IDP & Crypt AQLW Trojan DDS Log pasted.

Malewarebytes Scan results

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.21.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Dr Michael Foster :: KNIGHTS-2EE6007 [administrator]

Protection: Disabled

26/04/2012 06:36:11
mbam-log-2012-04-26 (06-36-11).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 190327
Time elapsed: 5 minute(s), 7 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

eset scan - still scanning after 4 hours!

Hi! The ESET Scan is still running and has been doing so for the last four hours. It is at 57% - so by 17:00 hrs BST I should be able to paste a report.
The nuisance is that AVG keeps kicking in after 15 minutes – and I do not always get back to the machine to top up the 15 minutes in time. Good Job, I am working from home today! I have not found any real method to extend the 15 minutes. Mind you my worry is that AVG let the Trojan in, in the first place, so I will need advice on a decent Anti Virus/Trojan program, man enough for the job. By 18:00 BST I will have to go out to a work meeting, but should get back, but I guess I will have other jobs with which to catch up.

Ps

Mind you it has found some 404 infected files thus far!

Update on ESET Scanning

Its only 59% after 6 1/2 hours, so I guess it will not be complete until at least 20:00 hrs BST.

Hi,

If you are having problems with AVG and want to change antivirus programs anyway you could always just uninstall it and then run ESET again. ESET may take quite some time though which is normal.

If you do remove it, be sure to only come here and to ESET until we get another antivirus program on your system.

Scan complete

It zoomed from 59%, at which it was stuck a good long time and suddenly it was 100%!

The Scan is below. The entries for the F Drive are Tools (usually to do with rescuing the machine) or Jokes - the Joke programs were from my old win 95 machine - like doing tricks with the cursor but always exited on pressing the Esc key.


