Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

File Recovery Virus [Closed]


  • This topic is locked This topic is locked

#1
theMPvick

theMPvick

    New Member

  • Member
  • Pip
  • 8 posts
Hello,

Today I discovered I had this "File Recovery" application appear.Shorty afterwards all desktop shortcut disappeared except IE, firefox, and chrome. Also all start menu was gone but those 3 and my hard drive is renamed and everything was hidden. I took quit a while to even get a browser to load this page as they are extremely slow now. I was able to get a OTL log after using one of the alternately named files.

OTL logfile created on: 9/10/2012 3:00:59 AM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Documents and Settings\home\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.09 Mb Total Physical Memory | 413.64 Mb Available Physical Memory | 40.47% Memory free
2.40 Gb Paging File | 1.98 Gb Available in Paging File | 82.47% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.94 Gb Total Space | 83.61 Gb Free Space | 56.14% Space Free | Partition Type: NTFS
Drive F: | 465.76 Gb Total Space | 464.15 Gb Free Space | 99.66% Space Free | Partition Type: NTFS

Computer Name: MCCOY-2DF80A778 | User Name: home | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/10 02:56:54 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\home\Desktop\OTL.scr
PRC - [2012/07/09 19:38:53 | 004,777,856 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2010/02/17 11:53:18 | 003,093,880 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE
PRC - [2009/02/02 22:30:36 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2009/02/02 22:30:34 | 001,885,488 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2009/02/02 22:30:34 | 001,459,568 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2009/02/02 22:30:34 | 000,353,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SescLU.exe
PRC - [2009/02/02 22:30:34 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2009/02/02 22:30:32 | 001,832,072 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2008/04/14 08:00:00 | 001,033,728 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/30 23:37:22 | 001,654,784 | ---- | M] (Belkin) -- C:\Program Files\Belkin\F5D7050v3\Belkinwcui.exe


========== Modules (No Company Name) ==========

MOD - [2010/02/17 11:53:18 | 000,169,312 | ---- | M] () -- C:\Program Files\Symantec\LiveUpdate\UNRAR.DLL
MOD - [2007/11/26 12:45:34 | 000,188,416 | ---- | M] () -- C:\Program Files\Belkin\F5D7050v3\BelkinwcuiDLL.dll
MOD - [2007/10/30 23:29:24 | 000,151,617 | ---- | M] () -- C:\Program Files\Belkin\F5D7050v3\blkwcapi.dll
MOD - [2006/02/24 11:40:56 | 000,061,440 | ---- | M] () -- C:\Program Files\Belkin\F5D7050v3\BelkinHWStatus.dll
MOD - [2005/08/10 16:36:52 | 000,045,056 | ---- | M] () -- C:\Program Files\Belkin\F5D7050v3\Security.dll
MOD - [2003/10/13 16:30:58 | 000,094,208 | ---- | M] () -- C:\Program Files\Belkin\F5D7050v3\GTW32N50.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/09/07 02:14:01 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2010/02/17 11:53:18 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2009/02/02 22:30:36 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2009/02/02 22:30:36 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2009/02/02 22:30:34 | 001,885,488 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2009/02/02 22:30:34 | 000,357,704 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2009/02/02 22:30:32 | 001,832,072 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | Boot | Stopped] -- -- (cerc6)
DRV - [2012/09/10 02:24:22 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012/08/20 04:00:00 | 001,601,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20120909.008\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/08/20 04:00:00 | 000,092,704 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20120909.008\NAVENG.SYS -- (NAVENG)
DRV - [2012/08/08 04:00:00 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/08/08 04:00:00 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/07/03 13:46:44 | 000,022,344 | -H-- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/07/08 16:44:14 | 000,167,936 | RH-- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wpshelper.sys -- (WpsHelper)
DRV - [2010/12/06 01:44:49 | 000,125,488 | -H-- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/02/02 22:30:38 | 000,043,376 | -H-- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\WPSDRVnt.sys -- (WPS)
DRV - [2009/02/02 22:30:36 | 000,320,944 | -H-- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2009/02/02 22:30:36 | 000,283,184 | -H-- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2009/02/02 22:30:36 | 000,043,696 | -H-- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2009/02/02 22:30:34 | 000,099,696 | -H-- | M] (Symantec Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\SysPlant.sys -- (SysPlant)
DRV - [2009/02/02 22:30:34 | 000,067,472 | -H-- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Teefer2.sys -- (Teefer2)
DRV - [2009/02/02 22:30:30 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2009/02/02 22:30:30 | 000,188,080 | -H-- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI)
DRV - [2009/02/02 22:30:30 | 000,026,416 | -H-- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV)
DRV - [2009/02/02 22:30:28 | 000,023,888 | -H-- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2007/10/02 05:06:40 | 000,451,968 | -H-- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2006/02/09 21:57:46 | 001,502,208 | -H-- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/09/17 10:02:54 | 000,732,928 | -H-- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/08/23 15:49:30 | 000,121,472 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2003/11/17 16:59:20 | 000,212,224 | RH-- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 16:58:02 | 000,680,704 | RH-- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 16:56:26 | 001,042,432 | RH-- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/09/25 23:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Program Files\Belkin\F5D7050v3\GTNDIS5.sys -- (GTNDIS5)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{2381E4B7-5C04-459E-9D46-2F9AC1608B66}: "URL" = http://search.yahoo....ei=utf-8&fr=ysp
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\..\SearchScopes\{2381E4B7-5C04-459E-9D46-2F9AC1608B66}: "URL" = http://search.yahoo....ei=utf-8&fr=ysp
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\..\SearchScopes\{2381E4B7-5C04-459E-9D46-2F9AC1608B66}: "URL" = http://search.yahoo....ei=utf-8&fr=ysp
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-19\..\SearchScopes\{2381E4B7-5C04-459E-9D46-2F9AC1608B66}: "URL" = http://search.yahoo....ei=utf-8&fr=ysp

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-20\..\SearchScopes\{2381E4B7-5C04-459E-9D46-2F9AC1608B66}: "URL" = http://search.yahoo....ei=utf-8&fr=ysp

IE - HKU\S-1-5-21-1202660629-1965331169-1606980848-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1202660629-1965331169-1606980848-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1202660629-1965331169-1606980848-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-1202660629-1965331169-1606980848-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7MOOI_en
IE - HKU\S-1-5-21-1202660629-1965331169-1606980848-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Twitter"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\home\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\home\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\home\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/07 02:14:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/04 17:00:28 | 000,000,000 | ---D | M]

