TechSpot

My dad's PC is infected by unit virus (unit.exe)

Solved
By Batrico
Jan 10, 2013
  1. I booted up the laptop and it was taking ages to load anything so I opened task manager and a process called unit.exe was taking up 97-99 percent of cpu.I ended the process to be able to run the laptop programmes.Its an old laptop with minimum ram and processor and Xp but its all my dad needs.

    I scanned with Malware bytes but it found nothing.I followed a forum instructions to use Combofix(which I have used before today) and its scanning for about half anhour and not got to the percentage stage yet.
    I got a low memory warning in the middle of the scan so I had to click on ok. only time I moved the mouse.

    Should I leave combofix running for another say half an hour or should I reboot.
    help asap would be appreciated.
     
  2. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hi there. Post ComboFix log after it's done running please.
     
  3. Batrico

    Batrico TS Rookie Topic Starter Posts: 50

    Its been running scanning for infections part for over an hour - still scanning.
     
  4. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Give it a little more time. If that doesn't work out, reboot the computer and try again in Safe Mode with Networking (tap the F8 key just before Windows starts to load and select the Safe Mode with Networking option from the menu).
     
  5. Batrico

    Batrico TS Rookie Topic Starter Posts: 50

    Ok ill give it half an hour.will let you know if anything happens.
     
  6. Batrico

    Batrico TS Rookie Topic Starter Posts: 50

    Nothing happened booting into safe mode
     
  7. Batrico

    Batrico TS Rookie Topic Starter Posts: 50

    At stages section
     
  8. Batrico

    Batrico TS Rookie Topic Starter Posts: 50

    ComboFix 13-01-08.01 - Shel 01/10/2013 20:05:31.3.1 - x86 NETWORK
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.446.260 [GMT 0:00]
    Running from: c:\documents and settings\Shel\Desktop\Commy.exe.exe
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    FW: COMODO Firewall *Disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\install.exe
    c:\program files\Internet Explorer\SET23.tmp
    c:\program files\Internet Explorer\SET24.tmp
    c:\program files\Internet Explorer\SET25.tmp
    c:\program files\Internet Explorer\SETB.tmp
    c:\program files\Internet Explorer\SETC.tmp
    c:\program files\Internet Explorer\SETD.tmp
    c:\windows\system32\_000006_.tmp.dll
    c:\windows\system32\SET1C.tmp
    c:\windows\system32\SET1D.tmp
    c:\windows\system32\SET1E.tmp
    c:\windows\system32\SET1F.tmp
    c:\windows\system32\SET20.tmp
    c:\windows\system32\SET21.tmp
    c:\windows\system32\SET22.tmp
    c:\windows\system32\SET23.tmp
    c:\windows\system32\SET24.tmp
    c:\windows\system32\SET25.tmp
    c:\windows\system32\SET26.tmp
    c:\windows\system32\SET27.tmp
    c:\windows\system32\SET28.tmp
    c:\windows\system32\SET29.tmp
    c:\windows\system32\SET2A.tmp
    c:\windows\system32\SET2B.tmp
    c:\windows\system32\SET2C.tmp
    c:\windows\system32\SET2E.tmp
    c:\windows\system32\SET2F.tmp
    c:\windows\system32\SET30.tmp
    c:\windows\system32\SET31.tmp
    c:\windows\system32\SET32.tmp
    c:\windows\system32\SET33.tmp
    c:\windows\system32\SET34.tmp
    c:\windows\system32\SET35.tmp
    c:\windows\system32\SET36.tmp
    c:\windows\system32\SET37.tmp
    c:\windows\system32\SET38.tmp
    c:\windows\system32\SET39.tmp
    c:\windows\system32\SET3A.tmp
    c:\windows\system32\SET3B.tmp
    c:\windows\system32\SET3C.tmp
    c:\windows\system32\SET3D.tmp
    c:\windows\system32\SET3E.tmp
    c:\windows\system32\SET3F.tmp
    c:\windows\system32\SET40.tmp
    c:\windows\system32\SET41.tmp
    c:\windows\system32\SET42.tmp
    c:\windows\system32\SET43.tmp
    c:\windows\system32\SET44.tmp
    c:\windows\system32\SET46.tmp
    c:\windows\system32\SET47.tmp
    c:\windows\system32\SET48.tmp
    c:\windows\system32\SET49.tmp
    c:\windows\system32\SET4A.tmp
    c:\windows\system32\SET4B.tmp
    c:\windows\system32\SET4C.tmp
    c:\windows\system32\SET4D.tmp
    c:\windows\system32\SET4E.tmp
    c:\windows\system32\SET4F.tmp
    c:\windows\system32\SET50.tmp
    c:\windows\system32\SET51.tmp
    c:\windows\system32\SET52.tmp
    c:\windows\system32\SET53.tmp
    c:\windows\system32\SET54.tmp
    c:\windows\system32\SET55.tmp
    c:\windows\system32\SET56.tmp
    c:\windows\system32\SET57.tmp
    c:\windows\system32\SET58.tmp
    c:\windows\system32\SET59.tmp
    c:\windows\system32\SET5A.tmp
    c:\windows\system32\SET5B.tmp
    c:\windows\system32\SET5C.tmp
    c:\windows\system32\SET5D.tmp
    c:\windows\system32\SET5E.tmp
    c:\windows\system32\SET5F.tmp
    c:\windows\system32\SET60.tmp
    c:\windows\system32\SET61.tmp
    c:\windows\system32\SET62.tmp
    c:\windows\system32\SET63.tmp
    c:\windows\system32\SETA1.tmp
    c:\windows\system32\SETA5.tmp
    c:\windows\system32\SETA6.tmp
    c:\windows\system32\SETA7.tmp
    c:\windows\system32\SETAA.tmp
    c:\windows\system32\SETAB.tmp
    c:\windows\system32\SETAC.tmp
    c:\windows\system32\SETAD.tmp
    c:\windows\system32\SETAE.tmp
    c:\windows\system32\SETC.tmp
    c:\windows\system32\SETCF.tmp
    c:\windows\system32\SETD3.tmp
    c:\windows\system32\SETD4.tmp
    c:\windows\system32\SETD5.tmp
    c:\windows\system32\SETD8.tmp
    c:\windows\system32\SETD9.tmp
    c:\windows\system32\SETDA.tmp
    c:\windows\system32\SETDB.tmp
    c:\windows\system32\SETDC.tmp
    c:\windows\system32\URTTemp
    c:\windows\system32\URTTemp\fusion.dll
    c:\windows\system32\URTTemp\mscoree.dll
    c:\windows\system32\URTTemp\mscoree.dll.local
    c:\windows\system32\URTTemp\mscorsn.dll
    c:\windows\system32\URTTemp\mscorwks.dll
    c:\windows\system32\URTTemp\msvcr71.dll
    c:\windows\system32\URTTemp\regtlib.exe
    c:\windows\wininit.ini
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-12-10 to 2013-01-10 )))))))))))))))))))))))))))))))
    .
    .
    2013-01-10 15:06 . 2013-01-10 15:06 -------- d-----w- c:\windows\LastGood.Tmp
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-01-08 19:41 . 2012-09-17 02:47 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-01-08 19:41 . 2012-09-17 02:47 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-12-16 12:23 . 2004-08-10 12:50 290560 ----a-w- c:\windows\system32\atmfd.dll
    2012-12-14 16:49 . 2012-02-05 20:34 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-11-13 01:25 . 2004-08-10 12:51 1866368 ----a-w- c:\windows\system32\win32k.sys
    2012-11-08 11:29 . 2012-11-08 11:29 1402312 ----a-w- c:\windows\system32\msxml4.dll
    2012-11-07 23:38 . 2012-03-11 20:13 99080 ----a-w- c:\windows\system32\drivers\inspect.sys
    2012-11-07 23:38 . 2012-03-11 20:13 32640 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
    2012-11-07 23:38 . 2012-03-11 20:13 497952 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
    2012-11-07 23:38 . 2012-03-11 20:13 18096 ----a-w- c:\windows\system32\drivers\cmderd.sys
    2012-11-07 23:37 . 2012-03-11 20:13 34024 ----a-w- c:\windows\system32\cmdcsr.dll
    2012-11-07 23:37 . 2010-06-01 18:00 301264 ----a-w- c:\windows\system32\guard32.dll
    2012-11-06 02:01 . 2008-04-14 00:12 1371648 ------w- c:\windows\system32\msxml6.dll
    2012-11-02 02:02 . 2004-08-10 12:50 375296 ----a-w- c:\windows\system32\dpnet.dll
    2012-11-01 12:17 . 2004-08-10 12:51 916992 ----a-w- c:\windows\system32\wininet.dll
    2012-11-01 12:17 . 2004-08-10 12:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2012-11-01 12:17 . 2004-08-10 12:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-11-01 00:35 . 2004-08-10 12:51 385024 ------w- c:\windows\system32\html.iec
    2012-10-30 22:51 . 2011-07-14 23:12 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-10-30 22:51 . 2009-08-05 16:32 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2012-10-30 22:51 . 2009-08-05 16:32 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2012-10-30 22:51 . 2009-08-05 16:31 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2012-10-30 22:51 . 2009-08-05 16:31 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2012-10-30 22:51 . 2009-08-05 16:31 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2012-10-30 22:51 . 2009-08-05 16:32 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2012-10-30 22:51 . 2009-08-05 16:31 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2012-10-30 22:51 . 2010-08-17 20:37 41224 ----a-w- c:\windows\avastSS.scr
    2012-10-30 22:50 . 2009-08-05 16:31 227648 ----a-w- c:\windows\system32\aswBoot.exe
    2012-12-11 11:36 . 2012-08-11 19:35 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-10-30 22:50 121528 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SigmatelSysTrayApp"="stsystra.exe" [2006-09-22 282624]
    "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-09-22 761947]
    "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-01 1392640]
    "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 849280]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
    "avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-10-30 4297136]
    "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-11-07 6756048]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "Malwarebytes Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-12-14 512360]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-10-14 291896]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\system32\guard32.dll
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Dell Network Assistant.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Dell Network Assistant.lnk
    backup=c:\windows\pss\Dell Network Assistant.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
    backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
    backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
    backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Shel^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
    path=c:\documents and settings\Shel\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
    backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
    2006-08-23 16:14 1032192 ----a-w- c:\program files\Dell\QuickSet\quickset.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
    2006-12-09 08:36 236544 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
    2003-09-10 02:24 20480 ------w- c:\program files\NetWaiting\netwaiting.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
    "10426:UDP"= 10426:UDP:SingleClick ICC
    .
    R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [3/11/2012 8:13 PM 32640]
    S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [7/14/2011 11:12 PM 738504]
    S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [8/5/2009 4:31 PM 361032]
    S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [3/11/2012 8:13 PM 497952]
    S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8/5/2009 4:31 PM 21256]
    S3 cpuz;cpuz;\??\e:\aaaaa\tests\cpuz\cpuz.sys --> e:\aaaaa\tests\cpuz\cpuz.sys [?]
    S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 8:30 AM 15544]
    S3 scrcap;scrcap;c:\windows\system32\DRIVERS\scrcap.sys --> c:\windows\system32\DRIVERS\scrcap.sys [?]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - MDMXSDK
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-01-10 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-17 19:41]
    .
    2013-01-10 c:\windows\Tasks\avast! Emergency Update.job
    - c:\program files\Alwil Software\Avast5\AvastEmUpdate.exe [2012-12-03 22:50]
    .
    2013-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-25 22:26]
    .
    2013-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-25 22:26]
    .
    2008-02-01 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
    - c:\program files\Microsoft IntelliPoint\ipoint.exe [2007-02-05 23:52]
    .
    2012-05-22 c:\windows\Tasks\XoftSpySE.job
    - c:\program files\XoftSpySE\XoftSpy.exe [2006-06-19 15:35]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.ie
    mStart Page = hxxp://www.google.ie
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
    FF - ProfilePath - c:\documents and settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\
    .
    - - - - ORPHANS REMOVED - - - -
    .
    MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
    MSConfigStartUp-DVDLauncher - c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
    MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
    MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2013-01-10 20:17
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    detected NTDLL code modification:
    ZwClose
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(604)
    c:\windows\system32\Ati2evxx.dll
    c:\windows\System32\BCMLogon.dll
    c:\program files\ATI Technologies\ATI.ACE\MSVCP71.dll
    .
    Completion time: 2013-01-10 20:20:55
    ComboFix-quarantined-files.txt 2013-01-10 20:20
    .
    Pre-Run: 20,423,901,184 bytes free
    Post-Run: 21,488,488,448 bytes free
    .
    - - End Of File - - 0C85E85318D0080DD697B8A041670511
     
  9. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Excellent work!

