Jump to content

jss2811

Members
 View Profile  See their activity

  • Posts

    1

  • Joined

  • Last visited

Reputation

0 Neutral
  1. jss2811
    So last week, I managed to pick up what I would eventually find to be a rootkit. Initial scans with MBAM and Housecall turned up nothing, so I began to research the symptoms (high CPU/network use while idle/minimal startup programs). I was unable to boot from either the AVG Rescue Disc or KAV Rescue Disc, or a thumb drive version of KAV Rescue Disc. I came across various forum threads with similar problems and several tools (Combofix, GMER, dds, Defogger, RKUnhooker, mbr, RSIT, aswMBR) all of which I've downloaded and run at various points and saved logfiles. I then found Kaspersky TDSSKiller, which found part of the problem but still left 2 suspicious items. Something still seems to be amiss. I now turn to those with vastly more experience than myself, which I probably should have done from the start. Any help would be greatly appreciated. Please find the attached MBAM and DDS logs. Due to family obligations, I will be away from the infected machine from Sunday April 15 through Tuesday April 17, returning on Wednesday April 18. Thanks again! Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.04.13.04 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Administrator :: RETAIL007 [administrator] 4/13/2012 10:40:42 AM mbam-log-2012-04-13 (10-40-42).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 257535 Time elapsed: 46 minute(s), 8 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 Run by Administrator at 12:03:16 on 2012-04-13 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.323 [GMT -4:00] . . ============== Running Processes =============== . C:\WINDOWS\system32\svchost.exe -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\userinit.exe C:\WINDOWS\Explorer.EXE svchost.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\imapi.exe . ============== Pseudo HJT Report =============== . EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [Trend Micro RUBotted V2.0 Beta] c:\program files\trend micro\rubotted\RUBottedGUI.exe DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab TCP: DhcpNameServer = 24.178.162.3 97.81.22.195 192.168.1.1 TCP: Interfaces\{E4E65FFB-9453-48EE-85F1-C72FD9C9604C} : DhcpNameServer = 24.178.162.3 97.81.22.195 192.168.1.1 Notify: igfxcui - igfxsrvc.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\nhguzac0.default\ . ============= SERVICES / DRIVERS =============== . R2 RUBotSrv;Trend Micro RUBotted Service;c:\program files\trend micro\rubotted\RUBotSrv.exe [2012-4-11 439632] R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-9-1 136176] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\common files\symantec shared\eengine\eraserutilrebootdrv.sys --> c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [?] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-9-1 136176] S3 SQLAgent$UPSWSDBSERVER;SQLAgent$UPSWSDBSERVER;c:\ups\wstd\mssql$upswsdbserver\binn\sqlagent.exe -i upswsdbserver --> c:\ups\wstd\mssql$upswsdbserver\binn\sqlagent.EXE -i UPSWSDBSERVER [?] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] S4 MSSQL$UPSWSDBSERVER;MSSQL$UPSWSDBSERVER;c:\ups\wstd\mssql$upswsdbserver\binn\sqlservr.exe -supswsdbserver --> c:\ups\wstd\mssql$upswsdbserver\binn\sqlservr.exe -sUPSWSDBSERVER [?] S4 SimpleHelpSimpleGatewayService;SimpleHelp SimpleGateway Service;c:\program files\simplehelpservice\SimpleService.exe [2011-8-20 98712] . =============== Created Last 30 ================ . 2012-04-13 14:37:23 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-04-13 14:37:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-04-12 16:48:30 -------- d-----w- C:\TDSSKiller_Quarantine 2012-04-12 14:42:41 -------- d-----w- c:\documents and settings\administrator\local settings\application data\CutePDF Writer 2012-04-11 17:44:12 -------- d-----w- c:\documents and settings\all users\application data\Trend Micro 2012-04-11 17:44:07 200976 ----a-w- c:\windows\system32\drivers\tmcomm.sys 2012-04-11 17:43:04 -------- d-----w- c:\program files\WinPcap 2012-04-07 20:39:42 -------- d-sha-r- C:\cmdcons 2012-04-07 20:38:34 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Temp 2012-04-07 20:38:34 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Adobe 2012-04-07 20:32:23 208896 ----a-w- c:\windows\MBR.exe 2012-04-07 20:32:22 98816 ----a-w- c:\windows\sed.exe 2012-04-07 20:32:22 518144 ----a-w- c:\windows\SWREG.exe 2012-04-07 20:32:22 256000 ----a-w- c:\windows\PEV.exe 2012-04-07 19:46:18 -------- d-sh--w- c:\documents and settings\administrator\PrivacIE 2012-04-07 19:45:42 -------- d-sh--w- c:\documents and settings\administrator\IECompatCache 2012-04-07 19:39:09 -------- d-----w- C:\found.003 2012-04-07 18:56:26 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Google 2012-04-07 18:19:23 -------- d-----w- c:\documents and settings\administrator\application data\Malwarebytes 2012-04-07 18:04:36 388096 ----a-r- c:\documents and settings\administrator\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe 2012-04-07 17:55:26 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Mozilla 2012-04-07 17:54:01 -------- d-sh--w- c:\documents and settings\administrator\IETldCache 2012-04-07 16:37:02 -------- d-----w- c:\windows\system32\wbem\repository\FS 2012-04-07 16:37:02 -------- d-----w- c:\windows\system32\wbem\Repository . ==================== Find3M ==================== . 2012-02-20 15:09:06 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys . ============= FINISH: 12:04:48.51 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 5/22/2007 10:57:31 AM System Uptime: 4/13/2012 12:02:18 PM (0 hours ago) . Motherboard: Dell Computer Corp. | | 0C2425 Processor: Intel® Pentium® 4 CPU 2.80GHz | Microprocessor | 2790/533mhz . ==== Disk Partitions ========================= . A: is Removable C: is FIXED (NTFS) - 74 GiB total, 54.619 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318} Description: Multimedia Audio Controller Device ID: PCI\VEN_8086&DEV_24C5&SUBSYS_01601028&REV_01\3&172E68DD&0&FD Manufacturer: Name: Multimedia Audio Controller PNP Device ID: PCI\VEN_8086&DEV_24C5&SUBSYS_01601028&REV_01\3&172E68DD&0&FD Service: . ==== System Restore Points =================== . RP1678: 1/15/2012 5:15:10 AM - System Checkpoint RP1679: 1/16/2012 6:14:58 AM - System Checkpoint RP1680: 1/17/2012 6:38:19 AM - System Checkpoint RP1681: 1/18/2012 7:38:18 AM - System Checkpoint RP1682: 1/19/2012 8:38:17 AM - System Checkpoint RP1683: 1/20/2012 9:14:53 AM - System Checkpoint RP1684: 1/21/2012 9:38:06 AM - System Checkpoint RP1685: 1/22/2012 10:38:06 AM - System Checkpoint RP1686: 1/23/2012 1:08:20 PM - System Checkpoint RP1687: 1/24/2012 1:13:31 PM - System Checkpoint RP1688: 1/25/2012 2:13:31 PM - System Checkpoint RP1689: 1/26/2012 4:16:50 PM - System Checkpoint RP1690: 1/27/2012 5:21:29 PM - System Checkpoint RP1691: 1/28/2012 6:04:59 PM - System Checkpoint RP1692: 1/29/2012 7:05:07 PM - System Checkpoint RP1693: 1/30/2012 7:45:53 PM - System Checkpoint RP1694: 1/31/2012 3:00:16 AM - Software Distribution Service 3.0 RP1695: 2/2/2012 12:29:12 PM - System Checkpoint RP1696: 2/3/2012 1:01:00 PM - System Checkpoint RP1697: 2/4/2012 1:21:52 PM - System Checkpoint RP1698: 2/5/2012 1:38:21 PM - System Checkpoint RP1699: 2/6/2012 2:36:18 PM - System Checkpoint RP1700: 2/7/2012 3:13:49 PM - System Checkpoint RP1701: 2/8/2012 4:21:29 PM - System Checkpoint RP1702: 2/9/2012 5:11:56 PM - System Checkpoint RP1703: 2/10/2012 6:13:46 PM - System Checkpoint RP1704: 2/11/2012 6:33:40 PM - System Checkpoint RP1705: 2/12/2012 7:15:39 PM - System Checkpoint RP1706: 2/13/2012 8:14:09 PM - System Checkpoint RP1707: 2/14/2012 9:14:07 PM - System Checkpoint RP1708: 2/15/2012 10:14:05 PM - System Checkpoint RP1709: 2/16/2012 3:53:47 PM - Software Distribution Service 3.0 RP1710: 2/17/2012 5:06:34 PM - System Checkpoint RP1711: 2/18/2012 5:15:41 PM - System Checkpoint RP1712: 2/19/2012 5:47:44 PM - System Checkpoint RP1713: 2/20/2012 6:06:41 PM - System Checkpoint RP1714: 2/21/2012 6:55:20 PM - System Checkpoint RP1715: 2/22/2012 7:55:20 PM - System Checkpoint RP1716: 2/23/2012 7:59:24 PM - System Checkpoint RP1717: 2/24/2012 8:59:25 PM - System Checkpoint RP1718: 2/25/2012 9:24:30 PM - System Checkpoint RP1719: 2/26/2012 10:24:33 PM - System Checkpoint RP1720: 2/27/2012 11:13:15 PM - System Checkpoint RP1721: 2/29/2012 12:13:12 AM - System Checkpoint RP1722: 3/1/2012 12:15:11 AM - System Checkpoint RP1723: 3/2/2012 1:11:04 AM - System Checkpoint RP1724: 3/2/2012 11:15:50 AM - Removed Adobe Reader 8.1.3 RP1725: 3/3/2012 12:23:11 PM - System Checkpoint RP1726: 3/4/2012 12:24:14 PM - System Checkpoint RP1727: 3/5/2012 12:56:28 PM - System Checkpoint RP1728: 3/6/2012 1:10:44 PM - System Checkpoint RP1729: 3/7/2012 2:10:43 PM - System Checkpoint RP1730: 3/8/2012 4:52:23 PM - System Checkpoint RP1731: 3/9/2012 5:59:56 PM - System Checkpoint RP1732: 3/10/2012 6:06:18 PM - System Checkpoint RP1733: 3/11/2012 7:06:29 PM - System Checkpoint RP1734: 3/12/2012 7:55:55 PM - System Checkpoint RP1735: 3/13/2012 8:55:55 PM - System Checkpoint RP1736: 3/14/2012 3:00:20 AM - Software Distribution Service 3.0 RP1737: 3/15/2012 12:28:42 PM - System Checkpoint RP1738: 3/16/2012 12:46:03 PM - System Checkpoint RP1739: 3/17/2012 1:32:13 PM - System Checkpoint RP1740: 3/18/2012 3:25:17 PM - System Checkpoint RP1741: 3/19/2012 3:59:14 PM - System Checkpoint RP1742: 3/20/2012 4:48:48 PM - System Checkpoint RP1743: 3/21/2012 5:48:47 PM - System Checkpoint RP1744: 3/22/2012 5:59:04 PM - System Checkpoint RP1745: 3/23/2012 6:01:36 PM - System Checkpoint RP1746: 3/24/2012 6:18:38 PM - System Checkpoint RP1747: 3/25/2012 7:06:45 PM - System Checkpoint RP1748: 3/26/2012 7:30:29 PM - System Checkpoint RP1749: 3/27/2012 8:30:29 PM - System Checkpoint RP1750: 3/28/2012 9:30:29 PM - System Checkpoint RP1751: 3/29/2012 9:35:41 PM - System Checkpoint RP1752: 3/30/2012 9:58:07 PM - System Checkpoint RP1753: 3/31/2012 9:58:48 PM - System Checkpoint RP1754: 4/1/2012 10:58:54 PM - System Checkpoint RP1755: 4/2/2012 11:28:10 PM - System Checkpoint RP1756: 4/3/2012 11:29:05 PM - System Checkpoint RP1757: 4/4/2012 11:33:14 PM - System Checkpoint RP1758: 4/6/2012 12:15:04 AM - System Checkpoint RP1759: 4/7/2012 1:15:03 AM - System Checkpoint RP1760: 4/7/2012 12:36:11 PM - Restore Operation RP1761: 4/7/2012 2:04:31 PM - Installed HiJackThis RP1762: 4/12/2012 12:59:49 PM - ComboFix created restore point RP1763: 4/13/2012 3:00:34 AM - Software Distribution Service 3.0 . ==== Installed Programs ====================== . Adobe Flash Player 11 ActiveX Adobe Reader X (10.1.2) Broadcom 440x 10/100 Integrated Controller CCC Conexant D850 56K V.9x DFVc Modem Critical Update for Windows Media Player 11 (KB959772) CutePDF Writer 2.8 FormsComponent FOSS GIMP 2.6.11 Google Chrome Google Update Helper HiJackThis Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Internet Explorer 7 (KB947864) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB2158563) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB2570791) Hotfix for Windows XP (KB2633952) Hotfix for Windows XP (KB942288-v3) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB958655-v2) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB970653-v3) Hotfix for Windows XP (KB976098-v2) Hotfix for Windows XP (KB979306) Hotfix for Windows XP (KB981793) ICCHelp Intel® Extreme Graphics Driver Java™ 6 Update 13 KONICA MINOLTA magicolor 2400W Malwarebytes Anti-Malware version 1.61.0.1400 Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft .NET Framework 4 Multi-Targeting Pack Microsoft Application Error Reporting Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Help Viewer 1.0 Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office Professional Edition 2003 Microsoft Outlook Personal Folders Backup Microsoft SQL Server 2008 Management Objects Microsoft SQL Server Compact 3.5 SP2 ENU Microsoft SQL Server Desktop Engine (UPSWSDBSERVER) Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32 Mozilla Firefox 9.0.1 (x86 en-US) MSIChecker MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) NA1Messenger NRF PDFZilla V1.2.9 PolicyManager Reconciler ReportServer Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Extended (KB2416472) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft Windows (KB2564958) Security Update for Windows Internet Explorer 7 (KB929969) Security Update for Windows Internet Explorer 7 (KB931768) Security Update for Windows Internet Explorer 7 (KB933566) Security Update for Windows Internet Explorer 7 (KB937143) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB939653) Security Update for Windows Internet Explorer 7 (KB942615) Security Update for Windows Internet Explorer 7 (KB944533) Security Update for Windows Internet Explorer 7 (KB950759) Security Update for Windows Internet Explorer 7 (KB953838) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB958215) Security Update for Windows Internet Explorer 7 (KB960714) Security Update for Windows Internet Explorer 7 (KB961260) Security Update for Windows Internet Explorer 7 (KB963027) Security Update for Windows Internet Explorer 7 (KB969897) Security Update for Windows Internet Explorer 8 (KB2183461) Security Update for Windows Internet Explorer 8 (KB2360131) Security Update for Windows Internet Explorer 8 (KB2416400) Security Update for Windows Internet Explorer 8 (KB2482017) Security Update for Windows Internet Explorer 8 (KB2497640) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2530548) Security Update for Windows Internet Explorer 8 (KB2544521) Security Update for Windows Internet Explorer 8 (KB2559049) Security Update for Windows Internet Explorer 8 (KB2586448) Security Update for Windows Internet Explorer 8 (KB2618444) Security Update for Windows Internet Explorer 8 (KB2647516) Security Update for Windows Internet Explorer 8 (KB969897) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB972260) Security Update for Windows Internet Explorer 8 (KB974455) Security Update for Windows Internet Explorer 8 (KB976325) Security Update for Windows Internet Explorer 8 (KB978207) Security Update for Windows Internet Explorer 8 (KB981332) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2160329) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2279986) Security Update for Windows XP (KB2286198) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2296199) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2436673) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2476687) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479628) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485376) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2503658) Security Update for Windows XP (KB2503665) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2506223) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508272) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2511455) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2536276) Security Update for Windows XP (KB2544893-v2) Security Update for Windows XP (KB2544893) Security Update for Windows XP (KB2555917) Security Update for Windows XP (KB2562937) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2567053) Security Update for Windows XP (KB2567680) Security Update for Windows XP (KB2570222) Security Update for Windows XP (KB2570947) Security Update for Windows XP (KB2584146) Security Update for Windows XP (KB2585542) Security Update for Windows XP (KB2592799) Security Update for Windows XP (KB2598479) Security Update for Windows XP (KB2603381) Security Update for Windows XP (KB2618451) Security Update for Windows XP (KB2619339) Security Update for Windows XP (KB2620712) Security Update for Windows XP (KB2621440) Security Update for Windows XP (KB2624667) Security Update for Windows XP (KB2631813) Security Update for Windows XP (KB2633171) Security Update for Windows XP (KB2639417) Security Update for Windows XP (KB2641653) Security Update for Windows XP (KB2646524) Security Update for Windows XP (KB2647518) Security Update for Windows XP (KB2660465) Security Update for Windows XP (KB2661637) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923789) Security Update for Windows XP (KB938464-v2) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977165) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978251) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981852) Security