Results 1 to 5 of 5

Thread: Help!!! virus/rootkit infection pn XP

Threaded View

Previous Post Previous Post   Next Post Next Post
  1. #1
    Junior Member
    Join Date
    Jan 2012
    Posts
    2

    Default Help!!! virus/rootkit infection pn XP

    Sorry if this is concise, I just spent an hour & a half writing a detailed description of my problem in detail, tried to submit, loaded attachments, and then POOF!!! Nothing. I lost all of it to cyberworld. I'm at my wits end, help ... please! I'm running windows xp sp 3 fully updated, 2 gb ram dual core, enclosed are attachments. Any and all help is appreciated, thank you.


    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_30
    Run by Valued Customer at 3:05:09 on 2012-01-24
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1976.1485 [GMT -5:00]
    .
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\System32\svchost.exe -k Cognizance
    c:\Program Files\Fingerprint Sensor\AtService.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
    svchost.exe
    C:\Program Files\Sandboxie\SbieSvc.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\WINDOWS\system32\igfxpers.exe
    svchost.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
    c:\Program Files\ActivIdentity\ActivClient\accoca.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
    C:\Program Files\LSI SoftModem\agrsmsvc.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    c:\Program Files\ActivIdentity\ActivClient\acevents.exe
    C:\Program Files\Pogo Games\PGMTrusted.exe
    C:\Program Files\Winsim\ConnectionManager\SimplyConnectionManager.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    F:\Installed Apps\Portable Apps In Use\Everything-1.2.1.371\Everything-1.2.1.371.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = about:blank
    BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: FlashGetBHO: {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - c:\documents and settings\valued customer\application data\flashgetbho\FlashGetBHO.dll
    BHO: Free Download Manager: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: Credential Manager for HP ProtectTools: {df21f1db-80c6-11d3-9483-b03d0ec10000} - c:\program files\hewlett-packard\iam\bin\ItIEAddIn.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [FlashGet 3] "c:\program files\flashget network\flashget 3\flashget3.exe" -minimize
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
    mRun: [SoundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [accrdsub] "c:\program files\actividentity\activclient\accrdsub.exe"
    mPolicies-system: EnableLinkedConnections = 1 (0x1)
    IE: Download all links by FlashGet3 - c:\program files\flashget network\flashget 3\bho\fdgetallurl.htm
    IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm
    IE: Download by FlashGet3 - c:\program files\flashget network\flashget 3\bho\fdgeturl.htm
    IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm
    IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm
    IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    LSP: c:\windows\system32\XDogcat.dll
    DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/The%20Secret%20of%20Margrave%20Manor/Images/stg_drm.ocx
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
    DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
    DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Amanda%20Rose%20-%20The%20Game%20of%20Time/Images/armhelper.ocx
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    TCP: DhcpNameServer = 64.71.255.198
    TCP: Interfaces\{3827C1F9-EE04-4867-B31F-6C5A08B8B8CC} : DhcpNameServer = 64.71.255.198
    AppInit_DLLs: APSHook.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    LSA: Notification Packages = scecli ASWLNPkg
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\valued customer\application data\mozilla\firefox\profiles\qcnbj9n0.default\
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\research in motion limited\blackberry app world browser plugin\npappworld.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2012-1-24 28552]
    R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\SafeBoot.sys [2008-10-1 109216]
    R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [2008-10-1 51408]
    R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [2008-10-1 12960]
    R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [2008-3-28 24064]
    R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\drivers\tdrpm273.sys [2011-12-24 752128]
    R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [2008-10-1 12528]
    R2 accoca;ActivClient Middleware Service;c:\program files\actividentity\activclient\accoca.exe [2007-11-27 185896]
    R2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files\common files\acronis\cdp\afcdpsrv.exe [2011-12-24 3246040]
    R2 ASBroker;Logon Session Broker;c:\windows\system32\svchost.exe -k Cognizance [2008-4-14 14336]
    R2 ASChannel;Local Communication Channel;c:\windows\system32\svchost.exe -k Cognizance [2008-4-14 14336]
    R2 ATService;AuthenTec Fingerprint Service;c:\program files\fingerprint sensor\AtService.exe [2008-10-3 1185016]
    R2 HpFkCryptService;Drive Encryption Service;c:\program files\hewlett-packard\drive encryption\HpFkCrypt.exe [2008-10-1 256544]
    R2 PGMTrusted;PGMTrusted;c:\program files\pogo games\PGMTrusted.exe [2011-12-19 519888]
    R2 Simply Accounting Database Connection Manager;Simply Accounting Database Connection Manager;c:\program files\winsim\connectionmanager\SimplyConnectionManager.exe [2009-8-22 29992]
    R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [2011-12-24 167968]
    R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2011-6-18 482176]
    R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\drivers\vrtaucbl.sys [2011-9-26 50728]
    R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2008-7-23 44800]
    R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2011-3-24 126696]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2011-6-18 193840]
    S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-9-24 13192]
    S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-9-24 8456]
    S3 HP ProtectTools Service;HP ProtectTools Service;c:\program files\hewlett-packard\hp protecttools security manager\PTChangeFilterService.exe [2008-10-7 45056]
    S3 PROCEXP151;PROCEXP151;\??\c:\windows\system32\drivers\procexp151.sys --> c:\windows\system32\drivers\PROCEXP151.SYS [?]
    S3 Simply Accounting Transaction Manager 2010 - CDN;Simply Accounting Transaction Manager 2010 - CDN;c:\program files\winsim\transactionmanager2010 - cdn\Sage_SA.TransactionManager.exe [2009-8-22 42280]
    S3 USB100TX;Linksys EtherFast 10/100 USB Network Adapter;c:\windows\system32\drivers\USB100TX.sys [2011-4-18 26368]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== Created Last 30 ================
    .
    2012-01-24 06:16:28 98992 ----a-w- c:\windows\system32\drivers\34970773.sys
    2012-01-24 06:15:45 98992 ----a-w- c:\windows\system32\drivers\60218847.sys
    2012-01-24 05:20:41 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
    2012-01-24 05:20:17 -------- d-----w- c:\program files\Panda Security
    2012-01-23 13:08:14 76696 ----a-w- c:\windows\system32\drivers\pxrts.sys
    2012-01-23 13:08:11 -------- d-----w- c:\program files\Prevx
    2012-01-23 13:08:02 -------- d-----w- c:\documents and settings\all users\application data\PrevxCSI
    2012-01-22 19:35:58 -------- d-----w- c:\program files\Game Mill Entertainment
    2012-01-22 05:15:04 -------- d-----w- c:\windows\system32\NtmsData
    2012-01-21 20:42:25 -------- d-----w- c:\program files\Unlocker
    2012-01-21 17:47:27 77312 ----a-w- c:\windows\system32\VISCDUNA.DLL
    2012-01-21 17:47:26 78848 ----a-w- c:\windows\system32\VISCDRTL.DLL
    2012-01-21 17:47:26 517120 ----a-w- c:\windows\system32\VISCDUN7.DLL
    2012-01-21 17:47:26 4608 ----a-w- c:\windows\system32\W95INF32.DLL
    2012-01-21 17:47:26 2272 ----a-w- c:\windows\system32\W95INF16.DLL
    2012-01-21 17:47:26 152064 ----a-w- c:\windows\system32\VISCDUNR.DLL
    2012-01-21 17:47:26 -------- d-----w- c:\program files\Visual CD
    2012-01-19 04:51:10 -------- d-----w- c:\documents and settings\valued customer\application data\Wise Registry Cleaner
    2012-01-18 06:51:12 279040 ----a-w- c:\windows\system32\XDogcat.dll
    2012-01-18 06:42:11 -------- d-----w- c:\documents and settings\valued customer\local settings\application data\spek
