcache\fp98swin.exe

+ 2008-04-14 00:11 . 2008-04-14 00:11 876653 c:\windows\system32\dllcache\fp4awel.dll

+ 2008-04-14 00:11 . 2008-04-14 00:11 102509 c:\windows\system32\dllcache\fp4atxt.dll

+ 2008-04-14 00:11 . 2008-04-14 00:11 147513 c:\windows\system32\dllcache\fp4apws.dll

+ 2008-04-14 00:11 . 2008-04-14 00:11 184435 c:\windows\system32\dllcache\fp4amsft.dll

+ 2004-08-04 12:00 . 2008-04-13 19:14 143744 c:\windows\system32\dllcache\fastfat.sys

+ 2004-08-04 12:00 . 2008-04-13 17:37 138752 c:\windows\system32\dllcache\dssenh.dll

+ 2004-08-04 12:00 . 2008-04-14 00:11 512512 c:\windows\system32\dllcache\cryptui.dll

+ 2004-08-04 12:00 . 2012-05-31 13:22 599040 c:\windows\system32\dllcache\crypt32.dll

- 2011-09-09 09:12 . 2012-05-31 13:22 599040 c:\windows\system32\dllcache\crypt32.dll

+ 2004-08-04 12:00 . 2008-04-14 00:11 252928 c:\windows\system32\dllcache\compatui.dll

+ 2004-08-04 12:00 . 2008-04-14 00:11 276992 c:\windows\system32\dllcache\comdlg32.dll

- 2010-11-02 16:19 . 2010-08-23 16:12 617472 c:\windows\system32\dllcache\comctl32.dll

+ 2004-08-04 12:00 . 2010-08-23 16:12 617472 c:\windows\system32\dllcache\comctl32.dll

+ 2008-04-14 00:12 . 2008-04-14 00:12 188480 c:\windows\system32\dllcache\cfgwiz.exe

+ 2008-04-14 00:11 . 2008-04-14 00:11 233472 c:\windows\system32\dllcache\azroles.dll

+ 2004-08-04 12:00 . 2008-04-14 00:11 125952 c:\windows\system32\dllcache\apphelp.dll

+ 2008-04-14 00:11 . 2008-04-14 00:11 290816 c:\windows\system32\dllcache\adsiis51.dll

+ 2004-08-04 12:00 . 2008-04-14 00:11 116224 c:\windows\system32\dllcache\acxtrnal.dll

+ 2004-08-04 12:00 . 2008-04-14 00:11 245248 c:\windows\system32\dllcache\acspecfc.dll

- 2009-12-08 20:13 . 2011-03-11 14:10 471552 c:\windows\system32\dllcache\aclayers.dll

+ 2004-08-04 12:00 . 2011-03-11 14:10 471552 c:\windows\system32\dllcache\aclayers.dll

+ 2008-04-14 00:11 . 2008-04-14 00:11 136192 c:\windows\system32\dllcache\aaclient.dll

+ 2004-08-04 12:00 . 2008-04-14 00:11 1852928 c:\windows\system32\dllcache\acgenral.dll

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMan"="SOUNDMAN.EXE" [2006-08-03 577536]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]

.

c:\documents and settings\dedmanj\Start Menu\Programs\Startup\

Dropbox.lnk - c:\documents and settings\dedmanj\Application Data\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2011-6-28 221247]

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-4-14 596584]

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]

2012-07-13 12:27 87456 ----a-w- c:\windows\system32\LMIinit.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk

backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Audible Download Manager.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Audible Download Manager.lnk

backup=c:\windows\pss\Audible Download Manager.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]

2008-04-23 08:08 483328 ----a-w- c:\program files\Adobe\Acrobat 7.0\Distillr\acrotray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]

2012-02-23 16:38 59240 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]

2012-05-31 01:06 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

2007-03-12 19:49 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]

2008-04-14 00:12 110592 ----a-w- c:\windows\system32\bthprops.cpl

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eye-Fi]

2011-12-22 05:11 3961464 ----a-w- c:\program files\Eye-Fi\Helper\EyeFiHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FtpServer.exe]

2005-01-06 00:17 626688 ----a-w- c:\program files\Imagistics\Desktop Document Manager\FTPServer.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2012-02-13 14:44 136176 ----atw- c:\documents and settings\dedmanj\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPWPTOOLBOX]

2004-10-21 09:31 327680 ----a-w- c:\program files\Hewlett-Packard\HP Business Inkjet 2800 series\Toolbox\HPWPTBX.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Indexer]

2005-01-06 01:39 184320 ----a-w- c:\program files\Imagistics\Desktop Document Manager\Indexer.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexTray]

2005-01-06 01:37 106496 ----a-w- c:\program files\Imagistics\Desktop Document Manager\IndexTray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]

2006-09-11 10:40 218032 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2012-06-08 00:33 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]

2007-07-18 22:55 451872 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]

2011-01-12 00:04 63048 ----a-w- c:\program files\LogMeIn\x86\LogMeInSystray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]

2012-07-03 18:46 462920 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2007-03-10 00:53 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

2008-09-18 04:55 86016 ----a-w- c:\windows\system32\nvmctray.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2012-04-19 01:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SharpTray]

2005-01-06 01:59 32768 ----a-w- c:\program files\Imagistics\Desktop Document Manager\SharpTray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

2009-03-05 21:07 2260480 ------w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2012-07-03 14:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2012-05-29 12:31 296056 ----a-w- c:\program files\Real\realplayer\Update\realsched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TypeRegChecker]

2005-01-06 01:40 57344 ----a-w- c:\program files\Imagistics\Desktop Document Manager\TypeRegChecker.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]

2006-03-30 22:45 313472 ----a-r- c:\program files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XIIc\\Win32\\RpcDataSrv.exe"=

"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XIIc\\RpcSandraSrv.exe"=

"c:\\Program Files\\Hewlett-Packard\\HP Business Inkjet 2800 series\\Toolbox\\HPWPTBX.exe"=

"c:\\Program Files\\Imagistics\\Desktop Document Manager\\FTPServer.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)

.

R1 MpKsl71359f69;MpKsl71359f69;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DB7E70E7-F7F9-4B76-941D-44735EC32F33}\MpKsl71359f69.sys [8/24/2012 9:46 AM 29904]

R2 LeicaCOMM;Leica Virtual COM Port Driver;c:\windows\system32\drivers\SS1VCOMM.sys [10/6/2008 3:42 PM 29862]

R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [7/6/2011 4:32 PM 374184]

R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [1/11/2011 7:04 PM 12856]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/15/2009 12:15 PM 655944]

R2 Neon Responder;Neon Responder;c:\windows\Neon Responder Service.exe [3/11/2010 3:32 PM 271952]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/15/2009 12:15 PM 22344]

S0 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]

S0 uuvy;uuvy;c:\windows\system32\drivers\lvlmv.sys --> c:\windows\system32\drivers\lvlmv.sys [?]

S1 jgameenp;jgameenp;\??\c:\windows\System32\Drivers\jgameenp.sys --> c:\windows\System32\Drivers\jgameenp.sys [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/13/2010 2:56 PM 136176]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7/13/2010 2:56 PM 136176]

S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [8/1/2008 11:00 AM 47360]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - ASWMBR

*NewlyCreated* - MPKSL71359F69

*Deregistered* - aswMBR

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2007-07-18 22:53 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}]

2008-06-18 20:04 8192 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-23 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]

.

2012-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-13 19:56]

.

2012-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-13 19:56]

.

2012-08-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-746137067-1060284298-6191Core.job

- c:\documents and settings\dedmanj\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-13 14:44]

.

2012-08-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-746137067-1060284298-6191UA.job

- c:\documents and settings\dedmanj\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-13 14:44]

.

2012-08-24 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-854245398-746137067-1060284298-6191.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-04-30 23:21]

.

2012-08-24 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-854245398-746137067-1060284298-6191.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-04-30 23:21]

.

.

------- Supplementary Scan -------

.

uStart Page = www.msn.com

uInternet Connection Wizard,ShellNext = hxxp://www.slizone.com/

uInternet Settings,ProxyOverride = 192.168.1.*;127.0.0.*;*.local

IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

Trusted Zone: microsoft.com\update

TCP: Interfaces\{AF77C8D5-D52F-4A5C-B534-C63748B804AA}: NameServer = 192.168.1.11,192.168.1.88,8.8.8.8

TCP: Interfaces\{C464620F-5B21-484A-A733-9A8D2368D828}: NameServer = 192.168.1.11,192.168.1.5

DPF: {4592C0F5-3382-44C6-9F79-BEA2CCBDA2EA} - hxxp://onbase.lebanontn.org/activex/OBXWebSelect.cab

DPF: {7D731A83-6C80-4EA4-9646-5E06A0513274} - hxxp://www.shockwave.com/content/ballistik/sis/slgwebinstall.cab

DPF: {87237C1E-D4C7-4632-88D5-157F4D0258F8} - hxxp://onbase.lebanontn.org/AppNet/activex/OBXWebViewer.cab

DPF: {93D532DD-85FC-4A92-8254-8DB5437D8690} - hxxp://onbase.lebanontn.org/AppNet/activex/OBXPopup.cab

DPF: {A9CEF04E-E6CE-45B5-BFAD-158103BB1007} - hxxp://onbase.lebanontn.org/AppNet/activex/OBXWebSelect.cab

DPF: {F5876F16-5217-4B38-96F3-C2BB80215302} - hxxp://onbase.lebanontn.org/activex/OBXWebViewer.cab

FF - ProfilePath - c:\documents and settings\dedmanj\Application Data\Mozilla\Firefox\Profiles\mv1z7qyd.default\

FF - prefs.js: browser.search.selectedEngine - AVG Secure Search

FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official

FF - prefs.js: keyword.URL - hxxp://search.freecause.com/search?fr=freecause&ourmark=3&type=61615&p=

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-08-24 11:55

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-854245398-746137067-1060284298-6191\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

[HKEY_USERS\S-1-5-21-854245398-746137067-1060284298-6191\Software\SonyDADC\ACC001*]

"063304A8DDFD34CF37028BA100C68DA1"=hex:00,00,00,00

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(764)

c:\windows\system32\LMIinit.dll

c:\windows\system32\LMIRfsClientNP.dll

.

Completion time: 2012-08-24 11:58:08

ComboFix-quarantined-files.txt 2012-08-24 16:58

ComboFix2.txt 2012-08-22 21:05

ComboFix3.txt 2012-08-21 20:10

.

Pre-Run: 81,631,326,208 bytes free

Post-Run: 81,710,063,616 bytes free

.

- - End Of File - - 4002CB50B9469BB6B2393A874C703982

[Maniac]

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

• Tick the box next to YES, I accept the Terms of Use
  
• Click Start
  
• When asked, allow the ActiveX control to install
  
• Click Start
  
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  
• Click Scan (This scan can take several hours, so please be patient)
  
• Once the scan is completed, you may close the window
  
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  
• Copy and paste that log as a reply to this topic
  

[NunChukaKata]

<p>Eset:</p>

<p> </p>

<p> </p>

<div>ESETSmartInstaller@High as CAB hook log:</div>

<div>OnlineScanner.ocx - registred OK</div>

<div># version=7</div>

<div># iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)</div>

<div># OnlineScanner.ocx=1.0.0.6583</div>

<div># api_version=3.0.2</div>

<div># EOSSerial=5fb0e6d7919aea45ae8273c0f6f3703c</div>

<div># end=finished</div>

<div># remove_checked=true</div>

<div># archives_checked=false</div>

<div># unwanted_checked=true</div>

<div># unsafe_checked=false</div>

<div># antistealth_checked=false</div>

<div># utc_time=2012-08-25 01:32:27</div>

<div># local_time=2012-08-24 08:32:27 (-0600, Central Daylight Time)</div>

<div># country="United States"</div>

<div># lang=1033</div>

<div># osver=5.1.2600 NT Service Pack 3</div>

<div># compatibility_mode=5891 16776533 42 93 0 12969113 0 0</div>

<div># compatibility_mode=8192 67108863 100 0 0 0 0 0</div>

<div># scanned=118365</div>

<div># found=0</div>

<div># cleaned=0</div>

<div># scan_time=3568</div>

<div>esets_scanner_update returned -1 esets_gle=53251</div>

<div># version=7</div>

<div># iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)</div>

<div># OnlineScanner.ocx=1.0.0.6583</div>

<div># api_version=3.0.2</div>

<div># EOSSerial=5fb0e6d7919aea45ae8273c0f6f3703c</div>

<div># end=finished</div>

<div># remove_checked=true</div>

<div># archives_checked=false</div>

<div># unwanted_checked=true</div>

<div># unsafe_checked=false</div>

<div># antistealth_checked=false</div>

<div># utc_time=2012-08-25 02:39:05</div>

<div># local_time=2012-08-24 09:39:05 (-0600, Central Daylight Time)</div>

<div># country="United States"</div>

<div># lang=1033</div>

<div># osver=5.1.2600 NT Service Pack 3</div>

<div># compatibility_mode=5891 16776869 42 93 0 12973580 0 0</div>

<div># compatibility_mode=8192 67108863 100 0 0 0 0 0</div>

<div># scanned=118418</div>

<div># found=1</div>

<div># cleaned=1</div>

<div># scan_time=3098</div>

<div>C:\WINDOWS\system32\wtmxv.seg<span class="Apple-tab-span" style="white-space:pre"> </span>Win32/Conficker.AA worm (cleaned by deleting - quarantined)<span class="Apple-tab-span" style="white-space:pre"> </span>B420138B88EDA83A51FEA5298F72864A<span class="Apple-tab-span" style="white-space:pre"> </span>C</div>

<div> </div>

[Maniac]

How are things now?

[NunChukaKata]

According to Microsoft Security Essentials, I had one so I removed it and had to restart. As soon as the desktop came up and everything loaded MSE quarantined another instance of the virus.

[Maniac]

I need log files. Please take a look at these locations:

C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Support

C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Security Essentials\Support

[NunChukaKata]

MPLog:

--------------------------------------------------------------------------------

Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) Service Log

Started On ‎08‎-‎25‎-‎2012 06:20:53

************************************************************

2012-08-25T11:20:54.046Z Trace session started - MpWppTracing-08252012-062053-00000003-ffffffff.bin**********Cache stats************

No. Of buckets -> 31573

Each Bucket has max capacity of -> 1 entries

number of Entries is 28204

Number of invalid entries is 0

Number of Inserts issued is 110239

Number of replaces issued is 0

Number of Insert failures is 14

Number of lookups is 1330887

Number of misses is 1198864

Number of false fast lookups is 201601

Number of invalidations is 778

Number of maintenance invalidations is 0

Current File Size is 761856

Journal ID = 1cd7fa0f8752055

Trusted image state = 1 USN = 0

2012-08-25T11:20:54.156Z Verifying RTP plugin...

