New Zealand Police / Ukash

[Sue64]

Haven't got the log for the above question as yet, can't always get the option to start in safe mode

Hope you can help, thanks

 

[kuttus]

Hi and welcome to the malwaretips.com forums!

I'm Kuttus and I am going to try to assist you with your problem. Please take note of the below:

• I will start working on your malware issues, this may or may not, solve other issues you have with your machine.
• The fixes are specific to your problem and should only be used for this issue on this machine!
• The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
• If you don't know, stop and ask! Don't keep going on.
• Please reply to this thread. Do not start a new topic.
• Refrain from running self fixes as this will hinder the malware removal process.
• It may prove beneficial if you print of the following instructions or save them to notepad as I post them.

Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.


Before we start:
Please be aware that removing malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.
<hr />

Which Operating System are you using?

 

[Sue64]

Hi,
Thanks for your reply. The operating system is Windows XP

 

[kuttus]

Please print these instruction out so that you know what you are doing

• Download OTLPENet.exe to your desktop
• Download Farbar Recovery Scan Tool and save it to a flash drive.
• Download List Parts and save it to the flash drive also.
• Ensure that you have a blank CD in the drive
• Double click OTLPENet.exe and this will then open imgburn to burn the file to CD
• Reboot your system using the boot CD you just created.
  Note If you do not know how to set your computer to boot from CD follow the steps here
• Wait for the CD to detect your hardware and load the operating system
• Your system should now display a Reatogo desktop
  Note as you are running from CD it is not exactly speedy
• Insert the USB with FRST
• Locate the flash drive with FRST and double click
• The tool will start to run.
• When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
• Next click List Parts and then click Scan
• It will make a log Results.txt on the flash drive. Please copy and paste it to your reply.

 

[Sue64]

Hi,
We have done that now, here are the logs

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 30-07-2013 04
Ran by SYSTEM on 31-07-2013 15:16:48
Running from D:\
Microsoft Windows XP (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Recovery

The current controlset is ControlSet003
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [BrowserBrand] - C:\Program Files\ONLINE~1\XTRA\brand.exe [113408 2000-06-23] (Microsoft Corporation)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\qttask.exe [282624 2007-04-26] (Apple Inc.)
HKLM\...\Run: [Easy-PrintToolBox] - C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE [409600 2004-01-13] (CANON INC.)
HKLM\...\Run: [InCD] - C:\Program Files\Ahead\InCD\InCD.exe [1450096 2004-09-12] (Ahead Software AG)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [248040 2010-02-17] (Sun Microsystems, Inc.)
HKLM\...\Run: [TkBellExe] - C:\Program Files\Common Files\Real\Update_OB\realsched.exe [151597 2003-11-23] (RealNetworks, Inc.)
HKLM\...\Run: [mcui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [1278064 2013-03-13] (McAfee, Inc.)
HKLM\...\Run: [LVCOMSX] - C:\WINDOWS\system32\LVCOMSX.EXE [221184 2005-07-19] (Logitech Inc.)
HKLM\...\Run: [DATAMNGR] - C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\DATAMN~1.EXE [1599920 2011-08-09] (iMesh, Inc)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2010-06-19] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM\...\Run: [KernelFaultCheck] - %systemroot%\system32\dumprep 0 -k [x]
HKLM\...\Run: [Utility Chest Search Scope Monitor] - C:\PROGRA~1\UTILIT~2\bar\1.bin\49srchmn.exe [44784 2013-05-12] (MindSpark)
HKLM\...\Run: [UtilityChest_49 Browser Plugin Loader] - C:\PROGRA~1\UTILIT~2\bar\1.bin\49brmon.exe [30096 2013-05-12] (VER_COMPANY_NAME)
HKLM\...\Run: [Allin1Convert Search Scope Monitor] - C:\PROGRA~1\ALLIN1~2\bar\1.bin\8hsrchmn.exe [44784 2013-07-27] (MindSpark)
HKLM\...\Run: [Allin1Convert_8h Browser Plugin Loader] - C:\PROGRA~1\ALLIN1~2\bar\1.bin\8hbrmon.exe [30096 2013-07-27] (VER_COMPANY_NAME)
Winlogon\Notify\igfxcui: igfxsrvc.dll (Intel Corporation)
Winlogon\Notify\WgaLogon: WgaLogon.dll (Microsoft Corporation)
HKU\Guest\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [ 2008-04-13] (Microsoft Corporation)
HKU\Roger\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\qttask.exe [ 2007-04-26] (Apple Inc.)
HKU\Roger\...\Run: [DriverFinder] - C:\Documents and Settings\Roger\Desktop\New Folder\DriverFinder\DriverFinder.exe [x]
HKU\Roger\...\Winlogon: [Shell] explorer.exe,C:\Documents and Settings\Roger\Application Data\cache.dat [ 2010-12-09] () <==== ATTENTION
SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - No File
SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll (Microsoft Corporation)

========================== Services (Whitelisted) =================

S2 6to4; C:\Windows\System32\6to4svc.dll [100864 2010-02-12] (Microsoft Corporation)
S2 Allin1Convert_8hService; C:\PROGRA~1\ALLIN1~2\bar\1.bin\8hbarsvc.exe [42504 2013-07-27] (COMPANYVERS_NAME)
S2 InCDsrv; C:\Program Files\Ahead\InCD\InCDsrv.exe [1192050 2004-09-12] (Ahead Software AG)
S2 McMPFSvc; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-30] (McAfee, Inc.)
S2 mcmscsvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [167784 2012-08-30] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [167784 2012-08-30] (McAfee, Inc.)
S2 McNASvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [167784 2012-08-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [279048 2012-11-16] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [167784 2012-08-30] (McAfee, Inc.)
S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [203840 2013-02-18] (McAfee, Inc.)
S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [169320 2013-02-18] (McAfee, Inc.)
S2 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [172416 2013-02-18] (McAfee, Inc.)
S2 SLService; C:\Windows\System32\slserv.exe [73796 2004-01-07] (Smart Link)
S2 UtilityChest_49Service; C:\PROGRA~1\UTILIT~2\bar\1.bin\49barsvc.exe [42504 2013-05-12] (COMPANYVERS_NAME)
S3 AppMgmt; %SystemRoot%\System32\appmgmts.dll [x]
S3 iPod Service; "C:\Program Files\iPod\bin\iPodService.exe" [x]
S2 JavaQuickStarterService; "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" [x]

==================== Drivers (Whitelisted) ====================

S1 Asapi; C:\Windows\System32\Drivers\Asapi.sys [11264 2002-08-05] (VOB Computersysteme GmbH)
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S1 cdrbsvsd; C:\Windows\System32\Drivers\cdrbsvsd.sys [13566 2003-12-03] (B.H.A Corporation)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [60920 2013-02-18] (McAfee, Inc.)
S3 cpudrv; C:\Program Files\SystemRequirementsLab\cpudrv.sys [11336 2011-06-01] ()
S3 FilterService; C:\Windows\System32\DRIVERS\lvuvcflt.sys [23832 2009-10-07] (Logitech Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [146872 2012-04-19] (McAfee, Inc.)
S3 ialm; C:\Windows\System32\DRIVERS\ialmnt5.sys [80283 2002-10-24] (Intel Corporation)
S0 IdeBusDr; C:\Windows\System32\DRIVERS\IdeBusDr.sys [13891 2002-10-14] (Intel Corporation)
S0 IdeChnDr; C:\Windows\System32\DRIVERS\IdeChnDr.sys [101431 2002-10-14] (Intel Corporation)
S4 InCDfs; C:\Windows\System32\Drivers\InCDfs.sys [93440 2004-09-12] (Ahead Software AG)
S1 InCDPass; C:\Windows\System32\DRIVERS\InCDPass.sys [28672 2004-09-12] (Ahead Software AG)
S1 InCDrec; C:\Windows\System32\Drivers\InCDrec.sys [7680 2004-09-12] (Ahead Software AG)
S1 incdrm; C:\Windows\System32\Drivers\incdrm.sys [28080 2003-12-30] (Ahead Software AG)
S3 LVUSBSta; C:\Windows\System32\drivers\lvusbsta.sys [22016 2005-05-26] (Logitech Inc.)
S2 MASPINT; C:\Windows\System32\Drivers\MASPINT.sys [8096 2000-03-29] (MicroStaff Co.,Ltd.)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [133416 2013-02-18] (McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [235264 2013-02-18] (McAfee, Inc.)
S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [65928 2013-02-18] (McAfee, Inc.)
S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [363080 2013-02-18] (McAfee, Inc.)
S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [565888 2013-02-18] (McAfee, Inc.)
S3 mfendisk; C:\Windows\System32\DRIVERS\mfendisk.sys [84904 2013-02-18] (McAfee, Inc.)
S3 mfendiskmp; C:\Windows\System32\DRIVERS\mfendisk.sys [84904 2013-02-18] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [92632 2013-02-18] (McAfee, Inc.)
S1 mfetdi2k; C:\Windows\System32\drivers\mfetdi2k.sys [91640 2013-02-18] (McAfee, Inc.)
S3 MREMPR5; C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [19345 2007-03-04] (Motive, Inc.)
S3 MRENDIS5; C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [18003 2007-03-04] (Motive, Inc.)
S3 Mtlmnt5; C:\Windows\System32\DRIVERS\Mtlmnt5.sys [126686 2004-03-31] (Smart Link)
S3 Mtlstrm; C:\Windows\System32\DRIVERS\Mtlstrm.sys [1309184 2004-01-27] (Smart Link)
S3 NABTSFEC; C:\Windows\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-13] (Microsoft Corporation)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 NtMtlFax; C:\Windows\System32\DRIVERS\NtMtlFax.sys [180360 2004-01-27] (Smart Link)
S3 PID_0920; C:\Windows\System32\DRIVERS\LV532AV.SYS [163328 2005-01-30] ()
S0 RecAgent; C:\Windows\System32\DRIVERS\RecAgent.sys [13776 2004-01-12] (Smart Link)
S3 SLIP; C:\Windows\System32\DRIVERS\SLIP.sys [11136 2008-04-13] (Microsoft Corporation)
S3 Slntamr; C:\Windows\System32\DRIVERS\slntamr.sys [404990 2004-03-31] (Smart Link)
S3 SlNtHal; C:\Windows\System32\DRIVERS\Slnthal.sys [95424 2004-01-27] (Smart Link)
S3 SlWdmSup; C:\Windows\System32\DRIVERS\SlWdmSup.sys [13240 2004-01-27] (Smart Link)
S1 sonypvd3; C:\Windows\System32\DRIVERS\sonypvd3.sys [64964 2004-12-06] (Sony Corporation)
S1 sonypvf3; C:\Windows\System32\Drivers\sonypvf3.sys [619390 2004-11-14] (Sony Corporation)
S0 sonypvl3; C:\Windows\System32\Drivers\sonypvl3.sys [19507 2011-04-17] (Sony Corporation)
S1 sonypvt3; C:\Windows\System32\Drivers\sonypvt3.sys [423454 2004-12-05] (Sony Corporation)
S3 SONYPVU1; C:\Windows\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-16] (Sony Corporation)
S3 STAC97; C:\Windows\System32\drivers\STAC97.sys [179664 2002-08-11] (SigmaTel, Inc.)
S3 streamip; C:\Windows\System32\DRIVERS\StreamIP.sys [15232 2008-04-13] (Microsoft Corporation)
S1 Tcpip6; C:\Windows\System32\DRIVERS\tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
S3 vsdatant; C:\Windows\System32\vsdatant.sys [368256 2005-08-29] (Zone Labs, LLC)
S3 WSTCODEC; C:\Windows\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-13] (Microsoft Corporation)
S1 {6080A529-897E-4629-A488-ABA0C29B635E}; C:\Windows\System32\drivers\ialmsbw.sys [91774 2002-10-24] (Intel Corporation)
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}; C:\Windows\System32\drivers\ialmkchw.sys [71514 2002-10-24] (Intel Corporation)
S3 mfeavfk01; No ImagePath
S3 Pcouffin; System32\Drivers\Pcouffin.sys [x]

==================== NetSvcs (Whitelisted) ===================

NETSVC: Ip6FwHlp -> No Registry Path.

==================== One Month Created Files and Folders ========

2013-07-31 15:16 - 2013-07-31 15:16 - 00000000 ____D C:\FRST
2013-07-28 21:35 - 2013-07-28 21:35 - 00000000 __SHD C:\Documents and Settings\Administrator\IETldCache
2013-07-28 21:32 - 2012-04-21 05:03 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe
2013-07-28 21:32 - 2007-04-10 20:30 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft Help
2013-07-28 21:32 - 2003-11-23 03:55 - 00000180 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2013-07-28 21:32 - 2003-11-23 03:21 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Real
2013-07-28 21:32 - 2003-11-23 03:19 - 00000000 ____D C:\Documents and Settings\Administrator\WINDOWS
2013-07-28 21:32 - 2003-11-23 03:18 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\My eBooks
2013-07-28 21:32 - 2003-11-23 03:18 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\InterTrust
2013-07-28 21:10 - 2013-07-30 21:18 - 00000004 _____ C:\Documents and Settings\Roger\Application Data\cache.ini
2013-07-28 19:35 - 2013-07-28 19:37 - 00000000 ____D C:\Program Files\Bridge Command 4.4GPL
2013-07-27 00:17 - 2013-07-27 00:17 - 00000000 ____D C:\Program Files\Allin1Convert_8h
2013-07-23 23:15 - 2013-07-25 19:45 - 00000000 ____D C:\Program Files\ExpressFiles
2013-07-23 23:15 - 2013-07-23 23:16 - 00000000 ____D C:\Documents and Settings\Roger\Application Data\ExpressFiles
2013-07-22 19:53 - 2013-07-22 19:53 - 00001676 _____ C:\Documents and Settings\All Users\Desktop\PhoenixRC Demo.lnk
2013-07-22 19:51 - 2013-07-22 19:54 - 00000000 ____D C:\Documents and Settings\Roger\My Documents\PhoenixRC Demo
2013-07-22 19:51 - 2013-07-22 19:53 - 00000000 ____D C:\Program Files\PhoenixRC Demo
2013-07-22 19:50 - 2013-07-22 19:50 - 00000000 ____D C:\Documents and Settings\Roger\Local Settings\Application Data\Downloaded Installations
2013-07-22 00:04 - 2013-07-22 18:51 - 00000000 ____D C:\Documents and Settings\Roger\My Documents\My Games
2013-07-22 00:03 - 2013-07-22 18:51 - 00000000 ____D C:\Program Files\Demolition Company Demo
2013-07-21 17:37 - 2013-07-21 17:49 - 00000000 ____D C:\Windows\System32\MRT
2013-07-19 23:26 - 2013-07-21 23:11 - 00002299 _____ C:\Documents and Settings\All Users\Desktop\TriangleDigger.lnk
2013-07-19 23:26 - 2013-07-19 23:27 - 00000000 ____D C:\Program Files\TriangleDigger
2013-07-19 22:12 - 2013-07-19 22:12 - 00000000 ____D C:\Program Files\Delta
2013-07-19 22:12 - 2013-07-19 22:12 - 00000000 ____D C:\Documents and Settings\Roger\Application Data\Delta
2013-07-19 22:12 - 2013-07-19 22:12 - 00000000 ____D C:\Documents and Settings\Roger\Application Data\BabSolution
2013-07-19 21:59 - 2013-07-19 21:59 - 00000000 ____D C:\Tenstar
2013-07-14 21:12 - 2013-07-28 19:21 - 00000858 _____ C:\Documents and Settings\All Users\Desktop\Ship Simulator 2008 Demo.lnk
2013-07-14 21:12 - 2013-07-28 19:21 - 00000000 ____D C:\Documents and Settings\Roger\My Documents\ShipSim2008 Demo UserData
2013-07-14 21:11 - 2013-07-14 21:11 - 00000000 ____D C:\Program Files\Vstep
2013-07-14 20:06 - 2013-07-14 20:06 - 00000000 ____D C:\Documents and Settings\Roger\Application Data\Quest3D
2013-07-14 19:46 - 2013-07-14 19:46 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2013-07-12 22:18 - 2013-07-12 22:20 - 00000000 ____D C:\Program Files\HeliSim
2013-07-11 21:27 - 2013-07-11 21:27 - 00009820 _____ C:\Windows\KB2834886.log
2013-07-11 21:27 - 2013-07-11 21:27 - 00000000 __HDC C:\Windows\$NtUninstallKB2850851$
2013-07-11 21:27 - 2013-07-11 21:27 - 00000000 __HDC C:\Windows\$NtUninstallKB2834886$
2013-07-11 21:26 - 2013-07-11 21:26 - 00000000 __HDC C:\Windows\$NtUninstallKB2845187$
2013-07-11 21:13 - 2013-07-11 21:13 - 00009147 _____ C:\Windows\KB2834902.log
2013-07-11 21:13 - 2013-07-11 21:13 - 00000000 __HDC C:\Windows\$NtUninstallKB2834902_WM10$
2013-07-11 21:08 - 2013-07-11 21:11 - 00022520 _____ C:\Windows\KB2846071-IE8.log
2013-07-11 17:56 - 2013-07-11 21:27 - 00016391 _____ C:\Windows\KB2850851.log
2013-07-11 17:55 - 2013-07-11 21:26 - 00015289 _____ C:\Windows\KB2845187.log

==================== One Month Modified Files and Folders =======

2013-07-30 21:57 - 2012-07-22 22:36 - 00000178 ___SH C:\Documents and Settings\UpdatusUser\ntuser.ini
2013-07-30 21:57 - 2004-08-12 16:38 - 01177584 _____ C:\Windows\WindowsUpdate.log
2013-07-30 21:57 - 2003-06-20 16:14 - 00032500 _____ C:\Windows\SchedLgU.Txt
2013-07-30 21:57 - 2003-06-20 15:56 - 00000236 _____ C:\Windows\wiadebug.log
2013-07-30 21:56 - 2003-06-20 15:56 - 00000050 _____ C:\Windows\wiaservc.log
2013-07-30 21:18 - 2013-07-28 21:10 - 00000004 _____ C:\Documents and Settings\Roger\Application Data\cache.ini
2013-07-30 21:18 - 2006-12-21 15:59 - 00000278 ___SH C:\Documents and Settings\Roger\ntuser.ini
2013-07-30 21:17 - 2003-06-20 15:45 - 00001170 _____ C:\Windows\System32\wpa.dbl
2013-07-28 21:40 - 2012-05-10 16:16 - 00237453 _____ C:\Windows\setupapi.log
2013-07-28 21:40 - 2009-09-04 23:27 - 00000862 _____ C:\Windows\setupact.log
2013-07-28 21:35 - 2013-07-28 21:35 - 00000000 __SHD C:\Documents and Settings\Administrator\IETldCache
2013-07-28 19:37 - 2013-07-28 19:35 - 00000000 ____D C:\Program Files\Bridge Command 4.4GPL
2013-07-28 19:21 - 2013-07-14 21:12 - 00000858 _____ C:\Documents and Settings\All Users\Desktop\Ship Simulator 2008 Demo.lnk
2013-07-28 19:21 - 2013-07-14 21:12 - 00000000 ____D C:\Documents and Settings\Roger\My Documents\ShipSim2008 Demo UserData
2013-07-28 17:39 - 2012-04-21 04:58 - 00000000 ____D C:\Documents and Settings\Roger\Local Settings\Application Data\Adobe
2013-07-27 00:17 - 2013-07-27 00:17 - 00000000 ____D C:\Program Files\Allin1Convert_8h
2013-07-26 23:10 - 2013-05-14 18:43 - 00000000 ____D C:\Program Files\Google
2013-07-25 19:45 - 2013-07-23 23:15 - 00000000 ____D C:\Program Files\ExpressFiles
2013-07-23 23:16 - 2013-07-23 23:15 - 00000000 ____D C:\Documents and Settings\Roger\Application Data\ExpressFiles
2013-07-22 19:54 - 2013-07-22 19:51 - 00000000 ____D C:\Documents and Settings\Roger\My Documents\PhoenixRC Demo
2013-07-22 19:53 - 2013-07-22 19:53 - 00001676 _____ C:\Documents and Settings\All Users\Desktop\PhoenixRC Demo.lnk
2013-07-22 19:53 - 2013-07-22 19:51 - 00000000 ____D C:\Program Files\PhoenixRC Demo
2013-07-22 19:50 - 2013-07-22 19:50 - 00000000 ____D C:\Documents and Settings\Roger\Local Settings\Application Data\Downloaded Installations
2013-07-22 18:51 - 2013-07-22 00:04 - 00000000 ____D C:\Documents and Settings\Roger\My Documents\My Games
2013-07-22 18:51 - 2013-07-22 00:03 - 00000000 ____D C:\Program Files\Demolition Company Demo
2013-07-22 00:04 - 2003-06-20 16:03 - 00000000 ____D C:\Windows\System32\DirectX
2013-07-21 23:11 - 2013-07-19 23:26 - 00002299 _____ C:\Documents and Settings\All Users\Desktop\TriangleDigger.lnk
2013-07-21 17:49 - 2013-07-21 17:37 - 00000000 ____D C:\Windows\System32\MRT
2013-07-19 23:27 - 2013-07-19 23:26 - 00000000 ____D C:\Program Files\TriangleDigger
2013-07-19 22:12 - 2013-07-19 22:12 - 00000000 ____D C:\Program Files\Delta
2013-07-19 22:12 - 2013-07-19 22:12 - 00000000 ____D C:\Documents and Settings\Roger\Application Data\Delta
2013-07-19 22:12 - 2013-07-19 22:12 - 00000000 ____D C:\Documents and Settings\Roger\Application Data\BabSolution
2013-07-19 21:59 - 2013-07-19 21:59 - 00000000 ____D C:\Tenstar
2013-07-14 21:11 - 2013-07-14 21:11 - 00000000 ____D C:\Program Files\Vstep
2013-07-14 20:06 - 2013-07-14 20:06 - 00000000 ____D C:\Documents and Settings\Roger\Application Data\Quest3D
2013-07-14 19:46 - 2013-07-14 19:46 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2013-07-14 19:46 - 2012-07-22 22:32 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-07-13 04:13 - 2010-05-08 00:42 - 00000000 ____D C:\Documents and Settings\Roger\Desktop\Targetzones Promo
2013-07-12 22:20 - 2013-07-12 22:18 - 00000000 ____D C:\Program Files\HeliSim
2013-07-12 20:19 - 2013-05-14 18:49 - 00001816 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2013-07-12 01:43 - 2008-02-09 15:15 - 00000000 ____D C:\Windows\Microsoft.NET
2013-07-12 00:51 - 2003-06-20 15:52 - 00331480 _____ C:\Windows\System32\FNTCACHE.DAT
2013-07-11 21:27 - 2013-07-11 21:27 - 00009820 _____ C:\Windows\KB2834886.log
2013-07-11 21:27 - 2013-07-11 21:27 - 00000000 __HDC C:\Windows\$NtUninstallKB2850851$
2013-07-11 21:27 - 2013-07-11 21:27 - 00000000 __HDC C:\Windows\$NtUninstallKB2834886$
2013-07-11 21:27 - 2013-07-11 17:56 - 00016391 _____ C:\Windows\KB2850851.log
2013-07-11 21:27 - 2009-09-06 05:23 - 01467161 _____ C:\Windows\FaxSetup.log
2013-07-11 21:27 - 2009-09-06 05:23 - 00708840 _____ C:\Windows\ocgen.log
2013-07-11 21:27 - 2009-09-06 05:23 - 00562838 _____ C:\Windows\tsoc.log
2013-07-11 21:27 - 2009-09-06 05:23 - 00484617 _____ C:\Windows\comsetup.log
2013-07-11 21:27 - 2009-09-06 05:23 - 00294529 _____ C:\Windows\ntdtcsetup.log
2013-07-11 21:27 - 2009-09-06 05:23 - 00233312 _____ C:\Windows\iis6.log
2013-07-11 21:27 - 2009-09-06 05:23 - 00080912 _____ C:\Windows\ocmsn.log
2013-07-11 21:27 - 2009-09-06 05:23 - 00073587 _____ C:\Windows\msgsocm.log
2013-07-11 21:27 - 2009-09-06 05:23 - 00001374 _____ C:\Windows\imsins.log
2013-07-11 21:27 - 2009-09-06 05:23 - 00001374 _____ C:\Windows\imsins.BAK
2013-07-11 21:26 - 2013-07-11 21:26 - 00000000 __HDC C:\Windows\$NtUninstallKB2845187$
2013-07-11 21:26 - 2013-07-11 17:55 - 00015289 _____ C:\Windows\KB2845187.log
2013-07-11 21:24 - 2003-06-20 15:54 - 00505530 ____C C:\Windows\System32\PerfStringBackup.INI
2013-07-11 21:21 - 2007-02-14 01:42 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help
2013-07-11 21:13 - 2013-07-11 21:13 - 00009147 _____ C:\Windows\KB2834902.log
2013-07-11 21:13 - 2013-07-11 21:13 - 00000000 __HDC C:\Windows\$NtUninstallKB2834902_WM10$
2013-07-11 21:11 - 2013-07-11 21:08 - 00022520 _____ C:\Windows\KB2846071-IE8.log
2013-07-11 21:10 - 2009-09-08 00:32 - 00000000 ____D C:\Windows\ie8updates
2013-07-11 21:10 - 2009-09-06 05:23 - 00246339 _____ C:\Windows\updspapi.log
2013-07-11 21:03 - 2008-02-09 15:22 - 00000000 ____D C:\Windows\System32\XPSViewer

==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points (XP) =====================


==================== Memory info ===========================

Percentage of memory in use: 20%
Total physical RAM: 1270.8 MB
Available physical RAM: 1011.45 MB
Total Pagefile: 1106.27 MB
Available Pagefile: 1042.55 MB
Total Virtual: 2047.88 MB
Available Virtual: 1986.33 MB

==================== Drives ================================

Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
Drive c: (HDD) (Fixed) (Total:32.27 GB) (Free:3.24 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (HITMANPRO) (Removable) (Total:3.72 GB) (Free:3.72 GB) FAT32
Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 38 GB) (Disk ID: 0165E8AA)
Partition 1: (Not Active) - (Size=6 GB) - (Type=1B)
Partition 2: (Active) - (Size=32 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 4 GB) (Disk ID: E54FA68B)
Partition 1: (Active) - (Size=4 GB) - (Type=0B)

==================== End Of Log ============================



ListParts by Farbar Version: 10-05-2013
Ran by SYSTEM (administrator) on 31-07-2013 at 15:33:53
Windows XP (X86)
Running From: D:\
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 16%
Total physical RAM: 1270.8 MB
Available physical RAM: 1064.48 MB
Total Pagefile: 1106.27 MB
Available Pagefile: 1052.2 MB
Total Virtual: 2047.88 MB
Available Virtual: 2007.38 MB

======================= Partitions =========================

2 Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
3 Drive c: (HDD) (Fixed) (Total:32.27 GB) (Free:3.24 GB) NTFS ==>[Drive with boot components (Windows XP)]
4 Drive d: (HITMANPRO) (Removable) (Total:3.72 GB) (Free:3.72 GB) FAT32
5 Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 38 GB 0 B

Partitions of Disk 0:
===============

The disk management services could not complete the operation.

======================================================================================================
============================== MBR Partition Table ==================

==============================
Partitions of Disk 0:
===============
Disk ID: 0165E8AA
Partition 1: (Not Active) - (Size=6 GB) - (Type=1B)
Partition 2: (Active) - (Size=32 GB) - (Type=07 NTFS)


****** End Of Log ******

 

[kuttus]

Now please download this file and save it to your Flash Drive.

[attachment=5240]

Then, boot to system recovery, plug in your flash drive, open FRST and click fix. Post the generated log. Then attempt to boot to normal mode.

 

[Sue64]

Have done that, and the computer will now boot normally. The log is below. Are there other things we need to do?

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 30-07-2013 04
Ran by SYSTEM at 2013-07-31 19:24:48 Run:1
Running from D:\
Boot Mode: Recovery

==============================================

HKU\Roger\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
C:\Documents and Settings\Roger\Application Data\cache.ini => Moved successfully.

==== End of Fixlog ====

 

[kuttus]

Cool........

STEP 1: Run a scan with AdwCleaner

<ol><li>Download AdwCleaner from the below link.
<><a href="http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner" target="_blank">ADWCLEANER DOWNLAOD LINK</a></> (This link will automatically download Security Check on your computer)</li>

<li>Close all open programs and internet browsers.</li>
<li>Double click on <>adwcleaner.exe</> to run the tool.</li>
<li>Click on <>Delete</>,then confirm each time with <>Ok</>.</li>
<li>Your computer will be rebooted automatically. A text file will open after the restart.</li>
<li>Please post the contents of that logfile with your next reply.</li>
<li>You can find the logfile at <>C:\AdwCleaner[S1].txt</> as well.</li>
</ol>
<hr/>

STEP 2: Run a scan with Junkware Removal Tool

Please download Junkware Removal Tool to your desktop from here

• Turn off your antivirus software now to avoid potential conflicts
• Double-click to run the tool. For Windows Vista or 7 users, right-click the file and select Run as Administrator
• The tool will open and start scanning your system
• Please be patient as this can take a while to complete depending on your system's specifications
• On completion, a log (JRT.txt) will be saved to your desktop and will automatically open
• Post the contents of JRT.txt into your next reply

---

Download Malwarebytes Anti-Rootkit from here to your Desktop

• Unzip the contents to a folder on your Desktop.
• Open the folder where the contents were unzipped and run mbar.exe
• Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
• Make sure there is a check next to Create Restore Point and click the Cleanup button to remove any threats. Reboot if prompted to do so.
• After the reboot, perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If there are threats, click Cleanup once more and reboot.
• When done, please post the two logs in the MBAR folder(mbar-log.txt and system-log.txt)

---

Please download Malwarebytes' Anti-Malware to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to
  • Update Malwarebytes' Anti-Malware
  • and Launch Malwarebytes' Anti-Malware
• then click Finish.
• If an update is found, it will download and install the latest version.
• When it prompts you to try their 30-day trail, click decline
• Once the program has loaded, select Perform quick scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
• When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidently close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

---

 

[Sue64]

Hi, we have done all of that and the logs are below. (Some light reading for you, haha )

# AdwCleaner v2.306 - Logfile created 08/01/2013 at 15:27:29
# Updated 19/07/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Roger - DESKTOP
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Roger\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Documents and Settings\Roger\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
File Deleted : C:\WINDOWS\system32\roboot.exe
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\All Users\Application Data\FreeRIP
Folder Deleted : C:\Documents and Settings\Roger\Application Data\BabSolution
Folder Deleted : C:\Documents and Settings\Roger\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\Roger\Application Data\delta
Folder Deleted : C:\Documents and Settings\Roger\Application Data\ExpressFiles
Folder Deleted : C:\Documents and Settings\Roger\Application Data\imeshbandmltbpi
Folder Deleted : C:\Documents and Settings\Roger\Application Data\mediabarim
Folder Deleted : C:\Documents and Settings\Roger\Local Settings\Application Data\PackageAware
Folder Deleted : C:\Program Files\delta
Folder Deleted : C:\Program Files\ExpressFiles
Folder Deleted : C:\Program Files\iMesh Applications
Folder Deleted : C:\Program Files\utilitychest_49

***** [Registry] *****

Key Deleted : HKCU\Software\5d2d6dbb36dec12
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Delta
Key Deleted : HKCU\Software\ExpressFiles
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\Imesh
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ExpressFiles
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{06E05B40-77FA-40B6-9077-ED1A7577B1EF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{474597C5-AB09-49D6-A4D5-2E8D7341384E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{58F7B5CA-1162-42E8-8BBC-D543B4EDD780}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E634228A-03CF-4BC8-B0AB-668257F1FD8C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{474597C5-AB09-49D6-A4D5-2E8D7341384E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E634228A-03CF-4BC8-B0AB-668257F1FD8C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\ExpressFiles
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\SOFTWARE\5d2d6dbb36dec12
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{06E05B40-77FA-40B6-9077-ED1A7577B1EF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{13119113-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1A03F196-9617-4CA0-842B-A83CEECB022B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{33119133-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{474597C5-AB09-49D6-A4D5-2E8D7341384E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{58F7B5CA-1162-42E8-8BBC-D543B4EDD780}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{950F80EF-32C2-47DD-9C35-9576E21EE66E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaappCore
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaappCore.1
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltadskBnd
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltadskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaHlpr
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.deltaESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.deltaESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A147AA03-820F-4A0F-9F34-D6CB4004A2F9}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Delta
Key Deleted : HKLM\Software\ExpressFiles
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Delta
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Delta Chrome Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\iMesh 1 MediaBar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06E05B40-77FA-40B6-9077-ED1A7577B1EF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{474597C5-AB09-49D6-A4D5-2E8D7341384E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{58F7B5CA-1162-42E8-8BBC-D543B4EDD780}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iMesh 1 MediaBar
Key Deleted : HKLM\Software\systweak
Key Deleted : HKLM\Software\TENCENT
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{28387537-E3F9-4ED7-860C-11E69AF4A8A0}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{82E1477C-B154-48D3-9891-33D83C26BCD3}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.mywebsearch.com/index.jhtml?n=77DE8857&p2=^ZO^xdm038^YY^nz&ptb=4DB43EA2-18A2-4F84-A189-CD7E1D2C32BD&si=UTDO_AUS_CAN --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://www1.delta-search.com/?babsrc=NT_ss&mntrId=6482000CF197B8EF&affID=119557&tsp=4949 --> hxxp://www.google.com

-\\ Google Chrome v28.0.1500.72

File : C:\Documents and Settings\Roger\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

Deleted [l.216] : homepage = "hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=6482000CF197B8EF&affID=119557&tsp=[...]
Deleted [l.269] : urls_to_restore_on_startup = [ "hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=6482000CF19[...]

*************************

AdwCleaner[S1].txt - [12208 octets] - [01/08/2013 15:27:29]

########## EOF - C:\AdwCleaner[S1].txt - [12269 octets] ##########


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.2.9 (07.30.2013:1)
OS: Microsoft Windows XP x86
Ran by Roger on Thu 01/08/2013 at 16:00:05.12
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\utility chest search scope monitor
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\utilitychest_49 browser plugin loader
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\Roger\Application Data\systweak"
Successfully deleted: [Folder] "C:\Documents and Settings\Roger\appdata\locallow\datamngr"





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 01/08/2013 at 16:05:22.93
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.01.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Roger :: DESKTOP [administrator]

Protection: Enabled

1/08/2013 6:34:49 PM
mbam-log-2013-08-01 (18-34-49).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 288871
Time elapsed: 12 minute(s), 12 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\RECYCLER\S-1-5-21-3832377769-2810668422-4075739219-1011\Dc6.exe (PUP.BundleInstaller.IB) -> Quarantined and deleted successfully.
C:\Documents and Settings\Roger\Local Settings\Temp\E7DA0732-BAB0-7891-B650-335E3BD93F23\Latest\Setup.exe (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.

(end)

Malwarebytes Anti-Rootkit BETA 1.06.0.1004
www.malwarebytes.org

Database version: v2013.07.31.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Roger :: DESKTOP [administrator]

1/08/2013 5:12:43 PM
mbar-log-2013-08-01 (17-12-43).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Objects scanned: 291074
Time elapsed: 1 hour(s), 6 minute(s), 26 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.0.1004

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

Java version: 1.6.0_20

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 3.066000 GHz
Memory total: 1332523008, free: 923570176

Downloaded database version: v2013.07.31.07
Downloaded database version: v2013.07.29.01
Initializing...
------------ Kernel report ------------
08/01/2013 16:18:38
------------ Loaded modules -----------
\WINDOWS\system32\ntoskrnl.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\System32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
pciide.sys
\WINDOWS\System32\DRIVERS\PCIIDEX.SYS
aliide.sys
intelide.sys
toside.sys
viaide.sys
cmdide.sys
MountMgr.sys
ftdisk.sys
PartMgr.sys
IdeBusDr.sys
VolSnap.sys
cpqarray.sys
\WINDOWS\System32\DRIVERS\SCSIPORT.SYS
atapi.sys
aha154x.sys
sparrow.sys
symc810.sys
aic78xx.sys
dac960nt.sys
ql10wnt.sys
amsint.sys
asc.sys
asc3550.sys
mraid35x.sys
i2omp.sys
ini910u.sys
ql1240.sys
aic78u2.sys
symc8xx.sys
sym_hi.sys
sym_u3.sys
ABP480N5.SYS
asc3350p.sys
cd20xrnt.sys
ultra.sys
adpu160m.sys
dpti2o.sys
ql1080.sys
ql1280.sys
ql12160.sys
perc2.sys
perc2hib.sys
hpn.sys
cbidf2k.sys
dac2w2k.sys
IdeChnDr.sys
disk.sys
\WINDOWS\System32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
mfehidk.sys
PxHelp20.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
sonypvl3.sys
sisagp.sys
viaagp.sys
RecAgent.sys
Mup.sys
alim1541.sys
amdagp.sys
agp440.sys
agpCPQ.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\System32\DRIVERS\intelppm.sys
\SystemRoot\System32\DRIVERS\usbuhci.sys
\SystemRoot\System32\DRIVERS\USBPORT.SYS
\SystemRoot\System32\DRIVERS\usbehci.sys
\SystemRoot\System32\DRIVERS\slntamr.sys
\SystemRoot\System32\DRIVERS\SlWdmSup.sys
\SystemRoot\system32\drivers\mfeavfk.sys
\SystemRoot\system32\drivers\mfefirek.sys
\SystemRoot\System32\DRIVERS\Mtlmnt5.sys
\SystemRoot\System32\Drivers\Modem.SYS
\SystemRoot\system32\DRIVERS\nv4_mini.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\e100b325.sys
\SystemRoot\System32\DRIVERS\serial.sys
\SystemRoot\System32\DRIVERS\serenum.sys
\SystemRoot\System32\DRIVERS\fdc.sys
\SystemRoot\System32\DRIVERS\parport.sys
\SystemRoot\System32\DRIVERS\i8042prt.sys
\SystemRoot\System32\DRIVERS\kbdclass.sys
\SystemRoot\System32\DRIVERS\imapi.sys
\SystemRoot\System32\DRIVERS\cdrom.sys
\SystemRoot\System32\DRIVERS\redbook.sys
\SystemRoot\System32\DRIVERS\ks.sys
\SystemRoot\System32\Drivers\incdrm.SYS
\SystemRoot\System32\DRIVERS\InCDPass.sys
\SystemRoot\system32\drivers\STAC97.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\System32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\mfendisk.sys
\SystemRoot\System32\DRIVERS\rasl2tp.sys
\SystemRoot\System32\DRIVERS\ndistapi.sys
\SystemRoot\System32\DRIVERS\ndiswan.sys
\SystemRoot\System32\DRIVERS\raspppoe.sys
\SystemRoot\System32\DRIVERS\raspptp.sys
\SystemRoot\System32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\psched.sys
\SystemRoot\System32\DRIVERS\msgpc.sys
\SystemRoot\System32\DRIVERS\ptilink.sys
\SystemRoot\System32\DRIVERS\raspti.sys
\SystemRoot\System32\DRIVERS\termdd.sys
\SystemRoot\System32\DRIVERS\mouclass.sys
\SystemRoot\System32\DRIVERS\swenum.sys
\SystemRoot\System32\DRIVERS\update.sys
\SystemRoot\System32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\System32\DRIVERS\usbhub.sys
\SystemRoot\System32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\MODEMCSA.sys
\SystemRoot\System32\DRIVERS\flpydisk.sys
\SystemRoot\System32\Drivers\i2omgmt.SYS
\SystemRoot\System32\Drivers\cdrbsvsd.SYS
\SystemRoot\System32\Drivers\Asapi.SYS
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\InCDrec.SYS
\SystemRoot\System32\Drivers\InCDfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\sonypvf3.SYS
\SystemRoot\System32\Drivers\sonypvt3.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\System32\DRIVERS\ipsec.sys
\SystemRoot\System32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\drivers\mfetdi2k.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\System32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\tcpip6.sys
\SystemRoot\System32\drivers\ws2ifsl.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbios.sys
\SystemRoot\System32\DRIVERS\rdbss.sys
\SystemRoot\System32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\System32\DRIVERS\hidusb.sys
\SystemRoot\System32\DRIVERS\HIDCLASS.SYS
\SystemRoot\System32\DRIVERS\mouhid.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_IdeChnDr.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\nv4_disp.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\System32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\System32\DRIVERS\mrxdav.sys
\SystemRoot\System32\Drivers\ParVdm.SYS
\SystemRoot\System32\Drivers\MASPINT.SYS
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\system32\drivers\mfeapfk.sys
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\system32\drivers\cfwids.sys
\SystemRoot\System32\DRIVERS\asyncmac.sys
\SystemRoot\System32\Drivers\Fastfat.SYS
\SystemRoot\System32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\drivers\kmixer.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR5
Upper Device Object: 0xffffffff8807a030
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\000000ab\
Lower Device Object: 0xffffffff88bbf690
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8a4269c0
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0\
Lower Device Object: 0xffffffff8a419030
Lower Device Driver Name: \Driver\IdeChnDr\
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8a4269c0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a426798, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a4269c0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a42ee90, DeviceName: \Device\00000097\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8a419030, DeviceName: \Device\Ide\IdeDeviceP0T0L0\, DriverName: \Driver\IdeChnDr\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Read File: File "c:\WINDOWS\system32\drivers\tosdvd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\tosdvd.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\tsbvcap.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\tsbvcap.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\oprghdlr.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\oprghdlr.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\rawwan.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\rawwan.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\cinemst2.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\cinemst2.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\cpqdap01.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\cpqdap01.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\cxthsfs2.cty" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\cxthsfs2.cty" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\ati1snxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati1snxx.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\ativmc20.cod" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ativmc20.cod" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\mcd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\mcd.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\mtxparhm.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\mtxparhm.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\nwlnkspx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\nwlnkspx.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\rio8drv.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\rio8drv.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\smclib.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\smclib.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\riodrv.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\riodrv.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\rootmdm.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\rootmdm.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\s3gnbm.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\s3gnbm.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\slnt7554.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\slnt7554.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\ati1btxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati1btxx.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\ati1mdxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati1mdxx.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\ati1pdxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati1pdxx.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\ati1raxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati1raxx.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\ati1rvxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati1rvxx.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\fsvga.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\fsvga.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\gm.dls" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\gm.dls" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\gmreadme.txt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\gmreadme.txt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\a302.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\a302.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\a303.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\a303.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\a304.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\a304.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\a305.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\a305.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\a306.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\a306.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\a307.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\a307.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\a308.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\a308.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\a309.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\a309.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\a310.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\a310.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\a311.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\a311.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\a312.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\a312.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\acpiec.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\acpiec.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\vch.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\vch.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\vdmindvd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\vdmindvd.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\wa301a.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\wa301a.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\wa301b.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\wa301b.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\wadv07nt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\wadv07nt.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\wadv08nt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\wadv08nt.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\wadv09nt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\wadv09nt.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\wadv11nt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\wadv11nt.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\watv06nt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\watv06nt.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\watv10nt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\watv10nt.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\winddx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\winddx.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\wmilib.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\wmilib.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\atmepvc.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atmepvc.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\atmuni.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atmuni.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\ati1ttxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati1ttxx.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\ati1tuxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati1tuxx.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\ati1xbxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati1xbxx.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\ati1xsxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati1xsxx.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\ati2mtaa.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati2mtaa.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\ati2mtag.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati2mtag.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\atinbtxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atinbtxx.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\atinmdxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atinmdxx.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\atinpdxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atinpdxx.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\atinraxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atinraxx.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\atinrvxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atinrvxx.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\atinsnxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atinsnxx.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\atinttxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atinttxx.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\atintuxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atintuxx.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\atinxbxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atinxbxx.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\atinxsxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atinxsxx.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\hsfbs2s2.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\hsfbs2s2.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\hsfcxts2.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\hsfcxts2.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\hsfdpsp2.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\hsfdpsp2.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\netwlan5.img" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\netwlan5.img" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\nikedrv.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\nikedrv.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\nwlnknb.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\nwlnknb.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\mdmxsdk.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\mdmxsdk.sys" is compressed (flags = 1)
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 165E8AA

Partition information:

Partition 0 type is Other (0x1b)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 12594897

Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 12594960 Numsec = 67681845
Partition file system is NTFS
Partition is bootable

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 41110142976 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-80273248-80293248)...
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffffff8807a030, DeviceName: \Device\Harddisk1\DR5\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff88e0eb28, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8807a030, DeviceName: \Device\Harddisk1\DR5\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff88bbf690, DeviceName: \Device\000000ab\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR5\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: E54FA68B

Partition information:

Partition 0 type is Other (0xb)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 7823655
Partition file system is FAT32
Partition is not bootable

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 4007657472 bytes
Sector size: 512 bytes

Done!
Infected: c:\Documents and Settings\Roger\Application Data\cache.dat --> [Trojan.Agent.rfz]
Infected: c:\Documents and Settings\Roger\Local Settings\Temp\hsyejshgwvbqmsvav.exe --> [Trojan.Agent.rfz]
Read File: File "c:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat" is compressed (flags = 1)
Infected: HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|AntiVirusDisableNotify --> [PUM.Disabled.SecurityCenter]
Infected: HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|FirewallDisableNotify --> [PUM.Disabled.SecurityCenter]
Scan finished
Creating System Restore point...
Cleaning up...
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================


Removal queue found; removal started
Removing c:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...
Removing c:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\bootstrap_0_1_12594960_i.mbam...
Removing c:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...
Removing c:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\mbr_1_i.mbam...
Removing c:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\bootstrap_1_0_63_i.mbam...
Removing c:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\mbr_1_r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.0.1004

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

Java version: 1.6.0_20

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 3.066000 GHz
Memory total: 1332523008, free: 886857728

Initializing...
------------ Kernel report ------------
08/01/2013 17:12:22
------------ Loaded modules -----------
\WINDOWS\system32\ntoskrnl.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
imofugc.sys
ACPI.sys
\WINDOWS\System32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
\WINDOWS\System32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
PartMgr.sys
IdeBusDr.sys
VolSnap.sys
\WINDOWS\System32\DRIVERS\SCSIPORT.SYS
IdeChnDr.sys
disk.sys
\WINDOWS\System32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
mfehidk.sys
PxHelp20.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
sonypvl3.sys
RecAgent.sys
Mup.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\System32\DRIVERS\intelppm.sys
\SystemRoot\System32\DRIVERS\usbuhci.sys
\SystemRoot\System32\DRIVERS\USBPORT.SYS
\SystemRoot\System32\DRIVERS\usbehci.sys
\SystemRoot\System32\DRIVERS\slntamr.sys
\SystemRoot\System32\DRIVERS\SlWdmSup.sys
\SystemRoot\system32\drivers\mfeavfk.sys
\SystemRoot\system32\drivers\mfefirek.sys
\SystemRoot\System32\DRIVERS\Mtlmnt5.sys
\SystemRoot\System32\Drivers\Modem.SYS
\SystemRoot\system32\DRIVERS\nv4_mini.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\e100b325.sys
\SystemRoot\System32\DRIVERS\serial.sys
\SystemRoot\System32\DRIVERS\serenum.sys
\SystemRoot\System32\DRIVERS\fdc.sys
\SystemRoot\System32\DRIVERS\parport.sys
\SystemRoot\System32\DRIVERS\i8042prt.sys
\SystemRoot\System32\DRIVERS\kbdclass.sys
\SystemRoot\System32\DRIVERS\imapi.sys
\SystemRoot\System32\DRIVERS\cdrom.sys
\SystemRoot\System32\DRIVERS\redbook.sys
\SystemRoot\System32\DRIVERS\ks.sys
\SystemRoot\System32\Drivers\incdrm.SYS
\SystemRoot\System32\DRIVERS\InCDPass.sys
\SystemRoot\system32\drivers\STAC97.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\System32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\mfendisk.sys
\SystemRoot\System32\DRIVERS\rasl2tp.sys
\SystemRoot\System32\DRIVERS\ndistapi.sys
\SystemRoot\System32\DRIVERS\ndiswan.sys
\SystemRoot\System32\DRIVERS\raspppoe.sys
\SystemRoot\System32\DRIVERS\raspptp.sys
\SystemRoot\System32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\psched.sys
\SystemRoot\System32\DRIVERS\msgpc.sys
\SystemRoot\System32\DRIVERS\ptilink.sys
\SystemRoot\System32\DRIVERS\raspti.sys
\SystemRoot\System32\DRIVERS\termdd.sys
\SystemRoot\System32\DRIVERS\mouclass.sys
\SystemRoot\System32\DRIVERS\swenum.sys
\SystemRoot\System32\DRIVERS\update.sys
\SystemRoot\System32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\System32\DRIVERS\usbhub.sys
\SystemRoot\System32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\MODEMCSA.sys
\SystemRoot\System32\DRIVERS\flpydisk.sys
\SystemRoot\System32\Drivers\i2omgmt.SYS
\SystemRoot\System32\Drivers\cdrbsvsd.SYS
\SystemRoot\System32\Drivers\Asapi.SYS
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\InCDrec.SYS
\SystemRoot\System32\Drivers\InCDfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\sonypvf3.SYS
\SystemRoot\System32\Drivers\sonypvt3.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\System32\DRIVERS\ipsec.sys
\SystemRoot\System32\DRIVERS\tcpip.sys
\SystemRoot\system32\drivers\mfetdi2k.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\System32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\tcpip6.sys
\SystemRoot\System32\drivers\ws2ifsl.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbios.sys
\SystemRoot\System32\DRIVERS\rdbss.sys
\SystemRoot\System32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\DRIVERS\USBSTOR.SYS
\SystemRoot\System32\DRIVERS\hidusb.sys
\SystemRoot\System32\DRIVERS\HIDCLASS.SYS
\SystemRoot\System32\DRIVERS\mouhid.sys
\SystemRoot\System32\Drivers\Fastfat.SYS
\SystemRoot\System32\Drivers\dump_IdeChnDr.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\nv4_disp.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\System32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\System32\DRIVERS\mrxdav.sys
\SystemRoot\System32\Drivers\ParVdm.SYS
\SystemRoot\System32\Drivers\MASPINT.SYS
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\system32\drivers\mfeapfk.sys
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\system32\drivers\cfwids.sys
\SystemRoot\System32\DRIVERS\asyncmac.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR3
Upper Device Object: 0xffffffff882fe918
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\000000a4\
Lower Device Object: 0xffffffff88f76ea0
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8a4229c0
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0\
Lower Device Object: 0xffffffff8a42b030
Lower Device Driver Name: \Driver\IdeChnDr\
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8a4229c0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a422798, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a4229c0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a423ac0, DeviceName: \Device\00000097\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8a42b030, DeviceName: \Device\Ide\IdeDeviceP0T0L0\, DriverName: \Driver\IdeChnDr\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Read File: File "c:\WINDOWS\system32\drivers\tosdvd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\tosdvd.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\tsbvcap.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\tsbvcap.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\oprghdlr.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\oprghdlr.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\rawwan.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\rawwan.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\cinemst2.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\cinemst2.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\cpqdap01.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\cpqdap01.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\cxthsfs2.cty" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\cxthsfs2.cty" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\ati1snxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati1snxx.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\ativmc20.cod" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ativmc20.cod" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\mcd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\mcd.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\mtxparhm.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\mtxparhm.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\nwlnkspx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\nwlnkspx.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\rio8drv.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\rio8drv.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\smclib.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\smclib.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\riodrv.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\riodrv.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\rootmdm.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\rootmdm.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\s3gnbm.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\s3gnbm.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\slnt7554.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\slnt7554.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\ati1btxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati1btxx.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\ati1mdxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati1mdxx.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\ati1pdxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati1pdxx.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\ati1raxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati1raxx.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\ati1rvxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati1rvxx.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\fsvga.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\fsvga.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\gm.dls" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\gm.dls" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\gmreadme.txt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\gmreadme.txt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\a302.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\a302.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\a303.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\a303.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\a304.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\a304.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\a305.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\a305.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\a306.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\a306.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\a307.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\a307.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\a308.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\a308.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\a309.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\a309.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\a310.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\a310.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\a311.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\a311.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\a312.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\a312.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\acpiec.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\acpiec.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\vch.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\vch.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\vdmindvd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\vdmindvd.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\wa301a.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\wa301a.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\wa301b.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\wa301b.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\wadv07nt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\wadv07nt.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\wadv08nt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\wadv08nt.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\wadv09nt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\wadv09nt.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\wadv11nt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\wadv11nt.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\watv06nt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\watv06nt.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\watv10nt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\watv10nt.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\winddx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\winddx.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\wmilib.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\wmilib.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\atmepvc.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atmepvc.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\atmuni.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atmuni.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\ati1ttxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati1ttxx.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\ati1tuxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati1tuxx.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\ati1xbxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati1xbxx.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\ati1xsxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati1xsxx.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\ati2mtaa.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati2mtaa.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\ati2mtag.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati2mtag.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\atinbtxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atinbtxx.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\atinmdxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atinmdxx.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\atinpdxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atinpdxx.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\atinraxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atinraxx.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\atinrvxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atinrvxx.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\atinsnxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atinsnxx.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\atinttxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atinttxx.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\atintuxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atintuxx.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\atinxbxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atinxbxx.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\atinxsxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atinxsxx.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\hsfbs2s2.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\hsfbs2s2.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\hsfcxts2.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\hsfcxts2.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\hsfdpsp2.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\hsfdpsp2.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\netwlan5.img" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\netwlan5.img" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\nikedrv.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\nikedrv.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\nwlnknb.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\nwlnknb.sys" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\mdmxsdk.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\mdmxsdk.sys" is compressed (flags = 1)
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 165E8AA

Partition information:

Partition 0 type is Other (0x1b)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 12594897

Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 12594960 Numsec = 67681845
Partition file system is NTFS
Partition is bootable

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 41110142976 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-80273248-80293248)...
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffffff882fe918, DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff88303e08, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff882fe918, DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff88f76ea0, DeviceName: \Device\000000a4\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: E54FA68B

Partition information:

Partition 0 type is Other (0xb)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 7823655
Partition file system is FAT32
Partition is not bootable

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 4007657472 bytes
Sector size: 512 bytes

Done!
Read File: File "c:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat" is compressed (flags = 1)
Scan finished
=======================================


Removal queue found; removal started
Removing c:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...
Removing c:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\bootstrap_0_1_12594960_i.mbam...
Removing c:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...
Removing c:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\mbr_1_i.mbam...
Removing c:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\bootstrap_1_0_63_i.mbam...
Removing c:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\mbr_1_r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.0.1004

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

Java version: 1.6.0_20

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 3.066000 GHz
Memory total: 1332523008, free: 945258496

=======================================

 

[kuttus]

STEP 1: Run a HitmanPro scan
<ol>
<li><>Download the latest official version of HitmanPro</>.
<a href="http://www.surfright.nl/en/hitmanpro/" rel="nofollow" target="_blank"> <>HITMANPRO DOWNLOAD LINK</></a> <em>(This link will open a download page in a new window from where you can download HitmanPro)</em></li>
<li>Start HitmanPro by <>double clicking on the previously downloaded file.</> and then following the prompts.
<img src="http://malwaretips.com/images/removalguide/hpro4.png" alt="[Image: hitmanproscan4.png]" border="0" /></li>
<li>Once the scan is complete, a screen displaying all the malicious files that the program found will be shown as seen in the image below.After reviewing each malicious object click <>Next</> .
<img src="http://malwaretips.com/blogs/wp-content/uploads/2012/02/rsz_hpro5.png" alt="[Image: hitmanproscan5.png]" border="0" /></li>
<li>Click <>Activate free license</> to start the free 30 days trial and remove the malicious files.
<img src="http://malwaretips.com/images/removalguide/hpro6.png" alt="[Image: hitmanproscan6.png]" border="0" /></li>
<li>HitmanPro will now start removing the infected objects, and in some instances, may suggest a reboot in order to completely remove the malware from your system. In this scenario, always confirm the reboot action to be on the safe side.
</ol>
Add to your next reply, any log that HitmanPro might generate.
<hr />

STEP 2: Run a scan with ESET Online Scanner
<ol>
<li>Download ESET Online Scanner utility from the below link
<><a title="External link" href="http://download.eset.com/special/eos/esetsmartinstaller_enu.exe" rel="nofollow">ESET ONLINE SCANNER DOWNLOAD LINK</a></> <em>(This link will automatically download ESET Online Scanner on your computer.)</em></li>
<li>Double click on the Eset installer program (esetsmartinstaller_enu.exe).</li>
<li>Check <>Yes, I accept the Terms of Use</></li>
<li>Click the <>Start</> button.</li>
<li>Check <>Scan archives</></li>
<li>Push the <>Start</> button.</li>
<li>ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.</li>
<li>When the scan completes, push <>List of found threats</></li>
<li>Push <>Export to Text file </> and save the file to your desktop using a unique name, such as <>ESET Scan</>. Include the contents of this report in your next reply.Note - when ESET doesn't find any threats, no report will be created.</li>
<li>Push the <>back</> button.</li>
<li>Push <>Finish</></li>
</ol>
<hr />

STEP 3: Run a scan with Kaspersky Virus Removal Tool
<ol><li>Download Kaspersky Virus Removal Tool from the below link and then double click on it to start this utility.
<><a title="External link" href="http://www.kaspersky.com/antivirus-removal-tool?form=1" rel="nofollow">KASPERSKY VIRUS REMOVAL TOOL</a></> <em>(This link open an new webpage from where you can download Kaspersky Virus Removal Tool on your computer.)</em></li>
<li>Follow the onscreen prompts until it is installed</li>
<li>Click the Options button (the 'Gear' icon), then make sure only the following are ticked:
<ul>
<li><span style="color: #ff0000;">System Memory</span></li>
<li><span style="color: #ff0000;">Hidden startup objects</span></li>
<li><span style="color: #ff0000;">Disk boot sectors</span></li>
<li><span style="color: #ff0000;">Local Disk (C: )</span></li>
<li><span style="color: #ff0000;">Also any other drives (Removable that you may have)</span></li>
</ul>
</li>
<li>Then click on <>Actions</> on the left hand side</li>
<li>Click <>Select Action</>, then make sure both <>Disinfect</> and <>Delete if disinfection fails</> are ticked</li>
<li>Click on <>Automatic Scan</></li>
<li>Now click the <>Start Scanning</> button, to run the scan</li>
<li>After the scan is complete, click the reports button ('Paper icon', next to the 'Gear' icon) on the right hand side</li>
<li>Click <>Detected threats</> on the left</li>
<li>Now click the <>Save</> button, and save it as <>kaslog.txt</> to your <>Desktop</></li>
<li>Please attach kaslog.txt in your next reply.</li>
</ol>
<hr />

 

[Sue64]

Hi, have done all of that and here are the results -

Hitman Pro - Nothing found so no log generated

ESET log below -
C:\Documents and Settings\Roger\Application Data\Sun\Java\Deployment\cache\6.0\11\3cb7b2cb-749865a4 multiple threats cleaned by deleting - quarantined
C:\Documents and Settings\Roger\Local Settings\Temp\jar_cache5963874469734948833.tmp a variant of Java/Exploit.CVE-2013-1493.GA trojan cleaned by deleting - quarantined

Kaspersky - no threats found so no log

Cheers
Sue

 

[kuttus]

How's everything else working now? All log files seems good only....

 

[Sue64]

Hi ,all seems good,think its back to normal.
Thanks so much for you assistance.

 

[kuttus]

Great to hear that...

Double click on OTL to run it

• Click on the Cleanup button at the top.
• You will be asked to reboot the machine to finish the Cleanup process. Choose Yes
• This will remove itself and other tools we may have used.

---

Now that your PC is clean, I recommend you to create a new System Restore point then purge the old ones after.

For XP
How to create a Restore Point in XP
Delete all restore points except the most recent one

For Vista
Create a restore point
Delete all but the most recent restore point

For Windows 7
Create a restore point
Delete all but the most recent restore point - Click the Delete all but the most recent restore point link

---

Keep your system updated

• Keeping your programs (especially Adobe and Java products) updated is essential. Update Checker will notify you if any of your programs require an update.
• Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office product bugs and vulnerabilities.
• Please ensure you update your system regularly and have automatic updates on. You can learn how to turn Automatic Updates on here

---

I also recommend you to switch your antivirus program to a better one. Here are some suggestions:

• avast! 7 Home Edition - Don't use it with Online Armor
• Avira AntiVir Personal
• Microsoft Security Essentials

In addition to your antivirus, you need additional protection such as a firewall and behavioural blocker.

• Online Armor
• Comodo Firewall - If you are an advance user

Here are only a few suggestions that will improve your system security. Should you wish to allow us to make full recommendations and set your PC up with maximum security, please start a thread here. Our community of PC enthusiasts and experts will give you feedback and help you secure your system from future malware infections.

---

Internet Explorer may be the most popular browser but it's definitely not the most secure browser. Consider using other browsers with addition add-ons to safeguard your system while browsing the internet.

Firefox is a more secure, faster browser than Internet Explorer. Firefox contains less vulnerabilities, reducing the risk of drive-by downloads. In addition, you can add the following add-ons to increase security.

• KeyScramber - Encrypts your keystrokes to protect you against keyloggers that steals personal & banking information
• AdBlock - Disable/blocks advertisements on websites so you won't accidentally click on a malicious ad.
• NoScript - Disables Flash & Java contents to avoid exploits or drive-by attacks
• Web of Trust - Shows the website rating by other users and blocks dangerous and poor-rated sites

Google Chrome is another good browser that is faster and more secure than Internet Explorer by having a sandbox feature. Additionally, you can add the following add-on to Chrome to heighten security.

• AdBlock

---

Lastly, it is important to perform system maintenance on a regular basis. Here are a few tools and on-demand scanners that you should keep & use every 1-2 weeks to keep your system healthy.

• CCleaner
• Malwarebytes Anti-Malware
• Temp File Cleaner by OldTimer

Other than that, stay safe out there! If you have any other questions or concerns, feel free to ask

<hr />
What's next?

1. Bulild up your malware defenses by starting a new thread in Security Configuration Wizard forum.
2. Learn how to avoid malware by reading this article <a href="http://malwaretips.com/blogs/how-to-easily-avoid-pc-infections/">How to easily avoid malware</a>
3. Be an active member in the MalwareTips community!

My virus removal help is always free. Should you wish to show your appreciation via a donation, it will be much appreciated.​

 

[Sue64]

Hi ,with so much going on the last few days,what was OTL again ?

 

[kuttus]

Ooops... Leave that Step....