Solved My dad's PC is infected by unit virus (unit.exe)

Status
Not open for further replies.
B

Batrico

Posts: 55   +0
I booted up the laptop and it was taking ages to load anything so I opened task manager and a process called unit.exe was taking up 97-99 percent of cpu.I ended the process to be able to run the laptop programmes.Its an old laptop with minimum ram and processor and Xp but its all my dad needs.

I scanned with Malware bytes but it found nothing.I followed a forum instructions to use Combofix(which I have used before today) and its scanning for about half anhour and not got to the percentage stage yet.
I got a low memory warning in the middle of the scan so I had to click on ok. only time I moved the mouse.

Should I leave combofix running for another say half an hour or should I reboot.
help asap would be appreciated.
 
Give it a little more time. If that doesn't work out, reboot the computer and try again in Safe Mode with Networking (tap the F8 key just before Windows starts to load and select the Safe Mode with Networking option from the menu).
 
ComboFix 13-01-08.01 - Shel 01/10/2013 20:05:31.3.1 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.446.260 [GMT 0:00]
Running from: c:\documents and settings\Shel\Desktop\Commy.exe.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *Disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files\Internet Explorer\SET23.tmp
c:\program files\Internet Explorer\SET24.tmp
c:\program files\Internet Explorer\SET25.tmp
c:\program files\Internet Explorer\SETB.tmp
c:\program files\Internet Explorer\SETC.tmp
c:\program files\Internet Explorer\SETD.tmp
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\SET1C.tmp
c:\windows\system32\SET1D.tmp
c:\windows\system32\SET1E.tmp
c:\windows\system32\SET1F.tmp
c:\windows\system32\SET20.tmp
c:\windows\system32\SET21.tmp
c:\windows\system32\SET22.tmp
c:\windows\system32\SET23.tmp
c:\windows\system32\SET24.tmp
c:\windows\system32\SET25.tmp
c:\windows\system32\SET26.tmp
c:\windows\system32\SET27.tmp
c:\windows\system32\SET28.tmp
c:\windows\system32\SET29.tmp
c:\windows\system32\SET2A.tmp
c:\windows\system32\SET2B.tmp
c:\windows\system32\SET2C.tmp
c:\windows\system32\SET2E.tmp
c:\windows\system32\SET2F.tmp
c:\windows\system32\SET30.tmp
c:\windows\system32\SET31.tmp
c:\windows\system32\SET32.tmp
c:\windows\system32\SET33.tmp
c:\windows\system32\SET34.tmp
c:\windows\system32\SET35.tmp
c:\windows\system32\SET36.tmp
c:\windows\system32\SET37.tmp
c:\windows\system32\SET38.tmp
c:\windows\system32\SET39.tmp
c:\windows\system32\SET3A.tmp
c:\windows\system32\SET3B.tmp
c:\windows\system32\SET3C.tmp
c:\windows\system32\SET3D.tmp
c:\windows\system32\SET3E.tmp
c:\windows\system32\SET3F.tmp
c:\windows\system32\SET40.tmp
c:\windows\system32\SET41.tmp
c:\windows\system32\SET42.tmp
c:\windows\system32\SET43.tmp
c:\windows\system32\SET44.tmp
c:\windows\system32\SET46.tmp
c:\windows\system32\SET47.tmp
c:\windows\system32\SET48.tmp
c:\windows\system32\SET49.tmp
c:\windows\system32\SET4A.tmp
c:\windows\system32\SET4B.tmp
c:\windows\system32\SET4C.tmp
c:\windows\system32\SET4D.tmp
c:\windows\system32\SET4E.tmp
c:\windows\system32\SET4F.tmp
c:\windows\system32\SET50.tmp
c:\windows\system32\SET51.tmp
c:\windows\system32\SET52.tmp
c:\windows\system32\SET53.tmp
c:\windows\system32\SET54.tmp
c:\windows\system32\SET55.tmp
c:\windows\system32\SET56.tmp
c:\windows\system32\SET57.tmp
c:\windows\system32\SET58.tmp
c:\windows\system32\SET59.tmp
c:\windows\system32\SET5A.tmp
c:\windows\system32\SET5B.tmp
c:\windows\system32\SET5C.tmp
c:\windows\system32\SET5D.tmp
c:\windows\system32\SET5E.tmp
c:\windows\system32\SET5F.tmp
c:\windows\system32\SET60.tmp
c:\windows\system32\SET61.tmp
c:\windows\system32\SET62.tmp
c:\windows\system32\SET63.tmp
c:\windows\system32\SETA1.tmp
c:\windows\system32\SETA5.tmp
c:\windows\system32\SETA6.tmp
c:\windows\system32\SETA7.tmp
c:\windows\system32\SETAA.tmp
c:\windows\system32\SETAB.tmp
c:\windows\system32\SETAC.tmp
c:\windows\system32\SETAD.tmp
c:\windows\system32\SETAE.tmp
c:\windows\system32\SETC.tmp
c:\windows\system32\SETCF.tmp
c:\windows\system32\SETD3.tmp
c:\windows\system32\SETD4.tmp
c:\windows\system32\SETD5.tmp
c:\windows\system32\SETD8.tmp
c:\windows\system32\SETD9.tmp
c:\windows\system32\SETDA.tmp
c:\windows\system32\SETDB.tmp
c:\windows\system32\SETDC.tmp
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Files Created from 2012-12-10 to 2013-01-10 )))))))))))))))))))))))))))))))
.
.
2013-01-10 15:06 . 2013-01-10 15:06 -------- d-----w- c:\windows\LastGood.Tmp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-08 19:41 . 2012-09-17 02:47 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-08 19:41 . 2012-09-17 02:47 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-16 12:23 . 2004-08-10 12:50 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-12-14 16:49 . 2012-02-05 20:34 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-13 01:25 . 2004-08-10 12:51 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-08 11:29 . 2012-11-08 11:29 1402312 ----a-w- c:\windows\system32\msxml4.dll
2012-11-07 23:38 . 2012-03-11 20:13 99080 ----a-w- c:\windows\system32\drivers\inspect.sys
2012-11-07 23:38 . 2012-03-11 20:13 32640 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2012-11-07 23:38 . 2012-03-11 20:13 497952 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2012-11-07 23:38 . 2012-03-11 20:13 18096 ----a-w- c:\windows\system32\drivers\cmderd.sys
2012-11-07 23:37 . 2012-03-11 20:13 34024 ----a-w- c:\windows\system32\cmdcsr.dll
2012-11-07 23:37 . 2010-06-01 18:00 301264 ----a-w- c:\windows\system32\guard32.dll
2012-11-06 02:01 . 2008-04-14 00:12 1371648 ------w- c:\windows\system32\msxml6.dll
2012-11-02 02:02 . 2004-08-10 12:50 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:17 . 2004-08-10 12:51 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:17 . 2004-08-10 12:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-11-01 12:17 . 2004-08-10 12:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-01 00:35 . 2004-08-10 12:51 385024 ------w- c:\windows\system32\html.iec
2012-10-30 22:51 . 2011-07-14 23:12 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51 . 2009-08-05 16:32 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-10-30 22:51 . 2009-08-05 16:32 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-30 22:51 . 2009-08-05 16:31 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-30 22:51 . 2009-08-05 16:31 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-10-30 22:51 . 2009-08-05 16:31 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-10-30 22:51 . 2009-08-05 16:32 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-10-30 22:51 . 2009-08-05 16:31 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 22:51 . 2010-08-17 20:37 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 22:50 . 2009-08-05 16:31 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-12-11 11:36 . 2012-08-11 19:35 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2006-09-22 282624]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-09-22 761947]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-01 1392640]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 849280]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-10-30 4297136]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-11-07 6756048]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-12-14 512360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-10-14 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Dell Network Assistant.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Dell Network Assistant.lnk
backup=c:\windows\pss\Dell Network Assistant.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Shel^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
path=c:\documents and settings\Shel\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
2006-08-23 16:14 1032192 ----a-w- c:\program files\Dell\QuickSet\quickset.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2006-12-09 08:36 236544 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
2003-09-10 02:24 20480 ------w- c:\program files\NetWaiting\netwaiting.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC
.
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [3/11/2012 8:13 PM 32640]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [7/14/2011 11:12 PM 738504]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [8/5/2009 4:31 PM 361032]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [3/11/2012 8:13 PM 497952]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8/5/2009 4:31 PM 21256]
S3 cpuz;cpuz;\??\e:\aaaaa\tests\cpuz\cpuz.sys --> e:\aaaaa\tests\cpuz\cpuz.sys [?]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 8:30 AM 15544]
S3 scrcap;scrcap;c:\windows\system32\DRIVERS\scrcap.sys --> c:\windows\system32\DRIVERS\scrcap.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MDMXSDK
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-17 19:41]
.
2013-01-10 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\Alwil Software\Avast5\AvastEmUpdate.exe [2012-12-03 22:50]
.
2013-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-25 22:26]
.
2013-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-25 22:26]
.
2008-02-01 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2007-02-05 23:52]
.
2012-05-22 c:\windows\Tasks\XoftSpySE.job
- c:\program files\XoftSpySE\XoftSpy.exe [2006-06-19 15:35]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ie
mStart Page = hxxp://www.google.ie
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
FF - ProfilePath - c:\documents and settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-DVDLauncher - c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-10 20:17
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(604)
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll
c:\program files\ATI Technologies\ATI.ACE\MSVCP71.dll
.
Completion time: 2013-01-10 20:20:55
ComboFix-quarantined-files.txt 2013-01-10 20:20
.
Pre-Run: 20,423,901,184 bytes free
Post-Run: 21,488,488,448 bytes free
.
- - End Of File - - 0C85E85318D0080DD697B8A041670511
 
Excellent work!

