Member Avatar for BobGenghis

I've been plagued by multiple viruses for a few weeks reinstalling themselves, slow internet speed, and intermittant audio ads played through Windows Explorer while I am connected to the internet.

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.05.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
no :: NO-PC [administrator]

8/5/2012 2:53:45 PM
mbam-log-2012-08-05 (16-36-14).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 687197
Time elapsed: 1 hour(s), 42 minute(s), 18 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\ProgramData\Microsoft\Windows\DRM\82E8.tmp.dat (Trojan.Agent.EXPD1) -> No action taken.
C:\ProgramData\Microsoft\Windows\DRM\AC87.tmp.dat (Trojan.Agent.EXPD1) -> No action taken.
C:\Qoobox\Quarantine\C\Users\no\AppData\Local\mlskisim.exe.vir (Trojan.Lameshield) -> No action taken.

(end)

GMER log 1 was empty

Gmer log2:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-08-05 14:51:24
Windows 6.1.7601 Service Pack 1 
Running: 4yy9yzk4.exe


---- Registry - GMER 1.0.15 ----

Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                      
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                   0
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                0x20 0x5B 0x26 0xEE ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                   0x00 0x00 0x00 0x00 ...
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)  
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                       0
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                    0x20 0x5B 0x26 0xEE ...
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                       0x00 0x00 0x00 0x00 ...

