Jump to content

Rootkit infection


sebdmd

Recommended Posts

I have a Sony PC running XP Media Center Edition with SP3 that suddenly became ill. Running painfully slow and security programs wont run. Im unable to run MBAM or HJT. I looked on the self help section of this site and found the post by Malware BBQ'er explaining the TDL2 Rootkit infection. I followed his instructions and performed a scan with Rootrepeal but I can't find any of the prefixes in Malware BBQ'er's list. I am posting the Rootrepeal report with the hopes that a kind expert may be able to identify the rootkit driver. I posted this report earlier but without explanation. Forgive my inexperience.rootrepealscan2.txt

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.

-screen317

Link to post
Share on other sites

Thank you Screen 317. TDSS log found two files.

22:05:02.0500 1900 TDSS rootkit removing tool 2.6.9.0 Oct 14 2011 11:33:24

22:05:02.0781 1900 ============================================================

22:05:02.0781 1900 Current date / time: 2011/10/16 22:05:02.0781

22:05:02.0781 1900 SystemInfo:

22:05:02.0781 1900

22:05:02.0781 1900 OS Version: 5.1.2600 ServicePack: 3.0

22:05:02.0781 1900 Product type: Workstation

22:05:02.0781 1900 ComputerName: DADS

22:05:02.0781 1900 UserName: Sean

22:05:02.0781 1900 Windows directory: C:\WINDOWS

22:05:02.0781 1900 System windows directory: C:\WINDOWS

22:05:02.0781 1900 Processor architecture: Intel x86

22:05:02.0781 1900 Number of processors: 2

22:05:02.0781 1900 Page size: 0x1000

22:05:02.0781 1900 Boot type: Normal boot

22:05:02.0781 1900 ============================================================

22:05:04.0328 1900 Initialize success

22:05:12.0859 0240 ============================================================

22:05:12.0859 0240 Scan started

22:05:12.0859 0240 Mode: Manual;

22:05:12.0859 0240 ============================================================

22:05:13.0640 0240 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys

22:05:13.0656 0240 61883 - ok

22:05:13.0750 0240 Abiosdsk - ok

22:05:13.0828 0240 abp480n5 - ok

22:05:13.0953 0240 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

22:05:13.0953 0240 ACPI - ok

22:05:14.0062 0240 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

22:05:14.0062 0240 ACPIEC - ok

22:05:14.0156 0240 adpu160m - ok

22:05:14.0265 0240 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

22:05:14.0265 0240 aec - ok

22:05:14.0375 0240 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

22:05:14.0390 0240 AFD - ok

22:05:14.0531 0240 AgereSoftModem (f1a97570ea402493bcc22246e8141ae6) C:\WINDOWS\system32\DRIVERS\AGRSM.sys

22:05:14.0578 0240 AgereSoftModem - ok

22:05:14.0703 0240 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

22:05:14.0718 0240 agp440 - ok

22:05:14.0812 0240 Aha154x - ok

22:05:14.0890 0240 aic78u2 - ok

22:05:15.0015 0240 aic78xx - ok

22:05:15.0109 0240 AliIde - ok

22:05:15.0203 0240 amsint - ok

22:05:15.0312 0240 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

22:05:15.0328 0240 Arp1394 - ok

22:05:15.0421 0240 asc - ok

22:05:15.0515 0240 asc3350p - ok

22:05:15.0609 0240 asc3550 - ok

22:05:15.0750 0240 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

22:05:15.0750 0240 AsyncMac - ok

22:05:15.0859 0240 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

22:05:15.0859 0240 atapi - ok

22:05:15.0937 0240 Atdisk - ok

22:05:16.0062 0240 ati2mtag (5c14ed10c8f55968ad87e2ed0df5a745) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

22:05:16.0093 0240 ati2mtag - ok

22:05:16.0203 0240 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

22:05:16.0203 0240 Atmarpc - ok

22:05:16.0328 0240 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

22:05:16.0328 0240 audstub - ok

22:05:16.0453 0240 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys

22:05:16.0468 0240 Avc - ok

22:05:16.0593 0240 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

22:05:16.0593 0240 Beep - ok

22:05:16.0640 0240 catchme - ok

22:05:16.0750 0240 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

22:05:16.0750 0240 cbidf2k - ok

22:05:16.0859 0240 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

22:05:16.0859 0240 CCDECODE - ok

22:05:16.0968 0240 cd20xrnt - ok

22:05:17.0078 0240 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

22:05:17.0078 0240 Cdaudio - ok

22:05:17.0187 0240 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

22:05:17.0187 0240 Cdfs - ok

22:05:17.0296 0240 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

22:05:17.0296 0240 Cdrom - ok

22:05:17.0375 0240 Changer - ok

22:05:17.0484 0240 CmdIde - ok

22:05:17.0593 0240 COMMONFX (8ed4497e4cc0c030eac8e2ffa1dd9679) C:\WINDOWS\system32\drivers\COMMONFX.SYS

22:05:17.0609 0240 COMMONFX - ok

22:05:17.0734 0240 COMMONFX.DLL (1ef05b641e9a67ded74ac8ad40055dbf) C:\WINDOWS\system32\COMMONFX.DLL

22:05:17.0734 0240 COMMONFX.DLL - ok

22:05:17.0890 0240 COMMONFX.SYS (8ed4497e4cc0c030eac8e2ffa1dd9679) C:\WINDOWS\System32\drivers\COMMONFX.SYS

22:05:17.0890 0240 COMMONFX.SYS - ok

22:05:18.0015 0240 Cpqarray - ok

22:05:18.0125 0240 CT20XUT.DLL (6191a973461852a09d643609e1d5f7c6) C:\WINDOWS\system32\CT20XUT.DLL

22:05:18.0125 0240 CT20XUT.DLL - ok

22:05:18.0281 0240 ctac32k (8ac5f77e30e37d2d11bd99eff0c53d8c) C:\WINDOWS\system32\drivers\ctac32k.sys

22:05:18.0312 0240 ctac32k - ok

22:05:18.0453 0240 ctaud2k (673241d314e932f4890509ae8ebf26db) C:\WINDOWS\system32\drivers\ctaud2k.sys

22:05:18.0484 0240 ctaud2k - ok

22:05:18.0609 0240 CTAUDFX (ab3456984b59d1425befc0d457d41dd4) C:\WINDOWS\system32\drivers\CTAUDFX.SYS

22:05:18.0640 0240 CTAUDFX - ok

22:05:18.0796 0240 CTAUDFX.DLL (472b82d7e549e7fab428852e4d16f21d) C:\WINDOWS\system32\CTAUDFX.DLL

22:05:18.0812 0240 CTAUDFX.DLL - ok

22:05:18.0953 0240 CTAUDFX.SYS (ab3456984b59d1425befc0d457d41dd4) C:\WINDOWS\System32\drivers\CTAUDFX.SYS

22:05:18.0968 0240 CTAUDFX.SYS - ok

22:05:19.0109 0240 ctdvda2k (ed316d4c3d39c5b6c23de067e275c183) C:\WINDOWS\system32\drivers\ctdvda2k.sys

22:05:19.0125 0240 ctdvda2k - ok

22:05:19.0250 0240 CTEAPSFX.DLL (6a57f82009563aee8826f117e1d3c72c) C:\WINDOWS\system32\CTEAPSFX.DLL

22:05:19.0250 0240 CTEAPSFX.DLL - ok

22:05:19.0390 0240 CTEDSPFX.DLL (c8ac1ffaeadd655193d7b1811a572d8d) C:\WINDOWS\system32\CTEDSPFX.DLL

22:05:19.0406 0240 CTEDSPFX.DLL - ok

22:05:19.0500 0240 CTEDSPIO.DLL (44495d9daf675257d00b25b041ee6667) C:\WINDOWS\system32\CTEDSPIO.DLL

22:05:19.0515 0240 CTEDSPIO.DLL - ok

22:05:19.0625 0240 CTEDSPSY.DLL (8e90b1762cb42e2fc76dac9210c83c66) C:\WINDOWS\system32\CTEDSPSY.DLL

22:05:19.0656 0240 CTEDSPSY.DLL - ok

22:05:19.0781 0240 CTERFXFX (b4297863e9fce34c0493fca66f0970a2) C:\WINDOWS\system32\drivers\CTERFXFX.SYS

22:05:19.0781 0240 CTERFXFX - ok

22:05:19.0890 0240 CTERFXFX.DLL (d3fbd9983325435b06795f29cb57ed3d) C:\WINDOWS\system32\CTERFXFX.DLL

22:05:19.0890 0240 CTERFXFX.DLL - ok

22:05:20.0031 0240 CTERFXFX.SYS (b4297863e9fce34c0493fca66f0970a2) C:\WINDOWS\System32\drivers\CTERFXFX.SYS

22:05:20.0031 0240 CTERFXFX.SYS - ok

22:05:20.0187 0240 CTEXFIFX.DLL (2c48e9d8ca703964463f27ae341115b7) C:\WINDOWS\system32\CTEXFIFX.DLL