SCAN RESULTS

C:\Qoobox\Quarantine\C\WINDOWS\system32\flutilssvc.dll.vir Win32/Sirefef.ER trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\InterBaseGuardian.dll.vir Win32/Sirefef.ER trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\mountmgr.dll.vir Win32/Sirefef.ER trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\queuemgr.dll.vir Win32/Sirefef.ER trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\siswlsvc.dll.vir Win32/Sirefef.ER trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\VirtualCam.dll.vir Win32/Sirefef.ER trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\afd.sys.vir Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{478AB6F6-415F-4FEB-AA31-13E8A304D821}\RP542\A1999103.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{478AB6F6-415F-4FEB-AA31-13E8A304D821}\RP543\A1999133.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{478AB6F6-415F-4FEB-AA31-13E8A304D821}\RP543\A1999146.exe a variant of Win32/Kryptik.AEMK trojan
C:\System Volume Information\_restore{478AB6F6-415F-4FEB-AA31-13E8A304D821}\RP543\A1999151.exe Win32/TrojanDownloader.Prodatect.BL trojan
C:\System Volume Information\_restore{478AB6F6-415F-4FEB-AA31-13E8A304D821}\RP544\A1999202.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{478AB6F6-415F-4FEB-AA31-13E8A304D821}\RP544\A1999222.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{478AB6F6-415F-4FEB-AA31-13E8A304D821}\RP544\A1999234.dll Win32/Sirefef.ER trojan
C:\System Volume Information\_restore{478AB6F6-415F-4FEB-AA31-13E8A304D821}\RP544\A1999329.exe a variant of Win32/Kryptik.AELC trojan
C:\System Volume Information\_restore{478AB6F6-415F-4FEB-AA31-13E8A304D821}\RP544\A1999330.exe a variant of Win32/Kryptik.AELC trojan
C:\System Volume Information\_restore{478AB6F6-415F-4FEB-AA31-13E8A304D821}\RP544\A1999337.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{478AB6F6-415F-4FEB-AA31-13E8A304D821}\RP544\A1999349.dll Win32/Sirefef.ER trojan
C:\System Volume Information\_restore{478AB6F6-415F-4FEB-AA31-13E8A304D821}\RP544\A1999350.dll Win32/Sirefef.ER trojan
C:\System Volume Information\_restore{478AB6F6-415F-4FEB-AA31-13E8A304D821}\RP544\A1999351.dll Win32/Sirefef.ER trojan
C:\System Volume Information\_restore{478AB6F6-415F-4FEB-AA31-13E8A304D821}\RP544\A1999352.dll Win32/Sirefef.ER trojan
C:\System Volume Information\_restore{478AB6F6-415F-4FEB-AA31-13E8A304D821}\RP544\A1999353.dll Win32/Sirefef.ER trojan
C:\System Volume Information\_restore{478AB6F6-415F-4FEB-AA31-13E8A304D821}\RP544\A1999354.dll Win32/Sirefef.ER trojan
C:\System Volume Information\_restore{478AB6F6-415F-4FEB-AA31-13E8A304D821}\RP544\A1999355.dll Win32/Sirefef.ER trojan
C:\System Volume Information\_restore{478AB6F6-415F-4FEB-AA31-13E8A304D821}\RP544\A1999356.dll Win32/Sirefef.ER trojan
C:\System Volume Information\_restore{478AB6F6-415F-4FEB-AA31-13E8A304D821}\RP544\A1999392.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{478AB6F6-415F-4FEB-AA31-13E8A304D821}\RP544\A1999427.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{478AB6F6-415F-4FEB-AA31-13E8A304D821}\RP544\A1999467.dll a variant of Win32/Kryptik.AEMZ trojan
C:\System Volume Information\_restore{478AB6F6-415F-4FEB-AA31-13E8A304D821}\RP544\A1999473.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{478AB6F6-415F-4FEB-AA31-13E8A304D821}\RP544\A1999495.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{478AB6F6-415F-4FEB-AA31-13E8A304D821}\RP544\A1999514.dll Win32/Sirefef.ER trojan
C:\System Volume Information\_restore{478AB6F6-415F-4FEB-AA31-13E8A304D821}\RP544\A1999515.dll Win32/Sirefef.ER trojan
C:\System Volume Information\_restore{478AB6F6-415F-4FEB-AA31-13E8A304D821}\RP544\A1999516.dll Win32/Sirefef.ER trojan
C:\System Volume Information\_restore{478AB6F6-415F-4FEB-AA31-13E8A304D821}\RP544\A1999517.dll Win32/Sirefef.ER trojan
C:\System Volume Information\_restore{478AB6F6-415F-4FEB-AA31-13E8A304D821}\RP544\A1999518.dll Win32/Sirefef.ER trojan
C:\System Volume Information\_restore{478AB6F6-415F-4FEB-AA31-13E8A304D821}\RP544\A1999537.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{478AB6F6-415F-4FEB-AA31-13E8A304D821}\RP545\A2000537.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{478AB6F6-415F-4FEB-AA31-13E8A304D821}\RP545\A2001537.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{478AB6F6-415F-4FEB-AA31-13E8A304D821}\RP545\A2001550.dll Win32/Sirefef.ER trojan
C:\System Volume Information\_restore{478AB6F6-415F-4FEB-AA31-13E8A304D821}\RP545\A2001551.dll Win32/Sirefef.ER trojan
C:\System Volume Information\_restore{478AB6F6-415F-4FEB-AA31-13E8A304D821}\RP545\A2001552.dll Win32/Sirefef.ER trojan
C:\System Volume Information\_restore{478AB6F6-415F-4FEB-AA31-13E8A304D821}\RP545\A2001553.dll Win32/Sirefef.ER trojan
C:\System Volume Information\_restore{478AB6F6-415F-4FEB-AA31-13E8A304D821}\RP545\A2001554.dll Win32/Sirefef.ER trojan
C:\System Volume Information\_restore{478AB6F6-415F-4FEB-AA31-13E8A304D821}\RP545\A2001555.dll Win32/Sirefef.ER trojan
C:\System Volume Information\_restore{478AB6F6-415F-4FEB-AA31-13E8A304D821}\RP545\A2001556.dll Win32/Sirefef.ER trojan
C:\System Volume Information\_restore{478AB6F6-415F-4FEB-AA31-13E8A304D821}\RP545\A2001557.dll Win32/Sirefef.ER trojan
C:\System Volume Information\_restore{478AB6F6-415F-4FEB-AA31-13E8A304D821}\RP545\A2001558.dll Win32/Sirefef.ER trojan
C:\System Volume Information\_restore{478AB6F6-415F-4FEB-AA31-13E8A304D821}\RP545\A2001559.dll Win32/Sirefef.ER trojan
C:\System Volume Information\_restore{478AB6F6-415F-4FEB-AA31-13E8A304D821}\RP545\A2001560.dll Win32/Sirefef.ER trojan
C:\System Volume Information\_restore{478AB6F6-415F-4FEB-AA31-13E8A304D821}\RP545\A2001561.dll Win32/Sirefef.ER trojan
C:\System Volume Information\_restore{478AB6F6-415F-4FEB-AA31-13E8A304D821}\RP545\A2001562.dll Win32/Sirefef.ER trojan
C:\System Volume Information\_restore{478AB6F6-415F-4FEB-AA31-13E8A304D821}\RP545\A2001563.dll Win32/Sirefef.ER trojan
C:\System Volume Information\_restore{478AB6F6-415F-4FEB-AA31-13E8A304D821}\RP545\A2001564.dll Win32/Sirefef.ER trojan
C:\System Volume Information\_restore{478AB6F6-415F-4FEB-AA31-13E8A304D821}\RP545\A2001565.dll Win32/Sirefef.ER trojan
C:\System Volume Information\_restore{478AB6F6-415F-4FEB-AA31-13E8A304D821}\RP545\A2001566.dll Win32/Sirefef.ER trojan
C:\System Volume Information\_restore{478AB6F6-415F-4FEB-AA31-13E8A304D821}\RP545\A2001567.dll Win32/Sirefef.ER trojan
C:\System Volume Information\_restore{478AB6F6-415F-4FEB-AA31-13E8A304D821}\RP545\A2001568.dll Win32/Sirefef.ER trojan
C:\System Volume Information\_restore{478AB6F6-415F-4FEB-AA31-13E8A304D821}\RP545\A2001569.dll Win32/Sirefef.ER trojan
C:\System Volume Information\_restore{478AB6F6-415F-4FEB-AA31-13E8A304D821}\RP545\A2001570.dll Win32/Sirefef.ER trojan
C:\System Volume Information\_restore{478AB6F6-415F-4FEB-AA31-13E8A304D821}\RP545\A2001571.dll Win32/Sirefef.ER trojan
C:\System Volume Information\_restore{478AB6F6-415F-4FEB-AA31-13E8A304D821}\RP546\A2002046.dll Win32/Sirefef.ER trojan
C:\System Volume Information\_restore{478AB6F6-415F-4FEB-AA31-13E8A304D821}\RP547\A2003063.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{478AB6F6-415F-4FEB-AA31-13E8A304D821}\RP547\A2003076.dll Win32/Sirefef.ER trojan
C:\System Volume Information\_restore{478AB6F6-415F-4FEB-AA31-13E8A304D821}\RP547\A2003144.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{478AB6F6-415F-4FEB-AA31-13E8A304D821}\RP547\A2003170.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{478AB6F6-415F-4FEB-AA31-13E8A304D821}\RP547\A2003231.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{478AB6F6-415F-4FEB-AA31-13E8A304D821}\RP547\A2004231.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{478AB6F6-415F-4FEB-AA31-13E8A304D821}\RP547\A2005231.sys a variant of Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{478AB6F6-415F-4FEB-AA31-13E8A304D821}\RP547\A2005351.sys a variant of Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{478AB6F6-415F-4FEB-AA31-13E8A304D821}\RP547\A2005393.dll Win32/Sirefef.ER trojan
C:\System Volume Information\_restore{478AB6F6-415F-4FEB-AA31-13E8A304D821}\RP547\A2005394.dll Win32/Sirefef.ER trojan
C:\System Volume Information\_restore{478AB6F6-415F-4FEB-AA31-13E8A304D821}\RP547\A2005395.dll Win32/Sirefef.ER trojan
C:\System Volume Information\_restore{478AB6F6-415F-4FEB-AA31-13E8A304D821}\RP547\A2005396.dll Win32/Sirefef.ER trojan
C:\System Volume Information\_restore{478AB6F6-415F-4FEB-AA31-13E8A304D821}\RP547\A2005397.dll Win32/Sirefef.ER trojan
C:\System Volume Information\_restore{478AB6F6-415F-4FEB-AA31-13E8A304D821}\RP547\A2005398.dll Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.23.43\zaea0000\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.23.43\zaea0001\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.23.43\zaea0002\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.23.43\zaea0003\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.23.43\zaea0004\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.23.43\zaea0005\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.23.43\zaea0006\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.23.43\zaea0007\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.23.43\zaea0008\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.23.43\zaea0009\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.23.43\zaea0010\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.23.43\zaea0011\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.23.43\zaea0012\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.23.43\zaea0013\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.23.43\zaea0014\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.23.43\zaea0015\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.23.43\zaea0016\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.23.43\zaea0017\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.23.43\zaea0018\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.23.43\zaea0019\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.23.43\zaea0020\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.23.43\zaea0021\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.23.43\zaea0022\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.23.43\zaea0023\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.23.43\zaea0024\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.23.43\zaea0025\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.23.43\zaea0026\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.23.43\zaea0027\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.23.43\zaea0028\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.23.43\zaea0029\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.23.43\zaea0030\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.23.43\zaea0031\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.29.39\zaea0000\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.29.39\zaea0001\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.29.39\zaea0002\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.29.39\zaea0003\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.29.39\zaea0004\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.29.39\zaea0005\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.29.39\zaea0006\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.29.39\zaea0007\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.29.39\zaea0008\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.29.39\zaea0009\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.29.39\zaea0010\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.29.39\zaea0011\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.29.39\zaea0012\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.29.39\zaea0013\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.29.39\zaea0014\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.36.06\zaea0000\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.36.06\zaea0001\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.36.06\zaea0002\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.36.06\zaea0003\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.36.06\zaea0004\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.36.06\zaea0005\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.36.06\zaea0006\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.36.06\zaea0007\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.36.06\zaea0008\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.36.06\zaea0009\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.36.06\zaea0010\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.36.06\zaea0011\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.36.06\zaea0012\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.36.06\zaea0013\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.36.06\zaea0014\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.36.06\zaea0015\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.36.06\zaea0016\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.36.06\zaea0017\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.36.06\zaea0018\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.36.06\zaea0019\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.36.06\zaea0020\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.36.06\zaea0021\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.36.06\zaea0022\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.36.06\zaea0023\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.36.06\zaea0024\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.36.06\zaea0025\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.36.06\zaea0026\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.36.06\zaea0027\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.36.06\zaea0028\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.36.06\zaea0029\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.36.06\zaea0030\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.36.06\zaea0031\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.36.06\zaea0032\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.36.06\zaea0033\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.36.06\zaea0034\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.36.06\zaea0035\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.36.06\zaea0036\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.36.06\zaea0037\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.36.06\zaea0038\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.36.06\zaea0039\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.36.06\zaea0040\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.36.06\zaea0041\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.36.06\zaea0042\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.36.06\zaea0043\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.36.06\zaea0044\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.36.06\zaea0045\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.36.06\zaea0046\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.36.06\zaea0047\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.36.06\zaea0048\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.36.06\zaea0049\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.36.06\zaea0050\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.36.06\zaea0051\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.36.06\zaea0052\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.36.06\zaea0053\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.36.06\zaea0054\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.36.06\zaea0055\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.36.06\zaea0056\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.36.06\zaea0057\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.36.06\zaea0058\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.36.06\zaea0059\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.36.06\zaea0060\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.36.06\zaea0061\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.36.06\zaea0062\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.36.06\zaea0063\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.36.06\zaea0064\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.36.06\zaea0065\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.36.06\zaea0066\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.36.06\zaea0067\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.36.06\zaea0068\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.36.06\zaea0069\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.36.06\zaea0070\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.36.06\zaea0071\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.36.06\zaea0072\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.36.06\zaea0073\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.36.06\zaea0074\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.36.06\zaea0075\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.36.06\zaea0076\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.36.06\zaea0077\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.36.06\zaea0078\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.36.06\zaea0079\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.36.06\zaea0080\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.36.06\zaea0081\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.36.06\zaea0082\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.36.06\zaea0083\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.36.06\zaea0084\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.36.06\zaea0085\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.36.06\zaea0086\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.36.06\zaea0087\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.36.06\zaea0088\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.36.06\zaea0089\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.36.06\zaea0090\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.36.06\zaea0091\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.36.06\zaea0092\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.38.59\zaea0000\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.38.59\zaea0001\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.38.59\zaea0002\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.38.59\zaea0003\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.38.59\zaea0004\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.38.59\zaea0005\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.38.59\zaea0006\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.38.59\zaea0007\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.38.59\zaea0008\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.38.59\zaea0009\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.38.59\zaea0010\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.38.59\zaea0011\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.38.59\zaea0012\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.38.59\zaea0013\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.38.59\zaea0014\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.38.59\zaea0015\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.38.59\zaea0016\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.38.59\zaea0017\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.38.59\zaea0018\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.38.59\zaea0019\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.38.59\zaea0020\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.38.59\zaea0021\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.38.59\zaea0022\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.38.59\zaea0023\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.38.59\zaea0024\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.38.59\zaea0025\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.38.59\zaea0026\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.38.59\zaea0027\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.38.59\zaea0028\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.38.59\zaea0029\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.38.59\zaea0030\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.38.59\zaea0031\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.38.59\zaea0032\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.38.59\zaea0033\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.38.59\zaea0034\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.38.59\zaea0035\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.38.59\zaea0036\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.38.59\zaea0037\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.38.59\zaea0038\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.38.59\zaea0039\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.38.59\zaea0040\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.38.59\zaea0041\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.38.59\zaea0042\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.38.59\zaea0043\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.38.59\zaea0044\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.38.59\zaea0045\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.38.59\zaea0046\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.38.59\zaea0047\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.38.59\zaea0048\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.38.59\zaea0049\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.38.59\zaea0050\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.38.59\zaea0051\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.38.59\zaea0052\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.38.59\zaea0053\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.38.59\zaea0054\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.38.59\zaea0055\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.38.59\zaea0056\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.38.59\zaea0057\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.38.59\zaea0058\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.38.59\zaea0059\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.38.59\zaea0060\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.38.59\zaea0061\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.38.59\zaea0062\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.38.59\zaea0063\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.38.59\zaea0064\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.38.59\zaea0065\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.38.59\zaea0066\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.38.59\zaea0067\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.38.59\zaea0068\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.38.59\zaea0069\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.38.59\zaea0070\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.38.59\zaea0071\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.38.59\zaea0072\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.38.59\zaea0073\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.38.59\zaea0074\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.38.59\zaea0075\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.38.59\zaea0076\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.38.59\zaea0077\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.38.59\zaea0078\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.38.59\zaea0079\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.38.59\zaea0080\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.38.59\zaea0081\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.38.59\zaea0082\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.38.59\zaea0083\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.38.59\zaea0084\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.38.59\zaea0085\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.38.59\zaea0086\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.38.59\zaea0087\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.38.59\zaea0088\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.38.59\zaea0089\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.38.59\zaea0090\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.38.59\zaea0091\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.38.59\zaea0092\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.42.54\zaea0000\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.42.54\zaea0001\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.42.54\zaea0002\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.42.54\zaea0003\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.42.54\zaea0004\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.42.54\zaea0005\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.42.54\zaea0006\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.42.54\zaea0007\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.42.54\zaea0008\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.42.54\zaea0009\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.42.54\zaea0010\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.42.54\zaea0011\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.42.54\zaea0012\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.42.54\zaea0013\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.42.54\zaea0014\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.42.54\zaea0015\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.42.54\zaea0016\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.42.54\zaea0017\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.42.54\zaea0018\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.42.54\zaea0019\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.42.54\zaea0020\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.42.54\zaea0021\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.42.54\zaea0022\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.42.54\zaea0023\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.42.54\zaea0024\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.42.54\zaea0025\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.42.54\zaea0026\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.42.54\zaea0027\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.42.54\zaea0028\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.42.54\zaea0029\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.42.54\zaea0030\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.42.54\zaea0031\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.42.54\zaea0032\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.42.54\zaea0033\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.42.54\zaea0034\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.42.54\zaea0035\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.42.54\zaea0036\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.42.54\zaea0037\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.42.54\zaea0038\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.42.54\zaea0039\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.42.54\zaea0040\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.42.54\zaea0041\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.42.54\zaea0042\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.42.54\zaea0043\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.42.54\zaea0044\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.42.54\zaea0045\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.42.54\zaea0046\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.42.54\zaea0047\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.42.54\zaea0048\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.42.54\zaea0049\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.42.54\zaea0050\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.42.54\zaea0051\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.42.54\zaea0052\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.42.54\zaea0053\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.42.54\zaea0054\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.42.54\zaea0055\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.42.54\zaea0056\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.42.54\zaea0057\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.42.54\zaea0058\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.42.54\zaea0059\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.42.54\zaea0060\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.42.54\zaea0061\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.42.54\zaea0062\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.42.54\zaea0063\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.42.54\zaea0064\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.42.54\zaea0065\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.42.54\zaea0066\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.42.54\zaea0067\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.42.54\zaea0068\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.42.54\zaea0069\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.42.54\zaea0070\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.42.54\zaea0071\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.42.54\zaea0072\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.42.54\zaea0073\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.42.54\zaea0074\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.42.54\zaea0075\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.42.54\zaea0076\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.42.54\zaea0077\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.42.54\zaea0078\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.42.54\zaea0079\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.42.54\zaea0080\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.42.54\zaea0081\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.42.54\zaea0082\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.42.54\zaea0083\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.42.54\zaea0084\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.42.54\zaea0085\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.42.54\zaea0086\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.42.54\zaea0087\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.42.54\zaea0088\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.42.54\zaea0089\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.42.54\zaea0090\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.42.54\zaea0091\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.42.54\zaea0092\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\22.04.2012_20.42.54\zaea0093\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
F:\WinInstallers\1stAidDisk\virus&trojans\trojankiller-setup.exe probably a variant of Win32/Adware.IeDefender.NHA application
F:\WinInstallers\adblockplus\cnet_simpleadblock1_0_9_msi.exe a variant of Win32/InstallCore.D application
F:\WinInstallers\Games\Snake\eipcsnake.exe multiple threats
F:\WinInstallers\Mp3 Wma Converter\Setup_FreeConverter.exe Win32/Toolbar.Widgi application
F:\WinInstallers\Pranks\avoid.zip probably a variant of Win32/Agent.DKIVYTJ trojan
F:\WinInstallers\Pranks\followme.zip probably a variant of Win32/Agent.FTGMOC trojan
F:\WinInstallers\Pranks\printme.zip probably a variant of Win32/Agent.CDYNSKQ trojan
F:\WinInstallers\Pranks\avoid\avoid.exe probably a variant of Win32/Agent.DKIVYTJ trojan
F:\WinInstallers\Pranks\followme\followme.exe probably a variant of Win32/Agent.FTGMOC trojan
F:\WinInstallers\Pranks\printme\printme.exe probably a variant of Win32/Agent.CDYNSKQ trojan
F:\WinInstallers\Virus&trojans\trojankiller-setup.exe probably a variant of Win32/Adware.IeDefender.NHA application
F:\WinInstallers\Virus&trojans\avg\AVG9\registrybooster.exe a variant of Win32/RegistryBooster application
F:\WinInstallers\WExplorers\FreeCommander\fc_setup2-2009.exe a variant of Win32/Adware.ADON application
F:\WinInstallers\Wipe\Unlocker\Unlocker1.9.1-x64.exe Win32/Adware.ADON application
F:\WinInstallers\Wipe\Unlocker\Unlocker1.9.1.exe Win32/Adware.ADON application

