Jump to content

Recommended Posts

I have a problem with decreasing hard drive. I have it decrease it in front of my eyes without any activity on my part.

I have done combofix (have the log), have done rootrepeal (have the log), malaware (did not show any malware), ddr (have the log).

Please help me as this is driving me crazy. :P:P:D

Many thanks

tharunam_Attach.txt

tharunam_DDS.txt

Tharunam_rootrepal_report.txt

tharunam_Attach.txt

tharunam_DDS.txt

Tharunam_rootrepal_report.txt

Link to post
Share on other sites

i don't see any attachments, but just copy and past the log in your reply. Thanks

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.6 by Gmer, http://www.gmer.net

device: opened successfully

user: MBR read successfully

called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS

kernel: MBR read successfully

copy of MBR has been found in sector 22 !

copy of MBR has been found in sector 23 !

Here is the output from ROOTREPAL also:

ROOTREPEAL © AD, 2007-2009

==================================================

Scan Time: 2009/06/28 07:00

Program Version: Version 1.3.0.0

Windows Version: Windows XP SP3

==================================================

Hidden/Locked Files

-------------------

Path: Volume C:\

Status: MBR Rootkit Detected!

Path: C:\hiberfil.sys

Status: Locked to the Windows API!

Path: C:\ashampoo-acdw-log.txt

Status: Visible to the Windows API, but not on disk.

Path: C:\RootRepeal report 06-28-09 (06-57-01).txt

Status: Visible to the Windows API, but not on disk.

Path: C:\RootRepeal report 06-28-09 (06-59-57).txt

Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Ashampoo

Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Aventail Connect

Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Java

Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Malwarebytes' Anti-Malware

Status: Visible to the Windows API, but not on disk.

Path: c:\windows\schedlgu.txt

Status: Size mismatch (API: 13894, Raw: 3896)

Path: C:\WINDOWS\ngevent.dll

Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\ngmsgs.dll

Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\ngmsi.dll

Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\ngutil.exe

Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\ngwinx.dll

Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\Sun

Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\bapasp\IECompatCache

Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\bapasp\PrivacIE

Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\shield\client.dll.log

Status: Visible to the Windows API, but not on disk.

Path: C:\RECYCLER\S-1-5-21-1454471165-362288127-1801674531-1003\Dc1

Status: Invisible to the Windows API!

Path: C:\RECYCLER\S-1-5-21-1454471165-362288127-1801674531-1003\Dc2.exe

Status: Invisible to the Windows API!

Path: C:\RECYCLER\S-1-5-21-1454471165-362288127-1801674531-1003\Dc3.torrent

Status: Invisible to the Windows API!

Path: C:\RECYCLER\S-1-5-21-1454471165-362288127-1801674531-1003\Dc4

Status: Invisible to the Windows API!

Path: C:\RECYCLER\S-1-5-21-1454471165-362288127-1801674531-1003\Dc5

Status: Invisible to the Windows API!

Path: C:\RECYCLER\S-1-5-21-1454471165-362288127-1801674531-1003\Dc6

Status: Invisible to the Windows API!

Path: c:\recycler\s-1-5-21-1454471165-362288127-1801674531-1003\info2

Status: Size mismatch (API: 20, Raw: 5620)

Path: C:\WINDOWS\Prefetch\AGENTSVR.EXE-002E45AB.pf

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Prefetch\AUTORUN.EXE-2BEFFDCB.pf

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Prefetch\CSRSS.EXE-12B63473.pf

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Prefetch\EGUI.EXE-2926BFD4.pf

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Prefetch\EKRN.EXE-04F4138D.pf

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Prefetch\ESET NOD32 ANTIVIRUS BUSINESS-31AEB230.pf

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Prefetch\RUNDLL32.EXE-470F11BD.pf

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Prefetch\RUNDLL32.EXE-49F747DB.pf

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Prefetch\RUNDLL32.EXE-4ACB286C.pf

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Prefetch\RUNDLL32.EXE-4B1DB1FC.pf

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Prefetch\SETUP.EXE-32DD1568.pf

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Prefetch\SETUP.EXE-393E66AE.pf

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Prefetch\SETUP50.EXE-362FF7C9.pf