22:05:20.0234 0240 CTEXFIFX.DLL - ok

22:05:20.0343 0240 CTHWIUT.DLL (f7657c598e7c29c6683c1e4a8dd68884) C:\WINDOWS\system32\CTHWIUT.DLL

22:05:20.0343 0240 CTHWIUT.DLL - ok

22:05:20.0453 0240 ctprxy2k (34e7f8a499fd8361df14fedb724c0ad3) C:\WINDOWS\system32\drivers\ctprxy2k.sys

22:05:20.0453 0240 ctprxy2k - ok

22:05:20.0578 0240 CTSBLFX (d665da6b6aea45b9db090096f2aef023) C:\WINDOWS\system32\drivers\CTSBLFX.SYS

22:05:20.0625 0240 CTSBLFX - ok

22:05:20.0796 0240 CTSBLFX.DLL (679ae21eb7f48a08184813aebabdec7c) C:\WINDOWS\system32\CTSBLFX.DLL

22:05:20.0812 0240 CTSBLFX.DLL - ok

22:05:20.0968 0240 CTSBLFX.SYS (d665da6b6aea45b9db090096f2aef023) C:\WINDOWS\System32\drivers\CTSBLFX.SYS

22:05:20.0968 0240 CTSBLFX.SYS - ok

22:05:21.0093 0240 ctsfm2k (32098497cb4dfe9ea7660fa62dd91060) C:\WINDOWS\system32\drivers\ctsfm2k.sys

22:05:21.0109 0240 ctsfm2k - ok

22:05:21.0187 0240 dac2w2k - ok

22:05:21.0281 0240 dac960nt - ok

22:05:21.0406 0240 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

22:05:21.0406 0240 Disk - ok

22:05:21.0546 0240 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

22:05:21.0578 0240 dmboot - ok

22:05:21.0718 0240 DMICall (526192bf7696f72e29777bf4a180513a) C:\WINDOWS\system32\DRIVERS\DMICall.sys

22:05:21.0718 0240 DMICall - ok

22:05:21.0812 0240 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

22:05:21.0828 0240 dmio - ok

22:05:21.0937 0240 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

22:05:21.0937 0240 dmload - ok

22:05:22.0031 0240 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

22:05:22.0031 0240 DMusic - ok

22:05:22.0140 0240 dpti2o - ok

22:05:22.0234 0240 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

22:05:22.0234 0240 drmkaud - ok

22:05:22.0343 0240 E1000 (2476936f4994e9084ccfe75ed4f6226a) C:\WINDOWS\system32\DRIVERS\e1000325.sys

22:05:22.0343 0240 E1000 - ok

22:05:22.0484 0240 emupia (2885f72d2daffd0329272f12e16d6579) C:\WINDOWS\system32\drivers\emupia2k.sys

22:05:22.0484 0240 emupia - ok

22:05:22.0625 0240 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

22:05:22.0625 0240 Fastfat - ok

22:05:22.0703 0240 fba8a1d8 (91710672077dc27133d2450d726040fc) C:\WINDOWS\3634473211:72834599.exe

22:05:24.0546 0240 Suspicious file (Hidden): C:\WINDOWS\3634473211:72834599.exe. md5: 91710672077dc27133d2450d726040fc

22:05:24.0546 0240 fba8a1d8 ( HiddenFile.Multi.Generic ) - warning

22:05:24.0546 0240 fba8a1d8 - detected HiddenFile.Multi.Generic (1)

22:05:24.0687 0240 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

22:05:24.0687 0240 Fdc - ok

22:05:24.0812 0240 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

22:05:24.0828 0240 Fips - ok

22:05:24.0937 0240 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

22:05:24.0937 0240 Flpydisk - ok

22:05:25.0093 0240 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

22:05:25.0109 0240 FltMgr - ok

22:05:25.0203 0240 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

22:05:25.0203 0240 Fs_Rec - ok

22:05:25.0312 0240 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

22:05:25.0328 0240 Ftdisk - ok

22:05:25.0437 0240 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys

22:05:25.0437 0240 gameenum - ok

22:05:25.0546 0240 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

22:05:25.0546 0240 GEARAspiWDM - ok

22:05:25.0656 0240 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

22:05:25.0656 0240 Gpc - ok

22:05:25.0843 0240 ha10kx2k (da2c735b66d2e7b739f9a46146581a9d) C:\WINDOWS\system32\drivers\ha10kx2k.sys