    RogueKiller Scan

    • Download RogueKiller from the following link and save it on your desktop:
      TechSpot
      Official Site (alternative)
    • Quit all programs
    • Start RogueKiller.exe.
    • Wait until Prescan has finished ...
    • Click on Scan
    [​IMG]

    • Wait for the end of the scan.
    • The report has been created on the desktop.
    • Click on the Delete button.
    [​IMG]

    • The report has been created on the desktop.
    • Next click on the ShortcutsFix

      [​IMG]
    • The report has been created on the desktop.
    Please post:

    All RKreport.txt text files located on your desktop.


    Hitman Pro

    Please download Hitman Pro

    • After the download completes please double click the program to run it.
    • Accept the terms of the license agreement and click Next
    • Let the scan run. It will not take long
    • When the scan finishes, and all the files have been uploaded to the Scan Cloud, click Next
    • Click Next again. At the bottom left you will see Export Scan Results To XML File. Click that and save it in a convenient location
    • Upload log.xml here for review please


    Malwarebytes' Anti-Rootkit

    Please download Malwarebytes' Anti-Rootkit and save it to your desktop.
    • Be sure to print out and follow the instructions provided on that same page for performing a scan.
    • Caution: This is a beta version so also read the disclaimer and back up all your data before using.
    • When the scan completes, click on the Cleanup button to remove any threats found and reboot the computer if prompted to do so.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • If there are problems with Internet access, Windows Update, Windows Firewall or other system issues, run the fixdamage tool located in the folder Malwarebytes Anti-Rootkit was run from and reboot your computer.
    • Two files (mbar-log-YYYY-MM-DD, system-log.txt) will be created and saved within that same folder.
    • Copy and paste the contents of these two log files in your next reply.
     
  10. Batrico

    Batrico TS Rookie Topic Starter Posts: 50

    Sorry what am I looking for with Rogue Killer.I did a scan with ESET online scanner and found no threats.If I need to ill use rogue killer tomorrow.its late now.
     
  11. Batrico

    Batrico TS Rookie Topic Starter Posts: 50

    RogueKiller V8.4.3 [Jan 10 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
    Started in : Normal mode
    User : Shel [Admin rights]
    Mode : Scan -- Date : 01/11/2013 16:08:35

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 2 ¤¤¤
    [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [LOADED] ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\WINDOWS\system32\drivers\etc\hosts

    127.0.0.1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: FUJITSU MHV2060BH +++++
    --- User ---
    [MBR] fcffc4437f94a9c56d6a7486d894a8fa
    [BSP] 072e4731d9c3b0fb7639b8c568ab1145 : Windows XP MBR Code
    Partition table:
    0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 109 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 224910 | Size: 54031 Mo
    2 - [XXXXXX] UNKNOWN (0xdb) [VISIBLE] Offset (sectors): 110896695 | Size: 3074 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[1]_S_01112013_02d1608.txt >>
    RKreport[1]_S_01112013_02d1608.txt
     
     
  12. Batrico

    Batrico TS Rookie Topic Starter Posts: 50

    RogueKiller V8.4.3 [Jan 10 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/
    Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
    Started in : Normal mode
    User : Shel [Admin rights]
    Mode : Remove -- Date : 01/11/2013 16:08:54
    ¤¤¤ Bad processes : 0 ¤¤¤
    ¤¤¤ Registry Entries : 2 ¤¤¤
    [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
    ¤¤¤ Particular Files / Folders: ¤¤¤
    ¤¤¤ Driver : [LOADED] ¤¤¤
    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\WINDOWS\system32\drivers\etc\hosts
    127.0.0.1 localhost
    ¤¤¤ MBR Check: ¤¤¤
    +++++ PhysicalDrive0: FUJITSU MHV2060BH +++++
    --- User ---
    [MBR] fcffc4437f94a9c56d6a7486d894a8fa
    [BSP] 072e4731d9c3b0fb7639b8c568ab1145 : Windows XP MBR Code
    Partition table:
    0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 109 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 224910 | Size: 54031 Mo
    2 - [XXXXXX] UNKNOWN (0xdb) [VISIBLE] Offset (sectors): 110896695 | Size: 3074 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    Finished : << RKreport[2]_D_01112013_02d1608.txt >>
    RKreport[1]_S_01112013_02d1608.txt ; RKreport[2]_D_01112013_02d1608.txt
     
  13. Batrico

    Batrico TS Rookie Topic Starter Posts: 50

    RogueKiller V8.4.3 [Jan 10 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/
    Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
    Started in : Normal mode
    User : Shel [Admin rights]
    Mode : Shortcuts HJfix -- Date : 01/11/2013 16:12:04
    ¤¤¤ Bad processes : 0 ¤¤¤
    ¤¤¤ Driver : [LOADED] ¤¤¤
    ¤¤¤ File attributes restored: ¤¤¤
    Desktop: Success 5 / Fail 0
    Quick launch: Success 0 / Fail 0
    Programs: Success 74 / Fail 0
    Start menu: Success 2 / Fail 0
    User folder: Success 107 / Fail 0
    My documents: Success 6 / Fail 6
    My favorites: Success 0 / Fail 0
    My pictures: Success 0 / Fail 0
    My music: Success 0 / Fail 0
    My videos: Success 0 / Fail 0
    Local drives: Success 256 / Fail 0
    Backup: [NOT FOUND]
    Drives:
    [C:] \Device\HarddiskVolume2 -- 0x3 --> Restored
    [D:] \Device\CdRom0 -- 0x5 --> Skipped
    Finished : << RKreport[3]_SC_01112013_02d1612.txt >>
    RKreport[1]_S_01112013_02d1608.txt ; RKreport[2]_D_01112013_02d1608.txt ; RKreport[3]_SC_01112013_02d1612.txt
     
  14. Batrico

    Batrico TS Rookie Topic Starter Posts: 50

    Code:
    HitmanPro 3.7.0.185
    www.hitmanpro.com
       Computer name . . . . : MICHELLE
       Windows . . . . . . . : 5.1.3.2600.X86/1
       User name . . . . . . : MICHELLE\Shel
       License . . . . . . . : Free
       Scan date . . . . . . : 2013-01-11 16:18:30
       Scan mode . . . . . . : Normal
       Scan duration . . . . : 8m 16s
       Disk access mode  . . : Direct disk access (SRB)
       Cloud . . . . . . . . : Internet
       Reboot  . . . . . . . : No
       Threats . . . . . . . : 0
       Traces  . . . . . . . : 132
       Objects scanned . . . : 550,049
       Files scanned . . . . : 13,884
       Remnants scanned  . . : 124,963 files / 411,202 keys
    Potential Unwanted Programs _________________________________________________
       C:\Documents and Settings\Peter\Local Settings\Application Data\AskToolbar\ (AskBar)
       C:\Documents and Settings\Peter\Local Settings\Application Data\AskToolbar\cache.dat (AskBar)
       C:\Documents and Settings\Peter\Local Settings\Application Data\AskToolbar\config.xml (AskBar)
       C:\Program Files\Ask.com\ (AskBar)
       C:\Program Files\Ask.com\cb_fd.ico (AskBar)
       C:\Program Files\Ask.com\cobrand.ico (AskBar)
       C:\Program Files\Ask.com\config.xml (AskBar)
       C:\Program Files\Ask.com\favicon.ico (AskBar)
       C:\Program Files\Ask.com\fv_fc.ico (AskBar)
       C:\Program Files\Ask.com\mupcfg.xml (AskBar)
       C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\ (AskBar)
       C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\1033.MST (AskBar)
       HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1\ (AskBar)
       HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd\ (AskBar)
       HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9\ (AskBar)
       HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}\ (AskBar)
       HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E\ (AskBar)
       HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6\ (AskBar)
       HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7\ (AskBar)
       HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852\ (AskBar)
       HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0\ (AskBar)
       HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA\ (AskBar)
       HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96\ (AskBar)
       HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8\ (AskBar)
       HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01\ (AskBar)
       HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59\ (AskBar)
       HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED\ (AskBar)
       HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472\ (AskBar)
       HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296\ (AskBar)
       HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888\ (AskBar)
       HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC\ (AskBar)
       HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA\ (AskBar)
       HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E\ (AskBar)
       HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF\ (AskBar)
       HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E\ (AskBar)
       HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF\ (AskBar)
       HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\ (AskBar)
       HKU\S-1-5-21-1490736864-3752856970-3868903156-1006\Software\AskToolbar\ (AskBar)
    Cookies _____________________________________________________________________
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:2o7.net
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:ad.360yield.com
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:ad.yashi.com
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:ad.yieldmanager.com
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:adbrite.com
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:ads.addesktop.com
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:ads.batpmturner.com
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:ads.crakmedia.com
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:ads.creative-serving.com
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:ads.mail3x.com
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:ads.p161.net
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:ads.pgatour.com
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:ads.pointroll.com
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:ads.pornerbros.com
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:ads.pubmatic.com
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:ads.trafficjunky.net
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:ads.undertone.com
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:ads.ventivmedia.com
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:adtech.de
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:adultfriendfinder.com
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:advertising.com
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:apmebf.com
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:ar.atwola.com
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:at.atwola.com
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:atdmt.com
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:atwola.com
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:burstnet.com
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:c.atdmt.com
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:casalemedia.com
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:collective-media.net
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:doubleclick.net
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:engine.phn.doublepimp.com
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:ero-advertising.com
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:eset.122.2o7.net
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:exoclick.com
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:fastclick.net
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:highbeam.122.2o7.net
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:ikea.122.2o7.net
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:in.getclicky.com
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:invitemedia.com
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:irishtimesgroup.112.2o7.net
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:kontera.com
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:largeporntube.com
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:livejasmin.com
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:media6degrees.com
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:mediaplex.com
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:network.realmedia.com
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:new.livejasmin.com
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:overture.com
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:partypoker.com
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:pointroll.com
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:questionmarket.com
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:realmedia.com
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:revsci.net
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:rts.pgmediaserve.com
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:ru4.com
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:serving-sys.com
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:sexad.net
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:specificclick.net
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:stat.dealtime.com
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:statcounter.com
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:statse.webtrendslive.com
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:tacoda.at.atwola.com
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:tacoda.net
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:track.adform.net
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:tribalfusion.com
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:valspar.112.2o7.net
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:www.burstnet.com
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:www.googleadservices.com
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:www.largeporntube.com
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:www.partypoker.com
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:yieldmanager.net
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:zedo.com
       C:\Documents and Settings\Shel\Cookies\1D0QH1WS.txt
       C:\Documents and Settings\Shel\Cookies\2OLP4G1U.txt
       C:\Documents and Settings\Shel\Cookies\2R68X1WW.txt
       C:\Documents and Settings\Shel\Cookies\7BP0E9D2.txt
       C:\Documents and Settings\Shel\Cookies\9WCD49R6.txt
       C:\Documents and Settings\Shel\Cookies\CAB6WE6F.txt
       C:\Documents and Settings\Shel\Cookies\CNKESO16.txt
       C:\Documents and Settings\Shel\Cookies\CROC3S01.txt
       C:\Documents and Settings\Shel\Cookies\EV1110QP.txt
       C:\Documents and Settings\Shel\Cookies\FSE2J991.txt
       C:\Documents and Settings\Shel\Cookies\IPX8ARJL.txt
       C:\Documents and Settings\Shel\Cookies\IY3KUCKS.txt
       C:\Documents and Settings\Shel\Cookies\LB0T0TSV.txt
       C:\Documents and Settings\Shel\Cookies\O5ZF1S0P.txt
       C:\Documents and Settings\Shel\Cookies\PR3MBH4C.txt
       C:\Documents and Settings\Shel\Cookies\QZG0EAA6.txt
       C:\Documents and Settings\Shel\Cookies\RB87CDCX.txt
       C:\Documents and Settings\Shel\Cookies\TGEO3248.txt
       C:\Documents and Settings\Shel\Cookies\TMTD2M7P.txt
       C:\Documents and Settings\Shel\Cookies\VNS9I0KU.txt
       C:\Documents and Settings\Shel\Cookies\YEDFUZUJ.txt
    
     
  15. Batrico

    Batrico TS Rookie Topic Starter Posts: 50

    Code:
    HitmanPro 3.7.0.185
    www.hitmanpro.com
     
       Computer name . . . . : MICHELLE
       Windows . . . . . . . : 5.1.3.2600.X86/1
       User name . . . . . . : MICHELLE\Shel
       License . . . . . . . : Free
     
       Scan date . . . . . . : 2013-01-11 16:18:30
       Scan mode . . . . . . : Normal
       Scan duration . . . . : 8m 16s
       Disk access mode  . . : Direct disk access (SRB)
       Cloud . . . . . . . . : Internet
       Reboot  . . . . . . . : No
     
       Threats . . . . . . . : 0
       Traces  . . . . . . . : 132
     
       Objects scanned . . . : 550,049
       Files scanned . . . . : 13,884
       Remnants scanned  . . : 124,963 files / 411,202 keys
     
    Potential Unwanted Programs _________________________________________________
     
       C:\Documents and Settings\Peter\Local Settings\Application Data\AskToolbar\ (AskBar)
       C:\Documents and Settings\Peter\Local Settings\Application Data\AskToolbar\cache.dat (AskBar)
       C:\Documents and Settings\Peter\Local Settings\Application Data\AskToolbar\config.xml (AskBar)
       C:\Program Files\Ask.com\ (AskBar)
       C:\Program Files\Ask.com\cb_fd.ico (AskBar)
       C:\Program Files\Ask.com\cobrand.ico (AskBar)
       C:\Program Files\Ask.com\config.xml (AskBar)
       C:\Program Files\Ask.com\favicon.ico (AskBar)
       C:\Program Files\Ask.com\fv_fc.ico (AskBar)
       C:\Program Files\Ask.com\mupcfg.xml (AskBar)
       C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\ (AskBar)
       C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\1033.MST (AskBar)
       HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1\ (AskBar)
       HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd\ (AskBar)
       HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9\ (AskBar)
       HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}\ (AskBar)
       HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E\ (AskBar)
       HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6\ (AskBar)
       HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7\ (AskBar)
       HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852\ (AskBar)
       HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0\ (AskBar)
       HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA\ (AskBar)
       HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96\ (AskBar)
       HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8\ (AskBar)
       HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01\ (AskBar)
       HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59\ (AskBar)
       HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED\ (AskBar)
       HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472\ (AskBar)
       HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296\ (AskBar)
       HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888\ (AskBar)
       HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC\ (AskBar)
       HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA\ (AskBar)
       HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E\ (AskBar)
       HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF\ (AskBar)
       HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E\ (AskBar)
       HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF\ (AskBar)
       HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\ (AskBar)
       HKU\S-1-5-21-1490736864-3752856970-3868903156-1006\Software\AskToolbar\ (AskBar)
     
    Cookies _____________________________________________________________________
     
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:2o7.net
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:ad.360yield.com
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:ad.yashi.com
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:ad.yieldmanager.com
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:adbrite.com
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:ads.addesktop.com
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:ads.batpmturner.com
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:ads.crakmedia.com
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:ads.creative-serving.com
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:ads.mail3x.com
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:ads.p161.net
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:ads.pgatour.com
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:ads.pointroll.com
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:ads.pornerbros.com
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:ads.pubmatic.com
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:ads.trafficjunky.net
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:ads.undertone.com
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:ads.ventivmedia.com
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:adtech.de
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:adultfriendfinder.com
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:advertising.com
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:apmebf.com
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:ar.atwola.com
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:at.atwola.com
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:atdmt.com
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:atwola.com
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:burstnet.com
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:c.atdmt.com
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:casalemedia.com
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:collective-media.net
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:doubleclick.net
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:engine.phn.doublepimp.com
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:ero-advertising.com
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:eset.122.2o7.net
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:exoclick.com
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:fastclick.net
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:highbeam.122.2o7.net
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:ikea.122.2o7.net
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:in.getclicky.com
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:invitemedia.com
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:irishtimesgroup.112.2o7.net
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:kontera.com
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:largeporntube.com
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:livejasmin.com
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:media6degrees.com
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:mediaplex.com
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:network.realmedia.com
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:new.livejasmin.com
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:overture.com
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:partypoker.com
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:pointroll.com
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:questionmarket.com
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:realmedia.com
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:revsci.net
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:rts.pgmediaserve.com
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:ru4.com
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:serving-sys.com
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:sexad.net
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:specificclick.net
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:stat.dealtime.com
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:statcounter.com
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:statse.webtrendslive.com
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:tacoda.at.atwola.com
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:tacoda.net
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:track.adform.net
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:tribalfusion.com
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:valspar.112.2o7.net
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:www.burstnet.com
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:www.googleadservices.com
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:www.largeporntube.com
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:www.partypoker.com
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:yieldmanager.net
       C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:zedo.com
       C:\Documents and Settings\Shel\Cookies\1D0QH1WS.txt
       C:\Documents and Settings\Shel\Cookies\2OLP4G1U.txt
       C:\Documents and Settings\Shel\Cookies\2R68X1WW.txt
       C:\Documents and Settings\Shel\Cookies\7BP0E9D2.txt
       C:\Documents and Settings\Shel\Cookies\9WCD49R6.txt
       C:\Documents and Settings\Shel\Cookies\CAB6WE6F.txt
       C:\Documents and Settings\Shel\Cookies\CNKESO16.txt
       C:\Documents and Settings\Shel\Cookies\CROC3S01.txt
       C:\Documents and Settings\Shel\Cookies\EV1110QP.txt
       C:\Documents and Settings\Shel\Cookies\FSE2J991.txt
       C:\Documents and Settings\Shel\Cookies\IPX8ARJL.txt
       C:\Documents and Settings\Shel\Cookies\IY3KUCKS.txt
       C:\Documents and Settings\Shel\Cookies\LB0T0TSV.txt
       C:\Documents and Settings\Shel\Cookies\O5ZF1S0P.txt
       C:\Documents and Settings\Shel\Cookies\PR3MBH4C.txt
       C:\Documents and Settings\Shel\Cookies\QZG0EAA6.txt
       C:\Documents and Settings\Shel\Cookies\RB87CDCX.txt
       C:\Documents and Settings\Shel\Cookies\TGEO3248.txt
       C:\Documents and Settings\Shel\Cookies\TMTD2M7P.txt
       C:\Documents and Settings\Shel\Cookies\VNS9I0KU.txt
       C:\Documents and Settings\Shel\Cookies\YEDFUZUJ.txt
     