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Prefetch\MSOOBE.EXE-30411B02.pf

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Prefetch\NVCPLUI.EXE-315CED5C.pf

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Prefetch\NVSVC32.EXE-1F9EED18.pf

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Prefetch\NVUDISP.EXE-32E0B398.pf

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Prefetch\OUTPOSTPROINSTALL.EXE-1B5148D6.pf

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Prefetch\OUTPOSTPROINSTALL.TMP-0C1E8B70.pf

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Prefetch\OUTPOSTPROINSTALL.TMP-1EA4C196.pf

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Prefetch\RUNDLL32.EXE-12BF95CE.pf

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Prefetch\RUNDLL32.EXE-169CA248.pf

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Prefetch\RUNDLL32.EXE-197CF692.pf

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Prefetch\RUNDLL32.EXE-1DA3F59A.pf

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Prefetch\RUNDLL32.EXE-1F660CD2.pf

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Prefetch\RUNDLL32.EXE-4499C56E.pf

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Prefetch\UPDATE.EXE-297067B9.pf

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Prefetch\UPDATE.EXE-2BCA99B3.pf

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Prefetch\UPDATE.EXE-2C6467D2.pf

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Prefetch\UPDATE.EXE-2F9A6C71.pf

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Prefetch\UPDATE.EXE-307CC304.pf

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Prefetch\UPDATE.EXE-31C66815.pf

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Prefetch\UPDATE.EXE-31D435B2.pf

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Prefetch\UPDATE.EXE-32314E84.pf

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Prefetch\UPDATE.EXE-32405405.pf

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Prefetch\UPDATE.EXE-349CF69B.pf

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Prefetch\UPDATE.EXE-35256F7F.pf

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Prefetch\UPDATE.EXE-37F8BDB2.pf

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Prefetch\UPDATE.EXE-3A736A9C.pf

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Prefetch\USERINIT.EXE-30B18140.pf

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Prefetch\VC9REDIST_X86.EXE-225698A3.pf

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Prefetch\UPDATE.EXE-0091AA59.pf

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Prefetch\UPDATE.EXE-00D48DA0.pf

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Prefetch\UPDATE.EXE-00E7D32B.pf

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Prefetch\UPDATE.EXE-03312FA0.pf

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Prefetch\UPDATE.EXE-042A3E54.pf

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Prefetch\UPDATE.EXE-0444C53E.pf

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Prefetch\UPDATE.EXE-045B45CE.pf

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Prefetch\UPDATE.EXE-05972C8C.pf

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Prefetch\UPDATE.EXE-07F57BFD.pf

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Prefetch\UPDATE.EXE-0861C322.pf

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Prefetch\UPDATE.EXE-08A3FD32.pf

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Prefetch\UPDATE.EXE-092E1F29.pf

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Prefetch\UPDATE.EXE-095C05CC.pf

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Prefetch\UPDATE.EXE-0A38897B.pf

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Prefetch\UPDATE.EXE-0A9F0870.pf

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Prefetch\UPDATE.EXE-10C5F78C.pf

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Prefetch\UPDATE.EXE-1124ECFE.pf

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Prefetch\UPDATE.EXE-11DF4F4C.pf

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Prefetch\UPDATE.EXE-13097096.pf

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Prefetch\UPDATE.EXE-151501D1.pf

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Prefetch\UPDATE.EXE-19B615CB.pf

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Prefetch\UPDATE.EXE-1A7F30F0.pf

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Prefetch\UPDATE.EXE-1ACD8FB1.pf

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Prefetch\UPDATE.EXE-1C0F7C45.pf

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Prefetch\UPDATE.EXE-25DF2DE6.pf

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Prefetch\UPDATE.EXE-263E0406.pf

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Prefetch\GENINST.EXE-39FBE1A8.pf

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Prefetch\IE4UINIT.EXE-169A5A39.pf

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Prefetch\IESETUP.EXE-26B0411B.pf

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Prefetch\INSTALL.EXE-0D4C4A7D.pf

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Prefetch\INSTALL_FP6_WU_R88.EXE-277C330A.pf