    2012-01-18 04:13:53 -------- d-----w- C:\Downloads
    2012-01-17 10:49:43 -------- d-----w- c:\program files\CCleaner
    2012-01-17 07:47:59 -------- d-----w- c:\program files\Daum
    2012-01-17 07:21:07 -------- d-----w- c:\documents and settings\valued customer\application data\Free Download Manager
    2012-01-17 07:21:00 -------- d-----w- c:\program files\Free Download Manager
    2012-01-17 06:52:51 -------- d-----w- c:\program files\GRETECH
    2012-01-17 04:21:14 -------- d-----w- c:\documents and settings\valued customer\application data\Malwarebytes
    2012-01-17 04:21:02 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
    2012-01-17 04:21:01 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-01-17 04:21:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-01-16 02:09:22 -------- d-----w- c:\program files\Research In Motion Limited
    2012-01-16 00:48:39 256 ----a-w- c:\windows\system32\pool.bin
    2012-01-16 00:48:33 -------- d-----w- c:\documents and settings\valued customer\application data\Research In Motion
    2012-01-16 00:39:24 -------- d-----w- c:\program files\common files\Sonic Shared
    2012-01-16 00:39:23 -------- d-----w- c:\program files\Roxio
    2012-01-16 00:35:26 26496 ----a-r- c:\windows\system32\drivers\RimSerial.sys
    2012-01-16 00:34:17 -------- d-----w- c:\program files\common files\Research In Motion
    2012-01-16 00:34:10 -------- d-----w- c:\program files\Research In Motion
    2012-01-15 06:40:53 -------- d-----w- c:\documents and settings\valued customer\application data\FlashgetSetup
    2012-01-15 06:40:44 -------- d-----w- c:\documents and settings\valued customer\application data\FlashGetBHO
    2012-01-15 06:40:40 -------- d-----w- c:\program files\FlashGet Network
    2012-01-15 06:40:40 -------- d-----w- c:\documents and settings\valued customer\application data\FlashGet
    2012-01-14 22:56:01 -------- d-----w- c:\program files\eSupport.com
    2012-01-14 22:49:26 -------- d-----w- c:\program files\SoftLogica
    2012-01-08 01:33:54 -------- d-----w- c:\program files\Sandboxie
    2012-01-06 22:51:53 -------- d-----w- c:\program files\Windows Media Connect 2
    2012-01-06 22:50:17 -------- d-----w- c:\windows\system32\LogFiles
    2012-01-04 14:30:44 -------- d-----w- c:\program files\PowerDataRecovery
    2012-01-02 06:04:54 -------- d-----r- C:\Sandbox
    2011-12-29 02:31:07 -------- d--h--w- c:\documents and settings\all users\application data\PogoDGC
    2011-12-29 02:30:38 -------- d-----w- c:\program files\Pogo Games
    .
    ==================== Find3M ====================
    .
    2012-01-15 09:27:25 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-12-24 21:54:15 167968 ----a-w- c:\windows\system32\drivers\afcdp.sys
    2011-12-24 21:54:07 752128 ----a-w- c:\windows\system32\drivers\tdrpm273.sys
    2011-12-24 21:54:05 600928 ----a-w- c:\windows\system32\drivers\timntr.sys
    2011-12-24 21:53:57 170528 ----a-w- c:\windows\system32\drivers\snapman.sys
    2011-12-10 01:27:41 272 ----a-w- c:\windows\system32\msvcsv60.dll
    2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv.dll
    2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
    2011-11-18 12:35:08 60416 ----a-w- c:\windows\system32\packager.exe
    2011-11-16 14:21:44 354816 ----a-w- c:\windows\system32\winhttp.dll
    2011-11-16 14:21:44 152064 ----a-w- c:\windows\system32\schannel.dll
    2011-11-10 10:54:13 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-11-10 08:27:10 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll
    2011-11-04 19:20:51 43520 ------w- c:\windows\system32\licmgr10.dll
    2011-11-04 19:20:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-11-04 11:23:59 385024 ------w- c:\windows\system32\html.iec
    2011-11-03 15:28:36 386048 ----a-w- c:\windows\system32\qdvd.dll
    2011-11-03 15:28:36 1292288 ----a-w- c:\windows\system32\quartz.dll
    2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
    2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll
    2005-04-01 02:17:42 40960 ----a-w- c:\program files\Uninstall_CDS.exe
    .
    ============= FINISH: 3:05:19.48 ===============
    Last edited by ken545; 2012-01-26 at 02:59. Reason: Added DDS log

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •