also @ TechSpot: Google, Samsung unveil Chromebook, Chromebox with Chrome OS 19

TechSpot

[Inactive] Three Trojans stuck in System Registry

Discussion in 'Virus and Malware Removal' started by waveofbabies, Jan 11, 2012.

Page 2 of 2

  1. waveofbabies Newcomer, in training

    Here is the long from Rkill

    This log file is located at C:\rkill.log.
    Please post this only if requested to by the person helping you.
    Otherwise you can close this log when you wish.

    Rkill was run on 01/13/2012 at 15:36:25.
    Operating System: Windows Vista (TM) Home Premium


    Processes terminated by Rkill or while it was running:



    Rkill completed on 01/13/2012 at 15:36:27.

    Combofix seemed to be working. Then a window popped up indicating that I had some sort of severe infection. I clicked ok and the blue window is still open. I'm not sure if it is still working or not.
    waveofbabies, Jan 13, 2012
    #21

  2. Broni Malware Annihilator

    If your computer clock is running Combofix is still working.
    Broni, Jan 13, 2012
    #22

  3. waveofbabies Newcomer, in training

    okay then we're good i think
    waveofbabies, Jan 13, 2012
    #23

  4. waveofbabies Newcomer, in training

    combofix asked me to reboot. I rebooted into safe mode but i cannot find the log.
    waveofbabies, Jan 13, 2012
    #24

  5. Broni Malware Annihilator

    If it's not here: C:\combofix.txt re-run Combofix from safe mode.
    Broni, Jan 13, 2012
    #25

  6. waveofbabies Newcomer, in training

    Now it's telling me AVG is still installed even though I ran the removal tool yesterday and cannot find it in the control panel
    waveofbabies, Jan 13, 2012
    #26

  7. waveofbabies Newcomer, in training

    Its also saying that I am infected with Rootkit.ZeroAccess. Can you explain to me what's going on?
    waveofbabies, Jan 13, 2012
    #27

  8. Broni Malware Annihilator

    Disregard AVG warning.

    ZeroAccess rootkit is a serious infection.
    Combofix will take a while.
    Broni, Jan 13, 2012
    #28

  9. waveofbabies Newcomer, in training

    When combofix finished, a window popped up saying Combofix has detected the presence of rootkit activity and needs to reboot the machine. After doing this, I rebooted into safemode but still no log and no internet access. I;m assuming that I will still get a blue screen were i to boot with a normal startup.
    waveofbabies, Jan 13, 2012
    #29

  10. Broni Malware Annihilator

    Download Bootkit Remover to your Desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.

    ============================================================

    Please download and run ListParts by Farbar (for 32-bit system)

    Please download and run ListParts64 by Farbar (for 64-bit system)

    Click on Scan button.

    Scan result will open in Notepad.
    Post it in your next reply.
    Broni, Jan 13, 2012
    #30