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Prefetch\LSASS.EXE-20DB6D1B.pf

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Prefetch\MRTSTUB.EXE-11632F74.pf

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Prefetch\RUNDLL32.EXE-1F94F465.pf

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Prefetch\RUNDLL32.EXE-236BBAFC.pf

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Prefetch\RUNDLL32.EXE-23F3A032.pf

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Prefetch\RUNDLL32.EXE-266C0153.pf

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Prefetch\RUNDLL32.EXE-27D9917D.pf

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Prefetch\RUNDLL32.EXE-286A7F8C.pf

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Prefetch\RUNDLL32.EXE-2AF77CC9.pf

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Prefetch\RUNDLL32.EXE-2F26E69F.pf

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Prefetch\RUNDLL32.EXE-30906FE7.pf

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Prefetch\RUNDLL32.EXE-3163B88B.pf

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Prefetch\RUNDLL32.EXE-3395513A.pf

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Prefetch\RUNDLL32.EXE-34FD57A0.pf

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Prefetch\RUNDLL32.EXE-3919F565.pf

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Prefetch\RUNDLL32.EXE-3C8C9286.pf

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Prefetch\RUNDLL32.EXE-3C937D0B.pf

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Prefetch\RUNDLL32.EXE-3F8082C7.pf

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Prefetch\RUNDLL32.EXE-415F88EC.pf

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Prefetch\WGASETUP.EXE-100DF432.pf

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Prefetch\WINDOWS-KB890830-V2.11.EXE-1E60315A.pf

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Prefetch\WINDOWSXP-KB905474-ENU-X86.EX-0516A016.pf

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Prefetch\WINDOWSXP-KB923789-X86-ENU.EX-2E6E7F28.pf

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Prefetch\WORDPAD.EXE-24533991.pf

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Prefetch\ACROBATINFO.EXE-35EB20A4.pf

Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\Prefetch\ACRODIST.EXE-295636F4.pf

Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\Prefetch\ACROTRAY.EXE-11E0E388.pf

Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\Prefetch\ASHAMPOO_BURNING_STUDIO_9_904-02137C8F.pf

Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\Prefetch\ASHAMPOO_BURNING_STUDIO_9_904-315E33CF.pf

Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\Prefetch\ASHDRIVERSETUP.EXE-01373FB4.pf

Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\Prefetch\AUTORUN.EXE-3684E09A.pf

Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\Prefetch\BURNINGSTUDIO9.EXE-2C09CA63.pf

Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\Prefetch\CANCELAUTOPLAY.EXE-0039A219.pf

Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\Prefetch\CTFMON.EXE-0E17969B.pf

Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\Prefetch\GRPCONV.EXE-111CD845.pf

Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\Prefetch\INSTALL.EXE-1498F293.pf

Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\Prefetch\IPCONFIG.EXE-2395F30B.pf

Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\Prefetch\IRON.EXE-29B10913.pf

Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\Prefetch\JAVA.EXE-0C263507.pf

Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\Prefetch\Layout.ini

Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\Prefetch\LOGON.SCR-151EFAEA.pf

Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\Prefetch\MAGICJACK.EXE-3701EB60.pf

Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\Prefetch\MAGICJACKLOADER.EXE-34746B21.pf

Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\Prefetch\MAGICJACKSPLASH.EXE-2DD62BDB.pf

Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\Prefetch\MAGICJACKSPLASH.EXE-2FFC554C.pf

Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\Prefetch\MJSETUP.EXE-00E1FE4A.pf

Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\Prefetch\MJSETUP.EXE-1D3B1028.pf

Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\Prefetch\MSTSC.EXE-39B7CECA.pf

Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\Prefetch\NBTSTAT.EXE-050A2164.pf

Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\Prefetch\NETREG.EXE-30DD1329.pf

Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\Prefetch\NGMONITOR.EXE-3A29ADC8.pf

Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\Prefetch\ONECLICKSTARTER.EXE-31B195B2.pf

Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\Prefetch\REGOPT.EXE-1FA9FFE4.pf

Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\Prefetch\ROOTREPEAL.EXE-05D9F033.pf

Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\Prefetch\RUNDLL32.EXE-17638B2D.pf

Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\Prefetch\RUNDLL32.EXE-35A483DA.pf

Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\Prefetch\RUNDLL32.EXE-4498EFB8.pf

Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\Prefetch\SETUP.EXE-3A7EB202.pf

Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\Prefetch\UTSCSI.EXE-1DBF0E67.pf

Status: Visible to the Windows API, but not on disk.

Path: c:\windows\system32\perfstringbackup.ini

Status: Size mismatch (API: 356120, Raw: 355086)

Path: C:\WINDOWS\system32\deploytk.dll

Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\system32\java.exe

Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\system32\javacpl.cpl

Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\system32\javaw.exe

Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\system32\javaws.exe

Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\system32\ngclient.dll

Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\system32\ngcommon.dll

Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\system32\ngdial.exe

Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\system32\nghelp.chm

Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\system32\nglocenu.dll

Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\system32\nglogon.dll

Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\system32\ngmonitor.exe

Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\system32\ngras.dll

Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\system32\ngupdate.exe

Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\system32\ngvpnmgr.exe

Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\system32\UTSCSI.EXE

Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\Tasks\Malwarebytes' Scheduled Scan for bapasp.job

Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\Tasks\Malwarebytes' Scheduled Update for bapasp.job

Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\Temp\Perflib_Perfdata_f8c.dat

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\testtime.tmp

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\WGAErrLog.txt

Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\Perflib_Perfdata_5e0.dat

Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\inf\Erma.inf

Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\inf\ngvpn.inf

Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\inf\ngvpn.PNF

Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\Installer\2f78e.msi

Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\Installer\3baf7.msp

Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\Installer\3baf8.msp

Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\Installer\740704.msi

Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\Installer\eb8093.msp

Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\Installer\eb8094.msp

Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\Installer\eb8095.mst

Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\Installer\{26A24AE4-039D-4CA4-87B4-2F83216014FF}

Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\Downloaded Program Files\erma.inf

Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\All Users\Application Data\Aventail

Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\All Users\Application Data\Malwarebytes

Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\All Users\Desktop\Adobe Acrobat 9 Pro Extended.lnk

Status: Invisible to the Windows API!

Path: C:\Documents and Settings\All Users\Desktop\SRWare Iron.lnk

Status: Invisible to the Windows API!

Path: C:\Documents and Settings\All Users\Desktop\TuneUp 1-Click Maintenance.lnk

Status: Invisible to the Windows API!

Path: C:\Documents and Settings\All Users\Desktop\TuneUp Utilities 2009.lnk

Status: Invisible to the Windows API!

Path: C:\Documents and Settings\All Users\Desktop\VLC media player.lnk

Status: Invisible to the Windows API!

Path: C:\Documents and Settings\bapasp\Application Data\Ashampoo

Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\bapasp\Application Data\Aventail

Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\bapasp\Application Data\Malwarebytes

Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\bapasp\Application Data\mjusbsp

Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\bapasp\Application Data\Sun

Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\bapasp\Cookies\bapasp@microsoft[2].txt

Status: Invisible to the Windows API!

Path: C:\Documents and Settings\bapasp\Cookies\bapasp@tune-up[1].txt

Status: Invisible to the Windows API!

Path: C:\Documents and Settings\bapasp\Desktop\Perfect Uninstaller.lnk

Status: Invisible to the Windows API!

Path: C:\Documents and Settings\bapasp\Desktop\Shortcut (2) to Newly created software.lnk

Status: Invisible to the Windows API!

Path: C:\Documents and Settings\bapasp\Desktop\Shortcut to bit download.lnk

Status: Invisible to the Windows API!

Path: C:\Documents and Settings\bapasp\Desktop\Spybot - Search & Destroy.lnk

Status: Invisible to the Windows API!

Path: C:\Documents and Settings\bapasp\Desktop\vlc-0.9.9-win32.exe

Status: Invisible to the Windows API!

Path: C:\Documents and Settings\bapasp\Desktop\WinASO Registry Optimizer.lnk

Status: Invisible to the Windows API!

Path: C:\Documents and Settings\bapasp\Desktop\

Link to post
Share on other sites

Well that's good no MBR rootkit. Do you have any P2P program installed on your PC? I only ask because can cause you to loose your hard drive space.

mbamicontw5.gif Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.