Piriform Community Forums

Piriform Community Forums > Computer Help and Discussion > Spyware Hell

cjtex61

Aug 4 2009, 06:28 AM

Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows XP . (5.1.2600) Service Pack 2
[32_bits] - x86 Family 15 Model 0 Stepping 7, GenuineIntel
.
[wscsvc] STOPPED (state:1) : Security Center -> Disabled !
[SharedAccess] STOPPED (state:1) : Windows Firewall -> Disabled !
.
Internet Explorer 7.0.5730.11
.
A:\ [Removable]
C:\ [Fixed-NTFS] .. ( Total:18 Go - Free:3 Go )
D:\ [Removable]
E:\ [CD_Rom]
G:\ [Removable]
.
Scan : 01:26.42
Path : C:\Documents and Settings\Administrator\Desktop\PIRIFORMhelp\Rooter.exe
User : Administrator ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
______ System (4)
______ \SystemRoot\System32\smss.exe (488)
______ \??\C:\WINDOWS\system32\csrss.exe (536)
______ \??\C:\WINDOWS\system32\winlogon.exe (560)
______ C:\WINDOWS\system32\services.exe (604)
______ C:\WINDOWS\system32\lsass.exe (616)
______ C:\WINDOWS\system32\svchost.exe (772)
______ C:\WINDOWS\system32\svchost.exe (828)
______ C:\WINDOWS\System32\svchost.exe (896)
______ C:\WINDOWS\system32\svchost.exe (956)
______ C:\WINDOWS\system32\svchost.exe (1040)
______ C:\WINDOWS\system32\spoolsv.exe (1244)
______ C:\WINDOWS\system32\svchost.exe (1332)
______ C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (1444)
______ C:\Program Files\Bonjour\mDNSResponder.exe (1604)
______ C:\WINDOWS\Explorer.EXE (1648)
______ C:\WINDOWS\system32\CTsvcCDA.EXE (1692)
______ C:\Program Files\Java\jre6\bin\jqs.exe (1764)
______ C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (1824)
______ C:\Program Files\OpenDNS Updater\OpenDNS Updater.exe (1856)
______ C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe (1948)
______ C:\WINDOWS\system32\svchost.exe (2020)
______ C:\WINDOWS\system32\MsPMSPSv.exe (236)
______ C:\Program Files\Canon\CAL\CALMAIN.exe (936)
______ C:\WINDOWS\system32\ctfmon.exe (1424)
______ C:\Program Files\Logitech\iTouch\iTouch.exe (1684)
______ C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe (1592)
______ C:\Program Files\Common Files\Real\Update_OB\realsched.exe (1884)
______ C:\Program Files\Java\jre6\bin\jusched.exe (1960)
______ C:\Program Files\QuickTime\QTTask.exe (2052)
______ C:\PROGRA~1\Yahoo!\browser\ycommon.exe (2064)
______ C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe (2100)
______ C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe (2176)
______ C:\Program Files\iTunes\iTunesHelper.exe (2228)
______ C:\Program Files\Logitech\MouseWare\system\em_exec.exe (2300)
______ C:\Program Files\Messenger\msmsgs.exe (2340)
______ C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe (2368)
______ C:\Program Files\iPod\bin\iPodService.exe (2416)
______ C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe (2480)
______ C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe (2504)
______ C:\Program Files\Quicken\bagent.exe (2560)
______ C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe (2584)
______ C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe (2856)
______ C:\Program Files\Mozilla Firefox\firefox.exe (2964)
______ C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE (3332)
______ C:\Documents and Settings\Administrator\Desktop\PIRIFORMhelp\Rooter.exe (3528)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:32256 | Length:20012073984)
.
----------------------\\ Scheduled Tasks
.
C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
C:\WINDOWS\Tasks\desktop.ini
C:\WINDOWS\Tasks\Google Software Updater.job
C:\WINDOWS\Tasks\SA.DAT
C:\WINDOWS\Tasks\WGASetup.job
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 01:27.08
.
C:\Rooter$\Rooter_1.txt - (04/08/2009 | 01:27.08)

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.