22:05:25.0875 0240 ha10kx2k - ok

22:05:26.0000 0240 hap16v2k (5c7d6d68796e4621b4168c879908dae0) C:\WINDOWS\system32\drivers\hap16v2k.sys

22:05:26.0015 0240 hap16v2k - ok

22:05:26.0109 0240 hap17v2k (a595b88ad16d8b5693ddf08113caf30e) C:\WINDOWS\system32\drivers\hap17v2k.sys

22:05:26.0125 0240 hap17v2k - ok

22:05:26.0250 0240 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

22:05:26.0250 0240 HidUsb - ok

22:05:26.0359 0240 hpn - ok

22:05:26.0531 0240 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys

22:05:26.0546 0240 HPZid412 - ok

22:05:26.0656 0240 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

22:05:26.0656 0240 HPZipr12 - ok

22:05:26.0796 0240 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

22:05:26.0796 0240 HPZius12 - ok

22:05:26.0906 0240 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

22:05:26.0906 0240 HTTP - ok

22:05:27.0015 0240 i2omgmt - ok

22:05:27.0109 0240 i2omp - ok

22:05:27.0218 0240 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

22:05:27.0218 0240 i8042prt - ok

22:05:27.0359 0240 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

22:05:27.0359 0240 Imapi - ok

22:05:27.0468 0240 ini910u - ok

22:05:27.0562 0240 IntelIde - ok

22:05:27.0687 0240 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

22:05:27.0687 0240 intelppm - ok

22:05:27.0812 0240 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

22:05:27.0812 0240 ip6fw - ok

22:05:27.0921 0240 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

22:05:27.0921 0240 IpFilterDriver - ok

22:05:28.0031 0240 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

22:05:28.0031 0240 IpInIp - ok

22:05:28.0140 0240 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

22:05:28.0156 0240 IpNat - ok

22:05:28.0265 0240 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

22:05:28.0265 0240 IPSec - ok

22:05:28.0390 0240 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

22:05:28.0390 0240 IRENUM - ok

22:05:28.0515 0240 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

22:05:28.0515 0240 isapnp - ok

22:05:28.0625 0240 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

22:05:28.0640 0240 Kbdclass - ok

22:05:28.0765 0240 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

22:05:28.0781 0240 kmixer - ok

22:05:28.0890 0240 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

22:05:28.0906 0240 KSecDD - ok

22:05:29.0000 0240 lbrtfdc - ok

22:05:29.0156 0240 mfeavfk (bafdd5e28baea99d7f4772af2f5ec7ee) C:\WINDOWS\system32\drivers\mfeavfk.sys

22:05:29.0156 0240 mfeavfk - ok

22:05:29.0265 0240 mfebopk (1d003e3056a43d881597d6763e83b943) C:\WINDOWS\system32\drivers\mfebopk.sys

22:05:29.0265 0240 mfebopk - ok

22:05:29.0390 0240 mfehidk (3f138a1c8a0659f329f242d1e389b2cf) C:\WINDOWS\system32\drivers\mfehidk.sys

22:05:29.0390 0240 mfehidk - ok

22:05:29.0500 0240 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\WINDOWS\system32\drivers\mferkdk.sys

22:05:29.0500 0240 mferkdk - ok

22:05:29.0625 0240 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\WINDOWS\system32\drivers\mfesmfk.sys

22:05:29.0625 0240 mfesmfk - ok

22:05:29.0750 0240 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

22:05:29.0750 0240 mnmdd - ok

22:05:29.0875 0240 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

22:05:29.0875 0240 Modem - ok

22:05:29.0968 0240 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

22:05:29.0968 0240 Mouclass - ok

22:05:30.0093 0240 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

22:05:30.0093 0240 MountMgr - ok

22:05:30.0187 0240 mraid35x - ok

22:05:30.0296 0240 mrtRate - ok

22:05:30.0421 0240 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

22:05:30.0421 0240 MRxDAV - ok

22:05:30.0546 0240 MRxSmb (017075e1fd325fedc55aaf6bed0814ae) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

22:05:30.0578 0240 MRxSmb ( Rootkit.Win32.ZAccess.e ) - infected

22:05:30.0578 0240 MRxSmb - detected Rootkit.Win32.ZAccess.e (0)

22:05:30.0734 0240 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys

22:05:30.0734 0240 MSDV - ok

22:05:30.0828 0240 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

22:05:30.0828 0240 Msfs - ok

22:05:30.0937 0240 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

22:05:30.0937 0240 MSKSSRV - ok

22:05:31.0062 0240 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

22:05:31.0062 0240 MSPCLOCK - ok

22:05:31.0171 0240 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

22:05:31.0171 0240 MSPQM - ok

22:05:31.0281 0240 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

22:05:31.0281 0240 mssmbios - ok

22:05:31.0375 0240 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

22:05:31.0375 0240 MSTEE - ok

22:05:31.0468 0240 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

22:05:31.0484 0240 Mup - ok

22:05:31.0578 0240 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

22:05:31.0578 0240 NABTSFEC - ok

22:05:31.0703 0240 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

22:05:31.0718 0240 NDIS - ok

22:05:31.0859 0240 ndiscm (b797ee2ef919c95561dee78b72b33e5b) C:\WINDOWS\system32\DRIVERS\NetMotCM.sys

22:05:31.0859 0240 ndiscm - ok

22:05:31.0968 0240 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

22:05:31.0968 0240 NdisIP - ok

22:05:32.0062 0240 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

22:05:32.0062 0240 NdisTapi - ok

22:05:32.0187 0240 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

22:05:32.0203 0240 Ndisuio - ok

22:05:32.0312 0240 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

22:05:32.0312 0240 NdisWan - ok

22:05:32.0421 0240 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys

22:05:32.0421 0240 NDProxy - ok

22:05:32.0531 0240 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

22:05:32.0531 0240 NetBIOS - ok

22:05:32.0640 0240 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

22:05:32.0640 0240 NetBT - ok

22:05:32.0828 0240 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

22:05:32.0828 0240 NIC1394 - ok

22:05:32.0953 0240 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

22:05:32.0953 0240 Npfs - ok

22:05:33.0093 0240 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

22:05:33.0125 0240 Ntfs - ok

22:05:33.0265 0240 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

22:05:33.0265 0240 Null - ok

22:05:33.0437 0240 nv (c36066ec30521cebaf52127027755798) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

22:05:33.0468 0240 nv - ok

22:05:33.0609 0240 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

22:05:33.0609 0240 NwlnkFlt - ok

22:05:33.0718 0240 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

22:05:33.0734 0240 NwlnkFwd - ok

22:05:33.0843 0240 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

22:05:33.0843 0240 ohci1394 - ok

22:05:33.0984 0240 ossrv (61c85afeaa6ef0c1b32d43f84f7bfbcf) C:\WINDOWS\system32\drivers\ctoss2k.sys

22:05:33.0984 0240 ossrv - ok

22:05:34.0140 0240 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

22:05:34.0140 0240 Parport - ok

22:05:34.0265 0240 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

22:05:34.0265 0240 PartMgr - ok

22:05:34.0375 0240 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

22:05:34.0375 0240 ParVdm - ok

22:05:34.0484 0240 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

22:05:34.0484 0240 PCI - ok

22:05:34.0562 0240 PCIDump - ok

22:05:34.0703 0240 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

22:05:34.0703 0240 PCIIde - ok

22:05:34.0812 0240 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

22:05:34.0828 0240 Pcmcia - ok

22:05:34.0921 0240 PDCOMP - ok

22:05:35.0015 0240 PDFRAME - ok

22:05:35.0093 0240 PDRELI - ok

22:05:35.0187 0240 PDRFRAME - ok

22:05:35.0281 0240 perc2 - ok

22:05:35.0375 0240 perc2hib - ok

22:05:35.0531 0240 pnarp (36fcac4fa28b462ca867742dea59b0d0) C:\WINDOWS\system32\DRIVERS\pnarp.sys

22:05:35.0531 0240 pnarp - ok

22:05:35.0671 0240 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

22:05:35.0687 0240 PptpMiniport - ok

22:05:35.0781 0240 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

22:05:35.0781 0240 Processor - ok

22:05:35.0890 0240 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

22:05:35.0890 0240 PSched - ok

22:05:36.0000 0240 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

22:05:36.0015 0240 Ptilink - ok

22:05:36.0125 0240 purendis (d8ac00388262b1a4878a7ee12f31d376) C:\WINDOWS\system32\DRIVERS\purendis.sys

22:05:36.0125 0240 purendis - ok

22:05:36.0234 0240 PxHelp20 (fd9d44ec6d99edfa3782f870b7e00682) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys

22:05:36.0234 0240 PxHelp20 - ok

22:05:36.0328 0240 ql1080 - ok

22:05:36.0406 0240 Ql10wnt - ok

22:05:36.0484 0240 ql12160 - ok

22:05:36.0578 0240 ql1240 - ok

22:05:36.0656 0240 ql1280 - ok

22:05:36.0765 0240 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

22:05:36.0765 0240 RasAcd - ok

22:05:36.0875 0240 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

22:05:36.0875 0240 Rasl2tp - ok

22:05:37.0000 0240 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

22:05:37.0015 0240 RasPppoe - ok

22:05:37.0109 0240 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

22:05:37.0109 0240 Raspti - ok

22:05:37.0218 0240 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

22:05:37.0218 0240 Rdbss - ok

22:05:37.0328 0240 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

22:05:37.0328 0240 RDPCDD - ok

22:05:37.0468 0240 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

22:05:37.0468 0240 rdpdr - ok

22:05:37.0578 0240 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

22:05:37.0578 0240 RDPWD - ok

22:05:37.0703 0240 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

22:05:37.0703 0240 redbook - ok

22:05:37.0812 0240 rootrepeal - ok

22:05:37.0937 0240 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS

22:05:37.0937 0240 rtl8139 - ok

22:05:38.0078 0240 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

22:05:38.0078 0240 Secdrv - ok

22:05:38.0234 0240 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys

22:05:38.0234 0240 Serial - ok

22:05:38.0453 0240 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

22:05:38.0453 0240 Sfloppy - ok

22:05:38.0562 0240 Simbad - ok

22:05:38.0656 0240 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

22:05:38.0656 0240 SLIP - ok

22:05:38.0812 0240 smrt (c879d47cc3fe8be4ba6c3ed18fe3947d) C:\WINDOWS\system32\DRIVERS\smrt.sys

22:05:38.0843 0240 smrt - ok

22:05:39.0031 0240 SonyLSM (ed9a10456e25de7a3350f896b962f60a) C:\WINDOWS\system32\Drivers\SonyLSM.sys

22:05:39.0031 0240 SonyLSM - ok

22:05:39.0109 0240 Sparrow - ok

22:05:39.0218 0240 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

22:05:39.0218 0240 splitter - ok

22:05:39.0328 0240 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

22:05:39.0343 0240 sr - ok

22:05:39.0468 0240 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys

22:05:39.0500 0240 Srv - ok

22:05:39.0640 0240 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

22:05:39.0640 0240 streamip - ok

22:05:39.0765 0240 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

22:05:39.0765 0240 swenum - ok

22:05:39.0875 0240 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

22:05:39.0875 0240 swmidi - ok

22:05:40.0015 0240 symc810 - ok

22:05:40.0109 0240 symc8xx - ok

22:05:40.0187 0240 sym_hi - ok

22:05:40.0281 0240 sym_u3 - ok

22:05:40.0390 0240 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

22:05:40.0390 0240 sysaudio - ok

22:05:40.0546 0240 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

22:05:40.0578 0240 Tcpip - ok

22:05:40.0718 0240 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys

22:05:40.0718 0240 Tcpip6 - ok

22:05:40.0828 0240 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

22:05:40.0828 0240 TDPIPE - ok

22:05:40.0953 0240 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

22:05:40.0968 0240 TDTCP - ok

22:05:41.0156 0240 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

22:05:41.0250 0240 TermDD - ok

22:05:41.0390 0240 tmcomm - ok

22:05:41.0468 0240 TosIde - ok

22:05:41.0609 0240 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys

22:05:41.0703 0240 tunmp - ok

22:05:41.0828 0240 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

22:05:41.0828 0240 Udfs - ok

22:05:41.0921 0240 ultra - ok

22:05:42.0109 0240 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

22:05:42.0140 0240 Update - ok

22:05:42.0312 0240 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys

22:05:42.0312 0240 USBAAPL - ok

22:05:42.0421 0240 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

22:05:42.0421 0240 usbccgp - ok

22:05:42.0531 0240 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

22:05:42.0546 0240 usbehci - ok

22:05:42.0640 0240 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

22:05:42.0640 0240 usbhub - ok

22:05:42.0750 0240 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

22:05:42.0765 0240 usbprint - ok

22:05:42.0890 0240 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

22:05:42.0890 0240 usbscan - ok

22:05:42.0984 0240 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

22:05:42.0984 0240 USBSTOR - ok

22:05:43.0093 0240 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

22:05:43.0093 0240 usbuhci - ok

22:05:43.0296 0240 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

22:05:43.0296 0240 VgaSave - ok

22:05:43.0390 0240 ViaIde - ok

22:05:43.0500 0240 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

22:05:43.0515 0240 VolSnap - ok

22:05:43.0656 0240 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

22:05:43.0656 0240 Wanarp - ok

22:05:43.0781 0240 WDICA - ok

22:05:43.0906 0240 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

22:05:43.0921 0240 wdmaud - ok

22:05:44.0140 0240 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

22:05:44.0140 0240 WSTCODEC - ok

22:05:44.0265 0240 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk0\DR0

22:05:44.0750 0240 \Device\Harddisk0\DR0 - ok

22:05:44.0796 0240 MBR (0x1B8) (bbb0a0725ad66f38b1a32135f3cb55d6) \Device\Harddisk1\DR4

22:05:44.0828 0240 \Device\Harddisk1\DR4 - ok

22:05:44.0875 0240 MBR (0x1B8) (a4a15d6782e6fe1dce41a606cb3affe3) \Device\Harddisk2\DR5

22:05:54.0984 0240 \Device\Harddisk2\DR5 - ok

22:05:55.0000 0240 Boot (0x1200) (8072bfd4defdb5bfac42475ef7557a9b) \Device\Harddisk0\DR0\Partition0

22:05:55.0000 0240 \Device\Harddisk0\DR0\Partition0 - ok

22:05:55.0031 0240 Boot (0x1200) (420b414caeb6a3f2edd7c78ef66ebc78) \Device\Harddisk0\DR0\Partition1

22:05:55.0031 0240 \Device\Harddisk0\DR0\Partition1 - ok

22:05:55.0062 0240 Boot (0x1200) (42116d2c0685234e0ed80b0595f4b5cc) \Device\Harddisk1\DR4\Partition0

22:05:55.0078 0240 \Device\Harddisk1\DR4\Partition0 - ok

22:05:55.0093 0240 Boot (0x1200) (10aaec399c2db34d97bbb04a280ee7e0) \Device\Harddisk2\DR5\Partition0

22:05:55.0093 0240 \Device\Harddisk2\DR5\Partition0 - ok

22:05:55.0093 0240 ============================================================

22:05:55.0093 0240 Scan finished

22:05:55.0093 0240 ============================================================

22:05:55.0125 0748 Detected object count: 2

22:05:55.0125 0748 Actual detected object count: 2

22:06:36.0812 0748 HKLM\SYSTEM\ControlSet001\services\fba8a1d8 - will be deleted on reboot

22:06:36.0812 0748 HKLM\SYSTEM\ControlSet002\services\fba8a1d8 - will be deleted on reboot

22:06:36.0843 0748 C:\WINDOWS\3634473211:72834599.exe - will be deleted on reboot

22:06:36.0843 0748 fba8a1d8 ( HiddenFile.Multi.Generic ) - User select action: Delete

22:06:37.0015 0748 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\mrxsmb.sys) error 1813

22:06:39.0046 0748 Backup copy found, using it..

22:06:39.0078 0748 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys - will be cured on reboot

22:06:39.0078 0748 MRxSmb ( Rootkit.Win32.ZAccess.e ) - User select action: Cure

22:06:45.0921 3240 Deinitialize success

DDS log.

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by Sean at 7:26:54 on 2011-10-17

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.602 [GMT -4:00]

.

AV: PC Cleaners *Disabled/Updated* {737A8864-C2D9-4337-B49A-B5E35815B9BB}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Creative\Shared Files\CTAudSvc.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\WINDOWS\ehome\ehSched.exe

C:\WINDOWS\system32\svchost.exe -k hpdevmgmt

C:\WINDOWS\system32\svchost.exe -k HPService

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\tcpsvcs.exe

C:\WINDOWS\System32\snmp.exe

C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe

C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe

C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\SONY\sHotKey\sHotKey.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe

C:\Program Files\Pure Networks\Network Magic\nmapp.exe

C:\WINDOWS\system32\ezSP_Px.exe

C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

D:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Common Files\Java\Java Update\jucheck.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Outlook Express\msimn.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uDefault_Search_URL = hxxp://www.google.com/ie

uInternet Settings,ProxyOverride = <local>

uInternet Settings,ProxyServer = http=127.0.0.1:5555

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll

BHO: StartNow Toolbar Helper: {6e13d095-45c3-4271-9475-f3b48227dd9f} - c:\program files\startnow toolbar\Toolbar32.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: StartNow Toolbar: {5911488e-9d1e-40ec-8cbb-06b231cc153f} - c:\program files\startnow toolbar\Toolbar32.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File

TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

{555d4d79-4bd2-4094-a395-cfc534424a05}

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /installquiet

mRun: [ATIModeChange] Ati2mdxx.exe

mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe

mRun: [sHotKey] "c:\program files\sony\shotkey\sHotKey.exe"

mRun: [AGRSMMSG] AGRSMMSG.exe

mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"

mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash

mRun: [ezShieldProtector for Px] c:\windows\system32\ezSP_Px.exe

mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"

mRun: [VAIO Recovery] c:\windows\sonysys\vaio recovery\PartSeal.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [HP Software Update] d:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [<NO NAME>]

mRun: [startNowToolbarHelper] "c:\program files\startnow toolbar\ToolbarHelper.exe"

mRun: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

dRunOnce: [setDefaultMidi] MIDIDEF.EXE

dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - d:\program files\hp\digital imaging\bin\hpqtra08.exe

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll

LSP: mswsock.dll

Trusted Zone: bankofamerica.com\onlineeast2

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} - hxxp://esupport.sony.com/VaioInfo.CAB

DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab

DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1277249972000

DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

DPF: {7A12449A-0E67-4C4E-A8E2-16C7A3A571AC} - hxxps://share.intelemage.com/EvenFlow/ctrl/StudyUploadTool.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab

DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://vpn.hvrsd.org/dana-cached/sc/JuniperSetupClient.cab

DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15108/CTPID.cab

TCP: DhcpNameServer = 192.168.1.1 68.87.64.150 68.87.75.198

TCP: Interfaces\{03F68658-3619-4D37-B562-0C1322C8D90A} : DhcpNameServer = 43.134.195.10

TCP: Interfaces\{A2A66F5A-2210-4D31-A821-042817F33265} : DhcpNameServer = 192.168.1.1 68.87.64.150 68.87.75.198

Filter: text/html - {edb47484-7bc7-454a-bbfc-52693579a1ba} -

Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll

Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll

LSA: Notification Packages = scecli modmcr.dll

.

============= SERVICES / DRIVERS ===============

.

R0 SonyLSM;LED State Service;c:\windows\system32\drivers\SonyLSM.sys [2003-9-16 4736]

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-4-26 214664]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-10-16 366152]

R2 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar;c:\program files\startnow toolbar\ToolbarUpdaterService.exe [2011-7-27 267488]

R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2009-6-23 99352]

R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2009-6-23 555032]

R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2009-6-23 566296]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-10-16 22216]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-10-12 136176]

S2 mrtRate;mrtRate; [x]

S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2009-6-23 99352]

S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2009-8-12 79360]

S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2009-6-23 555032]

S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2009-6-23 100888]

S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2009-6-23 100888]

S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2009-6-23 566296]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-10-12 136176]

S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]

S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-4-26 79816]

S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-4-26 35272]

S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-4-26 34248]

S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-4-26 40552]

S3 rootrepeal;rootrepeal;\??\c:\windows\system32\drivers\rootrepeal.sys --> c:\windows\system32\drivers\rootrepeal.sys [?]

.

=============== Created Last 30 ================

.

2011-10-17 02:14:28 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-10-12 14:16:14 -------- d-----w- c:\documents and settings\sean\local settings\application data\WinZip

2011-10-12 11:55:42 -------- dc----w- C:\MATS

2011-10-12 00:40:50 -------- d-----w- c:\program files\StartNow Toolbar

2011-10-12 00:04:10 -------- d-----w- c:\documents and settings\sean\application data\PC Cleaners

2011-10-12 00:04:07 5359888 ----a-w- c:\windows\uninst.exe

2011-10-12 00:04:00 -------- d-----w- c:\documents and settings\all users\application data\PC1Data

2011-10-11 02:04:28 -------- d-----w- c:\documents and settings\sean\application data\ElevatedDiagnostics

2011-10-11 01:43:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-10-10 03:29:02 -------- d-----w- c:\documents and settings\all users\application data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}

2011-10-10 01:11:22 -------- d-----w- c:\documents and settings\sean\local settings\application data\PackageAware

2011-10-08 18:01:24 -------- d-----w- c:\documents and settings\sean\application data\Sammsoft

2011-09-21 02:19:10 -------- d-----w- c:\documents and settings\sean\local settings\application data\Citrix

2011-09-21 02:19:08 -------- d-----w- c:\documents and settings\sean\application data\ICAClient

.

==================== Find3M ====================

.

2011-10-17 02:07:37 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

.

============= FINISH: 7:27:44.82 ===============

Thank you .

Link to post
Share on other sites

  • Staff

Hi,

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

Link to post
Share on other sites

  • 2 weeks later...
  • 2 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.