RogueKiller Scan

  • Download RogueKiller from the following link and save it on your desktop:
    TechSpot
    Official Site (alternative
  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan
RGKRScan.png


  • Wait for the end of the scan.
  • The report has been created on the desktop.
  • Click on the Delete button.
RGKRDelete.png


  • The report has been created on the desktop.
  • Next click on the ShortcutsFix

    RGKRShortcutsFix.png
  • The report has been created on the desktop.
Please post:

All RKreport.txt text files located on your desktop.


Hitman Pro

Please download Hitman Pro

  • After the download completes please double click the program to run it.
  • Accept the terms of the license agreement and click Next
  • Let the scan run. It will not take long
  • When the scan finishes, and all the files have been uploaded to the Scan Cloud, click Next
  • Click Next again. At the bottom left you will see Export Scan Results To XML File. Click that and save it in a convenient location
  • Upload log.xml here for review please


Malwarebytes' Anti-Rootkit

Please download Malwarebytes' Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page for performing a scan.
  • Caution: This is a beta version so also read the disclaimer and back up all your data before using.
  • When the scan completes, click on the Cleanup button to remove any threats found and reboot the computer if prompted to do so.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • If there are problems with Internet access, Windows Update, Windows Firewall or other system issues, run the fixdamage tool located in the folder Malwarebytes Anti-Rootkit was run from and reboot your computer.
  • Two files (mbar-log-YYYY-MM-DD, system-log.txt) will be created and saved within that same folder.
  • Copy and paste the contents of these two log files in your next reply.
 
Sorry what am I looking for with Rogue Killer.I did a scan with ESET online scanner and found no threats.If I need to ill use rogue killer tomorrow.its late now.
 
RogueKiller V8.4.3 [Jan 10 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : https://www.techspot.com/downloads/5562-roguekiller.html
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Shel [Admin rights]
Mode : Scan -- Date : 01/11/2013 16:08:35

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: FUJITSU MHV2060BH +++++
--- User ---
[MBR] fcffc4437f94a9c56d6a7486d894a8fa
[BSP] 072e4731d9c3b0fb7639b8c568ab1145 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 109 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 224910 | Size: 54031 Mo
2 - [XXXXXX] UNKNOWN (0xdb) [VISIBLE] Offset (sectors): 110896695 | Size: 3074 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_01112013_02d1608.txt >>
RKreport[1]_S_01112013_02d1608.txt
 
RogueKiller V8.4.3 [Jan 10 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : https://www.techspot.com/downloads/5562-roguekiller.html
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Shel [Admin rights]
Mode : Remove -- Date : 01/11/2013 16:08:54
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 2 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: FUJITSU MHV2060BH +++++
--- User ---
[MBR] fcffc4437f94a9c56d6a7486d894a8fa
[BSP] 072e4731d9c3b0fb7639b8c568ab1145 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 109 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 224910 | Size: 54031 Mo
2 - [XXXXXX] UNKNOWN (0xdb) [VISIBLE] Offset (sectors): 110896695 | Size: 3074 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[2]_D_01112013_02d1608.txt >>
RKreport[1]_S_01112013_02d1608.txt ; RKreport[2]_D_01112013_02d1608.txt
 
RogueKiller V8.4.3 [Jan 10 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : https://www.techspot.com/downloads/5562-roguekiller.html
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Shel [Admin rights]
Mode : Shortcuts HJfix -- Date : 01/11/2013 16:12:04
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Driver : [LOADED] ¤¤¤
¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 5 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 74 / Fail 0
Start menu: Success 2 / Fail 0
User folder: Success 107 / Fail 0
My documents: Success 6 / Fail 6
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 256 / Fail 0
Backup: [NOT FOUND]
Drives:
[C:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[D:] \Device\CdRom0 -- 0x5 --> Skipped
Finished : << RKreport[3]_SC_01112013_02d1612.txt >>
RKreport[1]_S_01112013_02d1608.txt ; RKreport[2]_D_01112013_02d1608.txt ; RKreport[3]_SC_01112013_02d1612.txt
 
Code: 
HitmanPro 3.7.0.185
www.hitmanpro.com
   Computer name . . . . : MICHELLE
   Windows . . . . . . . : 5.1.3.2600.X86/1
   User name . . . . . . : MICHELLE\Shel
   License . . . . . . . : Free
   Scan date . . . . . . : 2013-01-11 16:18:30
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 8m 16s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No
   Threats . . . . . . . : 0
   Traces  . . . . . . . : 132
   Objects scanned . . . : 550,049
   Files scanned . . . . : 13,884
   Remnants scanned  . . : 124,963 files / 411,202 keys
Potential Unwanted Programs _________________________________________________
   C:\Documents and Settings\Peter\Local Settings\Application Data\AskToolbar\ (AskBar)
   C:\Documents and Settings\Peter\Local Settings\Application Data\AskToolbar\cache.dat (AskBar)
   C:\Documents and Settings\Peter\Local Settings\Application Data\AskToolbar\config.xml (AskBar)
   C:\Program Files\Ask.com\ (AskBar)
   C:\Program Files\Ask.com\cb_fd.ico (AskBar)
   C:\Program Files\Ask.com\cobrand.ico (AskBar)
   C:\Program Files\Ask.com\config.xml (AskBar)
   C:\Program Files\Ask.com\favicon.ico (AskBar)
   C:\Program Files\Ask.com\fv_fc.ico (AskBar)
   C:\Program Files\Ask.com\mupcfg.xml (AskBar)
   C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\ (AskBar)
   C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\1033.MST (AskBar)
   HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1\ (AskBar)
   HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd\ (AskBar)
   HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\ (AskBar)
   HKU\S-1-5-21-1490736864-3752856970-3868903156-1006\Software\AskToolbar\ (AskBar)
Cookies _____________________________________________________________________
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:2o7.net
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:ad.360yield.com
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:ad.yashi.com
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:ad.yieldmanager.com
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:adbrite.com
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:ads.addesktop.com
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:ads.batpmturner.com
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:ads.crakmedia.com
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:ads.creative-serving.com
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:ads.mail3x.com
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:ads.p161.net
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:ads.pgatour.com
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:ads.pointroll.com
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:ads.pornerbros.com
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:ads.pubmatic.com
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:ads.trafficjunky.net
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:ads.undertone.com
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:ads.ventivmedia.com
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:adtech.de
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:adultfriendfinder.com
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:advertising.com
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:apmebf.com
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:ar.atwola.com
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:at.atwola.com
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:atdmt.com
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:atwola.com
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:burstnet.com
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:c.atdmt.com
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:casalemedia.com
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:collective-media.net
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:doubleclick.net
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:engine.phn.doublepimp.com
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:ero-advertising.com
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:eset.122.2o7.net
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:exoclick.com
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:fastclick.net
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:highbeam.122.2o7.net
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:ikea.122.2o7.net
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:in.getclicky.com
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:invitemedia.com
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:irishtimesgroup.112.2o7.net
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:kontera.com
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:largeporntube.com
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:livejasmin.com
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:media6degrees.com
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:mediaplex.com
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:network.realmedia.com
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:new.livejasmin.com
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:overture.com
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:partypoker.com
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:pointroll.com
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:questionmarket.com
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:realmedia.com
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:revsci.net
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:rts.pgmediaserve.com
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:ru4.com
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:serving-sys.com
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:sexad.net
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:specificclick.net
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:stat.dealtime.com
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:statcounter.com
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:statse.webtrendslive.com
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:tacoda.at.atwola.com
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:tacoda.net
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:track.adform.net
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:tribalfusion.com
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:valspar.112.2o7.net
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:www.burstnet.com
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:www.googleadservices.com
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:www.largeporntube.com
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:www.partypoker.com
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:yieldmanager.net
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:zedo.com
   C:\Documents and Settings\Shel\Cookies\1D0QH1WS.txt
   C:\Documents and Settings\Shel\Cookies\2OLP4G1U.txt
   C:\Documents and Settings\Shel\Cookies\2R68X1WW.txt
   C:\Documents and Settings\Shel\Cookies\7BP0E9D2.txt
   C:\Documents and Settings\Shel\Cookies\9WCD49R6.txt
   C:\Documents and Settings\Shel\Cookies\CAB6WE6F.txt
   C:\Documents and Settings\Shel\Cookies\CNKESO16.txt
   C:\Documents and Settings\Shel\Cookies\CROC3S01.txt
   C:\Documents and Settings\Shel\Cookies\EV1110QP.txt
   C:\Documents and Settings\Shel\Cookies\FSE2J991.txt
   C:\Documents and Settings\Shel\Cookies\IPX8ARJL.txt
   C:\Documents and Settings\Shel\Cookies\IY3KUCKS.txt
   C:\Documents and Settings\Shel\Cookies\LB0T0TSV.txt
   C:\Documents and Settings\Shel\Cookies\O5ZF1S0P.txt
   C:\Documents and Settings\Shel\Cookies\PR3MBH4C.txt
   C:\Documents and Settings\Shel\Cookies\QZG0EAA6.txt
   C:\Documents and Settings\Shel\Cookies\RB87CDCX.txt
   C:\Documents and Settings\Shel\Cookies\TGEO3248.txt
   C:\Documents and Settings\Shel\Cookies\TMTD2M7P.txt
   C:\Documents and Settings\Shel\Cookies\VNS9I0KU.txt
   C:\Documents and Settings\Shel\Cookies\YEDFUZUJ.txt
 
Code: 
HitmanPro 3.7.0.185
www.hitmanpro.com
 
   Computer name . . . . : MICHELLE
   Windows . . . . . . . : 5.1.3.2600.X86/1
   User name . . . . . . : MICHELLE\Shel
   License . . . . . . . : Free
 
   Scan date . . . . . . : 2013-01-11 16:18:30
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 8m 16s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No
 
   Threats . . . . . . . : 0
   Traces  . . . . . . . : 132
 
   Objects scanned . . . : 550,049
   Files scanned . . . . : 13,884
   Remnants scanned  . . : 124,963 files / 411,202 keys
 
Potential Unwanted Programs _________________________________________________
 
   C:\Documents and Settings\Peter\Local Settings\Application Data\AskToolbar\ (AskBar)
   C:\Documents and Settings\Peter\Local Settings\Application Data\AskToolbar\cache.dat (AskBar)
   C:\Documents and Settings\Peter\Local Settings\Application Data\AskToolbar\config.xml (AskBar)
   C:\Program Files\Ask.com\ (AskBar)
   C:\Program Files\Ask.com\cb_fd.ico (AskBar)
   C:\Program Files\Ask.com\cobrand.ico (AskBar)
   C:\Program Files\Ask.com\config.xml (AskBar)
   C:\Program Files\Ask.com\favicon.ico (AskBar)
   C:\Program Files\Ask.com\fv_fc.ico (AskBar)
   C:\Program Files\Ask.com\mupcfg.xml (AskBar)
   C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\ (AskBar)
   C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\1033.MST (AskBar)
   HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1\ (AskBar)
   HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd\ (AskBar)
   HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\ (AskBar)
   HKU\S-1-5-21-1490736864-3752856970-3868903156-1006\Software\AskToolbar\ (AskBar)
 
Cookies _____________________________________________________________________
 
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:2o7.net
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:ad.360yield.com
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:ad.yashi.com
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:ad.yieldmanager.com
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:adbrite.com
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:ads.addesktop.com
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:ads.batpmturner.com
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:ads.crakmedia.com
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:ads.creative-serving.com
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:ads.mail3x.com
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:ads.p161.net
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:ads.pgatour.com
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:ads.pointroll.com
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:ads.pornerbros.com
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:ads.pubmatic.com
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:ads.trafficjunky.net
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:ads.undertone.com
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:ads.ventivmedia.com
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:adtech.de
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:adultfriendfinder.com
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:advertising.com
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:apmebf.com
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:ar.atwola.com
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:at.atwola.com
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:atdmt.com
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:atwola.com
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:burstnet.com
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:c.atdmt.com
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:casalemedia.com
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:collective-media.net
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:doubleclick.net
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:engine.phn.doublepimp.com
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:ero-advertising.com
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:eset.122.2o7.net
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:exoclick.com
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:fastclick.net
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:highbeam.122.2o7.net
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:ikea.122.2o7.net
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:in.getclicky.com
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:invitemedia.com
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:irishtimesgroup.112.2o7.net
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:kontera.com
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:largeporntube.com
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:livejasmin.com
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:media6degrees.com
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:mediaplex.com
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:network.realmedia.com
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:new.livejasmin.com
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:overture.com
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:partypoker.com
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:pointroll.com
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:questionmarket.com
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:realmedia.com
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:revsci.net
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:rts.pgmediaserve.com
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:ru4.com
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:serving-sys.com
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:sexad.net
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:specificclick.net
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:stat.dealtime.com
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:statcounter.com
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:statse.webtrendslive.com
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:tacoda.at.atwola.com
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:tacoda.net
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:track.adform.net
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:tribalfusion.com
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:valspar.112.2o7.net
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:www.burstnet.com
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:www.googleadservices.com
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:www.largeporntube.com
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:www.partypoker.com
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:yieldmanager.net
   C:\Documents and Settings\Shel\Application Data\Mozilla\Firefox\Profiles\j7178s2o.default\cookies.sqlite:zedo.com
   C:\Documents and Settings\Shel\Cookies\1D0QH1WS.txt
   C:\Documents and Settings\Shel\Cookies\2OLP4G1U.txt
   C:\Documents and Settings\Shel\Cookies\2R68X1WW.txt
   C:\Documents and Settings\Shel\Cookies\7BP0E9D2.txt
   C:\Documents and Settings\Shel\Cookies\9WCD49R6.txt
   C:\Documents and Settings\Shel\Cookies\CAB6WE6F.txt
   C:\Documents and Settings\Shel\Cookies\CNKESO16.txt
   C:\Documents and Settings\Shel\Cookies\CROC3S01.txt
   C:\Documents and Settings\Shel\Cookies\EV1110QP.txt
   C:\Documents and Settings\Shel\Cookies\FSE2J991.txt
   C:\Documents and Settings\Shel\Cookies\IPX8ARJL.txt
   C:\Documents and Settings\Shel\Cookies\IY3KUCKS.txt
   C:\Documents and Settings\Shel\Cookies\LB0T0TSV.txt
   C:\Documents and Settings\Shel\Cookies\O5ZF1S0P.txt
   C:\Documents and Settings\Shel\Cookies\PR3MBH4C.txt
   C:\Documents and Settings\Shel\Cookies\QZG0EAA6.txt
   C:\Documents and Settings\Shel\Cookies\RB87CDCX.txt
   C:\Documents and Settings\Shel\Cookies\TGEO3248.txt
   C:\Documents and Settings\Shel\Cookies\TMTD2M7P.txt
   C:\Documents and Settings\Shel\Cookies\VNS9I0KU.txt
   C:\Documents and Settings\Shel\Cookies\YEDFUZUJ.txt
 
Malwarebytes Anti-Rootkit 1.01.0.1011
www.malwarebytes.org
Database version: v2013.01.11.09
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Shel :: MICHELLE [administrator]
1/11/2013 5:07:09 PM
mbar-log-2013-01-11 (17-07-09).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 27184
Time elapsed: 23 minute(s), 58 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
 
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1011
(c) Malwarebytes Corporation 2011-2012
OS version: 5.1.2600 Windows XP Service Pack 3 x86
Account is Administrative
Internet Explorer version: 8.0.6001.18702
Java version: 1.6.0_35
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.795000 GHz
Memory total: 467705856, free: 79757312
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1011
(c) Malwarebytes Corporation 2011-2012
OS version: 5.1.2600 Windows XP Service Pack 3 x86
Account is Administrative
Internet Explorer version: 8.0.6001.18702
Java version: 1.6.0_35
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.795000 GHz
Memory total: 467705856, free: 201916416
------------ Kernel report ------------
01/11/2013 16:42:07
------------ Loaded modules -----------
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
compbatt.sys
\WINDOWS\system32\DRIVERS\BATTC.SYS
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
PartMgr.sys
ACPIEC.sys
\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
PxHelp20.sys
KSecDD.sys
Ntfs.sys
inspect.sys
\WINDOWS\System32\DRIVERS\NDIS.SYS
\WINDOWS\System32\DRIVERS\TDI.SYS
Mup.sys
\SystemRoot\system32\DRIVERS\AmdK8.sys
\SystemRoot\system32\DRIVERS\ati2mtag.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\bcmwl5.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\sdbus.sys
\SystemRoot\system32\DRIVERS\rimmptsk.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\HSXHWAZL.sys
\SystemRoot\system32\DRIVERS\HSX_DPV.sys
\SystemRoot\system32\DRIVERS\HSX_CNXT.sys
\SystemRoot\System32\Drivers\Modem.SYS
\SystemRoot\system32\drivers\sthda.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\System32\Drivers\i2omgmt.SYS
\SystemRoot\System32\DRIVERS\cmdguard.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\System32\DRIVERS\cmdhlp.sys
\SystemRoot\System32\Drivers\aswTdi.SYS
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\System32\Drivers\aswRdr.SYS
\SystemRoot\System32\drivers\ws2ifsl.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\System32\Drivers\aswSP.SYS
\SystemRoot\System32\Drivers\aswSnx.SYS
\SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS
\SystemRoot\System32\Drivers\Aavmker4.SYS
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\ati2dvag.dll
\SystemRoot\System32\ati2cqag.dll
\SystemRoot\System32\atikvmag.dll
\SystemRoot\System32\ati3duag.dll
\SystemRoot\System32\ativvaxx.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\System32\Drivers\aswFsBlk.SYS
\SystemRoot\system32\DRIVERS\packet.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\System32\Drivers\aswMon2.SYS
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\system32\DRIVERS\mdmxsdk.sys
\SystemRoot\system32\DRIVERS\secdrv.sys
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\psi_mf.sys
\SystemRoot\system32\drivers\kmixer.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff84bcb9c0
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-3\
Lower Device Object: 0xffffffff84bcf818
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
DriverEntry returned 0x0
Function returned 0x0
Downloaded database version: v2013.01.11.09
Downloaded database version: v2013.01.04.01
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff84bcb9c0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff84bcb798, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff84bcb9c0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff84bcf818, DeviceName: \Device\Ide\IdeDeviceP0T0L0-3\, DriverName: \Driver\atapi\
------------ End ----------
Upper DeviceData: 0xffffffffe3490848, 0xffffffff84bcb9c0, 0xffffffff831ab6c0
Lower DeviceData: 0xffffffffe30e5740, 0xffffffff84bcf818, 0xffffffff831e8458
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\WINDOWS\system32\drivers...
Read File: File "C:\WINDOWS\system32\drivers\del1028.cty" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\gmreadme.txt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\1028_Dell_INS_1501.mrk" is compressed (flags = 1)
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: D0F4738C
Partition information:
Partition 0 type is Other (0xde)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 224847
Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 224910 Numsec = 110655720
Partition file system is NTFS
Partition is bootable
Partition 2 type is Other (0xdb)
Partition is NOT ACTIVE.
Partition starts at LBA: 110896695 Numsec = 6297480
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 60011642880 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-62-117190240-117210240)...
Done!
Performing system, memory and registry scan...
Read File: File "C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\All Users\Application Data\GTek\gtny\counter.cfg" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\All Users\Application Data\GTek\gtny\gtuser.cfg" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\All Users\Application Data\PC Suite\ConfServer\Settings.xml" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\All Users\Application Data\QuickTime\QuickTimeFavorites.qtr" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\All Users\Application Data\SBSI\ORUN\bookmrk.dbf" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\All Users\Application Data\SBSI\ORUN\Grpsyll.dbf" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\All Users\Application Data\SBSI\ORUN\Progress.dbf" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\All Users\Application Data\SBSI\ORUN\Settings.dbf" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\All Users\Application Data\SBSI\ORUN\Syllabus.dbf" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Default User\Application Data\Gtek\gtny\gtuser.cfg" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\brndlog.bak" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Default User\Application Data\Microsoft\Protect\CREDHIST" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\config\systemprofile\Application Data\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\config\systemprofile\Application Data\Gtek\gtny\gtuser.cfg" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\config\systemprofile\Application Data\McAfee.com Personal Firewall\MPFSettings.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\brndlog.bak" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Protect\CREDHIST" is compressed (flags = 1)
Read File: File "C:\Program Files\Outlook Express\msoe.txt" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Default User\Start Menu\Programs\Startup\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\ADODC.SRG" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\prodspec.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\DATALIST.SRG" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\DBGRID.SRG" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\DBLIST.SRG" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\dsound.vxd" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\ODBCINST.CNT" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\l_except.nls" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\pcl.sep" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\perfci.h" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\perffilt.h" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\pscript.sep" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\SYSINFO.SRG" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\View Channels.scf" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\CMDIALOG.SRG" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\cmos.ram" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\WINSOCK.SRG" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\MSMAPI.SRG" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\MSMASK.SRG" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\MSDATGRD.SRG" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\MSDATREP.SRG" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\MSDBRPT.SRG" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\perfwci.h" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\PICCLIP.SRG" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\SSTAB.SRG" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\MSHFLXGD.SRG" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\MSBIND.DEP" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\MSCAL.DEP" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\MCI.SRG" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\VSDBFLEX.SRG" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\INETCTLS.SRG" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\MSCHRT20.SRG" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\MSCOMCT2.SRG" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\MSCOMCTL.SRG" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\MSCOMM.SRG" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\RICHTEXT.SRG" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\COMCT332.SRG" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\COMCTL.SRG" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\COMCTL2.SRG" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\config\systemprofile\Application Data\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\etc\networks" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\oobe\msobe.isp" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\oobe\obeip.dun" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\oobe\reg.isp" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\oobe\migip.dun" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\oobe\migrate.isp" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Default User\ntuser.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\LocalService\ntuser.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NetworkService\ntuser.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Default User\Local Settings\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Default User\Local Settings\Application Data\fusioncache.dat" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\fusioncache.dat" is compressed (flags = 1)
Read File: File "C:\WINDOWS\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\explorer.scf" is compressed (flags = 1)
Read File: File "C:\WINDOWS\smscfg.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\AM_D8.PRF" is compressed (flags = 1)
Read File: File "C:\WINDOWS\TLTitleData.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\ODBC.INI" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\System.Web.Mobile\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\System.Web.RegularExpressions\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\System.Web.Services\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\cscompmgd\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\IEExecRemote\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\IEHost\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\IIEHost\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\ISymWrapper\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\mscorcfg\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Regcode\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\System.Configuration.Install\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\System.Data\1.0.5000.0__b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\System.Data.OracleClient\1.0.5000.0__b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\System.Design\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\System.DirectoryServices\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\System.Management\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\System.Messaging\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\System.Runtime.Remoting\1.0.5000.0__b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\System.ServiceProcess\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.JScript\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.VisualBasic\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.VisualBasic.Vsa\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.VisualC\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Vsa\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Vsa.Vb.CodeDOMProcessor\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft_VsaVb\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Downloaded Program Files\muweb.inf" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Help\windows.cnt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Help\winhlp32.cnt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Help\conf.cnt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Help\connect.cnt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Help\JETERR35.CNT" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Help\mshearts.cnt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Help\msnauth.cnt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Help\nocontnt.cnt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Help\ratings.cnt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Help\update.cnt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Help\ciadmin.htm" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\installutil.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\regsvcs.exe.rtm.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\vbc.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\XPThemes.manifest" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\jsc.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\l_except.nlp" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\regsvcs.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\csc.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\cvtres.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\caspol.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ConfigWizards.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ieexec.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ilasm.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\regasm.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet.mof.uninstall" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\SetupENU1.txt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\SetupENU2.txt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ASP.NETClientFiles\SmartNav.htm" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Web\bullet.gif" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Default User\Local Settings\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Default User\Local Settings\Application Data\fusioncache.dat" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\LocalService\Local Settings\History\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NetworkService\Local Settings\History\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\fusioncache.dat" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Default User\Local Settings\Application Data\fusioncache.dat" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Default User\Local Settings\Application Data\BVRP Software\NetWaiting\MoHlog.bak" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Default User\Local Settings\Application Data\BVRP Software\NetWaiting\MoHlog.txt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\fusioncache.dat" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\BVRP Software\NetWaiting\MoHlog.bak" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\BVRP Software\NetWaiting\MoHlog.txt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\$NtUninstallKB2653956$\update.ver" is compressed (flags = 1)
Read File: File "C:\WINDOWS\$NtUninstallKB2653956$\updatebr.inf" is compressed (flags = 1)
Done!
Scan finished
=======================================
 
Hi there. It all appears to be good, so we will finish up to make sure your computer is protected from malware in the future.

Clean up System Restore

Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."
  • Select Start > All Programs > Accessories > System tools > System Restore.
  • On the dialogue box that appears select Create a Restore Point
  • Click NEXT
  • Enter a name e.g. Clean
  • Click CREATE

Remove tools, temp files, old Restore Points

Please run OTL
  • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

    :files
    ipconfig /flushdns /c

    :commands
    [CLEARALLRESTOREPOINTS]
    [emptyflash]
    [emptytemp]
    [emptyjava]
    [reboot]
    Click to expand...
  • Then click the Run Fix button at the top.
  • Note: The fix for OTL sometimes hides your Desktop and Start menu so the cleanup can be completed. Do not be alerted, as this is normal.
  • It may open a log for you, but I don't need that.

To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.
  • Click the CleanUp button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.
Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Security Check

Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
 
Results of screen317's Security Check version 0.99.56
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Free Antivirus
COMODO Internet Security
`````````Anti-malware/Other Utilities Check:`````````
XoftSpySE
Secunia PSI (2.0.0.4003)
Malwarebytes Anti-Malware version 1.70.0.1100
CCleaner
Java(TM) 6 Update 35
Java version out of Date!
Adobe Flash Player 11.5.502.146
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (18.0)
Google Chrome 23.0.1271.95
Google Chrome 23.0.1271.97
````````Process Check: objlist.exe by Laurent````````
Comodo Firewall cmdagent.exe
Comodo Firewall cfp.exe
Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 avastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 4%
````````````````````End of Log``````````````````````
 
Adobe Reader Update!

Please download the newest version of Adobe Acrobat Reader from Adobe.com

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.


Personal Tips on Preventing Malware

See this page for more info about malware and prevention.


Any other questions before I mark this topic solved?
 
HI I am positive the virus got on the laptop because the avast virus protection was off for two days because ithe years registration ran out.Ill make sure that doesnt happen again.Thanks for yiour help.You may now mark the thread as solved.
 
Status
Not open for further replies.

Similar threads

D
AMD Zen 5 core architecture could be 40% faster than Zen 4
Replies
21
Views
315
Puiu
Puiu
NavaErick
How i stop my laptop speakers to sound crackling
Replies
1
Views
708
garyk
G
Cal Jeffrey
Worldwide scientific collaboration finds LK-99 is not a room-temperature superconductor
Replies
5
Views
497
Random Commenter
R

Latest posts

Back