Update for Windows XP (KB981957) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982665) Security Update for Windows XP (KB982802) SQL Server System CLR Types SupportUtility System Trend Micro RUBotted 2.0 Beta UnifiedPrinting Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Windows Internet Explorer 8 (KB971930) Update for Windows Internet Explorer 8 (KB976662) Update for Windows Internet Explorer 8 (KB976749) Update for Windows Internet Explorer 8 (KB980182) Update for Windows XP (KB2141007) Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB2541763) Update for Windows XP (KB2607712) Update for Windows XP (KB2616676) Update for Windows XP (KB2641690) Update for Windows XP (KB951072-v2) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB955839) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) UPS WorldShip UPSDB UPSICC UPSlinkHTTP UPSVCMM WebFldrs XP WebHelp Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage Validation Tool (KB892130) Windows Internet Explorer 7 Windows Internet Explorer 8 Windows Media Format 11 runtime Windows Media Player 11 Windows XP Service Pack 3 WinPcap 4.1.1 WinUtilities 10.32 Free Edition WorldShip . ==== Event Viewer Messages From Past Week ======== . 4/9/2012 10:26:51 AM, error: Service Control Manager [7034] - The Terminal Services service terminated unexpectedly. It has done this 1 time(s). 4/9/2012 10:26:51 AM, error: Service Control Manager [7031] - The DCOM Server Process Launcher service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine. 4/9/2012 10:10:49 AM, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:. 4/13/2012 10:24:51 AM, error: System Error [1003] - Error code 000000f4, parameter1 00000003, parameter2 82edc7b8, parameter3 82edc92c, parameter4 805fb1d6. 4/12/2012 2:20:02 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period. 4/12/2012 10:22:10 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064} 4/12/2012 10:03:59 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 4/12/2012 10:03:23 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service MDM with arguments "" in order to run the server: {943B6A75-BB5E-41A7-A6D3-A1A5E892B33B} 4/11/2012 3:34:05 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm 4/11/2012 2:54:37 PM, error: PlugPlayManager [11] - The device Root\LEGACY_SYMTDI\0000 disappeared from the system without first being prepared for removal. 4/11/2012 2:54:37 PM, error: PlugPlayManager [11] - The device Root\LEGACY_ERASERUTILREBOOTDRV\0000 disappeared from the system without first being prepared for removal. 4/11/2012 2:30:19 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Trend Micro RUBotted Service service to connect. 4/11/2012 2:30:19 PM, error: Service Control Manager [7000] - The Trend Micro RUBotted Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 4/11/2012 2:29:03 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'SrtETmp' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume. 4/11/2012 12:55:22 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E} 4/11/2012 12:54:48 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD eeCtrl Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SRTSP SRTSPX SYMTDI Tcpip WS2IFSL 4/11/2012 12:54:48 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning. 4/11/2012 12:54:48 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning. 4/11/2012 12:54:48 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. 4/11/2012 12:54:48 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning. 4/11/2012 12:21:52 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SYMTDI . ==== End Of File =========================== Merged 2nd post into this ~ Moderator Just realized I left out the rootkit that TDSSKiller found - it was Rootkit.Boot.Pihar.b. aswMBR is finding infected files but the option to "Fix" is greyed out, with only "FixMBR", "Save Log", and "Exit" being available. Also, RKUnhooker is detecting rootkit activity again
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.