---- EOF - GMER 1.0.15 ----




.
DDS (Ver_2011-08-26.01) - NTFSAMD64 
Internet Explorer: 9.0.8112.16421
Run by no at 17:13:56 on 2012-08-05
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3070.1803 [GMT -4:00]
.
AV: Avira Desktop *Disabled/Outdated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Outdated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Programs\Security\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Programs\Security\SUPERAntiSpyware\SASCORE64.EXE
C:\Programs\Security\Avira\AntiVir Desktop\avguard.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Games\Hi-Rez Studios\HiPatchService.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Skype\Updater\Updater.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Programs\Security\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Microsoft LifeChat\LifeChat.exe
C:\Programs\Security\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Programs\Security\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Programs\Security\SPYBOT~1\SDHelper.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [SpybotSD TeaTimer] C:\Programs\Security\Spybot - Search & Destroy\TeaTimer.exe
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun: [avgnt] "C:\Programs\Security\Avira\AntiVir Desktop\avgnt.exe" /min
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programs\Security\SPYBOT~1\SDHelper.dll
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{FF1DD4E9-47AE-4524-8983-A3D4AEA977EB} : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{FF1DD4E9-47AE-4524-8983-A3D4AEA977EB} : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Programs\Security\SPYBOT~1\SDHelper.dll
BHO-X64: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun-x64: [avgnt] "C:\Programs\Security\Avira\AntiVir Desktop\avgnt.exe" /min
.
============= SERVICES / DRIVERS ===============
.
P2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Games\Hi-Rez Studios\HiPatchService.exe [2012-1-10 8704]
R1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys --> C:\Windows\system32\DRIVERS\avkmgr.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Programs\Security\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Programs\Security\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Programs\Security\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Programs\Security\Avira\AntiVir Desktop\sched.exe [2012-7-12 86224]
R2 AntiVirService;Avira Realtime Protection;C:\Programs\Security\Avira\AntiVir Desktop\avguard.exe [2012-7-12 110032]
R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
R2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
R3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\system32\drivers\LVUSBS64.sys --> C:\Windows\system32\drivers\LVUSBS64.sys [?]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-5-25 2253120]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-20 250056]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\system32\Drivers\ssadadb.sys --> C:\Windows\system32\Drivers\ssadadb.sys [?]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Games\Steam\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe [2010-3-9 25832]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\Windows\system32\DRIVERS\ManyCam_x64.sys --> C:\Windows\system32\DRIVERS\ManyCam_x64.sys [?]
S3 PPJoyBus;Parallel Port Joystick Bus Enumerator;C:\Windows\system32\DRIVERS\PPJoyBus64.sys --> C:\Windows\system32\DRIVERS\PPJoyBus64.sys [?]
S3 PPortJoystick;Parallel Port Joystick Device Driver;C:\Windows\system32\DRIVERS\PPortJoy64.sys --> C:\Windows\system32\DRIVERS\PPortJoy64.sys [?]
S3 RzSynapse;Razer Naga Driver;C:\Windows\system32\DRIVERS\RzSynapse.sys --> C:\Windows\system32\DRIVERS\RzSynapse.sys [?]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\ssadbus.sys --> C:\Windows\system32\DRIVERS\ssadbus.sys [?]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\system32\DRIVERS\ssadmdfl.sys --> C:\Windows\system32\DRIVERS\ssadmdfl.sys [?]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\system32\DRIVERS\ssadmdm.sys --> C:\Windows\system32\DRIVERS\ssadmdm.sys [?]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-07-21 23:47:08 --------    d-sh--w-    C:\$RECYCLE.BIN
2012-07-21 20:46:12 --------    d-----r-    C:\Program Files (x86)\Skype
2012-07-21 19:36:01 --------    d-----w-    C:\ComboFix
2012-07-19 00:01:02 --------    d-----w-    C:\Users\no\AppData\Local\temp
2012-07-18 23:17:43 98816   ----a-w-    C:\Windows\sed.exe
2012-07-18 23:17:43 518144  ----a-w-    C:\Windows\SWREG.exe
2012-07-18 23:17:43 256000  ----a-w-    C:\Windows\PEV.exe
2012-07-18 23:17:43 208896  ----a-w-    C:\Windows\MBR.exe
2012-07-15 22:39:30 --------    d-----w-    C:\ProgramData\Spybot - Search & Destroy
2012-07-15 22:34:23 118784  ----a-w-    C:\Windows\SysWow64\MSSTDFMT.DLL
2012-07-14 15:01:17 388096  ----a-r-    C:\Users\no\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-07-14 14:54:48 --------    d-----w-    C:\Users\no\AppData\Roaming\Malwarebytes
2012-07-14 14:54:24 --------    d-----w-    C:\ProgramData\Malwarebytes
2012-07-14 14:25:28 129024  ----a-w-    C:\Windows\RegBootClean64.exe
2012-07-13 14:42:05 9827016 ----a-w-    C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-07-13 02:54:52 --------    d-----w-    C:\Users\no\AppData\Roaming\Avira
2012-07-13 02:49:05 98848   ----a-w-    C:\Windows\System32\drivers\avgntflt.sys
2012-07-13 02:49:05 27760   ----a-w-    C:\Windows\System32\drivers\avkmgr.sys
2012-07-13 02:49:04 --------    d-----w-    C:\ProgramData\Avira
2012-07-13 02:19:17 3148800 ----a-w-    C:\Windows\System32\win32k.sys
2012-07-13 02:18:48 69000   ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{AF90098C-8766-413F-A65E-0E4A532AF8EE}\offreg.dll
2012-07-13 02:12:17 2048    ----a-w-    C:\Windows\SysWow64\msxml3r.dll
2012-07-13 02:12:17 2048    ----a-w-    C:\Windows\System32\msxml3r.dll
2012-07-13 02:12:17 2004480 ----a-w-    C:\Windows\System32\msxml6.dll
2012-07-13 02:12:17 1881600 ----a-w-    C:\Windows\System32\msxml3.dll
2012-07-13 02:12:17 1390080 ----a-w-    C:\Windows\SysWow64\msxml6.dll
2012-07-13 02:12:17 1236992 ----a-w-    C:\Windows\SysWow64\msxml3.dll
2012-07-13 02:12:12 9013136 ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{AF90098C-8766-413F-A65E-0E4A532AF8EE}\mpengine.dll
2012-07-13 02:10:56 805376  ----a-w-    C:\Windows\SysWow64\cdosys.dll
2012-07-13 02:10:56 495616  ----a-w-    C:\Program Files\Common Files\System\ado\msadox.dll
2012-07-13 02:10:56 466944  ----a-w-    C:\Program Files\Common Files\System\ado\msadomd.dll
2012-07-13 02:10:56 352256  ----a-w-    C:\Program Files (x86)\Common Files\System\ado\msadomd.dll
2012-07-13 02:10:56 258048  ----a-w-    C:\Program Files\Common Files\System\msadc\msadco.dll
2012-07-13 02:10:56 1499136 ----a-w-    C:\Program Files\Common Files\System\ado\msado15.dll
2012-07-13 02:10:56 1019904 ----a-w-    C:\Program Files (x86)\Common Files\System\ado\msado15.dll
2012-07-13 02:10:55 61440   ----a-w-    C:\Program Files\Common Files\System\ado\msador15.dll
2012-07-13 02:10:55 57344   ----a-w-    C:\Program Files (x86)\Common Files\System\ado\msador15.dll
2012-07-13 02:10:55 372736  ----a-w-    C:\Program Files (x86)\Common Files\System\ado\msadox.dll
2012-07-13 02:10:55 212992  ----a-w-    C:\Program Files (x86)\Common Files\System\msadc\msadco.dll
2012-07-13 02:10:55 143360  ----a-w-    C:\Program Files (x86)\Common Files\System\ado\msjro.dll
2012-07-13 02:10:55 1133568 ----a-w-    C:\Windows\System32\cdosys.dll
.
==================== Find3M  ====================
.
2012-08-05 16:42:13 70344   ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-05 16:42:13 426184  ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-02 22:15:31 2622464 ----a-w-    C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840   ----a-w-    C:\Windows\System32\wudriver.dll
2012-06-02 19:19:42 186752  ----a-w-    C:\Windows\System32\wuwebv.dll
2012-06-02 19:15:12 36864   ----a-w-    C:\Windows\System32\wuapp.exe
2012-06-02 12:12:17 2311680 ----a-w-    C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w-    C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w-    C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056  ----a-w-    C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w-    C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w-    C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w-    C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848  ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:50:10 458704  ----a-w-    C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600   ----a-w-    C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920  ----a-w-    C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992  ----a-w-    C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200  ----a-w-    C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016   ----a-w-    C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280  ----a-w-    C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136  ----a-w-    C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768   ----a-w-    C:\Windows\SysWow64\sspicli.dll
2012-05-27 14:18:20 52224   ----a-w-    C:\Windows\ipuninst.exe
2012-05-27 11:01:27 476960  ----a-w-    C:\Windows\SysWow64\npdeployJava1.dll
2012-05-27 11:01:27 472864  ----a-w-    C:\Windows\SysWow64\deployJava1.dll
.
============= FINISH: 17:22:07.61 ===============




.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional 
Boot Device: \Device\HarddiskVolume1
Install Date: 9/14/2009 10:40:56 PM
System Uptime: 8/5/2012 5:12:13 PM (0 hours ago)
.
Motherboard: http://www.abit.com.tw/ |  | IP35-E  (Intel P35+ICH9/R)
Processor: Intel(R) Core(TM)2 Quad CPU           @ 2.40GHz | Socket 775 | 2448/272mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 441 GiB total, 68.163 GiB free.
D: is FIXED (NTFS) - 596 GiB total, 5.571 GiB free.
E: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e96c-e325-11ce-bfc1-08002be10318}
Description: Parallel Port Joystick Bus Enumerator
Device ID: ROOT\MEDIA\0001
Manufacturer: Deon van der Westhuysen
Name: Parallel Port Joystick Bus Enumerator
PNP Device ID: ROOT\MEDIA\0001
Service: PPJoyBus
.
==== System Restore Points ===================
.
RP566: 7/18/2012 7:18:22 PM - ComboFix created restore point
RP567: 7/19/2012 5:55:42 PM - Removed Java(TM) 6 Update 32
RP568: 7/19/2012 5:57:08 PM - Removed Java(TM) 7 (64-bit)
RP569: 7/19/2012 5:59:30 PM - Removed Java(TM) SE Development Kit 7 (64-bit)
RP570: 7/21/2012 3:37:54 PM - ComboFix created restore point
RP571: 7/30/2012 10:22:36 AM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Alien Swarm
Alpha Protocol
Android SDK Tools
ARMA 2: Operation Arrowhead
ArmageddonEmpires
Avira Free Antivirus
Batman: Arkham Asylum
Battlefield: Bad Company™ 2
BioShock
CDBurnerXP
CDisplayEx 1.8
Character Builder
Commandos: Behind Enemy Lines
Crysis(R)
Day of Defeat: Source
Deus Ex
Deus Ex - HDTP
Download Manager 2.3.9
Dragon Age II
Dual-Core Optimizer
Fallout
Fallout 2
Fallout 2 Unofficial Patch 1.02.27.3
Fallout 3
Fallout New Vegas
FileZilla Client 3.5.3
Foxit Reader 5.1
GIMP 2.6.11
Grand Theft Auto IV
Grand Theft Auto: Episodes From Liberty City
Half-Life 2: Episode Two
Hi-Rez Studios Authenticate and Update Service
HiJackThis
HP USB Disk Storage Format Tool
ImgBurn
K-Lite Codec Pack 8.8.0 (Full)
Left 4 Dead 2
Left 4 Dead 2 Add-on Support
Mafia II
Malwarebytes Anti-Malware version 1.62.0.1300
Mass Effect
Mass Effect 2
Mass Effect™ 3
MATLAB Student R2009a
Microsoft Crimson Skies
Microsoft Flight
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Mirror's Edge™
MTX
MTXExtractor
Mumble 1.2.3
NirSoft ProduKey
Notepad++
NVIDIA 3D Vision Controller Driver
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
OpenAL
OpenOffice.org 3.1
Origin
Parallel Port Joystick
PFPortChecker 1.0.39
PJP's JoyIDs
Portal 2
PowerISO
PPJoy Joystick Driver 0.8.4.5
PunkBuster Services
Red Faction: Guerrilla 
RunAlyzer
S.T.A.L.K.E.R. - Call of Pripyat [v1.6.02]
S.T.A.L.K.E.R. - Shadow of Chernobyl [v1.0005]
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
SimpleOCR 3.1
Skype™ 5.10
Smart Mod Manager
Source SDK Base 2007
Spybot - Search & Destroy
SpywareBlaster 4.6
Star Wars - Jedi Knight II: Jedi Outcast
Star Wars - Jedi Knight: Mysteries of the Sith
Star Wars Jedi Knight: Dark Forces II
Star Wars X-Wing Alliance
Star Wars: Dark Forces
Steam
Tribes Ascend Closed Beta
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Ventrilo Client
VLC media player 1.0.0
VobSub v2.23 (Remove Only)
VoiceOver Kit
WinSCP 4.3.1 beta
Wireshark 1.6.2
X-COM: UFO Defense
X3 Terran Conflict v3.0
XviD MPEG4 Video Codec (remove only)
.
==== Event Viewer Messages From Past Week ========
.
8/5/2012 2:09:28 PM, Error: Service Control Manager [7023]  - The Peer Name Resolution Protocol service terminated with the following error:  %%-2140993535
8/5/2012 2:09:28 PM, Error: Service Control Manager [7001]  - The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:  %%-2140993535
8/5/2012 2:09:28 PM, Error: Microsoft-Windows-PNRPSvc [102]  - The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.
8/2/2012 7:55:14 AM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:  An instance of the service is already running.
8/2/2012 7:54:44 AM, Error: Service Control Manager [7031]  - The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
8/2/2012 7:54:44 AM, Error: Service Control Manager [7024]  - The Windows Search service terminated with service-specific error %%-1073473535.
7/30/2012 7:38:27 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000007f (0x0000000000000008, 0x0000000080050031, 0x00000000000006f8, 0xfffff8000307d1a9). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 073012-25708-01.
7/30/2012 6:36:22 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000001a (0x0000000000041201, 0xfffff68000005d10, 0x0520000052aad005, 0xfffffa8002c1e2e0). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 073012-24008-01.
7/30/2012 12:04:06 PM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk1\DR1.
.
==== End Of File ===========================
  • 2 Contributors
  • 3 Replies
  • 340 Views
  • 3 Hours Discussion Span
  • Latest Post Latest Post by JorgeM

