Author Topic: [Resolved] Trojan.Wimpixo and RootKit.0Access.H (Read 2261 times)

chris222 · « **on:** March 08, 2012, 08:04:31 AM »

I have a machine that seems to have been infected for quite a while. I have run various scans (Malwarebytes, ESET Online Scanner) and removed infected objects that have been found, but problems seem to persist. The machine seems to run just a little slower, but will bog down completely and require restart if left alone for awhile. Crashing has become frequent. Any help would be appreciated.

Ran Malwarebytes scan prior to posting and removed infected objects. Logs posted below.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
Run by Dusty at 8:51:39 on 2012-03-08
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2603 [GMT -5:00]
.
AV: ESET Smart Security 4.0 *Enabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\PROGRA~1\ESRI\License\arcgis9x\lmgrd.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\PROGRA~1\ESRI\License\arcgis9x\lmgrd.exe
C:\PROGRA~1\ESRI\License\arcgis9x\ARCGIS.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\system32\lxctcoms.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Lexmark 5400 Series\lxctmon.exe
C:\Program Files\Lexmark 5400 Series\ezprint.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Documents and Settings\Dusty\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
\\.\globalroot\SystemRoot\system32\svchost.exe -k netsvcs
C:\Documents and Settings\Dusty\Local Settings\Application Data\Akamai\netsession_win.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6081115
uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us-smb
uDefault_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6081115
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us-smb
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = 127.0.0.1:9421
mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us-smb
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\dusty\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [AdobeBridge]
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [Akamai NetSession Interface] "c:\documents and settings\dusty\local settings\application data\akamai\netsession_win.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [8169Diag] c:\program files\realtek\diagnostics utility\8169Diag.exe /hw
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [LXCTCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCTtime.dll,_RunDLLEntry@16
mRun: [lxctmon.exe] "c:\program files\lexmark 5400 series\lxctmon.exe"
mRun: [Lexmark 5400 Series Fax Server] "c:\program files\lexmark 5400 series\fm3032.exe" /s
mRun: [EzPrint] "c:\program files\lexmark 5400 series\ezprint.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [Adobe_ID0ENQBO] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll
LSP: mswsock.dll
Trusted Zone: doi.gov\www.itims
Trusted Zone: landfx.com\www
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1230558863265
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFECAFE-0013-0001-0022-ABCDEFABCDEF}
DPF: {CAFECAFE-0013-0001-0028-ABCDEFABCDEF} - hxxps://www.itims.doi.gov/forms/jinitiator/jinit.exe
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
TCP: DhcpNameServer = 24.247.15.53 24.247.24.53
TCP: Interfaces\{B62C96DC-C2A4-40C1-9BD4-638C512B8D61} : DhcpNameServer = 24.247.15.53 24.247.24.53
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\intuit\quickbooks 2010\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Notify: LMIinit - LMIinit.dll
Notify: USB3Nw32 - USB3Nw32.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\dusty\application data\mozilla\firefox\profiles\2i6uhzun.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\dusty\local settings\application data\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPJinit13122.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPJinit13128.dll
.
============= SERVICES / DRIVERS ===============
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-9-11 108792]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-9-10 611664]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-4-25 14336]
R2 ArcGIS License Manager;ArcGIS License Manager;c:\progra~1\esri\license\arcgis9x\lmgrd.exe [2008-11-24 1372160]
R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2009-9-11 735960]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-11-9 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-8-11 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-3-12 47640]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-3-7 652360]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-3-7 20464]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-2-4 136176]
S2 LANPkt;Realtek LANPkt Protocol Driver;c:\windows\system32\drivers\LANPkt.sys [2008-11-15 8960]
S2 NecUsb;USB Service;c:\windows\system32\svchost.exe -k NecUsbSevice [2008-4-25 14336]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 284016]
S3 Diag69xp;Diag69xp;c:\windows\system32\drivers\diag69xp.sys [2008-11-15 11264]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-2-4 136176]
S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [2008-11-15 16640]
S4 LMIRfsClientNP;LMIRfsClientNP;

