Inactive w32/rootkit.bac

[Inactive] w32/rootkit.bac

hope someone out there knows the answer for this one, i keep getting a message when the comp starts, and i try to use the internet, saying i have the above virus, and a restart is required, but it dosen't appear to get rid of it, and i can't get into my c drive to remove it from the programme files file!
i am a novice when it comes to I T, so please be patient!

 

DDS (Ver_09-05-14.01) - NTFSx86
Run by stuart owens at 6:04:59.14 on 19/05/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.958.519 [GMT 1:00]

AV: PCguard Anti-Virus *On-access scanning enabled* (Updated) {5B5A3BD7-8573-4672-AEA8-C9BB713B6755}
FW: PCguard Firewall *enabled* {80593BF4-D969-4EC5-ADAE-A22F2DFC7A22}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Virgin Broadband\PCguard\Fws.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
C:\Program Files\Virgin Broadband\PCguard\Rps.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\S3trayp.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\SSC Service Utility\ssc_serv.exe
C:\WINDOWS\Imgtask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\Virgin Broadband\advisor\BroadbandadvisorComHandler.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Documents and Settings\stuart owens\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uInternet Connection Wizard,ShellNext = iexplore
mWinlogon: UIHost=c:\documents and settings\all users\application data\tuneup software\tuneup utilities\winstyler\tu_logonui.exe
BHO: PopKill Class: {3c060ea2-e6a9-4e49-a530-d4657b8c449a} - c:\program files\virgin broadband\pcguard\pkR.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRunOnce: [IndexCleaner] "c:\program files\virgin broadband\pcguard\IdxClnR.exe "
mRun: [Broadbandadvisor.exe] "c:\program files\virgin broadband\advisor\Broadbandadvisor.exe" /AUTORUN
mRun: [PCguard] "c:\program files\virgin broadband\pcguard\Rps.exe "
mRun: [-FreedomNeedsReboot] "c:\program files\virgin broadband\pcguard\ZkRunOnceR.exe "
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [VTTimer] VTTimer.exe
mRun: [S3Trayp] S3trayp.exe
mRun: [CloneCDTray] "c:\program files\slysoft\clonecd\CloneCDTray.exe" /s
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SSC Service Utility] c:\program files\ssc service utility\ssc_serv.exe /s
mRun: [ImgTask] c:\windows\Imgtask.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRunOnce: [IndexCleaner] "c:\program files\virgin broadband\pcguard\IdxClnR.exe "
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
IE: Download Using &BitSpirit - c:\program files\bitspirit\bsurl.htm
IE: ÓñÈÌؾ«ÃéÃÂÔØ(&B)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
TCP: NameServer = 85.255.112.39,85.255.112.40
TCP: {3570EF5B-07EC-4B57-8A89-90DA193F0357} = 85.255.112.39,85.255.112.40
LSA: Authentication Packages = msv1_0 c:\windows\system32\awtTNfCR

============= SERVICES / DRIVERS ===============

R3 S3GIGP;S3GIGP;c:\windows\system32\drivers\S3gIGPm.sys [2006-2-8 806400]
S3 Radialpoint Security Services;Virgin Broadband PCguard;c:\windows\system32\dllhost.exe [2008-4-14 5120]

=============== Created Last 30 ================


==================== Find3M ====================

2009-02-07 10:18 442 a--sh--- c:\windows\system32\RCfNTtwa.ini2

============= FINISH: 6:05:14.32 ===============

 

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-05-14.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 22/11/2008 19:44:16
System Uptime: 19/05/2009 04:48:03 (2 hours ago)

Motherboard: Winfast | | K8M890-8237
Processor: AMD Sempron(tm) Processor 3600+ | Socket M2 | 1999/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 298 GiB total, 261.251 GiB free.
D: is CDROM ()
F: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: USB Cable Modem
Device ID: USB\VID_07B2&PID_5101\001404279CE6
Manufacturer:
Name: USB Cable Modem
PNP Device ID: USB\VID_07B2&PID_5101\001404279CE6
Service:

==== System Restore Points ===================

RP1: 06/02/2009 22:44:48 - System Checkpoint
RP2: 06/02/2009 22:44:50 - Installed Platform
RP3: 06/02/2009 22:44:52 - Installed REALTEK GbE & FE Ethernet PCI NIC Driver
RP4: 06/02/2009 22:44:54 - Installed EPSON Print CD
RP5: 06/02/2009 22:44:55 - Installed EPSON PhotoQuicker3.5
RP6: 06/02/2009 22:44:57 - Installed ScanToWeb
RP7: 06/02/2009 22:44:59 - Installed InstallShield Restore Point
RP8: 06/02/2009 22:45:00 - Installed EPSON PhotoStarter3.1
RP9: 06/02/2009 22:45:02 - Installed EPSON CardMonitor
RP10: 06/02/2009 22:45:03 - Installed EPSON PRINT Image Framer Tool
RP11: 06/02/2009 22:45:05 - Installed PIF DESIGNER
RP12: 06/02/2009 22:45:08 - SPTD setup V1.47
RP13: 06/02/2009 22:45:10 - Install AnyDVD
RP14: 06/02/2009 22:45:11 - Software Distribution Service 3.0
RP15: 06/02/2009 22:45:12 - Software Distribution Service 3.0
RP16: 06/02/2009 22:45:13 - Installed K-Lite Codec Pack
RP17: 06/02/2009 22:45:14 - Installed TuneUp Utilities 2008
RP18: 06/02/2009 22:45:15 - Installed XP Repair Pro 2007.
RP19: 06/02/2009 22:45:16 - Installed XP Repair Pro 4.0.
RP20: 06/02/2009 22:45:17 - Software Distribution Service 3.0
RP21: 06/02/2009 22:45:19 - Software Distribution Service 3.0
RP22: 06/02/2009 22:45:20 - Software Distribution Service 3.0
RP23: 06/02/2009 22:45:20 - System Checkpoint
RP24: 06/02/2009 22:45:22 - System Checkpoint
RP25: 06/02/2009 22:45:24 - Installed TMPGEnc DVD Author 3 with DivX Authoring
RP26: 06/02/2009 22:45:25 - Removed TMPGEnc DVD Author 3 with DivX Authoring
RP27: 06/02/2009 22:45:29 - Installed TMPGEnc 4.0 XPress
RP28: 06/02/2009 22:45:31 - Removed TMPGEnc 4.0 XPress
RP29: 06/02/2009 22:45:33 - Installed TMPGEnc DVD Author 3 with DivX Authoring
RP30: 06/02/2009 22:45:34 - System Checkpoint
RP31: 06/02/2009 22:45:37 - System Checkpoint
RP32: 06/02/2009 22:45:39 - System Checkpoint
RP33: 06/02/2009 22:45:41 - System Checkpoint
RP34: 06/02/2009 22:45:42 - System Checkpoint
RP35: 06/02/2009 22:45:43 - System Checkpoint
RP36: 06/02/2009 22:45:44 - System Checkpoint
RP37: 06/02/2009 22:45:45 - System Checkpoint
RP38: 06/02/2009 22:45:46 - System Checkpoint
RP39: 06/02/2009 22:45:49 - System Checkpoint
RP40: 06/02/2009 22:45:50 - System Checkpoint
RP41: 06/02/2009 22:45:53 - Installed Samsung PC Studio 3
RP42: 06/02/2009 22:45:54 - Installed Windows Media Format 9 Series Runtime Setup
RP43: 06/02/2009 22:45:56 - Installed Samsung PC Studio 3 USB Driver Installer
RP44: 06/02/2009 22:45:58 - Software Distribution Service 3.0
RP45: 06/02/2009 22:45:59 - System Checkpoint
RP46: 06/02/2009 22:46:00 - Software Distribution Service 3.0
RP47: 06/02/2009 22:46:01 - System Checkpoint
RP48: 06/02/2009 22:46:02 - System Checkpoint
RP49: 06/02/2009 22:46:03 - System Checkpoint
RP50: 06/02/2009 22:46:04 - System Checkpoint
RP51: 06/02/2009 22:46:04 - System Checkpoint
RP52: 06/02/2009 22:46:07 - Software Distribution Service 3.0
RP53: 06/02/2009 22:46:09 - System Checkpoint
RP54: 06/02/2009 22:46:10 - System Checkpoint
RP55: 06/02/2009 22:46:10 - System Checkpoint
RP56: 06/02/2009 22:46:11 - System Checkpoint
RP57: 06/02/2009 22:46:13 - System Checkpoint
RP58: 06/02/2009 22:46:14 - System Checkpoint
RP59: 06/02/2009 22:46:15 - System Checkpoint
RP60: 06/02/2009 22:46:16 - System Checkpoint
RP61: 06/02/2009 22:46:16 - System Checkpoint
RP62: 06/02/2009 22:46:18 - System Checkpoint
RP63: 06/02/2009 22:46:19 - System Checkpoint
RP64: 06/02/2009 22:46:20 - System Checkpoint
RP65: 06/02/2009 22:46:21 - System Checkpoint
RP66: 06/02/2009 22:46:22 - System Checkpoint
RP67: 06/02/2009 22:46:24 - System Checkpoint
RP68: 06/02/2009 22:46:26 - System Checkpoint
RP69: 06/02/2009 22:46:27 - System Checkpoint
RP70: 06/02/2009 22:46:28 - System Checkpoint
RP71: 06/02/2009 22:46:30 - System Checkpoint
RP72: 06/02/2009 22:46:31 - System Checkpoint
RP73: 06/02/2009 22:46:32 - System Checkpoint
RP74: 06/02/2009 22:46:34 - System Checkpoint
RP75: 06/02/2009 22:46:36 - Software Distribution Service 3.0
RP76: 06/02/2009 22:46:37 - System Checkpoint
RP77: 06/02/2009 22:46:39 - System Checkpoint
RP78: 06/02/2009 22:46:41 - System Checkpoint
RP79: 06/02/2009 22:46:42 - System Checkpoint
RP80: 06/02/2009 22:46:44 - System Checkpoint
RP81: 06/02/2009 22:46:46 - System Checkpoint
RP82: 06/02/2009 22:46:48 - System Checkpoint
RP83: 06/02/2009 22:46:50 - System Checkpoint
RP84: 06/02/2009 22:46:51 - System Checkpoint
RP85: 06/02/2009 22:46:53 - Installed Windows XP KB954708.
RP86: 06/02/2009 22:46:54 - Installed DirectX
RP87: 06/02/2009 22:46:55 - System Checkpoint
RP88: 06/02/2009 22:46:56 - Software Distribution Service 3.0
RP89: 06/02/2009 22:46:58 - System Checkpoint
RP90: 06/02/2009 22:46:59 - System Checkpoint
RP91: 06/02/2009 22:47:01 - System Checkpoint
RP92: 06/02/2009 22:47:03 - System Checkpoint
RP93: 06/02/2009 22:47:06 - System Checkpoint
RP94: 06/02/2009 22:47:08 - System Checkpoint
RP95: 06/02/2009 22:47:10 - System Checkpoint
RP96: 16/02/2009 05:56:26 - System Checkpoint
RP97: 16/03/2009 07:33:51 - System Checkpoint
RP98: 26/03/2009 10:09:29 - System Checkpoint

==== Installed Programs ======================

Authentium AntiVirus SDK - 2
BitSpirit v3.3.2.352 Stable
CCScore
Choice Guard
CloneCD
CloneDVD2
DriverMax 3.0
Easy Avi/Divx/Xvid to DVD Burner 2.5.1
EPSON CardMonitor
EPSON PhotoQuicker3.5
EPSON PhotoStarter3.1
EPSON Print CD
EPSON PRINT Image Framer Tool2.1
EPSON Printer Software
ESPR300 Reference Guide
ESPR300 Software Guide
ESPR300 Standalone Guide
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
fflink
Google Updater
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954708)
IsoBuster 2.1
Junk Mail filter update
K-Lite Codec Pack 3.5.7 Full
kgcbaby
kgcbase
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
Kodak EasyShare software
Macromedia Flash Player 8
MainConcept MPEG Encoder
Microsoft .NET Framework 2.0
Microsoft Application Error Reporting
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft SQL Server 2005 Compact Edition [ENU]
MSN
MSVCRT
MSXML 4.0 SP2 (KB954430)
netbrdg
OfotoXMI
PerfectDisk
PIF DESIGNER2.1
Platform
PPSDKRedistributables
QuickTime
Radialpoint Security Services
Realtek AC'97 Audio
REALTEK GbE & FE Ethernet PCI NIC Driver
RPS Ad Blocker
RPS AntiFraud
RPS AntiSpyware
RPS AntiVirus
RPS App Detector
RPS AsRealtime
RPS Backup
RPS Burn
RPS Diagnostic Utility
RPS Firewall
RPS ParentalControl
RPS Performance Tool
RPS PopupBlocker
RPS Privacy Manager
RPS RpsCore
RPS Security Cleanup
RPS Zip
SAMSUNG CDMA Modem Driver Set
SAMSUNG Mobile Composite Device Software
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio 3
Samsung PC Studio 3 USB Driver Installer
ScanToWeb
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Media Player (KB952069)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Segoe UI
SFR
SHASTA
skin0001
SKINXSDK
SSC Service Utility v4.30
staticcr
TMPGEnc DVD Author 3 with DivX Authoring
tooltips
Total Video Converter 3.01
TuneUp Utilities 2008
Update for Windows XP (KB898461)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
VIA Platform Device Manager
VIA/S3G Display Driver
VideoLAN VLC media player 0.8.6a
Virgin Broadband advisor 1.5.14
Virgin Broadband PCguard
VPRINTOL
WebFldrs XP
Widgets
Windows Internet Explorer 7
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
WinRAR archiver
WIRELESS

==== Event Viewer Messages From Past Week ========

15/05/2009 19:54:30, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 bf8bbbdd, parameter3 ef98ab88, parameter4 00000000.
14/05/2009 17:57:42, error: Service Control Manager [7034] - The Virgin Broadband PCguard Update Service service terminated unexpectedly. It has done this 1 time(s).
12/05/2009 18:06:49, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 8054c0b9, parameter3 ee7d8be4, parameter4 00000000.
12/05/2009 17:19:58, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

==== End Of File ===========================

 

hope the info helps, means sweet f a to me!

 

Hi and welcome


Print this topic or save to notepad, it will make it easier for you to follow the instructions and complete all of the necessary steps as we will need to close all windows that are open later in the fix.


Please download SmitfraudFix (by S!Ri) Extract the content (a folder named SmitfraudFix) to your Desktop.


Double-click on SmitfraudFix.exe to start the tool.
Select option #3 - Delete Trusted zone by typing 3 and press Enter
Answer Yes to the question "Restore Trusted Zone ?" by typing Yes and press Enter Notes

1. If you use SpywareBlaster and/or IE-SPYAD it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE-SPYAD, run the batch file and reinstall the protection.
2. As many of the variants of Smitfraud have begun invading the Hosts file, this tool will reset your Hosts file as a necessary precaution. You will also have to reset any specific modifications you may require such as Hosts MVPS.


Again
Double-click on SmitfraudFix.exe to start the tool.

Select option #5 - "Search and Clean DNS Hijack" by typing 5 and pressing "Enter" to delete the rogue settings.

Follow the prompts and reboot if asked to do so.

<><><><><><><><><><><><><><>

NEXT**
Please download Malwarebytes' Anti-Malware to your desktop

Additional Link

* Double-click mbam-setup.exe and follow the prompts to install the program.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Please save it to a convenient location.
* You can also access the log by doing the following:

o Click on the Malwarebytes' Anti-Malware icon to launch the program.
o Click on the Logs tab.
o Click on the log at the bottom of those listed to highlight it.
o Click Open.

Tutorial if needed
http://thespykiller.co.uk/index.php/topic,5946.0.html

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.



In your next reply post:
Smitfraud rapport.txt
Malwarebytes' Anti-Malware log
New DDS log

You may need several replies to post the requested logs, otherwise they might get cut off.