Recommended Answers

All 3 Replies

Member Avatar for JorgeM

Try hitman pro. In any case, if you do feel that you have a rootkit, why not just wipe the hard drive and install a fresh copy of the OS. Organize your drive by seperating the OS and data on different drives, or at the very least, different partitions so when you reinstall the OS, you dont touch the partition where your data is located. this makes it much easier to reinstall, install new operating systems.

Member Avatar for BobGenghis

I ran HitmanPro, it found that my MBR was infected. I restarted and ran HitmanPro again, it no longer detects an MBR infection. I am not sure yet if my problem is fully solved, though.

[code]
HitmanPro 3.6.1.163
www.hitmanpro.com

   Computer name . . . . : NO-PC
   Windows . . . . . . . : 6.1.1.7601.X64/4
   User name . . . . . . : no-PC\no
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Trial (30 days left)

   Scan date . . . . . . : 2012-08-05 19:30:37
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 5m 40s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : Yes

   Threats . . . . . . . : 1
   Traces  . . . . . . . : 12

   Objects scanned . . . : 2,352,512
   Files scanned . . . . : 42,017
   Remnants scanned  . . : 637,270 files / 1,673,225 keys

Miniport ____________________________________________________________________

   Primary
      DriverObject . . . : FFFFFA800328B610
      DriverName . . . . : \Driver\atapi
      DriverPath . . . . : \SystemRoot\system32\drivers\atapi.sys
      StartIo  . . . . . : 0000000000000000 +0
      IRP_MJ_SCSI  . . . : FFFFFA800352C334 +0
   Solution
      DriverObject . . . : FFFFFA800328B610
      DriverName . . . . : \Driver\atapi
      DriverPath . . . . : \SystemRoot\system32\drivers\atapi.sys
      StartIo  . . . . . : 0000000000000000 +0
      IRP_MJ_SCSI  . . . : FFFFF880010FC4D8 \SystemRoot\system32\drivers\ataport.SYS+29912

Malware _____________________________________________________________________

   Master Boot Record (sector 0)

    > G Data . . . . . . : MBR:SST [Rtk]
    > Ikarus . . . . . . : Rootkit.Boot.Sst!IK
    > HitmanPro  . . . . : Win64/Bootkit

      Partition Type    LBA Number of sectors
      0*    07  63  924803190
      1     05  924813855   51954210
      2     00  0   0
      3     00  0   0