.
=============== File Associations ===============
.
.scr=AutoCADScriptFile
.
=============== Created Last 30 ================
.
2012-03-07 19:58:21   20464   ----a-w-   c:\windows\system32\drivers\mbam.sys
2012-03-07 18:40:51   414368   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-15 17:24:36   --------   d-----w-   c:\documents and settings\dusty\local settings\application data\Citrix
2012-02-15 17:24:35   110456   ----a-w-   c:\documents and settings\dusty\g2ax_customer_downloadhelper_win32_x86.exe
.
==================== Find3M ====================
.
2012-03-08 13:47:54   0   --sha-w-   c:\windows\system32\dds_trash_log.cmd
.
============= FINISH: 8:52:09.29 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 11/22/2008 12:26:42 PM
System Uptime: 3/8/2012 8:47:25 AM (0 hours ago)
.
Motherboard: Dell Inc. | | 0J584C
Processor: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz | Socket 775 | 2992/333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 298 GiB total, 226.3 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is FIXED (FAT32) - 233 GiB total, 103.88 GiB free.
G: is Removable
H: is Removable
I: is Removable
J: is Removable
M: is NetworkDisk (NTFS) - 1863 GiB total, 886.493 GiB free.
V: is NetworkDisk (NTFS) - 466 GiB total, 374.36 GiB free.
Y: is NetworkDisk (NTFS) - 1863 GiB total, 886.493 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP971: 12/2/2011 11:14:18 AM - System Checkpoint
RP972: 12/3/2011 11:38:16 AM - System Checkpoint
RP973: 12/4/2011 12:02:16 PM - System Checkpoint
RP974: 12/5/2011 12:03:21 PM - System Checkpoint
RP975: 12/6/2011 12:23:08 PM - System Checkpoint
RP976: 12/7/2011 1:33:36 PM - System Checkpoint
RP977: 12/8/2011 1:38:08 PM - System Checkpoint
RP978: 12/9/2011 4:36:43 PM - System Checkpoint
RP979: 12/10/2011 5:38:08 PM - System Checkpoint
RP980: 12/11/2011 6:02:08 PM - System Checkpoint
RP981: 12/12/2011 7:02:10 PM - System Checkpoint
RP982: 12/13/2011 7:38:09 PM - System Checkpoint
RP983: 12/14/2011 8:27:54 PM - System Checkpoint
RP984: 12/15/2011 9:37:54 PM - System Checkpoint
RP985: 12/16/2011 10:13:52 PM - System Checkpoint
RP986: 12/17/2011 11:01:51 PM - System Checkpoint
RP987: 12/18/2011 11:13:51 PM - System Checkpoint
RP988: 12/20/2011 12:13:51 AM - System Checkpoint
RP989: 12/21/2011 12:49:51 AM - System Checkpoint
RP990: 12/22/2011 1:25:51 AM - System Checkpoint
RP991: 12/23/2011 1:49:36 AM - System Checkpoint
RP992: 12/24/2011 2:01:36 AM - System Checkpoint
RP993: 12/25/2011 3:13:35 AM - System Checkpoint
RP994: 12/26/2011 3:25:35 AM - System Checkpoint
RP995: 12/27/2011 4:49:36 AM - System Checkpoint
RP996: 12/28/2011 5:01:36 AM - System Checkpoint
RP997: 12/29/2011 5:26:20 AM - System Checkpoint
RP998: 12/30/2011 6:01:32 AM - System Checkpoint
RP999: 12/31/2011 6:37:33 AM - System Checkpoint
RP1000: 1/1/2012 7:01:32 AM - System Checkpoint
RP1001: 1/2/2012 7:37:32 AM - System Checkpoint
RP1002: 1/3/2012 8:01:32 AM - System Checkpoint
RP1003: 1/4/2012 12:23:58 PM - System Checkpoint
RP1004: 1/5/2012 8:24:45 AM - Printer Driver Amyuni Document Converter 400 Installed
RP1005: 1/6/2012 9:46:04 AM - System Checkpoint
RP1006: 1/7/2012 9:54:21 AM - System Checkpoint
RP1007: 1/8/2012 11:06:21 AM - System Checkpoint
RP1008: 1/9/2012 3:15:26 PM - System Checkpoint
RP1009: 1/10/2012 6:20:41 PM - System Checkpoint
RP1010: 1/11/2012 6:53:24 PM - System Checkpoint
RP1011: 1/12/2012 7:27:07 PM - System Checkpoint
RP1012: 1/15/2012 3:22:22 PM - System Checkpoint
RP1013: 1/16/2012 7:17:14 PM - System Checkpoint
RP1014: 1/17/2012 8:43:30 PM - System Checkpoint
RP1015: 1/18/2012 9:13:34 PM - System Checkpoint
RP1016: 1/19/2012 9:27:14 PM - System Checkpoint
RP1017: 1/20/2012 9:52:02 PM - System Checkpoint
RP1018: 1/21/2012 10:14:09 PM - System Checkpoint
RP1019: 1/22/2012 10:28:24 PM - System Checkpoint
RP1020: 1/23/2012 10:31:41 PM - System Checkpoint
RP1021: 1/24/2012 10:40:25 PM - System Checkpoint
RP1022: 1/26/2012 12:46:21 PM - System Checkpoint
RP1023: 1/27/2012 7:05:52 PM - System Checkpoint
RP1024: 1/28/2012 7:20:30 PM - System Checkpoint
RP1025: 1/29/2012 7:59:53 PM - System Checkpoint
RP1026: 1/30/2012 8:01:16 PM - System Checkpoint
RP1027: 2/1/2012 2:37:52 PM - System Checkpoint
RP1028: 2/3/2012 1:50:25 PM - System Checkpoint
RP1029: 2/9/2012 3:16:23 PM - System Checkpoint
RP1030: 2/10/2012 3:56:19 PM - System Checkpoint
RP1031: 2/20/2012 1:39:07 PM - System Checkpoint
RP1032: 2/21/2012 2:42:14 PM - System Checkpoint
RP1033: 2/28/2012 12:01:28 PM - System Checkpoint
RP1034: 2/29/2012 4:58:42 PM - System Checkpoint
RP1035: 3/5/2012 12:56:17 PM - System Checkpoint
RP1036: 3/7/2012 8:10:24 AM - Removed Microsoft Silverlight
RP1037: 3/7/2012 9:27:17 AM - Removed HP Printer Utility
RP1038: 3/7/2012 1:36:20 PM - Removed Adobe Bridge 1.0
RP1039: 3/7/2012 3:59:00 PM - Removed Sentinel Protection Installer 7.2.2
.
==== Installed Programs ======================
.
ABBYY FineReader 6.0 Sprint
Acrobat.com
Ad-Aware
Adobe Acrobat 9 Pro - English, Français, Deutsch
Adobe Acrobat 9.2.0 - CPSID_50026
Adobe AIR
Adobe Anchor Service CS4
Adobe Asset Services CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Recommended Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Extra Settings CS4
Adobe Color Video Profiles CS CS4
Adobe Common File Installer
Adobe Community Help
Adobe Creative Suite 4 Design Premium
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Dreamweaver CS4
Adobe Drive CS4
Adobe Dynamiclink Support
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Fireworks CS4
Adobe Flash CS4 Extension - Flash Lite STI en
Adobe Flash CS4 STI-en
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Fonts All
Adobe Help Center 1.0
Adobe InDesign CS2
Adobe InDesign CS4 Application Feature Set Files (Roman)
Adobe InDesign CS4 Common Base Files
Adobe InDesign CS4 Icon Handler
Adobe Linguistics CS4
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Importer
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop 5.5
Adobe Photoshop CS4 Support
Adobe Reader 9.3.2
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe SGM CS4
Adobe SING CS4
Adobe Stock Photos 1.0
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe Version Cue CS4 Server
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Akamai NetSession Interface
Akamai NetSession Interface Service
ArcGIS Desktop
ArcGIS License Manager
AutoCAD 2010 - English
AutoCAD 2010 Language Pack - English
BillQuick 2008
Browser Address Error Redirector
Bullzip PDF Printer 7.1.0.1195
CCleaner
Compatibility Pack for the 2007 Office system
Connect
CRCU 2011 SSL Certificate
Dell Driver Reset Tool
Dell Support Center (Support Software)
Diagnostics Utility
DWGdirectX 3.2
ESET Online Scanner v3
ESET Smart Security
Google Chrome
Google Earth Plug-in
Google SketchUp 6
Google SketchUp 6 Exporters
Google SketchUp 7
Google SketchUp LayOut 6
Google SketchUp Pro 6
Google Update Helper
GoToMeeting 4.0.0.320
GPL Ghostscript Lite 8.70
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB953955)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
HP Designjet T1100 Printer Series
HP ICC Profiles
HP Proactive Services
HP Web Registration
Java Auto Updater
Java(TM) 6 Update 21
Java(TM) 6 Update 7
kuler
LAN-Fax Utilities
Land F/X
Lexmark 5400 Series
Lexmark Toolbar
LogMeIn
Malwarebytes Anti-Malware version 1.60.1.1000
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft ActiveSync
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Standard
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mozilla Firefox 9.0.1 (x86 en-US)
MSN Toolbar
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB927977)
MySQL Connector/ODBC 5.1
NVIDIA Drivers
OpenDCL Runtime
Oracle JInitiator 1.3.1.22
Oracle JInitiator 1.3.1.28
OverDrive Media Console
PDF Settings CS4
Pdf995
Photoshop Camera Raw
Pixel Bender Toolkit
PowerDVD
Python 2.5 numpy-1.0.3
Python 2.5.1
QBFC 5.0
QuickBooks
QuickBooks Premier: Accountant Edition 2010
Rain Bird ET Manager Scheduler 1.18
Realtek High Definition Audio Driver
Roxio Activation Module
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler 3
Roxio Update Manager
SearchAssist
Security Update for CAPICOM (KB931906)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
SketchUp DWG Importer
Sonic CinePlayer Decoder Pack
Spelling Dictionaries Support For Adobe Reader 9
Spotify
STREETSCAPE IMAGING v2.0
Suite Shared Configuration CS4
TatukGIS Viewer 2.3.1.3889
Type3245 TWAIN Driver Ver.3
Unilock Paver Hatch Patterns v9.0.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows XP (KB898461)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951618-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB978207)
VBA (2627.01)
Visual Basic for Applications (R) Core
Visual Basic for Applications (R) Core - English
Visual Lighting Software
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 8
Windows Presentation Foundation
WinRAR archiver
WModem Driver Installer
WorkgroupShare Client
XML Paper Specification Shared Components Pack 1.0
.
==== Event Viewer Messages From Past Week ========
.
3/8/2012 8:50:02 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: iaStor
3/8/2012 8:50:02 AM, error: Service Control Manager [7023] - The USB Service service terminated with the following error: The specified module could not be found.
3/8/2012 8:50:02 AM, error: Service Control Manager [7023] - The Pca service terminated with the following error: The specified module could not be found.
3/8/2012 8:50:02 AM, error: Service Control Manager [7023] - The Network Security service terminated with the following error: The specified module could not be found.
3/8/2012 8:12:16 AM, error: System Error [1003] - Error code 10000050, parameter1 b4902a68, parameter2 00000000, parameter3 b69b8616, parameter4 00000000.
3/7/2012 8:04:32 AM, error: Dhcp [1002] - The IP address lease 192.168.0.11 for the Network Card with network address 00219B014190 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
3/7/2012 1:14:05 PM, error: System Error [1003] - Error code 10000050, parameter1 b4563aa4, parameter2 00000000, parameter3 b639f616, parameter4 00000000.
3/6/2012 4:45:45 PM, error: System Error [1003] - Error code 10000050, parameter1 b55e8aa4, parameter2 00000000, parameter3 b6787616, parameter4 00000000.
3/6/2012 4:44:17 PM, error: Service Control Manager [7023] - The SPService service terminated with the following error: The specified module could not be found.
3/6/2012 4:44:17 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
3/5/2012 9:50:24 AM, error: DCOM [10009] - DCOM was unable to communicate with the computer PREMIO-3 using any of the configured protocols.
3/5/2012 9:50:24 AM, error: DCOM [10009] - DCOM was unable to communicate with the computer MANITOU-3 using any of the configured protocols.
3/5/2012 9:50:15 AM, error: DCOM [10009] - DCOM was unable to communicate with the computer TERRA using any of the configured protocols.
3/5/2012 9:50:10 AM, error: DCOM [10009] - DCOM was unable to communicate with the computer CAM-DELL1 using any of the configured protocols.
3/5/2012 9:50:01 AM, error: System Error [1003] - Error code 10000050, parameter1 b4e0aaa4, parameter2 00000000, parameter3 b574d616, parameter4 00000000.
3/5/2012 8:39:32 AM, error: System Error [1003] - Error code 10000050, parameter1 b494daac, parameter2 00000000, parameter3 b5d86616, parameter4 00000000.
3/2/2012 2:36:13 PM, error: System Error [1003] - Error code 10000050, parameter1 b36f0aa4, parameter2 00000000, parameter3 b5748616, parameter4 00000000.
.
==== End Of File ===========================

