Jump to content

hit by smart fortress 2012


Recommended Posts

Was hit by the fake av smart fortress 2012. Would not let me access anything until I removed it from the add/remove programs list. That got rid of the desktop icon and the fake warning pop ups and allowed me to access mbam and msse but now i'm left with annoying adware pop ups and redirects. Msse picking up multiple exploits. Mbam scans not picking anything up. Tried the instructions given for self removal with the chamelon tool, didn't seem to do anything. Here's my dds and attach:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by Robert at 13:58:15 on 2012-03-30

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2143 [GMT -7:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe

C:\Program Files\Pure Networks\Network Magic\nmapp.exe

C:\Program Files\Blockbuster\BLOCKBUSTERMovielink\Movielink User.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Java\jre6\bin\jqs.exe

C:\PROGRA~1\BLOCKB~1\BLOCKB~1\MovielinkCore.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\internet explorer\iexplore.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.local

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Google Update] "c:\documents and settings\robert\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"

mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"

mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"

mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [LoadMSvcmm] "c:\program files\blockbuster\blockbustermovielink\Movielink User.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

mRun: [Garmin Lifetime Updater] c:\program files\garmin\lifetime updater\GarminLifetime.exe /StartMinimized

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login

mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet

mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVWSzItQUxZTUYtU0xLTFUtQVoyVUItNkdPS0ItSkhGTkg"&"inst=NzctNDgwMzQ0NjAyLUJBKzEtS1YzKzctVDQtRlA5KzYtQkFSOUcrMS1UQjkrMi1GTCs5LUYxME0rNS1YMjAxMCsyLVFJWDErNC1GMTBNMTBEKzE"&"prod=90"&"ver=10.0.1204

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

LSP: mswsock.dll

DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1242920910640

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{EE2BC3A9-D089-42F2-B524-90E2D651376E} : DhcpNameServer = 192.168.0.1

Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

============= SERVICES / DRIVERS ===============

.

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]

R1 MpKsl08496466;MpKsl08496466;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{345ee212-851c-4f65-8c9b-018379e932ed}\MpKsl08496466.sys [2012-3-29 29904]

R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-3-14 2348352]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-3-30 40776]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2009-5-20 123712]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-18 136176]

S2 RasMan32;Remote Access Connection Manager ;c:\windows\system32\mscories32.exe --> c:\windows\system32\mscories32.exe [?]

S3 GRT;GRT;c:\docume~1\robert\locals~1\temp\grt.exe --> c:\docume~1\robert\locals~1\temp\GRT.exe [?]

S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2012-3-29 24064]

.

=============== Created Last 30 ================

.

2012-03-30 20:45:16 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2012-03-30 11:37:00 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{345ee212-851c-4f65-8c9b-018379e932ed}\offreg.dll

2012-03-30 05:57:35 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{345ee212-851c-4f65-8c9b-018379e932ed}\MpKsl08496466.sys

2012-03-30 04:49:37 24064 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2012-03-30 02:55:33 6582328 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{345ee212-851c-4f65-8c9b-018379e932ed}\mpengine.dll

2012-03-30 01:17:09 -------- d-----w- c:\documents and settings\all users\application data\B7E85B35000485B2000B56B6D151FC84

2012-03-14 23:55:36 876864 ----a-w- c:\windows\system32\nvhdagenco3220103.dll

.

==================== Find3M ====================

.

2012-03-14 23:56:25 293992 ----a-w- c:\windows\system32\nvdrsdb0.bin

2012-03-14 23:56:25 1 ----a-w- c:\windows\system32\nvdrssel.bin

2012-03-14 23:56:23 293992 ----a-w- c:\windows\system32\nvdrsdb1.bin

2012-02-29 23:58:00 881984 ----a-w- c:\windows\system32\nvgenco32.dll

2012-02-29 23:58:00 65536 ----a-w- c:\windows\system32\OpenCL.dll

2012-02-29 23:58:00 5918720 ----a-w- c:\windows\system32\nvcuda.dll

2012-02-29 23:58:00 4309760 ----a-w- c:\windows\system32\nv4_disp.dll

2012-02-29 23:58:00 2522944 ----a-w- c:\windows\system32\nvcuvid.dll

2012-02-29 23:58:00 2437440 ----a-w- c:\windows\system32\nvcuvenc.dll

2012-02-29 23:58:00 2291712 ----a-w- c:\windows\system32\nvapi.dll

2012-02-29 23:58:00 18624512 ----a-w- c:\windows\system32\nvoglnt.dll

2012-02-29 23:58:00 17534976 ----a-w- c:\windows\system32\nvcompiler.dll

2012-02-29 23:58:00 13417632 ----a-w- c:\windows\system32\drivers\nv4_mini.sys

2012-02-29 23:58:00 1000256 ----a-w- c:\windows\system32\nvdispco32.dll

2012-02-29 20:30:31 54272 ----a-w- c:\windows\system32\nvwddi.dll

2012-02-29 20:30:24 15494464 ----a-w- c:\windows\system32\nvcpl.dll

2012-02-29 20:30:24 143680 ----a-w- c:\windows\system32\nvcolor.exe

2012-02-29 20:30:23 164160 ----a-w- c:\windows\system32\nvsvc32.exe

2012-02-29 20:30:23 108352 ----a-w- c:\windows\system32\nvmctray.dll

2012-02-26 18:03:51 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys

2012-01-31 12:44:05 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-01-17 12:46:00 27968 ----a-w- c:\windows\system32\nvhdap32.dll

2012-01-17 12:45:58 123712 ----a-w- c:\windows\system32\drivers\nvhda32.sys

2012-01-11 19:06:47 3072 ------w- c:\windows\system32\iacenc.dll

2012-01-09 16:20:25 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2010-09-01 23:33:49 83968 ----a-w- c:\program files\remover.exe

.

============= FINISH: 13:59:14.03 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume1

Install Date: 5/20/2009 3:59:49 PM

System Uptime: 3/29/2012 10:56:58 PM (15 hours ago)

.

Motherboard: ASUSTeK Computer INC. | | M3N72-D

Processor: AMD Phenom™ 9650 Quad-Core Processor | Socket AM2 | 2300/200mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 466 GiB total, 217.229 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

Acrobat.com

Adobe AIR

Adobe Flash Player 10 Plugin

Adobe Flash Player 11 ActiveX

Adobe Reader 9

Age of Empires III

Age of Empires III - The Asian Dynasties

Age of Empires III - The WarChiefs

AiO_Scan_CDA

AiOSoftwareNPI

Amazon Kindle

AMD Processor Driver

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Army Builder 3.3b

BLOCKBUSTER Movielink

Bonjour

BufferChm

Citrix XenApp Web Plugin

Compatibility Pack for the 2007 Office system

Coupon Printer for Windows

Destinations

DeviceManagementQFolder

DocProc

DocProcQFolder

DVD Suite

eSupportQFolder

F300

F300_Help

Fax_CDA

Garmin Communicator Plugin

Garmin Lifetime Updater

Garmin USB Drivers

Google Chrome

Google Earth

Google Update Helper

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2633952)

HP Imaging Device Functions 7.0

HP Photosmart Essential

HP Photosmart, Officejet and Deskjet 7.0.A

HP Solution Center 7.0

HPPhotoSmartExpress

HPProductAssistant

Image Plugin

InstantShareDevicesMFC

iTunes

Java Auto Updater

Java™ 6 Update 26

Malwarebytes Anti-Malware version 1.60.1.1000

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2656353)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Antimalware

Microsoft Application Error Reporting

Microsoft Base Smart Card Cryptographic Service Provider Package

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Office File Validation Add-In

Microsoft Office Publisher 2003

Microsoft Office Standard Edition 2003

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Windows Media Video 9 VCM

Microsoft WSE 3.0 Runtime

MobileMe Control Panel

MSN

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Nero 7 Essentials

neroxml

Network Magic

NewCopy_CDA

NVIDIA Control Panel 296.10

NVIDIA Drivers

NVIDIA Graphics Driver 296.10

NVIDIA HD Audio Driver 1.3.12.0

NVIDIA Install Application

NVIDIA nView 136.18

NVIDIA nView Desktop Manager

NVIDIA PhysX

NVIDIA PhysX System Software 9.12.0213

NVIDIA Update 1.7.11

NVIDIA Update Components

OCR Software by I.R.I.S 7.0

Picasa 3

PowerDVD

PowerISO

ProductContextNPI

Pure Networks Platform

QuickTime

Readme

Realtek High Definition Audio Driver

RIFT

Safari

Scan

ScannerCopy

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft Windows (KB2564958)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2530548)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2559049)

Security Update for Windows Internet Explorer 8 (KB2586448)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB2647516)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2621440)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB2641653)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2647518)

Security Update for Windows XP (KB2660465)

Security Update for Windows XP (KB2661637)

Sid Meier's Civilization 4

Sid Meier's Civilization 4 - Beyond the Sword

Sid Meier's Civilization 4 - Warlords

SimCity 4 Deluxe

SolutionCenter

Status

The Sims 2

The Sims™ 3

Toolbox

TrayApp

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows XP (KB2492386)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2607712)

Update for Windows XP (KB2616676)

Update for Windows XP (KB2641690)

Update for Windows XP (KB971029)

Ventrilo Client

Ventrilo Server

VLC media player 1.0.5

Warcraft III

Warhammer Online - Age of Reckoning

WebFldrs XP

WebReg

Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)

Windows Internet Explorer 8

Windows Live OneCare safety scanner

Windows Media Format 11 runtime

Windows Media Player 11

WinRAR archiver

World of Warcraft

Xfire (remove only)

Yahoo! Detect

.

==== Event Viewer Messages From Past Week ========

.

3/29/2012 9:49:27 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.

3/29/2012 6:21:43 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Apple Mobile Device service to connect.

3/29/2012 6:21:43 PM, error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

3/29/2012 6:21:13 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Media Player Network Sharing Service service to connect.

3/29/2012 6:21:13 PM, error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

3/29/2012 6:20:58 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Microsoft Antimalware Service service to connect.

3/29/2012 6:20:58 PM, error: Service Control Manager [7000] - The Microsoft Antimalware Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

3/29/2012 6:20:43 PM, error: Service Control Manager [7034] - The Pure Networks Platform Service service terminated unexpectedly. It has done this 1 time(s).

3/29/2012 6:20:43 PM, error: Service Control Manager [7034] - The NVIDIA Update Service Daemon service terminated unexpectedly. It has done this 1 time(s).

3/29/2012 6:20:43 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).

3/29/2012 6:20:43 PM, error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

3/29/2012 6:20:43 PM, error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.

3/29/2012 6:20:43 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

3/29/2012 6:20:43 PM, error: Service Control Manager [7000] - The Windows Presentation Foundation Font Cache 4.0.0.0 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

3/29/2012 6:20:42 PM, error: Service Control Manager [7034] - The Pml Driver HPZ12 service terminated unexpectedly. It has done this 1 time(s).

3/29/2012 6:20:42 PM, error: Service Control Manager [7034] - The NVIDIA Driver Helper Service service terminated unexpectedly. It has done this 1 time(s).

3/29/2012 6:20:42 PM, error: Service Control Manager [7034] - The Movielink Core Service service terminated unexpectedly. It has done this 1 time(s).

3/29/2012 6:20:42 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).

3/29/2012 6:20:42 PM, error: Service Control Manager [7034] - The Cyberlink RichVideo Service(CRVS) service terminated unexpectedly. It has done this 1 time(s).

3/29/2012 6:20:42 PM, error: Service Control Manager [7031] - The Windows Presentation Foundation Font Cache 4.0.0.0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

3/29/2012 6:20:42 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Presentation Foundation Font Cache 4.0.0.0 service to connect.

3/29/2012 10:18:34 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.

.

==== End Of File ===========================

Link to post
Share on other sites

:welcome:

Whether you wish to continue with cleaning or not, you should be aware that you may have been infected by a backdoor trojan. This type of program has the ability to steal passwords and other information from your system. If you are using your computer for sensitive purposes such as internet banking then I recommend you take the following steps immediately:

  • Use another, uninfected computer to change all your internet passwords, especially ones with financial implications such as banks, paypal, ebay, etc. You should also change the passwords for any other site you use.
  • Call your bank(s), credit card company or any other institution which may be affected and advise them that your login/password or credit card information may have been stolen and ask what steps to take with regard to your account.
  • Consider what other private information could possibly have been taken from your computer and take appropriate steps
  • Removing this infection can also disable the ability to connect to the internet.

This infection can almost certainly be cleaned, but as the malware could be configured to run any program a remote attacker requires, it will be impossible to be 100% sure that the machine is clean, if this is unacceptable to you then you should consider reformatting the system partition and reinstalling Windows as this is the only 100% sure answer.

Please post back to let me know how you wish to proceed.

Link to post
Share on other sites

Thanks for your reply. The situation sounds pretty grim. Well, I definately want to make sure the machine is clean and I certainly want to keep my connection to the internet. I've avoided using any sites that require passwords since the problem began, but I suppose it could have been sitting there awhile before rearing it's ugly head. I've never reformatted the system partition or reinstalled windows before. It sounds complicated but maybe it's the way to go. Will I need to reinstall all my programs and back up all my files as well and if so, how do I go about doing that easiest? Thanks again for your help.

Link to post
Share on other sites

Also since my initial posting on March 30th I did end up picking up something on a mbam quick scan after an update. I hope this helps:

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

Database version: v2012.03.31.14

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Robert :: METATRON [administrator]

3/31/2012 8:07:40 PM

mbam-log-2012-03-31 (20-07-40).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 236299

Time elapsed: 21 minute(s), 15 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 4

C:\WINDOWS\Temp\arg11304.exe (Trojan.Zbot.Gen) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\arg125.exe (Trojan.Tracur) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\arg307969.exe (Trojan.Tracur) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\arg77425.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)

Link to post
Share on other sites

Next:

Download TDSSKiller from here and save it to your Desktop.

Note: if the Cure option is not there, please select 'Skip'.

Please read carefully and follow these steps.

  1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    tdss_1.jpg
  2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
    tdss_2.jpg
  3. Click the Start Scan button.
    tdss_3.jpg
  4. If a suspicious object is detected, the default action will be Skip, click on Continue.
    tdss_4.jpg
  5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
  6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    tdss_5.jpg

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Link to post
Share on other sites

I hope I did it right. It didn't really do that last step of cure and reboot. Here's the report:

08:40:22.0312 10572 TDSS rootkit removing tool 2.7.26.0 Apr 4 2012 19:52:02

08:40:22.0796 10572 ============================================================

08:40:22.0796 10572 Current date / time: 2012/04/05 08:40:22.0796

08:40:22.0796 10572 SystemInfo:

08:40:22.0796 10572

08:40:22.0796 10572 OS Version: 5.1.2600 ServicePack: 3.0

08:40:22.0796 10572 Product type: Workstation

08:40:22.0796 10572 ComputerName: METATRON

08:40:22.0796 10572 UserName: Robert

08:40:22.0796 10572 Windows directory: C:\WINDOWS

08:40:22.0796 10572 System windows directory: C:\WINDOWS

08:40:22.0796 10572 Processor architecture: Intel x86

08:40:22.0796 10572 Number of processors: 4

08:40:22.0796 10572 Page size: 0x1000

08:40:22.0796 10572 Boot type: Normal boot

08:40:22.0796 10572 ============================================================

08:40:24.0734 10572 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

08:40:24.0750 10572 \Device\Harddisk0\DR0:

08:40:24.0750 10572 MBR used

08:40:24.0750 10572 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D41

08:40:24.0765 10572 Initialize success

08:40:24.0765 10572 ============================================================

08:41:10.0703 34444 ============================================================

08:41:10.0703 34444 Scan started

08:41:10.0703 34444 Mode: Manual; SigCheck; TDLFS;

08:41:10.0703 34444 ============================================================

08:41:11.0062 34444 6to4 (c07d5197410aab28d0d93f943f59656d) C:\WINDOWS\System32\6to4svc.dll

08:41:11.0312 34444 6to4 - ok

08:41:11.0312 34444 Abiosdsk - ok

08:41:11.0328 34444 abp480n5 - ok

08:41:11.0359 34444 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

08:41:11.0718 34444 ACPI - ok

08:41:11.0750 34444 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

08:41:11.0859 34444 ACPIEC - ok

08:41:11.0875 34444 adpu160m - ok

08:41:11.0890 34444 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

08:41:12.0015 34444 aec - ok

08:41:12.0062 34444 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

08:41:12.0125 34444 AFD - ok

08:41:12.0140 34444 Aha154x - ok

08:41:12.0140 34444 aic78u2 - ok

08:41:12.0156 34444 aic78xx - ok

08:41:12.0187 34444 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll

08:41:12.0312 34444 Alerter - ok

08:41:12.0343 34444 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe

08:41:12.0421 34444 ALG - ok

08:41:12.0421 34444 AliIde - ok

08:41:12.0468 34444 AmdPPM (033448d435e65c4bd72e70521fd05c76) C:\WINDOWS\system32\DRIVERS\AmdPPM.sys

08:41:12.0515 34444 AmdPPM - ok

08:41:12.0531 34444 amsint - ok

08:41:12.0640 34444 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

08:41:12.0734 34444 Apple Mobile Device - ok

08:41:12.0734 34444 AppMgmt - ok

08:41:12.0734 34444 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

08:41:12.0875 34444 Arp1394 - ok

08:41:12.0875 34444 asc - ok

08:41:12.0890 34444 asc3350p - ok

08:41:12.0890 34444 asc3550 - ok

08:41:13.0015 34444 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

08:41:13.0046 34444 aspnet_state - ok

08:41:13.0062 34444 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

08:41:13.0171 34444 AsyncMac - ok

08:41:13.0187 34444 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

08:41:13.0328 34444 atapi - ok

08:41:13.0328 34444 Atdisk - ok

08:41:13.0359 34444 atksgt (e46d344412d1abc60c58e95c73bcdc70) C:\WINDOWS\system32\DRIVERS\atksgt.sys

08:41:13.0625 34444 atksgt - ok

08:41:13.0656 34444 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

08:41:13.0765 34444 Atmarpc - ok

08:41:13.0812 34444 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll

08:41:13.0937 34444 AudioSrv - ok

08:41:13.0984 34444 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

08:41:14.0093 34444 audstub - ok

08:41:14.0140 34444 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

08:41:14.0265 34444 Beep - ok

08:41:14.0312 34444 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll

08:41:14.0671 34444 BITS - ok

08:41:14.0765 34444 Bonjour Service (1c87705ccb2f60172b0fc86b5d82f00d) C:\Program Files\Bonjour\mDNSResponder.exe

08:41:14.0859 34444 Bonjour Service - ok

08:41:14.0875 34444 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll

08:41:15.0000 34444 Browser - ok

08:41:15.0078 34444 catchme - ok

08:41:15.0093 34444 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

08:41:15.0203 34444 cbidf2k - ok

08:41:15.0203 34444 cd20xrnt - ok

08:41:15.0234 34444 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

08:41:15.0359 34444 Cdaudio - ok

08:41:15.0375 34444 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

08:41:15.0500 34444 Cdfs - ok

08:41:15.0546 34444 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

08:41:15.0703 34444 Cdrom - ok

08:41:15.0718 34444 Changer - ok

08:41:15.0734 34444 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe

08:41:15.0859 34444 CiSvc - ok

08:41:15.0859 34444 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe

08:41:16.0000 34444 ClipSrv - ok

08:41:16.0125 34444 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

08:41:16.0156 34444 clr_optimization_v2.0.50727_32 - ok

08:41:16.0203 34444 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

08:41:16.0234 34444 clr_optimization_v4.0.30319_32 - ok

08:41:16.0250 34444 CmdIde - ok

08:41:16.0250 34444 COMSysApp - ok

08:41:16.0265 34444 Cpqarray - ok

08:41:16.0281 34444 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll

08:41:16.0390 34444 CryptSvc - ok

08:41:16.0406 34444 dac2w2k - ok

08:41:16.0406 34444 dac960nt - ok

08:41:16.0484 34444 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll

08:41:16.0562 34444 DcomLaunch - ok

08:41:16.0609 34444 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll

08:41:16.0750 34444 Dhcp - ok

08:41:16.0765 34444 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

08:41:16.0875 34444 Disk - ok

08:41:16.0875 34444 dmadmin - ok

08:41:16.0937 34444 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

08:41:17.0078 34444 dmboot - ok

08:41:17.0093 34444 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

08:41:17.0218 34444 dmio - ok

08:41:17.0234 34444 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

08:41:17.0328 34444 dmload - ok

08:41:17.0359 34444 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll

08:41:17.0468 34444 dmserver - ok

08:41:17.0484 34444 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

08:41:17.0609 34444 DMusic - ok

08:41:17.0625 34444 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll

08:41:17.0734 34444 Dnscache - ok

08:41:17.0734 34444 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll

08:41:17.0875 34444 Dot3svc - ok

08:41:17.0875 34444 dpti2o - ok

08:41:17.0890 34444 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

08:41:18.0000 34444 drmkaud - ok

08:41:18.0000 34444 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll

08:41:18.0125 34444 EapHost - ok

08:41:18.0140 34444 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll

08:41:18.0250 34444 ERSvc - ok

08:41:18.0265 34444 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

08:41:18.0328 34444 Eventlog - ok

08:41:18.0343 34444 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll

08:41:18.0421 34444 EventSystem - ok

08:41:18.0453 34444 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

08:41:18.0562 34444 Fastfat - ok

08:41:18.0609 34444 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

08:41:18.0687 34444 FastUserSwitchingCompatibility - ok

08:41:18.0703 34444 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

08:41:18.0828 34444 Fdc - ok

08:41:18.0859 34444 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

08:41:18.0984 34444 Fips - ok

08:41:18.0984 34444 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

08:41:19.0093 34444 Flpydisk - ok

08:41:19.0125 34444 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

08:41:19.0250 34444 FltMgr - ok

08:41:19.0375 34444 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

08:41:19.0390 34444 FontCache3.0.0.0 - ok

08:41:19.0437 34444 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

08:41:19.0562 34444 Fs_Rec - ok

08:41:19.0562 34444 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

08:41:19.0671 34444 Ftdisk - ok

08:41:19.0718 34444 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

08:41:19.0781 34444 GEARAspiWDM - ok

08:41:19.0796 34444 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

08:41:19.0906 34444 Gpc - ok

08:41:20.0031 34444 GRT - ok

08:41:20.0125 34444 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe

08:41:20.0234 34444 gupdate - ok

08:41:20.0265 34444 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

08:41:20.0328 34444 gusvc - ok

08:41:20.0343 34444 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

08:41:20.0500 34444 HDAudBus - ok

08:41:20.0578 34444 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

08:41:20.0703 34444 helpsvc - ok

08:41:20.0734 34444 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll

08:41:20.0843 34444 HidServ - ok

08:41:20.0875 34444 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

08:41:20.0984 34444 hidusb - ok

08:41:21.0000 34444 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll

08:41:21.0156 34444 hkmsvc - ok

08:41:21.0156 34444 hpn - ok

08:41:21.0187 34444 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys

08:41:21.0296 34444 HPZid412 - ok

08:41:21.0296 34444 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

08:41:21.0328 34444 HPZipr12 - ok

08:41:21.0359 34444 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

08:41:21.0406 34444 HPZius12 - ok

08:41:21.0453 34444 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

08:41:21.0500 34444 HTTP - ok

08:41:21.0546 34444 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll

08:41:21.0671 34444 HTTPFilter - ok

08:41:21.0671 34444 i2omgmt - ok

08:41:21.0671 34444 i2omp - ok

08:41:21.0703 34444 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

08:41:21.0812 34444 i8042prt - ok

08:41:21.0906 34444 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

08:41:21.0953 34444 IDriverT ( UnsignedFile.Multi.Generic ) - warning

08:41:21.0953 34444 IDriverT - detected UnsignedFile.Multi.Generic (1)

08:41:22.0078 34444 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

08:41:22.0203 34444 idsvc - ok

08:41:22.0218 34444 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

08:41:22.0343 34444 Imapi - ok

08:41:22.0390 34444 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe

08:41:22.0531 34444 ImapiService - ok

08:41:22.0531 34444 ini910u - ok

08:41:22.0671 34444 IntcAzAudAddService (fb4293b1eab313c28d4a1b8db61aca72) C:\WINDOWS\system32\drivers\RtkHDAud.sys

08:41:22.0968 34444 IntcAzAudAddService - ok

08:41:22.0968 34444 IntelIde - ok

08:41:23.0015 34444 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

08:41:23.0125 34444 Ip6Fw - ok

08:41:23.0171 34444 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

08:41:23.0296 34444 IpFilterDriver - ok

08:41:23.0312 34444 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

08:41:23.0437 34444 IpInIp - ok

08:41:23.0453 34444 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

08:41:23.0578 34444 IpNat - ok

08:41:23.0625 34444 iPod Service (3a6d4d8abacf64292d060c9e06d2050d) C:\Program Files\iPod\bin\iPodService.exe

08:41:23.0750 34444 iPod Service - ok

08:41:23.0765 34444 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

08:41:23.0953 34444 IPSec - ok

08:41:23.0984 34444 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

08:41:24.0046 34444 IRENUM - ok

08:41:24.0062 34444 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

08:41:24.0187 34444 isapnp - ok

08:41:24.0250 34444 JavaQuickStarterService (9dba73c2f1e76ec4cb837e67c5743596) C:\Program Files\Java\jre6\bin\jqs.exe

08:41:24.0343 34444 JavaQuickStarterService - ok

08:41:24.0359 34444 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

08:41:24.0687 34444 Kbdclass - ok

08:41:24.0687 34444 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

08:41:24.0796 34444 kbdhid - ok

08:41:24.0828 34444 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

08:41:24.0953 34444 kmixer - ok

08:41:24.0968 34444 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

08:41:25.0109 34444 KSecDD - ok

08:41:25.0140 34444 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll

08:41:25.0203 34444 LanmanServer - ok

08:41:25.0250 34444 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll

08:41:25.0328 34444 lanmanworkstation - ok

08:41:25.0328 34444 lbrtfdc - ok

08:41:25.0359 34444 lirsgt (8ccf9ed46d52af1375875f74a91ffacf) C:\WINDOWS\system32\DRIVERS\lirsgt.sys

08:41:25.0406 34444 lirsgt - ok

08:41:25.0421 34444 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll

08:41:25.0546 34444 LmHosts - ok

08:41:25.0578 34444 mbamchameleon (7ffd29fafcde7aaf89b689b6e156d5b0) C:\WINDOWS\system32\drivers\mbamchameleon.sys

08:41:25.0640 34444 mbamchameleon ( UnsignedFile.Multi.Generic ) - warning

08:41:25.0640 34444 mbamchameleon - detected UnsignedFile.Multi.Generic (1)

08:41:25.0640 34444 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll

08:41:25.0781 34444 Messenger - ok

08:41:25.0781 34444 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

08:41:25.0890 34444 mnmdd - ok

08:41:25.0921 34444 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe

08:41:26.0093 34444 mnmsrvc - ok

08:41:26.0109 34444 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

08:41:26.0234 34444 Modem - ok

08:41:26.0265 34444 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

08:41:26.0375 34444 Mouclass - ok

08:41:26.0375 34444 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

08:41:26.0484 34444 mouhid - ok

08:41:26.0500 34444 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

08:41:26.0625 34444 MountMgr - ok

08:41:26.0781 34444 Movielink Core Service (19e4baa7be36144c41af844de1cfb50d) C:\PROGRA~1\BLOCKB~1\BLOCKB~1\MovielinkCore.exe

08:41:27.0062 34444 Movielink Core Service - ok

08:41:27.0109 34444 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys

08:41:27.0171 34444 MpFilter - ok

08:41:27.0171 34444 mraid35x - ok

08:41:27.0187 34444 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

08:41:27.0281 34444 MRxDAV - ok

08:41:27.0312 34444 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

08:41:27.0406 34444 MRxSmb - ok

08:41:27.0453 34444 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe

08:41:27.0562 34444 MSDTC - ok

08:41:27.0578 34444 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

08:41:27.0687 34444 Msfs - ok

08:41:27.0703 34444 MSIServer - ok

08:41:27.0734 34444 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

08:41:27.0843 34444 MSKSSRV - ok

08:41:27.0921 34444 MsMpSvc (cfce43b70ca0cc4dcc8adb62b792b173) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

08:41:27.0953 34444 MsMpSvc - ok

08:41:27.0968 34444 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

08:41:28.0078 34444 MSPCLOCK - ok

08:41:28.0078 34444 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

08:41:28.0203 34444 MSPQM - ok

08:41:28.0234 34444 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

08:41:28.0343 34444 mssmbios - ok

08:41:28.0359 34444 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys

08:41:28.0421 34444 MTsensor - ok

08:41:28.0468 34444 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

08:41:28.0500 34444 Mup - ok

08:41:28.0546 34444 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll

08:41:28.0687 34444 napagent - ok

08:41:28.0765 34444 NBService (5836b9e91863a00ec1b8e785efd86ecb) C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

08:41:28.0890 34444 NBService - ok

08:41:28.0906 34444 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

08:41:29.0046 34444 NDIS - ok

08:41:29.0062 34444 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

08:41:29.0140 34444 NdisTapi - ok

08:41:29.0375 34444 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

08:41:29.0500 34444 Ndisuio - ok

08:41:29.0515 34444 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

08:41:29.0687 34444 NdisWan - ok

08:41:29.0718 34444 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

08:41:29.0765 34444 NDProxy - ok

08:41:29.0796 34444 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

08:41:29.0906 34444 NetBIOS - ok

08:41:29.0937 34444 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

08:41:30.0093 34444 NetBT - ok

08:41:30.0125 34444 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

08:41:30.0328 34444 NetDDE - ok

08:41:30.0328 34444 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

08:41:30.0484 34444 NetDDEdsdm - ok

08:41:30.0500 34444 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

08:41:30.0625 34444 Netlogon - ok

08:41:30.0640 34444 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll

08:41:30.0781 34444 Netman - ok

08:41:30.0890 34444 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

08:41:30.0921 34444 NetTcpPortSharing - ok

08:41:30.0937 34444 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

08:41:31.0062 34444 NIC1394 - ok

08:41:31.0109 34444 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll

08:41:31.0156 34444 Nla - ok

08:41:31.0203 34444 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys

08:41:31.0312 34444 nm - ok

08:41:31.0406 34444 NMIndexingService (a328a46d87bb92ce4d8a4528e9d84787) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

08:41:31.0718 34444 NMIndexingService - ok

08:41:31.0781 34444 nmraapache (13350ddd0976ceb5f125396c7bfb05b4) C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe

08:41:31.0812 34444 nmraapache ( UnsignedFile.Multi.Generic ) - warning

08:41:31.0812 34444 nmraapache - detected UnsignedFile.Multi.Generic (1)

08:41:31.0906 34444 nmservice (82c5a813e8ea7e94dc1afa24cd803b80) C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

08:41:32.0171 34444 nmservice - ok

08:41:32.0203 34444 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

08:41:32.0312 34444 Npfs - ok

08:41:32.0328 34444 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

08:41:32.0453 34444 Ntfs - ok

08:41:32.0453 34444 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

08:41:32.0562 34444 NtLmSsp - ok

08:41:32.0593 34444 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll

08:41:32.0718 34444 NtmsSvc - ok

08:41:32.0750 34444 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

08:41:32.0843 34444 Null - ok

08:41:33.0171 34444 nv (062c16f3364c7706713282163586988e) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

08:41:34.0828 34444 nv - ok

08:41:34.0859 34444 NVENETFD (7d275ecda4628318912f6c945d5cf963) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys

08:41:34.0984 34444 NVENETFD - ok

08:41:35.0031 34444 NVHDA (8eb410a64c86d51007687ee00bc2f912) C:\WINDOWS\system32\drivers\nvhda32.sys

08:41:35.0078 34444 NVHDA - ok

08:41:35.0125 34444 nvnetbus (b64aacefad2be5bff5353fe681253c67) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys

08:41:35.0187 34444 nvnetbus - ok

08:41:35.0218 34444 nvsmu (2a085aec3ab2b1211611d2a7b9e22456) C:\WINDOWS\system32\DRIVERS\nvsmu.sys

08:41:35.0265 34444 nvsmu - ok

08:41:35.0312 34444 NVSvc (b2f5ac506c9b1103827b62ba18a2c514) C:\WINDOWS\system32\nvsvc32.exe

08:41:35.0375 34444 NVSvc - ok

08:41:35.0531 34444 nvUpdatusService (844a25c9e3076edef2b12e0beded755d) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

08:41:35.0734 34444 nvUpdatusService - ok

08:41:35.0765 34444 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

08:41:35.0890 34444 NwlnkFlt - ok

08:41:35.0906 34444 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

08:41:36.0046 34444 NwlnkFwd - ok

08:41:36.0093 34444 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys

08:41:36.0218 34444 NwlnkIpx - ok

08:41:36.0218 34444 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys

08:41:36.0375 34444 NwlnkNb - ok

08:41:36.0390 34444 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys

08:41:36.0515 34444 NwlnkSpx - ok

08:41:36.0531 34444 NwSapAgent (4b83fcbbe72af5f99d109798653e8b78) C:\WINDOWS\System32\ipxsap.dll

08:41:36.0640 34444 NwSapAgent - ok

08:41:36.0656 34444 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

08:41:36.0781 34444 ohci1394 - ok

08:41:36.0828 34444 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

08:41:36.0859 34444 ose - ok

08:41:36.0906 34444 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys

08:41:37.0031 34444 Parport - ok

08:41:37.0062 34444 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

08:41:37.0187 34444 PartMgr - ok

08:41:37.0203 34444 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

08:41:37.0328 34444 ParVdm - ok

08:41:37.0328 34444 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

08:41:37.0468 34444 PCI - ok

08:41:37.0468 34444 PCIDump - ok

08:41:37.0484 34444 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

08:41:37.0609 34444 PCIIde - ok

08:41:37.0625 34444 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

08:41:37.0750 34444 Pcmcia - ok

08:41:37.0750 34444 PDCOMP - ok

08:41:37.0765 34444 PDFRAME - ok

08:41:37.0765 34444 PDRELI - ok

08:41:37.0796 34444 PDRFRAME - ok

08:41:37.0812 34444 perc2 - ok

08:41:37.0828 34444 perc2hib - ok

08:41:37.0859 34444 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

08:41:37.0906 34444 PlugPlay - ok

08:41:37.0937 34444 Pml Driver HPZ12 (d31f88c5f19eefa366a415d6bc5f2abc) C:\WINDOWS\system32\HPZipm12.exe

08:41:38.0046 34444 Pml Driver HPZ12 - ok

08:41:38.0062 34444 pnarp (dea06627596015263360097c2608384e) C:\WINDOWS\system32\DRIVERS\pnarp.sys

08:41:38.0109 34444 pnarp - ok

08:41:38.0125 34444 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

08:41:38.0234 34444 PolicyAgent - ok

08:41:38.0250 34444 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

08:41:38.0375 34444 PptpMiniport - ok

08:41:38.0390 34444 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

08:41:38.0515 34444 Processor - ok

08:41:38.0515 34444 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

08:41:38.0625 34444 ProtectedStorage - ok

08:41:38.0625 34444 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

08:41:38.0750 34444 PSched - ok

08:41:38.0781 34444 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

08:41:38.0906 34444 Ptilink - ok

08:41:38.0906 34444 purendis (c0cdb9f7ce42c3487f0bea409bf5d153) C:\WINDOWS\system32\DRIVERS\purendis.sys

08:41:38.0937 34444 purendis - ok

08:41:38.0937 34444 ql1080 - ok

08:41:38.0953 34444 Ql10wnt - ok

08:41:38.0953 34444 ql12160 - ok

08:41:38.0968 34444 ql1240 - ok

08:41:38.0968 34444 ql1280 - ok

08:41:38.0984 34444 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

08:41:39.0109 34444 RasAcd - ok

08:41:39.0125 34444 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll

08:41:39.0234 34444 RasAuto - ok

08:41:39.0265 34444 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

08:41:39.0390 34444 Rasl2tp - ok

08:41:39.0406 34444 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll

08:41:39.0531 34444 RasMan - ok

08:41:39.0546 34444 RasMan32 - ok

08:41:39.0546 34444 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

08:41:39.0671 34444 RasPppoe - ok

08:41:39.0687 34444 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

08:41:39.0781 34444 Raspti - ok

08:41:39.0796 34444 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

08:41:39.0921 34444 Rdbss - ok

08:41:39.0937 34444 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

08:41:40.0046 34444 RDPCDD - ok

08:41:40.0078 34444 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys

08:41:40.0156 34444 RDPWD - ok

08:41:40.0187 34444 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe

08:41:40.0343 34444 RDSessMgr - ok

08:41:40.0375 34444 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

08:41:40.0515 34444 redbook - ok

08:41:40.0546 34444 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll

08:41:40.0656 34444 RemoteAccess - ok

08:41:40.0812 34444 RichVideo (06a49b7bdc36cfbf97dd90804f833369) C:\Program Files\CyberLink\Shared Files\RichVideo.exe

08:41:40.0875 34444 RichVideo - ok

08:41:40.0906 34444 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe

08:41:41.0031 34444 RpcLocator - ok

08:41:41.0062 34444 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll

08:41:41.0109 34444 RpcSs - ok

08:41:41.0156 34444 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe

08:41:41.0296 34444 RSVP - ok

08:41:41.0328 34444 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

08:41:41.0437 34444 SamSs - ok

08:41:41.0468 34444 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe

08:41:41.0609 34444 SCardSvr - ok

08:41:41.0656 34444 SCDEmu (612a3d69e603dbbe5c3c1079186a0393) C:\WINDOWS\system32\drivers\SCDEmu.sys

08:41:41.0703 34444 SCDEmu ( UnsignedFile.Multi.Generic ) - warning

08:41:41.0703 34444 SCDEmu - detected UnsignedFile.Multi.Generic (1)

08:41:41.0750 34444 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll

08:41:41.0875 34444 Schedule - ok

08:41:41.0890 34444 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

08:41:41.0953 34444 Secdrv - ok

08:41:41.0968 34444 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll

08:41:42.0078 34444 seclogon - ok

08:41:42.0078 34444 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll

08:41:42.0187 34444 SENS - ok

08:41:42.0234 34444 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

08:41:42.0328 34444 serenum - ok

08:41:42.0343 34444 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

08:41:42.0515 34444 Serial - ok

08:41:42.0546 34444 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

08:41:42.0640 34444 Sfloppy - ok

08:41:42.0687 34444 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll

08:41:42.0875 34444 SharedAccess - ok

08:41:42.0906 34444 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

08:41:42.0953 34444 ShellHWDetection - ok

08:41:42.0953 34444 Simbad - ok

08:41:42.0968 34444 Sparrow - ok

08:41:43.0015 34444 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

08:41:43.0125 34444 splitter - ok

08:41:43.0140 34444 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe

08:41:43.0203 34444 Spooler - ok

08:41:43.0218 34444 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

08:41:43.0296 34444 sr - ok

08:41:43.0312 34444 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll

08:41:43.0375 34444 srservice - ok

08:41:43.0421 34444 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

08:41:43.0484 34444 Srv - ok

08:41:43.0484 34444 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll

08:41:43.0578 34444 SSDPSRV - ok

08:41:43.0578 34444 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll

08:41:43.0718 34444 stisvc - ok

08:41:43.0750 34444 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

08:41:43.0843 34444 swenum - ok

08:41:43.0890 34444 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

08:41:44.0000 34444 swmidi - ok

08:41:44.0015 34444 SwPrv - ok

08:41:44.0015 34444 symc810 - ok

08:41:44.0031 34444 symc8xx - ok

08:41:44.0031 34444 sym_hi - ok

08:41:44.0046 34444 sym_u3 - ok

08:41:44.0078 34444 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

08:41:44.0203 34444 sysaudio - ok

08:41:44.0265 34444 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe

08:41:44.0421 34444 SysmonLog - ok

08:41:44.0468 34444 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll

08:41:44.0578 34444 TapiSrv - ok

08:41:44.0609 34444 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

08:41:44.0656 34444 Tcpip - ok

08:41:44.0671 34444 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys

08:41:44.0937 34444 Tcpip6 - ok

08:41:44.0953 34444 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

08:41:45.0062 34444 TDPIPE - ok

08:41:45.0078 34444 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

08:41:45.0203 34444 TDTCP - ok

08:41:45.0234 34444 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

08:41:45.0359 34444 TermDD - ok

08:41:45.0390 34444 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll

08:41:45.0500 34444 TermService - ok

08:41:45.0546 34444 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

08:41:45.0593 34444 Themes - ok

08:41:45.0593 34444 TosIde - ok

08:41:45.0640 34444 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll

08:41:45.0765 34444 TrkWks - ok

08:41:45.0781 34444 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys

08:41:45.0890 34444 tunmp - ok

08:41:45.0906 34444 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

08:41:46.0046 34444 Udfs - ok

08:41:46.0046 34444 ultra - ok

08:41:46.0109 34444 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

08:41:46.0218 34444 Update - ok

08:41:46.0234 34444 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll

08:41:46.0296 34444 upnphost - ok

08:41:46.0312 34444 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe

08:41:46.0468 34444 UPS - ok

08:41:46.0500 34444 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys

08:41:46.0578 34444 USBAAPL - ok

08:41:46.0593 34444 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

08:41:46.0718 34444 usbccgp - ok

08:41:46.0718 34444 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

08:41:46.0843 34444 usbehci - ok

08:41:46.0843 34444 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

08:41:46.0968 34444 usbhub - ok

08:41:46.0984 34444 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

08:41:47.0093 34444 usbohci - ok

08:41:47.0140 34444 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

08:41:47.0250 34444 usbprint - ok

08:41:47.0281 34444 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

08:41:47.0390 34444 usbscan - ok

08:41:47.0421 34444 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

08:41:47.0546 34444 USBSTOR - ok

08:41:47.0562 34444 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

08:41:47.0687 34444 VgaSave - ok

08:41:47.0687 34444 ViaIde - ok

08:41:47.0718 34444 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

08:41:47.0843 34444 VolSnap - ok

08:41:47.0859 34444 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe

08:41:47.0953 34444 VSS - ok

08:41:48.0000 34444 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll

08:41:48.0109 34444 W32Time - ok

08:41:48.0171 34444 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

08:41:48.0281 34444 Wanarp - ok

08:41:48.0281 34444 WDICA - ok

08:41:48.0328 34444 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

08:41:48.0453 34444 wdmaud - ok

08:41:48.0500 34444 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll

08:41:48.0625 34444 WebClient - ok

08:41:48.0671 34444 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll

08:41:48.0812 34444 winmgmt - ok

08:41:48.0859 34444 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll

08:41:48.0890 34444 WmdmPmSN - ok

08:41:48.0921 34444 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

08:41:49.0015 34444 WmiAcpi - ok

08:41:49.0062 34444 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe

08:41:49.0203 34444 WmiApSrv - ok

08:41:49.0328 34444 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe

08:41:49.0609 34444 WMPNetworkSvc - ok

08:41:49.0750 34444 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

08:41:49.0796 34444 WPFFontCache_v0400 - ok

08:41:49.0843 34444 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll

08:41:49.0953 34444 wuauserv - ok

08:41:49.0984 34444 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

08:41:50.0046 34444 WudfPf - ok

08:41:50.0078 34444 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

08:41:50.0125 34444 WudfRd - ok

08:41:50.0125 34444 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll

08:41:50.0187 34444 WudfSvc - ok

08:41:50.0234 34444 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll

08:41:50.0406 34444 WZCSVC - ok

08:41:50.0421 34444 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll

08:41:50.0609 34444 xmlprov - ok

08:41:50.0703 34444 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

08:41:50.0843 34444 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

08:41:50.0843 34444 \Device\Harddisk0\DR0 - detected TDSS File System (1)

08:41:50.0843 34444 Boot (0x1200) (b81ca3b50685d5185f399e3d32e28947) \Device\Harddisk0\DR0\Partition0

08:41:50.0843 34444 \Device\Harddisk0\DR0\Partition0 - ok

08:41:50.0843 34444 ============================================================

08:41:50.0843 34444 Scan finished

08:41:50.0843 34444 ============================================================

08:41:50.0953 34436 Detected object count: 5

08:41:50.0953 34436 Actual detected object count: 5

08:42:27.0375 34436 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user

08:42:27.0375 34436 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:42:27.0375 34436 mbamchameleon ( UnsignedFile.Multi.Generic ) - skipped by user

08:42:27.0375 34436 mbamchameleon ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:42:27.0390 34436 nmraapache ( UnsignedFile.Multi.Generic ) - skipped by user

08:42:27.0390 34436 nmraapache ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:42:27.0390 34436 SCDEmu ( UnsignedFile.Multi.Generic ) - skipped by user

08:42:27.0390 34436 SCDEmu ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:42:27.0390 34436 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

08:42:27.0390 34436 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

08:46:52.0953 31768 Deinitialize success

Link to post
Share on other sites

08:42:27.0390 34436 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

08:42:27.0390 34436 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

Run TDSSKiller again and delete ONLY those two.

Reboot and run a new MBAM scan

Link to post
Share on other sites

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

Database version: v2012.04.05.08

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Robert :: METATRON [administrator]

4/5/2012 11:02:04 AM

mbam-log-2012-04-05 (11-02-04).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 236517

Time elapsed: 19 minute(s), 26 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\WINDOWS\Temp\ddaddd76.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)

Link to post
Share on other sites

I just looked in the quarantine tab and it looks like mbam is still holding those previously found threats and removed threats from the scan on march 30th. Is that normal? It gives the option to delete or restore them. I thought they were removed so shouldn't they be gone? Should I delete them?

Link to post
Share on other sites

Also msse popped up saying it found a trojan during that last mbam scan. I don't know how to post its log (if that would be helpful) other than to type what i'm seeing in its history tab. Several exploits, trojans, and rogue over the last week.

Link to post
Share on other sites

You can delete the ones in quarantine.

Lets give this a go.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  • Double click on ComboFix.exe & follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
    Note: If you have XP SP3, use the XP SP2 package.
    If Vista or Windows 7, skip the Recovery Console part
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

i'm using my old computer to type this because it seems to be stuck. after the combofix started a scan and said it found a rootkit called zeroaccess inserted into the IP something-or-other and then it said it detected rootkit activity and that it needed to reboot. it rebooted and then started another scan and now it seems to be stuck in shutdown mode for quite a while now. the little red light on the front of the machine blinks randomly. should i press the power button to reboot and try again or leave it alone?

Link to post
Share on other sites

CF hangs.

Kill with Taskmanager

If CF still stalls, bring up Task Manager using CTRL+ALT+DELETE. See if any of these processes are running, and End Task on them one at a time and see if it frees up CF:

pev

findstr

sed

grep

nircmd

swsc

* .. or any other process that has the .cfexe extension except for CFxxx.cfexe

Link to post
Share on other sites

ComboFix 12-04-05.06 - Robert 04/05/2012 12:30:06.4.4 - x86

Running from: c:\documents and settings\Robert\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\TEMP

c:\windows\$NtUninstallKB3450$

c:\windows\$NtUninstallKB3450$\1842134898

c:\windows\$NtUninstallKB3450$\658975293\@

c:\windows\$NtUninstallKB3450$\658975293\cfg.ini

c:\windows\$NtUninstallKB3450$\658975293\Desktop.ini

c:\windows\$NtUninstallKB3450$\658975293\L\msvorfos

c:\windows\$NtUninstallKB3450$\658975293\oemid

c:\windows\$NtUninstallKB3450$\658975293\U\00000001.@

c:\windows\$NtUninstallKB3450$\658975293\U\00000002.@

c:\windows\$NtUninstallKB3450$\658975293\U\00000004.@

c:\windows\$NtUninstallKB3450$\658975293\U\80000000.@

c:\windows\$NtUninstallKB3450$\658975293\U\80000004.@

c:\windows\$NtUninstallKB3450$\658975293\U\80000032.@

c:\windows\$NtUninstallKB3450$\658975293\version

c:\windows\system32\drivers\etc\hosts.ics

.

.

((((((((((((((((((((((((( Files Created from 2012-03-05 to 2012-04-05 )))))))))))))))))))))))))))))))

.

.

2012-04-04 20:06 . 2012-03-14 02:15 6582328 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{55BF6812-652C-4DF7-8B9B-0F83CAA28225}\mpengine.dll

2012-03-31 00:20 . 2012-03-31 00:20 664 ----a-w- c:\documents and settings\NetworkService\Local Settings\Application Data\d3d9caps.tmp

2012-03-30 04:49 . 2012-03-30 04:49 24064 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2012-03-30 01:17 . 2012-03-30 01:34 -------- d-----w- c:\documents and settings\All Users\Application Data\B7E85B35000485B2000B56B6D151FC84

2012-03-14 23:56 . 2012-03-14 23:56 -------- d-----w- c:\documents and settings\UpdatusUser

2012-03-14 23:55 . 2012-01-17 12:45 876864 ----a-w- c:\windows\system32\nvhdagenco3220103.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-03-14 02:15 . 2011-08-21 08:57 6582328 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-02-29 23:58 . 2011-08-27 18:02 881984 ----a-w- c:\windows\system32\nvgenco32.dll

2012-02-29 23:58 . 2011-08-27 18:02 1000256 ----a-w- c:\windows\system32\nvdispco32.dll

2012-02-29 23:58 . 2010-04-04 05:55 65536 ----a-w- c:\windows\system32\OpenCL.dll

2012-02-29 23:58 . 2010-04-04 05:55 17534976 ----a-w- c:\windows\system32\nvcompiler.dll

2012-02-29 23:58 . 2009-05-01 05:02 2522944 ----a-w- c:\windows\system32\nvcuvid.dll

2012-02-29 23:58 . 2009-05-01 05:02 2437440 ----a-w- c:\windows\system32\nvcuvenc.dll

2012-02-29 23:58 . 2008-10-16 19:46 5918720 ----a-w- c:\windows\system32\nvcuda.dll

2012-02-29 23:58 . 2008-10-16 19:46 4309760 ----a-w- c:\windows\system32\nv4_disp.dll

2012-02-29 23:58 . 2008-10-16 19:46 2291712 ----a-w- c:\windows\system32\nvapi.dll

2012-02-29 23:58 . 2008-10-16 19:46 18624512 ----a-w- c:\windows\system32\nvoglnt.dll

2012-02-29 23:58 . 2008-10-16 19:46 13417632 ----a-w- c:\windows\system32\drivers\nv4_mini.sys

2012-02-29 20:30 . 2011-01-08 03:56 54272 ----a-w- c:\windows\system32\nvwddi.dll

2012-02-29 20:30 . 2011-01-08 03:56 15494464 ----a-w- c:\windows\system32\nvcpl.dll

2012-02-29 20:30 . 2011-01-08 03:56 143680 ----a-w- c:\windows\system32\nvcolor.exe

2012-02-29 20:30 . 2011-01-08 03:56 164160 ----a-w- c:\windows\system32\nvsvc32.exe

2012-02-29 20:30 . 2011-01-08 03:56 108352 ----a-w- c:\windows\system32\nvmctray.dll

2012-02-26 18:03 . 2011-08-22 02:04 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-02-03 09:22 . 2008-04-14 12:00 1860096 ----a-w- c:\windows\system32\win32k.sys

2012-01-31 12:44 . 2010-12-31 06:17 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-01-17 12:46 . 2011-02-15 00:31 27968 ----a-w- c:\windows\system32\nvhdap32.dll

2012-01-17 12:45 . 2009-05-20 23:56 123712 ----a-w- c:\windows\system32\drivers\nvhda32.sys

2012-01-11 19:06 . 2012-02-15 07:27 3072 ------w- c:\windows\system32\iacenc.dll

2012-01-09 16:20 . 2009-05-20 22:55 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2010-09-01 23:33 . 2010-12-31 23:11 83968 ----a-w- c:\program files\remover.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"RTHDCPL"="RTHDCPL.EXE" [2008-11-17 17676288]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-15 71216]

"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-09 52256]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]

"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-05-16 648504]

"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2008-05-22 451896]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888]

"LoadMSvcmm"="c:\program files\Blockbuster\BLOCKBUSTERMovielink\Movielink User.exe" [2010-01-28 454856]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-20 421736]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]

"Garmin Lifetime Updater"="c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe" [2011-10-03 1409384]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-02-29 15494464]

"NvMediaCenter"="NvMCTray.dll" [2012-02-29 108352]

"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-02-29 1634112]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVWSzItQUxZTUYtU0xLTFUtQVoyVUItNkdPS0ItSkhGTkg&inst=NzctNDgwMzQ0NjAyLUJBKzEtS1YzKzctVDQtRlA5KzYtQkFSOUcrMS1UQjkrMi1GTCs5LUYxME0rNS1YMjAxMCsyLVFJWDErNC1GMTBNMTBEKzE∏=90&ver=10.0.1204" [?]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Program Files\\World of Warcraft\\Launcher.exe"=

"c:\\Program Files\\World of Warcraft\\WoW-3.0.8.9506-to-3.0.9.9551-enUS-downloader.exe"=

"c:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"=

"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe"=

"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe"=

"c:\\Program Files\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe"=

"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=

"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3y.exe"=

"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"=

"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=

"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"=

"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"=

"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords_PitBoss.exe"=

"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords.exe"=

"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=

"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=

"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Army Builder\\ArmyBuilder.exe"=

"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"67:UDP"= 67:UDP:DHCP Discovery Service

"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

"3074:TCP"= 3074:TCP:*:Disabled:xbox live

"3074:UDP"= 3074:UDP:*:Disabled:xbox live

"6112:TCP"= 6112:TCP:Blizzard Downloader: 6112

.

R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [3/14/2012 4:56 PM 2348352]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [5/20/2009 4:56 PM 123712]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 2:16 PM 753504]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 2:16 PM 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/18/2010 8:43 PM 136176]

S2 RasMan32;Remote Access Connection Manager ;c:\windows\system32\mscories32.exe --> c:\windows\system32\mscories32.exe [?]

S3 GRT;GRT;c:\docume~1\Robert\LOCALS~1\Temp\GRT.exe --> c:\docume~1\Robert\LOCALS~1\Temp\GRT.exe [?]

S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [3/29/2012 9:49 PM 24064]

.

Contents of the 'Scheduled Tasks' folder

.

2012-03-29 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 19:34]

.

2012-04-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-19 03:43]

.

2012-04-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-19 03:43]

.

2012-04-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-1614895754-1801674531-1004Core.job

- c:\documents and settings\Robert\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-18 02:57]

.

2012-04-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-1614895754-1801674531-1004UA.job

- c:\documents and settings\Robert\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-18 02:57]

.

2012-04-05 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 22:39]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.local

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.0.1

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-04-05 13:43

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-1454471165-1614895754-1801674531-1004\Software\SecuROM\License information*]

"datasecu"=hex:ee,39,e6,33,9f,d3,4f,13,28,be,73,7f,d9,dd,64,be,8d,e0,f8,c2,54,

4e,ea,d8,56,32,97,6b,e9,3d,40,aa,2d,e2,53,01,79,76,81,af,cf,06,23,b4,d5,a0,\

"rkeysecu"=hex:3f,f5,91,b9,bf,e0,d1,30,e8,f4,28,b5,04,e4,ca,b2

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(3280)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\progra~1\BLOCKB~1\BLOCKB~1\MovielinkCore.exe

c:\windows\system32\nvsvc32.exe

c:\windows\RTHDCPL.EXE

c:\windows\system32\HPZipm12.exe

c:\program files\CyberLink\Shared Files\RichVideo.exe

c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

c:\program files\Windows Media Player\WMPNetwk.exe

c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe

c:\windows\system32\wscntfy.exe

c:\program files\iPod\bin\iPodService.exe

.

**************************************************************************

.

Completion time: 2012-04-05 13:49:10 - machine was rebooted

ComboFix-quarantined-files.txt 2012-04-05 20:48

ComboFix2.txt 2011-08-29 01:33

.

Pre-Run: 233,924,743,168 bytes free

Post-Run: 237,249,105,920 bytes free

.

- - End Of File - - 50742680D1DA13366ECE50BF8DEBD321

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.