Jump to content

Anti RootKit Beta scanned for 5 horus never reached Cleanup Phase


Recommended Posts

Hi,

I'm having an issue that is driving me crazy.

C:\Documents and Settings\RMK\Application Data\AVG

shows on my desktop everytime I start my PC.

I have checked my startup & done a clean boot.

Per Microsoft Support, I have done

sfc /scannow to no avail

I attempted to run MB Anti-RootKit Beta

It ran for 5 hours & failed to reach Cleanup:

The log looks like this...

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.01.0.1016

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

Java version: 1.6.0_37

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED

CPU speed: 1.594000 GHz

Memory total: 1341046784, free: 786096128

------------ Kernel report ------------

01/24/2013 03:09:26

------------ Loaded modules -----------

\WINDOWS\system32\ntoskrnl.exe

\WINDOWS\system32\hal.dll

\WINDOWS\system32\KDCOM.DLL

\WINDOWS\system32\BOOTVID.dll

ACPI.sys

\WINDOWS\System32\DRIVERS\WMILIB.SYS

pci.sys

isapnp.sys

compbatt.sys

\WINDOWS\System32\DRIVERS\BATTC.SYS

pciide.sys

\WINDOWS\System32\DRIVERS\PCIIDEX.SYS

pcmcia.sys

MountMgr.sys

ftdisk.sys

ACPIEC.sys

\WINDOWS\System32\DRIVERS\OPRGHDLR.SYS

PartMgr.sys

Shockprf.sys

VolSnap.sys

atapi.sys

disk.sys

\WINDOWS\System32\DRIVERS\CLASSPNP.SYS

fltmgr.sys

sr.sys

PxHelp20.sys

KSecDD.sys

WudfPf.sys

Ntfs.sys

NDIS.sys

ohci1394.sys

\WINDOWS\System32\DRIVERS\1394BUS.SYS

Mup.sys

avgrkx86.sys

avglogx.sys

avgmfx86.sys

avgidshx.sys

agp440.sys

\SystemRoot\System32\DRIVERS\nic1394.sys

\SystemRoot\System32\DRIVERS\intelppm.sys

\SystemRoot\System32\DRIVERS\ati2mtag.sys

\SystemRoot\System32\DRIVERS\VIDEOPRT.SYS

\SystemRoot\System32\DRIVERS\usbuhci.sys

\SystemRoot\System32\DRIVERS\USBPORT.SYS

\SystemRoot\System32\DRIVERS\usbehci.sys

\SystemRoot\System32\DRIVERS\e1000325.sys

\SystemRoot\System32\DRIVERS\ar5211.sys

\SystemRoot\System32\DRIVERS\i8042prt.sys

\SystemRoot\System32\DRIVERS\kbdclass.sys

\SystemRoot\System32\DRIVERS\SynTP.sys

\SystemRoot\System32\DRIVERS\USBD.SYS

\SystemRoot\System32\DRIVERS\WDFLDR.SYS

\SystemRoot\System32\Drivers\wdf01000.sys

\SystemRoot\System32\DRIVERS\mouclass.sys

\SystemRoot\System32\DRIVERS\fdc.sys

\SystemRoot\System32\DRIVERS\serial.sys

\SystemRoot\System32\DRIVERS\serenum.sys

\SystemRoot\System32\DRIVERS\parport.sys

\SystemRoot\System32\DRIVERS\nscirda.sys

\SystemRoot\System32\DRIVERS\irenum.sys

\SystemRoot\System32\DRIVERS\CmBatt.sys

\SystemRoot\System32\DRIVERS\ibmpmdrv.sys

\SystemRoot\System32\DRIVERS\imapi.sys

\SystemRoot\System32\DRIVERS\cdrom.sys

\SystemRoot\System32\DRIVERS\redbook.sys

\SystemRoot\System32\DRIVERS\ks.sys

\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

\SystemRoot\system32\drivers\smwdm.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\system32\drivers\aeaudio.sys

\SystemRoot\System32\DRIVERS\AGRSM.sys

\SystemRoot\System32\Drivers\Modem.SYS

\SystemRoot\System32\DRIVERS\audstub.sys

\SystemRoot\System32\DRIVERS\rasirda.sys

\SystemRoot\System32\DRIVERS\TDI.SYS

\SystemRoot\System32\DRIVERS\rasl2tp.sys

\SystemRoot\System32\DRIVERS\ndistapi.sys

\SystemRoot\System32\DRIVERS\ndiswan.sys

\SystemRoot\System32\DRIVERS\raspppoe.sys

\SystemRoot\System32\DRIVERS\raspptp.sys

\SystemRoot\System32\DRIVERS\psched.sys

\SystemRoot\System32\DRIVERS\msgpc.sys

\SystemRoot\System32\DRIVERS\ptilink.sys

\SystemRoot\System32\DRIVERS\raspti.sys

\SystemRoot\System32\Drivers\pcouffin.sys

\SystemRoot\System32\DRIVERS\rdpdr.sys

\SystemRoot\System32\DRIVERS\termdd.sys

\SystemRoot\System32\DRIVERS\swenum.sys

\SystemRoot\System32\DRIVERS\update.sys

\SystemRoot\System32\DRIVERS\mssmbios.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\System32\DRIVERS\usbhub.sys

\SystemRoot\System32\Drivers\i2omgmt.SYS

\SystemRoot\System32\Drivers\Fs_Rec.SYS

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\Drivers\mnmdd.SYS

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\System32\DRIVERS\rasacd.sys

\SystemRoot\System32\DRIVERS\ipsec.sys

\SystemRoot\System32\DRIVERS\tcpip.sys

\SystemRoot\system32\DRIVERS\avgtdix.sys

\SystemRoot\System32\DRIVERS\ipnat.sys

\SystemRoot\System32\DRIVERS\wanarp.sys

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\System32\drivers\afd.sys

\SystemRoot\System32\DRIVERS\netbios.sys

\SystemRoot\System32\drivers\TSMAPIP.SYS

\SystemRoot\System32\drivers\Tppwr.sys

\SystemRoot\System32\Drivers\TPHKDRV.SYS

\SystemRoot\System32\drivers\TDSMAPI.SYS

\SystemRoot\System32\drivers\Smapint.sys

\SystemRoot\System32\DRIVERS\rdbss.sys

\SystemRoot\System32\DRIVERS\mrxsmb.sys

\SystemRoot\System32\drivers\IBMBLDID.SYS

\SystemRoot\System32\Drivers\Fips.SYS

\SystemRoot\System32\DRIVERS\arp1394.sys

\SystemRoot\system32\DRIVERS\avgldx86.sys

\SystemRoot\system32\DRIVERS\avgidsshimx.sys

\SystemRoot\system32\DRIVERS\avgidsdriverx.sys

\SystemRoot\System32\Drivers\Cdfs.SYS

\SystemRoot\System32\Drivers\dump_atapi.sys

\SystemRoot\System32\Drivers\dump_WMILIB.SYS

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\System32\watchdog.sys

\SystemRoot\System32\drivers\dxg.sys

\SystemRoot\System32\drivers\dxgthk.sys

\SystemRoot\System32\ati2dvag.dll

\SystemRoot\System32\ati2cqag.dll

\SystemRoot\System32\atikvmag.dll

\SystemRoot\System32\ati3duag.dll

\SystemRoot\System32\ativvaxx.dll

\SystemRoot\System32\ATMFD.DLL

\SystemRoot\system32\DRIVERS\fssfltr_tdi.sys

\SystemRoot\System32\DRIVERS\irda.sys

\SystemRoot\System32\DRIVERS\mdc8021x.sys

\SystemRoot\System32\DRIVERS\ndisuio.sys

\SystemRoot\System32\DRIVERS\mrxdav.sys

\SystemRoot\System32\Drivers\ParVdm.SYS

\SystemRoot\System32\DRIVERS\srv.sys

\??\C:\WINDOWS\system32\drivers\PMEMNT.SYS

\SystemRoot\System32\Drivers\ShockMgr.SYS

\SystemRoot\system32\drivers\wdmaud.sys

\SystemRoot\system32\drivers\sysaudio.sys

\SystemRoot\System32\Drivers\HTTP.sys

\SystemRoot\system32\drivers\kmixer.sys

\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys

\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys

\WINDOWS\system32\ntdll.dll

----------- End -----------

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xffffffff8a0e0ab8

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-3\

Lower Device Object: 0xffffffff8a0c8d98

Lower Device Driver Name: \Driver\atapi\

Driver name found: atapi

Initialization returned 0x0

Load Function returned 0x0

Downloaded database version: v2013.01.24.04

Downloaded database version: v2013.01.23.01

Initializing...

Done!

<<<2>>>

Device number: 0, partition: 1

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xffffffff8a0e0ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xffffffff8a0c6e08, DeviceName: Unknown, DriverName: \Driver\PartMgr\

DevicePointer: 0xffffffff8a12e918, DeviceName: \Device\Shockpf0\, DriverName: \Driver\Shockprf\

DevicePointer: 0xffffffff8a0e0ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xffffffff8a0bd9e8, DeviceName: \Device\00000084\, DriverName: \Driver\ACPI\

DevicePointer: 0xffffffff8a0c8d98, DeviceName: \Device\Ide\IdeDeviceP0T0L0-3\, DriverName: \Driver\atapi\

------------ End ----------

Upper DeviceData: 0xffffffffe2cf8f80, 0xffffffff8a0e0ab8, 0xffffffff89591ab8

Lower DeviceData: 0xffffffffe2d762a0, 0xffffffff8a0c8d98, 0xffffffff892b4340

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning directory: C:\WINDOWS\system32\drivers...

The directory C:\WINDOWS\system32\drivers seems inaccessible or encrypted.

Drivers scan is aborted.

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: CCCDCCCD

Partition information:

Partition 0 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 63 Numsec = 110179377

Partition file system is NTFS

Partition is bootable

Partition 1 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 56419345408 bytes

Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-110174034-110194034)...

Done!

Performing system, memory and registry scan...

Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{11111111-1111-1111-1111-110011221158} --> [Adware.GamePlayLab]

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.01.0.1016

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

Java version: 1.6.0_37

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED

CPU speed: 1.594000 GHz

Memory total: 1341046784, free: 759234560

=======================================

Any assistance is appreciated.

Thanks,

Dwayne

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.