Hi,

The entries for the F Drive are Tools (usually to do with rescuing the machine) or Jokes - the Joke programs were from my old win 95 machine - like doing tricks with the cursor but always exited on pressing the Esc key.

Click to expand...

I see them. I am removing the ones that are threats only. If you want to still have them wait until we are complete to put them back on.
----------

Run OTL.exe

• Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
  
  
  Code:

  :Services
  
  :Files
  F:\WinInstallers\1stAidDisk\virus&trojans\trojankiller-setup.exe	
  F:\WinInstallers\Games\Snake\eipcsnake.exe	
  F:\WinInstallers\Pranks\avoid.zip	
  F:\WinInstallers\Pranks\followme.zip	
  F:\WinInstallers\Pranks\printme.zip	
  F:\WinInstallers\Pranks\avoid\avoid.exe	
  F:\WinInstallers\Pranks\followme\followme.exe	
  F:\WinInstallers\Pranks\printme\printme.exe	
  F:\WinInstallers\Virus&trojans\trojankiller-setup.exe	
  F:\WinInstallers\WExplorers\FreeCommander\fc_setup2-2009.exe	
  F:\WinInstallers\Wipe\Unlocker\Unlocker1.9.1-x64.exe	
  F:\WinInstallers\Wipe\Unlocker\Unlocker1.9.1.exe	
  
  :Commands
  [purity]
  [resethosts]
  [emptytemp]
  [clearallrestorepoints]
  [start explorer]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot when it is done
• Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

In your next reply please post the logs made by OTL and let me know how your system is running now.

OTL Report

Hi

here is the OTL Report;

All processes killed
========== SERVICES/DRIVERS ==========
========== FILES ==========
F:\WinInstallers\1stAidDisk\virus&trojans\trojankiller-setup.exe moved successfully.
F:\WinInstallers\Games\Snake\eipcsnake.exe moved successfully.
F:\WinInstallers\Pranks\avoid.zip moved successfully.
F:\WinInstallers\Pranks\followme.zip moved successfully.
F:\WinInstallers\Pranks\printme.zip moved successfully.
F:\WinInstallers\Pranks\avoid\avoid.exe moved successfully.
F:\WinInstallers\Pranks\followme\followme.exe moved successfully.
F:\WinInstallers\Pranks\printme\printme.exe moved successfully.
F:\WinInstallers\Virus&trojans\trojankiller-setup.exe moved successfully.
F:\WinInstallers\WExplorers\FreeCommander\fc_setup2-2009.exe moved successfully.
F:\WinInstallers\Wipe\Unlocker\Unlocker1.9.1-x64.exe moved successfully.
F:\WinInstallers\Wipe\Unlocker\Unlocker1.9.1.exe moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Dr Michael Foster
->Temp folder emptied: 1506333 bytes
->Temporary Internet Files folder emptied: 17139549 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 8985244 bytes
->Flash cache emptied: 456 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 494 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 26.00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.40.0 log created on 04272012_072107

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Dr Michael Foster\Local Settings\Temp\~DFBF80.tmp not found!
File\Folder C:\Documents and Settings\Dr Michael Foster\Local Settings\Temporary Internet Files\Content.Word\~WRS0001.tmp not found!
C:\Documents and Settings\Dr Michael Foster\Local Settings\Temporary Internet Files\Content.IE5\11IADA0Y\showthread[3].htm moved successfully.

Registry entries deleted on Reboot...

SYSTEM BEHAVIOUR.
Window's Explorer keeps crashing
I have an odd directory/folder appear ComboFix in the C:/ Directory - when you click on it, it duplicates the "My Computer" window! See attached jpgs.
I must have lost a few system files. I had certainly lost ping.exe, but replaced it with a copy from the other PC.

Is there any way I can restore lost system files?

Again thanks for your help

Hi,

Please visit the site here and download vagetatool and save it directly to your C:\ folder. Once it is there run the tool and post the log that is related.

Scan now halted

Hi -
I got this message at the start of the Vegetatool (which refers to itself as ComboFix) - "You are infected with Rootkit.ZeroAccess!
It has inserted itself into the tcp/ip stack. This is a particularly difficult infection.
If for any reason that you’re unable to connect to the internet after running ComboFix, reboot....." The app then moved onto a scan so I did not get the rest of the message - but basically suggests rebooting twice to return the connection to the Internet.

However, after stage 50 was reached and files and folders have been deleted, it has hung up, and been like that for the last half hour!

Scan now halted

It could be that AVG has kicked in - and is throwing a spanner in the works - As there is no way to halt AVG for more than 15 minutes - do I need to remove AVG and start again?

Hi,

We need to uninstall AVG. Please uninstall AVG by going to Start >> Control Panel >> Add/Remove Programs. We need to make sure that it doesn't interfere. We will reinstall it later.

I appreciate your patience with this. Your system was extremely infected and we are still dealing with the infection.
--------

Please boot into Safe Mode and attempt to run vagetatool again and hopefully it will run through. If the log is created post that to your next reply.

Scan complete - finally

Ran Vagetatool without ditching AVG. I kept the machine booting into safe mode which did the trick. I had taken the network cable out for safety. On each reboot the machine sought to dial out as the DUN kept popping up (I have a modem on board for some old freebie dialup accounts, just in case my broadband has a problem (in this rural area every so often) - so something is going on in the background. Also when Vagetatool had done its thing, it ended up with my display drivers removed, so I restored these. Here is the Report;

ComboFix 12-04-27.01 - Dr Michael Foster 27/04/2012 16:04:39.5.4 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2791 [GMT 1:00]
Running from: c:\documents and settings\Dr Michael Foster\Desktop\vagetatool.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\windows\system32\urttemp
c:\windows\system32\urttemp\regtlib.exe
.
Infected copy of c:\windows\system32\drivers\nv4_mini.sys was found and disinfected
Restored copy from - The cat found it
.
((((((((((((((((((((((((( Files Created from 2012-03-27 to 2012-04-27 )))))))))))))))))))))))))))))))
.
.
2012-04-27 14:59 . 2004-08-03 21:29 1897408 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2012-04-26 16:38 . 2012-04-26 16:38 17920 -c--a-w- c:\windows\system32\dllcache\ping.exe
2012-04-26 16:38 . 2012-04-26 16:38 17920 ----a-w- c:\windows\system32\ping.exe
2012-04-26 07:59 . 2012-04-26 07:59 -------- d-----w- c:\program files\ESET
2012-04-25 18:19 . 2012-04-25 18:19 -------- d-----w- C:\_OTL
2012-04-25 16:31 . 2012-04-25 16:31 -------- d-----w- c:\program files\ERUNT
2012-04-25 09:11 . 2008-04-13 18:40 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
2012-04-24 09:21 . 2011-08-17 13:49 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2012-04-22 19:27 . 2012-04-22 19:36 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-21 08:26 . 2012-04-21 08:26 -------- d-----w- c:\documents and settings\Dr Michael Foster\Application Data\Malwarebytes
2012-04-21 08:26 . 2012-04-21 08:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-04-21 08:26 . 2012-04-21 08:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-21 08:26 . 2012-04-04 14:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-21 08:25 . 2012-04-21 08:25 -------- d-----w- C:\Malwarebytes
2012-04-20 14:55 . 2012-04-20 14:55 110080 ----a-r- c:\documents and settings\Dr Michael Foster\Application Data\Microsoft\Installer\{4E0C6314-A8B8-4026-AC15-084E8B63AFB5}\IconF7A21AF7.exe
2012-04-20 14:55 . 2012-04-20 14:55 110080 ----a-r- c:\documents and settings\Dr Michael Foster\Application Data\Microsoft\Installer\{4E0C6314-A8B8-4026-AC15-084E8B63AFB5}\IconD7F16134.exe
2012-04-20 14:55 . 2012-04-20 14:55 110080 ----a-r- c:\documents and settings\Dr Michael Foster\Application Data\Microsoft\Installer\{4E0C6314-A8B8-4026-AC15-084E8B63AFB5}\IconCF33A0CE.exe
2012-04-20 14:55 . 2012-04-20 14:55 -------- d-----w- C:\sh4ldr
2012-04-20 14:55 . 2012-04-20 14:55 -------- d-----w- c:\program files\Enigma Software Group
2012-04-20 14:51 . 2012-04-20 14:51 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2012-04-20 14:51 . 2012-04-20 14:51 -------- d-----w- c:\documents and settings\Dr Michael Foster\Application Data\TestApp
2012-04-20 14:00 . 2012-04-20 14:12 -------- d-----w- c:\documents and settings\All Users\Application Data\B7E8587A4FE3ECF660BFD1C8D151FC4E
2012-04-04 15:18 . 2012-04-04 15:18 -------- d-----w- c:\program files\Copy of WinFax
2012-04-04 14:18 . 2012-04-08 06:29 -------- d-----w- c:\program files\winfax
2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
2012-04-03 07:25 . 2012-04-13 17:58 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-13 17:58 . 2011-05-17 06:05 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-04 14:18 . 2010-05-05 05:48 41 ----a-w- c:\windows\WFXDEL.BAT
2012-03-11 12:48 . 2012-03-11 12:48 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2012-03-05 19:27 . 2012-03-05 19:27 73728 ----a-r- c:\documents and settings\Dr Michael Foster\Application Data\Microsoft\Installer\{889D48DA-457F-4C8B-9095-6458F2793B12}\NewShortcut47_74B9CE5DF1F4447F982DCA29A461B529.exe
2012-03-05 19:27 . 2012-03-05 19:27 73728 ----a-r- c:\documents and settings\Dr Michael Foster\Application Data\Microsoft\Installer\{889D48DA-457F-4C8B-9095-6458F2793B12}\NewShortcut46_74B9CE5DF1F4447F982DCA29A461B529.exe
2012-03-05 19:27 . 2012-03-05 19:27 53248 ----a-r- c:\documents and settings\Dr Michael Foster\Application Data\Microsoft\Installer\{889D48DA-457F-4C8B-9095-6458F2793B12}\ARPPRODUCTICON.exe
2012-03-05 19:27 . 2012-03-05 19:27 49152 ----a-r- c:\documents and settings\Dr Michael Foster\Application Data\Microsoft\Installer\{889D48DA-457F-4C8B-9095-6458F2793B12}\Uninstall_QA_OTI_H_FE5D756F71E147C4972AD6775344B40B.exe
2012-03-05 19:27 . 2012-03-05 19:27 49152 ----a-r- c:\documents and settings\Dr Michael Foster\Application Data\Microsoft\Installer\{889D48DA-457F-4C8B-9095-6458F2793B12}\NewShortcut2_1C7B7089989A424FB39D41A32581C775.exe
2012-03-01 11:01 . 2006-02-28 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2006-02-28 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2006-02-28 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2006-02-28 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2006-02-28 12:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2006-02-28 12:00 385024 ------w- c:\windows\system32\html.iec
2012-02-03 09:22 . 2006-02-28 12:00 1860096 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2011-12-16 1508408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinFaxAppPortStarter"="wfxsnt40.exe" [2002-12-12 45568]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-11 8429568]
"RTHDCPL"="RTHDCPL.EXE" [2010-04-06 19523104]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-11 81920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"FaxTalk FaxCenter Pro 8"="c:\program files\FaxTalk\FTClCtrl.exe" [2011-09-23 120672]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"NSU_agent"="c:\program files\Nokia\Nokia Software Updater\nsu3ui_agent.exe" [2011-12-13 190768]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-04-04 35736]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
MagicFormation.lnk - c:\program files\Magic Formation\MagicFormation.exe [2010-4-28 454656]
Microsoft Office Outlook 2003.lnk - c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\outicon.exe [2010-4-25 794624]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= "c:\program files\Qualcomm\Eudora\EuShlExt.dll" [2006-08-17 86016]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-11-13 113024]
"{A213B520-C6C2-11d0-AF9D-008029E1027E}"= "c:\program files\winfax\WfxSeh32.Dll" [1998-07-27 38400]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /k:F *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Aolpress\\Ws_ftp\\WS_FTP95.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\ArcSoft\\PhotoStudio 5.5\\PhotoStudio.exe"=
"c:\\Program Files\\NewSoft\\Presto! PageManager 7.15\\Pmsb.exe"=
"c:\\Program Files\\ScanSoft\\OmniPageSE4.0\\TwainClient.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\FaxTalk\\FTmsgsvc.exe"=
"c:\\Program Files\\FaxTalk\\fapiexe.exe"=
"c:\\Program Files\\FaxTalk\\FTclctrl.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
"c:\\Documents and Settings\\Dr Michael Foster\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [13/09/2010 16:27 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [07/09/2010 04:48 32592]
R1 CLBStor;InstantBurn Storage Helper Driver;c:\windows\system32\drivers\CLBStor.sys [07/05/2010 11:55 16048]
S0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [11/03/2012 13:48 56208]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [07/09/2010 04:48 230608]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [09/11/2010 23:20 295248]
S1 RapportCerberus_34302;RapportCerberus_34302;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys [15/12/2011 18:00 228208]
S1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [11/03/2012 13:48 71440]
S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [11/03/2012 13:48 164112]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [17/02/2010 11:25 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [06/05/2010 17:10 67664]
S2 !SASCORE;SAS Core Service;"c:\program files\SUPERAntiSpyware\SASCORE.EXE" --> c:\program files\SUPERAntiSpyware\SASCORE.EXE [?]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [12/10/2011 07:25 4433248]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [02/08/2011 06:09 192776]
S2 CLBUDF;CyberLink InstantBurn UDF Filesystem;c:\windows\system32\drivers\CLBUDF.sys [31/07/2010 20:34 162096]
S2 FaxTalk FaxCenter Pro 8;FaxTalk FaxCenter Pro 8;c:\program files\FaxTalk\FTmsgsvc.exe [23/09/2011 11:07 33120]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [14/07/2010 12:31 136176]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [21/04/2012 09:26 654408]
S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [11/03/2012 13:48 931640]
S2 SdReadSpool;SolidPDFCreatorReadSpool;c:\program files\SolidDocuments\SolidPDFCreator\SPC\SolidPdfService.exe [18/03/2009 18:08 189696]
S2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [18/01/2012 06:21 737184]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [03/04/2012 08:25 253088]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [28/04/2010 20:33 1691480]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [19/08/2010 21:42 134608]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [19/08/2010 21:42 24272]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [19/08/2010 21:42 16720]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [18/12/2009 10:58 11336]
S3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [06/05/2011 15:57 13904]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [14/07/2010 12:31 136176]
S3 ham50;Intel V92 HaM Data Fax Voice;c:\windows\system32\DRIVERS\IntelH51.sys --> c:\windows\system32\DRIVERS\IntelH51.sys [?]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [10/04/2010 17:05 266544]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [21/04/2012 09:26 22344]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15/01/2010 13:49 227232]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [15/01/2012 08:31 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [15/01/2012 08:31 8576]
S3 RapportIaso;RapportIaso;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\28896\RapportIaso.sys [19/07/2011 09:52 21520]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [28/02/2006 13:00 14336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
NETSVCS REQUIRES REPAIRS - current entries shown
6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
ERSvc
EventSystem
FastUserSwitchingCompatibility
HidServ
Ias
Iprip
Irmon
LanmanServer
LanmanWorkstation
Messenger
Netman
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
fsaa
pgpsdkservice
omci
mindrepair
SfCtlCom
dladresn
alertservice
ADSMService
avpnnic
websenseclientdeployservice
symdns
EACSvrMngr
arkbcfltr
protectionservice
pdlndldl
adaptecstoragemanageragent
upsentry_smart
trackcam4
giveio
ccevtmgr
{eda5f5d3-9e0f-4f4d-8a13-1d1cf469c9cc}
int15
scsiaccess
icdsptsv
ppped
C-Dilla
belmonitorservice
Packet
rtl8023
osanbm
NWHOST
pca
navapel
btcsrusb
fuj02b1
smstsmgr
NMSCFG
MRV6X32P
pop3d32
trlokom_rmhsvc
mf
procexp100
adsexpb
TSHWMDTCP
sqlagent$pinnaclesys
NeroMediaHomeService.4
3combootp
atiavaiw
eloggersvc6
SGHIDI
savrt
W700obex
iviregmgr
prism_a02
mi-raysat_3dsMax2008_32
Cap7134
wdm_au8820
ctprxy2k
spbbcsvc
IWCA
pshost
omniusb
acmservice
EUSBMSD
adfs
btwdndis
ipsraidn
l8042pr2
cygserver
ood2000
QWAVEDRV
EL90X
backupclientsvc
service1
TeamViewer
DNE
MSCamSvc
mafwboot
smartwiservice
LUsbFilt
winpowermanager
ZDPNDIS5
mcdetect.exe
CAM1210
incdfs
se45bus
SaiMini
s116mdm
ATKGFNEXSrv
wap3gx
dlaopiom
n558
CXAVXBAR
MSICPL
lxce_device
pktfilter
sfsync04
pav_service
mssql$sqlexpress
was
lxct_device
wlsetupsvc
vrservice
USA49W
infrastructure
SQLAgent$MICROSOFTBCM
surveyor
Mvc25U870_VID_1262&PID_25FD
bobo
RalinkRegistryWriter
usb20l
SimpTcp
imap4d32
kodakccs
JGOGO
forcewarewebinterface
scan
nicconfigsvc
NVR0FLASHDev
w70n51
ikfileflt
s716nd5
ZDPSp50
lxbs_device
sfsync02
generichidservice
alcxsens
NWSIPX32
curtainssyssvc
wmccds
cmbatt
pdlnepkt
PGPwded
Si3114r5
RTL8169
DS1410D
susbser
GoProto
ql2100
vaiomediaplatform-integratedserver-appserver
nchssvad
atimtag
SiRemFil
roxmediadb9
dptrackerd
UxTuneUp
EU3_USB
CoachUsb
USBAAPL
CdaD10BA
FINEPIX_PCC
MR97310_USB_DUAL_CAMERA
softfax
roxmediadb
U2SP
w29n51
getPlusHelper
superproserver
BrUsbSer
lxrsge10s
USB11LDR
smservaz
commserver
amdk7
ar5211
hap16v2k
DC21x4
USBVCD
Rasman
Remoteaccess
Schedule
Seclogon
SENS
Sharedaccess
SRService
Tapisrv
Themes
TrkWks
W32Time
WZCSVC
Wmi
WmdmPmSp
winmgmt
wscsvc
xmlprov
BITS
wuauserv
ShellHWDetection
helpsvc
WmdmPmSN
napagent
hkmsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 17:58]
.
2012-04-27 c:\windows\Tasks\ConfigExec.job
- c:\program files\Microsoft Fix it Center\MatsApi.dll [2010-04-10 16:05]
.
2012-04-27 c:\windows\Tasks\DataUpload.job
- c:\program files\Microsoft Fix it Center\MatsApi.dll [2010-04-10 16:05]
.
2011-11-11 c:\windows\Tasks\debutDowngrade.job
- c:\program files\NCH Software\Debut\debut.exe [2010-08-07 17:31]
.
2011-11-11 c:\windows\Tasks\debutShakeIcon.job
- c:\program files\NCH Software\Debut\debut.exe [2010-08-07 17:31]
.
2012-04-16 c:\windows\Tasks\doxillionShakeIcon.job
- c:\program files\NCH Software\Doxillion\doxillion.exe [2011-03-23 07:38]
.
2012-04-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-14 11:31]
.
2012-04-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-14 11:31]
.
2012-04-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-746137067-1177238915-839522115-1003Core.job
- c:\documents and settings\Dr Michael Foster\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-04-22 15:04]
.
2012-04-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-746137067-1177238915-839522115-1003UA.job
- c:\documents and settings\Dr Michael Foster\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-04-22 15:04]
.
2012-04-09 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
2012-01-20 c:\windows\Tasks\pixillionShakeIcon.job
- c:\program files\NCH Software\Pixillion\pixillion.exe [2011-04-02 13:28]
.
2011-11-11 c:\windows\Tasks\prismShakeIcon.job
- c:\program files\NCH Software\Prism\prism.exe [2010-08-07 14:27]
.
2011-11-11 c:\windows\Tasks\videopadShakeIcon.job
- c:\program files\NCH Software\VideoPad\videopad.exe [2010-08-07 14:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www2.prestel.co.uk/church/oosj/osj.htm
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: Backward &Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cac&hed Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Si&milar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-WFXSwtch - c:\progra~1\winfax\WFXSWTCH.exe
HKLM-Run-nwiz - nwiz.exe
SafeBoot-48309816.sys
SafeBoot-55688713.sys
SafeBoot-69944965.sys
SafeBoot-75860562.sys
SafeBoot-79782063.sys
SafeBoot-WudfPf
SafeBoot-WudfRd
SafeBoot-WinDefend
AddRemove-A to B Britain - c:\program files\AtoB4\Uninst.isu
AddRemove-WinFax - c:\program files\winfax\WFXUNIST.ISU
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-27 16:18
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(256)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\l3codeca.acm
.
Completion time: 2012-04-27 16:23:46 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-27 15:23
.
Pre-Run: 107,584,679,936 bytes free
Post-Run: 107,540,197,376 bytes free
.
- - End Of File - - F515367D4109A49104AEA989306E2C32

Hi,

Okie dokie.... :cowboy:

Next I would like you to take the following steps:

• Click Start then Run type Notepad and click Ok
• Copy and Paste the contents of the Code box below into Notepad
  
  
  Code:

  REGEDIT4
  
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost]
  "netsvcs"=hex(7):36,74,6f,34,00,41,70,70,4d,67,6d,74,00,41,75,64,69,6f,53,72,\
    76,00,42,72,6f,77,73,65,72,00,43,72,79,70,74,53,76,63,00,44,4d,53,65,72,76,\
    65,72,00,44,48,43,50,00,45,52,53,76,63,00,45,76,65,6e,74,53,79,73,74,65,6d,\
    00,46,61,73,74,55,73,65,72,53,77,69,74,63,68,69,6e,67,43,6f,6d,70,61,74,69,\
    62,69,6c,69,74,79,00,48,69,64,53,65,72,76,00,49,61,73,00,49,70,72,69,70,00,\
    49,72,6d,6f,6e,00,4c,61,6e,6d,61,6e,53,65,72,76,65,72,00,4c,61,6e,6d,61,6e,\
    57,6f,72,6b,73,74,61,74,69,6f,6e,00,4d,65,73,73,65,6e,67,65,72,00,4e,65,74,\
    6d,61,6e,00,4e,6c,61,00,4e,74,6d,73,73,76,63,00,4e,57,43,57,6f,72,6b,73,74,\
    61,74,69,6f,6e,00,4e,77,73,61,70,61,67,65,6e,74,00,52,61,73,61,75,74,6f,00,\
    52,61,73,6d,61,6e,00,52,65,6d,6f,74,65,61,63,63,65,73,73,00,53,63,68,65,64,\
    75,6c,65,00,53,65,63,6c,6f,67,6f,6e,00,53,45,4e,53,00,53,68,61,72,65,64,61,\
    63,63,65,73,73,00,53,52,53,65,72,76,69,63,65,00,54,61,70,69,73,72,76,00,54,\
    68,65,6d,65,73,00,54,72,6b,57,6b,73,00,57,33,32,54,69,6d,65,00,57,5a,43,53,\
    56,43,00,57,6d,69,00,57,6d,64,6d,50,6d,53,70,00,77,69,6e,6d,67,6d,74,00,77,\
    73,63,73,76,63,00,78,6d,6c,70,72,6f,76,00,6e,61,70,61,67,65,6e,74,00,68,6b,\
    6d,73,76,63,00,42,49,54,53,00,77,75,61,75,73,65,72,76,00,53,68,65,6c,6c,48,\
    57,44,65,74,65,63,74,69,6f,6e,00,68,65,6c,70,73,76,63,00,00

• Save as regfix.reg to your Desktop
• Make sure to save file type as All Files
• Now right-click regfix.reg and select Merge

----------

Now reboot your system and run a new scan with ComboFix and post the newly made log.

Continue in the morning

I have just finished work. I have merge the reg file, and will rescan early tomorrow. Then Saturday after early am (from 9am thru to afternoon) is written off - but I will continue early sunday morning for an hour, but am working mid morning. Thanks for you assistance - and it is good that I have my wife's machine on which to continue my work, and catch up with your help. Thanks.

Hi,

No problem...take your time. :bigthumb:

Just started the rescan

On running the app again this message appears;
"You are infected with Rootkit.ZeroAccess!
It has inserted itself into the tcp/ip stack. This is a particularly difficult infection.
If for any reason that you’re unable to connect to the internet after running ComboFix, reboot once and see if that fixes it. If it's not fixed, run ComboFix one more time"

I guess I will get time to complete the scan but will post on my return home (have to go out). I might be able to post later today, but I will have a an early slot tommorrow.

Again thanks

Scan results from Vagetatool

ComboFix 12-04-27.01 - Dr Michael Foster 28/04/2012 8:02.6.4 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2788 [GMT 1:00]
Running from: c:\documents and settings\Dr Michael Foster\Desktop\vagetatool.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Infected copy of c:\windows\system32\drivers\nv4_mini.sys was found and disinfected
Restored copy from - The cat found it
.
((((((((((((((((((((((((( Files Created from 2012-03-28 to 2012-04-28 )))))))))))))))))))))))))))))))
.
.
2012-04-28 06:57 . 2004-08-03 21:29 1897408 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2012-04-27 16:23 . 2012-04-27 16:23 4948 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2012-04-26 16:38 . 2012-04-26 16:38 17920 -c--a-w- c:\windows\system32\dllcache\ping.exe
2012-04-26 16:38 . 2012-04-26 16:38 17920 ----a-w- c:\windows\system32\ping.exe
2012-04-26 07:59 . 2012-04-26 07:59 -------- d-----w- c:\program files\ESET
2012-04-25 18:19 . 2012-04-25 18:19 -------- d-----w- C:\_OTL
2012-04-25 16:31 . 2012-04-25 16:31 -------- d-----w- c:\program files\ERUNT
2012-04-25 09:11 . 2008-04-13 18:40 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
2012-04-24 09:21 . 2011-08-17 13:49 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2012-04-22 19:27 . 2012-04-22 19:36 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-21 08:26 . 2012-04-21 08:26 -------- d-----w- c:\documents and settings\Dr Michael Foster\Application Data\Malwarebytes
2012-04-21 08:26 . 2012-04-21 08:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-04-21 08:26 . 2012-04-21 08:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-21 08:26 . 2012-04-04 14:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-21 08:25 . 2012-04-21 08:25 -------- d-----w- C:\Malwarebytes
2012-04-20 14:55 . 2012-04-20 14:55 110080 ----a-r- c:\documents and settings\Dr Michael Foster\Application Data\Microsoft\Installer\{4E0C6314-A8B8-4026-AC15-084E8B63AFB5}\IconF7A21AF7.exe
2012-04-20 14:55 . 2012-04-20 14:55 110080 ----a-r- c:\documents and settings\Dr Michael Foster\Application Data\Microsoft\Installer\{4E0C6314-A8B8-4026-AC15-084E8B63AFB5}\IconD7F16134.exe
2012-04-20 14:55 . 2012-04-20 14:55 110080 ----a-r- c:\documents and settings\Dr Michael Foster\Application Data\Microsoft\Installer\{4E0C6314-A8B8-4026-AC15-084E8B63AFB5}\IconCF33A0CE.exe
2012-04-20 14:55 . 2012-04-20 14:55 -------- d-----w- C:\sh4ldr
2012-04-20 14:55 . 2012-04-20 14:55 -------- d-----w- c:\program files\Enigma Software Group
2012-04-20 14:51 . 2012-04-20 14:51 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2012-04-20 14:51 . 2012-04-20 14:51 -------- d-----w- c:\documents and settings\Dr Michael Foster\Application Data\TestApp
2012-04-20 14:00 . 2012-04-20 14:12 -------- d-----w- c:\documents and settings\All Users\Application Data\B7E8587A4FE3ECF660BFD1C8D151FC4E
2012-04-04 15:18 . 2012-04-04 15:18 -------- d-----w- c:\program files\Copy of WinFax
2012-04-04 14:18 . 2012-04-08 06:29 -------- d-----w- c:\program files\winfax
2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
2012-04-03 07:25 . 2012-04-13 17:58 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-13 17:58 . 2011-05-17 06:05 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-04 14:18 . 2010-05-05 05:48 41 ----a-w- c:\windows\WFXDEL.BAT
2012-03-11 12:48 . 2012-03-11 12:48 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2012-03-05 19:27 . 2012-03-05 19:27 73728 ----a-r- c:\documents and settings\Dr Michael Foster\Application Data\Microsoft\Installer\{889D48DA-457F-4C8B-9095-6458F2793B12}\NewShortcut47_74B9CE5DF1F4447F982DCA29A461B529.exe
2012-03-05 19:27 . 2012-03-05 19:27 73728 ----a-r- c:\documents and settings\Dr Michael Foster\Application Data\Microsoft\Installer\{889D48DA-457F-4C8B-9095-6458F2793B12}\NewShortcut46_74B9CE5DF1F4447F982DCA29A461B529.exe
2012-03-05 19:27 . 2012-03-05 19:27 53248 ----a-r- c:\documents and settings\Dr Michael Foster\Application Data\Microsoft\Installer\{889D48DA-457F-4C8B-9095-6458F2793B12}\ARPPRODUCTICON.exe
2012-03-05 19:27 . 2012-03-05 19:27 49152 ----a-r- c:\documents and settings\Dr Michael Foster\Application Data\Microsoft\Installer\{889D48DA-457F-4C8B-9095-6458F2793B12}\Uninstall_QA_OTI_H_FE5D756F71E147C4972AD6775344B40B.exe
2012-03-05 19:27 . 2012-03-05 19:27 49152 ----a-r- c:\documents and settings\Dr Michael Foster\Application Data\Microsoft\Installer\{889D48DA-457F-4C8B-9095-6458F2793B12}\NewShortcut2_1C7B7089989A424FB39D41A32581C775.exe
2012-03-01 11:01 . 2006-02-28 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2006-02-28 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2006-02-28 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2006-02-28 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2006-02-28 12:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2006-02-28 12:00 385024 ------w- c:\windows\system32\html.iec
2012-02-03 09:22 . 2006-02-28 12:00 1860096 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-27_15.18.06 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-28 07:15 . 2012-04-28 07:15 16384 c:\windows\temp\Perflib_Perfdata_2c0.dat
+ 2010-04-24 17:56 . 2008-04-14 00:12 74752 c:\windows\system32\storprop.dll
- 2010-04-24 17:56 . 2008-04-14 00:12 74752 c:\windows\system32\storprop.dll
+ 2012-04-27 16:22 . 2008-04-13 19:46 61696 c:\windows\system32\ReinstallBackups\0153\DriverFiles\i386\ohci1394.sys
+ 2012-04-27 16:22 . 2008-04-13 19:51 61824 c:\windows\system32\ReinstallBackups\0153\DriverFiles\i386\nic1394.sys
+ 2012-04-27 16:22 . 2008-04-13 19:51 60800 c:\windows\system32\ReinstallBackups\0153\DriverFiles\i386\arp1394.sys
+ 2012-04-27 16:22 . 2008-04-13 19:46 53376 c:\windows\system32\ReinstallBackups\0153\DriverFiles\i386\1394bus.sys
+ 2012-04-27 16:21 . 2008-04-14 00:12 74752 c:\windows\system32\ReinstallBackups\0151\DriverFiles\i386\storprop.dll
+ 2012-04-27 16:21 . 2008-04-13 18:40 96512 c:\windows\system32\ReinstallBackups\0151\DriverFiles\i386\atapi.sys
+ 2012-04-27 16:21 . 2008-04-14 00:12 74752 c:\windows\system32\ReinstallBackups\0150\DriverFiles\i386\storprop.dll
+ 2012-04-27 16:21 . 2008-04-13 18:40 96512 c:\windows\system32\ReinstallBackups\0150\DriverFiles\i386\atapi.sys
+ 2012-04-27 16:21 . 2008-04-14 00:12 74752 c:\windows\system32\ReinstallBackups\0149\DriverFiles\i386\storprop.dll
+ 2012-04-27 16:21 . 2008-04-13 18:40 96512 c:\windows\system32\ReinstallBackups\0149\DriverFiles\i386\atapi.sys
+ 2012-04-27 16:20 . 2008-04-14 00:12 74752 c:\windows\system32\ReinstallBackups\0148\DriverFiles\i386\storprop.dll
+ 2012-04-27 16:20 . 2008-04-13 18:40 96512 c:\windows\system32\ReinstallBackups\0148\DriverFiles\i386\atapi.sys
+ 2012-04-27 16:20 . 2008-04-14 00:12 74752 c:\windows\system32\ReinstallBackups\0147\DriverFiles\i386\storprop.dll
+ 2012-04-27 16:20 . 2008-04-13 18:40 96512 c:\windows\system32\ReinstallBackups\0147\DriverFiles\i386\atapi.sys
+ 2012-04-27 16:20 . 2008-04-14 00:12 74752 c:\windows\system32\ReinstallBackups\0146\DriverFiles\i386\storprop.dll
+ 2012-04-27 16:20 . 2008-04-13 18:40 96512 c:\windows\system32\ReinstallBackups\0146\DriverFiles\i386\atapi.sys
+ 2012-04-27 16:20 . 2008-04-14 00:12 74752 c:\windows\system32\ReinstallBackups\0145\DriverFiles\i386\storprop.dll
+ 2012-04-27 16:20 . 2008-04-13 18:40 96512 c:\windows\system32\ReinstallBackups\0145\DriverFiles\i386\atapi.sys
+ 2012-04-27 16:21 . 2008-04-13 18:39 24576 c:\windows\system32\ReinstallBackups\0099\DriverFiles\i386\kbdclass.sys
+ 2012-04-27 16:21 . 2008-04-13 19:18 52480 c:\windows\system32\ReinstallBackups\0099\DriverFiles\i386\i8042prt.sys
+ 2012-04-27 16:15 . 2008-04-13 18:45 26368 c:\windows\system32\ReinstallBackups\0060\DriverFiles\i386\USBSTOR.SYS
+ 2012-04-27 16:19 . 2008-04-13 18:45 59520 c:\windows\system32\ReinstallBackups\0058\DriverFiles\i386\usbhub.sys
+ 2012-04-27 16:20 . 2008-04-13 18:40 24960 c:\windows\system32\ReinstallBackups\0055\DriverFiles\i386\pciidex.sys
+ 2012-04-27 16:20 . 2008-04-13 18:40 96512 c:\windows\system32\ReinstallBackups\0055\DriverFiles\i386\atapi.sys
+ 2012-04-27 16:14 . 2008-04-13 18:45 26368 c:\windows\system32\ReinstallBackups\0053\DriverFiles\i386\USBSTOR.SYS
+ 2012-04-27 16:19 . 2008-04-13 18:40 24960 c:\windows\system32\ReinstallBackups\0019\DriverFiles\i386\pciidex.sys
+ 2012-04-27 16:19 . 2008-04-13 18:40 96512 c:\windows\system32\ReinstallBackups\0019\DriverFiles\i386\atapi.sys
+ 2012-04-27 16:17 . 2008-04-13 18:45 59520 c:\windows\system32\ReinstallBackups\0017\DriverFiles\i386\usbhub.sys
+ 2012-04-27 16:17 . 2008-04-13 18:45 59520 c:\windows\system32\ReinstallBackups\0015\DriverFiles\i386\usbhub.sys
+ 2012-04-27 16:20 . 2008-04-14 00:12 74752 c:\windows\system32\ReinstallBackups\0014\DriverFiles\i386\storprop.dll
+ 2012-04-27 16:20 . 2008-04-13 18:40 96512 c:\windows\system32\ReinstallBackups\0014\DriverFiles\i386\atapi.sys
+ 2012-04-27 16:17 . 2008-04-13 18:45 59520 c:\windows\system32\ReinstallBackups\0013\DriverFiles\i386\usbhub.sys
+ 2012-04-27 16:18 . 2008-04-13 18:45 59520 c:\windows\system32\ReinstallBackups\0012\DriverFiles\i386\usbhub.sys
+ 2012-04-27 16:17 . 2008-04-13 18:45 59520 c:\windows\system32\ReinstallBackups\0011\DriverFiles\i386\usbhub.sys
+ 2012-04-27 16:17 . 2008-04-13 18:45 59520 c:\windows\system32\ReinstallBackups\0009\DriverFiles\i386\usbhub.sys
- 2010-04-28 15:36 . 2004-08-03 23:56 74240 c:\windows\system32\ReinstallBackups\0008\DriverFiles\i386\usbui.dll
+ 2012-04-27 16:14 . 2008-04-14 00:12 74240 c:\windows\system32\ReinstallBackups\0008\DriverFiles\i386\usbui.dll
+ 2012-04-27 16:14 . 2008-04-13 18:45 59520 c:\windows\system32\ReinstallBackups\0008\DriverFiles\i386\usbhub.sys
+ 2012-04-27 16:14 . 2008-04-13 18:45 30208 c:\windows\system32\ReinstallBackups\0008\DriverFiles\i386\usbehci.sys
- 2010-04-28 15:35 . 2004-08-03 23:56 74240 c:\windows\system32\ReinstallBackups\0007\DriverFiles\i386\usbui.dll
+ 2012-04-27 16:12 . 2008-04-14 00:12 74240 c:\windows\system32\ReinstallBackups\0007\DriverFiles\i386\usbui.dll
+ 2012-04-27 16:12 . 2008-04-13 18:45 59520 c:\windows\system32\ReinstallBackups\0007\DriverFiles\i386\usbhub.sys
+ 2012-04-27 16:12 . 2008-04-13 18:45 30208 c:\windows\system32\ReinstallBackups\0007\DriverFiles\i386\usbehci.sys
- 2010-04-28 15:35 . 2004-08-03 23:56 74240 c:\windows\system32\ReinstallBackups\0006\DriverFiles\i386\usbui.dll
+ 2012-04-27 16:12 . 2008-04-14 00:12 74240 c:\windows\system32\ReinstallBackups\0006\DriverFiles\i386\usbui.dll
+ 2012-04-27 16:12 . 2008-04-13 18:45 20608 c:\windows\system32\ReinstallBackups\0006\DriverFiles\i386\usbuhci.sys
+ 2012-04-27 16:12 . 2008-04-13 18:45 59520 c:\windows\system32\ReinstallBackups\0006\DriverFiles\i386\usbhub.sys
+ 2012-04-27 16:12 . 2008-04-14 00:12 74240 c:\windows\system32\ReinstallBackups\0005\DriverFiles\i386\usbui.dll
- 2010-04-28 15:35 . 2004-08-03 23:56 74240 c:\windows\system32\ReinstallBackups\0005\DriverFiles\i386\usbui.dll
+ 2012-04-27 16:12 . 2008-04-13 18:45 20608 c:\windows\system32\ReinstallBackups\0005\DriverFiles\i386\usbuhci.sys
+ 2012-04-27 16:12 . 2008-04-13 18:45 59520 c:\windows\system32\ReinstallBackups\0005\DriverFiles\i386\usbhub.sys
+ 2012-04-27 16:12 . 2008-04-14 00:12 74240 c:\windows\system32\ReinstallBackups\0004\DriverFiles\i386\usbui.dll
- 2010-04-28 15:34 . 2004-08-03 23:56 74240 c:\windows\system32\ReinstallBackups\0004\DriverFiles\i386\usbui.dll
+ 2012-04-27 16:12 . 2008-04-13 18:45 20608 c:\windows\system32\ReinstallBackups\0004\DriverFiles\i386\usbuhci.sys
+ 2012-04-27 16:12 . 2008-04-13 18:45 59520 c:\windows\system32\ReinstallBackups\0004\DriverFiles\i386\usbhub.sys
- 2010-04-28 15:34 . 2004-08-03 23:56 74240 c:\windows\system32\ReinstallBackups\0003\DriverFiles\i386\usbui.dll
+ 2012-04-27 16:11 . 2008-04-14 00:12 74240 c:\windows\system32\ReinstallBackups\0003\DriverFiles\i386\usbui.dll
+ 2012-04-27 16:11 . 2008-04-13 18:45 20608 c:\windows\system32\ReinstallBackups\0003\DriverFiles\i386\usbuhci.sys
+ 2012-04-27 16:11 . 2008-04-13 18:45 59520 c:\windows\system32\ReinstallBackups\0003\DriverFiles\i386\usbhub.sys
- 2010-04-28 15:34 . 2004-08-03 23:56 74240 c:\windows\system32\ReinstallBackups\0002\DriverFiles\i386\usbui.dll
+ 2012-04-27 16:11 . 2008-04-14 00:12 74240 c:\windows\system32\ReinstallBackups\0002\DriverFiles\i386\usbui.dll
+ 2012-04-27 16:11 . 2008-04-13 18:45 20608 c:\windows\system32\ReinstallBackups\0002\DriverFiles\i386\usbuhci.sys
+ 2012-04-27 16:11 . 2008-04-13 18:45 59520 c:\windows\system32\ReinstallBackups\0002\DriverFiles\i386\usbhub.sys
- 2010-04-28 15:33 . 2004-08-03 23:56 74240 c:\windows\system32\ReinstallBackups\0001\DriverFiles\i386\usbui.dll
+ 2012-04-27 16:11 . 2008-04-14 00:12 74240 c:\windows\system32\ReinstallBackups\0001\DriverFiles\i386\usbui.dll
+ 2012-04-27 16:11 . 2008-04-13 18:45 20608 c:\windows\system32\ReinstallBackups\0001\DriverFiles\i386\usbuhci.sys
+ 2012-04-27 16:11 . 2008-04-13 18:45 59520 c:\windows\system32\ReinstallBackups\0001\DriverFiles\i386\usbhub.sys
+ 2012-04-27 16:17 . 2008-04-13 18:45 59520 c:\windows\system32\ReinstallBackups\0000\DriverFiles\i386\usbhub.sys
+ 2006-02-28 12:00 . 2008-04-13 18:45 20608 c:\windows\system32\drivers\usbuhci.sys
- 2006-02-28 12:00 . 2008-04-13 18:45 20608 c:\windows\system32\drivers\usbuhci.sys
+ 2006-02-28 12:00 . 2008-04-13 18:45 59520 c:\windows\system32\drivers\usbhub.sys
- 2006-02-28 12:00 . 2008-04-13 18:45 59520 c:\windows\system32\drivers\usbhub.sys
+ 2006-02-28 12:00 . 2008-04-13 18:45 30208 c:\windows\system32\drivers\usbehci.sys
- 2006-02-28 12:00 . 2008-04-13 18:45 30208 c:\windows\system32\drivers\usbehci.sys
+ 2006-02-28 12:00 . 2008-04-13 18:40 24960 c:\windows\system32\drivers\pciidex.sys
- 2006-02-28 12:00 . 2008-04-13 18:40 24960 c:\windows\system32\drivers\pciidex.sys
+ 2006-02-28 12:00 . 2008-04-13 18:46 61696 c:\windows\system32\drivers\ohci1394.sys
- 2006-02-28 12:00 . 2008-04-13 19:46 61696 c:\windows\system32\drivers\ohci1394.sys
- 2004-08-03 22:58 . 2008-04-13 19:51 61824 c:\windows\system32\drivers\nic1394.sys
+ 2004-08-03 22:58 . 2008-04-13 18:51 61824 c:\windows\system32\drivers\nic1394.sys
- 2006-02-28 12:00 . 2008-04-13 18:39 24576 c:\windows\system32\drivers\kbdclass.sys
+ 2006-02-28 12:00 . 2008-04-13 18:39 24576 c:\windows\system32\drivers\kbdclass.sys
- 2004-08-03 22:58 . 2008-04-13 19:51 60800 c:\windows\system32\drivers\arp1394.sys
+ 2004-08-03 22:58 . 2008-04-13 18:51 60800 c:\windows\system32\drivers\arp1394.sys
+ 2006-02-28 12:00 . 2008-04-13 18:46 53376 c:\windows\system32\drivers\1394bus.sys
- 2006-02-28 12:00 . 2008-04-13 19:46 53376 c:\windows\system32\drivers\1394bus.sys
+ 2012-04-27 16:22 . 2001-08-17 13:46 6400 c:\windows\system32\ReinstallBackups\0153\DriverFiles\i386\enum1394.sys
+ 2012-04-27 16:19 . 2001-08-17 13:03 4736 c:\windows\system32\ReinstallBackups\0058\DriverFiles\i386\usbd.sys
+ 2012-04-27 16:20 . 2001-08-17 12:51 3328 c:\windows\system32\ReinstallBackups\0055\DriverFiles\i386\pciide.sys
- 2010-04-28 10:43 . 2001-08-17 12:51 3328 c:\windows\system32\ReinstallBackups\0055\DriverFiles\i386\pciide.sys
- 2010-04-28 10:43 . 2001-08-17 12:51 3328 c:\windows\system32\ReinstallBackups\0019\DriverFiles\i386\pciide.sys
+ 2012-04-27 16:19 . 2001-08-17 12:51 3328 c:\windows\system32\ReinstallBackups\0019\DriverFiles\i386\pciide.sys
+ 2012-04-27 16:17 . 2001-08-17 13:03 4736 c:\windows\system32\ReinstallBackups\0017\DriverFiles\i386\usbd.sys
- 2010-04-28 15:39 . 2001-08-17 13:03 4736 c:\windows\system32\ReinstallBackups\0017\DriverFiles\i386\usbd.sys
- 2010-04-28 15:39 . 2001-08-17 13:03 4736 c:\windows\system32\ReinstallBackups\0015\DriverFiles\i386\usbd.sys
+ 2012-04-27 16:17 . 2001-08-17 13:03 4736 c:\windows\system32\ReinstallBackups\0015\DriverFiles\i386\usbd.sys
+ 2012-04-27 16:17 . 2001-08-17 13:03 4736 c:\windows\system32\ReinstallBackups\0013\DriverFiles\i386\usbd.sys
- 2010-04-28 15:40 . 2001-08-17 13:03 4736 c:\windows\system32\ReinstallBackups\0013\DriverFiles\i386\usbd.sys
- 2010-04-28 15:40 . 2001-08-17 13:03 4736 c:\windows\system32\ReinstallBackups\0012\DriverFiles\i386\usbd.sys
+ 2012-04-27 16:18 . 2001-08-17 13:03 4736 c:\windows\system32\ReinstallBackups\0012\DriverFiles\i386\usbd.sys
- 2010-04-28 15:39 . 2001-08-17 13:03 4736 c:\windows\system32\ReinstallBackups\0011\DriverFiles\i386\usbd.sys
+ 2012-04-27 16:17 . 2001-08-17 13:03 4736 c:\windows\system32\ReinstallBackups\0011\DriverFiles\i386\usbd.sys
+ 2012-04-27 16:17 . 2001-08-17 13:03 4736 c:\windows\system32\ReinstallBackups\0009\DriverFiles\i386\usbd.sys
- 2010-04-28 15:39 . 2001-08-17 13:03 4736 c:\windows\system32\ReinstallBackups\0009\DriverFiles\i386\usbd.sys
+ 2012-04-27 16:14 . 2008-04-14 00:11 7168 c:\windows\system32\ReinstallBackups\0008\DriverFiles\i386\hccoin.dll
- 2010-04-28 15:36 . 2006-02-28 12:00 7168 c:\windows\system32\ReinstallBackups\0008\DriverFiles\i386\hccoin.dll
+ 2012-04-27 16:12 . 2008-04-14 00:11 7168 c:\windows\system32\ReinstallBackups\0007\DriverFiles\i386\hccoin.dll
- 2010-04-28 15:35 . 2006-02-28 12:00 7168 c:\windows\system32\ReinstallBackups\0007\DriverFiles\i386\hccoin.dll
+ 2012-04-27 16:17 . 2001-08-17 13:03 4736 c:\windows\system32\ReinstallBackups\0000\DriverFiles\i386\usbd.sys
- 2010-04-28 15:40 . 2001-08-17 13:03 4736 c:\windows\system32\ReinstallBackups\0000\DriverFiles\i386\usbd.sys
+ 2010-04-24 17:57 . 2001-08-17 12:46 6400 c:\windows\system32\drivers\enum1394.sys
- 2010-04-24 17:57 . 2001-08-17 13:46 6400 c:\windows\system32\drivers\enum1394.sys
+ 2012-04-27 16:21 . 2008-04-13 18:31 134400 c:\windows\system32\ReinstallBackups\0152\DriverFiles\i386\halmacpi.dll
+ 2012-04-27 16:14 . 2008-04-13 18:45 143872 c:\windows\system32\ReinstallBackups\0008\DriverFiles\i386\usbport.sys
+ 2012-04-27 16:12 . 2008-04-13 18:45 143872 c:\windows\system32\ReinstallBackups\0007\DriverFiles\i386\usbport.sys
+ 2012-04-27 16:12 . 2008-04-13 18:45 143872 c:\windows\system32\ReinstallBackups\0006\DriverFiles\i386\usbport.sys
+ 2012-04-27 16:12 . 2008-04-13 18:45 143872 c:\windows\system32\ReinstallBackups\0005\DriverFiles\i386\usbport.sys
+ 2012-04-27 16:12 . 2008-04-13 18:45 143872 c:\windows\system32\ReinstallBackups\0004\DriverFiles\i386\usbport.sys
+ 2012-04-27 16:11 . 2008-04-13 18:45 143872 c:\windows\system32\ReinstallBackups\0003\DriverFiles\i386\usbport.sys
+ 2012-04-27 16:11 . 2008-04-13 18:45 143872 c:\windows\system32\ReinstallBackups\0002\DriverFiles\i386\usbport.sys
+ 2012-04-27 16:11 . 2008-04-13 18:45 143872 c:\windows\system32\ReinstallBackups\0001\DriverFiles\i386\usbport.sys
+ 2012-04-27 16:21 . 2011-10-25 12:52 2027008 c:\windows\system32\ReinstallBackups\0152\DriverFiles\i386\ntkrpamp.exe
+ 2012-04-27 16:21 . 2011-10-25 13:37 2148864 c:\windows\system32\ReinstallBackups\0152\DriverFiles\i386\ntkrnlmp.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2011-12-16 1508408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinFaxAppPortStarter"="wfxsnt40.exe" [2002-12-12 45568]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-11 8429568]
"RTHDCPL"="RTHDCPL.EXE" [2010-04-06 19523104]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"FaxTalk FaxCenter Pro 8"="c:\program files\FaxTalk\FTClCtrl.exe" [2011-09-23 120672]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"NSU_agent"="c:\program files\Nokia\Nokia Software Updater\nsu3ui_agent.exe" [2011-12-13 190768]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-04-04 35736]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"nwiz"="nwiz.exe" [BU]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-11 81920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
MagicFormation.lnk - c:\program files\Magic Formation\MagicFormation.exe [2010-4-28 454656]
Microsoft Office Outlook 2003.lnk - c:\windows\Installer\{91110409-6000-11D3-8CFE-0150048383C9}\outicon.exe [2010-4-25 794624]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= "c:\program files\Qualcomm\Eudora\EuShlExt.dll" [2006-08-17 86016]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-11-13 113024]
"{A213B520-C6C2-11d0-AF9D-008029E1027E}"= "c:\program files\winfax\WfxSeh32.Dll" [1998-07-27 38400]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /k:F *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Aolpress\\Ws_ftp\\WS_FTP95.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\ArcSoft\\PhotoStudio 5.5\\PhotoStudio.exe"=
"c:\\Program Files\\NewSoft\\Presto! PageManager 7.15\\Pmsb.exe"=
"c:\\Program Files\\ScanSoft\\OmniPageSE4.0\\TwainClient.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\FaxTalk\\FTmsgsvc.exe"=
"c:\\Program Files\\FaxTalk\\fapiexe.exe"=
"c:\\Program Files\\FaxTalk\\FTclctrl.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
"c:\\Documents and Settings\\Dr Michael Foster\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [13/09/2010 16:27 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [07/09/2010 04:48 32592]
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [11/03/2012 13:48 56208]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [07/09/2010 04:48 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [09/11/2010 23:20 295248]
R1 CLBStor;InstantBurn Storage Helper Driver;c:\windows\system32\drivers\CLBStor.sys [07/05/2010 11:55 16048]
R1 RapportCerberus_34302;RapportCerberus_34302;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys [15/12/2011 18:00 228208]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [11/03/2012 13:48 71440]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [11/03/2012 13:48 164112]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [17/02/2010 11:25 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [06/05/2010 17:10 67664]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [02/08/2011 06:09 192776]
R2 CLBUDF;CyberLink InstantBurn UDF Filesystem;c:\windows\system32\drivers\CLBUDF.sys [31/07/2010 20:34 162096]
R2 FaxTalk FaxCenter Pro 8;FaxTalk FaxCenter Pro 8;c:\program files\FaxTalk\FTmsgsvc.exe [23/09/2011 11:07 33120]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [21/04/2012 09:26 654408]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [11/03/2012 13:48 931640]
R2 SdReadSpool;SolidPDFCreatorReadSpool;c:\program files\SolidDocuments\SolidPDFCreator\SPC\SolidPdfService.exe [18/03/2009 18:08 189696]
R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [18/01/2012 06:21 737184]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [19/08/2010 21:42 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [19/08/2010 21:42 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [19/08/2010 21:42 16720]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [21/04/2012 09:26 22344]
S2 !SASCORE;SAS Core Service;"c:\program files\SUPERAntiSpyware\SASCORE.EXE" --> c:\program files\SUPERAntiSpyware\SASCORE.EXE [?]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [12/10/2011 07:25 4433248]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [14/07/2010 12:31 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [03/04/2012 08:25 253088]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [28/04/2010 20:33 1691480]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [18/12/2009 10:58 11336]
S3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [06/05/2011 15:57 13904]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [14/07/2010 12:31 136176]
S3 ham50;Intel V92 HaM Data Fax Voice;c:\windows\system32\DRIVERS\IntelH51.sys --> c:\windows\system32\DRIVERS\IntelH51.sys [?]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [10/04/2010 17:05 266544]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15/01/2010 13:49 227232]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [15/01/2012 08:31 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [15/01/2012 08:31 8576]
S3 RapportIaso;RapportIaso;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\28896\RapportIaso.sys [19/07/2011 09:52 21520]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [28/02/2006 13:00 14336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 17:58]
.
2012-04-28 c:\windows\Tasks\ConfigExec.job
- c:\program files\Microsoft Fix it Center\MatsApi.dll [2010-04-10 16:05]
.
2012-04-27 c:\windows\Tasks\DataUpload.job
- c:\program files\Microsoft Fix it Center\MatsApi.dll [2010-04-10 16:05]
.
2011-11-11 c:\windows\Tasks\debutDowngrade.job
- c:\program files\NCH Software\Debut\debut.exe [2010-08-07 17:31]
.
2011-11-11 c:\windows\Tasks\debutShakeIcon.job
- c:\program files\NCH Software\Debut\debut.exe [2010-08-07 17:31]
.
2012-04-16 c:\windows\Tasks\doxillionShakeIcon.job
- c:\program files\NCH Software\Doxillion\doxillion.exe [2011-03-23 07:38]
.
2012-04-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-14 11:31]
.
2012-04-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-14 11:31]
.
2012-04-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-746137067-1177238915-839522115-1003Core.job
- c:\documents and settings\Dr Michael Foster\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-04-22 15:04]
.
2012-04-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-746137067-1177238915-839522115-1003UA.job
- c:\documents and settings\Dr Michael Foster\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-04-22 15:04]
.
2012-04-09 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
2012-01-20 c:\windows\Tasks\pixillionShakeIcon.job
- c:\program files\NCH Software\Pixillion\pixillion.exe [2011-04-02 13:28]
.
2011-11-11 c:\windows\Tasks\prismShakeIcon.job
- c:\program files\NCH Software\Prism\prism.exe [2010-08-07 14:27]
.
2011-11-11 c:\windows\Tasks\videopadShakeIcon.job
- c:\program files\NCH Software\VideoPad\videopad.exe [2010-08-07 14:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www2.prestel.co.uk/church/oosj/osj.htm
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: Backward &Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cac&hed Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Si&milar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
TCP: DhcpNameServer = 192.168.1.254
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-28 08:16
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1060)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(3008)
c:\windows\system32\WININET.dll
c:\program files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll
c:\windows\system32\ieframe.dll
c:\program files\Magic Formation\MFHook.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\system32\WFXSVC.EXE
c:\program files\FaxTalk\FAPIEXE.EXE
c:\windows\system32\wfxsnt40.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\rundll32.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
c:\windows\system32\wscntfy.exe
c:\windows\System32\wudfhost.exe
c:\windows\system32\taskmgr.exe
.
**************************************************************************
.
Completion time: 2012-04-28 08:22:05 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-28 07:22
ComboFix2.txt 2012-04-27 15:23
.
Pre-Run: 107,423,932,416 bytes free
Post-Run: 107,409,145,856 bytes free
.
- - End Of File - - 4B22D7A8DE69480CD6D80DF7E2DE41F1

That looked good. How is your system running?

System seems OK but!!

Hi

The System seems OK, and AVG is not flashing up Trojan warnings every three seconds - however out of curiosity I ran the vagetatool one more time and it gave the same warning as before; "You are infected with Rootkit.ZeroAccess! It has inserted itself into the tcp/ip stack. This is a particularly difficult infection." etc.

I have yet to road run the Computer properly as I have been doing most of my essential work on my wife's machine (and accessing this forum save for when I needed to download a tool).

Also I know that the ping.exe file was trashed and that I was able to replace it - I am sure I might have lost other files - is there any easy way to re-install any missing operating files to the machine (XP sp3)?