      0000  31 C0 8E D0 BC 00 7C 0E 1F 0E 07 66 60 88 16 00  1.....|....f`...
      0010  7E C6 06 04 7E 1E B4 48 BE 04 7E CD 13 B0 50 0F  ~...~..H..~...P.
      0020  82 7B 01 81 2E 13 04 14 00 A1 13 04 C1 E0 06 A3  .{..............
      0030  02 7E 81 EC 0E 00 68 10 00 89 E5 BE A1 7D B9 05  .~....h......}..
      0040  00 66 31 DB E8 F8 00 FF 36 02 7E 07 8C 46 06 8C  .f1.....6.~..F..
      0050  5E 04 E8 09 00 81 C4 10 00 66 61 06 1E CB 66 60  ^........fa...f`
      0060  57 66 FF 36 14 7E 66 8F 46 08 66 FF 36 18 7E 66  Wf.6.~f.F.f.6.~f
      0070  8F 46 0C 66 8B 45 10 66 40 66 29 46 08 66 19 5E  .F.f.E.f@f)F.f.^
      0080  0C 8B 45 14 89 46 02 B4 42 8A 16 00 7E 89 EE CD  ..E..F..B...~...
      0090  13 B0 52 0F 82 07 01 31 C0 BA 04 04 BE B2 7D 88  ..R....1......}.
      00A0  9F 42 7E FE C3 75 F8 8A 8F 42 7E 02 04 E8 7E 00  .B~..u...B~...~.
      00B0  46 FE CE 75 04 29 D6 88 D6 FE C3 75 EA 31 C0 89  F..u.).....u.1..
      00C0  C3 8B 56 02 C1 E2 09 8B 76 04 FE C3 8A 8F 42 7E  ..V.....v.....B~
      00D0  E8 5B 00 00 E9 30 ED 89 CF 8A 8D 42 7E 26 30 0C  .[...0.....B~&0.
      00E0  46 4A 75 E6 5F 66 8B 4D 18 66 0F B7 56 04 81 F9  FJu._f.M.f..V...
      00F0  FF 7F B0 53 0F 87 A6 00 66 FF 75 1C 66 31 C0 66  ...S....f.u.f1.f
      0100  89 45 1C 66 F7 D0 26 67 32 02 66 42 B3 08 66 D1  .E.f..&g2.fB..f.
      0110  E8 73 06 66 35 20 83 B8 ED FE CB 75 F1 E2 E7 66  .s.f5 .....u...f
      0120  F7 D0 66 5B 66 39 D8 B0 43 75 73 66 61 C3 00 C8  ..f[f9..Cusfa...
      0130  89 C7 8A AD 42 7E 88 AF 42 7E 88 8D 42 7E C3 66  ....B~..B~..B~.f
      0140  60 BF 00 80 8C 4E 06 89 7E 04 66 89 D8 40 89 45  `....N..~.f..@.E
      0150  14 66 0F B7 06 B6 7D 66 89 45 10 B8 20 00 E8 FD  .f....}f.E.. ...
      0160  FE 8B 7E 04 8B 55 18 FC 60 F3 A6 81 7D FE 5C 00  ..~..U..`...}.\.
      0170  74 0E E3 0E 61 01 C7 29 C2 77 ED B0 4E E9 1E 00  t...a..).w..N...
      0180  41 4E 5F 81 C4 0E 00 60 89 FE BF 22 7E 59 57 89  AN_....`..."~YW.
      0190  C1 F3 A4 61 E3 03 E9 C5 FF 59 57 66 61 C3 F4 EB  ...a.....YWfa...
      01A0  FD 5C 62 6F 6F 74 00 00 00 00 00 00 00 00 00 00  .\boot..........
      01B0  00 00 12 6C 35 4B 91 EE DD B6 9F A0 00 00 80 01  ...l5K..........
      01C0  01 00 07 FE FF FF 3F 00 00 00 76 60 1F 37 00 FE  ......?...v`.7..
      01D0  FF FF 05 FE FF FF 1F 8A 1F 37 22 C2 18 03 00 00  .........7".....
      01E0  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
      01F0  00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA  ..............U.



