Can someone help with HJT log? Thanks - Page 2

Aaflac · #16 March 26th, 2012, 05:43 PM

On TDSSKiller...

Please run it once again, and this time, when presented with the TDSS File System entry in Threats Detected, select: Delete

Then, post the new TDSSKiller log in your reply.

garyz · #17 March 26th, 2012, 08:10 PM

Did NOT ask for reboot....

15:07:10.0203 3660 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
15:07:10.0703 3660 ================================================== ==========
15:07:10.0703 3660 Current date / time: 2012/03/26 15:07:10.0703
15:07:10.0703 3660 SystemInfo:
15:07:10.0703 3660
15:07:10.0703 3660 OS Version: 5.1.2600 ServicePack: 3.0
15:07:10.0703 3660 Product type: Workstation
15:07:10.0703 3660 ComputerName: D17V1M81
15:07:10.0703 3660 UserName: Andrew
15:07:10.0703 3660 Windows directory: C:\WINDOWS
15:07:10.0703 3660 System windows directory: C:\WINDOWS
15:07:10.0703 3660 Processor architecture: Intel x86
15:07:10.0703 3660 Number of processors: 2
15:07:10.0703 3660 Page size: 0x1000
15:07:10.0703 3660 Boot type: Normal boot
15:07:10.0703 3660 ================================================== ==========
15:07:31.0390 3660 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
15:07:33.0281 3660 \Device\Harddisk0\DR0:
15:07:33.0484 3660 MBR used
15:07:33.0484 3660 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x8DCB367
15:07:33.0656 3660 Initialize success
15:07:33.0656 3660 ================================================== ==========
15:08:12.0234 0872 ================================================== ==========
15:08:12.0234 0872 Scan started
15:08:12.0234 0872 Mode: Manual; TDLFS;
15:08:12.0234 0872 ================================================== ==========
15:08:13.0468 0872 5762 (bc0e4776fb9bf7fd74e5fae618fa8d2d) C:\WINDOWS\TEMP\5762.sys
15:08:13.0484 0872 5762 - ok
15:08:13.0812 0872 aawservice (17067069b9a7865028c1f2e6971d0ccc) C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
15:08:14.0203 0872 aawservice - ok
15:08:14.0609 0872 Abiosdsk - ok
15:08:15.0078 0872 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
15:08:15.0109 0872 abp480n5 - ok
15:08:16.0281 0872 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\drivers\tsk5.tmp
15:08:16.0343 0872 ACPI - ok
15:08:18.0062 0872 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
15:08:18.0078 0872 ACPIEC - ok
15:08:18.0796 0872 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
15:08:18.0843 0872 adpu160m - ok
15:08:19.0359 0872 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
15:08:19.0406 0872 aec - ok
15:08:20.0375 0872 AegisP (93034ce0cd3578d68da550fc2bca3080) C:\WINDOWS\system32\DRIVERS\AegisP.sys
15:08:20.0375 0872 AegisP - ok
15:08:21.0953 0872 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
15:08:21.0968 0872 AFD - ok
15:08:22.0843 0872 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
15:08:22.0890 0872 agp440 - ok
15:08:23.0734 0872 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
15:08:23.0750 0872 agpCPQ - ok
15:08:24.0671 0872 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
15:08:24.0687 0872 Aha154x - ok
15:08:25.0359 0872 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
15:08:25.0375 0872 aic78u2 - ok
15:08:25.0984 0872 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
15:08:26.0000 0872 aic78xx - ok
15:08:26.0390 0872 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
15:08:26.0390 0872 Alerter - ok
15:08:26.0671 0872 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
15:08:26.0687 0872 ALG - ok
15:08:27.0546 0872 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
15:08:27.0562 0872 AliIde - ok
15:08:27.0968 0872 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
15:08:28.0000 0872 alim1541 - ok
15:08:28.0437 0872 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
15:08:28.0453 0872 amdagp - ok
15:08:29.0421 0872 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
15:08:29.0453 0872 amsint - ok
15:08:29.0718 0872 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:08:29.0734 0872 Apple Mobile Device - ok
15:08:30.0171 0872 AppMgmt - ok
15:08:30.0593 0872 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
15:08:30.0609 0872 asc - ok
15:08:31.0015 0872 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
15:08:31.0031 0872 asc3350p - ok
15:08:32.0031 0872 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
15:08:32.0046 0872 asc3550 - ok
15:08:32.0218 0872 aspnet_state (e1a1206a4fb19b675e947b29ccd25fba) C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspne t_state.exe
15:08:32.0250 0872 aspnet_state - ok
15:08:32.0703 0872 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:08:32.0718 0872 AsyncMac - ok
15:08:33.0453 0872 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
15:08:33.0453 0872 atapi - ok
15:08:33.0859 0872 Atdisk - ok
15:08:34.0515 0872 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:08:34.0562 0872 Atmarpc - ok
15:08:35.0046 0872 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
15:08:35.0046 0872 AudioSrv - ok
15:08:35.0718 0872 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
15:08:35.0718 0872 audstub - ok
15:08:36.0796 0872 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
15:08:38.0921 0872 AVGIDSAgent - ok
15:08:40.0078 0872 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
15:08:40.0156 0872 AVGIDSDriver - ok
15:08:40.0859 0872 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
15:08:40.0875 0872 AVGIDSEH - ok
15:08:41.0312 0872 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
15:08:41.0343 0872 AVGIDSFilter - ok
15:08:41.0796 0872 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
15:08:41.0828 0872 AVGIDSShim - ok
15:08:42.0859 0872 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
15:08:42.0921 0872 Avgldx86 - ok
15:08:43.0328 0872 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
15:08:43.0343 0872 Avgmfx86 - ok
15:08:43.0671 0872 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
15:08:43.0687 0872 Avgrkx86 - ok
15:08:43.0984 0872 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
15:08:44.0046 0872 Avgtdix - ok
15:08:44.0390 0872 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
15:08:44.0468 0872 avgwd - ok
15:08:45.0296 0872 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
15:08:45.0343 0872 Beep - ok
15:08:45.0781 0872 bgsvcgen (acc9c8c560c567fad6f79c977ab2ea09) C:\WINDOWS\system32\bgsvcgen.exe
15:08:45.0828 0872 bgsvcgen - ok
15:08:46.0234 0872 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
15:08:46.0531 0872 BITS - ok
15:08:46.0781 0872 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
15:08:46.0890 0872 Bonjour Service - ok
15:08:47.0156 0872 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
15:08:47.0187 0872 Browser - ok
15:08:47.0968 0872 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys
15:08:48.0218 0872 BTHPORT - ok
15:08:48.0515 0872 BthServ (f4c43c66471b87996d95db7a3a664a37) C:\WINDOWS\System32\bthserv.dll
15:08:48.0531 0872 BthServ - ok
15:08:48.0750 0872 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
15:08:48.0750 0872 BTHUSB - ok
15:08:48.0968 0872 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
15:08:48.0968 0872 BVRPMPR5 - ok
15:08:49.0156 0872 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
15:08:49.0171 0872 cbidf - ok
15:08:49.0343 0872 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
15:08:49.0343 0872 cbidf2k - ok
15:08:49.0562 0872 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
15:08:49.0562 0872 cd20xrnt - ok
15:08:49.0750 0872 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
15:08:49.0750 0872 Cdaudio - ok
15:08:50.0078 0872 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
15:08:50.0078 0872 Cdfs - ok
15:08:50.0234 0872 cdrbsdrv (e0042bd5bef17a6a3ef1df576bde24d1) C:\WINDOWS\system32\drivers\cdrbsdrv.sys
15:08:50.0234 0872 cdrbsdrv - ok
15:08:50.0359 0872 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:08:50.0359 0872 Cdrom - ok
15:08:50.0609 0872 Changer - ok
15:08:50.0906 0872 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
15:08:50.0921 0872 CiSvc - ok
15:08:51.0078 0872 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
15:08:51.0078 0872 ClipSrv - ok
15:08:51.0250 0872 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
15:08:51.0250 0872 CmdIde - ok
15:08:51.0375 0872 COMSysApp - ok
15:08:51.0546 0872 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
15:08:51.0546 0872 Cpqarray - ok
15:08:51.0750 0872 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
15:08:51.0750 0872 CryptSvc - ok
15:08:52.0046 0872 CSHelper (aefb8558199bd5212b268b09bfa1d71a) C:\WINDOWS\system32\CSHelper.exe
15:08:52.0187 0872 CSHelper - ok
15:08:52.0343 0872 CSRBC (8a554b2ad8c57ec0647d9512365604c3) C:\WINDOWS\system32\Drivers\csrbcxp.sys
15:08:52.0343 0872 CSRBC - ok
15:08:52.0500 0872 CVPND (8b97718424672cad4ad99d72310c1644) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
15:08:52.0546 0872 CVPND - ok
15:08:52.0890 0872 CVPNDRV (963442a06c861071489d39f34f9e22d1) C:\WINDOWS\system32\Drivers\CVPNDRV.sys
15:08:53.0000 0872 CVPNDRV - ok
15:08:53.0468 0872 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
15:08:53.0515 0872 dac2w2k - ok
15:08:54.0109 0872 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
15:08:54.0109 0872 dac960nt - ok
15:08:54.0421 0872 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
15:08:54.0500 0872 DcomLaunch - ok
15:08:54.0875 0872 DELL_A02 (ac42d95803a473f4898297dafba8dc89) C:\WINDOWS\system32\DRIVERS\PRISMA02.sys
15:08:54.0890 0872 DELL_A02 - ok
15:08:55.0078 0872 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
15:08:55.0093 0872 Dhcp - ok
15:08:55.0296 0872 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
15:08:55.0312 0872 Disk - ok
15:08:55.0609 0872 dmadmin - ok
15:08:56.0484 0872 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
15:08:56.0531 0872 dmboot - ok
15:08:56.0796 0872 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
15:08:56.0828 0872 dmio - ok
15:08:57.0093 0872 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
15:08:57.0109 0872 dmload - ok
15:08:57.0453 0872 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
15:08:57.0453 0872 dmserver - ok
15:08:57.0734 0872 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
15:08:57.0750 0872 DMusic - ok
15:08:58.0203 0872 DNE (65fa8bc40664aec99348f98f0b4c2f7c) C:\WINDOWS\system32\DRIVERS\dne2000.sys
15:08:58.0218 0872 DNE - ok
15:08:58.0437 0872 Dnscache (474b4dc3983173e4b4c9740b0dac98a6) C:\WINDOWS\System32\dnsrslvr.dll
15:08:58.0437 0872 Dnscache - ok
15:08:58.0750 0872 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
15:08:58.0750 0872 Dot3svc - ok
15:08:58.0968 0872 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
15:08:58.0968 0872 dpti2o - ok
15:08:59.0406 0872 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
15:08:59.0406 0872 drmkaud - ok
15:08:59.0515 0872 DSBrokerService (fe80901578e7e3da70299a5aeb2b7fbd) C:\Program Files\DellSupport\brkrsvc.exe
15:08:59.0531 0872 DSBrokerService - ok
15:08:59.0859 0872 dsNcAdpt (b2c3f71b86e25c3df78339ddb40a7562) C:\WINDOWS\system32\DRIVERS\dsNcAdpt.sys
15:08:59.0859 0872 dsNcAdpt - ok
15:09:00.0046 0872 dsNcService (bc4851b8cd478b93fcaedb95052a824d) C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
15:09:00.0078 0872 dsNcService - ok
15:09:00.0234 0872 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
15:09:00.0234 0872 DSproct - ok
15:09:00.0515 0872 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
15:09:00.0515 0872 dsunidrv - ok
15:09:00.0890 0872 E100B (7d91dc6342248369f94d6eba0cf42e99) C:\WINDOWS\system32\DRIVERS\e100b325.sys
15:09:00.0890 0872 E100B - ok
15:09:01.0296 0872 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
15:09:01.0296 0872 EapHost - ok
15:09:01.0421 0872 eeCtrl (47ce4e650d91dc095a2fddb15631a78a) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
15:09:01.0453 0872 eeCtrl - ok
15:09:01.0875 0872 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
15:09:01.0875 0872 ERSvc - ok
15:09:02.0078 0872 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
15:09:02.0093 0872 Eventlog - ok
15:09:02.0296 0872 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
15:09:02.0312 0872 EventSystem - ok
15:09:02.0984 0872 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
15:09:03.0000 0872 Fastfat - ok
15:09:03.0375 0872 FastUserSwitchingCompatibility (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll
15:09:03.0390 0872 FastUserSwitchingCompatibility - ok
15:09:03.0750 0872 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
15:09:03.0937 0872 Fax - ok
15:09:04.0281 0872 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
15:09:04.0296 0872 Fdc - ok
15:09:04.0796 0872 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
15:09:04.0796 0872 Fips - ok
15:09:05.0171 0872 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
15:09:05.0171 0872 Flpydisk - ok
15:09:05.0484 0872 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
15:09:05.0500 0872 FltMgr - ok
15:09:06.0265 0872 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:09:06.0281 0872 Fs_Rec - ok
15:09:06.0656 0872 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:09:06.0671 0872 Ftdisk - ok
15:09:07.0062 0872 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
15:09:07.0078 0872 GEARAspiWDM - ok
15:09:07.0515 0872 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:09:07.0515 0872 Gpc - ok
15:09:08.0265 0872 gupdate1c98270a3cc98d4 (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
15:09:08.0296 0872 gupdate1c98270a3cc98d4 - ok
15:09:08.0312 0872 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
15:09:08.0312 0872 gupdatem - ok
15:09:09.0078 0872 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
15:09:09.0078 0872 helpsvc - ok
15:09:09.0406 0872 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
15:09:09.0406 0872 HidServ - ok
15:09:09.0781 0872 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:09:09.0781 0872 HidUsb - ok
15:09:10.0031 0872 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
15:09:10.0031 0872 hkmsvc - ok
15:09:10.0515 0872 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
15:09:10.0531 0872 hpn - ok
15:09:10.0890 0872 HPZid412 (5faba4775d4c61e55ec669d643ffc71f) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
15:09:10.0890 0872 HPZid412 - ok
15:09:11.0156 0872 HPZipr12 (a3c43980ee1f1beac778b44ea65dbdd4) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
15:09:11.0171 0872 HPZipr12 - ok
15:09:11.0484 0872 HPZius12 (2906949bd4e206f2bb0dd1896ce9f66f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
15:09:11.0484 0872 HPZius12 - ok
15:09:11.0750 0872 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
15:09:11.0750 0872 HSFHWBS2 - ok
15:09:12.0156 0872 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
15:09:12.0234 0872 HSF_DP - ok
15:09:12.0593 0872 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
15:09:12.0656 0872 HTTP - ok
15:09:12.0953 0872 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
15:09:12.0968 0872 HTTPFilter - ok
15:09:13.0187 0872 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
15:09:13.0187 0872 i2omgmt - ok
15:09:13.0375 0872 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
15:09:13.0375 0872 i2omp - ok
15:09:13.0640 0872 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:09:13.0656 0872 i8042prt - ok
15:09:13.0953 0872 ialm (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
15:09:14.0546 0872 ialm - ok
15:09:14.0734 0872 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
15:09:14.0750 0872 IDriverT - ok
15:09:15.0125 0872 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
15:09:15.0125 0872 Imapi - ok
15:09:15.0328 0872 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
15:09:15.0328 0872 ImapiService - ok
15:09:15.0531 0872 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
15:09:15.0531 0872 ini910u - ok
15:09:16.0218 0872 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
15:09:16.0218 0872 IntelIde - ok
15:09:16.0500 0872 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
15:09:16.0500 0872 intelppm - ok
15:09:16.0828 0872 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
15:09:16.0828 0872 Ip6Fw - ok
15:09:17.0062 0872 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:09:17.0062 0872 IpFilterDriver - ok
15:09:17.0437 0872 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:09:17.0453 0872 IpInIp - ok
15:09:18.0046 0872 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:09:18.0046 0872 IpNat - ok
15:09:18.0171 0872 iPod Service (ce004777b92dea56fe14ec900d20baa4) C:\Program Files\iPod\bin\iPodService.exe
15:09:18.0234 0872 iPod Service - ok
15:09:18.0500 0872 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:09:18.0500 0872 IPSec - ok
15:09:18.0796 0872 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
15:09:18.0812 0872 IRENUM - ok
15:09:19.0390 0872 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:09:19.0406 0872 isapnp - ok