2012-08-25T11:20:54.156Z verified!

2012-08-25T11:20:54.156Z Verifying Nis plugin...

2012-08-25T11:20:54.156Z Loading engine...

2012-08-25T11:20:54.156Z Verifying engine and signature files (source: 1) ...

2012-08-25T11:20:54.562Z verified!

2012-08-25T11:20:56.390Z Initializing SQM in engine...

2012-08-25T11:20:56.390Z SQM initialized in the engine successfully

2012-08-25T11:20:56.421Z Initializing RTP plugin state...

****************************RTP Perf Log***************************

RTP Start:N/A

Last Perf:(null)

First RTP Scan:N/A

Plugin States: AV:2 AS:2 RTP:2 OA:2 BM:2

Process Exclusions:

Path Exclusions:

Ext Exclusions:

Worker Threads:

AM:16

Async:4

Cache Flushes:

RTP:0

System File Cache:

Hits:0

Misses:0

BM Queue:0,0,0

Proc:0,0,0

File:0,0,0

Plugin Queue:0,0,0

Threat:0,0,0

Susp:0,0,0

Unknown:0,0,0

Error:0,0,0

Request Queue:1,1,0

SetEngine:1,1,0

SetState:0,0,0

SetUser:0,0,0

Config:0,0,0

ProcExcl:0,0,0

FilterReload:0,0,0

FilterUnload:0,0,0

MpFilter:

Scans:0

Pending:0

RegSize:0

AsyncQNotif:0

AsyncQMissed:0

AsyncQTotalSent:282

AsyncQCurrent:0

BMFlags:0

ServiceMaj:0

ServiceMin:0

ProcBitmap:0

NumInstance:2

TotalStreamCon:737

TotalBitmap:71112

**************************END RTP Perf Log*************************

2012-08-25T11:20:56.421Z initialized!

2012-08-25T11:20:56.421Z loaded!

2012-08-25T11:20:56.421Z NisUpdate from SignatureDropLocation returns S_OK

2012-08-25T11:20:56.421Z NisUpdate from SignatureDefaultLocation returns S_OK

2012-08-25T11:20:56.453Z Verifying license file...

2012-08-25T11:20:56.453Z verified!

2012-08-25T11:20:56.453Z Product supports installmode: 1

2012-08-25T11:20:56.468Z Task(-GenuineCheck -RestrictPrivileges) launched

2012-08-25T11:20:56.468Z Auto purger task is scheduled to run in 600000(ms) from now with period 86400000(ms)

Product Version: 4.0.1526.0

Service Version: 4.0.1526.0

Engine Version: 1.1.8703.0

AS Signature Version: 1.133.248.0

AV Signature Version: 1.133.248.0

************************************************************

2012-08-25T11:21:08.218Z Error retrieving instance AntiSpywareProduct:0x80041002

2012-08-25T11:21:08.781Z Successfully wrote instance of AntiVirusProduct with state(1) and up-to-date state(1)

2012-08-25T11:21:25.036Z WAT report: machine genuine, state(1) error(0x0)

2012-08-25T11:21:31.402Z Successfully wrote instance of AntiVirusProduct with state(1) and up-to-date state(1)

2012-08-25T11:21:57.861Z Process scan (poststartupscan) started.

2012-08-25T11:22:08.768Z Process scan (poststartupscan) completed.

2012-08-25T11:22:23.397Z Task(SpyNetService -RestrictPrivileges -AccessKey D058B4B4-2641-2444-8C1B-91D5C303A982) launched

Begin Resource Scan

Scan ID:{6C1FA04D-478D-416F-B585-68F88FA67723}

Scan Source:3

Start Time:‎08‎-‎25‎-‎2012 06:22:20

End Time:‎08‎-‎25‎-‎2012 06:22:34

Explicit resource to scan

Resource Schema:file

Resource Path:C:\WINDOWS\system32\wtmxv.seg->(UPX)

Result Count:1

Threat Name:Worm:Win32/Conficker.B

ID:2147618124

Severity:5

Number of Resources:2

Resource Schema:file

Resource Path:C:\WINDOWS\system32\wtmxv.seg->(UPX)

Extended Info:39128812877358

Resource Schema:containerfile

Resource Path:C:\WINDOWS\system32\wtmxv.seg

Extended Info:0

End Scan

************************************************************

2012-08-25T11:22:35.244Z DETECTIONEVENT Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX);

2012-08-25T11:22:35.383Z DETECTION_ADD Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX)

2012-08-25T11:22:37.053Z DETECTION_MERGE Worm:Win32/Conficker.B containerfile:C:\WINDOWS\system32\wtmxv.seg

2012-08-25T11:22:37.053Z DETECTIONEVENT Worm:Win32/Conficker.B containerfile:C:\WINDOWS\system32\wtmxv.seg;file:C:\WINDOWS\system32\wtmxv.seg->(UPX);

Begin Resource Scan

Scan ID:{1B5AFBB2-E1A0-49B7-B553-BEA8A16068F0}

Scan Source:6

Start Time:‎08‎-‎25‎-‎2012 06:22:35

End Time:‎08‎-‎25‎-‎2012 06:22:37

Explicit resource to scan

Resource Schema:file

Resource Path:C:\WINDOWS\system32\wtmxv.seg->(UPX)

Result Count:1

Threat Name:Worm:Win32/Conficker.B

ID:2147618124

Severity:5

Number of Resources:2

Resource Schema:file

Resource Path:C:\WINDOWS\system32\wtmxv.seg->(UPX)

Extended Info:39128812877358

Resource Schema:containerfile

Resource Path:C:\WINDOWS\system32\wtmxv.seg

Extended Info:0

End Scan

************************************************************

2012-08-25T11:22:40.984Z Successfully wrote instance of AntiVirusProduct with state(1) and up-to-date state(1)

2012-08-25T11:23:14.157Z DETECTION_MERGE Worm:Win32/Conficker.B file:C:\WINDOWS\Tasks\At1.job

2012-08-25T11:23:14.157Z DETECTION_MERGE Worm:Win32/Conficker.B taskscheduler:C:\WINDOWS\Tasks\At1.job

2012-08-25T11:23:14.157Z DETECTIONEVENT Worm:Win32/Conficker.B containerfile:C:\WINDOWS\system32\wtmxv.seg;file:C:\WINDOWS\system32\wtmxv.seg->(UPX);file:C:\WINDOWS\Tasks\At1.job;taskscheduler:C:\WINDOWS\Tasks\At1.job;

Begin Resource Scan

Scan ID:{EAD12FC5-DD12-4F5E-8DDB-7A10DB6E742F}

Scan Source:6

Start Time:‎08‎-‎25‎-‎2012 06:22:37

End Time:‎08‎-‎25‎-‎2012 06:23:14

Explicit resource to scan

Resource Schema:containerfile

Resource Path:C:\WINDOWS\system32\wtmxv.seg

Explicit resource to scan

Resource Schema:file

Resource Path:C:\WINDOWS\system32\wtmxv.seg->(UPX)

Result Count:1

Threat Name:Worm:Win32/Conficker.B

ID:2147618124

Severity:5

Number of Resources:4

Resource Schema:file

Resource Path:C:\WINDOWS\Tasks\At1.job

Extended Info:0

Resource Schema:file

Resource Path:C:\WINDOWS\system32\wtmxv.seg->(UPX)

Extended Info:39128812877358

Resource Schema:taskscheduler

Resource Path:C:\WINDOWS\Tasks\At1.job

Extended Info:0

Resource Schema:containerfile

Resource Path:C:\WINDOWS\system32\wtmxv.seg

Extended Info:0

End Scan

************************************************************

Beginning threat actions

Start time:‎08‎-‎25‎-‎2012 06:23:14

Threat Name:Worm:Win32/Conficker.B

Threat ID:2147618124

Action:quarantine

Resource action complete:Quarantine

Schema:file

Path:\\?\C:\WINDOWS\Tasks\At1.job

Threat ID:2147618124

Resource refcount:1

Result:0

Resource action complete:Quarantine

Schema:file

Path:\\?\C:\WINDOWS\system32\wtmxv.seg->(UPX)

Threat ID:2147618124

Resource refcount:1

Result:0

Resource action complete:Quarantine

Schema:taskscheduler

Path:\\?\C:\WINDOWS\Tasks\At1.job

Threat ID:2147618124

Resource refcount:1

Result:0

Resource action complete:Quarantine

Schema:containerfile

Path:\\?\C:\WINDOWS\system32\wtmxv.seg

Threat ID:2147618124

Resource refcount:1

Result:0

File to act on SHA1:3C12F8247BE9CFC37BC4BE68D39A686277D26DC6

File cleaned/removed successfully

File Name:C:\WINDOWS\Tasks\At1.job

Resource action complete:Removal

Schema:file

Path:\\?\C:\WINDOWS\Tasks\At1.job

Threat ID:2147618124

Resource refcount:1

Result:0

File to act on SHA1:0E644FC39A287E6F020EDE6D6C9DD708B1A871BA

File cleaned/removed successfully

File Name:C:\WINDOWS\system32\wtmxv.seg->(UPX)

Resource action complete:Removal

Schema:file

Path:\\?\C:\WINDOWS\system32\wtmxv.seg->(UPX)

Threat ID:2147618124

Resource refcount:1

Result:0

Resource action complete:Removal

Schema:taskscheduler

Path:\\?\C:\WINDOWS\Tasks\At1.job

Threat ID:2147618124

Resource refcount:1

Result:0

Finished threat ID:2147618124

Threat result:0

Threat status flags:128

Finished threat actions

End time:‎08‎-‎25‎-‎2012 06:23:16

Result:0

DSS Timeout:Received results after timeout

2012-08-25T11:23:18.732Z Successfully wrote instance of AntiVirusProduct with state(1) and up-to-date state(1)

2012-08-25T11:26:25.646Z Task(SpyNetService -RestrictPrivileges -AccessKey C88DAB32-6D2B-BD83-16DC-7D19D192E316) launched

2012-08-25T11:31:41.689Z Task(SignatureUpdate -ScheduleJob -RestrictPrivileges) is scheduled to run in 86400000(ms) from now with period 86400000(ms)

2012-08-25T11:31:41.689Z Task(Scan -ScheduleJob -RestrictPrivileges -ScanType 2) is scheduled to run in 86400000(ms) from now with period 71086054(ms)

2012-08-25T11:31:41.705Z AutoPurgeWorker triggered with dwWork=0x3

2012-08-25T11:31:41.705Z Product supports installmode: 1

2012-08-25T11:31:41.737Z Task(-GenuineCheck -RestrictPrivileges) launched

2012-08-25T11:31:46.437Z WAT report: machine genuine, state(1) error(0x0)

2012-08-25T11:31:55.056Z Detection State: Finished(1) Failed(0) CriticalFailed(0) Additional Actions(0)

2012-08-25T11:31:55.105Z Trace buffers written: 3, events lost: 0, buffers lost: 0, days: 0

2012-08-25T11:31:55.105Z Task(-UploadSQM -RestrictPrivileges) launched

Begin Resource Scan

Scan ID:{7C14A96B-056B-4A6B-A318-A28FA8020247}

Scan Source:3

Start Time:‎08‎-‎25‎-‎2012 06:33:40

End Time:‎08‎-‎25‎-‎2012 06:33:41

Explicit resource to scan

Resource Schema:file

Resource Path:C:\WINDOWS\system32\wtmxv.seg->(UPX)

Result Count:1

Threat Name:Worm:Win32/Conficker.B

ID:2147618124

Severity:5

Number of Resources:2

Resource Schema:file

Resource Path:C:\WINDOWS\system32\wtmxv.seg->(UPX)

Extended Info:39128812877358

Resource Schema:containerfile

Resource Path:C:\WINDOWS\system32\wtmxv.seg

Extended Info:0

End Scan

************************************************************

2012-08-25T11:33:41.538Z DETECTIONEVENT Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX);

2012-08-25T11:33:41.538Z DETECTION_ADD Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX)

2012-08-25T11:33:46.612Z DETECTION_MERGE Worm:Win32/Conficker.B containerfile:C:\WINDOWS\system32\wtmxv.seg

2012-08-25T11:33:46.612Z DETECTIONEVENT Worm:Win32/Conficker.B containerfile:C:\WINDOWS\system32\wtmxv.seg;file:C:\WINDOWS\system32\wtmxv.seg->(UPX);

Begin Resource Scan

Scan ID:{14E0B876-1682-4652-AA5C-311FC33BC996}

Scan Source:6

Start Time:‎08‎-‎25‎-‎2012 06:33:45

End Time:‎08‎-‎25‎-‎2012 06:33:46

Explicit resource to scan

Resource Schema:file

Resource Path:C:\WINDOWS\system32\wtmxv.seg->(UPX)

Result Count:1

Threat Name:Worm:Win32/Conficker.B

ID:2147618124

Severity:5

Number of Resources:2

Resource Schema:file

Resource Path:C:\WINDOWS\system32\wtmxv.seg->(UPX)

Extended Info:39128812877358

Resource Schema:containerfile

Resource Path:C:\WINDOWS\system32\wtmxv.seg

Extended Info:0

End Scan

************************************************************

2012-08-25T11:33:48.673Z Successfully wrote instance of AntiVirusProduct with state(1) and up-to-date state(1)

2012-08-25T11:34:15.673Z DETECTION_MERGE Worm:Win32/Conficker.B file:C:\WINDOWS\Tasks\At1.job

2012-08-25T11:34:15.673Z DETECTION_MERGE Worm:Win32/Conficker.B taskscheduler:C:\WINDOWS\Tasks\At1.job

2012-08-25T11:34:15.673Z DETECTIONEVENT Worm:Win32/Conficker.B containerfile:C:\WINDOWS\system32\wtmxv.seg;file:C:\WINDOWS\system32\wtmxv.seg->(UPX);file:C:\WINDOWS\Tasks\At1.job;taskscheduler:C:\WINDOWS\Tasks\At1.job;

Begin Resource Scan

Scan ID:{2F0D9AF0-94EB-48FB-888A-A04E3C66EF44}

Scan Source:6

Start Time:‎08‎-‎25‎-‎2012 06:33:46

End Time:‎08‎-‎25‎-‎2012 06:34:15

Explicit resource to scan

Resource Schema:containerfile

Resource Path:C:\WINDOWS\system32\wtmxv.seg

Explicit resource to scan

Resource Schema:file

Resource Path:C:\WINDOWS\system32\wtmxv.seg->(UPX)