  11. waveofbabies Newcomer, in training

    .\debug.cpp(238) : Debug log started at 14.01.2012 - 08:37:28
    .\boot_cleaner.cpp(527) : Bootkit Remover
    .\boot_cleaner.cpp(528) : (c) 2009 Esage Lab
    .\boot_cleaner.cpp(529) : www.esagelab.com
    .\boot_cleaner.cpp(533) : Program version: 1.2.0.1
    .\boot_cleaner.cpp(540) : OS Version: Microsoft Windows Vista Home Premium Edition Service Pack 2 (build 6002), 32-bit
    .\debug.cpp(248) : **********************************************
    .\debug.cpp(249) : *** [ LOADED MODULES INFORMATION ] ***********
    .\debug.cpp(250) : **********************************************
    .\debug.cpp(256) : 0x81c3e000 0x003ba000 "\SystemRoot\system32\ntkrnlpa.exe"
    .\debug.cpp(256) : 0x81c0b000 0x00033000 "\SystemRoot\system32\hal.dll"
    .\debug.cpp(256) : 0x82206000 0x00007000 "\SystemRoot\system32\kdcom.dll"
    .\debug.cpp(256) : 0x8220d000 0x00070000 "\SystemRoot\system32\mcupdate_GenuineIntel.dll"
    .\debug.cpp(256) : 0x8227d000 0x00011000 "\SystemRoot\system32\PSHED.dll"
    .\debug.cpp(256) : 0x8228e000 0x00008000 "\SystemRoot\system32\BOOTVID.dll"
    .\debug.cpp(256) : 0x82296000 0x00041000 "\SystemRoot\system32\CLFS.SYS"
    .\debug.cpp(256) : 0x822d7000 0x000e0000 "\SystemRoot\system32\CI.dll"
    .\debug.cpp(256) : 0x823b7000 0x00046000 "\SystemRoot\system32\drivers\acpi.sys"
    .\debug.cpp(256) : 0x8280c000 0x00009000 "\SystemRoot\system32\drivers\WMILIB.SYS"
    .\debug.cpp(256) : 0x8282a000 0x00027000 "\SystemRoot\system32\drivers\pci.sys"
    .\debug.cpp(256) : 0x82851000 0x0000f000 "\SystemRoot\System32\drivers\partmgr.sys"
    .\debug.cpp(256) : 0x82860000 0x0000f000 "\SystemRoot\system32\drivers\volmgr.sys"
    .\debug.cpp(256) : 0x8286f000 0x0004a000 "\SystemRoot\System32\drivers\volmgrx.sys"
    .\debug.cpp(256) : 0x828b9000 0x00007000 "\SystemRoot\system32\drivers\pciide.sys"
    .\debug.cpp(256) : 0x828c0000 0x0000e000 "\SystemRoot\system32\drivers\PCIIDEX.SYS"
    .\debug.cpp(256) : 0x828ce000 0x00010000 "\SystemRoot\System32\drivers\mountmgr.sys"
    .\debug.cpp(256) : 0x828de000 0x00008000 "\SystemRoot\system32\drivers\atapi.sys"
    .\debug.cpp(256) : 0x828e6000 0x0001e000 "\SystemRoot\system32\drivers\ataport.SYS"
    .\debug.cpp(256) : 0x82904000 0x0000d000 "\SystemRoot\system32\drivers\nvstor.sys"
    .\debug.cpp(256) : 0x82911000 0x00041000 "\SystemRoot\system32\drivers\storport.sys"
    .\debug.cpp(256) : 0x82952000 0x0001d000 "\SystemRoot\system32\DRIVERS\nvstor32.sys"
    .\debug.cpp(256) : 0x8296f000 0x00032000 "\SystemRoot\system32\drivers\fltmgr.sys"
    .\debug.cpp(256) : 0x829a1000 0x00010000 "\SystemRoot\system32\drivers\fileinfo.sys"
    .\debug.cpp(256) : 0x82a02000 0x00071000 "\SystemRoot\System32\Drivers\ksecdd.sys"
    .\debug.cpp(256) : 0x82a73000 0x0010b000 "\SystemRoot\system32\drivers\ndis.sys"
    .\debug.cpp(256) : 0x82b7e000 0x0002b000 "\SystemRoot\system32\drivers\msrpc.sys"
    .\debug.cpp(256) : 0x82ba9000 0x0003b000 "\SystemRoot\system32\drivers\NETIO.SYS"
    .\debug.cpp(256) : 0x8a203000 0x000ea000 "\SystemRoot\System32\drivers\tcpip.sys"
    .\debug.cpp(256) : 0x8a2ed000 0x0001b000 "\SystemRoot\System32\drivers\fwpkclnt.sys"
    .\debug.cpp(256) : 0x8a40b000 0x00110000 "\SystemRoot\System32\Drivers\Ntfs.sys"
    .\debug.cpp(256) : 0x8a51b000 0x00039000 "\SystemRoot\system32\drivers\volsnap.sys"
    .\debug.cpp(256) : 0x8a55c000 0x0000f000 "\SystemRoot\System32\Drivers\mup.sys"
    .\debug.cpp(256) : 0x8a56b000 0x00027000 "\SystemRoot\System32\drivers\ecache.sys"
    .\debug.cpp(256) : 0x8a592000 0x00011000 "\SystemRoot\system32\drivers\disk.sys"
    .\debug.cpp(256) : 0x8a5a3000 0x00021000 "\SystemRoot\system32\drivers\CLASSPNP.SYS"
    .\debug.cpp(256) : 0x8a5c4000 0x00009000 "\SystemRoot\system32\drivers\crcdisk.sys"
    .\debug.cpp(256) : 0x8a400000 0x0000a000 "\SystemRoot\system32\DRIVERS\usbohci.sys"
    .\debug.cpp(256) : 0x8a325000 0x0003e000 "\SystemRoot\system32\DRIVERS\USBPORT.SYS"
    .\debug.cpp(256) : 0x8a5e4000 0x0000f000 "\SystemRoot\system32\DRIVERS\usbehci.sys"
    .\debug.cpp(256) : 0x8a363000 0x00018000 "\SystemRoot\system32\DRIVERS\cdrom.sys"
    .\debug.cpp(256) : 0x8a5f3000 0x00006000 "\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys"
    .\debug.cpp(256) : 0x8a37b000 0x00010000 "\SystemRoot\system32\DRIVERS\ohci1394.sys"
    .\debug.cpp(256) : 0x8a38b000 0x0000e000 "\SystemRoot\system32\DRIVERS\1394BUS.SYS"
    .\debug.cpp(256) : 0x8e203000 0x0008d000 "\SystemRoot\system32\DRIVERS\HDAudBus.sys"
    .\debug.cpp(256) : 0x8e290000 0x0002f000 "\SystemRoot\system32\DRIVERS\msiscsi.sys"
    .\debug.cpp(256) : 0x8e2bf000 0x0000b000 "\SystemRoot\system32\DRIVERS\TDI.SYS"
    .\debug.cpp(256) : 0x8e2ca000 0x00010000 "\SystemRoot\system32\DRIVERS\termdd.sys"
    .\debug.cpp(256) : 0x8e2da000 0x0000b000 "\SystemRoot\system32\DRIVERS\kbdclass.sys"
    .\debug.cpp(256) : 0x8e2e5000 0x0000b000 "\SystemRoot\system32\DRIVERS\mouclass.sys"
    .\debug.cpp(256) : 0x8e2f0000 0x0000c000 "\SystemRoot\system32\DRIVERS\VClone.sys"
    .\debug.cpp(256) : 0x8e2fc000 0x00026000 "\SystemRoot\system32\DRIVERS\SCSIPORT.SYS"
    .\debug.cpp(256) : 0x8e322000 0x00002000 "\SystemRoot\system32\DRIVERS\swenum.sys"
    .\debug.cpp(256) : 0x8e324000 0x0002a000 "\SystemRoot\system32\DRIVERS\ks.sys"
    .\debug.cpp(256) : 0x8e34e000 0x0000a000 "\SystemRoot\system32\DRIVERS\mssmbios.sys"
    .\debug.cpp(256) : 0x8e372000 0x00035000 "\SystemRoot\system32\DRIVERS\usbhub.sys"
    .\debug.cpp(256) : 0x8e3a7000 0x00009000 "\SystemRoot\System32\Drivers\Fs_Rec.SYS"
    .\debug.cpp(256) : 0x8e3b0000 0x00007000 "\SystemRoot\System32\Drivers\Null.SYS"
    .\debug.cpp(256) : 0x8e3b7000 0x00007000 "\SystemRoot\System32\Drivers\Beep.SYS"
    .\debug.cpp(256) : 0x8e3be000 0x0000c000 "\SystemRoot\System32\drivers\vga.sys"
    .\debug.cpp(256) : 0x8e3ca000 0x00021000 "\SystemRoot\System32\drivers\VIDEOPRT.SYS"
    .\debug.cpp(256) : 0x8e3eb000 0x0000c000 "\SystemRoot\System32\drivers\watchdog.sys"
    .\debug.cpp(256) : 0x8e358000 0x0000b000 "\SystemRoot\System32\Drivers\Msfs.SYS"
    .\debug.cpp(256) : 0x8e363000 0x0000e000 "\SystemRoot\System32\Drivers\Npfs.SYS"
    .\debug.cpp(256) : 0x8e3f7000 0x00009000 "\SystemRoot\system32\DRIVERS\hidusb.sys"
    .\debug.cpp(256) : 0x8a399000 0x00010000 "\SystemRoot\system32\DRIVERS\HIDCLASS.SYS"
    .\debug.cpp(256) : 0x8a5f9000 0x00007000 "\SystemRoot\system32\DRIVERS\HIDPARSE.SYS"
    .\debug.cpp(256) : 0x8e200000 0x00002000 "\SystemRoot\system32\DRIVERS\USBD.SYS"
    .\debug.cpp(256) : 0x8a554000 0x00008000 "\SystemRoot\system32\DRIVERS\mouhid.sys"
    .\debug.cpp(256) : 0x8a3b2000 0x0000d000 "\SystemRoot\System32\Drivers\crashdmp.sys"
    .\debug.cpp(256) : 0x8a3bf000 0x0000a000 "\SystemRoot\System32\Drivers\dump_diskdump.sys"
    .\debug.cpp(256) : 0x8a3c9000 0x0001d000 "\SystemRoot\System32\Drivers\dump_nvstor32.sys"
    .\debug.cpp(256) : 0x95e10000 0x00204000 "\SystemRoot\System32\win32k.sys"
    .\debug.cpp(256) : 0x8a3e6000 0x0000a000 "\SystemRoot\System32\drivers\Dxapi.sys"
    .\debug.cpp(256) : 0x96020000 0x00017000 "\SystemRoot\System32\drivers\dxg.sys"
    .\debug.cpp(256) : 0x96050000 0x00009000 "\SystemRoot\System32\TSDDD.dll"
    .\debug.cpp(256) : 0x960d0000 0x00008000 "\SystemRoot\System32\framebuf.dll"
    .\debug.cpp(256) : 0x8a308000 0x00016000 "\SystemRoot\system32\DRIVERS\cdfs.sys"
    .\debug.cpp(256) : 0x829b1000 0x00028000 "\SystemRoot\System32\Drivers\fastfat.SYS"
    .\debug.cpp(256) : 0x8a5cd000 0x00017000 "\SystemRoot\system32\DRIVERS\usbccgp.sys"
    .\debug.cpp(256) : 0x8a3a9000 0x00009000 "\SystemRoot\system32\DRIVERS\kbdhid.sys"
    .\debug.cpp(256) : 0x77270000 0x00128000 "\Windows\System32\ntdll.dll"
    .\debug.cpp(263) : **********************************************
    .\debug.cpp(307) : *** [ DEVICE OBJECTS INFORMATION ] ***********
    .\debug.cpp(308) : **********************************************
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\D:"
    .\debug.cpp(400) : Destination "\Device\CdRom0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomOptiarc_DVD_RW_AD-7190A_________________1.01____#5&1e9e9c82&0&0.1.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP0T1L0-1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDIS"
    .\debug.cpp(400) : Destination "\Device\Ndis"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi3:"
    .\debug.cpp(400) : Destination "\Device\RaidPort1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY1"
    .\debug.cpp(400) : Destination "\Device\Video0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomHL-DT-ST_DVD-ROM_GDR-H30N_______________1.00____#5&1e9e9c82&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP0T0L0-0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}"
    .\debug.cpp(400) : Destination "\Device\00000036"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_046D&PID_C31C#5&1726fcb8&0&8#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy1"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\E:"
    .\debug.cpp(400) : Destination "\Device\CdRom1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy2"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIAdminDevice"
    .\debug.cpp(400) : Destination "\Device\WMIAdminDevice"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi4:"
    .\debug.cpp(400) : Destination "\Device\RaidPort2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SCSIADAPTER#0000#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\00000035"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy3"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy3"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\VolMgrControl"
    .\debug.cpp(400) : Destination "\Device\VolMgrControl"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\00000036"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy4"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy4"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy5"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy5"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIDataDevice"
    .\debug.cpp(400) : Destination "\Device\WMIDataDevice"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi5:"
    .\debug.cpp(400) : Destination "\Device\Scsi\VClone1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy6"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy6"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy7"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy7"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{2eb07ea0-7e70-11d0-a5d6-28db04c10000}"
    .\debug.cpp(400) : Destination "\Device\00000036"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy8"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy8"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PIPE"
    .\debug.cpp(400) : Destination "\Device\NamedPipe"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\G:"
    .\debug.cpp(400) : Destination "\Device\CdRom2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{0a4252a0-7e70-11d0-a5d6-28db04c10000}"
    .\debug.cpp(400) : Destination "\Device\00000036"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\GEARAspiWDMDevice"
    .\debug.cpp(400) : Destination "\Device\GEARAspiWDMDevice"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy9"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy9"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\UNC"
    .\debug.cpp(400) : Destination "\Device\Mup"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD0"
    .\debug.cpp(400) : Destination "\Device\USBFDO-0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\00000036"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_026E&SUBSYS_73501462&REV_A3#3&267a616a&0&59#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0026"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgrMsg"
    .\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgrMsg"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_045E&PID_077B&Col01#6&2993a6c4&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
    .\debug.cpp(400) : Destination "\Device\00000049"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1"
    .\debug.cpp(400) : Destination "\Device\USBFDO-1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_0267&SUBSYS_73501462&REV_A1#3&267a616a&0&78#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0029"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0"
    .\debug.cpp(400) : Destination "\Device\Harddisk0\DR0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_045E&PID_077B&Col02#6&2993a6c4&0&0001#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
    .\debug.cpp(400) : Destination "\Device\0000004a"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_045E&PID_077B#5&1726fcb8&0&7#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PRN"
    .\debug.cpp(400) : Destination "\DosDevices\LPT1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{cf1dda2c-9743-11d0-a3ee-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\00000036"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000}"
    .\debug.cpp(400) : Destination "\Device\00000036"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#FixedButton#2&daba3ff&1#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
    .\debug.cpp(400) : Destination "\Device\00000040"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196}"
    .\debug.cpp(400) : Destination "\Device\00000036"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom0"
    .\debug.cpp(400) : Destination "\Device\CdRom0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom1"
    .\debug.cpp(400) : Destination "\Device\CdRom1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#volmgr#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\00000039"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom2"
    .\debug.cpp(400) : Destination "\Device\CdRom2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#ISCSIPRT#0000#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\00000004"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0C#aa#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
    .\debug.cpp(400) : Destination "\Device\0000003f"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Global"
    .\debug.cpp(400) : Destination "\GLOBAL??"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\LOG:"
    .\debug.cpp(400) : Destination "\clfs"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&321a0af2&0&0#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\Ide\PciIde0Channel0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{f87250a1-14ed-11e0-9c55-806e6f6e6963}"
    .\debug.cpp(400) : Destination "\Device\CdRom1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy10"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy10"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{f872509d-14ed-11e0-9c55-806e6f6e6963}"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomHL-DT-ST_DVD-ROM_GDR-H30N_______________1.00____#5&1e9e9c82&0&0.0.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP0T0L0-0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy11"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy11"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_046D&PID_C31C&MI_01&Col02#7&2dc0306a&0&0001#{4d1e55b2-f16f-11cf-88cb-001111000030}"
    .\debug.cpp(400) : Destination "\Device\00000059"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy12"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy12"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_046D&PID_C31C&MI_00#7&3732fdc6&0&0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
    .\debug.cpp(400) : Destination "\Device\00000057"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy20"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy20"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy13"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy13"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_046D&PID_C31C&MI_01&Col01#7&2dc0306a&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
    .\debug.cpp(400) : Destination "\Device\00000058"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy21"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy21"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy14"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy14"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MountPointManager"
    .\debug.cpp(400) : Destination "\Device\MountPointManager"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&2358b498&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy22"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy22"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy15"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy15"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy16"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy16"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PartmgrControl"
    .\debug.cpp(400) : Destination "\Device\PartmgrControl"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy17"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy17"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NXTIPSECDevice"
    .\debug.cpp(400) : Destination "\Device\NXTIPSEC"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_045E&PID_077B&Col02#6&2993a6c4&0&0001#{4d1e55b2-f16f-11cf-88cb-001111000030}"
    .\debug.cpp(400) : Destination "\Device\0000004a"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
    .\debug.cpp(400) : Destination "\Device\00000036"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy18"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy18"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WFPDev"
    .\debug.cpp(400) : Destination "\Device\WFP"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&19f7e59c&0&SignatureC3265750Offset100000Length4A85B00000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi0:"
    .\debug.cpp(400) : Destination "\Device\Ide\IdePort0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy19"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy19"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomOptiarc_DVD_RW_AD-7190A_________________1.01____#5&1e9e9c82&0&0.1.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP0T1L0-1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\1394BUS0"
    .\debug.cpp(400) : Destination "\Device\1394BUS0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000}"
    .\debug.cpp(400) : Destination "\Device\00000036"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_046D&PID_C31C&MI_00#7&3732fdc6&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
    .\debug.cpp(400) : Destination "\Device\00000057"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCSI#CdRom&Ven_ELBY&Prod_CLONEDRIVE&Rev_1.4#1&2afd7d61&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\Scsi\VClone1Port5Path0Target0Lun0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi1:"
    .\debug.cpp(400) : Destination "\Device\Ide\IdePort1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_0266&SUBSYS_73501462&REV_A1#3&267a616a&0&70#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0028"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCSI#CdRom&Ven_ELBY&Prod_CLONEDRIVE&Rev_1.4#1&2afd7d61&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\Scsi\VClone1Port5Path0Target0Lun0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_026D&SUBSYS_73501462&REV_A3#3&267a616a&0&58#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0025"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgr"
    .\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgr"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\FtControl"
    .\debug.cpp(400) : Destination "\Device\VolMgrControl"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_046D&PID_C31C&MI_01&Col03#7&2dc0306a&0&0002#{4d1e55b2-f16f-11cf-88cb-001111000030}"
    .\debug.cpp(400) : Destination "\Device\0000005a"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\C:"
    .\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{f87250a0-14ed-11e0-9c55-806e6f6e6963}"
    .\debug.cpp(400) : Destination "\Device\CdRom0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\AUX"
    .\debug.cpp(400) : Destination "\DosDevices\COM1"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1106&DEV_3044&SUBSYS_350D1462&REV_C0#4&5505873&0&4880#{6bdd1fc1-810f-11d0-bec7-08002be2092f}"
    .\debug.cpp(400) : Destination "\Device\NTPNP_PCI0034"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\MAILSLOT"
    .\debug.cpp(400) : Destination "\Device\MailSlot"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
    .\debug.cpp(400) : Destination "\Device\00000034"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi2:"
    .\debug.cpp(400) : Destination "\Device\RaidPort0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUL"
    .\debug.cpp(400) : Destination "\Device\Null"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\GLOBALROOT"
    .\debug.cpp(400) : Destination ""
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
    .\debug.cpp(400) : Destination "\Device\00000033"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\WfpAle"
    .\debug.cpp(400) : Destination "\Device\WfpAle"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{031c4fef-2c4c-11e1-bb7d-0019dbf26a19}"
    .\debug.cpp(400) : Destination "\Device\CdRom2"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\SCSI#Disk&Ven_WDC_WD32&Prod_00AAJS-00VWA#4&12a0b57c&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\00000042"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&38c7fd0b&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
    .\debug.cpp(400) : Destination "\Device\USBPDO-0"
    .\debug.cpp(409) : --
    .\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&321a0af2&0&1#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
    .\debug.cpp(400) : Destination "\Device\Ide\PciIde0Channel1"
    .\debug.cpp(409) : --
    .\debug.cpp(453) : **********************************************
    .\boot_cleaner.cpp(565) : System volume is \\.\C:
    .\boot_cleaner.cpp(600) : \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00100000
    .\diskio.cpp(204) : ATA_Read(): DeviceIoControl() ERROR 1
    .\boot_cleaner.cpp(276) : Boot sector MD5 is: 0ec6b2481fc707d1e901dc2a875f2826
    .\boot_cleaner.cpp(1061) :
    .\boot_cleaner.cpp(1062) : Size Device Name MBR Status
    .\boot_cleaner.cpp(1063) : --------------------------------------------
    .\boot_cleaner.cpp(1107) : 298 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)
    .\boot_cleaner.cpp(1113) :
    .\boot_cleaner.cpp(1152) : Done;