     
    
     
  16. Batrico

    Batrico TS Rookie Topic Starter Posts: 50

    Malwarebytes Anti-Rootkit 1.01.0.1011
    www.malwarebytes.org
    Database version: v2013.01.11.09
    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Shel :: MICHELLE [administrator]
    1/11/2013 5:07:09 PM
    mbar-log-2013-01-11 (17-07-09).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
    Scan options disabled:
    Objects scanned: 27184
    Time elapsed: 23 minute(s), 58 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 0
    (No malicious items detected)
    (end)
     
  17. Batrico

    Batrico TS Rookie Topic Starter Posts: 50

    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.01.0.1011
    (c) Malwarebytes Corporation 2011-2012
    OS version: 5.1.2600 Windows XP Service Pack 3 x86
    Account is Administrative
    Internet Explorer version: 8.0.6001.18702
    Java version: 1.6.0_35
    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED
    CPU speed: 1.795000 GHz
    Memory total: 467705856, free: 79757312
    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.01.0.1011
    (c) Malwarebytes Corporation 2011-2012
    OS version: 5.1.2600 Windows XP Service Pack 3 x86
    Account is Administrative
    Internet Explorer version: 8.0.6001.18702
    Java version: 1.6.0_35
    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED
    CPU speed: 1.795000 GHz
    Memory total: 467705856, free: 201916416
    ------------ Kernel report ------------
    01/11/2013 16:42:07
    ------------ Loaded modules -----------
    \WINDOWS\system32\ntkrnlpa.exe
    \WINDOWS\system32\hal.dll
    \WINDOWS\system32\KDCOM.DLL
    \WINDOWS\system32\BOOTVID.dll
    ACPI.sys
    \WINDOWS\system32\DRIVERS\WMILIB.SYS
    pci.sys
    isapnp.sys
    compbatt.sys
    \WINDOWS\system32\DRIVERS\BATTC.SYS
    pciide.sys
    \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    MountMgr.sys
    ftdisk.sys
    PartMgr.sys
    ACPIEC.sys
    \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
    VolSnap.sys
    atapi.sys
    disk.sys
    \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    fltmgr.sys
    sr.sys
    PxHelp20.sys
    KSecDD.sys
    Ntfs.sys
    inspect.sys
    \WINDOWS\System32\DRIVERS\NDIS.SYS
    \WINDOWS\System32\DRIVERS\TDI.SYS
    Mup.sys
    \SystemRoot\system32\DRIVERS\AmdK8.sys
    \SystemRoot\system32\DRIVERS\ati2mtag.sys
    \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    \SystemRoot\system32\DRIVERS\bcmwl5.sys
    \SystemRoot\system32\DRIVERS\usbohci.sys
    \SystemRoot\system32\DRIVERS\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\usbehci.sys
    \SystemRoot\system32\DRIVERS\imapi.sys
    \SystemRoot\system32\DRIVERS\cdrom.sys
    \SystemRoot\system32\DRIVERS\redbook.sys
    \SystemRoot\system32\DRIVERS\ks.sys
    \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    \SystemRoot\system32\DRIVERS\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\i8042prt.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\DRIVERS\SynTP.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\DRIVERS\sdbus.sys
    \SystemRoot\system32\DRIVERS\rimmptsk.sys
    \SystemRoot\system32\DRIVERS\CmBatt.sys
    \SystemRoot\system32\DRIVERS\audstub.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\psched.sys
    \SystemRoot\system32\DRIVERS\msgpc.sys
    \SystemRoot\system32\DRIVERS\ptilink.sys
    \SystemRoot\system32\DRIVERS\raspti.sys
    \SystemRoot\system32\DRIVERS\termdd.sys
    \SystemRoot\system32\DRIVERS\swenum.sys
    \SystemRoot\system32\DRIVERS\update.sys
    \SystemRoot\system32\DRIVERS\mssmbios.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
    \SystemRoot\system32\DRIVERS\HSX_DPV.sys
    \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
    \SystemRoot\System32\Drivers\Modem.SYS
    \SystemRoot\system32\drivers\sthda.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\System32\Drivers\i2omgmt.SYS
    \SystemRoot\System32\DRIVERS\cmdguard.sys
    \SystemRoot\System32\Drivers\Fs_Rec.SYS
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\Drivers\mnmdd.SYS
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\rasacd.sys
    \SystemRoot\system32\DRIVERS\ipsec.sys
    \SystemRoot\system32\DRIVERS\tcpip.sys
    \SystemRoot\System32\DRIVERS\cmdhlp.sys
    \SystemRoot\System32\Drivers\aswTdi.SYS
    \SystemRoot\system32\DRIVERS\netbt.sys
    \SystemRoot\System32\Drivers\aswRdr.SYS
    \SystemRoot\System32\drivers\ws2ifsl.sys
    \SystemRoot\System32\drivers\afd.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\System32\Drivers\Fips.SYS
    \SystemRoot\system32\DRIVERS\ipnat.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\System32\Drivers\aswSP.SYS
    \SystemRoot\System32\Drivers\aswSnx.SYS
    \SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS
    \SystemRoot\System32\Drivers\Aavmker4.SYS
    \SystemRoot\System32\Drivers\Cdfs.SYS
    \SystemRoot\System32\Drivers\dump_atapi.sys
    \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\System32\watchdog.sys
    \SystemRoot\System32\drivers\dxg.sys
    \SystemRoot\System32\drivers\dxgthk.sys
    \SystemRoot\System32\ati2dvag.dll
    \SystemRoot\System32\ati2cqag.dll
    \SystemRoot\System32\atikvmag.dll
    \SystemRoot\System32\ati3duag.dll
    \SystemRoot\System32\ativvaxx.dll
    \SystemRoot\System32\ATMFD.DLL
    \SystemRoot\System32\Drivers\aswFsBlk.SYS
    \SystemRoot\system32\DRIVERS\packet.sys
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\System32\Drivers\aswMon2.SYS
    \SystemRoot\system32\DRIVERS\mrxdav.sys
    \SystemRoot\system32\drivers\wdmaud.sys
    \SystemRoot\system32\drivers\sysaudio.sys
    \SystemRoot\system32\DRIVERS\mdmxsdk.sys
    \SystemRoot\system32\DRIVERS\secdrv.sys
    \SystemRoot\system32\DRIVERS\srv.sys
    \SystemRoot\System32\Drivers\HTTP.sys
    \SystemRoot\system32\DRIVERS\psi_mf.sys
    \SystemRoot\system32\drivers\kmixer.sys
    \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
    \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    \WINDOWS\system32\ntdll.dll
    ----------- End -----------
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xffffffff84bcb9c0
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-3\
    Lower Device Object: 0xffffffff84bcf818
    Lower Device Driver Name: \Driver\atapi\
    Driver name found: atapi
    DriverEntry returned 0x0
    Function returned 0x0
    Downloaded database version: v2013.01.11.09
    Downloaded database version: v2013.01.04.01
    Initializing...
    Done!
    <<<2>>>
    Device number: 0, partition: 2
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xffffffff84bcb9c0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff84bcb798, DeviceName: Unknown, DriverName: \Driver\PartMgr\
    DevicePointer: 0xffffffff84bcb9c0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xffffffff84bcf818, DeviceName: \Device\Ide\IdeDeviceP0T0L0-3\, DriverName: \Driver\atapi\
    ------------ End ----------
    Upper DeviceData: 0xffffffffe3490848, 0xffffffff84bcb9c0, 0xffffffff831ab6c0
    Lower DeviceData: 0xffffffffe30e5740, 0xffffffff84bcf818, 0xffffffff831e8458
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning directory: C:\WINDOWS\system32\drivers...
    Read File: File "C:\WINDOWS\system32\drivers\del1028.cty" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\gmreadme.txt" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\1028_Dell_INS_1501.mrk" is compressed (flags = 1)
    Done!
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: D0F4738C
    Partition information:
    Partition 0 type is Other (0xde)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63 Numsec = 224847
    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 224910 Numsec = 110655720
    Partition file system is NTFS
    Partition is bootable
    Partition 2 type is Other (0xdb)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 110896695 Numsec = 6297480
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Disk Size: 60011642880 bytes
    Sector size: 512 bytes
    Scanning physical sectors of unpartitioned space on drive 0 (1-62-117190240-117210240)...
    Done!
    Performing system, memory and registry scan...
    Read File: File "C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare" is compressed (flags = 1)
    Read File: File "C:\Documents and Settings\All Users\Application Data\GTek\gtny\counter.cfg" is compressed (flags = 1)
    Read File: File "C:\Documents and Settings\All Users\Application Data\GTek\gtny\gtuser.cfg" is compressed (flags = 1)
    Read File: File "C:\Documents and Settings\All Users\Application Data\PC Suite\ConfServer\Settings.xml" is compressed (flags = 1)
    Read File: File "C:\Documents and Settings\All Users\Application Data\QuickTime\QuickTimeFavorites.qtr" is compressed (flags = 1)
    Read File: File "C:\Documents and Settings\All Users\Application Data\SBSI\ORUN\bookmrk.dbf" is compressed (flags = 1)
    Read File: File "C:\Documents and Settings\All Users\Application Data\SBSI\ORUN\Grpsyll.dbf" is compressed (flags = 1)
    Read File: File "C:\Documents and Settings\All Users\Application Data\SBSI\ORUN\Progress.dbf" is compressed (flags = 1)
    Read File: File "C:\Documents and Settings\All Users\Application Data\SBSI\ORUN\Settings.dbf" is compressed (flags = 1)
    Read File: File "C:\Documents and Settings\All Users\Application Data\SBSI\ORUN\Syllabus.dbf" is compressed (flags = 1)
    Read File: File "C:\Documents and Settings\Default User\Application Data\Gtek\gtny\gtuser.cfg" is compressed (flags = 1)
    Read File: File "C:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\brndlog.bak" is compressed (flags = 1)
    Read File: File "C:\Documents and Settings\Default User\Application Data\Microsoft\Protect\CREDHIST" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\config\systemprofile\Application Data\desktop.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\config\systemprofile\Application Data\Gtek\gtny\gtuser.cfg" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\config\systemprofile\Application Data\McAfee.com Personal Firewall\MPFSettings.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\brndlog.bak" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Protect\CREDHIST" is compressed (flags = 1)
    Read File: File "C:\Program Files\Outlook Express\msoe.txt" is compressed (flags = 1)
    Read File: File "C:\Documents and Settings\Default User\Start Menu\Programs\Startup\desktop.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\ADODC.SRG" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\prodspec.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\DATALIST.SRG" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\DBGRID.SRG" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\DBLIST.SRG" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\dsound.vxd" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\ODBCINST.CNT" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\l_except.nls" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\pcl.sep" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\perfci.h" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\perffilt.h" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\pscript.sep" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\SYSINFO.SRG" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\View Channels.scf" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\CMDIALOG.SRG" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\cmos.ram" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\WINSOCK.SRG" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\MSMAPI.SRG" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\MSMASK.SRG" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\MSDATGRD.SRG" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\MSDATREP.SRG" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\MSDBRPT.SRG" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\perfwci.h" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\PICCLIP.SRG" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\SSTAB.SRG" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\MSHFLXGD.SRG" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\MSBIND.DEP" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\MSCAL.DEP" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\MCI.SRG" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\VSDBFLEX.SRG" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\INETCTLS.SRG" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\MSCHRT20.SRG" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\MSCOMCT2.SRG" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\MSCOMCTL.SRG" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\MSCOMM.SRG" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\RICHTEXT.SRG" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\COMCT332.SRG" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\COMCTL.SRG" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\COMCTL2.SRG" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\config\systemprofile\Application Data\desktop.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\etc\networks" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\oobe\msobe.isp" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\oobe\obeip.dun" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\oobe\reg.isp" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\oobe\migip.dun" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\oobe\migrate.isp" is compressed (flags = 1)
    Read File: File "C:\Documents and Settings\Default User\ntuser.ini" is compressed (flags = 1)
    Read File: File "C:\Documents and Settings\LocalService\ntuser.ini" is compressed (flags = 1)
    Read File: File "C:\Documents and Settings\NetworkService\ntuser.ini" is compressed (flags = 1)
    Read File: File "C:\Documents and Settings\Default User\Local Settings\desktop.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\desktop.ini" is compressed (flags = 1)
    Read File: File "C:\Documents and Settings\Default User\Local Settings\Application Data\fusioncache.dat" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\fusioncache.dat" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\desktop.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\explorer.scf" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\smscfg.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\AM_D8.PRF" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\TLTitleData.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\ODBC.INI" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\System.Web.Mobile\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\System.Web.RegularExpressions\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\System.Web.Services\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\cscompmgd\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\IEExecRemote\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\IEHost\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\IIEHost\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\ISymWrapper\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\mscorcfg\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\Regcode\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\System.Configuration.Install\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\System.Data\1.0.5000.0__b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\System.Data.OracleClient\1.0.5000.0__b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\System.Design\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\System.DirectoryServices\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\System.Management\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\System.Messaging\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\System.Runtime.Remoting\1.0.5000.0__b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\System.ServiceProcess\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.JScript\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.VisualBasic\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.VisualBasic.Vsa\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.VisualC\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Vsa\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Vsa.Vb.CodeDOMProcessor\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\assembly\GAC\Microsoft_VsaVb\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\Downloaded Program Files\muweb.inf" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\Help\windows.cnt" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\Help\winhlp32.cnt" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\Help\conf.cnt" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\Help\connect.cnt" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\Help\JETERR35.CNT" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\Help\mshearts.cnt" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\Help\msnauth.cnt" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\Help\nocontnt.cnt" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\Help\ratings.cnt" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\Help\update.cnt" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\Help\ciadmin.htm" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\installutil.exe.config" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\regsvcs.exe.rtm.config" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\vbc.exe.config" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\XPThemes.manifest" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\jsc.exe.config" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\l_except.nlp" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\regsvcs.exe.config" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\csc.exe.config" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\cvtres.exe.config" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\caspol.exe.config" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ConfigWizards.exe.config" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ieexec.exe.config" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ilasm.exe.config" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\regasm.exe.config" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet.mof.uninstall" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\SetupENU1.txt" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\SetupENU2.txt" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ASP.NETClientFiles\SmartNav.htm" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\Web\bullet.gif" is compressed (flags = 1)
    Read File: File "C:\Documents and Settings\Default User\Local Settings\desktop.ini" is compressed (flags = 1)
    Read File: File "C:\Documents and Settings\Default User\Local Settings\Application Data\fusioncache.dat" is compressed (flags = 1)
    Read File: File "C:\Documents and Settings\LocalService\Local Settings\History\desktop.ini" is compressed (flags = 1)
    Read File: File "C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)
    Read File: File "C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat" is compressed (flags = 1)
    Read File: File "C:\Documents and Settings\NetworkService\Local Settings\History\desktop.ini" is compressed (flags = 1)
    Read File: File "C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)
    Read File: File "C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\desktop.ini" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\fusioncache.dat" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)
    Read File: File "C:\Documents and Settings\Default User\Local Settings\Application Data\fusioncache.dat" is compressed (flags = 1)
    Read File: File "C:\Documents and Settings\Default User\Local Settings\Application Data\BVRP Software\NetWaiting\MoHlog.bak" is compressed (flags = 1)
    Read File: File "C:\Documents and Settings\Default User\Local Settings\Application Data\BVRP Software\NetWaiting\MoHlog.txt" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\fusioncache.dat" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\BVRP Software\NetWaiting\MoHlog.bak" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\BVRP Software\NetWaiting\MoHlog.txt" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\$NtUninstallKB2653956$\update.ver" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\$NtUninstallKB2653956$\updatebr.inf" is compressed (flags = 1)
    Done!
    Scan finished
    =======================================
     
  18. Batrico

    Batrico TS Rookie Topic Starter Posts: 50

    Everything seems fine thanks for your help.
     
  19. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hi there. It all appears to be good, so we will finish up to make sure your computer is protected from malware in the future.

    Clean up System Restore

    Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."
    • Select Start > All Programs > Accessories > System tools > System Restore.
    • On the dialogue box that appears select Create a Restore Point
    • Click NEXT
    • Enter a name e.g. Clean
    • Click CREATE

    Remove tools, temp files, old Restore Points

    Please run OTL
    • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

    • Then click the Run Fix button at the top.
    • Note: The fix for OTL sometimes hides your Desktop and Start menu so the cleanup can be completed. Do not be alerted, as this is normal.
    • It may open a log for you, but I don't need that.

    To remove all of the tools we used and the files and folders they created do the following:
    Double click OTL.exe.
    • Click the CleanUp button.
    • Select Yes when the "Begin cleanup Process?" prompt appears.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.
    Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

    Security Check

    Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
     
  20. Batrico

    Batrico TS Rookie Topic Starter Posts: 50

    Results of screen317's Security Check version 0.99.56
    Windows XP Service Pack 3 x86
    Internet Explorer 8
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    avast! Free Antivirus
    COMODO Internet Security
    `````````Anti-malware/Other Utilities Check:`````````
    XoftSpySE
    Secunia PSI (2.0.0.4003)
    Malwarebytes Anti-Malware version 1.70.0.1100
    CCleaner
    Java(TM) 6 Update 35
    Java version out of Date!
    Adobe Flash Player 11.5.502.146
    Adobe Reader 9 Adobe Reader out of Date!
    Mozilla Firefox (18.0)
    Google Chrome 23.0.1271.95
    Google Chrome 23.0.1271.97
    ````````Process Check: objlist.exe by Laurent````````
    Comodo Firewall cmdagent.exe
    Comodo Firewall cfp.exe
    Alwil Software Avast5 AvastSvc.exe
    Alwil Software Avast5 avastUI.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C:: 4%
    ````````````````````End of Log``````````````````````
     
  21. Batrico

    Batrico TS Rookie Topic Starter Posts: 50

    I just updated the java.will turn windows firewall off later,thought it was off.
     
  22. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Adobe Reader Update!

    Please download the newest version of Adobe Acrobat Reader from Adobe.com

    Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
    Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
    Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

    Once old versions are gone, please install the newest version.


    Personal Tips on Preventing Malware

    See this page for more info about malware and prevention.


    Any other questions before I mark this topic solved?
     
  23. Batrico

    Batrico TS Rookie Topic Starter Posts: 50

    HI I am positive the virus got on the laptop because the avast virus protection was off for two days because ithe years registration ran out.Ill make sure that doesnt happen again.Thanks for yiour help.You may now mark the thread as solved.
     
  24. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Awesome. Keep safe. Topic solved. √
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.