[2012/07/22 15:42:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\home\Application Data\Mozilla\Extensions
[2009/11/08 19:55:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\home\Application Data\Mozilla\Extensions\[email protected]
[2012/09/10 02:57:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\sxgu499g.default\extensions
[2012/07/27 09:10:03 | 000,000,000 | ---D | M] (Codecv) -- C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\sxgu499g.default\extensions\[email protected]
[2012/07/31 13:07:32 | 000,000,000 | ---D | M] (ShopAtHome.com Toolbar) -- C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\sxgu499g.default\extensions\[email protected]
[2012/07/22 15:52:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/09/07 02:14:02 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/09/07 02:13:58 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/09/07 02:13:58 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - Extension: YouTube = C:\Documents and Settings\home\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Codecv = C:\Documents and Settings\home\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cdhmnpeilibfibmobekfdolbpgcnphim\1.0_0\
CHR - Extension: Google Search = C:\Documents and Settings\home\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: New tab for Chrome\u2122 = C:\Documents and Settings\home\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\
CHR - Extension: Gmail = C:\Documents and Settings\home\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2008/04/14 08:00:00 | 000,000,734 | -H-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [F5D7050v3] C:\Program Files\Belkin\F5D7050v3\Belkinwcui.exe (Belkin)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-21-1202660629-1965331169-1606980848-1004..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-1202660629-1965331169-1606980848-1004..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1202660629-1965331169-1606980848-1004\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-1202660629-1965331169-1606980848-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1202660629-1965331169-1606980848-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EEBBA512-0086-4601-8694-7DA03D4A7695}: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/11/03 09:52:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{31c35132-f8e1-11de-b398-0022754e9a78}\Shell - "" = AutoRun
O33 - MountPoints2\{31c35132-f8e1-11de-b398-0022754e9a78}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{31c35132-f8e1-11de-b398-0022754e9a78}\Shell\AutoRun\command - "" = F:\PhotoViewer.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/10 02:56:48 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\home\Desktop\OTL.scr
[2012/09/10 02:23:00 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/09/10 02:22:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\home\Desktop\backups
[2012/09/10 00:53:16 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/09/10 00:07:11 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\home\Desktop\hello.exe
[2012/09/10 00:04:01 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\home\Desktop\HiJackThis.exe
[2012/09/09 23:58:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Mystery Trackers - Raincliff
[2012/09/09 23:52:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\home\Desktop\RK_Quarantine
[2012/09/09 23:47:54 | 000,000,000 | R--D | C] -- C:\Documents and Settings\home\Recent
[2012/09/09 17:08:02 | 000,000,000 | R-SD | C] -- C:\cmdcons
[2012/09/09 16:56:53 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2012/09/09 16:56:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\home\Start Menu\Programs\Administrative Tools
[2012/09/09 16:56:18 | 000,000,000 | -H-D | C] -- C:\WINDOWS\erdnt
[2012/09/09 16:20:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\home\Start Menu\Programs\File Recovery
[2012/09/09 16:20:29 | 000,270,848 | ---- | C] (AAW) -- C:\Documents and Settings\All Users\Application Data\bVhs71IJJDALv6.exe
[2012/09/09 16:18:26 | 000,000,000 | R--D | C] -- C:\Documents and Settings\home\My Documents\My Videos
[2012/09/09 16:05:17 | 000,373,248 | ---- | C] (AAW) -- C:\Documents and Settings\All Users\Application Data\tJeOfxpyoLkuKU.exe
[2012/08/30 23:36:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\home\Application Data\SUPERAntiSpyware.com
[2012/08/30 23:36:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2012/08/30 23:36:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2012/08/30 23:36:33 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/09/10 03:03:03 | 000,000,974 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-1965331169-1606980848-1004UA.job
[2012/09/10 02:59:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/09/10 02:56:54 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\home\Desktop\OTL.scr
[2012/09/10 02:31:45 | 000,156,360 | -H-- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/09/10 02:24:22 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/09/10 00:40:41 | 000,013,824 | -H-- | M] () -- C:\Documents and Settings\home\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/09/10 00:07:11 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\home\Desktop\hello.exe
[2012/09/10 00:04:03 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\home\Desktop\HiJackThis.exe
[2012/09/10 00:03:02 | 000,000,922 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-1965331169-1606980848-1004Core.job
[2012/09/09 23:52:07 | 001,378,816 | ---- | M] () -- C:\Documents and Settings\home\Desktop\RogueKiller (1).exe
[2012/09/09 17:08:20 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/09/09 16:38:18 | 000,000,368 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\bVhs71IJJDALv6
[2012/09/09 16:38:10 | 000,000,144 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\-bVhs71IJJDALv6
[2012/09/09 16:20:35 | 000,000,160 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\-bVhs71IJJDALv6r
[2012/09/09 16:20:34 | 000,000,855 | ---- | M] () -- C:\Documents and Settings\home\Application Data\Microsoft\Internet Explorer\Quick Launch\File_Recovery.lnk
[2012/09/09 16:20:29 | 000,270,848 | ---- | M] (AAW) -- C:\Documents and Settings\All Users\Application Data\bVhs71IJJDALv6.exe
[2012/09/09 16:02:19 | 000,373,248 | ---- | M] (AAW) -- C:\Documents and Settings\All Users\Application Data\tJeOfxpyoLkuKU.exe
[2012/09/05 11:26:00 | 000,000,284 | -H-- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/09/04 07:04:20 | 000,002,255 | ---- | M] () -- C:\Documents and Settings\home\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/09/04 07:04:19 | 000,002,277 | ---- | M] () -- C:\Documents and Settings\home\Desktop\Google Chrome.lnk
[2012/08/30 23:36:43 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/08/30 23:34:15 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/30 23:14:20 | 000,185,698 | ---- | M] () -- C:\Documents and Settings\home\My Documents\TaxReturn.pdf
[2012/08/29 01:19:31 | 000,063,985 | ---- | M] () -- C:\Documents and Settings\home\My Documents\TRAAuthorizationPrint.pdf
[2012/08/17 04:45:24 | 000,481,662 | -H-- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/08/17 04:45:24 | 000,079,736 | -H-- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/08/17 04:29:19 | 000,001,857 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MSN Installer.lnk
[2012/08/17 03:35:18 | 000,000,442 | -H-- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2012/08/16 03:10:11 | 000,001,374 | -H-- | M] () -- C:\WINDOWS\imsins.BAK
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/09 23:58:11 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2012/09/09 23:58:10 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2012/09/09 23:58:08 | 000,001,184 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\More Great Games.lnk
[2012/09/09 23:58:05 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2012/09/09 23:58:05 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2012/09/09 23:58:05 | 000,001,584 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Game Manager.lnk
[2012/09/09 23:52:03 | 001,378,816 | ---- | C] () -- C:\Documents and Settings\home\Desktop\RogueKiller (1).exe
[2012/09/09 17:08:18 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/09/09 17:08:06 | 000,260,272 | R-S- | C] () -- C:\cmldr
[2012/09/09 16:20:35 | 000,000,160 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\-bVhs71IJJDALv6r
[2012/09/09 16:20:35 | 000,000,144 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\-bVhs71IJJDALv6
[2012/09/09 16:20:34 | 000,000,855 | ---- | C] () -- C:\Documents and Settings\home\Application Data\Microsoft\Internet Explorer\Quick Launch\File_Recovery.lnk
[2012/09/09 16:20:30 | 000,000,368 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\bVhs71IJJDALv6
[2012/08/30 23:36:43 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/08/30 23:34:15 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/30 23:14:20 | 000,185,698 | ---- | C] () -- C:\Documents and Settings\home\My Documents\TaxReturn.pdf
[2012/08/17 04:29:19 | 000,001,857 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MSN Installer.lnk
[2012/07/13 01:13:00 | 000,558,133 | -H-- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2012/07/10 00:27:14 | 000,013,824 | -H-- | C] () -- C:\Documents and Settings\home\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/02 17:10:42 | 000,000,271 | -H-- | C] () -- C:\Documents and Settings\home\Application Data\burnaware.ini
[2012/06/17 18:28:20 | 000,003,072 | -H-- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/06/06 01:52:37 | 000,001,057 | ---- | C] () -- C:\Documents and Settings\home\Application Data\vso_ts_preview.xml
[2012/06/04 19:39:29 | 000,000,025 | -H-- | C] () -- C:\WINDOWS\popcinfot.dat
[2011/05/06 00:02:22 | 000,016,332 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat

========== LOP Check ==========

[2012/09/09 16:42:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games
[2012/08/31 11:43:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CodecUpdate
[2012/08/02 22:53:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Codecv
[2012/07/17 18:48:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2012/09/08 00:10:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Elephant Games
[2012/07/29 09:16:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeHideIP
[2010/12/10 16:54:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2009/11/04 10:13:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sophos
[2012/09/09 03:34:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/09/07 22:00:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Top Evidence
[2012/06/06 02:58:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2011/04/10 22:44:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/11/10 21:11:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2012/07/30 21:37:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\home\Application Data\Big Fish Games
[2012/07/29 22:12:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\home\Application Data\Boomzap
[2012/07/31 19:15:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\home\Application Data\EleFun Games
[2012/09/08 00:10:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\home\Application Data\Elephant Games
[2012/07/29 09:16:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\home\Application Data\FreeHideIP
[2011/11/11 11:21:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\home\Application Data\FrostWire
[2010/12/19 02:39:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\home\Application Data\LimeWire
[2012/07/31 18:25:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\home\Application Data\MysteryStudio
[2010/12/06 14:04:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\home\Application Data\OpenOffice.org
[2012/07/27 21:17:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\home\Application Data\Orneon
[2012/07/10 16:25:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\home\Application Data\QuickScan
[2012/09/07 22:00:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\home\Application Data\Top Evidence
[2012/07/14 03:33:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\home\Application Data\Unity
[2012/09/10 03:00:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\home\Application Data\uTorrent
[2012/06/06 01:52:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\home\Application Data\Vso
[2012/06/17 18:06:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\home\Application Data\wargaming.net

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:363E775E
@Alternate Data Stream - 150 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E87AB4E3
@Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E8B61305
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:32289BE8
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9BB8C675
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6B709AD7
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2AE74FF9
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5E73E1C2
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A02025CE
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:24C072FF
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:32A82570
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:48862C37

< End of report >
  • 0

Advertisements


#2
Amlak

Amlak

    Member 1K

  • Member
  • PipPipPipPip
  • 1,470 posts
Hi, theMPvick. Welcome to GTG. Let's help you out with your malware issue.

I'll provide you with the next set of instructions to do as soon as it's approved by an expert, so please expect some delay with my proposed fixes.
  • 0

#3
Amlak

Amlak

    Member 1K

  • Member
  • PipPipPipPip
  • 1,470 posts
In the meantime, please do the following:

Download aswMBR.exe to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image


Also, a question. Have you been using a proxy with IE?
  • 0

#4
theMPvick

theMPvick

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
I am not able to install the aswMBR and no i do not use a proxy.
  • 0

#5
theMPvick

theMPvick

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Also on start up its quickly comes up to select the operating system like there is a partition but quickly chooses and continues.
  • 0

#6
Amlak

Amlak

    Member 1K

  • Member
  • PipPipPipPip
  • 1,470 posts
  • Download RogueKiller and save it on your desktop.

    NOTE: If using IE8 or better Smartscreen Filter will need to be disabled
  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan
Posted Image

  • Wait for the end of the scan.
  • The report has been created on the desktop.
  • Click on the Delete button.
Posted Image
  • The report has been created on the desktop.

  • Next click on the ShortcutsFix
    Posted Image
  • The report has been created on the desktop.

Please post: All RKreport.txt text files located on your desktop.
  • 0

#7
theMPvick

theMPvick

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
RogueKiller V8.0.2 [08/31/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : home [Admin rights]
Mode : Scan -- Date : 09/11/2012 15:20:58

¤¤¤ Bad processes : 2 ¤¤¤
[SUSP PATH] bVhs71IJJDALv6.exe -- C:\Documents and Settings\All Users\Application Data\bVhs71IJJDALv6.exe -> KILLED [TermProc]
[HIDDEN] bVhs71IJJDALv6.exe -- C:\Documents and Settings\All Users\Application Data\bVhs71IJJDALv6.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 9 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : bVhs71IJJDALv6 (C:\Documents and Settings\All Users\Application Data\bVhs71IJJDALv6.exe) -> FOUND
[RUN][BLACKLIST DLL] HKCU\[...]\Run : Microsoft Help (rundll32.exe "C:\Documents and Settings\home\Local Settings\Application Data\Mozilla\Microsoft Help\socimzotf.dll",CreateInstance) -> FOUND
[RUN][BLACKLIST DLL] HKUS\.DEFAULT[...]\Run : Microsoft Help (rundll32.exe "C:\Documents and Settings\home\Local Settings\Application Data\Mozilla\Microsoft Help\socimzotf.dll",CreateInstance) -> FOUND
[RUN][BLACKLIST DLL] HKUS\S-1-5-19[...]\Run : Microsoft Help (rundll32.exe "C:\Documents and Settings\home\Local Settings\Application Data\Mozilla\Microsoft Help\socimzotf.dll",CreateInstance) -> FOUND
[RUN][BLACKLIST DLL] HKUS\S-1-5-20[...]\Run : Microsoft Help (rundll32.exe "C:\Documents and Settings\home\Local Settings\Application Data\Mozilla\Microsoft Help\socimzotf.dll",CreateInstance) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-1202660629-1965331169-1606980848-1004[...]\Run : bVhs71IJJDALv6 (C:\Documents and Settings\All Users\Application Data\bVhs71IJJDALv6.exe) -> FOUND
[RUN][BLACKLIST DLL] HKUS\S-1-5-21-1202660629-1965331169-1606980848-1004[...]\Run : Microsoft Help (rundll32.exe "C:\Documents and Settings\home\Local Settings\Application Data\Mozilla\Microsoft Help\socimzotf.dll",CreateInstance) -> FOUND
[RUN][BLACKLIST DLL] HKUS\S-1-5-18[...]\Run : Microsoft Help (rundll32.exe "C:\Documents and Settings\home\Local Settings\Application Data\Mozilla\Microsoft Help\socimzotf.dll",CreateInstance) -> FOUND
[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[12] : NtAlertResumeThread @ 0x805D4BDC -> HOOKED (Unknown @ 0x84EDC6E8)
SSDT[13] : NtAlertThread @ 0x805D4B8C -> HOOKED (Unknown @ 0x84EDC3C0)
SSDT[17] : NtAllocateVirtualMemory @ 0x805A8AC2 -> HOOKED (Unknown @ 0x84AD62F8)
SSDT[31] : NtConnectPort @ 0x805A45D8 -> HOOKED (Unknown @ 0x84C6BD08)
SSDT[43] : NtCreateMutant @ 0x8061758E -> HOOKED (Unknown @ 0x84AD0BC0)
SSDT[53] : NtCreateThread @ 0x805D1038 -> HOOKED (Unknown @ 0x84C33728)
SSDT[83] : NtFreeVirtualMemory @ 0x805B2FBA -> HOOKED (Unknown @ 0x84AD6DE0)
SSDT[89] : NtImpersonateAnonymousToken @ 0x805F9258 -> HOOKED (Unknown @ 0x84E7FBE0)
SSDT[91] : NtImpersonateThread @ 0x805D7860 -> HOOKED (Unknown @ 0x84EDC720)
SSDT[108] : NtMapViewOfSection @ 0x805B2042 -> HOOKED (Unknown @ 0x84BF97A0)
SSDT[114] : NtOpenEvent @ 0x8060EF4C -> HOOKED (Unknown @ 0x84E7FC18)
SSDT[123] : NtOpenProcessToken @ 0x805EDF26 -> HOOKED (Unknown @ 0x84E87B38)
SSDT[129] : NtOpenThreadToken @ 0x805EDF44 -> HOOKED (Unknown @ 0x84ACAC00)
SSDT[177] : NtQueryValueKey @ 0x806221FA -> HOOKED (\??\C:\WINDOWS\system32\drivers\avgtpx86.sys @ 0xEECFB258)
SSDT[206] : NtResumeThread @ 0x805D4A18 -> HOOKED (Unknown @ 0x84E7BCD0)
SSDT[213] : NtSetContextThread @ 0x805D2C1A -> HOOKED (Unknown @ 0x84E87BA8)
SSDT[228] : NtSetInformationProcess @ 0x805CDEA0 -> HOOKED (Unknown @ 0x84EFC538)
SSDT[229] : NtSetInformationThread @ 0x805CC124 -> HOOKED (Unknown @ 0x84AD6950)
SSDT[253] : NtSuspendProcess @ 0x805D4AE0 -> HOOKED (Unknown @ 0x84EDC7F8)
SSDT[254] : NtSuspendThread @ 0x805D4952 -> HOOKED (Unknown @ 0x84EDC388)
SSDT[258] : NtTerminateThread @ 0x805D24D2 -> HOOKED (Unknown @ 0x84E87BE0)
SSDT[267] : NtUnmapViewOfSection @ 0x805B2E50 -> HOOKED (Unknown @ 0x84E87B70)
SSDT[277] : NtWriteVirtualMemory @ 0x805B43D4 -> HOOKED (Unknown @ 0x84EDD498)
S_SSDT[383] : Unknown -> HOOKED (Unknown @ 0x83F433E8)
IRP[IRP_MJ_INTERNAL_DEVICE_CONTROL] : atapi.sys -> HOOKED ([MAJOR] Unknown @ 0x86740FA9)