15:09:19.0609 0872 JavaQuickStarterService (5e06a9d23727daf96faa796f1135fdcd) C:\Program Files\Java\jre6\bin\jqs.exe
15:09:19.0609 0872 JavaQuickStarterService - ok
15:09:20.0046 0872 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:09:20.0046 0872 Kbdclass - ok
15:09:20.0312 0872 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
15:09:20.0312 0872 kbdhid - ok
15:09:20.0656 0872 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
15:09:20.0671 0872 kmixer - ok
15:09:20.0906 0872 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
15:09:20.0921 0872 KSecDD - ok
15:09:21.0140 0872 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
15:09:21.0140 0872 lanmanserver - ok
15:09:21.0328 0872 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
15:09:21.0328 0872 lanmanworkstation - ok
15:09:21.0500 0872 lbrtfdc - ok
15:09:21.0703 0872 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
15:09:21.0703 0872 LmHosts - ok
15:09:22.0218 0872 lxeaCATSCustConnectService (2349335a8033fd9834d1c401eae1c9bf) C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxease rv.exe
15:09:22.0343 0872 lxeaCATSCustConnectService - ok
15:09:22.0515 0872 lxea_device - ok
15:09:22.0734 0872 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
15:09:22.0734 0872 mdmxsdk - ok
15:09:23.0015 0872 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
15:09:23.0015 0872 Messenger - ok
15:09:23.0125 0872 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
15:09:23.0140 0872 Microsoft Office Groove Audit Service - ok
15:09:23.0437 0872 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
15:09:23.0453 0872 mnmdd - ok
15:09:23.0625 0872 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
15:09:23.0625 0872 mnmsrvc - ok
15:09:23.0921 0872 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
15:09:23.0937 0872 Modem - ok
15:09:24.0156 0872 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
15:09:24.0156 0872 MODEMCSA - ok
15:09:24.0421 0872 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:09:24.0421 0872 Mouclass - ok
15:09:24.0656 0872 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:09:24.0656 0872 mouhid - ok
15:09:25.0312 0872 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
15:09:25.0328 0872 MountMgr - ok
15:09:25.0578 0872 MpFilter (c98301ad8173a2235a9ab828955c32bb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
15:09:25.0578 0872 MpFilter - ok
15:09:25.0843 0872 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
15:09:25.0843 0872 mraid35x - ok
15:09:26.0062 0872 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:09:26.0140 0872 MRxDAV - ok
15:09:26.0625 0872 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:09:26.0640 0872 MRxSmb - ok
15:09:26.0953 0872 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
15:09:26.0968 0872 MSDTC - ok
15:09:27.0171 0872 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
15:09:27.0187 0872 Msfs - ok
15:09:27.0375 0872 MSIServer - ok
15:09:27.0515 0872 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:09:27.0515 0872 MSKSSRV - ok
15:09:27.0640 0872 MsMpSvc (578c809bf745608646ea338a9ac48158) c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
15:09:27.0640 0872 MsMpSvc - ok
15:09:27.0875 0872 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:09:27.0890 0872 MSPCLOCK - ok
15:09:28.0421 0872 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
15:09:28.0421 0872 MSPQM - ok
15:09:28.0828 0872 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:09:28.0859 0872 mssmbios - ok
15:09:29.0062 0872 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
15:09:29.0078 0872 Mup - ok
15:09:29.0296 0872 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
15:09:29.0328 0872 napagent - ok
15:09:29.0640 0872 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
15:09:29.0687 0872 NDIS - ok
15:09:29.0921 0872 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:09:29.0921 0872 NdisTapi - ok
15:09:30.0109 0872 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:09:30.0125 0872 Ndisuio - ok
15:09:30.0359 0872 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:09:30.0359 0872 NdisWan - ok
15:09:31.0062 0872 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
15:09:31.0078 0872 NDProxy - ok
15:09:31.0281 0872 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
15:09:31.0312 0872 NetBIOS - ok
15:09:31.0578 0872 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
15:09:31.0578 0872 NetBT - ok
15:09:31.0906 0872 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
15:09:31.0953 0872 NetDDE - ok
15:09:31.0984 0872 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
15:09:31.0984 0872 NetDDEdsdm - ok
15:09:32.0140 0872 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:09:32.0140 0872 Netlogon - ok
15:09:32.0453 0872 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
15:09:32.0531 0872 Netman - ok
15:09:32.0671 0872 NetSvc (02d0798f376fcbd0210eda58476d0b1b) C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
15:09:32.0859 0872 NetSvc - ok
15:09:33.0140 0872 Nla (832e4dd8964ab7acc880b2837cb1ed20) C:\WINDOWS\System32\mswsock.dll
15:09:33.0187 0872 Nla - ok
15:09:33.0546 0872 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
15:09:33.0562 0872 Npfs - ok
15:09:33.0812 0872 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
15:09:33.0859 0872 Ntfs - ok
15:09:34.0171 0872 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:09:34.0171 0872 NtLmSsp - ok
15:09:34.0546 0872 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
15:09:34.0718 0872 NtmsSvc - ok
15:09:34.0921 0872 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
15:09:34.0937 0872 Null - ok
15:09:35.0359 0872 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
15:09:35.0406 0872 nv - ok
15:09:35.0734 0872 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:09:35.0734 0872 NwlnkFlt - ok
15:09:35.0984 0872 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:09:35.0984 0872 NwlnkFwd - ok
15:09:36.0093 0872 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:09:36.0109 0872 odserv - ok
15:09:36.0328 0872 omvnyhiw - ok
15:09:36.0406 0872 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:09:36.0421 0872 ose - ok
15:09:36.0687 0872 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
15:09:36.0687 0872 Parport - ok
15:09:36.0921 0872 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
15:09:36.0921 0872 PartMgr - ok
15:09:37.0109 0872 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
15:09:37.0125 0872 ParVdm - ok
15:09:37.0296 0872 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
15:09:37.0296 0872 PCI - ok
15:09:37.0546 0872 PCIDump - ok
15:09:38.0015 0872 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
15:09:38.0031 0872 PCIIde - ok
15:09:38.0359 0872 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
15:09:38.0375 0872 Pcmcia - ok
15:09:38.0640 0872 PDCOMP - ok
15:09:38.0984 0872 PDFRAME - ok
15:09:39.0218 0872 PDRELI - ok
15:09:39.0468 0872 PDRFRAME - ok
15:09:39.0812 0872 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
15:09:39.0828 0872 perc2 - ok
15:09:40.0109 0872 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
15:09:40.0125 0872 perc2hib - ok
15:09:40.0312 0872 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
15:09:40.0312 0872 PlugPlay - ok
15:09:40.0781 0872 Pml Driver HPZ12 (2d091a99624fb9e7eef0a86d872ec0c3) C:\WINDOWS\system32\HPZipm12.exe
15:09:40.0859 0872 Pml Driver HPZ12 - ok
15:09:41.0281 0872 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:09:41.0281 0872 PolicyAgent - ok
15:09:41.0687 0872 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:09:41.0687 0872 PptpMiniport - ok
15:09:41.0859 0872 PRISMSVC (ba5a990a99dd7a157127725c38d399ac) C:\WINDOWS\system32\PRISMSVC.EXE
15:09:41.0859 0872 PRISMSVC - ok
15:09:42.0031 0872 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:09:42.0031 0872 ProtectedStorage - ok
15:09:42.0359 0872 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
15:09:42.0375 0872 PSched - ok
15:09:42.0750 0872 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:09:42.0750 0872 Ptilink - ok
15:09:43.0109 0872 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
15:09:43.0109 0872 PxHelp20 - ok
15:09:43.0421 0872 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
15:09:43.0421 0872 ql1080 - ok
15:09:43.0765 0872 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
15:09:43.0765 0872 Ql10wnt - ok
15:09:43.0968 0872 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
15:09:43.0968 0872 ql12160 - ok
15:09:44.0296 0872 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
15:09:44.0312 0872 ql1240 - ok
15:09:44.0578 0872 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
15:09:44.0578 0872 ql1280 - ok
15:09:44.0859 0872 RapportCerberus_34302 (6b6f0a77365667912360ff1d5e984f25) C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\3 4302\RapportCerberus32_34302.sys
15:09:44.0906 0872 RapportCerberus_34302 - ok
15:09:45.0093 0872 RapportEI (43b9aa1423bf54367c5a3de1559780e8) C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
15:09:45.0109 0872 RapportEI - ok
15:09:45.0281 0872 RapportIaso (dd3e4610de9252a957c5bd19bdf47ac4) c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\28896\r apportiaso.sys
15:09:45.0281 0872 RapportIaso - ok
15:09:45.0640 0872 RapportKELL (118600ab8f15fe27f2c865f3fb4efa58) C:\WINDOWS\system32\Drivers\RapportKELL.sys
15:09:45.0656 0872 RapportKELL - ok
15:09:45.0796 0872 RapportMgmtService (d9ef54568fafcb4be4637068e768409a) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
15:09:45.0875 0872 RapportMgmtService - ok
15:09:46.0000 0872 RapportPG (4af05a67b643a5190dfcbb793273e0bc) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
15:09:46.0000 0872 RapportPG - ok
15:09:46.0250 0872 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:09:46.0250 0872 RasAcd - ok
15:09:46.0421 0872 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
15:09:46.0437 0872 RasAuto - ok
15:09:46.0609 0872 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:09:46.0609 0872 Rasl2tp - ok
15:09:46.0796 0872 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
15:09:46.0796 0872 RasMan - ok
15:09:47.0000 0872 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:09:47.0000 0872 RasPppoe - ok
15:09:47.0156 0872 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
15:09:47.0171 0872 Raspti - ok
15:09:47.0359 0872 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:09:47.0359 0872 Rdbss - ok
15:09:47.0734 0872 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:09:47.0750 0872 RDPCDD - ok
15:09:48.0000 0872 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
15:09:48.0062 0872 rdpdr - ok
15:09:48.0250 0872 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
15:09:48.0265 0872 RDPWD - ok
15:09:48.0515 0872 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
15:09:48.0515 0872 RDSessMgr - ok
15:09:48.0703 0872 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
15:09:48.0703 0872 redbook - ok
15:09:48.0953 0872 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
15:09:48.0968 0872 RemoteAccess - ok
15:09:49.0140 0872 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
15:09:49.0140 0872 RpcLocator - ok
15:09:49.0437 0872 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
15:09:49.0437 0872 RpcSs - ok
15:09:49.0609 0872 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
15:09:49.0625 0872 RSVP - ok
15:09:49.0781 0872 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:09:49.0781 0872 SamSs - ok
15:09:49.0968 0872 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
15:09:49.0984 0872 SCardSvr - ok
15:09:50.0218 0872 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
15:09:50.0265 0872 Schedule - ok
15:09:50.0468 0872 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:09:50.0468 0872 Secdrv - ok
15:09:50.0640 0872 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
15:09:50.0656 0872 seclogon - ok
15:09:51.0015 0872 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
15:09:51.0046 0872 senfilt - ok
15:09:51.0250 0872 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
15:09:51.0250 0872 SENS - ok
15:09:51.0437 0872 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
15:09:51.0468 0872 serenum - ok
15:09:51.0796 0872 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
15:09:51.0812 0872 Serial - ok
15:09:52.0031 0872 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
15:09:52.0031 0872 Sfloppy - ok
15:09:52.0265 0872 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
15:09:52.0281 0872 SharedAccess - ok
15:09:52.0468 0872 ShellHWDetection (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll
15:09:52.0468 0872 ShellHWDetection - ok
15:09:52.0671 0872 Simbad - ok
15:09:53.0140 0872 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
15:09:53.0156 0872 sisagp - ok
15:09:53.0359 0872 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys
15:09:53.0390 0872 smwdm - ok
15:09:53.0718 0872 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
15:09:53.0718 0872 Sparrow - ok
15:09:53.0921 0872 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
15:09:53.0937 0872 splitter - ok
15:09:54.0093 0872 Spooler (d8e14a61acc1d4a6cd0d38aebac7fa3b) C:\WINDOWS\system32\spoolsv.exe
15:09:54.0093 0872 Spooler - ok
15:09:54.0218 0872 sprtsvc_dellsupportcenter - ok
15:09:54.0562 0872 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
15:09:54.0578 0872 sr - ok
15:09:54.0750 0872 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
15:09:54.0750 0872 srservice - ok
15:09:54.0953 0872 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
15:09:54.0968 0872 Srv - ok
15:09:55.0203 0872 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
15:09:55.0218 0872 SSDPSRV - ok
15:09:55.0437 0872 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
15:09:55.0468 0872 stisvc - ok
15:09:55.0781 0872 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
15:09:55.0796 0872 swenum - ok
15:09:56.0125 0872 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
15:09:56.0125 0872 swmidi - ok
15:09:56.0265 0872 SwPrv - ok
15:09:56.0500 0872 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
15:09:56.0500 0872 symc810 - ok
15:09:56.0687 0872 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
15:09:56.0687 0872 symc8xx - ok
15:09:56.0953 0872 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
15:09:56.0953 0872 sym_hi - ok
15:09:57.0265 0872 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
15:09:57.0281 0872 sym_u3 - ok
15:09:57.0484 0872 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
15:09:57.0484 0872 sysaudio - ok
15:09:57.0828 0872 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
15:09:57.0828 0872 SysmonLog - ok
15:09:58.0015 0872 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
15:09:58.0140 0872 TapiSrv - ok
15:09:58.0484 0872 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:09:58.0656 0872 Tcpip - ok
15:09:58.0953 0872 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
15:09:58.0968 0872 TDPIPE - ok
15:09:59.0156 0872 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
15:09:59.0156 0872 TDTCP - ok
15:09:59.0359 0872 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
15:09:59.0375 0872 TermDD - ok
15:09:59.0562 0872 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
15:09:59.0593 0872 TermService - ok
15:09:59.0953 0872 Themes (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll
15:09:59.0953 0872 Themes - ok
15:10:00.0234 0872 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
15:10:00.0234 0872 TosIde - ok
15:10:00.0406 0872 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
15:10:00.0406 0872 TrkWks - ok
15:10:00.0640 0872 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
15:10:00.0640 0872 Udfs - ok
15:10:00.0875 0872 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
15:10:00.0875 0872 ultra - ok
15:10:01.0093 0872 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
15:10:01.0109 0872 Update - ok
15:10:01.0453 0872 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
15:10:01.0468 0872 upnphost - ok
15:10:01.0718 0872 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
15:10:01.0718 0872 UPS - ok
15:10:01.0921 0872 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
15:10:01.0921 0872 USBAAPL - ok
15:10:02.0250 0872 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:10:02.0265 0872 usbccgp - ok
15:10:02.0500 0872 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:10:02.0531 0872 usbehci - ok
15:10:02.0859 0872 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:10:02.0859 0872 usbhub - ok
15:10:03.0109 0872 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
15:10:03.0125 0872 usbprint - ok
15:10:03.0312 0872 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
15:10:03.0328 0872 usbscan - ok
15:10:03.0656 0872 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:10:03.0656 0872 USBSTOR - ok
15:10:03.0921 0872 usbuhci (26496f9dee2d787fc3e61ad54821ffe6)

garyz · #18 March 26th, 2012, 08:11 PM

C:\WINDOWS\system32\DRIVERS\usbuhci.sys
15:10:03.0921 0872 usbuhci - ok
15:10:04.0171 0872 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
15:10:04.0187 0872 usb_rndisx - ok
15:10:04.0515 0872 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
15:10:04.0531 0872 VgaSave - ok
15:10:04.0828 0872 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
15:10:04.0843 0872 viaagp - ok
15:10:05.0109 0872 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
15:10:05.0109 0872 ViaIde - ok
15:10:05.0343 0872 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
15:10:05.0359 0872 VolSnap - ok
15:10:05.0609 0872 vsdatant (8d25c4dafc1c1e9d9884d89b1b0fa3ac) C:\WINDOWS\system32\vsdatant.sys
15:10:05.0625 0872 vsdatant - ok
15:10:05.0796 0872 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
15:10:05.0921 0872 VSS - ok
15:10:06.0062 0872 vToolbarUpdater10.2.0 (3080f1f093869a19fb3d1f0226c73809) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
15:10:06.0093 0872 vToolbarUpdater10.2.0 - ok
15:10:06.0265 0872 w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
15:10:06.0265 0872 w32time - ok
15:10:06.0562 0872 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:10:06.0562 0872 Wanarp - ok
15:10:06.0734 0872 wanatw - ok
15:10:06.0921 0872 wceusbsh (46a247f6617526afe38b6f12f5512120) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
15:10:06.0921 0872 wceusbsh - ok
15:10:07.0140 0872 WDICA - ok
15:10:07.0375 0872 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
15:10:07.0375 0872 wdmaud - ok
15:10:07.0468 0872 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
15:10:07.0500 0872 WebClient - ok
15:10:07.0625 0872 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
15:10:07.0671 0872 winachsf - ok
15:10:08.0015 0872 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
15:10:08.0031 0872 winmgmt - ok
15:10:08.0218 0872 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
15:10:08.0218 0872 WmdmPmSN - ok
15:10:08.0484 0872 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
15:10:08.0484 0872 WmiApSrv - ok
15:10:08.0609 0872 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
15:10:08.0640 0872 WMPNetworkSvc - ok
15:10:08.0859 0872 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
15:10:08.0859 0872 WpdUsb - ok
15:10:09.0062 0872 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
15:10:09.0078 0872 wscsvc - ok
15:10:09.0281 0872 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
15:10:09.0296 0872 wuauserv - ok
15:10:09.0562 0872 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
15:10:09.0562 0872 WudfPf - ok
15:10:09.0781 0872 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
15:10:09.0781 0872 WudfRd - ok
15:10:09.0984 0872 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
15:10:10.0000 0872 WudfSvc - ok
15:10:10.0187 0872 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
15:10:10.0250 0872 WZCSVC - ok
15:10:10.0546 0872 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
15:10:10.0562 0872 xmlprov - ok
15:10:10.0593 0872 MBR (0x1B8) (b16a2359f4962b0c622d81a1c1f4b703) \Device\Harddisk0\DR0
15:10:10.0750 0872 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
15:10:10.0750 0872 \Device\Harddisk0\DR0 - detected TDSS File System (1)
15:10:10.0781 0872 Boot (0x1200) (190c43d8f306bea3dda385896882cf67) \Device\Harddisk0\DR0\Partition0
15:10:10.0796 0872 \Device\Harddisk0\DR0\Partition0 - ok
15:10:10.0796 0872 ================================================== ==========
15:10:10.0796 0872 Scan finished
15:10:10.0796 0872 ================================================== ==========
15:10:10.0828 2032 Detected object count: 1
15:10:10.0828 2032 Actual detected object count: 1
15:10:25.0500 2032 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
15:10:25.0562 2032 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
15:10:25.0593 2032 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
15:10:25.0625 2032 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
15:10:25.0640 2032 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
15:10:25.0734 2032 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
15:10:26.0171 2032 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
15:10:26.0187 2032 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
15:10:26.0218 2032 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
15:10:26.0234 2032 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
15:10:26.0296 2032 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
15:10:26.0546 2032 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
15:10:26.0546 2032 \Device\Harddisk0\DR0\TDLFS - deleted
15:10:26.0546 2032 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete

Aaflac · #19 March 26th, 2012, 08:30 PM

Please do the following:

Download an updated version of ComboFix

Save ComboFix.exe to the Desktop!!

Make sure you temporarily disable your AntiVirus, Firewall, and any other AntiSpyware applications. They may interfere with the running of CF.

Note: For information on how to disable protective programs, refer to this link

Since you have AVG AntiVirus installed, stop, the situation is different.

ComboFix may not run properly until AVG is uninstalled, as a protective measure against the AntiVirus.

This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat, and may remove these files. This results in the tool not working correctly, and, in turn, can cause damaging or "unpredictable results".

AVG can be reinstalled later, though, after malware removal is done.

For now, please uninstall AVG via Add/Remove Programs (XP) in your Control Panel. When done, reboot.

Then, run ComboFix by double-clicking on the program.

If ComboFix still detects AVG after uninstalling and rebooting, try removing its remnants with AVG Remover

Run it to remove all leftovers from AVG.
After this, please restart your computer.

Run ComboFix again.

If ComboFix still detects AVG, stop and post back before pressing on.

If not...press on with the instructions.

For XP only, when given the option, DO install the Recovery Console .
This program allows for repair options that are not available in certain problem situations.

Click on Yes, to continue scanning for malware.

When finished, CF produces a report.

Please provide a copy of the C:\ComboFix.txt in your reply.

Notes:

1. Do not mouse-click the ComboFix window while it is running.
This action may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making IE the default browser.
3. CF disconnects your machine from the internet. However, the connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

garyz · #20 March 26th, 2012, 10:44 PM

Stupid question? I uninstalled AVG and that is fine,but how do you disable MS Security Essentials Virus in XP?!?

garyz · #21 March 27th, 2012, 01:27 AM

Well. i tried to X out of the Combo Fix window, but it ran with Microsoft Essential Antivirus still running (i think). Here is the logfile it produced...

ComboFix 12-03-26.02 - Andrew 03/26/2012 20:10:01.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1278.682 [GMT -4:00]
Running from: c:\documents and settings\Andrew\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\SPL5A5.tmp
c:\documents and settings\All Users\SPLC63.tmp
c:\documents and settings\Andrew\g2mdlhlpx.exe
c:\documents and settings\Andrew\My Documents\~outlook.ost.tmp
c:\documents and settings\Andrew\My Documents\~WRL0003.tmp
c:\windows\SET20FD.tmp
c:\windows\SET2100.tmp
c:\windows\system32\_000005_.tmp.dll
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\Cache
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\5a0b7fcc7d3f74ba.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\e0de16f883bea794.fb
c:\windows\system32\SET1B95.tmp
c:\windows\system32\SET1B96.tmp
c:\windows\system32\SET1B9A.tmp
c:\windows\system32\SET1B9B.tmp
c:\windows\system32\SET1BB5.tmp
c:\windows\system32\SET1BB6.tmp
c:\windows\system32\SET1C07.tmp
c:\windows\system32\SET1C08.tmp
c:\windows\system32\SET2083.tmp
c:\windows\system32\SET2085.tmp
c:\windows\system32\SET208C.tmp
c:\windows\system32\SET208D.tmp
c:\windows\system32\SET208E.tmp
c:\windows\system32\SET208F.tmp
c:\windows\system32\SET2090.tmp
c:\windows\system32\SET2093.tmp
c:\windows\system32\SET2094.tmp
c:\windows\system32\SET2097.tmp
c:\windows\system32\SET2098.tmp
c:\windows\system32\SET2099.tmp
c:\windows\system32\SET209C.tmp
c:\windows\system32\SET209E.tmp
c:\windows\system32\SET20C8.tmp
c:\windows\system32\SET20CB.tmp
c:\windows\system32\SET20CC.tmp
c:\windows\system32\SET20CE.tmp
c:\windows\system32\SET20D1.tmp
c:\windows\system32\SET20D2.tmp
c:\windows\system32\SET20D5.tmp
c:\windows\system32\SET20D6.tmp
c:\windows\system32\SET20D7.tmp
c:\windows\system32\SET20D8.tmp
c:\windows\system32\SET20D9.tmp
c:\windows\system32\SET20DA.tmp
c:\windows\system32\SET20F3.tmp
c:\windows\system32\SET20F6.tmp
c:\windows\system32\SET2102.tmp
c:\windows\system32\SET2105.tmp
c:\windows\system32\SET776.tmp
c:\windows\system32\SET779.tmp
c:\windows\system32\SET781.tmp
c:\windows\system32\SET786.tmp
c:\windows\system32\SET788.tmp
c:\windows\system32\SET78B.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-02-27 to 2012-03-27 )))))))))))))))))))))))))))))))
.
.
2012-03-26 16:36 . 2011-02-09 13:53 270848 ------w- c:\windows\system32\dllcache\sbe.dll
2012-03-26 16:35 . 2011-02-11 13:25 229888 ------w- c:\windows\system32\dllcache\fxscover.exe
2012-03-26 16:35 . 2010-08-27 05:57 99840 ------w- c:\windows\system32\dllcache\srvsvc.dll
2012-03-26 16:34 . 2010-11-18 18:12 81920 ------w- c:\windows\system32\dllcache\isign32.dll
2012-03-26 16:34 . 2011-02-02 07:58 2067456 ------w- c:\windows\system32\dllcache\lhmstscx.dll
2012-03-26 16:34 . 2011-01-27 11:57 677888 ------w- c:\windows\system32\dllcache\lhmstsc.exe
2012-03-26 16:33 . 2010-02-12 04:33 100864 ------w- c:\windows\system32\dllcache\6to4svc.dll
2012-03-26 16:33 . 2011-11-25 21:57 293376 ------w- c:\windows\system32\dllcache\winsrv.dll
2012-03-26 16:33 . 2010-12-20 17:32 551936 ------w- c:\windows\system32\dllcache\oleaut32.dll
2012-03-26 16:33 . 2010-08-17 13:17 58880 ------w- c:\windows\system32\dllcache\spoolsv.exe
2012-03-26 16:33 . 2011-01-21 14:44 439296 ------w- c:\windows\system32\dllcache\shimgvw.dll
2012-03-26 16:32 . 2011-11-01 16:07 1288704 ------w- c:\windows\system32\dllcache\ole32.dll
2012-03-26 16:32 . 2009-11-27 17:11 17920 ------w- c:\windows\system32\dllcache\msyuv.dll
2012-03-26 16:31 . 2009-12-24 06:59 177664 ------w- c:\windows\system32\dllcache\wintrust.dll
2012-03-26 16:31 . 2012-01-09 16:20 139784 ------w- c:\windows\system32\dllcache\rdpwd.sys
2012-03-26 16:31 . 2010-04-16 15:36 406016 ------w- c:\windows\system32\dllcache\usp10.dll
2012-03-26 16:31 . 2011-02-15 12:56 290432 ------w- c:\windows\system32\dllcache\atmfd.dll
2012-03-26 16:30 . 2010-11-09 14:52 249856 ------w- c:\windows\system32\dllcache\odbc32.dll
2012-03-26 16:30 . 2010-11-09 14:52 200704 ------w- c:\windows\system32\dllcache\msadox.dll
2012-03-26 16:30 . 2010-11-09 14:52 180224 ------w- c:\windows\system32\dllcache\msadomd.dll
2012-03-26 16:30 . 2010-11-09 14:52 102400 ------w- c:\windows\system32\dllcache\msjro.dll
2012-03-26 16:30 . 2010-11-09 14:52 536576 ------w- c:\windows\system32\dllcache\msado15.dll
2012-03-26 16:30 . 2010-11-09 14:52 143360 ------w- c:\windows\system32\dllcache\msadco.dll
2012-03-26 16:30 . 2009-07-27 23:17 135168 ------w- c:\windows\system32\dllcache\shsvcs.dll
2012-03-26 16:30 . 2011-02-08 13:33 978944 ------w- c:\windows\system32\dllcache\mfc42.dll
2012-03-26 16:30 . 2009-11-27 16:07 8704 ------w- c:\windows\system32\dllcache\tsbyuv.dll
2012-03-26 16:30 . 2009-11-27 16:07 28672 ------w- c:\windows\system32\dllcache\msvidc32.dll
2012-03-26 16:30 . 2009-11-27 16:07 48128 ------w- c:\windows\system32\dllcache\iyuv_32.dll
2012-03-26 16:30 . 2009-11-27 16:07 11264 ------w- c:\windows\system32\dllcache\msrle32.dll
2012-03-26 16:29 . 2010-01-13 14:01 86016 ------w- c:\windows\system32\dllcache\cabview.dll
2012-03-26 16:29 . 2010-03-05 14:37 65536 ------w- c:\windows\system32\dllcache\asycfilt.dll
2012-03-26 16:29 . 2009-12-16 18:43 343040 ------w- c:\windows\system32\dllcache\mspaint.exe
2012-03-26 16:29 . 2009-04-20 17:17 45568 ------w- c:\windows\system32\dllcache\dnsrslvr.dll
2012-03-26 16:28 . 2011-07-08 14:02 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys
2012-03-26 16:27 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-03-26 16:27 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\dllcache\iacenc.dll
2012-03-26 16:20 . 2012-03-26 16:20 187776 ----a-w- c:\windows\system32\drivers\tsk5.tmp
2012-03-26 16:20 . 2012-03-26 19:10 -------- dc----w- C:\TDSSKiller_Quarantine
2012-03-21 19:47 . 2012-03-21 19:47 -------- d-----w- c:\program files\iPod
2012-03-21 19:47 . 2012-03-21 19:49 -------- d-----w- c:\program files\iTunes
2012-03-21 19:16 . 2012-03-21 19:16 -------- d-----w- c:\documents and settings\Andrew\Application Data\AVG2012
2012-03-21 19:11 . 2012-03-21 19:11 -------- dc-h--w- c:\documents and settings\All Users\Application Data\Common Files
2012-03-21 19:05 . 2012-03-26 21:54 -------- dc----w- c:\documents and settings\All Users\Application Data\AVG2012
2012-03-21 19:02 . 2012-03-21 19:02 -------- d-----w- c:\program files\AVG
2012-03-21 14:43 . 2010-05-11 02:56 5488976 -c--a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{19A5F0B7-1E98-41D1-A29B-CDC03EF6F909}\mpengine.dll
2012-03-21 02:24 . 2012-03-21 19:21 -------- d-----w- c:\program files\Bonjour
2012-03-21 02:24 . 2012-03-21 02:24 -------- dc----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2012-03-21 02:24 . 2012-03-21 02:24 -------- d-----w- c:\program files\McAfee Security Scan
2012-03-19 20:00 . 2011-08-31 03:05 73064 ----a-w- c:\windows\system32\dnssd.dll
2012-03-19 19:56 . 2012-03-19 19:56 -------- d-----w- c:\program files\TeamViewer
2012-03-11 17:48 . 2012-03-11 17:48 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2012-03-05 21:03 . 2012-03-07 18:54 -------- d-----w- c:\documents and settings\Andrew\velocity
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2012-03-22 22:03 . 2011-05-27 11:36 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-23 14:18 . 2009-09-30 03:54 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-03 09:22 . 2004-08-10 17:51 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-09 16:20 . 2004-08-10 18:01 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2009-04-13 20:56 . 2007-05-01 18:59 27976 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2009-04-13 20:56 . 2007-05-01 18:59 126360 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
2009-04-13 20:56 . 2008-11-11 20:49 46408 ----a-w- c:\program files\mozilla firefox\plugins\atmccli.dll
2008-11-11 20:49 . 2008-11-11 20:49 98712 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
2012-03-13 04:39 . 2012-03-21 18:57 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-06 421736]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1 \DW\dwtrig20.exe" [2011-07-27 434080]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\aawservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Auto run of VideoCam Suite 1.0.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Auto run of VideoCam Suite 1.0.lnk
backup=c:\windows\pss\Auto run of VideoCam Suite 1.0.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Cisco Systems VPN Client.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Cisco Systems VPN Client.lnk
backup=c:\windows\pss\Cisco Systems VPN Client.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Wireless USB 2.0 WLAN Card Utility.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Wireless USB 2.0 WLAN Card Utility.lnk
backup=c:\windows\pss\Wireless USB 2.0 WLAN Card Utility.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-03-09 16:09 63712 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-24 09:15 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-10-06 05:52 59240 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-21 01:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationA gent]
2008-04-14 00:12 110592 ----a-w- c:\windows\system32\bthprops.cpl
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2007-03-15 16:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
2009-05-21 15:55 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2005-01-27 06:02 86016 ----a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2007-11-15 15:24 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2005-02-23 21:19 53248 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
2009-10-01 15:45 139944 ----a-w- c:\program files\Lexmark S300-S400 Series\ezprint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-07-30 02:18 136176 ----atw- c:\documents and settings\Andrew\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 22:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2006-11-13 19:39 1289000 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2005-01-12 20:54 241664 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-02-17 04:11 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-09-20 15:32 77824 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-09-20 15:36 114688 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-09-20 15:35 94208 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-07-27 21:50 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-07-27 21:50 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-06 23:05 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark S300-S400 Series Fax Server]
2009-10-01 15:45 316072 ----a-w- c:\program files\Lexmark S300-S400 Series\fm3032.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxeamon.exe]
2011-01-24 00:08 770728 ----a-w- c:\program files\Lexmark S300-S400 Series\lxeamon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 19:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2004-10-15 00:42 1404928 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2008-01-28 16:43 2097488 ------w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 19:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-07-22 17:34 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\lxeacoms.exe"=
"c:\\Program Files\\Abbyy FineReader 6.0 Sprint\\scan\\scanman6.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R0 RapportKELL;RapportKELL;c:\windows\system32\driver s\RapportKELL.sys [3/11/2012 1:48 PM 56208]
R1 RapportCerberus_34302;RapportCerberus_34302;c:\doc uments and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\3 4302\RapportCerberus32_34302.sys [12/15/2011 1:13 PM 228208]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [3/11/2012 1:48 PM 71440]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [3/11/2012 1:48 PM 164112]
R2 5762;5762;\??\c:\windows\TEMP\5762.sys --> c:\windows\TEMP\5762.sys [?]
R2 CVPNDRV;Cisco Systems IPsec Driver;c:\windows\system32\drivers\CVPNDrv.sys [10/13/2005 1:34 PM 263751]
R2 lxea_device;lxea_device;c:\windows\system32\lxeaco ms.exe -service --> c:\windows\system32\lxeacoms.exe -service [?]
R2 lxeaCATSCustConnectService;lxeaCATSCustConnectServ ice;c:\windows\system32\spool\drivers\w32x86\3\lxe aserv.exe [7/9/2010 1:34 PM 193192]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [3/11/2012 1:48 PM 931640]
S0 omvnyhiw;omvnyhiw;c:\windows\system32\drivers\nlml sjla.sys --> c:\windows\system32\drivers\nlmlsjla.sys [?]
S2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [7/20/2010 8:45 PM 266240]
S2 gupdate1c98270a3cc98d4;Google Update Service (gupdate1c98270a3cc98d4);c:\program files\Google\Update\GoogleUpdate.exe [1/29/2009 8:21 PM 133104]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/29/2009 8:21 PM 133104]
S3 RapportIaso;RapportIaso;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\28896\R apportIaso.sys [8/14/2011 12:25 AM 21520]
S4 PRISMSVC;PRISMSVC;c:\windows\system32\PRISMSVC.exe [10/7/2005 11:59 AM 57344]
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 21:57]
.
2012-03-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-01-30 08:17]
.
2012-03-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-01-30 08:17]
.
2012-03-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2969907211-96366872-4206296173-1006Core.job
- c:\documents and settings\Andrew\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-24 02:18]
.
2012-03-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2969907211-96366872-4206296173-1006UA.job
- c:\documents and settings\Andrew\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-24 02:18]
.
2012-03-25 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-26 02:40]
.
2012-03-26 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2969907211-96366872-4206296173-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 07:02]
.
2012-03-20 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2969907211-96366872-4206296173-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 07:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.foxnews.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
mSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = evault.stryker.com;SYKEV1;evault2.stryker.com;SYKE V2;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 74.128.17.114 74.128.19.102 192.168.1.1
DPF: {FDF527BA-DDDA-11D3-AA82-006094EB09CB} - hxxp://helpdesk.stryker.com/aspnet_client/Altiris_AppWeaver/6_0_sp3/lib/AeXClipboard.CAB
FF - ProfilePath - c:\documents and settings\Andrew\Application Data\Mozilla\Firefox\Profiles\anv3bz1v.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Ba6324991-61ee-4a72-bf9e-0773ecf78f1c%7D&mid=f9152d36a59847d09189d15a6662a5 a1-9125432692358c328da91022c1e9fe8f83a08953&ds=AVG&v= 10.0.0.7&lang=en&pr=fr&d=2012-03-21%2015%3A11%3A48&sap=ku&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKU-Default-Run-dplaysvr - c:\documents and settings\Andrew\Application Data\dplaysvr.exe
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
SafeBoot-50936832.sys
MSConfigStartUp-egui - c:\program files\ESET\ESET NOD32 Antivirus\egui.exe
MSConfigStartUp-Google Quick Search Box - c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe
MSConfigStartUp-MSSE - c:\program files\Microsoft Security Essentials\msseces.exe
MSConfigStartUp-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe
MSConfigStartUp-prunnet - c:\windows\system32\prunnet.exe
MSConfigStartUp-SUPERAntiSpyware - c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
MSConfigStartUp-Update - c:\documents and settings\Andrew\Application Data\acccore\acccore\zchvwceaw.dll
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb
AddRemove-Move Networks Player - IE - c:\documents and settings\Andrew\Application Data\Move Networks\ie_bin\Uninst.exe
.
.
.
************************************************** ************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-26 20:22
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
************************************************** ************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\A CPI]
"ImagePath"="system32\drivers\tsk5.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\ DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00 ,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00 ,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(952)
c:\windows\system32\PRISMAPI.dll
.
Completion time: 2012-03-26 20:26:19
ComboFix-quarantined-files.txt 2012-03-27 00:26
.
Pre-Run: 2,494,320,640 bytes free
Post-Run: 3,297,226,752 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Micro soft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - E7B050D30F9C405F1025F3FE45C046C9

Aaflac · #22 March 27th, 2012, 03:30 AM

To temporarily disable Microsoft Security Essentials (MSE):

Open MSE > click: Settings tab > select: Real Time Protection
Uncheck the box:
Turn on real-time protection (recommended)

However, running MSE and AVG at the same time is counter-productive. The AV programs counter each other as they use or scan process at the same time, and cause conflicts. The conflicts result in less protection, and eventually, an infection.

In your case, would recommend to keep MSE installed, and leave AVG out of the picture. It is your decision, though. We are not affiliated with either.

Let's press on and run the ESET Online Scanner:

Please disable MSE while performing the scan.
It precludes conflicts, and will speed up scan time.

You need to use Internet Explorer for this scan, since the scanner is implemented as an ActiveX control. However, compatibility with other browsers (Firefox, Opera, Netscape, etc.) was added if you agree to the installation of the ESET Smart Installer, an application which will install and launch ESET Online Scanner in a new browser window.

Download ESET Online Scanner

Press the ESET Online Scanner download button

In the prompt that appears, check 'Yes' to Accept Terms of Use, and click the 'Start' button
Allow the ActiveX to download, and click: 'Install'
Click Start
Make sure that the option Remove found threats is unticked.
Click Scan
Wait for the scan to finish
If any threats are found, click the 'List of found threats', then click Export to text file....
Save the file to your Desktop as: ESET Scan.

Please provide the contents of ESET Scan in your reply.

garyz · #23 March 27th, 2012, 11:59 AM

C:\TDSSKiller_Quarantine\26.03.2012_12.17.57\mbr00 00\tdlfs0000\tsk0001.dta Win32/Olmarik.AWO trojan
C:\TDSSKiller_Quarantine\26.03.2012_12.17.57\mbr00 00\tdlfs0000\tsk0002.dta Win64/Olmarik.AD trojan
C:\TDSSKiller_Quarantine\26.03.2012_12.17.57\mbr00 00\tdlfs0000\tsk0003.dta Win32/Olmarik.AYH trojan
C:\TDSSKiller_Quarantine\26.03.2012_12.17.57\mbr00 00\tdlfs0000\tsk0004.dta Win64/Olmarik.AG trojan
C:\TDSSKiller_Quarantine\26.03.2012_12.17.57\mbr00 00\tdlfs0000\tsk0005.dta a variant of Win32/Rootkit.Kryptik.KB trojan
C:\TDSSKiller_Quarantine\26.03.2012_12.17.57\mbr00 00\tdlfs0000\tsk0006.dta Win64/Olmarik.AF trojan
C:\TDSSKiller_Quarantine\26.03.2012_12.17.57\mbr00 00\tdlfs0000\tsk0010.dta Win32/Olmarik.AWO trojan
C:\TDSSKiller_Quarantine\26.03.2012_12.17.57\mbr00 00\tdlfs0000\tsk0011.dta Win64/Olmarik.X trojan
C:\TDSSKiller_Quarantine\26.03.2012_12.17.57\rtkt0 000\svc0000\tsk0000.dta Win32/Agent.SUC.Gen trojan
C:\TDSSKiller_Quarantine\26.03.2012_15.07.10\tdlfs 0000\tsk0001.dta Win32/Olmarik.AWO trojan
C:\TDSSKiller_Quarantine\26.03.2012_15.07.10\tdlfs 0000\tsk0002.dta Win64/Olmarik.AD trojan
C:\TDSSKiller_Quarantine\26.03.2012_15.07.10\tdlfs 0000\tsk0003.dta Win32/Olmarik.AYH trojan
C:\TDSSKiller_Quarantine\26.03.2012_15.07.10\tdlfs 0000\tsk0004.dta Win64/Olmarik.AG trojan
C:\TDSSKiller_Quarantine\26.03.2012_15.07.10\tdlfs 0000\tsk0005.dta a variant of Win32/Rootkit.Kryptik.KB trojan
C:\TDSSKiller_Quarantine\26.03.2012_15.07.10\tdlfs 0000\tsk0006.dta Win64/Olmarik.AF trojan
C:\TDSSKiller_Quarantine\26.03.2012_15.07.10\tdlfs 0000\tsk0010.dta Win32/Olmarik.AWO trojan
C:\TDSSKiller_Quarantine\26.03.2012_15.07.10\tdlfs 0000\tsk0011.dta Win64/Olmarik.X trojan

Aaflac · #24 March 28th, 2012, 03:15 AM

What ESET is showing is all contained in the TDSSKiller quarantine. We will get rid of those entries later.