Suspicious files ____________________________________________________________

   C:\Users\no\AppData\Local\PunkBuster\BC2\pb\dll\wc002220.dll
      Size . . . . . . . : 899,576 bytes
      Age  . . . . . . . : 825.9 days (2010-05-02 21:20:15)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : FC8930F99A9D1B394B5A55BD7D95306E4A6BD27F67A8A4768A875C48A1DCAD1E
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\no\AppData\Local\PunkBuster\BC2\pb\dll\wc002261.dll
      Size . . . . . . . : 951,318 bytes
      Age  . . . . . . . : 605.1 days (2010-12-09 18:08:13)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 07F342FC49BF00281C514B364399E7FD98C36888DF680304C7807C827336E939
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\no\AppData\Local\PunkBuster\BC2\pb\dll\wc002272.dll
      Size . . . . . . . : 953,145 bytes
      Age  . . . . . . . : 441.9 days (2011-05-21 21:00:14)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : E1C07F31EC35315E00F8AB0BE5C4F80DD9AAEBEE7E760BBF9AFCC02D35BEBF2F
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\no\AppData\Local\PunkBuster\BC2\pb\dll\wc002277.dll
      Size . . . . . . . : 960,138 bytes
      Age  . . . . . . . : 368.1 days (2011-08-03 16:10:56)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 70053EEA7AC3C1427D779B3F258A13CF74B02980DCDDEFBC24B341CFFA1E4AA2
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\no\AppData\Local\PunkBuster\BC2\pb\pbcl.dll
      Size . . . . . . . : 960,138 bytes
      Age  . . . . . . . : 915.9 days (2010-02-01 21:03:03)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 70053EEA7AC3C1427D779B3F258A13CF74B02980DCDDEFBC24B341CFFA1E4AA2
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\no\AppData\Local\PunkBuster\BC2\pb\pbclold.dll
      Size . . . . . . . : 960,138 bytes
      Age  . . . . . . . : 915.9 days (2010-02-01 21:03:03)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 70053EEA7AC3C1427D779B3F258A13CF74B02980DCDDEFBC24B341CFFA1E4AA2
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\no\AppData\Local\PunkBuster\COD4\pb\dll\wc002235.dll
      Size . . . . . . . : 914,287 bytes
      Age  . . . . . . . : 633.0 days (2010-11-11 19:06:46)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 36785D9C76A976FEF10D484009C2DDD33375EEC19C3E42A30D0571EC7C866B00
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\no\AppData\Local\PunkBuster\COD4\pb\dll\wc002242.dll
      Size . . . . . . . : 920,039 bytes
      Age  . . . . . . . : 632.1 days (2010-11-12 16:55:32)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 577B73AAA07D4F7EF8347D14D50D77F6F40FC626D0CEAC701C5532A05A58D937
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\no\AppData\Local\PunkBuster\COD4\pb\pbcl.dll
      Size . . . . . . . : 920,039 bytes
      Age  . . . . . . . : 1055.8 days (2009-09-15 00:19:59)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 577B73AAA07D4F7EF8347D14D50D77F6F40FC626D0CEAC701C5532A05A58D937
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\no\AppData\Local\PunkBuster\COD4\pb\pbclold.dll
      Size . . . . . . . : 914,287 bytes
      Age  . . . . . . . : 1055.8 days (2009-09-15 00:19:59)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 36785D9C76A976FEF10D484009C2DDD33375EEC19C3E42A30D0571EC7C866B00
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\no\AppData\Local\PunkBuster\COD4\pb\PnkBstrK.sys
      Size . . . . . . . : 138,904 bytes
      Age  . . . . . . . : 1055.8 days (2009-09-15 00:32:03)
      Entropy  . . . . . : 7.7
      SHA-256  . . . . . : 46F97C50ABA091B1107B9F2E0B5319D7F855809232C0D554A77AF41F79402100
      RSA Key Size . . . : 1024
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         The file is a device driver. Device drivers run as trusted (highly privileged) code.
         Program is code signed with a valid Authenticode certificate.



[/code]
Edited by BobGenghis because: log
Member Avatar for JorgeM

yeah, while Malwarebytes does a pretty good job over standard AV client, my experience is that hitman pro in conjuction with malwarebytes does an excellent job. Your probably OK now, but there is no way to be guaranteed with any product...there are as good as what they can detect.

The only way to be 100% sure is to wipe the drive and start from scratch.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.