Result Count:1

Threat Name:Worm:Win32/Conficker.B

ID:2147618124

Severity:5

Number of Resources:4

Resource Schema:file

Resource Path:C:\WINDOWS\Tasks\At1.job

Extended Info:0

Resource Schema:file

Resource Path:C:\WINDOWS\system32\wtmxv.seg->(UPX)

Extended Info:39128812877358

Resource Schema:taskscheduler

Resource Path:C:\WINDOWS\Tasks\At1.job

Extended Info:0

Resource Schema:containerfile

Resource Path:C:\WINDOWS\system32\wtmxv.seg

Extended Info:0

End Scan

************************************************************

Beginning threat actions

Start time:‎08‎-‎25‎-‎2012 06:34:15

Threat Name:Worm:Win32/Conficker.B

Threat ID:2147618124

Action:quarantine

Resource action complete:Quarantine

Schema:file

Path:\\?\C:\WINDOWS\Tasks\At1.job

Threat ID:2147618124

Resource refcount:1

Result:0

Resource action complete:Quarantine

Schema:file

Path:\\?\C:\WINDOWS\system32\wtmxv.seg->(UPX)

Threat ID:2147618124

Resource refcount:1

Result:0

Resource action complete:Quarantine

Schema:taskscheduler

Path:\\?\C:\WINDOWS\Tasks\At1.job

Threat ID:2147618124

Resource refcount:1

Result:0

Resource action complete:Quarantine

Schema:containerfile

Path:\\?\C:\WINDOWS\system32\wtmxv.seg

Threat ID:2147618124

Resource refcount:1

Result:0

File to act on SHA1:5CCA6AA2D93493939F58D63FB12CDEF8093ADB27

File cleaned/removed successfully

File Name:C:\WINDOWS\Tasks\At1.job

Resource action complete:Removal

Schema:file

Path:\\?\C:\WINDOWS\Tasks\At1.job

Threat ID:2147618124

Resource refcount:1

Result:0

File to act on SHA1:0E644FC39A287E6F020EDE6D6C9DD708B1A871BA

File cleaned/removed successfully

File Name:C:\WINDOWS\system32\wtmxv.seg->(UPX)

Resource action complete:Removal

Schema:file

Path:\\?\C:\WINDOWS\system32\wtmxv.seg->(UPX)

Threat ID:2147618124

Resource refcount:1

Result:0

Resource action complete:Removal

Schema:taskscheduler

Path:\\?\C:\WINDOWS\Tasks\At1.job

Threat ID:2147618124

Resource refcount:1

Result:0

Finished threat ID:2147618124

Threat result:0

Threat status flags:128

Finished threat actions

End time:‎08‎-‎25‎-‎2012 06:34:17

Result:0

2012-08-25T11:34:17.765Z Task(SpyNetService -RestrictPrivileges -AccessKey 2C749829-4399-66BE-5EFB-CD00E6A93FE3) launched

DSS Timeout:Received results after timeout

2012-08-25T11:34:19.446Z Successfully wrote instance of AntiVirusProduct with state(1) and up-to-date state(1)

Begin Resource Scan

Scan ID:{7CABCF11-779E-49EA-9E0E-2DB174C70869}

Scan Source:3

Start Time:‎08‎-‎25‎-‎2012 06:45:27

End Time:‎08‎-‎25‎-‎2012 06:45:28

Explicit resource to scan

Resource Schema:file

Resource Path:C:\WINDOWS\system32\wtmxv.seg->(UPX)

Result Count:1

Threat Name:Worm:Win32/Conficker.B

ID:2147618124

Severity:5

Number of Resources:2

Resource Schema:file

Resource Path:C:\WINDOWS\system32\wtmxv.seg->(UPX)

Extended Info:39128812877358

Resource Schema:containerfile

Resource Path:C:\WINDOWS\system32\wtmxv.seg

Extended Info:0

End Scan

************************************************************

2012-08-25T11:45:28.629Z DETECTIONEVENT Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX);

2012-08-25T11:45:28.644Z DETECTION_ADD Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX)

2012-08-25T11:45:33.633Z DETECTION_MERGE Worm:Win32/Conficker.B containerfile:C:\WINDOWS\system32\wtmxv.seg

2012-08-25T11:45:33.633Z DETECTIONEVENT Worm:Win32/Conficker.B containerfile:C:\WINDOWS\system32\wtmxv.seg;file:C:\WINDOWS\system32\wtmxv.seg->(UPX);

Begin Resource Scan

Scan ID:{04A04F5A-ED1F-4C84-8D9B-F6A66A09954A}

Scan Source:6

Start Time:‎08‎-‎25‎-‎2012 06:45:32

End Time:‎08‎-‎25‎-‎2012 06:45:33

Explicit resource to scan

Resource Schema:file

Resource Path:C:\WINDOWS\system32\wtmxv.seg->(UPX)

Result Count:1

Threat Name:Worm:Win32/Conficker.B

ID:2147618124

Severity:5

Number of Resources:2

Resource Schema:file

Resource Path:C:\WINDOWS\system32\wtmxv.seg->(UPX)

Extended Info:39128812877358

Resource Schema:containerfile

Resource Path:C:\WINDOWS\system32\wtmxv.seg

Extended Info:0

End Scan

************************************************************

2012-08-25T11:45:35.651Z Successfully wrote instance of AntiVirusProduct with state(1) and up-to-date state(1)

2012-08-25T11:46:00.486Z DETECTION_MERGE Worm:Win32/Conficker.B file:C:\WINDOWS\Tasks\At1.job

2012-08-25T11:46:00.486Z DETECTION_MERGE Worm:Win32/Conficker.B taskscheduler:C:\WINDOWS\Tasks\At1.job

2012-08-25T11:46:00.486Z DETECTIONEVENT Worm:Win32/Conficker.B containerfile:C:\WINDOWS\system32\wtmxv.seg;file:C:\WINDOWS\system32\wtmxv.seg->(UPX);file:C:\WINDOWS\Tasks\At1.job;taskscheduler:C:\WINDOWS\Tasks\At1.job;

Begin Resource Scan

Scan ID:{4FDBCA08-DBC6-4102-B49C-6B83C14118E2}

Scan Source:6

Start Time:‎08‎-‎25‎-‎2012 06:45:33

End Time:‎08‎-‎25‎-‎2012 06:46:00

Explicit resource to scan

Resource Schema:containerfile

Resource Path:C:\WINDOWS\system32\wtmxv.seg

Explicit resource to scan

Resource Schema:file

Resource Path:C:\WINDOWS\system32\wtmxv.seg->(UPX)

Result Count:1

Threat Name:Worm:Win32/Conficker.B

ID:2147618124

Severity:5

Number of Resources:4

Resource Schema:file

Resource Path:C:\WINDOWS\Tasks\At1.job

Extended Info:0

Resource Schema:file

Resource Path:C:\WINDOWS\system32\wtmxv.seg->(UPX)

Extended Info:39128812877358

Resource Schema:taskscheduler

Resource Path:C:\WINDOWS\Tasks\At1.job

Extended Info:0

Resource Schema:containerfile

Resource Path:C:\WINDOWS\system32\wtmxv.seg

Extended Info:0

End Scan

************************************************************

Beginning threat actions

Start time:‎08‎-‎25‎-‎2012 06:46:00

Threat Name:Worm:Win32/Conficker.B

Threat ID:2147618124

Action:quarantine

Resource action complete:Quarantine

Schema:file

Path:\\?\C:\WINDOWS\Tasks\At1.job

Threat ID:2147618124

Resource refcount:1

Result:0

Resource action complete:Quarantine

Schema:file

Path:\\?\C:\WINDOWS\system32\wtmxv.seg->(UPX)

Threat ID:2147618124

Resource refcount:1

Result:0

Resource action complete:Quarantine

Schema:taskscheduler

Path:\\?\C:\WINDOWS\Tasks\At1.job

Threat ID:2147618124

Resource refcount:1

Result:0

Resource action complete:Quarantine

Schema:containerfile

Path:\\?\C:\WINDOWS\system32\wtmxv.seg

Threat ID:2147618124

Resource refcount:1

Result:0

File to act on SHA1:AECFE259887BD5E4DF0DBA78A8C6E972333DAFED

File cleaned/removed successfully

File Name:C:\WINDOWS\Tasks\At1.job

Resource action complete:Removal

Schema:file

Path:\\?\C:\WINDOWS\Tasks\At1.job

Threat ID:2147618124

Resource refcount:1

Result:0

File to act on SHA1:0E644FC39A287E6F020EDE6D6C9DD708B1A871BA

File cleaned/removed successfully

File Name:C:\WINDOWS\system32\wtmxv.seg->(UPX)

Resource action complete:Removal

Schema:file

Path:\\?\C:\WINDOWS\system32\wtmxv.seg->(UPX)

Threat ID:2147618124

Resource refcount:1

Result:0

Resource action complete:Removal

Schema:taskscheduler

Path:\\?\C:\WINDOWS\Tasks\At1.job

Threat ID:2147618124

Resource refcount:1

Result:0

Finished threat ID:2147618124

Threat result:0

Threat status flags:128

Finished threat actions

End time:‎08‎-‎25‎-‎2012 06:46:01

Result:0

2012-08-25T11:46:02.472Z Task(SpyNetService -RestrictPrivileges -AccessKey 2E5738C7-04F4-62D3-72D9-141EAD0D5421) launched

2012-08-25T11:46:03.973Z Successfully wrote instance of AntiVirusProduct with state(1) and up-to-date state(1)

DSS Timeout:Received results after timeout

Begin Resource Scan

Scan ID:{CA81B4D6-DA09-476D-BFB3-EA06E69ED2ED}

Scan Source:3

Start Time:‎08‎-‎25‎-‎2012 07:34:58

End Time:‎08‎-‎25‎-‎2012 07:35:00

Explicit resource to scan

Resource Schema:file

Resource Path:C:\WINDOWS\system32\wtmxv.seg->(UPX)

Result Count:1

Threat Name:Worm:Win32/Conficker.B

ID:2147618124

Severity:5

Number of Resources:2

Resource Schema:file

Resource Path:C:\WINDOWS\system32\wtmxv.seg->(UPX)

Extended Info:39128812877358

Resource Schema:containerfile

Resource Path:C:\WINDOWS\system32\wtmxv.seg

Extended Info:0

End Scan

************************************************************

2012-08-25T12:35:00.313Z DETECTIONEVENT Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX);

2012-08-25T12:35:00.313Z DETECTION_ADD Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX)

2012-08-25T12:35:05.297Z DETECTION_MERGE Worm:Win32/Conficker.B containerfile:C:\WINDOWS\system32\wtmxv.seg

2012-08-25T12:35:05.297Z DETECTIONEVENT Worm:Win32/Conficker.B containerfile:C:\WINDOWS\system32\wtmxv.seg;file:C:\WINDOWS\system32\wtmxv.seg->(UPX);

Begin Resource Scan

Scan ID:{713EB43E-154D-4F9B-BACA-D427EB77D82A}

Scan Source:6

Start Time:‎08‎-‎25‎-‎2012 07:35:03

End Time:‎08‎-‎25‎-‎2012 07:35:05

Explicit resource to scan

Resource Schema:file

Resource Path:C:\WINDOWS\system32\wtmxv.seg->(UPX)

Result Count:1

Threat Name:Worm:Win32/Conficker.B

ID:2147618124

Severity:5

Number of Resources:2

Resource Schema:file

Resource Path:C:\WINDOWS\system32\wtmxv.seg->(UPX)

Extended Info:39128812877358

Resource Schema:containerfile

Resource Path:C:\WINDOWS\system32\wtmxv.seg

Extended Info:0

End Scan

************************************************************

2012-08-25T12:35:07.329Z Successfully wrote instance of AntiVirusProduct with state(1) and up-to-date state(1)

2012-08-25T12:35:32.314Z DETECTION_MERGE Worm:Win32/Conficker.B file:C:\WINDOWS\Tasks\At1.job

2012-08-25T12:35:32.314Z DETECTION_MERGE Worm:Win32/Conficker.B taskscheduler:C:\WINDOWS\Tasks\At1.job

2012-08-25T12:35:32.314Z DETECTIONEVENT Worm:Win32/Conficker.B containerfile:C:\WINDOWS\system32\wtmxv.seg;file:C:\WINDOWS\system32\wtmxv.seg->(UPX);file:C:\WINDOWS\Tasks\At1.job;taskscheduler:C:\WINDOWS\Tasks\At1.job;

Begin Resource Scan

Scan ID:{68EFD913-7CF0-4AF3-B68E-DB846B9B956D}

Scan Source:6

Start Time:‎08‎-‎25‎-‎2012 07:35:05

End Time:‎08‎-‎25‎-‎2012 07:35:32

Explicit resource to scan

Resource Schema:containerfile

Resource Path:C:\WINDOWS\system32\wtmxv.seg

Explicit resource to scan

Resource Schema:file

Resource Path:C:\WINDOWS\system32\wtmxv.seg->(UPX)

Result Count:1

Threat Name:Worm:Win32/Conficker.B

ID:2147618124

Severity:5

Number of Resources:4

Resource Schema:file

Resource Path:C:\WINDOWS\Tasks\At1.job

Extended Info:0

Resource Schema:file

Resource Path:C:\WINDOWS\system32\wtmxv.seg->(UPX)

Extended Info:39128812877358

Resource Schema:taskscheduler

Resource Path:C:\WINDOWS\Tasks\At1.job

Extended Info:0

Resource Schema:containerfile

Resource Path:C:\WINDOWS\system32\wtmxv.seg

Extended Info:0

End Scan

************************************************************

Beginning threat actions

Start time:‎08‎-‎25‎-‎2012 07:35:32

Threat Name:Worm:Win32/Conficker.B

Threat ID:2147618124

Action:quarantine

Resource action complete:Quarantine

Schema:file

Path:\\?\C:\WINDOWS\Tasks\At1.job

Threat ID:2147618124

Resource refcount:1

Result:0

Resource action complete:Quarantine

Schema:file

Path:\\?\C:\WINDOWS\system32\wtmxv.seg->(UPX)

Threat ID:2147618124

Resource refcount:1

Result:0

Resource action complete:Quarantine

Schema:taskscheduler

Path:\\?\C:\WINDOWS\Tasks\At1.job

Threat ID:2147618124

Resource refcount:1

Result:0

Resource action complete:Quarantine

Schema:containerfile

Path:\\?\C:\WINDOWS\system32\wtmxv.seg

Threat ID:2147618124

Resource refcount:1

Result:0

File to act on SHA1:7330122A3BEFDCA7E4E1C82A5223615140E2242E

File cleaned/removed successfully

File Name:C:\WINDOWS\Tasks\At1.job

Resource action complete:Removal

Schema:file

Path:\\?\C:\WINDOWS\Tasks\At1.job

Threat ID:2147618124

Resource refcount:1

Result:0

File to act on SHA1:0E644FC39A287E6F020EDE6D6C9DD708B1A871BA

File cleaned/removed successfully

File Name:C:\WINDOWS\system32\wtmxv.seg->(UPX)

Resource action complete:Removal

Schema:file

Path:\\?\C:\WINDOWS\system32\wtmxv.seg->(UPX)

Threat ID:2147618124

Resource refcount:1

Result:0

Resource action complete:Removal

Schema:taskscheduler

Path:\\?\C:\WINDOWS\Tasks\At1.job

Threat ID:2147618124

Resource refcount:1

Result:0

Finished threat ID:2147618124

Threat result:0

Threat status flags:128

Finished threat actions

End time:‎08‎-‎25‎-‎2012 07:35:33

Result:0

2012-08-25T12:35:34.298Z Task(SpyNetService -RestrictPrivileges -AccessKey 95D0C944-D284-0BF6-5CB4-7D83BD52A1CA) launched

2012-08-25T12:35:35.798Z Successfully wrote instance of AntiVirusProduct with state(1) and up-to-date state(1)

DSS Timeout:Received results after timeout

Begin Resource Scan

Scan ID:{82C0856D-0B82-429C-A147-C879463A17EC}

Scan Source:3

Start Time:‎08‎-‎25‎-‎2012 07:41:10

End Time:‎08‎-‎25‎-‎2012 07:41:11

Explicit resource to scan

Resource Schema:file

Resource Path:C:\WINDOWS\system32\wtmxv.seg->(UPX)

Result Count:1

Threat Name:Worm:Win32/Conficker.B

ID:2147618124

Severity:5

Number of Resources:2

Resource Schema:file

Resource Path:C:\WINDOWS\system32\wtmxv.seg->(UPX)

Extended Info:39128812877358

Resource Schema:containerfile

Resource Path:C:\WINDOWS\system32\wtmxv.seg

Extended Info:0

End Scan

************************************************************

2012-08-25T12:41:11.416Z DETECTIONEVENT Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX);

2012-08-25T12:41:11.416Z DETECTION_ADD Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX)

2012-08-25T12:41:16.401Z DETECTION_MERGE Worm:Win32/Conficker.B containerfile:C:\WINDOWS\system32\wtmxv.seg

2012-08-25T12:41:16.401Z DETECTIONEVENT Worm:Win32/Conficker.B containerfile:C:\WINDOWS\system32\wtmxv.seg;file:C:\WINDOWS\system32\wtmxv.seg->(UPX);

Begin Resource Scan

Scan ID:{114CA60F-E502-458E-B2CC-234D7D672D57}

Scan Source:6

Start Time:‎08‎-‎25‎-‎2012 07:41:15

End Time:‎08‎-‎25‎-‎2012 07:41:16

Explicit resource to scan

Resource Schema:file

Resource Path:C:\WINDOWS\system32\wtmxv.seg->(UPX)

Result Count:1

Threat Name:Worm:Win32/Conficker.B

ID:2147618124

Severity:5

Number of Resources:2

Resource Schema:file

Resource Path:C:\WINDOWS\system32\wtmxv.seg->(UPX)

Extended Info:39128812877358

Resource Schema:containerfile

Resource Path:C:\WINDOWS\system32\wtmxv.seg

Extended Info:0

End Scan

************************************************************

2012-08-25T12:41:18.432Z Successfully wrote instance of AntiVirusProduct with state(1) and up-to-date state(1)

2012-08-25T12:41:43.370Z DETECTION_MERGE Worm:Win32/Conficker.B file:C:\WINDOWS\Tasks\At1.job

2012-08-25T12:41:43.370Z DETECTION_MERGE Worm:Win32/Conficker.B taskscheduler:C:\WINDOWS\Tasks\At1.job

2012-08-25T12:41:43.370Z DETECTIONEVENT Worm:Win32/Conficker.B containerfile:C:\WINDOWS\system32\wtmxv.seg;file:C:\WINDOWS\system32\wtmxv.seg->(UPX);file:C:\WINDOWS\Tasks\At1.job;taskscheduler:C:\WINDOWS\Tasks\At1.job;

Begin Resource Scan

Scan ID:{3D2E3B9F-9392-464C-BFB0-A5B97D566591}

Scan Source:6

Start Time:‎08‎-‎25‎-‎2012 07:41:16

End Time:‎08‎-‎25‎-‎2012 07:41:43

Explicit resource to scan

Resource Schema:containerfile

Resource Path:C:\WINDOWS\system32\wtmxv.seg

Explicit resource to scan

Resource Schema:file

Resource Path:C:\WINDOWS\system32\wtmxv.seg->(UPX)

Result Count:1

Threat Name:Worm:Win32/Conficker.B

ID:2147618124

Severity:5

Number of Resources:4

Resource Schema:file

Resource Path:C:\WINDOWS\Tasks\At1.job

Extended Info:0

Resource Schema:file

Resource Path:C:\WINDOWS\system32\wtmxv.seg->(UPX)

Extended Info:39128812877358

Resource Schema:taskscheduler

Resource Path:C:\WINDOWS\Tasks\At1.job

Extended Info:0

Resource Schema:containerfile

Resource Path:C:\WINDOWS\system32\wtmxv.seg

Extended Info:0

End Scan

************************************************************

Beginning threat actions

Start time:‎08‎-‎25‎-‎2012 07:41:43

Threat Name:Worm:Win32/Conficker.B

Threat ID:2147618124

Action:quarantine

Resource action complete:Quarantine

Schema:file

Path:\\?\C:\WINDOWS\Tasks\At1.job

Threat ID:2147618124

Resource refcount:1

Result:0

Resource action complete:Quarantine

Schema:file

Path:\\?\C:\WINDOWS\system32\wtmxv.seg->(UPX)

Threat ID:2147618124

Resource refcount:1

Result:0

Resource action complete:Quarantine

Schema:taskscheduler

Path:\\?\C:\WINDOWS\Tasks\At1.job

Threat ID:2147618124

Resource refcount:1

Result:0

Resource action complete:Quarantine

Schema:containerfile

Path:\\?\C:\WINDOWS\system32\wtmxv.seg

Threat ID:2147618124

Resource refcount:1

Result:0

File to act on SHA1:0A0B0A262D874605FDFC5CDD05445601BFEC4435

File cleaned/removed successfully

File Name:C:\WINDOWS\Tasks\At1.job

Resource action complete:Removal

Schema:file

Path:\\?\C:\WINDOWS\Tasks\At1.job

Threat ID:2147618124

Resource refcount:1

Result:0

File to act on SHA1:0E644FC39A287E6F020EDE6D6C9DD708B1A871BA

File cleaned/removed successfully

File Name:C:\WINDOWS\system32\wtmxv.seg->(UPX)

Resource action complete:Removal

Schema:file

Path:\\?\C:\WINDOWS\system32\wtmxv.seg->(UPX)

Threat ID:2147618124

Resource refcount:1

Result:0

Resource action complete:Removal

Schema:taskscheduler

Path:\\?\C:\WINDOWS\Tasks\At1.job

Threat ID:2147618124

Resource refcount:1

Result:0

Finished threat ID:2147618124

Threat result:0

Threat status flags:128

Finished threat actions

End time:‎08‎-‎25‎-‎2012 07:41:44

Result:0

2012-08-25T12:41:45.354Z Task(SpyNetService -RestrictPrivileges -AccessKey EE67C3B0-1FA1-378D-93BA-089E8B25E444) launched

DSS Timeout:Received results after timeout

2012-08-25T12:41:46.854Z Successfully wrote instance of AntiVirusProduct with state(1) and up-to-date state(1)

Begin Resource Scan

Scan ID:{3E2BD182-F29D-486A-B462-89172F755553}

Scan Source:3

Start Time:‎08‎-‎25‎-‎2012 07:52:02

End Time:‎08‎-‎25‎-‎2012 07:52:04

Explicit resource to scan

Resource Schema:file

Resource Path:C:\WINDOWS\system32\wtmxv.seg->(UPX)

Result Count:1

Threat Name:Worm:Win32/Conficker.B

ID:2147618124

Severity:5

Number of Resources:2

Resource Schema:file

Resource Path:C:\WINDOWS\system32\wtmxv.seg->(UPX)

Extended Info:39128812877358

Resource Schema:containerfile

Resource Path:C:\WINDOWS\system32\wtmxv.seg

Extended Info:0

End Scan

************************************************************

2012-08-25T12:52:04.032Z DETECTIONEVENT Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX);

2012-08-25T12:52:04.032Z DETECTION_ADD Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX)

2012-08-25T12:52:09.047Z DETECTION_MERGE Worm:Win32/Conficker.B containerfile:C:\WINDOWS\system32\wtmxv.seg

2012-08-25T12:52:09.047Z DETECTIONEVENT Worm:Win32/Conficker.B containerfile:C:\WINDOWS\system32\wtmxv.seg;file:C:\WINDOWS\system32\wtmxv.seg->(UPX);

Begin Resource Scan

Scan ID:{51B02179-F77C-48EB-ACD0-5EEBABF43036}

Scan Source:6

Start Time:‎08‎-‎25‎-‎2012 07:52:07

End Time:‎08‎-‎25‎-‎2012 07:52:09

Explicit resource to scan

Resource Schema:file

Resource Path:C:\WINDOWS\system32\wtmxv.seg->(UPX)

Result Count:1

Threat Name:Worm:Win32/Conficker.B

ID:2147618124

Severity:5

Number of Resources:2

Resource Schema:file

Resource Path:C:\WINDOWS\system32\wtmxv.seg->(UPX)

Extended Info:39128812877358

Resource Schema:containerfile

Resource Path:C:\WINDOWS\system32\wtmxv.seg

Extended Info:0

End Scan

************************************************************

2012-08-25T12:52:11.063Z Successfully wrote instance of AntiVirusProduct with state(1) and up-to-date state(1)

2012-08-25T12:52:35.969Z DETECTION_MERGE Worm:Win32/Conficker.B file:C:\WINDOWS\Tasks\At1.job

2012-08-25T12:52:35.969Z DETECTION_MERGE Worm:Win32/Conficker.B taskscheduler:C:\WINDOWS\Tasks\At1.job

2012-08-25T12:52:35.969Z DETECTIONEVENT Worm:Win32/Conficker.B containerfile:C:\WINDOWS\system32\wtmxv.seg;file:C:\WINDOWS\system32\wtmxv.seg->(UPX);file:C:\WINDOWS\Tasks\At1.job;taskscheduler:C:\WINDOWS\Tasks\At1.job;

Begin Resource Scan

Scan ID:{2F0F19FB-0A30-4F6F-BEBA-539D355073D5}

Scan Source:6

Start Time:‎08‎-‎25‎-‎2012 07:52:09

End Time:‎08‎-‎25‎-‎2012 07:52:35

Explicit resource to scan

Resource Schema:containerfile

Resource Path:C:\WINDOWS\system32\wtmxv.seg

Explicit resource to scan

Resource Schema:file

Resource Path:C:\WINDOWS\system32\wtmxv.seg->(UPX)

Result Count:1

Threat Name:Worm:Win32/Conficker.B

ID:2147618124

Severity:5

Number of Resources:4

Resource Schema:file

Resource Path:C:\WINDOWS\Tasks\At1.job

Extended Info:0

Resource Schema:file

Resource Path:C:\WINDOWS\system32\wtmxv.seg->(UPX)

Extended Info:39128812877358

Resource Schema:taskscheduler

Resource Path:C:\WINDOWS\Tasks\At1.job

Extended Info:0

Resource Schema:containerfile

Resource Path:C:\WINDOWS\system32\wtmxv.seg

Extended Info:0

End Scan

************************************************************

Beginning threat actions

Start time:‎08‎-‎25‎-‎2012 07:52:36

Threat Name:Worm:Win32/Conficker.B

Threat ID:2147618124

Action:quarantine

Resource action complete:Quarantine

Schema:file

Path:\\?\C:\WINDOWS\Tasks\At1.job

Threat ID:2147618124

Resource refcount:1

Result:0

Resource action complete:Quarantine

Schema:file

Path:\\?\C:\WINDOWS\system32\wtmxv.seg->(UPX)

Threat ID:2147618124

Resource refcount:1

Result:0

Resource action complete:Quarantine

Schema:taskscheduler

Path:\\?\C:\WINDOWS\Tasks\At1.job

Threat ID:2147618124

Resource refcount:1

Result:0

Resource action complete:Quarantine

Schema:containerfile

Path:\\?\C:\WINDOWS\system32\wtmxv.seg

Threat ID:2147618124

Resource refcount:1

Result:0

File to act on SHA1:9B95757D4CF9CC5B9A2D00E6F14DC4AEA13E90D4

File cleaned/removed successfully

File Name:C:\WINDOWS\Tasks\At1.job

Resource action complete:Removal

Schema:file

Path:\\?\C:\WINDOWS\Tasks\At1.job

Threat ID:2147618124

Resource refcount:1

Result:0

File to act on SHA1:0E644FC39A287E6F020EDE6D6C9DD708B1A871BA

File cleaned/removed successfully

File Name:C:\WINDOWS\system32\wtmxv.seg->(UPX)

Resource action complete:Removal

Schema:file

Path:\\?\C:\WINDOWS\system32\wtmxv.seg->(UPX)

Threat ID:2147618124

Resource refcount:1

Result:0

Resource action complete:Removal

Schema:taskscheduler

Path:\\?\C:\WINDOWS\Tasks\At1.job

Threat ID:2147618124

Resource refcount:1

Result:0

Finished threat ID:2147618124

Threat result:0

Threat status flags:128

Finished threat actions

End time:‎08‎-‎25‎-‎2012 07:52:37

Result:0

2012-08-25T12:52:37.937Z Task(SpyNetService -RestrictPrivileges -AccessKey 40D56DC5-4526-8967-1C38-84463A6DC645) launched

2012-08-25T12:52:39.437Z Successfully wrote instance of AntiVirusProduct with state(1) and up-to-date state(1)

DSS Timeout:Received results after timeout

2012-08-25T13:40:26.839Z Task(SpyNetService -RestrictPrivileges -AccessKey 186512DA-A422-FF5C-7A52-397207519D59) launched

Begin Resource Scan

Scan ID:{4F09CC6A-CE5A-4FC6-99F1-748D23FD9277}

Scan Source:3

Start Time:‎08‎-‎25‎-‎2012 08:40:24

End Time:‎08‎-‎25‎-‎2012 08:40:30

Explicit resource to scan

Resource Schema:file

Resource Path:C:\WINDOWS\system32\wtmxv.seg->(UPX)

Result Count:1

Threat Name:Worm:Win32/Conficker.B

ID:2147618124

Severity:5

Number of Resources:2

Resource Schema:file

Resource Path:C:\WINDOWS\system32\wtmxv.seg->(UPX)

Extended Info:39128812877358

Resource Schema:containerfile

Resource Path:C:\WINDOWS\system32\wtmxv.seg

Extended Info:0

End Scan

************************************************************

2012-08-25T13:40:30.402Z DETECTIONEVENT Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX);

2012-08-25T13:40:30.402Z DETECTION_ADD Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX)

2012-08-25T13:40:31.792Z DETECTION_MERGE Worm:Win32/Conficker.B containerfile:C:\WINDOWS\system32\wtmxv.seg

2012-08-25T13:40:31.792Z DETECTIONEVENT Worm:Win32/Conficker.B containerfile:C:\WINDOWS\system32\wtmxv.seg;file:C:\WINDOWS\system32\wtmxv.seg->(UPX);

Begin Resource Scan

Scan ID:{A52C2C0E-424F-4980-A83F-2213A7F9DA69}

Scan Source:6

Start Time:‎08‎-‎25‎-‎2012 08:40:30

End Time:‎08‎-‎25‎-‎2012 08:40:31

Explicit resource to scan

Resource Schema:file

Resource Path:C:\WINDOWS\system32\wtmxv.seg->(UPX)

Result Count:1

Threat Name:Worm:Win32/Conficker.B

ID:2147618124

Severity:5

Number of Resources:2

Resource Schema:file

Resource Path:C:\WINDOWS\system32\wtmxv.seg->(UPX)

Extended Info:39128812877358

Resource Schema:containerfile

Resource Path:C:\WINDOWS\system32\wtmxv.seg

Extended Info:0

End Scan

************************************************************

2012-08-25T13:40:33.823Z Successfully wrote instance of AntiVirusProduct with state(1) and up-to-date state(1)

2012-08-25T13:40:58.728Z DETECTION_MERGE Worm:Win32/Conficker.B file:C:\WINDOWS\Tasks\At1.job

2012-08-25T13:40:58.728Z DETECTION_MERGE Worm:Win32/Conficker.B taskscheduler:C:\WINDOWS\Tasks\At1.job

2012-08-25T13:40:58.728Z DETECTIONEVENT Worm:Win32/Conficker.B containerfile:C:\WINDOWS\system32\wtmxv.seg;file:C:\WINDOWS\system32\wtmxv.seg->(UPX);file:C:\WINDOWS\Tasks\At1.job;taskscheduler:C:\WINDOWS\Tasks\At1.job;

Begin Resource Scan

Scan ID:{2E2D248C-8AB8-4565-908C-328A231F71A1}

Scan Source:6

Start Time:‎08‎-‎25‎-‎2012 08:40:31

End Time:‎08‎-‎25‎-‎2012 08:40:58

Explicit resource to scan

Resource Schema:containerfile

Resource Path:C:\WINDOWS\system32\wtmxv.seg

Explicit resource to scan

Resource Schema:file

Resource Path:C:\WINDOWS\system32\wtmxv.seg->(UPX)

Result Count:1

Threat Name:Worm:Win32/Conficker.B

ID:2147618124

Severity:5

Number of Resources:4

Resource Schema:file

Resource Path:C:\WINDOWS\Tasks\At1.job

Extended Info:0

Resource Schema:file

Resource Path:C:\WINDOWS\system32\wtmxv.seg->(UPX)

Extended Info:39128812877358

Resource Schema:taskscheduler

Resource Path:C:\WINDOWS\Tasks\At1.job

Extended Info:0

Resource Schema:containerfile

Resource Path:C:\WINDOWS\system32\wtmxv.seg

Extended Info:0

End Scan

************************************************************

Beginning threat actions

Start time:‎08‎-‎25‎-‎2012 08:40:58

Threat Name:Worm:Win32/Conficker.B

Threat ID:2147618124

Action:quarantine

Resource action complete:Quarantine

Schema:file

Path:\\?\C:\WINDOWS\Tasks\At1.job

Threat ID:2147618124

Resource refcount:1

Result:0

Resource action complete:Quarantine

Schema:file

Path:\\?\C:\WINDOWS\system32\wtmxv.seg->(UPX)

Threat ID:2147618124

Resource refcount:1

Result:0

Resource action complete:Quarantine

Schema:taskscheduler

Path:\\?\C:\WINDOWS\Tasks\At1.job

Threat ID:2147618124

Resource refcount:1

Result:0

Resource action complete:Quarantine

Schema:containerfile

Path:\\?\C:\WINDOWS\system32\wtmxv.seg

Threat ID:2147618124

Resource refcount:1

Result:0

File to act on SHA1:2F77C69132A633566DCB7EBBB686F441D8D5373E

File cleaned/removed successfully

File Name:C:\WINDOWS\Tasks\At1.job

Resource action complete:Removal

Schema:file

Path:\\?\C:\WINDOWS\Tasks\At1.job

Threat ID:2147618124

Resource refcount:1

Result:0

File to act on SHA1:0E644FC39A287E6F020EDE6D6C9DD708B1A871BA

File cleaned/removed successfully

File Name:C:\WINDOWS\system32\wtmxv.seg->(UPX)

Resource action complete:Removal

Schema:file

Path:\\?\C:\WINDOWS\system32\wtmxv.seg->(UPX)

Threat ID:2147618124

Resource refcount:1

Result:0

Resource action complete:Removal

Schema:taskscheduler

Path:\\?\C:\WINDOWS\Tasks\At1.job

Threat ID:2147618124

Resource refcount:1

Result:0

Finished threat ID:2147618124

Threat result:0

Threat status flags:128

Finished threat actions

End time:‎08‎-‎25‎-‎2012 08:41:00

Result:0

DSS Timeout:Received results after timeout

2012-08-25T13:41:02.212Z Successfully wrote instance of AntiVirusProduct with state(1) and up-to-date state(1)

Begin Resource Scan

Scan ID:{E52326C0-B19A-436D-86DD-FCBA2495F1ED}

Scan Source:3

Start Time:‎08‎-‎25‎-‎2012 08:58:18

End Time:‎08‎-‎25‎-‎2012 08:58:19

Explicit resource to scan

Resource Schema:file

Resource Path:C:\WINDOWS\system32\wtmxv.seg->(UPX)

Result Count:1

Threat Name:Worm:Win32/Conficker.B

ID:2147618124

Severity:5

Number of Resources:2

Resource Schema:file

Resource Path:C:\WINDOWS\system32\wtmxv.seg->(UPX)

Extended Info:39128812877358

Resource Schema:containerfile

Resource Path:C:\WINDOWS\system32\wtmxv.seg

Extended Info:0

End Scan

************************************************************

2012-08-25T13:58:19.511Z DETECTIONEVENT Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX);

2012-08-25T13:58:19.527Z DETECTION_ADD Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX)

2012-08-25T13:58:24.510Z DETECTION_MERGE Worm:Win32/Conficker.B containerfile:C:\WINDOWS\system32\wtmxv.seg

2012-08-25T13:58:24.510Z DETECTIONEVENT Worm:Win32/Conficker.B containerfile:C:\WINDOWS\system32\wtmxv.seg;file:C:\WINDOWS\system32\wtmxv.seg->(UPX);

Begin Resource Scan

Scan ID:{15E3108A-CBEC-4CE5-8255-28EEF13C062A}

Scan Source:6

Start Time:‎08‎-‎25‎-‎2012 08:58:23

End Time:‎08‎-‎25‎-‎2012 08:58:24

Explicit resource to scan

Resource Schema:file

Resource Path:C:\WINDOWS\system32\wtmxv.seg->(UPX)

Result Count:1

Threat Name:Worm:Win32/Conficker.B

ID:2147618124

Severity:5

Number of Resources:2

Resource Schema:file

Resource Path:C:\WINDOWS\system32\wtmxv.seg->(UPX)

Extended Info:39128812877358

Resource Schema:containerfile

Resource Path:C:\WINDOWS\system32\wtmxv.seg

Extended Info:0

End Scan

************************************************************

2012-08-25T13:58:26.526Z Successfully wrote instance of AntiVirusProduct with state(1) and up-to-date state(1)

2012-08-25T13:58:51.459Z DETECTION_MERGE Worm:Win32/Conficker.B file:C:\WINDOWS\Tasks\At1.job

2012-08-25T13:58:51.459Z DETECTION_MERGE Worm:Win32/Conficker.B taskscheduler:C:\WINDOWS\Tasks\At1.job

2012-08-25T13:58:51.459Z DETECTIONEVENT Worm:Win32/Conficker.B containerfile:C:\WINDOWS\system32\wtmxv.seg;file:C:\WINDOWS\system32\wtmxv.seg->(UPX);file:C:\WINDOWS\Tasks\At1.job;taskscheduler:C:\WINDOWS\Tasks\At1.job;

Begin Resource Scan

Scan ID:{92D4A388-880C-462D-9D58-3439E9EECFCB}

Scan Source:6

Start Time:‎08‎-‎25‎-‎2012 08:58:24

End Time:‎08‎-‎25‎-‎2012 08:58:51

Explicit resource to scan

Resource Schema:containerfile

Resource Path:C:\WINDOWS\system32\wtmxv.seg

Explicit resource to scan

Resource Schema:file

Resource Path:C:\WINDOWS\system32\wtmxv.seg->(UPX)

Result Count:1

Threat Name:Worm:Win32/Conficker.B

ID:2147618124

Severity:5

Number of Resources:4

Resource Schema:file

Resource Path:C:\WINDOWS\Tasks\At1.job

Extended Info:0

Resource Schema:file

Resource Path:C:\WINDOWS\system32\wtmxv.seg->(UPX)

Extended Info:39128812877358

Resource Schema:taskscheduler

Resource Path:C:\WINDOWS\Tasks\At1.job

Extended Info:0

Resource Schema:containerfile

Resource Path:C:\WINDOWS\system32\wtmxv.seg

Extended Info:0

End Scan

************************************************************

[NunChukaKata]

MPDetection:

2012-08-20T21:18:18.046Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)

2012-08-20T21:18:22.925Z Version: Product 4.0.1526.0 Service 4.0.1526.0 Engine 0.0.0.0 AS 0.0.0.0 AV 0.0.0.0

2012-08-20T21:22:59.922Z Version: Product 4.0.1526.0 Service 4.0.1526.0 Engine 1.1.8601.0 AS 1.131.2388.0 AV 1.131.2388.0

2012-08-20T21:51:57.653Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX)

2012-08-21T05:12:37.635Z Version: Product 4.0.1526.0 Service 4.0.1526.0 Engine 1.1.8703.0 AS 1.133.25.0 AV 1.133.25.0

2012-08-21T11:18:26.721Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\Tasks\At1.job

2012-08-21T11:19:08.998Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX)

2012-08-21T12:19:53.090Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX)

2012-08-21T12:41:05.921Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX)

2012-08-21T12:46:17.661Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX)

2012-08-21T12:46:28.082Z Service stopped with exit code 0x0

2012-08-21T12:59:00.718Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)

2012-08-21T12:59:05.453Z Version: Product 4.0.1526.0 Service 4.0.1526.0 Engine 1.1.8703.0 AS 1.133.25.0 AV 1.133.25.0

2012-08-21T14:01:00.343Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)

2012-08-21T14:01:04.343Z Version: Product 4.0.1526.0 Service 4.0.1526.0 Engine 1.1.8703.0 AS 1.133.50.0 AV 1.133.50.0

2012-08-21T15:17:05.609Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)

2012-08-21T15:17:07.781Z Version: Product 4.0.1526.0 Service 4.0.1526.0 Engine 1.1.8703.0 AS 1.133.50.0 AV 1.133.50.0

2012-08-21T15:22:36.070Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX)

2012-08-21T16:53:39.656Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)

2012-08-21T16:53:54.375Z Version: Product 4.0.1526.0 Service 4.0.1526.0 Engine 1.1.8703.0 AS 1.133.50.0 AV 1.133.50.0

2012-08-21T17:19:50.796Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)

2012-08-21T17:19:52.906Z Version: Product 4.0.1526.0 Service 4.0.1526.0 Engine 1.1.8703.0 AS 1.133.50.0 AV 1.133.50.0

2012-08-21T19:28:12.859Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)

2012-08-21T19:28:14.765Z Version: Product 4.0.1526.0 Service 4.0.1526.0 Engine 1.1.8703.0 AS 1.133.50.0 AV 1.133.50.0

2012-08-21T19:57:46.562Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)

2012-08-21T19:57:48.781Z Version: Product 4.0.1526.0 Service 4.0.1526.0 Engine 1.1.8703.0 AS 1.133.50.0 AV 1.133.50.0

2012-08-21T21:10:46.335Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX)

2012-08-21T21:30:49.307Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX)

2012-08-21T22:18:15.574Z DETECTION Worm:Win32/Conficker.gen!B file:C:\WINDOWS\System32\wtmxv.seg

2012-08-22T04:17:09.137Z DETECTION Worm:Win32/Conficker.gen!B file:C:\WINDOWS\system32\wtmxv.seg

2012-08-22T04:41:51.072Z Version: Product 4.0.1526.0 Service 4.0.1526.0 Engine 1.1.8703.0 AS 1.133.61.0 AV 1.133.61.0

2012-08-22T12:46:36.472Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX)

2012-08-22T13:53:58.341Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX)

2012-08-22T17:21:16.692Z Service stopped with exit code 0x0

2012-08-22T17:21:48.000Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)

2012-08-22T17:21:51.843Z Version: Product 4.0.1526.0 Service 4.0.1526.0 Engine 1.1.8703.0 AS 1.133.61.0 AV 1.133.61.0

2012-08-22T18:51:08.718Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)

2012-08-22T18:51:12.109Z Version: Product 4.0.1526.0 Service 4.0.1526.0 Engine 1.1.8703.0 AS 1.133.61.0 AV 1.133.61.0

2012-08-22T20:47:23.687Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)

2012-08-22T20:47:38.218Z Version: Product 4.0.1526.0 Service 4.0.1526.0 Engine 1.1.8703.0 AS 1.133.61.0 AV 1.133.61.0

2012-08-22T21:08:21.484Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)

2012-08-22T21:08:23.562Z Version: Product 4.0.1526.0 Service 4.0.1526.0 Engine 1.1.8703.0 AS 1.133.61.0 AV 1.133.61.0

2012-08-23T12:31:41.375Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)

2012-08-23T12:31:55.968Z Version: Product 4.0.1526.0 Service 4.0.1526.0 Engine 1.1.8703.0 AS 1.133.174.0 AV 1.133.174.0

2012-08-23T13:47:28.828Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)

2012-08-23T13:47:32.359Z Version: Product 4.0.1526.0 Service 4.0.1526.0 Engine 1.1.8703.0 AS 1.133.174.0 AV 1.133.174.0

2012-08-23T13:51:00.209Z Version: Product 4.0.1526.0 Service 4.0.1526.0 Engine 1.1.8703.0 AS 1.133.200.0 AV 1.133.200.0

2012-08-23T15:03:20.316Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX)

2012-08-23T15:04:01.192Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\Tasks\At1.job

2012-08-23T15:37:45.106Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX)

2012-08-23T15:38:18.492Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\Tasks\At1.job

2012-08-23T16:10:28.435Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX)

2012-08-23T16:11:00.804Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\Tasks\At1.job

2012-08-23T17:06:46.696Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX)

2012-08-23T17:07:16.037Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\Tasks\At1.job

2012-08-23T17:11:16.595Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX)

2012-08-23T17:11:49.624Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\Tasks\At1.job

2012-08-23T18:23:54.755Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX)

2012-08-23T18:24:26.873Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\Tasks\At1.job

2012-08-23T18:38:02.956Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX)

2012-08-23T18:38:35.096Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\Tasks\At1.job

2012-08-23T19:25:49.924Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX)

2012-08-23T19:26:20.830Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\Tasks\At1.job

2012-08-23T20:08:23.938Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX)

2012-08-23T20:08:56.765Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\Tasks\At1.job

2012-08-23T20:33:26.643Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX)

2012-08-23T20:33:58.861Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\Tasks\At1.job

2012-08-23T21:41:55.814Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX)

2012-08-23T21:42:24.330Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\Tasks\At1.job

2012-08-23T22:44:19.257Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX)

2012-08-23T22:44:51.273Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\Tasks\At1.job

2012-08-23T22:49:18.176Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX)

2012-08-23T22:49:50.145Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\Tasks\At1.job

2012-08-23T23:54:33.308Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX)

2012-08-23T23:55:01.495Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\Tasks\At1.job

2012-08-24T00:28:48.969Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX)

2012-08-24T00:29:27.421Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\Tasks\At1.job

2012-08-24T00:56:24.186Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX)

2012-08-24T00:56:59.905Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\Tasks\At1.job

2012-08-24T01:52:44.416Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX)

2012-08-24T01:53:17.482Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\Tasks\At1.job

2012-08-24T01:59:53.194Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX)

2012-08-24T02:00:02.928Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX)

2012-08-24T02:00:23.773Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\Tasks\At1.job

2012-08-24T03:04:48.109Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX)

2012-08-24T03:05:19.968Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\Tasks\At1.job

2012-08-24T03:14:15.812Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX)

2012-08-24T03:14:47.671Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\Tasks\At1.job

2012-08-24T04:07:51.626Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX)

2012-08-24T04:08:19.895Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\Tasks\At1.job

2012-08-24T04:31:23.834Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX)

2012-08-24T04:31:55.725Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\Tasks\At1.job

2012-08-24T05:09:07.225Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX)

2012-08-24T05:09:39.163Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\Tasks\At1.job

2012-08-24T05:48:56.256Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX)

2012-08-24T05:49:29.834Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\Tasks\At1.job

2012-08-24T06:13:03.022Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX)

2012-08-24T06:13:31.553Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\Tasks\At1.job

2012-08-24T07:09:46.857Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX)

2012-08-24T07:10:18.841Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\Tasks\At1.job

2012-08-24T07:13:14.716Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX)

2012-08-24T07:13:46.591Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\Tasks\At1.job

2012-08-24T08:12:41.044Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX)

2012-08-24T08:13:14.951Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\Tasks\At1.job

2012-08-24T08:29:40.966Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX)

2012-08-24T08:30:13.029Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\Tasks\At1.job

2012-08-24T09:15:05.154Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX)

2012-08-24T09:15:37.060Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\Tasks\At1.job

2012-08-24T09:47:12.591Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX)

2012-08-24T09:47:44.591Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\Tasks\At1.job

2012-08-24T10:16:35.529Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX)

2012-08-24T10:17:03.857Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\Tasks\At1.job

2012-08-24T11:04:55.747Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX)

2012-08-24T11:05:27.732Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\Tasks\At1.job

2012-08-24T11:17:59.372Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX)

2012-08-24T11:18:31.279Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\Tasks\At1.job

2012-08-24T12:18:36.810Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX)

2012-08-24T12:19:06.497Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\Tasks\At1.job

2012-08-24T12:22:45.029Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX)

2012-08-24T12:23:17.013Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\Tasks\At1.job

2012-08-24T13:21:21.835Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX)

2012-08-24T13:21:58.388Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\Tasks\At1.job

2012-08-24T13:44:21.582Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX)

2012-08-24T13:44:54.847Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\Tasks\At1.job

2012-08-24T14:29:19.375Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)

2012-08-24T14:29:22.812Z Version: Product 4.0.1526.0 Service 4.0.1526.0 Engine 1.1.8703.0 AS 1.133.248.0 AV 1.133.248.0

2012-08-24T14:30:46.250Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX)

2012-08-24T14:30:46.250Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\Tasks\At1.job

2012-08-24T14:46:39.328Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)

2012-08-24T14:46:42.421Z Version: Product 4.0.1526.0 Service 4.0.1526.0 Engine 1.1.8703.0 AS 1.133.248.0 AV 1.133.248.0

2012-08-24T18:54:29.921Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)

2012-08-24T18:54:33.109Z Version: Product 4.0.1526.0 Service 4.0.1526.0 Engine 1.1.8703.0 AS 1.133.248.0 AV 1.133.248.0

2012-08-25T01:07:26.445Z DETECTION Worm:Win32/Conficker.B file:C:\Qoobox\Quarantine\C\WINDOWS\system32\wtmxv.seg.vir->(UPX)

2012-08-25T01:31:58.429Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.dll->(UPX)

2012-08-25T11:19:11.729Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.dll->(UPX)

2012-08-25T11:20:48.548Z Service stopped with exit code 0x0

2012-08-25T11:20:53.890Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)

2012-08-25T11:20:56.468Z Version: Product 4.0.1526.0 Service 4.0.1526.0 Engine 1.1.8703.0 AS 1.133.248.0 AV 1.133.248.0

2012-08-25T11:22:35.383Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX)

2012-08-25T11:23:14.157Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\Tasks\At1.job

[Maniac]

Download and install this update:

http://www.microsoft.com/en-us/download/details.aspx?id=3205

Then reboot your PC and after reboot perform a full system scan with Microsoft Security Essentials. Reboot the system again and let me know how are things.

[NunChukaKata]

Did that and same result. The program found the virus again after the desktop loaded. I should also mention that I tried to update MSE and it errored out.

Error Code: 0x80070422

Error Description: Security Essentials can't start the update service because it's been turned off by the security administrator or because of a problem in the registry data.

MPLog:

Beginning threat actions

Start time:‎08‎-‎25‎-‎2012 14:15:43

Threat Name:Worm:Win32/Conficker.B

Threat ID:2147618124

Action:quarantine

Resource action complete:Quarantine

Schema:file

Path:\\?\C:\WINDOWS\Tasks\At1.job

Threat ID:2147618124

Resource refcount:1

Result:0

Resource action complete:Quarantine

Schema:file

Path:\\?\C:\WINDOWS\system32\wtmxv.seg->(UPX)

Threat ID:2147618124

Resource refcount:1

Result:0

Resource action complete:Quarantine

Schema:taskscheduler

Path:\\?\C:\WINDOWS\Tasks\At1.job

Threat ID:2147618124

Resource refcount:1

Result:0

Resource action complete:Quarantine

Schema:containerfile

Path:\\?\C:\WINDOWS\system32\wtmxv.seg

Threat ID:2147618124

Resource refcount:1

Result:0

File to act on SHA1:48A0002A7F257825476274158FA7EF5B55617040

File cleaned/removed successfully

File Name:C:\WINDOWS\Tasks\At1.job

Resource action complete:Removal

Schema:file

Path:\\?\C:\WINDOWS\Tasks\At1.job

Threat ID:2147618124

Resource refcount:1

Result:0

File to act on SHA1:0E644FC39A287E6F020EDE6D6C9DD708B1A871BA

File cleaned/removed successfully

File Name:C:\WINDOWS\system32\wtmxv.seg->(UPX)

Resource action complete:Removal

Schema:file

Path:\\?\C:\WINDOWS\system32\wtmxv.seg->(UPX)

Threat ID:2147618124

Resource refcount:1

Result:0

Resource action complete:Removal

Schema:taskscheduler

Path:\\?\C:\WINDOWS\Tasks\At1.job

Threat ID:2147618124

Resource refcount:1

Result:0

Finished threat ID:2147618124

Threat result:0

Threat status flags:128

Finished threat actions

End time:‎08‎-‎25‎-‎2012 14:15:44

Result:0

2012-08-25T19:15:45.092Z Task(SpyNetService -RestrictPrivileges -AccessKey C6A6F33C-A950-1FA1-5DD6-DC9F0C5B81D0) launched

2012-08-25T19:15:46.607Z Successfully wrote instance of AntiVirusProduct with state(1) and up-to-date state(1)

DSS Timeout:Received results after timeout

2012-08-25T19:41:05.971Z Task(SpyNetService -RestrictPrivileges -AccessKey 4FD6930E-8D67-3CF9-F635-C1BC09FC5934) launched

Begin Resource Scan

Scan ID:{3C896337-481C-4403-AD8E-9FCB847406C0}

Scan Source:7

Start Time:‎08‎-‎25‎-‎2012 14:41:07

End Time:‎08‎-‎25‎-‎2012 14:41:18

Explicit resource to scan

Resource Schema:queryfilertsig

Resource Path:c:\documents and settings\dedmanj\Desktop\ComboFix.exe

Result Count:1

Known File

Number of Resources:43

Resource Schema:file

Resource Path:c:\documents and settings\dedmanj\Desktop\ComboFix.exe->(UPX)->(nsis-6-zip.3XE)

Extended Info:35874228808723

Resource Schema:file

Resource Path:c:\documents and settings\dedmanj\Desktop\ComboFix.exe->(UPX)->(nsis-6-VBR.pif)->vbr_78.dat

Extended Info:35872938128285

Resource Schema:file

Resource Path:c:\documents and settings\dedmanj\Desktop\ComboFix.exe->(UPX)->(nsis-6-VBR.pif)->vbr_77.dat

Extended Info:35872938128285

Resource Schema:file

Resource Path:c:\documents and settings\dedmanj\Desktop\ComboFix.exe->(UPX)->(nsis-6-VBR.pif)->vbr_76.dat

Extended Info:35872938128285

Resource Schema:file

Resource Path:c:\documents and settings\dedmanj\Desktop\ComboFix.exe->(UPX)->(nsis-6-VBR.pif)->vbr_75.dat

Extended Info:35872938128285

Resource Schema:file

Resource Path:c:\documents and settings\dedmanj\Desktop\ComboFix.exe->(UPX)->(nsis-6-VBR.pif)->vbr_74.dat

Extended Info:35872938128285

Resource Schema:file

Resource Path:c:\documents and settings\dedmanj\Desktop\ComboFix.exe->(UPX)->(nsis-6-VBR.pif)->vbr_73.dat

Extended Info:35872938128285

Resource Schema:file

Resource Path:c:\documents and settings\dedmanj\Desktop\ComboFix.exe->(UPX)->(nsis-6-VBR.pif)->vbr_72.dat

Extended Info:35872938128285

Resource Schema:file

Resource Path:c:\documents and settings\dedmanj\Desktop\ComboFix.exe->(UPX)->(nsis-6-VBR.pif)->vbr_71.dat

Extended Info:35872938128285

Resource Schema:file

Resource Path:c:\documents and settings\dedmanj\Desktop\ComboFix.exe->(UPX)->(nsis-6-VBR.pif)->vbr_70.dat

Extended Info:35872938128285

Resource Schema:file

Resource Path:c:\documents and settings\dedmanj\Desktop\ComboFix.exe->(UPX)->(nsis-6-VBR.pif)->vbr_2062.dat

Extended Info:35872938128285

Resource Schema:file

Resource Path:c:\documents and settings\dedmanj\Desktop\ComboFix.exe->(UPX)->(nsis-6-VBR.pif)->vbr_2061.dat

Extended Info:35872938128285

Resource Schema:file

Resource Path:c:\documents and settings\dedmanj\Desktop\ComboFix.exe->(UPX)->(nsis-6-VBR.pif)->vbr_2060.dat

Extended Info:35872938128285

Resource Schema:file

Resource Path:c:\documents and settings\dedmanj\Desktop\ComboFix.exe->(UPX)->(nsis-6-VBR.pif)->vbr_2059.dat

Extended Info:35872938128285

Resource Schema:file

Resource Path:c:\documents and settings\dedmanj\Desktop\ComboFix.exe->(UPX)->(nsis-6-VBR.pif)->vbr_2058.dat

Extended Info:35872938128285

Resource Schema:file

Resource Path:c:\documents and settings\dedmanj\Desktop\ComboFix.exe->(UPX)->(nsis-6-VBR.pif)->vbr_2057.dat

Extended Info:35872938128285

Resource Schema:file

Resource Path:c:\documents and settings\dedmanj\Desktop\ComboFix.exe->(UPX)->(nsis-6-tail.3XE)

Extended Info:35872753132949

Resource Schema:file

Resource Path:c:\documents and settings\dedmanj\Desktop\ComboFix.exe->(UPX)->(nsis-6-swxcacls.3XE)

Extended Info:35873857938707

Resource Schema:file

Resource Path:c:\documents and settings\dedmanj\Desktop\ComboFix.exe->(UPX)->(nsis-6-swsc.3XE)

Extended Info:35872419590621

Resource Schema:file

Resource Path:c:\documents and settings\dedmanj\Desktop\ComboFix.exe->(UPX)->(nsis-6-swreg.3XE)

Extended Info:35875489031665

Resource Schema:file

Resource Path:c:\documents and settings\dedmanj\Desktop\ComboFix.exe->(UPX)->(nsis-6-streamtools.zip)->SF.exe

Extended Info:35872676068749

Resource Schema:file

Resource Path:c:\documents and settings\dedmanj\Desktop\ComboFix.exe->(UPX)->(nsis-6-sed.3XE)

Extended Info:35874606311326

Resource Schema:file

Resource Path:c:\documents and settings\dedmanj\Desktop\ComboFix.exe->(UPX)->(nsis-6-s0rt.3XE)

Extended Info:35872142884299

Resource Schema:file

Resource Path:c:\documents and settings\dedmanj\Desktop\ComboFix.exe->(UPX)->(nsis-6-pev.3XE)

Extended Info:35874998851487

Resource Schema:file

Resource Path:c:\documents and settings\dedmanj\Desktop\ComboFix.exe->(UPX)->(nsis-6-NirCmd.chm)->/$WWKeywordLinks/Property

Extended Info:35871963681930

Resource Schema:file

Resource Path:c:\documents and settings\dedmanj\Desktop\ComboFix.exe->(UPX)->(nsis-6-NirCmd.chm)->/$WWAssociativeLinks/Property

Extended Info:35871963681930

Resource Schema:file

Resource Path:c:\documents and settings\dedmanj\Desktop\ComboFix.exe->(UPX)->(nsis-6-NirCmd.chm)->/$FIftiMain

Extended Info:35872925223583

Resource Schema:file

Resource Path:c:\documents and settings\dedmanj\Desktop\ComboFix.exe->(UPX)->(nsis-6-NirCmd.chm)->/#ITBITS

Extended Info:35872925223583

Resource Schema:file

Resource Path:c:\documents and settings\dedmanj\Desktop\ComboFix.exe->(UPX)->(nsis-6-mynul.dat)

Extended Info:35872925223583

Resource Schema:file

Resource Path:c:\documents and settings\dedmanj\Desktop\ComboFix.exe->(UPX)->(nsis-6-iexplore.exe)

Extended Info:35871981075714

Resource Schema:file

Resource Path:c:\documents and settings\dedmanj\Desktop\ComboFix.exe->(UPX)->(nsis-6-gsar.3XE)

Extended Info:35875104298964

Resource Schema:file

Resource Path:c:\documents and settings\dedmanj\Desktop\ComboFix.exe->(UPX)->(nsis-6-grep.3XE)

Extended Info:35872805577254

Resource Schema:file

Resource Path:c:\documents and settings\dedmanj\Desktop\ComboFix.exe->(UPX)->(nsis-6-extract.3XE)

Extended Info:35872707659250

Resource Schema:file

Resource Path:c:\documents and settings\dedmanj\Desktop\ComboFix.exe->(UPX)->(nsis-6-ERUNT.3XE)

MPDetection:

2012-08-25T01:07:26.445Z DETECTION Worm:Win32/Conficker.B file:C:\Qoobox\Quarantine\C\WINDOWS\system32\wtmxv.seg.vir->(UPX)

2012-08-25T01:31:58.429Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.dll->(UPX)

2012-08-25T11:19:11.729Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.dll->(UPX)

2012-08-25T11:20:48.548Z Service stopped with exit code 0x0

2012-08-25T11:20:53.890Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)

2012-08-25T11:20:56.468Z Version: Product 4.0.1526.0 Service 4.0.1526.0 Engine 1.1.8703.0 AS 1.133.248.0 AV 1.133.248.0

2012-08-25T11:22:35.383Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\system32\wtmxv.seg->(UPX)

2012-08-25T11:23:14.157Z DETECTION Worm:Win32/Conficker.B file:C:\WINDOWS\Tasks\At1.job

2012-08-25T17:39:33.234Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)

2012-08-25T17:39:36.125Z Version: Product 4.0.1526.0 Service 4.0.1526.0 Engine 1.1.8703.0 AS 1.133.248.0 AV 1.133.248.0

[Maniac]

Please proceed with the following steps and let me know:

http://kb.eset.com/esetkb/index?page=content&id=SOLN2209

[NunChukaKata]

I did the steps in the guide. When I ran the EConfickerRemover, it said didn't find any instances of Conficker and the memory and asked if I wanted to continue with the scan so I hit yes and the cmd prompt just went away.

Could it be possible that I am not infected anymore? And another network drive we use be infected with the virus trying to reinstall it on my machine only to be quarantined by MSE? Here are fresh dds files:

DDS:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.6.2

Run by dedmanj at 14:02:26 on 2012-08-29

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2140 [GMT -5:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

svchost.exe

svchost.exe

svchost.exe

C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

svchost.exe

C:\WINDOWS\system32\svchost.exe -k hpdevmgmt

C:\WINDOWS\system32\svchost.exe -k HPService

C:\Program Files\Java\jre7\bin\jqs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe

C:\Program Files\LogMeIn\x86\RaMaint.exe

C:\Program Files\LogMeIn\x86\LogMeIn.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\Neon Responder Service.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Microsoft ActiveSync\wcescomm.exe

C:\WINDOWS\system32\ctfmon.exe

C:\PROGRA~1\MI3AA1~1\rapimgr.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Documents and Settings\dedmanj\Application Data\Dropbox\bin\Dropbox.exe

C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE

C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\HP\HP Software Update\hpwuschd2.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Documents and Settings\dedmanj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\dedmanj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\dedmanj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\dedmanj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\dedmanj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\dedmanj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = www.msn.com

uInternet Connection Wizard,ShellNext = hxxp://www.slizone.com/

uInternet Settings,ProxyOverride = 192.168.1.*;127.0.0.*;*.local

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll

uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [soundMan] SOUNDMAN.EXE

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [<NO NAME>]

StartupFolder: c:\docume~1\dedmanj\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\dedmanj\application data\dropbox\bin\Dropbox.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\apcups~1.lnk - c:\program files\apc\apc powerchute personal edition\Display.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

uPolicies-system: EnableLUA = 0 (0x0)

IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll

IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll

IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16}

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

Trusted Zone: microsoft.com\update

DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} - hxxp://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204

DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab

DPF: {4592C0F5-3382-44C6-9F79-BEA2CCBDA2EA} - hxxp://onbase.lebanontn.org/activex/OBXWebSelect.cab

DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1342212263919

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1342212249872

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {7D731A83-6C80-4EA4-9646-5E06A0513274} - hxxp://www.shockwave.com/content/ballistik/sis/slgwebinstall.cab

DPF: {87237C1E-D4C7-4632-88D5-157F4D0258F8} - hxxp://onbase.lebanontn.org/AppNet/activex/OBXWebViewer.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {93D532DD-85FC-4A92-8254-8DB5437D8690} - hxxp://onbase.lebanontn.org/AppNet/activex/OBXPopup.cab

DPF: {A9CEF04E-E6CE-45B5-BFAD-158103BB1007} - hxxp://onbase.lebanontn.org/AppNet/activex/OBXWebSelect.cab

DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} - hxxp://support.f-secure.com/ols/fscax.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {F5876F16-5217-4B38-96F3-C2BB80215302} - hxxp://onbase.lebanontn.org/activex/OBXWebViewer.cab

DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100

TCP: Interfaces\{AF77C8D5-D52F-4A5C-B534-C63748B804AA} : NameServer = 192.168.1.11,192.168.1.88,8.8.8.8

TCP: Interfaces\{C464620F-5B21-484A-A733-9A8D2368D828} : NameServer = 192.168.1.11,192.168.1.5

Handler: sds - {79E0F14C-9C52-4218-89A7-7C4B0563D121} - c:\program files\imagistics\desktop document manager\ExplorerExtensions.dll

Notify: LMIinit - LMIinit.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

mASetup: {B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC} - c:\program files\pixiepack codec pack\InstallerHelper.exe

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\dedmanj\application data\mozilla\firefox\profiles\mv1z7qyd.default\

FF - prefs.js: browser.search.selectedEngine - AVG Secure Search

FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official

FF - prefs.js: keyword.URL - hxxp://search.freecause.com/search?fr=freecause&ourmark=3&type=61615&p=

FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll

FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll

FF - plugin: c:\documents and settings\dedmanj\application data\move networks\plugins\npqmp071503000010.dll

FF - plugin: c:\documents and settings\dedmanj\application data\mozilla\firefox\profiles\mv1z7qyd.default\extensions\logmeinclient@logmein.com\plugins\npLMI64.dll

FF - plugin: c:\documents and settings\dedmanj\application data\mozilla\firefox\profiles\mv1z7qyd.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll

FF - plugin: c:\documents and settings\dedmanj\local settings\application data\google\update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: c:\program files\amazon\mp3 downloader\npAmazonMP3DownloaderPlugin.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\nprpplugin.dll

FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll

FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_265.dll

FF - plugin: c:\windows\system32\npDeployJava1.dll

FF - plugin: c:\windows\system32\npptools.dll

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064]

R2 LeicaCOMM;Leica Virtual COM Port Driver;c:\windows\system32\drivers\SS1VCOMM.sys [2008-10-6 29862]

R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2011-7-6 374184]

R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2011-1-11 12856]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-10-22 47640]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-12-15 655944]

R2 Neon Responder;Neon Responder;c:\windows\Neon Responder Service.exe [2010-3-11 271952]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-12-15 22344]

S0 uuvy;uuvy;c:\windows\system32\drivers\lvlmv.sys --> c:\windows\system32\drivers\lvlmv.sys [?]

S1 jgameenp;jgameenp;\??\c:\windows\system32\drivers\jgameenp.sys --> c:\windows\system32\drivers\jgameenp.sys [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-13 136176]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-7-13 136176]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]

S4 LMIRfsClientNP;LMIRfsClientNP; [x]

.

=============== Created Last 30 ================

.

2012-08-29 18:54:39 7022536 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3db557d9-f0c0-4b93-aa58-ea50c7187273}\mpengine.dll

2012-08-29 18:49:26 -------- d-----w- c:\documents and settings\dedmanj\application data\HpUpdate

2012-08-29 18:49:23 -------- d-----w- c:\windows\Hewlett-Packard

2012-08-28 18:51:05 7022536 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll

2012-08-28 17:49:40 271704 ----a-r- C:\hpzids01.dll

2012-08-28 15:02:08 -------- d-----w- c:\documents and settings\dedmanj\local settings\application data\ApplicationHistory

2012-08-28 14:59:35 -------- d-----w- c:\windows\system32\URTTEMP

2012-08-28 14:49:39 -------- d-----w- c:\documents and settings\dedmanj\local settings\application data\PCHealth

2012-08-28 14:12:50 -------- d-----w- c:\windows\system32\XPSViewer

2012-08-28 12:53:25 -------- d-s---w- C:\ComboFix

2012-08-27 19:21:55 -------- d-----w- c:\windows\hpoj7000e809a

2012-08-27 19:21:22 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys

2012-08-27 19:21:20 49920 ----a-r- c:\windows\system32\drivers\HPZid412.sys

2012-08-27 19:20:52 311808 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\hpfpp091.dll

2012-08-27 19:20:52 271704 ----a-r- c:\windows\system32\hpzids01.dll

2012-08-27 19:20:52 121344 ----a-w- c:\windows\system32\hpf3l091.dll

2012-08-27 19:20:46 364544 ----a-r- c:\windows\system32\hppldcoi.dll

2012-08-27 19:20:46 309760 ----a-r- c:\windows\system32\difxapi.dll

2012-08-27 19:20:46 21568 ----a-r- c:\windows\system32\drivers\HPZius12.sys

2012-08-27 19:17:59 -------- d-----w- c:\program files\HP

2012-08-25 00:26:42 -------- d-----w- c:\program files\ESET

2012-08-22 21:20:34 33280 -c--a-w- c:\windows\system32\dllcache\rundll32.exe

2012-08-22 21:20:34 33280 ----a-w- c:\windows\system32\rundll32.exe

2012-08-22 18:59:36 -------- d-----w- c:\documents and settings\dedmanj\application data\NVIDIA

2012-08-22 17:49:29 292700 ----a-w- c:\windows\system32\nvdrsdb1.bin

2012-08-22 17:49:29 292700 ----a-w- c:\windows\system32\nvdrsdb0.bin

2012-08-22 17:49:29 1 ----a-w- c:\windows\system32\nvdrssel.bin

2012-08-22 17:49:15 -------- d-----w- c:\program files\NVIDIA Corporation

2012-08-21 13:30:04 -------- d-----w- c:\windows\system32\winrm

2012-08-21 13:29:53 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$

2012-08-21 13:28:45 -------- d-----w- c:\program files\Windows Desktop Search

2012-08-21 13:27:02 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll

2012-08-21 13:27:02 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll

2012-08-21 13:27:02 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll

2012-08-21 13:26:18 -------- d-----w- c:\program files\Windows Media Connect 2

2012-08-21 13:20:42 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll

2012-08-20 21:17:43 -------- d-----w- c:\program files\Microsoft Security Client

2012-08-16 19:36:09 -------- d-----w- c:\windows\system32\MpEngineStore

2012-08-16 14:21:33 -------- d-----w- c:\documents and settings\dedmanj\application data\ElevatedDiagnostics

2012-08-16 13:56:15 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2012-08-14 20:13:48 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-08-03 13:58:48 -------- d-----w- c:\documents and settings\dedmanj\application data\AVG2012

2012-08-02 12:43:49 -------- d-----w- c:\documents and settings\all users\application data\AVG2012

2012-08-02 12:43:00 -------- d-----w- c:\program files\AVG

2012-08-02 12:39:51 -------- d--h--w- c:\documents and settings\all users\application data\Common Files

2012-08-02 12:39:51 -------- d-----w- c:\documents and settings\all users\application data\MFAData

.

==================== Find3M ====================

.

2012-08-16 13:56:00 143872 ----a-w- c:\windows\system32\javacpl.cpl

2012-08-16 13:55:59 821736 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-08-16 13:55:59 746984 ----a-w- c:\windows\system32\deployJava1.dll

2012-08-14 19:23:33 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-08-14 19:23:33 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-07-13 12:27:47 83392 ----a-w- c:\windows\system32\LMIRfsClientNP.dll

2012-07-13 12:27:47 52128 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll

2012-07-13 12:27:46 87456 ----a-w- c:\windows\system32\LMIinit.dll

2012-07-13 12:27:46 30624 ----a-w- c:\windows\system32\LMIport.dll

2012-07-06 13:58:51 78336 ----a-w- c:\windows\system32\browser.dll

2012-07-04 14:05:18 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-07-03 18:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-03 13:40:15 1866112 ----a-w- c:\windows\system32\win32k.sys

2012-07-02 17:49:33 916992 ----a-w- c:\windows\system32\wininet.dll

2012-07-02 17:49:32 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-07-02 17:49:32 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2012-07-02 12:05:43 385024 ----a-w- c:\windows\system32\html.iec

2012-06-07 01:59:42 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX

2012-06-05 15:50:25 1372672 ----a-w- c:\windows\system32\msxml6.dll

2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll

2012-06-04 22:35:26 222448 ----a-w- c:\windows\system32\muweb.dll

2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 20:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui

2012-06-02 20:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl

2012-06-02 20:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2012-06-02 20:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui

2012-06-02 20:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui

.

============= FINISH: 14:03:35.36 ===============

ATTACH:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 10/11/2007 3:04:28 PM

System Uptime: 8/29/2012 12:40:27 PM (2 hours ago)

.

Motherboard: Supermicro | | X7DAL

Processor: Intel® Xeon® CPU 5160 @ 3.00GHz | LGA771/CPU1 | 3000/mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 149 GiB total, 84.218 GiB free.

E: is NetworkDisk (NTFS) - 466 GiB total, 272.194 GiB free.

I: is NetworkDisk (NTFS) - 668 GiB total, 405.582 GiB free.

J: is NetworkDisk (NTFS) - 668 GiB total, 405.582 GiB free.

L: is CDROM ()

S: is CDROM ()

V: is NetworkDisk (NTFS) - 466 GiB total, 272.194 GiB free.

W: is NetworkDisk (NTFS) - 668 GiB total, 405.582 GiB free.

Y: is NetworkDisk (FAT) - 112 GiB total, 5.843 GiB free.

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: Intel® PRO/1000 EB Network Connection with I/O Acceleration

Device ID: PCI\VEN_8086&DEV_1096&SUBSYS_000015D9&REV_01\6&1185AD87&0&00100018

Manufacturer: Intel

Name: Intel® PRO/1000 EB Network Connection with I/O Acceleration

PNP Device ID: PCI\VEN_8086&DEV_1096&SUBSYS_000015D9&REV_01\6&1185AD87&0&00100018

Service: e1express

.

Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}

Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard

Device ID: ACPI\PNP0303\5&6B1A51C&0

Manufacturer: (Standard keyboards)

Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard

PNP Device ID: ACPI\PNP0303\5&6B1A51C&0

Service: i8042prt

.

Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}

Description: PS/2 Compatible Mouse

Device ID: ACPI\PNP0F13\5&6B1A51C&0

Manufacturer: Microsoft

Name: PS/2 Compatible Mouse

PNP Device ID: ACPI\PNP0F13\5&6B1A51C&0

Service: i8042prt

.

Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}

Description: DesignJet 1055CM (C6075A)

Device ID: ROOT\MULTIFUNCTION\0000

Manufacturer: Hewlett-Packard

Name: DesignJet 1055CM (C6075A)

PNP Device ID: ROOT\MULTIFUNCTION\0000

Service:

.

Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}

Description: HP LaserJet CP1525nw

Device ID: ROOT\MULTIFUNCTION\0001

Manufacturer: Hewlett-Packard

Name: HP LaserJet CP1525nw

PNP Device ID: ROOT\MULTIFUNCTION\0001

Service:

.

Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}

Description: HP LaserJet CP1525nw

Device ID: ROOT\MULTIFUNCTION\0002

Manufacturer: Hewlett-Packard

Name: HP LaserJet CP1525nw

PNP Device ID: ROOT\MULTIFUNCTION\0002

Service:

.

Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}

Description: Centronics Printer/Plotter

Device ID: ROOT\MULTIFUNCTION\0003

Manufacturer:

Name: Centronics Printer/Plotter

PNP Device ID: ROOT\MULTIFUNCTION\0003

Service:

.

Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}

Description: HP LaserJet P4014

Device ID: ROOT\MULTIFUNCTION\0004

Manufacturer: Hewlett-Packard

Name: HP LaserJet P4014

PNP Device ID: ROOT\MULTIFUNCTION\0004

Service:

.

Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}

Description: Centronics Printer/Plotter

Device ID: ROOT\MULTIFUNCTION\0005

Manufacturer:

Name: Centronics Printer/Plotter

PNP Device ID: ROOT\MULTIFUNCTION\0005

Service:

.

Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}

Description: Centronics Printer/Plotter

Device ID: ROOT\MULTIFUNCTION\0006

Manufacturer:

Name: Centronics Printer/Plotter

PNP Device ID: ROOT\MULTIFUNCTION\0006

Service:

.

Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}

Description: hp LaserJet 4250

Device ID: ROOT\MULTIFUNCTION\0007

Manufacturer: Hewlett-Packard

Name: hp LaserJet 4250

PNP Device ID: ROOT\MULTIFUNCTION\0007

Service:

.

Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}

Description: Officejet 7000 E809a

Device ID: ROOT\MULTIFUNCTION\0008

Manufacturer: HP

Name: Officejet 7000 E809a

PNP Device ID: ROOT\MULTIFUNCTION\0008

Service:

.

Class GUID: {4D36E979-E325-11CE-BFC1-08002BE10318}

Description: Officejet 7000 E809a

Device ID: ROOT\PRINTER\0000

Manufacturer: HP

Name: Officejet 7000 E809a

PNP Device ID: ROOT\PRINTER\0000

Service:

.

==== System Restore Points ===================

.

RP1: 8/28/2012 8:56:29 AM - System Checkpoint

RP2: 8/28/2012 9:02:02 AM - Software Distribution Service 3.0

RP3: 8/28/2012 9:10:10 AM - Software Distribution Service 3.0

RP4: 8/28/2012 9:27:53 AM - Software Distribution Service 3.0

RP5: 8/28/2012 9:43:57 AM - Removed HP Update

RP6: 8/28/2012 9:50:57 AM - Software Distribution Service 3.0

RP7: 8/28/2012 9:59:12 AM - Software Distribution Service 3.0

RP8: 8/28/2012 10:01:06 AM - Software Distribution Service 3.0

RP9: 8/28/2012 10:09:25 AM - Software Distribution Service 3.0

RP10: 8/28/2012 10:38:56 AM - Removed HP Update

RP11: 8/28/2012 1:50:42 PM - Software Distribution Service 3.0

RP12: 8/29/2012 12:01:13 PM - Installed Windows XP KB958644.

RP13: 8/29/2012 12:02:44 PM - Installed Windows XP KB957097.

RP14: 8/29/2012 12:04:29 PM - Installed Windows XP KB958687.

RP15: 8/29/2012 1:54:36 PM - Software Distribution Service 3.0

.

==== Installed Programs ======================

.

32 Bit HP CIO Components Installer

3DVIA Shape for Maps

7-Zip 4.65

7000E809a

7000E809a_eDocs

7000E809a_Help

Adobe Acrobat 7.0 Standard - English, Français, Deutsch

Adobe Acrobat 7.1.0 Standard - English, Français, Deutsch

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Amazon MP3 Downloader 1.0.15

APC PowerChute Personal Edition

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ArcGIS ArcReader 10

ArcGIS ArcReader 10 Service Pack 1

ArcGIS ArcReader 10 Service Pack 2

ArcGIS Desktop 10

ArcGIS Desktop 10 Service Pack 1

ArcGIS Desktop 10 Service Pack 2

ArcGIS Desktop 10 Service Pack 3

ArcGIS Desktop 10 Service Pack 4

ArcGIS Editor Info

ArcGIS Mobile 10

AviSynth 2.5

Barracuda Message Archiver Outlook Add-In 2.4.17

Bing Maps 3D

Bonjour

BPDSoftware

BPDSoftware_Ini

BufferChm

CCleaner

Compatibility Pack for the 2007 Office system

Corpscon 6.0.1

Dassault Systemes Software Prerequisites x86

Desktop Document Manager

DeviceDiscovery

Dropbox

ESET Online Scanner v3

Eye-Fi Center 3.4

ffdshow [rev 2583] [2009-01-05]

Free DWG Viewer 7.1

GIS DataPRO

Google Chrome

Google Earth

Google Update Helper

GoToMeeting 4.8.0.723

GPBaseService2

GPS Pathfinder Office

Haali Media Splitter

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB915800-v4)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

HP Business Inkjet 2800

HP Business Inkjet 2800 series

HP Customer Participation Program 12.0

HP Imaging Device Functions 12.0

HP Officejet 7000 E809a Series

HP Smart Web Printing

HP Solution Center 12.0

HP Update

HPProductAssistant

HPSSupply

Imagistics im3511/im4511 Series PCL Printer Driver

Imagistics PCL6 T1 Printer Driver

Intel® PRO Network Connections 12.0.36.0

IrfanView (remove only)

iTunes

Java 7 Update 6

Java Auto Updater

Java 6 Update 31

JavaFX 2.1.1

LightScribe 1.8.15.1

LogMeIn

Malwarebytes Anti-Malware version 1.62.0.1300

MarketResearch

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2656353)

Microsoft .NET Framework 1.1 Security Update (KB2656370)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft ActiveSync

Microsoft Application Error Reporting

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

Microsoft Office Access Runtime (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Professional Edition 2003

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft SQL Server 2008 Native Client

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

MobileMe Control Panel

Move Media Player

Mozilla Firefox 9.0.1 (x86 en-US)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Nero 7 Ultra Edition

neroxml

Network

NVIDIA Drivers

Océ WPD

OGA Notifier 2.0.0048.0

PCMark05

PerformanceTest v6.1

PixiePack Codec Pack

ProductContext

Python 2.5 numpy-1.0.3

Python 2.5.1

QuickTime

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

Realtek AC'97 Audio

RealUpgrade 1.1

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft Windows (KB2564958)

Security Update for Windows Internet Explorer 8 (KB2183461)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB2416400)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2530548)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2559049)

Security Update for Windows Internet Explorer 8 (KB2586448)

Security Update for Windows Internet Explorer 8 (KB2647516)

Security Update for Windows Internet Explorer 8 (KB2675157)

Security Update for Windows Internet Explorer 8 (KB2699988)

Security Update for Windows Internet Explorer 8 (KB2722913)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB976325)

Security Update for Windows Internet Explorer 8 (KB978207)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player (KB979402)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows Media Player 9 (KB936782)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2621440)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2641653)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2647518)

Security Update for Windows XP (KB2653956)

Security Update for Windows XP (KB2655992)

Security Update for Windows XP (KB2659262)

Security Update for Windows XP (KB2660465)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB2676562)

Security Update for Windows XP (KB2685939)

Security Update for Windows XP (KB2686509)

Security Update for Windows XP (KB2691442)

Security Update for Windows XP (KB2695962)

Security Update for Windows XP (KB2698365)

Security Update for Windows XP (KB2705219)

Security Update for Windows XP (KB2707511)

Security Update for Windows XP (KB2712808)

Security Update for Windows XP (KB2718523)

Security Update for Windows XP (KB2719985)

Security Update for Windows XP (KB2723135)

Security Update for Windows XP (KB2731847)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB923789)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956390)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958215)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371-v2)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

Sentinel System Driver

Shop for HP Supplies

SiSoftware Sandra Lite XIIc

SmartWebPrinting

SolutionCenter

Status

TextPad 5

Toolbox

TrayApp

Trimble TrimPix Pro Configuration Center

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 8 (KB2598845)

Update for Windows Internet Explorer 8 (KB2632503)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB980182)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2492386)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2616676-v2)

Update for Windows XP (KB2641690)

Update for Windows XP (KB2718704)

Update for Windows XP (KB943729)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

Visual C++ 8.0 ATL (x86) WinSXS MSM

Visual C++ 8.0 CRT (x86) WinSXS MSM

VLC media player 2.0.2

WebFldrs XP

WebReg

WIDCOMM Bluetooth Software

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 8

Windows Management Framework Core

Windows Media Format 11 runtime

Windows Media Player 11

Windows Media Player Firefox Plugin

Windows Mobile Developer Power Toys

Windows Mobile® Device Handbook

Windows XP Service Pack 3

Yahoo! Toolbar

.

==== Event Viewer Messages From Past Week ========

.

8/29/2012 12:16:36 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips i8042prt intelppm IPSec jgameenp MpFilter MRxSmb NetBIOS NetBT RasAcd Rdbss sptd Tcpip WS2IFSL

8/25/2012 3:10:39 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.133.248.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8703.0 Error code: 0x80070422 Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

8/25/2012 3:10:25 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.133.248.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8703.0 Error code: 0x80070422 Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

8/25/2012 3:04:30 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.133.248.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8703.0 Error code: 0x80070422 Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

8/25/2012 3:04:19 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.133.248.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8703.0 Error code: 0x80070422 Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

8/25/2012 12:50:49 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.133.248.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8703.0 Error code: 0x80070422 Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

8/25/2012 12:48:18 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.133.248.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8703.0 Error code: 0x80070422 Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

8/25/2012 12:45:35 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.133.248.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8703.0 Error code: 0x80070422 Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

8/25/2012 12:44:22 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.133.248.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8703.0 Error code: 0x80070422 Error description: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

8/24/2012 9:32:06 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service Sophos AutoUpdate Service with arguments "-Service" in order to run the server: {BF515489-25C1-472D-8F02-378E6CC06B3C}

8/24/2012 9:31:55 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service Sophos AutoUpdate Service with arguments "-Service" in order to run the server: {7CBCADE4-7AA7-43AE-BD20-D88223B6353E}

8/24/2012 9:29:42 AM, error: NETLOGON [5719] - No Domain Controller is available for domain CITYHALL due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.

8/24/2012 8:32:24 PM, error: Service Control Manager [7028] - The nuunfzpr Registry key denied access to SYSTEM account programs so the Service Control Manager took ownership of the Registry key.

8/24/2012 1:56:11 PM, error: Service Control Manager [7023] - The Config Security service terminated with the following error: Access is denied.

8/24/2012 1:54:45 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

8/23/2012 8:48:32 AM, error: Print [33] - The PrintQueue Container could not be found because the DNS Domain name could not be retrieved. Error: 6ba

8/22/2012 8:54:13 AM, error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Conficker.B&threatid=2147618124 Name: Worm:Win32/Conficker.B ID: 2147618124 Severity: Severe Category: Worm Path: containerfile:_C:\WINDOWS\system32\wtmxv.seg;file:_C:\WINDOWS\system32\wtmxv.seg->(UPX) Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070021 Error description: The process cannot access the file because another process has locked a portion of the file. Signature Version: AV: 1.133.61.0, AS: 1.133.61.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8703.0, NIS: 0.0.0.0

8/22/2012 8:47:57 AM, error: SAVOnAccessControl [81] -

8/22/2012 8:32:57 AM, error: NETLOGON [5719] - No Domain Controller is available for domain CITYHALL due to the following: The RPC server is unavailable. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.

8/22/2012 3:48:44 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

8/22/2012 3:48:30 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips i8042prt intelppm IPSec jgameenp MpFilter MRxSmb NetBIOS NetBT RasAcd Rdbss SAVOnAccessControl SAVOnAccessFilter sptd Tcpip WS2IFSL

8/22/2012 3:48:30 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.

8/22/2012 3:48:30 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.

8/22/2012 3:48:30 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

8/22/2012 3:48:30 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.

8/22/2012 3:48:30 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

8/22/2012 3:48:30 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

8/22/2012 3:48:23 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

8/22/2012 3:48:08 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

8/22/2012 12:23:27 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt jgameenp sptd

8/22/2012 12:23:27 PM, error: Service Control Manager [7001] - The Sentinel service depends on the Parport service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

8/22/2012 12:17:49 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft .NET Framework 1.1 Service Pack 1.

.

==== End Of File ===========================

[Maniac]

Let's check this out.

Make sure your MSE is up-to-date and perform a full system scan.