Please open Microsoft Security Essentials. On the MSE console, under Scan Options, select: Full
Then, press: Scan Now

Please post back its results.

garyz · #25 March 28th, 2012, 02:39 PM

I wasn't sure which log you needed so here is the last part of the MSE log I found....

2012-03-27T03:27:27.359Z Successfully wrote instance of AntiVirusProduct with state(0) and up-to-date state(1)
--------------------------------------------------------------------------------
Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) Service Log
Started On ‎Mon ‎Mar ‎26 ‎2012 23:36:24
************************************************** ********************Cache stats************
No. Of buckets -> 53
Each Bucket has max capacity of -> 128 entries
number of Entries is 2993
Number of invalid entries is 0
Number of Inserts issued is 2993
Number of replaces issued is 0
Number of Insert failures is 0
Number of lookups is 14020
Number of misses is 13652
Number of false fast lookups is 246
Number of invalidations is 0
Number of maintenance invalidations is 0
Current File Size is 438272

2012-03-27T03:36:24.593Z Verifying RTP plugin...
2012-03-27T03:36:25.015Z verified!
2012-03-27T03:36:25.296Z Verifying Nis plugin...
2012-03-27T03:36:25.296Z Loading engine...
2012-03-27T03:36:49.781Z Verifying engine module...
2012-03-27T03:36:53.953Z verified!
2012-03-27T03:37:09.234Z loaded!
2012-03-27T03:37:09.968Z Verifying license file...
2012-03-27T03:37:09.984Z verified!
2012-03-27T03:37:09.984Z Product supports installmode: 1
2012-03-27T03:37:10.187Z Task(-GenuineCheck -RestrictPrivileges) launched
2012-03-27T03:37:10.187Z Auto purger task is scheduled to run in 600000(ms) from now with period 86400000(ms)
Product Version: 3.0.8402.0
Service Version: 3.0.8402.0
Engine Version: 1.1.8202.0
AS Signature Version: 1.123.430.0
AV Signature Version: 1.123.430.0
************************************************** **********
2012-03-27T03:37:11.765Z Error retrieving instance AntiSpywareProduct:0x80041002
2012-03-27T03:37:12.875Z Successfully wrote instance of AntiVirusProduct with state(0) and up-to-date state(1)
2012-03-27T03:37:15.625Z WAT report: machine genuine, state(1) error(0x0)
2012-03-27T03:42:13.234Z Task(SignatureUpdate -ScheduleJob -RestrictPrivileges) is scheduled to run in 86400000(ms) from now with period 86400000(ms)
2012-03-27T03:42:13.250Z Task(Scan -ScheduleJob -RestrictPrivileges -ScanType 2) is scheduled to run in 7617869(ms) from now with period 86400000(ms)
2012-03-27T03:47:10.218Z AutoPurgeWorker triggered with dwWork=0x3
2012-03-27T03:47:10.234Z Product supports installmode: 1
2012-03-27T03:47:10.468Z Task(-GenuineCheck -RestrictPrivileges) launched
2012-03-27T03:47:11.359Z Detection State: Finished(1) Failed(0) CriticalFailed(0) Additional Actions(0)
2012-03-27T03:47:14.125Z Successfully wrote instance of AntiVirusProduct with state(0) and up-to-date state(1)
2012-03-27T03:47:16.453Z WAT report: machine genuine, state(1) error(0x0)
2012-03-27T04:11:24.312Z Cache Resizing**********Cache stats************
No. Of buckets -> 53
Each Bucket has max capacity of -> 128 entries
number of Entries is 5535
Number of invalid entries is 0
Number of Inserts issued is 5535
Number of replaces issued is 0
Number of Insert failures is 22
Number of lookups is 56418
Number of misses is 53014
Number of false fast lookups is 3285
Number of invalidations is 0
Number of maintenance invalidations is 0
Current File Size is 438272

2012-03-27T05:23:59.984Z Cache Resizing**********Cache stats************
No. Of buckets -> 97
Each Bucket has max capacity of -> 128 entries
number of Entries is 10232
Number of invalid entries is 0
Number of Inserts issued is 10232
Number of replaces issued is 0
Number of Insert failures is 23
Number of lookups is 132411
Number of misses is 128975
Number of false fast lookups is 9087
Number of invalidations is 0
Number of maintenance invalidations is 0
Current File Size is 798720

2012-03-27T05:25:26.171Z Task(SpyNetService -RestrictPrivileges -AccessKey 60FC279A-3090-6534-3D4C-10680E93AFC1) launched
Begin Resource Scan
Scan ID:{9A90DD8A-7078-4FC7-86C5-3688D3C57A98}
Scan Source:7
Start Time:‎Tue ‎Mar ‎27 ‎2012 01:24:24
End Time:‎Tue ‎Mar ‎27 ‎2012 01:25:54
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Program Files\Adobe\Adobe Help Viewer\1.0\ahv.exe
Result Count:1
Unknown File
Identifier:9884271878409814014
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path:C:\Program Files\Adobe\Adobe Help Viewer\1.0\ahv.exe
Extended Info:5864262463416
End Scan
************************************************** **********

2012-03-27T06:42:19.187Z Cache Resizing**********Cache stats************
No. Of buckets -> 193
Each Bucket has max capacity of -> 128 entries
number of Entries is 20241
Number of invalid entries is 0
Number of Inserts issued is 20241
Number of replaces issued is 0
Number of Insert failures is 24
Number of lookups is 191729
Number of misses is 185383
Number of false fast lookups is 13536
Number of invalidations is 0
Number of maintenance invalidations is 0
Current File Size is 1585152

2012-03-27T11:01:14.203Z Successfully wrote instance of AntiVirusProduct with state(0) and up-to-date state(1)
2012-03-28T02:30:52.694Z Successfully wrote instance of AntiVirusProduct with state(0) and up-to-date state(1)
2012-03-28T03:36:38.866Z Task(SignatureUpdate -ScheduleJob -RestrictPrivileges) launched
2012-03-28T03:36:39.959Z Task(SignaturesUpdateService -ScheduleJob -UnmanagedUpdate) launched
2012-03-28T03:39:32.584Z Verifying engine module...
2012-03-28T03:39:33.459Z verified!
Signature updated on ‎Tue ‎Mar ‎27 ‎2012 23:40:35
Product Version: 3.0.8402.0
Service Version: 3.0.8402.0
Engine Version: 1.1.8202.0
AS Signature Version: 1.123.518.0
AV Signature Version: 1.123.518.0
************************************************** **********
2012-03-28T03:40:35.975Z Process scan started.
Signature updated via MicrosoftUpdateServer on ‎Tue ‎Mar ‎27 ‎2012 23:40:36
************************************************** **********
2012-03-28T03:40:38.678Z Successfully wrote instance of AntiVirusProduct with state(0) and up-to-date state(1)
2012-03-28T03:40:46.725Z Process scan completed.
2012-03-28T03:41:35.834Z AutoPurgeWorker triggered with dwWork=0x3
2012-03-28T03:41:35.834Z Product supports installmode: 1
2012-03-28T03:41:35.897Z Task(-GenuineCheck -RestrictPrivileges) launched
2012-03-28T03:41:36.522Z Detection State: Finished(0) Failed(0) CriticalFailed(0) Additional Actions(0)
2012-03-28T03:41:38.537Z WAT report: machine genuine, state(1) error(0x0)
2012-03-28T06:03:17.584Z Task(SpyNetService -RestrictPrivileges -AccessKey C7945519-E1C6-4625-8319-C905A82EDEF0) launched
2012-03-28T06:03:44.100Z DETECTIONEVENT TrojanDownloader:Win32/Tracur.AK file:C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP2632\A2035400.dll
2012-03-28T06:03:44.194Z DETECTION_ADD TrojanDownloader:Win32/Tracur.AK file:C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP2632\A2035400.dll
2012-03-28T06:03:44.209Z DETECTIONEVENT Trojan:Win32/Alureon.FK file:C:\TDSSKiller_Quarantine\26.03.2012_12.17.57\ mbr0000\tdlfs0000\tsk0001.dta;file:C:\TDSSKiller_Q uarantine\26.03.2012_15.07.10\tdlfs0000\tsk0001.dt a
2012-03-28T06:03:44.209Z DETECTION_ADD Trojan:Win32/Alureon.FK file:C:\TDSSKiller_Quarantine\26.03.2012_12.17.57\ mbr0000\tdlfs0000\tsk0001.dta
2012-03-28T06:03:44.209Z DETECTION_ADD Trojan:Win32/Alureon.FK file:C:\TDSSKiller_Quarantine\26.03.2012_15.07.10\ tdlfs0000\tsk0001.dta
2012-03-28T06:03:44.225Z DETECTIONEVENT Trojan:Win32/Orsam!rts file:C:\TDSSKiller_Quarantine\26.03.2012_12.17.57\ mbr0000\tdlfs0000\tsk0003.dta;file:C:\TDSSKiller_Q uarantine\26.03.2012_15.07.10\tdlfs0000\tsk0003.dt a
2012-03-28T06:03:44.241Z DETECTION_ADD Trojan:Win32/Orsam!rts file:C:\TDSSKiller_Quarantine\26.03.2012_12.17.57\ mbr0000\tdlfs0000\tsk0003.dta
2012-03-28T06:03:44.241Z DETECTION_ADD Trojan:Win32/Orsam!rts file:C:\TDSSKiller_Quarantine\26.03.2012_15.07.10\ tdlfs0000\tsk0003.dta
2012-03-28T06:03:44.256Z DETECTIONEVENT Trojan:Win64/Alureon.gen!J file:C:\TDSSKiller_Quarantine\26.03.2012_12.17.57\ mbr0000\tdlfs0000\tsk0006.dta;file:C:\TDSSKiller_Q uarantine\26.03.2012_15.07.10\tdlfs0000\tsk0006.dt a
2012-03-28T06:03:44.256Z DETECTION_ADD Trojan:Win64/Alureon.gen!J file:C:\TDSSKiller_Quarantine\26.03.2012_12.17.57\ mbr0000\tdlfs0000\tsk0006.dta
2012-03-28T06:03:44.256Z DETECTION_ADD Trojan:Win64/Alureon.gen!J file:C:\TDSSKiller_Quarantine\26.03.2012_15.07.10\ tdlfs0000\tsk0006.dta
2012-03-28T06:03:44.272Z DETECTIONEVENT Trojan:Win32/Alureon.gen!AD file:C:\TDSSKiller_Quarantine\26.03.2012_12.17.57\ mbr0000\tdlfs0000\tsk0010.dta;file:C:\TDSSKiller_Q uarantine\26.03.2012_15.07.10\tdlfs0000\tsk0010.dt a
2012-03-28T06:03:44.272Z DETECTION_ADD Trojan:Win32/Alureon.gen!AD file:C:\TDSSKiller_Quarantine\26.03.2012_12.17.57\ mbr0000\tdlfs0000\tsk0010.dta
2012-03-28T06:03:44.272Z DETECTION_ADD Trojan:Win32/Alureon.gen!AD file:C:\TDSSKiller_Quarantine\26.03.2012_15.07.10\ tdlfs0000\tsk0010.dta
2012-03-28T06:03:44.287Z DETECTIONEVENT Trojan:Win64/Alureon.gen!F file:C:\TDSSKiller_Quarantine\26.03.2012_12.17.57\ mbr0000\tdlfs0000\tsk0011.dta;file:C:\TDSSKiller_Q uarantine\26.03.2012_15.07.10\tdlfs0000\tsk0011.dt a
2012-03-28T06:03:44.287Z DETECTION_ADD Trojan:Win64/Alureon.gen!F file:C:\TDSSKiller_Quarantine\26.03.2012_12.17.57\ mbr0000\tdlfs0000\tsk0011.dta
2012-03-28T06:03:44.287Z DETECTION_ADD Trojan:Win64/Alureon.gen!F file:C:\TDSSKiller_Quarantine\26.03.2012_15.07.10\ tdlfs0000\tsk0011.dta
2012-03-28T06:03:44.412Z DETECTIONEVENT Trojan:WinNT/Simda.gen!A file:C:\TDSSKiller_Quarantine\26.03.2012_12.17.57\ rtkt0000\svc0000\tsk0000.dta
2012-03-28T06:03:44.412Z DETECTION_ADD Trojan:WinNT/Simda.gen!A file:C:\TDSSKiller_Quarantine\26.03.2012_12.17.57\ rtkt0000\svc0000\tsk0000.dta
Begin Full Scan
Scan ID:{6E6E7EDA-AC4B-48CF-A08A-EBE6F2351256}
Scan Source:2
Start Time:‎Tue ‎Mar ‎27 ‎2012 22:31:55
End Time:‎Wed ‎Mar ‎28 ‎2012 02:03:44
Result Count:12
Unknown File
Identifier:3944571316245364734
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path:C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP2632\A2126922.msi
Extended Info:5864262463416
Unknown File
Identifier:15133990531496935422
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path:C:\Program Files\Adobe\Reader 8.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A82000000003}\AdbeRdr820_en_US.msi
Extended Info:5864262463416
Unknown File
Identifier:9884271878409814014
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path:C:\Program Files\Adobe\Adobe Help Viewer\1.0\ahv.exe
Extended Info:5864262463416
Unknown File
Identifier:3944571316245364734
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path:C:\Documents and Settings\All Users\Application Data\Adobe\Reader\8.2\ARM\BIT34.tmp
Extended Info:5864262463416
Unknown File
Identifier:7289515455805390846
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path:c:\documents and settings\andrew\Desktop\ComboFix.exe
Extended Info:5864941282870
Threat Name:TrojanDownloader:Win32/Tracur.AK
ID:2147655248
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP2632\A2035400.dll
Extended Info:90676818048646
Threat Name:Trojan:Win32/Alureon.FK
ID:2147649330
Severity:5
Number of Resources:2
Resource Schema:file
Resource Path:C:\TDSSKiller_Quarantine\26.03.2012_15.07.10\ tdlfs0000\tsk0001.dta
Extended Info:75285507381978
Resource Schema:file
Resource Path:C:\TDSSKiller_Quarantine\26.03.2012_12.17.57\ mbr0000\tdlfs0000\tsk0001.dta
Extended Info:75285507381978
Threat Name:Trojan:Win32/Orsam!rts
ID:2147626071
Severity:4
Number of Resources:2
Resource Schema:file
Resource Path:C:\TDSSKiller_Quarantine\26.03.2012_15.07.10\ tdlfs0000\tsk0003.dta
Extended Info:24633831132434
Resource Schema:file
Resource Path:C:\TDSSKiller_Quarantine\26.03.2012_12.17.57\ mbr0000\tdlfs0000\tsk0003.dta
Extended Info:24633831132434
Threat Name:Trojan:Win64/Alureon.gen!J
ID:2147653522
Severity:5
Number of Resources:2
Resource Schema:file
Resource Path:C:\TDSSKiller_Quarantine\26.03.2012_15.07.10\ tdlfs0000\tsk0006.dta
Extended Info:132457575523722
Resource Schema:file
Resource Path:C:\TDSSKiller_Quarantine\26.03.2012_12.17.57\ mbr0000\tdlfs0000\tsk0006.dta
Extended Info:132457575523722
Threat Name:Trojan:Win32/Alureon.gen!AD
ID:2147647399
Severity:5
Number of Resources:2
Resource Schema:file
Resource Path:C:\TDSSKiller_Quarantine\26.03.2012_15.07.10\ tdlfs0000\tsk0010.dta
Extended Info:56592126998676
Resource Schema:file
Resource Path:C:\TDSSKiller_Quarantine\26.03.2012_12.17.57\ mbr0000\tdlfs0000\tsk0010.dta
Extended Info:56592126998676
Threat Name:Trojan:Win64/Alureon.gen!F
ID:2147649329
Severity:5
Number of Resources:2
Resource Schema:file
Resource Path:C:\TDSSKiller_Quarantine\26.03.2012_15.07.10\ tdlfs0000\tsk0011.dta
Extended Info:42300356785369
Resource Schema:file
Resource Path:C:\TDSSKiller_Quarantine\26.03.2012_12.17.57\ mbr0000\tdlfs0000\tsk0011.dta
Extended Info:42300356785369
Threat Name:Trojan:WinNT/Simda.gen!A
ID:2147650329
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\TDSSKiller_Quarantine\26.03.2012_12.17.57\ rtkt0000\svc0000\tsk0000.dta
Extended Info:76383746056358
End Scan
************************************************** **********

2012-03-28T06:03:46.834Z Successfully wrote instance of AntiVirusProduct with state(0) and up-to-date state(1)
Begin Resource Scan
Scan ID:{668B4F60-0AFE-4F23-A38B-E9D974556583}
Scan Source:7
Start Time:‎Wed ‎Mar ‎28 ‎2012 02:03:44
End Time:‎Wed ‎Mar ‎28 ‎2012 02:05:11
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Documents and Settings\All Users\Application Data\Adobe\Reader\8.2\ARM\BIT34.tmp
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:c:\documents and settings\andrew\Desktop\ComboFix.exe
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Program Files\Adobe\Adobe Help Viewer\1.0\ahv.exe
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Program Files\Adobe\Reader 8.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A82000000003}\AdbeRdr820_en_US.msi
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP2632\A2126922.msi
Result Count:1
Unknown File
Identifier:9884271878409814014
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path:C:\Program Files\Adobe\Adobe Help Viewer\1.0\ahv.exe
Extended Info:5864262463416
End Scan
************************************************** **********

2012-03-28T06:13:19.162Z Successfully wrote instance of AntiVirusProduct with state(0) and up-to-date state(1)
2012-03-28T06:13:53.084Z Task(SpyNetService -RestrictPrivileges -AccessKey 15418435-7D9D-1631-D48F-E83C7702EDEB) launched
Begin Resource Scan
Scan ID:{55B82BDC-0C05-4095-8856-3767B7D100EC}
Scan Source:6
Start Time:‎Wed ‎Mar ‎28 ‎2012 02:13:17
End Time:‎Wed ‎Mar ‎28 ‎2012 02:14:22
Explicit resource to scan
Resource Schema:file
Resource Path:C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP2632\A2035400.dll
Explicit resource to scan
Resource Schema:file
Resource Path:C:\TDSSKiller_Quarantine\26.03.2012_12.17.57\ mbr0000\tdlfs0000\tsk0001.dta
Explicit resource to scan
Resource Schema:file
Resource Path:C:\TDSSKiller_Quarantine\26.03.2012_12.17.57\ mbr0000\tdlfs0000\tsk0003.dta
Explicit resource to scan
Resource Schema:file
Resource Path:C:\TDSSKiller_Quarantine\26.03.2012_12.17.57\ mbr0000\tdlfs0000\tsk0006.dta
Explicit resource to scan
Resource Schema:file
Resource Path:C:\TDSSKiller_Quarantine\26.03.2012_12.17.57\ mbr0000\tdlfs0000\tsk0010.dta
Explicit resource to scan
Resource Schema:file
Resource Path:C:\TDSSKiller_Quarantine\26.03.2012_12.17.57\ mbr0000\tdlfs0000\tsk0011.dta
Explicit resource to scan
Resource Schema:file
Resource Path:C:\TDSSKiller_Quarantine\26.03.2012_12.17.57\ rtkt0000\svc0000\tsk0000.dta
Explicit resource to scan
Resource Schema:file
Resource Path:C:\TDSSKiller_Quarantine\26.03.2012_15.07.10\ tdlfs0000\tsk0001.dta
Explicit resource to scan
Resource Schema:file
Resource Path:C:\TDSSKiller_Quarantine\26.03.2012_15.07.10\ tdlfs0000\tsk0003.dta
Explicit resource to scan
Resource Schema:file
Resource Path:C:\TDSSKiller_Quarantine\26.03.2012_15.07.10\ tdlfs0000\tsk0006.dta
Explicit resource to scan
Resource Schema:file
Resource Path:C:\TDSSKiller_Quarantine\26.03.2012_15.07.10\ tdlfs0000\tsk0010.dta
Explicit resource to scan
Resource Schema:file
Resource Path:C:\TDSSKiller_Quarantine\26.03.2012_15.07.10\ tdlfs0000\tsk0011.dta
Result Count:7
Threat Name:TrojanDownloader:Win32/Tracur.AK
ID:2147655248
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP2632\A2035400.dll
Extended Info:90676818048646
Threat Name:Trojan:Win32/Alureon.FK
ID:2147649330
Severity:5
Number of Resources:2
Resource Schema:file
Resource Path:C:\TDSSKiller_Quarantine\26.03.2012_15.07.10\ tdlfs0000\tsk0001.dta
Extended Info:75285507381978
Resource Schema:file
Resource Path:C:\TDSSKiller_Quarantine\26.03.2012_12.17.57\ mbr0000\tdlfs0000\tsk0001.dta
Extended Info:75285507381978
Threat Name:Trojan:Win32/Orsam!rts
ID:2147626071
Severity:4
Number of Resources:2
Resource Schema:file
Resource Path:C:\TDSSKiller_Quarantine\26.03.2012_15.07.10\ tdlfs0000\tsk0003.dta
Extended Info:24633831132434
Resource Schema:file
Resource Path:C:\TDSSKiller_Quarantine\26.03.2012_12.17.57\ mbr0000\tdlfs0000\tsk0003.dta
Extended Info:24633831132434
Threat Name:Trojan:Win64/Alureon.gen!J
ID:2147653522
Severity:5
Number of Resources:2
Resource Schema:file
Resource Path:C:\TDSSKiller_Quarantine\26.03.2012_15.07.10\ tdlfs0000\tsk0006.dta
Extended Info:132457575523722
Resource Schema:file
Resource Path:C:\TDSSKiller_Quarantine\26.03.2012_12.17.57\ mbr0000\tdlfs0000\tsk0006.dta
Extended Info:132457575523722
Threat Name:Trojan:Win32/Alureon.gen!AD
ID:2147647399
Severity:5
Number of Resources:2
Resource Schema:file
Resource Path:C:\TDSSKiller_Quarantine\26.03.2012_15.07.10\ tdlfs0000\tsk0010.dta
Extended Info:56592126998676
Resource Schema:file
Resource Path:C:\TDSSKiller_Quarantine\26.03.2012_12.17.57\ mbr0000\tdlfs0000\tsk0010.dta
Extended Info:56592126998676
Threat Name:Trojan:Win64/Alureon.gen!F
ID:2147649329
Severity:5
Number of Resources:2
Resource Schema:file
Resource Path:C:\TDSSKiller_Quarantine\26.03.2012_15.07.10\ tdlfs0000\tsk0011.dta
Extended Info:42300356785369
Resource Schema:file
Resource Path:C:\TDSSKiller_Quarantine\26.03.2012_12.17.57\ mbr0000\tdlfs0000\tsk0011.dta
Extended Info:42300356785369
Threat Name:Trojan:WinNT/Simda.gen!A
ID:2147650329
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\TDSSKiller_Quarantine\26.03.2012_12.17.57\ rtkt0000\svc0000\tsk0000.dta
Extended Info:76383746056358
End Scan
************************************************** **********