1972vet · « **Reply #1 on:** March 08, 2012, 08:22:13 AM »

You have Ad-aware installed alongside ESET which explains the system crashes perfectly. I'd uninstall Ad-aware and keep ESET which is superior by far...I use it personally and highly recommend it.

You need also to uninstall these out dated and exploited java installations:
Java(TM) 6 Update 21
Java(TM) 6 Update 7
...and install the latest version Here.

If you installed GoToMeeting and LogMeIn it's fine that you use them but if you didn't install them, or don't use them either way, you should uninstall them. Both allow remote access to your system as they are of course, designed for that very purpose. However, if one isn't careful to choose Strong Passwords, then some kid with time to play might successfully hack into your system.

You can also uninstall "SearchAssist" to see more performance results. Once you've completed all of the above, please do the following:

Please read carefully and follow these steps.

Download TDSSKiller and save it to your Desktop.
Double-click on TDSSKiller.exe to run the application. Click the "Change parameters". Under Additional options, check the box next to both options, "Verify Driver Digital Signature" and "Detect TDLFS file system" and click the OK button.
Click the Start scan button.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
You may be prompted to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file back here on your next reply.
...otherwise, if a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". If this was the case, then we need to see that log.

chris222 · « **Reply #2 on:** March 08, 2012, 09:00:27 AM »

Thanks for the quick reply. I uninstalled the programs suggested and ran TDSSKiller. One file was removed and three suspicious files were found. Log is below.

09:51:30.0328 2424   TDSS rootkit removing tool 2.7.19.0 Mar 5 2012 11:23:39
09:51:30.0656 2424   ============================================================
09:51:30.0656 2424   Current date / time: 2012/03/08 09:51:30.0656
09:51:30.0656 2424   SystemInfo:
09:51:30.0656 2424
09:51:30.0656 2424   OS Version: 5.1.2600 ServicePack: 3.0
09:51:30.0656 2424   Product type: Workstation
09:51:30.0656 2424   ComputerName: VISTRO410
09:51:30.0656 2424   UserName: Dusty
09:51:30.0656 2424   Windows directory: C:\WINDOWS
09:51:30.0656 2424   System windows directory: C:\WINDOWS
09:51:30.0656 2424   Processor architecture: Intel x86
09:51:30.0656 2424   Number of processors: 2
09:51:30.0656 2424   Page size: 0x1000
09:51:30.0656 2424   Boot type: Normal boot
09:51:30.0656 2424   ============================================================
09:51:32.0000 2424   Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
09:51:32.0000 2424   Drive \Device\Harddisk1\DR3 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
09:51:32.0046 2424   \Device\Harddisk0\DR0:
09:51:32.0046 2424   MBR used
09:51:32.0046 2424   \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1F608, BlocksNum 0x2540E0B9
09:51:32.0046 2424   \Device\Harddisk1\DR3:
09:51:32.0046 2424   MBR used
09:51:32.0046 2424   \Device\Harddisk1\DR3\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x1D1C4542
09:51:32.0093 2424   Initialize success
09:51:32.0093 2424   ============================================================
09:51:56.0578 0984   ============================================================
09:51:56.0578 0984   Scan started
09:51:56.0578 0984   Mode: Manual; SigCheck; TDLFS;
09:51:56.0578 0984   ============================================================
09:51:56.0968 0984   Abiosdsk - ok
09:51:57.0015 0984   abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
09:51:57.0156 0984   abp480n5 - ok
09:51:57.0187 0984   ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
09:51:57.0234 0984   ACPI - ok
09:51:57.0265 0984   ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
09:51:57.0328 0984   ACPIEC - ok
09:51:57.0390 0984   adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\WINDOWS\system32\drivers\adfs.sys
09:51:57.0406 0984   adfs - ok
09:51:57.0437 0984   adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
09:51:57.0515 0984   adpu160m - ok
09:51:57.0578 0984   aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
09:51:57.0625 0984   aec - ok
09:51:57.0687 0984   AFD (94b69d78e9aa2b98053faaf82a8a3f9e) C:\WINDOWS\System32\drivers\afd.sys
09:51:57.0687 0984   Suspicious file (Forged): C:\WINDOWS\System32\drivers\afd.sys. Real md5: 94b69d78e9aa2b98053faaf82a8a3f9e, Fake md5: 7e775010ef291da96ad17ca4b17137d7
09:51:57.0687 0984   AFD ( Virus.Win32.ZAccess.k ) - infected
09:51:57.0687 0984   AFD - detected Virus.Win32.ZAccess.k (0)
09:51:57.0703 0984   agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
09:51:57.0765 0984   agp440 - ok
09:51:57.0781 0984   agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
09:51:57.0843 0984   agpCPQ - ok
09:51:57.0843 0984   Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
09:51:57.0875 0984   Aha154x - ok
09:51:57.0875 0984   aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
09:51:57.0937 0984   aic78u2 - ok
09:51:57.0937 0984   aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
09:51:58.0000 0984   aic78xx - ok
09:51:58.0000 0984   AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
09:51:58.0046 0984   AliIde - ok
09:51:58.0078 0984   alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
09:51:58.0125 0984   alim1541 - ok
09:51:58.0156 0984   amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
09:51:58.0203 0984   amdagp - ok
09:51:58.0218 0984   amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
09:51:58.0234 0984   amsint - ok
09:51:58.0250 0984   asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
09:51:58.0296 0984   asc - ok
09:51:58.0296 0984   asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
09:51:58.0343 0984   asc3350p - ok
09:51:58.0343 0984   asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
09:51:58.0406 0984   asc3550 - ok
09:51:58.0406 0984   AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:51:58.0468 0984   AsyncMac - ok
09:51:58.0500 0984   atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
09:51:58.0546 0984   atapi - ok
09:51:58.0546 0984   Atdisk - ok
09:51:58.0562 0984   Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
09:51:58.0609 0984   Atmarpc - ok
09:51:58.0640 0984   audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
09:51:58.0703 0984   audstub - ok
09:51:58.0718 0984   Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
09:51:58.0781 0984   Beep - ok
09:51:58.0796 0984   cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
09:51:58.0859 0984   cbidf - ok
09:51:58.0859 0984   cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
09:51:58.0921 0984   cbidf2k - ok
09:51:58.0921 0984   cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
09:51:58.0953 0984   cd20xrnt - ok
09:51:58.0953 0984   Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
09:51:59.0000 0984   Cdaudio - ok
09:51:59.0015 0984   Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
09:51:59.0062 0984   Cdfs - ok
09:51:59.0093 0984   Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
09:51:59.0156 0984   Cdrom - ok
09:51:59.0156 0984   Changer - ok
09:51:59.0171 0984   CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
09:51:59.0234 0984   CmdIde - ok
09:51:59.0250 0984   Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
09:51:59.0296 0984   Cpqarray - ok
09:51:59.0312 0984   dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
09:51:59.0375 0984   dac2w2k - ok
09:51:59.0375 0984   dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
09:51:59.0437 0984   dac960nt - ok
09:51:59.0468 0984   Diag69xp (a22d5a027f397e412cbb2d97e8661bff) C:\WINDOWS\system32\Drivers\Diag69xp.sys
09:51:59.0468 0984   Diag69xp ( UnsignedFile.Multi.Generic ) - warning
09:51:59.0468 0984   Diag69xp - detected UnsignedFile.Multi.Generic (1)
09:51:59.0468 0984   Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
09:51:59.0531 0984   Disk - ok
09:51:59.0546 0984   DLABMFSM (a0500678a33802d8954153839301d539) C:\WINDOWS\system32\Drivers\DLABMFSM.SYS
09:51:59.0562 0984   DLABMFSM - ok
09:51:59.0562 0984   DLABOIOM (b8d2f68cac54d46281399f9092644794) C:\WINDOWS\system32\Drivers\DLABOIOM.SYS
09:51:59.0578 0984   DLABOIOM - ok
09:51:59.0578 0984   DLACDBHM (0ee93ab799d1cb4ec90b36f3612fe907) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
09:51:59.0578 0984   DLACDBHM - ok
09:51:59.0609 0984   DLADResM (87413b94ae1fabc117c4e8ae6725134e) C:\WINDOWS\system32\Drivers\DLADResM.SYS
09:51:59.0609 0984   DLADResM - ok
09:51:59.0625 0984   DLAIFS_M (766a148235be1c0039c974446e4c0edc) C:\WINDOWS\system32\Drivers\DLAIFS_M.SYS
09:51:59.0625 0984   DLAIFS_M - ok
09:51:59.0625 0984   DLAOPIOM (38267cca177354f1c64450a43a4f7627) C:\WINDOWS\system32\Drivers\DLAOPIOM.SYS
09:51:59.0640 0984   DLAOPIOM - ok
09:51:59.0640 0984   DLAPoolM (fd363369fd313b46b5aeab1a688b52e9) C:\WINDOWS\system32\Drivers\DLAPoolM.SYS
09:51:59.0640 0984   DLAPoolM - ok
09:51:59.0640 0984   DLARTL_M (336ae18f0912ef4fbe5518849e004d74) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
09:51:59.0656 0984   DLARTL_M - ok
09:51:59.0656 0984   DLAUDFAM (fd85f682c1cc2a7ca878c7a448e6d87e) C:\WINDOWS\system32\Drivers\DLAUDFAM.SYS
09:51:59.0656 0984   DLAUDFAM - ok
09:51:59.0671 0984   DLAUDF_M (af389ce587b6bf5bbdcd6f6abe5eabc0) C:\WINDOWS\system32\Drivers\DLAUDF_M.SYS
09:51:59.0671 0984   DLAUDF_M - ok
09:51:59.0703 0984   dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
09:51:59.0781 0984   dmboot - ok
09:51:59.0796 0984   dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
09:51:59.0843 0984   dmio - ok
09:51:59.0859 0984   dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
09:51:59.0906 0984   dmload - ok
09:51:59.0968 0984   DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
09:52:00.0031 0984   DMusic - ok
09:52:00.0031 0984   dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
09:52:00.0093 0984   dpti2o - ok
09:52:00.0140 0984   drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
09:52:00.0203 0984   drmkaud - ok
09:52:00.0203 0984   DRVMCDB (5d3b71bb2bb0009d65d290e2ef374bd3) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
09:52:00.0218 0984   DRVMCDB - ok
09:52:00.0218 0984   DRVNDDM (c591ba9f96f40a1fd6494dafdcd17185) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
09:52:00.0218 0984   DRVNDDM - ok
09:52:00.0250 0984   eamon (30372bcc67d63bee538cdfeca755d81c) C:\WINDOWS\system32\DRIVERS\eamon.sys
09:52:00.0250 0984   eamon - ok
09:52:00.0296 0984   ehdrv (6504d6afb75fef830dd99e8c4235d54d) C:\WINDOWS\system32\DRIVERS\ehdrv.sys
09:52:00.0296 0984   ehdrv - ok
09:52:00.0312 0984   epfw (86895d4413316becc2d7944d2749586c) C:\WINDOWS\system32\DRIVERS\epfw.sys
09:52:00.0312 0984   epfw - ok
09:52:00.0328 0984   Epfwndis (3b47010b2425b69826004767e59045ba) C:\WINDOWS\system32\DRIVERS\Epfwndis.sys
09:52:00.0328 0984   Epfwndis - ok
09:52:00.0343 0984   epfwtdi (6d69809e98df95980060d4699eb6d633) C:\WINDOWS\system32\DRIVERS\epfwtdi.sys
09:52:00.0343 0984   epfwtdi - ok
09:52:00.0343 0984   Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
09:52:00.0406 0984   Fastfat - ok
09:52:00.0421 0984   Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
09:52:00.0484 0984   Fdc - ok
09:52:00.0500 0984   Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
09:52:00.0562 0984   Fips - ok
09:52:00.0578 0984   Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
09:52:00.0640 0984   Flpydisk - ok
09:52:00.0640 0984   FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
09:52:00.0703 0984   FltMgr - ok
09:52:00.0703 0984   Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
09:52:00.0765 0984   Fs_Rec - ok
09:52:00.0765 0984   Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
09:52:00.0828 0984   Ftdisk - ok
09:52:00.0828 0984   Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
09:52:00.0890 0984   Gpc - ok
09:52:00.0906 0984   HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
09:52:00.0953 0984   HDAudBus - ok
09:52:00.0968 0984   hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
09:52:01.0031 0984   hidusb - ok
09:52:01.0046 0984   hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
09:52:01.0093 0984   hpn - ok
09:52:01.0140 0984   HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
09:52:01.0171 0984   HTTP - ok
09:52:01.0187 0984   i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
09:52:01.0234 0984   i2omgmt - ok
09:52:01.0250 0984   i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
09:52:01.0296 0984   i2omp - ok
09:52:01.0312 0984   iaStor (e5a0034847537eaee3c00349d5c34c5f) C:\WINDOWS\system32\drivers\iaStor.sys
09:52:01.0328 0984   iaStor - ok
09:52:01.0328 0984   Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
09:52:01.0375 0984   Imapi - ok
09:52:01.0390 0984   ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
09:52:01.0468 0984   ini910u - ok
09:52:01.0593 0984   IntcAzAudAddService (811b31e0e0ac7be484efbffc42afcbbe) C:\WINDOWS\system32\drivers\RtkHDAud.sys
09:52:01.0750 0984   IntcAzAudAddService - ok
09:52:01.0781 0984   IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
09:52:01.0843 0984   IntelIde - ok
09:52:01.0859 0984   intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
09:52:01.0921 0984   intelppm - ok
09:52:01.0937 0984   Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
09:52:02.0000 0984   Ip6Fw - ok
09:52:02.0015 0984   IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
09:52:02.0078 0984   IpFilterDriver - ok
09:52:02.0078 0984   IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
09:52:02.0140 0984   IpInIp - ok
09:52:02.0156 0984   IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
09:52:02.0218 0984   IpNat - ok
09:52:02.0218 0984   IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
09:52:02.0281 0984   IPSec - ok
09:52:02.0312 0984   IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
09:52:02.0343 0984   IRENUM - ok
09:52:02.0375 0984   isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
09:52:02.0421 0984   isapnp - ok
09:52:02.0437 0984   Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
09:52:02.0500 0984   Kbdclass - ok
09:52:02.0500 0984   kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
09:52:02.0562 0984   kbdhid - ok
09:52:02.0609 0984   kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
09:52:02.0671 0984   kmixer - ok
09:52:02.0703 0984   KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
09:52:02.0718 0984   KSecDD - ok
09:52:02.0765 0984   LANPkt (8f5795b166cbb50966e29982f8cdb310) C:\WINDOWS\system32\DRIVERS\LANPkt.sys
09:52:02.0765 0984   LANPkt ( UnsignedFile.Multi.Generic ) - warning
09:52:02.0765 0984   LANPkt - detected UnsignedFile.Multi.Generic (1)
09:52:02.0765 0984   lbrtfdc - ok
09:52:02.0765 0984   lmimirr - ok
09:52:02.0812 0984   MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
09:52:02.0812 0984   MBAMProtector - ok
09:52:02.0828 0984   mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
09:52:02.0875 0984   mnmdd - ok
09:52:02.0906 0984   Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
09:52:02.0968 0984   Modem - ok
09:52:02.0968 0984   Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
09:52:03.0031 0984   Mouclass - ok
09:52:03.0062 0984   mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
09:52:03.0125 0984   mouhid - ok
09:52:03.0156 0984   MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
09:52:03.0203 0984   MountMgr - ok
09:52:03.0265 0984   mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
09:52:03.0328 0984   mraid35x - ok
09:52:03.0343 0984   MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
09:52:03.0406 0984   MRxDAV - ok
09:52:03.0468 0984   MRxSmb (421f7b922cec5a5f340e7574a98f7b7c) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
09:52:03.0500 0984   MRxSmb - ok
09:52:03.0515 0984   Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
09:52:03.0562 0984   Msfs - ok
09:52:03.0593 0984   MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
09:52:03.0640 0984   MSKSSRV - ok
09:52:03.0656 0984   MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:52:03.0703 0984   MSPCLOCK - ok
09:52:03.0718 0984   MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
09:52:03.0781 0984   MSPQM - ok
09:52:03.0796 0984   mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
09:52:03.0843 0984   mssmbios - ok
09:52:03.0843 0984   Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
09:52:03.0906 0984   Mup - ok
09:52:03.0906 0984   NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
09:52:03.0968 0984   NDIS - ok
09:52:03.0984 0984   NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:52:04.0031 0984   NdisTapi - ok
09:52:04.0078 0984   Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:52:04.0125 0984   Ndisuio - ok
09:52:04.0140 0984   NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:52:04.0203 0984   NdisWan - ok
09:52:04.0234 0984   NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
09:52:04.0296 0984   NDProxy - ok
09:52:04.0312 0984   NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
09:52:04.0359 0984   NetBIOS - ok
09:52:04.0390 0984   NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
09:52:04.0453 0984   NetBT - ok
09:52:04.0468 0984   Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
09:52:04.0531 0984   Npfs - ok
09:52:04.0578 0984   Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
09:52:04.0640 0984   Ntfs - ok
09:52:04.0640 0984   Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
09:52:04.0703 0984   Null - ok
09:52:04.0859 0984   nv (44067bf7d3e291cc38d9cf9aea1bd99d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
09:52:05.0078 0984   nv - ok
09:52:05.0140 0984   NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
09:52:05.0203 0984   NwlnkFlt - ok
09:52:05.0234 0984   NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
09:52:05.0296 0984   NwlnkFwd - ok
09:52:05.0312 0984   Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
09:52:05.0390 0984   Parport - ok
09:52:05.0406 0984   PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
09:52:05.0453 0984   PartMgr - ok
09:52:05.0484 0984   ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
09:52:05.0531 0984   ParVdm - ok
09:52:05.0546 0984   PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
09:52:05.0625 0984   PCI - ok
09:52:05.0625 0984   PCIDump - ok
09:52:05.0625 0984   PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
09:52:05.0687 0984   PCIIde - ok
09:52:05.0687 0984   Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
09:52:05.0750 0984   Pcmcia - ok
09:52:05.0750 0984   PDCOMP - ok
09:52:05.0765 0984   PDFRAME - ok
09:52:05.0765 0984   PDRELI - ok
09:52:05.0765 0984   PDRFRAME - ok
09:52:05.0796 0984   perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
09:52:05.0843 0984   perc2 - ok
09:52:05.0859 0984   perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
09:52:05.0906 0984   perc2hib - ok
09:52:05.0937 0984   PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
09:52:05.0984 0984   PptpMiniport - ok
09:52:06.0000 0984   PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
09:52:06.0046 0984   PSched - ok
09:52:06.0046 0984   Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
09:52:06.0125 0984   Ptilink - ok
09:52:06.0140 0984   PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
09:52:06.0140 0984   PxHelp20 - ok
09:52:06.0156 0984   ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
09:52:06.0203 0984   ql1080 - ok
09:52:06.0218 0984   Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
09:52:06.0265 0984   Ql10wnt - ok
09:52:06.0296 0984   ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
09:52:06.0343 0984   ql12160 - ok
09:52:06.0359 0984   ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
09:52:06.0421 0984   ql1240 - ok
09:52:06.0453 0984   ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
09:52:06.0500 0984   ql1280 - ok
09:52:06.0515 0984   RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
09:52:06.0562 0984   RasAcd - ok
09:52:06.0578 0984   Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
09:52:06.0640 0984   Rasl2tp - ok
09:52:06.0640 0984   RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
09:52:06.0687 0984   RasPppoe - ok
09:52:06.0703 0984   Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
09:52:06.0750 0984   Raspti - ok
09:52:06.0765 0984   Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
09:52:06.0812 0984   Rdbss - ok
09:52:06.0828 0984   RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
09:52:06.0875 0984   RDPCDD - ok
09:52:06.0875 0984   rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
09:52:06.0937 0984   rdpdr - ok
09:52:06.0953 0984   RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
09:52:07.0000 0984   RDPWD - ok
09:52:07.0015 0984   redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
09:52:07.0078 0984   redbook - ok
09:52:07.0109 0984   RTLE8023xp (89619ef503f949fae09252a8b883ee11) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
09:52:07.0125 0984   RTLE8023xp - ok
09:52:07.0171 0984   RTLVLAN (b9ca69921379ea2931c4450fe975bce7) C:\WINDOWS\system32\DRIVERS\RTLVLAN.SYS
09:52:07.0171 0984   RTLVLAN ( UnsignedFile.Multi.Generic ) - warning
09:52:07.0171 0984   RTLVLAN - detected UnsignedFile.Multi.Generic (1)
09:52:07.0187 0984   Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
09:52:07.0203 0984   Secdrv - ok
09:52:07.0218 0984   Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
09:52:07.0281 0984   Serial - ok
09:52:07.0281 0984   Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
09:52:07.0343 0984   Sfloppy - ok
09:52:07.0343 0984   Simbad - ok
09:52:07.0375 0984   sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
09:52:07.0421 0984   sisagp - ok
09:52:07.0468 0984   SNTNLUSB (054c6d41933b3bdb09dca17de08a97b2) C:\WINDOWS\system32\DRIVERS\SNTNLUSB.SYS
09:52:07.0468 0984   SNTNLUSB - ok
09:52:07.0515 0984   SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
09:52:07.0562 0984   SONYPVU1 - ok
09:52:07.0562 0984   Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
09:52:07.0593 0984   Sparrow - ok
09:52:07.0625 0984   splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
09:52:08.0000 0984   splitter - ok
09:52:08.0046 0984   sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
09:52:08.0078 0984   sr - ok
09:52:08.0093 0984   Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
09:52:08.0156 0984   Srv - ok
09:52:08.0187 0984   swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
09:52:08.0234 0984   swenum - ok
09:52:08.0250 0984   swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
09:52:08.0312 0984   swmidi - ok
09:52:08.0328 0984   symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
09:52:08.0375 0984   symc810 - ok
09:52:08.0390 0984   symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
09:52:08.0437 0984   symc8xx - ok
09:52:08.0437 0984   sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
09:52:08.0484 0984   sym_hi - ok
09:52:08.0500 0984   sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
09:52:08.0546 0984   sym_u3 - ok
09:52:08.0546 0984   sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
09:52:08.0609 0984   sysaudio - ok
09:52:08.0656 0984   Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
09:52:08.0687 0984   Tcpip - ok
09:52:08.0703 0984   TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
09:52:08.0750 0984   TDPIPE - ok
09:52:08.0750 0984   TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
09:52:08.0812 0984   TDTCP - ok
09:52:08.0812 0984   TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
09:52:08.0859 0984   TermDD - ok
09:52:08.0875 0984   TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
09:52:08.0921 0984   TosIde - ok
09:52:08.0937 0984   Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
09:52:09.0000 0984   Udfs - ok
09:52:09.0031 0984   ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
09:52:09.0078 0984   ultra - ok
09:52:09.0093 0984   Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
09:52:09.0171 0984   Update - ok
09:52:09.0203 0984   usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
09:52:09.0250 0984   usbccgp - ok
09:52:09.0281 0984   usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
09:52:09.0343 0984   usbehci - ok
09:52:09.0359 0984   usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
09:52:09.0406 0984   usbhub - ok
09:52:09.0453 0984   usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
09:52:09.0500 0984   usbprint - ok
09:52:09.0515 0984   usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
09:52:09.0593 0984   usbscan - ok
09:52:09.0640 0984   USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
09:52:09.0687 0984   USBSTOR - ok
09:52:09.0703 0984   usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
09:52:09.0750 0984   usbuhci - ok
09:52:09.0765 0984   usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
09:52:09.0828 0984   usb_rndisx - ok
09:52:09.0843 0984   VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
09:52:09.0890 0984   VgaSave - ok
09:52:09.0906 0984   viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
09:52:09.0953 0984   viaagp - ok
09:52:09.0984 0984   ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
09:52:10.0031 0984   ViaIde - ok
09:52:10.0062 0984   VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
09:52:10.0109 0984   VolSnap - ok
09:52:10.0140 0984   Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
09:52:10.0187 0984   Wanarp - ok
09:52:10.0218 0984   wceusbsh (4c0b8ef721783f52f8e531fbdc4b1f74) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
09:52:10.0265 0984   wceusbsh - ok
09:52:10.0265 0984   WDICA - ok
09:52:10.0296 0984   wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
09:52:10.0343 0984   wdmaud - ok
09:52:10.0390 0984   MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
09:52:10.0500 0984   \Device\Harddisk0\DR0 - ok
09:52:10.0500 0984   MBR (0x1B8) (bbb0a0725ad66f38b1a32135f3cb55d6) \Device\Harddisk1\DR3
09:52:10.0640 0984   \Device\Harddisk1\DR3 - ok
09:52:10.0640 0984   Boot (0x1200) (ce98cd12c5af7400b4ededa6d21ac6d8) \Device\Harddisk0\DR0\Partition0
09:52:10.0671 0984   \Device\Harddisk0\DR0\Partition0 - ok
09:52:10.0671 0984   Boot (0x1200) (972e39aac1c0e334452df608d016561b) \Device\Harddisk1\DR3\Partition0
09:52:10.0671 0984   \Device\Harddisk1\DR3\Partition0 - ok
09:52:10.0671 0984   ============================================================
09:52:10.0671 0984   Scan finished
09:52:10.0671 0984   ============================================================
09:52:10.0781 1772   Detected object count: 4
09:52:10.0781 1772   Actual detected object count: 4
09:52:19.0453 1772   C:\WINDOWS\System32\drivers\afd.sys - copied to quarantine
09:52:19.0500 1772   Backup copy found, using it..
09:52:19.0500 1772   C:\WINDOWS\System32\drivers\afd.sys - will be cured on reboot
09:52:20.0750 1772   AFD ( Virus.Win32.ZAccess.k ) - User select action: Cure
09:52:20.0750 1772   Diag69xp ( UnsignedFile.Multi.Generic ) - skipped by user
09:52:20.0750 1772   Diag69xp ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:52:20.0750 1772   LANPkt ( UnsignedFile.Multi.Generic ) - skipped by user
09:52:20.0750 1772   LANPkt ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:52:20.0765 1772   RTLVLAN ( UnsignedFile.Multi.Generic ) - skipped by user
09:52:20.0765 1772   RTLVLAN ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:52:30.0359 1316   Deinitialize success