    ListParts by Farbar
    Ran by Administrator on 14-01-2012 at 03:38:26
    Windows Vista (X86)
    Running From: F:\
    ************************************************************

    ========================= Memory info ======================

    Percentage of memory in use: 11%
    Total physical RAM: 3070.45 MB
    Available physical RAM: 2702.45 MB
    Total Pagefile: 6339.93 MB
    Available Pagefile: 6162.05 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1983.05 MB

    ======================= Partitions =========================

    1 Drive c: () (Fixed) (Total:298.09 GB) (Free:54.43 GB) NTFS ==>[Drive with boot components (obtanied from BCD)]
    4 Drive f: () (Removable) (Total:7.45 GB) (Free:7.43 GB) FAT32

    Disk ### Status Size Free Dyn Gpt
    -------- ---------- ------- ------- --- ---
    Disk 0 Online 298 GB 0 B
    Disk 1 Online 7650 MB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 298 GB 1024 KB

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 C NTFS Partition 298 GB Healthy System (partition with boot components)

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 7646 MB 4032 KB

    Disk: 1
    Partition 1
    Type : 0C
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 F FAT32 Removable 7646 MB Healthy



    ****** End Of Log ******
    waveofbabies, Jan 14, 2012
    #31

  12. Broni Malware Annihilator

    Does it say anything about "infected with Rootkit.ZeroAccess, and that it has inserted itself into the tcp/ip stack"

    If you don't remember try to re-run Combofix again.
    Broni, Jan 14, 2012
    #32

  13. waveofbabies Newcomer, in training

    Yes, I'm getting the message about rootkit. Honestly dude, are we anywhere close to fixing this? I'm thinking to just screw it and reformat.
    waveofbabies, Jan 14, 2012
    #33

  14. Broni Malware Annihilator

    Go Start>Run (Start search in Vista and 7), type in:
    cmd
    Click OK (in Vista, while holding CTRL, and SHIFT, press Enter).

    At Command Prompt, type in:
    netsh int ip reset reset.log
    Hit Enter.
    Type in:
    netsh winsock reset catalog
    Hit Enter.

    Let me know if the commands ran successfully.

    Restart computer.
    Broni, Jan 14, 2012
    #34

  15. waveofbabies Newcomer, in training

    I typed in netsh int ip reset reset. log and got "There is no user specified setting to be reset.

    I typed in nesh winsock reset catalog and got successfully reset the winsock catalog. I am restarting now.
    waveofbabies, Jan 14, 2012
    #35

  16. waveofbabies Newcomer, in training

    I am just going to format Broni. Thx for your help...
    waveofbabies, Jan 14, 2012
    #36

  17. Broni Malware Annihilator

    Not a problem :)
    Broni, Jan 14, 2012
    #37
Page 2 of 2