Beginning threat actions
Start time:‎Wed ‎Mar ‎28 ‎2012 02:14:22
Threat Name:TrojanDownloader:Win32/Tracur.AK
Threat ID:2147655248
Action:remove
Threat Name:Trojan:Win32/Alureon.FK
Threat ID:2147649330
Action:remove
Threat Name:Trojan:Win32/Orsam!rts
Threat ID:2147626071
Action:quarantine
Threat Name:Trojan:Win64/Alureon.gen!J
Threat ID:2147653522
Action:remove
Threat Name:Trojan:Win32/Alureon.gen!AD
Threat ID:2147647399
Action:remove
Threat Name:Trojan:Win64/Alureon.gen!F
Threat ID:2147649329
Action:remove
Threat Name:Trojan:WinNT/Simda.gen!A
Threat ID:2147650329
Action:remove
Resource action complete:Quarantine
Schema:file
Path:\\?\C:\TDSSKiller_Quarantine\26.03.2012_15.07 .10\tdlfs0000\tsk0003.dta
Threat ID:2147626071
Resource refcount:1
Result:0
Resource action complete:Quarantine
Schema:file
Path:\\?\C:\TDSSKiller_Quarantine\26.03.2012_12.17 .57\mbr0000\tdlfs0000\tsk0003.dta
Threat ID:2147626071
Resource refcount:1
Result:0
File to act on SHA1:33AB97E918EEB647AA213775F59994B3453DE7C6
File cleaned/removed successfully
File Name:C:\TDSSKiller_Quarantine\26.03.2012_15.07.10\ tdlfs0000\tsk0011.dta
Resource action complete:Removal
Schema:file
Path:\\?\C:\TDSSKiller_Quarantine\26.03.2012_15.07 .10\tdlfs0000\tsk0011.dta
Threat ID:2147649329
Resource refcount:1
Result:0
File to act on SHA1:1C65AED22363F21A4C933A6300085A3562302ADC
File cleaned/removed successfully
File Name:C:\TDSSKiller_Quarantine\26.03.2012_15.07.10\ tdlfs0000\tsk0010.dta
Resource action complete:Removal
Schema:file
Path:\\?\C:\TDSSKiller_Quarantine\26.03.2012_15.07 .10\tdlfs0000\tsk0010.dta
Threat ID:2147647399
Resource refcount:1
Result:0
File to act on SHA1:F2EEFDE58C0A8564581EC83DFD4FCCC75ECFA8CE
File cleaned/removed successfully
File Name:C:\TDSSKiller_Quarantine\26.03.2012_15.07.10\ tdlfs0000\tsk0006.dta
Resource action complete:Removal
Schema:file
Path:\\?\C:\TDSSKiller_Quarantine\26.03.2012_15.07 .10\tdlfs0000\tsk0006.dta
Threat ID:2147653522
Resource refcount:1
Result:0
File to act on SHA1:C7CDD059448301F3B810822EAF1603E8A4D528F3
File cleaned/removed successfully
File Name:C:\TDSSKiller_Quarantine\26.03.2012_15.07.10\ tdlfs0000\tsk0003.dta
Resource action complete:Removal
Schema:file
Path:\\?\C:\TDSSKiller_Quarantine\26.03.2012_15.07 .10\tdlfs0000\tsk0003.dta
Threat ID:2147626071
Resource refcount:1
Result:0
File to act on SHA1:B0CB20AF3F535A187E0782ADC080C3932E06F8E5
File cleaned/removed successfully
File Name:C:\TDSSKiller_Quarantine\26.03.2012_15.07.10\ tdlfs0000\tsk0001.dta
Resource action complete:Removal
Schema:file
Path:\\?\C:\TDSSKiller_Quarantine\26.03.2012_15.07 .10\tdlfs0000\tsk0001.dta
Threat ID:2147649330
Resource refcount:1
Result:0
File to act on SHA1:4A7ED15F1C3243E3C3650ABA881F17686AF80420
File cleaned/removed successfully
File Name:C:\TDSSKiller_Quarantine\26.03.2012_12.17.57\ rtkt0000\svc0000\tsk0000.dta
Resource action complete:Removal
Schema:file
Path:\\?\C:\TDSSKiller_Quarantine\26.03.2012_12.17 .57\rtkt0000\svc0000\tsk0000.dta
Threat ID:2147650329
Resource refcount:1
Result:0
File to act on SHA1:33AB97E918EEB647AA213775F59994B3453DE7C6
File cleaned/removed successfully
File Name:C:\TDSSKiller_Quarantine\26.03.2012_12.17.57\ mbr0000\tdlfs0000\tsk0011.dta
Resource action complete:Removal
Schema:file
Path:\\?\C:\TDSSKiller_Quarantine\26.03.2012_12.17 .57\mbr0000\tdlfs0000\tsk0011.dta
Threat ID:2147649329
Resource refcount:1
Result:0
File to act on SHA1:1C65AED22363F21A4C933A6300085A3562302ADC
File cleaned/removed successfully
File Name:C:\TDSSKiller_Quarantine\26.03.2012_12.17.57\ mbr0000\tdlfs0000\tsk0010.dta
Resource action complete:Removal
Schema:file
Path:\\?\C:\TDSSKiller_Quarantine\26.03.2012_12.17 .57\mbr0000\tdlfs0000\tsk0010.dta
Threat ID:2147647399
Resource refcount:1
Result:0
File to act on SHA1:F2EEFDE58C0A8564581EC83DFD4FCCC75ECFA8CE
File cleaned/removed successfully
File Name:C:\TDSSKiller_Quarantine\26.03.2012_12.17.57\ mbr0000\tdlfs0000\tsk0006.dta
Resource action complete:Removal
Schema:file
Path:\\?\C:\TDSSKiller_Quarantine\26.03.2012_12.17 .57\mbr0000\tdlfs0000\tsk0006.dta
Threat ID:2147653522
Resource refcount:1
Result:0
File to act on SHA1:C7CDD059448301F3B810822EAF1603E8A4D528F3
File cleaned/removed successfully
File Name:C:\TDSSKiller_Quarantine\26.03.2012_12.17.57\ mbr0000\tdlfs0000\tsk0003.dta
Resource action complete:Removal
Schema:file
Path:\\?\C:\TDSSKiller_Quarantine\26.03.2012_12.17 .57\mbr0000\tdlfs0000\tsk0003.dta
Threat ID:2147626071
Resource refcount:1
Result:0
File to act on SHA1:B0CB20AF3F535A187E0782ADC080C3932E06F8E5
File cleaned/removed successfully
File Name:C:\TDSSKiller_Quarantine\26.03.2012_12.17.57\ mbr0000\tdlfs0000\tsk0001.dta
Resource action complete:Removal
Schema:file
Path:\\?\C:\TDSSKiller_Quarantine\26.03.2012_12.17 .57\mbr0000\tdlfs0000\tsk0001.dta
Threat ID:2147649330
Resource refcount:1
Result:0
File to act on SHA1:EFBC2097525B96E1C3F74AB9CA41FA976C54F9A0
File cleaned/removed successfully
File Name:C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP2632\A2035400.dll
Resource action complete:Removal
Schema:file
Path:\\?\C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP2632\A2035400.dll
Threat ID:2147655248
Resource refcount:1
Result:0
Finished threat ID:2147650329
Threat result:0
Threat status flags:0
Finished threat ID:2147649329
Threat result:0
Threat status flags:4
Finished threat ID:2147647399
Threat result:0
Threat status flags:4
Finished threat ID:2147653522
Threat result:0
Threat status flags:4
Finished threat ID:2147626071
Threat result:0
Threat status flags:0
Finished threat ID:2147649330
Threat result:0
Threat status flags:4
Finished threat ID:2147655248
Threat result:0
Threat status flags:0
Finished threat actions
End time:‎Wed ‎Mar ‎28 ‎2012 02:14:26
Result:0
2012-03-28T06:14:28.366Z Successfully wrote instance of AntiVirusProduct with state(0) and up-to-date state(1)
2012-03-28T06:14:30.428Z Successfully wrote instance of AntiVirusProduct with state(0) and up-to-date state(1)

Aaflac · #26 March 28th, 2012, 04:11 PM

Let's reset System Restore by flushing out previous restore points (which contain infections), and create a new restore point.

To create a Restore Point for Windows XP:
http://support.microsoft.com/kb/948247

...and also, remove all the System Restore points except the most recent one:
Click Start > All Programs > Accessories > System Tools > Disc Cleanup
Launch this utility and click the More Options tab.
Click: System Restore and followed by that, click the Clean Up tab.

A message appears: Are you sure you want to delete all but the most recent restore point?
Click Yes, then, OK

Another message appears: Are you sure you want to perform these actions?
Click: Yes

All System Restore points except the most recent one are now cleaned.

Almost there, before we wrap up...

...please download TFC to your Desktop.

Save any work in progress!! TFC closes open applications and removes unsaved work!! Close all windows.
Double-click TFC.exe to run the program.
If prompted, click "Yes" to reboot.

Last, download Security Check

Save it to the Desktop.
Double-click SecurityCheck.exe and follow the onscreen instructions (on the black screen)
When done, a Notepad document opens automatically: checkup.txt

Please post the contents of checkup.txt in your reply.

garyz · #27 March 28th, 2012, 05:34 PM

Ok, I did the reboot after running TFC and now get Blue Screened on the reboot

This happens in any mode (normal, safe, or last know good config). I have an XP OS disk I can boot to, but not sure how to proceed?

Aaflac · #28 March 28th, 2012, 11:46 PM

If you can’t boot into Windows XP, not even into Safe Mode, what message are you getting on the blue screen?

Knowing this info will allow for us to engage in the correct approach using the Windows CD, if needed. Presuming this is a Dell with XP Pro?

First, try to boot the operating system with its Last Known Good Configuration, as follows:

Restart the computer by pressing [Ctrl][Alt][Delete] simultaneously.
When you see the message: Please select the operating system to start, or, hear the single beep, tap the [F8] key to display the Windows Advanced Options menu.

Select the Last Known Good Configuration entry (the most recent settings that worked) from the menu, and press: Enter

[Edit: Added Image]

garyz · #29 March 29th, 2012, 06:43 PM

Aaflac, Thanks for all your help! I decided to cut my losses and re-image the machine with a fresh copy ox XP. Too many blue screens etc. In the end, many times this is the quickest and best way to clean up an old machine.

I am up and running once more!

Aaflac · #30 March 29th, 2012, 10:40 PM

A fresh copy of XP is the best decision.

We had more than one option to use for getting the machine to boot without the blue screen, however, nothing beats a clean start.

Please consider doing the following to prevent future infections...

Malware is normally installed through vulnerabilities found in out-dated and insecure programs on a computer.

You can use the Secunia Personal Software Inspector to scan for vulnerable programs:
http://secunia.com/vulnerability_scanning/personal/

A tutorial on how to use the program is found here:
http://www.bleepingcomputer.com/tuto...h-secunia-psi/

If anything develops in the future, come back and see us.

Surf safely, garyz!!