¤¤¤ Infection : Rogue.FakeHDD|Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3160023AS +++++
--- User ---
[MBR] 4afff9f6bcb7bde2f4eeb41e7585c764
[BSP] ae203e84dcb456630d870d8f3155a2b5 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 62 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 128520 | Size: 152515 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] 51b3ee2d94595f4ac838c7c6afc32f12
[BSP] ae203e84dcb456630d870d8f3155a2b5 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 62 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 128520 | Size: 152515 Mo
2 - [ACTIVE] NTFS (0x17) [HIDDEN!] Offset (sectors): 312480315 | Size: 9 Mo

Finished : << RKreport[1].txt >>
RKreport[1].txt



RogueKiller V8.0.2 [08/31/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : home [Admin rights]
Mode : Remove -- Date : 09/11/2012 15:21:24

¤¤¤ Bad processes : 2 ¤¤¤
[SUSP PATH] bVhs71IJJDALv6.exe -- C:\Documents and Settings\All Users\Application Data\bVhs71IJJDALv6.exe -> KILLED [TermProc]
[HIDDEN] bVhs71IJJDALv6.exe -- C:\Documents and Settings\All Users\Application Data\bVhs71IJJDALv6.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 6 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : bVhs71IJJDALv6 (C:\Documents and Settings\All Users\Application Data\bVhs71IJJDALv6.exe) -> DELETED
[RUN][BLACKLIST DLL] HKCU\[...]\Run : Microsoft Help (rundll32.exe "C:\Documents and Settings\home\Local Settings\Application Data\Mozilla\Microsoft Help\socimzotf.dll",CreateInstance) -> DELETED
[RUN][BLACKLIST DLL] HKUS\.DEFAULT[...]\Run : Microsoft Help (rundll32.exe "C:\Documents and Settings\home\Local Settings\Application Data\Mozilla\Microsoft Help\socimzotf.dll",CreateInstance) -> DELETED
[RUN][BLACKLIST DLL] HKUS\S-1-5-19[...]\Run : Microsoft Help (rundll32.exe "C:\Documents and Settings\home\Local Settings\Application Data\Mozilla\Microsoft Help\socimzotf.dll",CreateInstance) -> DELETED
[RUN][BLACKLIST DLL] HKUS\S-1-5-20[...]\Run : Microsoft Help (rundll32.exe "C:\Documents and Settings\home\Local Settings\Application Data\Mozilla\Microsoft Help\socimzotf.dll",CreateInstance) -> DELETED
[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> DELETED

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[12] : NtAlertResumeThread @ 0x805D4BDC -> HOOKED (Unknown @ 0x84EDC6E8)
SSDT[13] : NtAlertThread @ 0x805D4B8C -> HOOKED (Unknown @ 0x84EDC3C0)
SSDT[17] : NtAllocateVirtualMemory @ 0x805A8AC2 -> HOOKED (Unknown @ 0x84AD62F8)
SSDT[31] : NtConnectPort @ 0x805A45D8 -> HOOKED (Unknown @ 0x84C6BD08)
SSDT[43] : NtCreateMutant @ 0x8061758E -> HOOKED (Unknown @ 0x84AD0BC0)
SSDT[53] : NtCreateThread @ 0x805D1038 -> HOOKED (Unknown @ 0x84C33728)
SSDT[83] : NtFreeVirtualMemory @ 0x805B2FBA -> HOOKED (Unknown @ 0x84AD6DE0)
SSDT[89] : NtImpersonateAnonymousToken @ 0x805F9258 -> HOOKED (Unknown @ 0x84E7FBE0)
SSDT[91] : NtImpersonateThread @ 0x805D7860 -> HOOKED (Unknown @ 0x84EDC720)
SSDT[108] : NtMapViewOfSection @ 0x805B2042 -> HOOKED (Unknown @ 0x84BF97A0)
SSDT[114] : NtOpenEvent @ 0x8060EF4C -> HOOKED (Unknown @ 0x84E7FC18)
SSDT[123] : NtOpenProcessToken @ 0x805EDF26 -> HOOKED (Unknown @ 0x84E87B38)
SSDT[129] : NtOpenThreadToken @ 0x805EDF44 -> HOOKED (Unknown @ 0x84ACAC00)
SSDT[177] : NtQueryValueKey @ 0x806221FA -> HOOKED (\??\C:\WINDOWS\system32\drivers\avgtpx86.sys @ 0xEECFB258)
SSDT[206] : NtResumeThread @ 0x805D4A18 -> HOOKED (Unknown @ 0x84E7BCD0)
SSDT[213] : NtSetContextThread @ 0x805D2C1A -> HOOKED (Unknown @ 0x84E87BA8)
SSDT[228] : NtSetInformationProcess @ 0x805CDEA0 -> HOOKED (Unknown @ 0x84EFC538)
SSDT[229] : NtSetInformationThread @ 0x805CC124 -> HOOKED (Unknown @ 0x84AD6950)
SSDT[253] : NtSuspendProcess @ 0x805D4AE0 -> HOOKED (Unknown @ 0x84EDC7F8)
SSDT[254] : NtSuspendThread @ 0x805D4952 -> HOOKED (Unknown @ 0x84EDC388)
SSDT[258] : NtTerminateThread @ 0x805D24D2 -> HOOKED (Unknown @ 0x84E87BE0)
SSDT[267] : NtUnmapViewOfSection @ 0x805B2E50 -> HOOKED (Unknown @ 0x84E87B70)
SSDT[277] : NtWriteVirtualMemory @ 0x805B43D4 -> HOOKED (Unknown @ 0x84EDD498)
S_SSDT[383] : Unknown -> HOOKED (Unknown @ 0x83F433E8)
IRP[IRP_MJ_INTERNAL_DEVICE_CONTROL] : atapi.sys -> HOOKED ([MAJOR] Unknown @ 0x86740FA9)

¤¤¤ Infection : Rogue.FakeHDD|Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3160023AS +++++
--- User ---
[MBR] 4afff9f6bcb7bde2f4eeb41e7585c764
[BSP] ae203e84dcb456630d870d8f3155a2b5 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 62 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 128520 | Size: 152515 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] 51b3ee2d94595f4ac838c7c6afc32f12
[BSP] ae203e84dcb456630d870d8f3155a2b5 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 62 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 128520 | Size: 152515 Mo
2 - [ACTIVE] NTFS (0x17) [HIDDEN!] Offset (sectors): 312480315 | Size: 9 Mo

Finished : << RKreport[2].txt >>
RKreport[1].txt ;RogueKiller V8.0.2 [08/31/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : home [Admin rights]
Mode : Remove -- Date : 09/11/2012 15:21:24

¤¤¤ Bad processes : 2 ¤¤¤
[SUSP PATH] bVhs71IJJDALv6.exe -- C:\Documents and Settings\All Users\Application Data\bVhs71IJJDALv6.exe -> KILLED [TermProc]
[HIDDEN] bVhs71IJJDALv6.exe -- C:\Documents and Settings\All Users\Application Data\bVhs71IJJDALv6.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 6 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : bVhs71IJJDALv6 (C:\Documents and Settings\All Users\Application Data\bVhs71IJJDALv6.exe) -> DELETED
[RUN][BLACKLIST DLL] HKCU\[...]\Run : Microsoft Help (rundll32.exe "C:\Documents and Settings\home\Local Settings\Application Data\Mozilla\Microsoft Help\socimzotf.dll",CreateInstance) -> DELETED
[RUN][BLACKLIST DLL] HKUS\.DEFAULT[...]\Run : Microsoft Help (rundll32.exe "C:\Documents and Settings\home\Local Settings\Application Data\Mozilla\Microsoft Help\socimzotf.dll",CreateInstance) -> DELETED
[RUN][BLACKLIST DLL] HKUS\S-1-5-19[...]\Run : Microsoft Help (rundll32.exe "C:\Documents and Settings\home\Local Settings\Application Data\Mozilla\Microsoft Help\socimzotf.dll",CreateInstance) -> DELETED
[RUN][BLACKLIST DLL] HKUS\S-1-5-20[...]\Run : Microsoft Help (rundll32.exe "C:\Documents and Settings\home\Local Settings\Application Data\Mozilla\Microsoft Help\socimzotf.dll",CreateInstance) -> DELETED
[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> DELETED

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[12] : NtAlertResumeThread @ 0x805D4BDC -> HOOKED (Unknown @ 0x84EDC6E8)
SSDT[13] : NtAlertThread @ 0x805D4B8C -> HOOKED (Unknown @ 0x84EDC3C0)
SSDT[17] : NtAllocateVirtualMemory @ 0x805A8AC2 -> HOOKED (Unknown @ 0x84AD62F8)
SSDT[31] : NtConnectPort @ 0x805A45D8 -> HOOKED (Unknown @ 0x84C6BD08)
SSDT[43] : NtCreateMutant @ 0x8061758E -> HOOKED (Unknown @ 0x84AD0BC0)
SSDT[53] : NtCreateThread @ 0x805D1038 -> HOOKED (Unknown @ 0x84C33728)
SSDT[83] : NtFreeVirtualMemory @ 0x805B2FBA -> HOOKED (Unknown @ 0x84AD6DE0)
SSDT[89] : NtImpersonateAnonymousToken @ 0x805F9258 -> HOOKED (Unknown @ 0x84E7FBE0)
SSDT[91] : NtImpersonateThread @ 0x805D7860 -> HOOKED (Unknown @ 0x84EDC720)
SSDT[108] : NtMapViewOfSection @ 0x805B2042 -> HOOKED (Unknown @ 0x84BF97A0)
SSDT[114] : NtOpenEvent @ 0x8060EF4C -> HOOKED (Unknown @ 0x84E7FC18)
SSDT[123] : NtOpenProcessToken @ 0x805EDF26 -> HOOKED (Unknown @ 0x84E87B38)
SSDT[129] : NtOpenThreadToken @ 0x805EDF44 -> HOOKED (Unknown @ 0x84ACAC00)
SSDT[177] : NtQueryValueKey @ 0x806221FA -> HOOKED (\??\C:\WINDOWS\system32\drivers\avgtpx86.sys @ 0xEECFB258)
SSDT[206] : NtResumeThread @ 0x805D4A18 -> HOOKED (Unknown @ 0x84E7BCD0)
SSDT[213] : NtSetContextThread @ 0x805D2C1A -> HOOKED (Unknown @ 0x84E87BA8)
SSDT[228] : NtSetInformationProcess @ 0x805CDEA0 -> HOOKED (Unknown @ 0x84EFC538)
SSDT[229] : NtSetInformationThread @ 0x805CC124 -> HOOKED (Unknown @ 0x84AD6950)
SSDT[253] : NtSuspendProcess @ 0x805D4AE0 -> HOOKED (Unknown @ 0x84EDC7F8)
SSDT[254] : NtSuspendThread @ 0x805D4952 -> HOOKED (Unknown @ 0x84EDC388)
SSDT[258] : NtTerminateThread @ 0x805D24D2 -> HOOKED (Unknown @ 0x84E87BE0)
SSDT[267] : NtUnmapViewOfSection @ 0x805B2E50 -> HOOKED (Unknown @ 0x84E87B70)
SSDT[277] : NtWriteVirtualMemory @ 0x805B43D4 -> HOOKED (Unknown @ 0x84EDD498)
S_SSDT[383] : Unknown -> HOOKED (Unknown @ 0x83F433E8)
IRP[IRP_MJ_INTERNAL_DEVICE_CONTROL] : atapi.sys -> HOOKED ([MAJOR] Unknown @ 0x86740FA9)

¤¤¤ Infection : Rogue.FakeHDD|Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3160023AS +++++
--- User ---
[MBR] 4afff9f6bcb7bde2f4eeb41e7585c764
[BSP] ae203e84dcb456630d870d8f3155a2b5 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 62 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 128520 | Size: 152515 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] 51b3ee2d94595f4ac838c7c6afc32f12
[BSP] ae203e84dcb456630d870d8f3155a2b5 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 62 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 128520 | Size: 152515 Mo
2 - [ACTIVE] NTFS (0x17) [HIDDEN!] Offset (sectors): 312480315 | Size: 9 Mo

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt



RogueKiller V8.0.2 [08/31/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : home [Admin rights]
Mode : Shortcuts HJfix -- Date : 09/11/2012 15:23:22

¤¤¤ Bad processes : 2 ¤¤¤
[SUSP PATH] bVhs71IJJDALv6.exe -- C:\Documents and Settings\All Users\Application Data\bVhs71IJJDALv6.exe -> KILLED [TermProc]
[HIDDEN] bVhs71IJJDALv6.exe -- C:\Documents and Settings\All Users\Application Data\bVhs71IJJDALv6.exe -> KILLED [TermProc]

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 0 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 0 / Fail 0
Start menu: Success 0 / Fail 0
User folder: Success 27 / Fail 0
My documents: Success 0 / Fail 0
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 20 / Fail 0
Backup: [FOUND] Success 0 / Fail 0 / Exists 119

Drives:
[C:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[D:] \Device\CdRom0 -- 0x5 --> Skipped
[E:] \Device\CdRom1 -- 0x5 --> Skipped

¤¤¤ Infection : Rogue.FakeHDD|Root.MBR ¤¤¤

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt
  • 0

#8
Amlak

Amlak

    Member 1K

  • Member
  • PipPipPipPip
  • 1,470 posts
Hi, theMPvick. Looks like we have a malicious partition to take care of.

  • Download ListParts to a USB flash drive.
  • Also, please download aswMBR to the same flash drive.
  • Download OTLPEStd.exe to your desktop.
  • Once downloaded, insert a blank CD in your burner and click on OTLPEStd.exe. The executable includes the OTLPE_New_Std.iso and a copy of imgburn, a program to burn .iso files. When executed, the application will extract both and start the burning process automatically.
  • Once the CD is burned, boot the infected computer using the boot CD you just created. For more information, click here
    • Don't forget to connect the flash drive to the computer before you boot from the CD.
  • Your system should now display a REATOGO-X-PE desktop.
  • Double-click the My Computer icon and locate your flash drive to access it.
  • Run aswMBR.exe
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your flash drive and post it in your next reply.
  • There will also be another new file on your flash drive named mbr.dat
  • Please zip mbr.dat to mbr.zip and attach it to your next post also.
  • Now run ListParts and click the Scan button.
  • When finished scanning it will make a log Result.txt on the flash drive. Post that one also in your next reply

  • 0

#9
theMPvick

theMPvick

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
ListParts by Farbar Version: 10-08-2012
Ran by SYSTEM (administrator) on 13-09-2012 at 03:24:42
Windows XP (X86)
Running From: D:\
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 14%
Total physical RAM: 1022.09 MB
Available physical RAM: 871.2 MB
Total Pagefile: 905.77 MB
Available Pagefile: 853.84 MB
Total Virtual: 2047.88 MB
Available Virtual: 2009.38 MB

======================= Partitions =========================

1 Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
2 Drive c: () (Fixed) (Total:148.94 GB) (Free:83.26 GB) NTFS ==>[Drive with boot components (Windows XP)]
3 Drive d: (BACK UP DRIVE) (Fixed) (Total:465.76 GB) (Free:464.15 GB) NTFS
5 Drive x: (ReatogoPE) (CDROM) (Total:0.28 GB) (Free:0 GB) CDFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 149 GB 0 B
Disk 1 Online 466 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 63 MB 32 KB
Partition 2 Primary 149 GB 63 MB
Partition 3 Unknown 10 MB 149 GB
======================================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 FAT Partition 63 MB Healthy
======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 C NTFS Partition 149 GB Healthy
======================================================================================================

Disk: 0
Partition 3
Type : 17 (Suspicious Type)
Hidden: Yes
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 Partition 10 MB Healthy
======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 466 GB 32 KB
======================================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 D BACK UP DRI NTFS Partition 466 GB Healthy
======================================================================================================

****** End Of Log ******



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-13 03:23:51
-----------------------------
03:23:51.921 OS Version: Windows 5.1.2600
03:23:51.921 Number of processors: 1 586 0x403
03:23:51.921 ComputerName: REATOGO UserName: SYSTEM
03:23:52.250 Initialze error 0
03:24:03.265 AVAST engine download error: 0
03:24:08.343 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
03:24:08.359 Disk 0 Vendor: ST3160023AS 8.12 Size: 152587MB BusType: 3
03:24:08.375 Disk 0 MBR read successfully
03:24:08.390 Disk 0 MBR scan
03:24:08.406 Disk 0 Windows XP default MBR code
03:24:08.421 Disk 0 Partition 1 00 DE Dell Utility Dell 4.1 62 MB offset 63
03:24:08.437 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 152515 MB offset 128520
03:24:08.468 Disk 0 Partition 3 80 (A) 17 Hidd HPFS/NTFS NTFS 9 MB offset 312480315
03:24:08.500 Disk 0 Partition 3 **SUSPICIOUS**
03:24:08.515 Disk 0 scanning sectors +312499984
03:24:10.328 Disk 0 scanning X:\i386\system32\drivers
03:24:10.359 Service scanning
03:24:11.078 Modules scanning
03:24:11.812 Disk 0 trace - called modules:
03:24:11.953 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys halaacpi.dll pciide.sys PCIIDEX.SYS
03:24:12.046 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x876f5688]
03:24:12.156 3 CLASSPNP.SYS[f780d05b] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x87704d98]
03:24:12.265 Scan finished successfully
03:24:26.390 Disk 0 MBR has been saved successfully to "D:\MBR.dat"
03:24:26.421 The log file has been saved successfully to "D:\aswMBR.txt"

Attached Files

  • Attached File  MBR.zip   538bytes   27 downloads

  • 0

#10
Amlak

Amlak

    Member 1K

  • Member
  • PipPipPipPip
  • 1,470 posts
Hi, theMPvick. I've attached a file for you to save to your flash drive in the same directory as ListParts, so please do so.

Boot back into the computer via the CD to get back into the Reatogo desktop.

Go to your flash drive and run ListParts again.

This time, click the Fix button.

Once the fix is done, go back into normal Windows. And do the following:

Warning This fix is only relevant for this system and no other, using it on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot.

Also be sure to disable MalwareBytes' Ani-Malware protection (if it's running in the background) for until the OTL fix below is completely carried out.

Run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image

    :OTL
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643
    O33 - MountPoints2\{31c35132-f8e1-11de-b398-0022754e9a78}\Shell - "" = AutoRun
    O33 - MountPoints2\{31c35132-f8e1-11de-b398-0022754e9a78}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{31c35132-f8e1-11de-b398-0022754e9a78}\Shell\AutoRun\command - "" = F:\PhotoViewer.exe
    @Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:363E775E
    @Alternate Data Stream - 150 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E87AB4E3
    @Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E8B61305
    @Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:32289BE8
    @Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9BB8C675
    @Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6B709AD7
    @Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2AE74FF9
    @Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5E73E1C2
    @Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A02025CE
    @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:24C072FF
    @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:32A82570
    @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:48862C37
    
    :FILES
    C:\Documents and Settings\All Users\Application Data\bVhs71IJJDALv6
    C:\Documents and Settings\All Users\Application Data\-bVhs71IJJDALv6
    C:\Documents and Settings\All Users\Application Data\-bVhs71IJJDALv6r
    C:\Documents and Settings\home\Application Data\Microsoft\Internet Explorer\Quick Launch\File_Recovery.lnk
    C:\Documents and Settings\All Users\Application Data\bVhs71IJJDALv6.exe
    C:\Documents and Settings\All Users\Application Data\tJeOfxpyoLkuKU.exe
    
    :COMMANDS
    [EMPTYTEMP]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.
  • Post the log it produces in your next reply.

Next:

Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

Also, please let me know what issues remain to be resolved.

Attached Files

  • Attached File  fix.txt   52bytes   29 downloads

  • 0

Advertisements


#11
theMPvick

theMPvick

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
All processes killed
========== OTL ==========
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{31c35132-f8e1-11de-b398-0022754e9a78}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31c35132-f8e1-11de-b398-0022754e9a78}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{31c35132-f8e1-11de-b398-0022754e9a78}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31c35132-f8e1-11de-b398-0022754e9a78}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{31c35132-f8e1-11de-b398-0022754e9a78}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31c35132-f8e1-11de-b398-0022754e9a78}\ not found.
File F:\PhotoViewer.exe not found.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:363E775E deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:E87AB4E3 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:E8B61305 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:32289BE8 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:9BB8C675 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:6B709AD7 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:2AE74FF9 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5E73E1C2 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A02025CE deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:24C072FF deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:32A82570 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:48862C37 deleted successfully.
========== FILES ==========
C:\Documents and Settings\All Users\Application Data\bVhs71IJJDALv6 moved successfully.
C:\Documents and Settings\All Users\Application Data\-bVhs71IJJDALv6 moved successfully.
C:\Documents and Settings\All Users\Application Data\-bVhs71IJJDALv6r moved successfully.
C:\Documents and Settings\home\Application Data\Microsoft\Internet Explorer\Quick Launch\File_Recovery.lnk moved successfully.
File\Folder C:\Documents and Settings\All Users\Application Data\bVhs71IJJDALv6.exe not found.
File\Folder C:\Documents and Settings\All Users\Application Data\tJeOfxpyoLkuKU.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temporary Internet Files folder emptied: 162158 bytes
->FireFox cache emptied: 5272852 bytes

User: Administrator.MCCOY-2DF80A778
->Temp folder emptied: 16384 bytes
->Temporary Internet Files folder emptied: 59084 bytes
->FireFox cache emptied: 5931456 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: home
->Temp folder emptied: 1214159247 bytes
->Temporary Internet Files folder emptied: 14222442 bytes
->Java cache emptied: 68228531 bytes
->FireFox cache emptied: 78135323 bytes
->Google Chrome cache emptied: 19895234 bytes
->Flash cache emptied: 2409 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 5082000 bytes
->Java cache emptied: 13 bytes
->Flash cache emptied: 2929 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 3672272 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 26688033 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 227143024 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 9608986 bytes