1972vet · « **Reply #3 on:** March 08, 2012, 10:17:21 AM »

Thanks...now please reboot the system and when it comes up:
Please disable the active protection component of your antivirus and antispyware programs by following the directions that apply Here.
...of those, many people overlook the Windows Defender since, for most, there is no icon for it in the system tray. Scroll through those directives above and look for this application specifically, to make certain it is disabled.

Please download combofix from This Webpage...and read through the instructions there for running the tool.

***Important Note***
Please read through the guidance on that web page carefully and thoroughly...and install the Recovery Console. Using this tool without the Recovery Console installed is NOT RECOMMENDED.

If you have Windows Vista or Windows 7, you can skip the recovery console step...in Vista/7 it's in the System Recovery Options menu. The System Recovery Options menu is on the Windows Vista or Windows 7 installation disc. If Windows doesn't start correctly, you can use these tools to repair startup problems.

The Windows Recovery Console will allow you to boot into a special recovery (repair) mode that is not otherwise available. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It's a simple procedure that will only take a few moments.

Once installed, a blue screen prompt should appear that reads as follows:

The Recovery Console was successfully installed.

When you see that screen, please continue as follows:

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a log file for you. Please post that log back here on your next reply. Thanks!

Note:
Do not mouseclick combofix's window while it's running....that may cause the scan to stall

chris222 · « **Reply #4 on:** March 08, 2012, 12:55:34 PM »

Thanks. Disabled my antivirus and antispyware sofware without a problem, but couldn't even find Widows Defender to disable. the infected machine is running Combofix right now. The recovery console was installed successfully and Combofix made it successfully through stage 50. It then began to tell me in multiple windows that I had the zero access rootkit. I just clicked OK to let it proceed. It deleted many files and when it began to delete folders, it stated that it couldn't find an acceptable replacement and that it would search for one. It has been sitting still since then and hasn't gotten to the point where it will create a log file. How long should I wait on this?

1972vet · « **Reply #5 on:** March 08, 2012, 01:24:24 PM »

Just be patient. ZeroAccess is a nasty rootkit and is a bit complicated when removing it. The scan depends on a couple of components. They are the type and amount of infection and the size of the disk.

chris222 · « **Reply #6 on:** March 08, 2012, 01:29:52 PM »

I will be patient. I am just hoping that it won't crash during the scan, although it has been running crash free longer during the scan than it has recently. I've got my fingers crossed.

Thanks again for all of your help. I really appreciate it.

chris222 · « **Reply #7 on:** March 08, 2012, 02:46:16 PM »

Combofix has finished. Log below.

ComboFix 12-03-08.02 - Dusty 03/08/2012 13:09:26.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2837 [GMT -5:00]
Running from: c:\documents and settings\Dusty\Desktop\ComboFix.exe
AV: ESET Smart Security 4.0 *Disabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Resident AV is active
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\SPLC2.tmp
c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
c:\documents and settings\Becca\WINDOWS
c:\documents and settings\Dusty\Application Data\7846.662
c:\documents and settings\Dusty\g2ax_customer_downloadhelper_win32_x86.exe
c:\documents and settings\Dusty\WINDOWS
C:\Thumbs.db
c:\windows\$NtUninstallKB28970$
c:\windows\$NtUninstallKB28970$\1549741429\@
c:\windows\$NtUninstallKB28970$\1549741429\cfg.ini
c:\windows\$NtUninstallKB28970$\1549741429\Desktop.ini
c:\windows\$NtUninstallKB28970$\1549741429\L\rohepcid
c:\windows\$NtUninstallKB28970$\1549741429\U\00000001.@
c:\windows\$NtUninstallKB28970$\1549741429\U\00000002.@
c:\windows\$NtUninstallKB28970$\1549741429\U\00000004.@
c:\windows\$NtUninstallKB28970$\1549741429\U\80000000.@
c:\windows\$NtUninstallKB28970$\1549741429\U\80000004.@
c:\windows\$NtUninstallKB28970$\1549741429\U\80000032.@
c:\windows\$NtUninstallKB28970$\1549741429\version
c:\windows\$NtUninstallKB28970$\2063486957
c:\windows\system32\dds_trash_log.cmd
c:\windows\system32\noipducservice.dll
c:\windows\system32\regobj.dll
c:\windows\system32\Thumbs.db
F:\autorun.inf
.
c:\windows\system32\drivers\i8042prt.sys . . . is missing!!
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_6TO4
-------\Service_6to4
-------\Legacy_downloadmanagerlite
-------\Service_downloadmanagerlite
.
.
((((((((((((((((((((((((( Files Created from 2012-02-08 to 2012-03-08 )))))))))))))))))))))))))))))))
.
.
2012-03-08 14:52 . 2012-03-08 14:52   --------   d-----w-   C:\TDSSKiller_Quarantine
2012-03-08 14:49 . 2012-03-08 14:49   --------   d-----w-   c:\program files\Common Files\Java
2012-03-08 14:49 . 2012-03-08 14:49   637848   ----a-w-   c:\windows\system32\npdeployJava1.dll
2012-03-08 14:49 . 2012-03-08 14:49   141312   ----a-w-   c:\windows\system32\javacpl.cpl
2012-03-07 19:58 . 2011-12-10 20:24   20464   ----a-w-   c:\windows\system32\drivers\mbam.sys
2012-03-07 18:40 . 2012-03-07 18:40   414368   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-15 17:24 . 2012-02-15 17:24   --------   d-----w-   c:\documents and settings\Dusty\Local Settings\Application Data\Citrix
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-08 14:54 . 2008-04-25 16:16   138496   ----a-w-   c:\windows\system32\drivers\afd.sys
2012-03-08 14:49 . 2010-08-02 11:57   567696   ----a-w-   c:\windows\system32\deployJava1.dll
2012-01-04 18:42 . 2011-12-08 14:48   121816   ----a-w-   c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2007-08-30 205480]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"Akamai NetSession Interface"="c:\documents and settings\Dusty\Local Settings\Application Data\Akamai\netsession_win.exe" [2012-02-02 3329824]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-09 8523776]
"8169Diag"="c:\program files\Realtek\Diagnostics Utility\8169Diag.exe" [2008-02-26 909312]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-02-26 128296]
"LXCTCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll" [2006-11-21 106496]
"lxctmon.exe"="c:\program files\Lexmark 5400 Series\lxctmon.exe" [2007-03-19 291760]
"Lexmark 5400 Series Fax Server"="c:\program files\Lexmark 5400 Series\fm3032.exe" [2007-03-19 304048]
"EzPrint"="c:\program files\Lexmark 5400 Series\ezprint.exe" [2007-03-19 82864]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-09-11 2054360]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-10-03 38768]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-10-03 640376]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2010-10-19 1439496]
"RTHDCPL"="RTHDCPL.EXE" [2008-01-31 16860672]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\documents and settings\Becca\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2011-11-11 1155432]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\lxctcoms.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2010\\QBDBMgrN.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Spotify\\spotify.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:RPC
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"1130:TCP"= 1130:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\RemoteAdminSettings]
"Enabled"= 1 (0x1)
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [9/11/2009 6:23 AM 108792]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [4/25/2008 11:16 AM 14336]
R2 ArcGIS License Manager;ArcGIS License Manager;c:\progra~1\ESRI\License\arcgis9x\lmgrd.exe [11/24/2008 8:50 AM 1372160]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [9/11/2009 6:24 AM 735960]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [11/9/2010 9:17 AM 374152]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [3/7/2012 2:58 PM 652360]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [3/7/2012 2:58 PM 20464]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/4/2011 8:33 AM 136176]
S2 LANPkt;Realtek LANPkt Protocol Driver;c:\windows\system32\drivers\LANPkt.sys [11/15/2008 8:53 AM 8960]
S2 NecUsb;USB Service;c:\windows\System32\svchost.exe -k NecUsbSevice [4/25/2008 11:16 AM 14336]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [8/15/2008 5:46 AM 284016]
S3 Diag69xp;Diag69xp;c:\windows\system32\drivers\diag69xp.sys [11/15/2008 8:53 AM 11264]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/4/2011 8:33 AM 136176]
S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [11/15/2008 8:53 AM 16640]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12   REG_MULTI_SZ     Pml Driver HPZ12 Net Driver HPZ12
Akamai   REG_MULTI_SZ     Akamai
NecUsbSevice   REG_MULTI_SZ     NecUsb
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
guardian2
downloadmanagerlite
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-04 08:50]
.
2012-03-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-04 08:50]
.
2012-03-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1057793350-2047388184-2080285599-1009Core.job
- c:\documents and settings\Dusty\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-30 14:43]
.
2012-03-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1057793350-2047388184-2080285599-1009UA.job
- c:\documents and settings\Dusty\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-30 14:43]
.
2012-03-08 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-17 02:18]
.
.
------- Supplementary Scan -------
.
uStart Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6081115
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = 127.0.0.1:9421
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Trusted Zone: doi.gov\www.itims
Trusted Zone: landfx.com\www
TCP: DhcpNameServer = 24.247.15.53 24.247.24.53
DPF: {CAFECAFE-0013-0001-0022-ABCDEFABCDEF}
DPF: {CAFECAFE-0013-0001-0028-ABCDEFABCDEF} - hxxps://www.itims.doi.gov/forms/jinitiator/jinit.exe
FF - ProfilePath - c:\documents and settings\Dusty\Application Data\Mozilla\Firefox\Profiles\2i6uhzun.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: network.proxy.type - 0
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-AdobeBridge - (no file)
Notify-USB3Nw32 - USB3Nw32.dll
SafeBoot-83838367.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-08 15:37
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCTCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16?

?
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_7de0ed9.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(848)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
- - - - - - - > 'explorer.exe'(2748)
c:\windows\system32\ieframe.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\windows\system32\msi.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\ESRI\License\arcgis9x\ARCGIS.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\windows\system32\lxctcoms.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\progra~1\MICROS~4\rapimgr.exe
.
**************************************************************************
.
Completion time: 2012-03-08 15:43:06 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-08 20:43
.
Pre-Run: 242,119,544,832 bytes free
Post-Run: 270,125,641,728 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 4B123BA4C4005C2C70545D34F1E7CE0E

1972vet · « **Reply #8 on:** March 08, 2012, 03:59:27 PM »

How's it running now? Everything working ok?

chris222 · « **Reply #9 on:** March 09, 2012, 06:24:40 AM »

Everything seems to be running very well. Thank you so much. Another machine that I use infrequently has similar symptoms. Should I use the same steps or start a new thread with fresh logs for that one?

1972vet · « **Reply #10 on:** March 09, 2012, 07:16:00 AM »

Quote from: chris222 on March 09, 2012, 06:24:40 AM

Everything seems to be running very well. Thank you so much. Another machine that I use infrequently has similar symptoms. Should I use the same steps or start a new thread with fresh logs for that one?

We first need to finish up with this, then you should start another thread detailing the issues you are having with your other system you mentioned. You can, if you like, mark it for my attention and I'll pick it up and work on it with you again. Your choice of course...

You can delete this folder now:
C:\TDSSKiller_Quarantine
...and the associated logfile on the C:\ drive. It would be labeled as TDSSKiller.[Version]_[Date]_[Time]_log.txt.

Next, please open a blank Notepad by clicking start-->run...Then, in the run box type Notepad.exe and click "OK".
Copy the below text in Bold and paste it into the blank Notepad. Save it as CFScript.txt...Change the "Save as type" to All Files and save it to your desktop. Now drag the text document over to your Combofix.exe

Combofix will run again automatically. Please post back the new log that will be generated. Thanks!
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

KILLALL::

NetSvc::
downloadmanagerlite

Folder::
c:\documents and settings\Dusty\Local Settings\Application Data\Citrix

regnull::
[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]

chris222 · « **Reply #11 on:** March 09, 2012, 12:18:48 PM »

Thanks. I'll start a new thread for the other machine later and put your handle in the subject line.

I followed the instructions you gave me in your last post and Combofix has been running for approximately four hours now. It is still on the beginning "scanning for infected files..." stage. I wasn't thinking towards the end of the day yesterday and defragmented the hard drive prior to getting back to this process this morning. I hope I didn't screw things up too badly.

1972vet · « **Reply #12 on:** March 09, 2012, 01:16:48 PM »

Defragmenting the disk should actually speed things up, not slow them down. I am thinking that you may have forgotten to disable the protective components you had running real time protection?

chris222 · « **Reply #13 on:** March 09, 2012, 02:59:13 PM »

I shut down my antivirus stuff and tried Combofix again, and it ran for another 1.5 hours without getting anywhere. I will try it again. If I can't get it to work, should I just uninstall Combofix as described on the download link you provided earlier?

1972vet · « **Reply #14 on:** March 09, 2012, 04:07:53 PM »

Try it in safe mode.

News:

Author Topic: [Resolved] Trojan.Wimpixo and RootKit.0Access.H (Read 2261 times)

chris222

[Resolved] Trojan.Wimpixo and RootKit.0Access.H

1972vet

Re: [Resolved] Trojan.Wimpixo and RootKit.0Access.H

chris222

Re: [Resolved] Trojan.Wimpixo and RootKit.0Access.H

1972vet

Re: [Resolved] Trojan.Wimpixo and RootKit.0Access.H

chris222

Re: [Resolved] Trojan.Wimpixo and RootKit.0Access.H

1972vet

Re: [Resolved] Trojan.Wimpixo and RootKit.0Access.H

chris222

Re: [Resolved] Trojan.Wimpixo and RootKit.0Access.H

chris222

Re: [Resolved] Trojan.Wimpixo and RootKit.0Access.H

1972vet

Re: [Resolved] Trojan.Wimpixo and RootKit.0Access.H

chris222

Re: [Resolved] Trojan.Wimpixo and RootKit.0Access.H

1972vet

Re: [Resolved] Trojan.Wimpixo and RootKit.0Access.H

chris222

Re: [Resolved] Trojan.Wimpixo and RootKit.0Access.H

1972vet

Re: [Resolved] Trojan.Wimpixo and RootKit.0Access.H

chris222

Re: [Resolved] Trojan.Wimpixo and RootKit.0Access.H

1972vet

Re: [Resolved] Trojan.Wimpixo and RootKit.0Access.H