Total Files Cleaned = 1,601.00 mb


OTL by OldTimer - Version 3.2.56.0 log created on 09132012_121706

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-13 13:10:02
-----------------------------
13:10:02.921 OS Version: Windows 5.1.2600 Service Pack 3
13:10:02.921 Number of processors: 2 586 0x403
13:10:02.921 ComputerName: MCCOY-2DF80A778 UserName: home
13:10:03.921 Initialize success
13:10:25.015 AVAST engine defs: 12091300
13:10:27.750 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
13:10:27.750 Disk 0 Vendor: ST3160023AS 8.12 Size: 152587MB BusType: 3
13:10:27.765 Disk 0 MBR read successfully
13:10:27.765 Disk 0 MBR scan
13:10:27.796 Disk 0 Windows XP default MBR code
13:10:27.796 Disk 0 Partition 1 00 DE Dell Utility Dell 4.1 62 MB offset 63
13:10:27.812 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 152515 MB offset 128520
13:10:27.812 Disk 0 scanning sectors +312480315
13:10:27.875 Disk 0 scanning C:\WINDOWS\system32\drivers
13:10:35.265 Service scanning
13:10:46.234 Service SysPlant C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys **LOCKED** 32
13:10:46.468 Service Teefer2 C:\WINDOWS\system32\DRIVERS\teefer2.sys **LOCKED** 32
13:10:47.843 Service WPS C:\WINDOWS\system32\drivers\wpsdrvnt.sys **LOCKED** 32
13:10:47.906 Service WpsHelper C:\WINDOWS\system32\drivers\WpsHelper.sys **LOCKED** 32
13:10:48.640 Modules scanning
13:10:52.390 Disk 0 trace - called modules:
13:10:52.406 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS
13:10:52.406 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8677bab8]
13:10:52.406 3 CLASSPNP.SYS[f7652fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8679bd98]
13:10:53.015 AVAST engine scan C:\WINDOWS
13:11:02.437 AVAST engine scan C:\WINDOWS\system32
13:13:07.437 AVAST engine scan C:\WINDOWS\system32\drivers
13:13:17.890 AVAST engine scan C:\Documents and Settings\home
13:18:10.312 AVAST engine scan C:\Documents and Settings\All Users
13:18:11.875 File: C:\Documents and Settings\All Users\Application Data\Codecv\bhoclass.dll **INFECTED** Win32:Adware-gen [Adw]
13:19:01.125 Scan finished successfully
13:29:17.375 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\home\Desktop\MBR.dat"
13:29:17.375 The log file has been saved successfully to "C:\Documents and Settings\home\Desktop\aswMBR.txt"


Im still seeing the file recovery icon on my desktop and under programs in the start menu and cannot seem to remove. Is this a dead file now and just disregard? My browsers are also nowhere close to the speed they were at before the infection. Chrome has been affected the worst and is almost unusable as it is so slow and constantly freezes. Should I do a fresh install of my browsers? The system seems to working so much better with the exception of browsers. Thank you so much for your help up to this point.
  • 0

#12
theMPvick

theMPvick

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
I also just found I am no longer able to access Microsoft updates. When I connect it says I do not have administrative privileges on this pc, I currently only have one user account and it does have administrative privileges. I know it recorded that in some of the logs. Could this be from the infection?
  • 0

#13
Amlak

Amlak

    Member 1K

  • Member
  • PipPipPipPip
  • 1,470 posts
Please download Farbar Service Scanner and run it on the computer with the issue.

Make sure the following options are checked:
Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update


Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please paste the log in your next reply.

******
NEXT
******

Download MiniToolBox Checkmark following boxes:


Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List Devices (problems only)


Click Go and paste the resultant log in your next reply.
  • 0

#14
theMPvick

theMPvick

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Farbar Service Scanner Version: 06-08-2012
Ran by home (administrator) on 17-09-2012 at 03:27:13
Running from "C:\Documents and Settings\home\My Documents\Downloads"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
AegisP(8) Gpc(3) IPSec(5) NetBT(6) PSched(7) SYMTDI(9) Tcpip(4) WPS(10)
0x0B0000000500000001000000020000000300000004000000090000000A00000007000000080000000C00000006000000
IpSec Tag value is correct.

**** End of log ****

MiniToolBox by Farbar Version: 23-07-2012
Ran by home (administrator) on 17-09-2012 at 03:28:03
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration: ================================

Broadcom NetXtreme 57xx Gigabit Controller = Local Area Connection (Disconnected)
Belkin 54g Wireless USB Network Adapter = Wireless Network Connection 4 (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Wireless Network Connection 4"

set address name="Wireless Network Connection 4" source=dhcp
set dns name="Wireless Network Connection 4" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection 4" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : mccoy-2df80a778

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : Belkin



Ethernet adapter Wireless Network Connection 4:



Connection-specific DNS Suffix . : Belkin

Description . . . . . . . . . . . : Belkin 54g Wireless USB Network Adapter #2

Physical Address. . . . . . . . . : 00-22-75-4E-9A-78

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.2.4

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.2.1

DHCP Server . . . . . . . . . . . : 192.168.2.1

DNS Servers . . . . . . . . . . . : 192.168.2.1

Lease Obtained. . . . . . . . . . : Saturday, September 15, 2012 5:34:43 PM

Lease Expires . . . . . . . . . . : Monday, January 18, 2038 11:14:07 PM

Server:
Address: 192.168.2.1

Name: google.com
Addresses: 74.125.137.139, 74.125.137.100, 74.125.137.101, 74.125.137.102
74.125.137.113, 74.125.137.138



Pinging google.com [74.125.227.5] with 32 bytes of data:



Reply from 74.125.227.5: bytes=32 time=75ms TTL=49

Reply from 74.125.227.5: bytes=32 time=61ms TTL=49



Ping statistics for 74.125.227.5:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 61ms, Maximum = 75ms, Average = 68ms

Server:
Address: 192.168.2.1

Name: yahoo.com
Addresses: 72.30.38.140, 98.138.253.109, 98.139.183.24



Pinging yahoo.com [98.138.253.109] with 32 bytes of data:



Reply from 98.138.253.109: bytes=32 time=97ms TTL=50

Reply from 98.138.253.109: bytes=32 time=196ms TTL=48



Ping statistics for 98.138.253.109:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 97ms, Maximum = 196ms, Average = 146ms

Server:
Address: 192.168.2.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x40002 ...00 22 75 4e 9a 78 ...... Belkin 54g Wireless USB Network Adapter #2 - Teefer2 Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.4 25
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.2.0 255.255.255.0 192.168.2.4 192.168.2.4 25
192.168.2.4 255.255.255.255 127.0.0.1 127.0.0.1 25
192.168.2.255 255.255.255.255 192.168.2.4 192.168.2.4 25
224.0.0.0 240.0.0.0 192.168.2.4 192.168.2.4 25
255.255.255.255 255.255.255.255 192.168.2.4 192.168.2.4 1
Default Gateway: 192.168.2.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/17/2012 03:24:36 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: This network connection does not exist.

Error: (09/17/2012 03:24:36 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: This network connection does not exist.

Error: (09/17/2012 03:24:36 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: This network connection does not exist.

Error: (09/17/2012 03:24:31 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: This network connection does not exist.

Error: (09/17/2012 03:24:30 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: A connection with the server could not be established

Error: (09/17/2012 02:24:33 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: This network connection does not exist.

Error: (09/17/2012 02:24:33 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: This network connection does not exist.

Error: (09/17/2012 02:24:33 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: This network connection does not exist.

Error: (09/17/2012 02:24:30 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: This network connection does not exist.

Error: (09/17/2012 02:24:29 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: A connection with the server could not be established


System errors:
=============
Error: (09/16/2012 04:37:57 AM) (Source: Windows Update Agent) (User: )
Description: Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.

Error: (09/14/2012 06:27:36 PM) (Source: 0) (User: )
Description: C:

Error: (09/14/2012 04:37:55 AM) (Source: Windows Update Agent) (User: )
Description: Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.

Error: (09/13/2012 00:17:08 PM) (Source: Service Control Manager) (User: )
Description: The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).

Error: (09/13/2012 00:17:07 PM) (Source: Service Control Manager) (User: )
Description: The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s).

Error: (09/13/2012 00:15:39 PM) (Source: System Error) (User: )
Description: Error code 1000007e, parameter1 c0000005, parameter2 8420d097, parameter3 f7a61a90, parameter4 f7a6178c.

Error: (09/13/2012 07:16:00 AM) (Source: Service Control Manager) (User: )
Description: The Print Spooler service terminated unexpectedly. It has done this 1 time(s).

Error: (09/13/2012 07:16:00 AM) (Source: Service Control Manager) (User: )
Description: The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).

Error: (09/13/2012 06:33:44 AM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (09/13/2012 06:33:44 AM) (Source: 0) (User: )
Description: \Device\Harddisk0\D


Microsoft Office Sessions:
=========================
Error: (09/17/2012 03:24:36 AM) (Source: crypt32)(User: )
Description: http://www.download....rootseq.txtThis network connection does not exist.

Error: (09/17/2012 03:24:36 AM) (Source: crypt32)(User: )
Description: http://www.download....rootseq.txtThis network connection does not exist.

Error: (09/17/2012 03:24:36 AM) (Source: crypt32)(User: )
Description: http://www.download....rootseq.txtThis network connection does not exist.

Error: (09/17/2012 03:24:31 AM) (Source: crypt32)(User: )
Description: http://www.download....rootseq.txtThis network connection does not exist.

Error: (09/17/2012 03:24:30 AM) (Source: crypt32)(User: )
Description: http://www.download....uthrootseq.txtA connection with the server could not be established

Error: (09/17/2012 02:24:33 AM) (Source: crypt32)(User: )
Description: http://www.download....rootseq.txtThis network connection does not exist.

Error: (09/17/2012 02:24:33 AM) (Source: crypt32)(User: )
Description: http://www.download....rootseq.txtThis network connection does not exist.

Error: (09/17/2012 02:24:33 AM) (Source: crypt32)(User: )
Description: http://www.download....rootseq.txtThis network connection does not exist.

Error: (09/17/2012 02:24:30 AM) (Source: crypt32)(User: )
Description: http://www.download....rootseq.txtThis network connection does not exist.

Error: (09/17/2012 02:24:29 AM) (Source: crypt32)(User: )
Description: http://www.download....uthrootseq.txtA connection with the server could not be established


=========================== Installed Programs ============================

µTorrent (Version: 3.1.3)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.257)
Adobe Flash Player 11 Plugin (Version: 11.3.300.265)
Adobe Reader 9.1 (Version: 9.1.0)
Alarm (Version: 2.0.5)
Apple Application Support (Version: 2.0.1)
Apple Mobile Device Support (Version: 3.4.1.2)
Apple Software Update (Version: 2.1.3.127)
ATI - Software Uninstall Utility (Version: 6.14.10.1014)
ATI Control Panel (Version: 6.14.10.5183)
ATI Display Driver (Version: 8.23-060209a1-030546C-Dell)
Belkin 54Mbps Wireless Network Adapter (Version: 1.00.01)
Broadcom Gigabit Integrated Controller (Version: 7.53.02)
Conexant D850 56K V.9x DFVc Modem
Google Chrome (Version: 21.0.1180.89)
IBot 4.53 (Version: 4.53)
iTunes (Version: 10.4.0.80)
Java™ 6 Update 13 (Version: 6.0.130)
LiveUpdate 3.3 (Symantec Corporation) (Version: 3.3.0.96)
Magical Jelly Bean KeyFinder (Version: 2.0.8.4)
Malwarebytes Anti-Malware version 1.65.0.1400 (Version: 1.65.0.1400)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Proof (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.4763.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.4763.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Word 2010 (Version: 14.0.4763.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Software Update for Web Folders (English) 14 (Version: 14.0.4763.1000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Word 2010 (Version: 14.0.4763.1000)
Mozilla Firefox 15.0.1 (x86 en-US) (Version: 15.0.1)
Mozilla Maintenance Service (Version: 15.0.1)
MSN
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
OpenOffice.org 3.1 (Version: 3.1.9399)
Outpost Security Suite 7.1.1 (Version: 7.1.1)
QuickTime (Version: 7.70.80.34)
Secunia PSI (3.0.0.3001) (Version: 3.0.0.3001)
SoundMAX (Version: 5.12.01.5246)
SpywareBlaster 4.6 (Version: 4.6.0)
Symantec Endpoint Protection (Version: 11.0.6100.645)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 7 (KB976749) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB898461) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
VLC media player 1.1.6 (Version: 1.1.6)
WebFldrs XP (Version: 9.50.7523)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Internet Explorer 8 (Version: 20090308.140743)
WinZip (Version: 8.1 (4331))
Yahoo! Messenger
Yahoo! Search Protection
Yahoo! Software Update

========================= Devices: ================================

Name: RADEON X300 Series Secondary
Description: RADEON X300 Series Secondary
Class Guid: TI Technologies Inc.
Manufacturer: ATI Technologies Inc.
Service: ati2mtag
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Broadcom NetXtreme 57xx Gigabit Controller
Description: Broadcom NetXtreme 57xx Gigabit Controller
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Broadcom
Service: b57w2k
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


========================= Memory info: ===================================

Percentage of memory in use: 78%
Total physical RAM: 1022.09 MB
Available physical RAM: 215.87 MB
Total Pagefile: 2459.5 MB
Available Pagefile: 1761.21 MB
Total Virtual: 2047.88 MB
Available Virtual: 1970.98 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:148.94 GB) (Free:85.11 GB) NTFS

========================= Users: ========================================

User accounts for \\MCCOY-2DF80A778

Administrator ASPNET Guest
HelpAssistant home SUPPORT_388945a0


**** End of log ****


I appologize for taking so long to respond. I had to be out of town this weekend. Thank you again!
  • 0

#15
Amlak

Amlak

    Member 1K

  • Member
  • PipPipPipPip
  • 1,470 posts
Hi, theMPvick. You may want to disable and remove some of the add-ons/extensions for your browsers. See if this improves browser speed. If you need further instructions on how to do so, please let me know.

Then, do the following:

Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete

Posted Image

Once done it will ask to reboot, allow this
On reboot a log will be produced please attach that

******
NEXT
******

Malwarebytes' Anti-Malware

  • Open Malwarebytes' Anti-Malware.
  • Select the Update tab.
  • Click Check for Updates.
  • After the update has been completed, select the Scanner tab.
  • Select Perform quick scan, then click on the Scan button.
  • When done, you will be prompted. Click OK, then click on Show Results.
  • Make sure all items are checked and click on Remove Selected.
  • If asked to restart the computer, please do so immediately.
  • Post the contents of the resultant log in your next reply. You can access the log in the Logs tab.

******
NEXT
******

  • Go to here
  • Click the download button under Kaspersky Security Scan
  • Download and run the file
  • It will start to download the Kaspersky Security Scan program data
  • Once downloaded the installer will begin
  • Click Next
  • Accept the License Agreement
  • Click Install
  • The program will now install
  • Click Finish
  • Kaspersky Security Scan will now start

    Posted Image
  • Click the Full Scan button

    Posted Image
  • The scan will take about an hour or two depending on the amount of data on your hard drive
  • If the scan detects problems it will open a Problems found window
  • Click Details to generate a scan results report

    Posted Image
  • Once the scan is complete do the following:
    • For XP: Navigate to C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\KSS2\DataRoot
      For Vista/7: Navigate to C:\ProgramData\Kaspersky Lab\KSS2\DataRoot
    • Right-click on the HtmlReport folder --> Click Send to --> Click Compressed (zipped) folder
    • Attach the HtmlReport zipped folder to your next post
      Posted Image
      Posted Image
      Posted Image
  • You can now close Kaspersky Security Scan

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP