The Hitman Pro logs -
=======================
=======================
Code:
HitmanPro 3.6.2.171
www.hitmanpro.com
Computer name . . . . : LALITMAMTA-PC
Windows . . . . . . . : 6.0.1.6001.X86/2
User name . . . . . . : LalitMamta-PC\lalit
UAC . . . . . . . . . : Disabled
License . . . . . . . : Trial (29 days left)
Scan date . . . . . . : 2012-10-15 00:01:30
Scan mode . . . . . . : Normal
Scan duration . . . . : 13m 30s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : Yes
Threats . . . . . . . : 1
Traces . . . . . . . : 86
Objects scanned . . . : 2,419,233
Files scanned . . . . : 53,291
Remnants scanned . . : 1,024,993 files / 1,340,949 keys
Miniport ____________________________________________________________________
Primary
DriverObject . . . : 8651BD18
DriverName . . . . : \Driver\atapi
DriverPath . . . . : \SystemRoot\system32\drivers\atapi.sys
StartIo . . . . . : 00000000 +0
IRP_MJ_SCSI . . . : 86702178 +0
Solution
DriverObject . . . : 8651BD18
DriverName . . . . : \Driver\atapi
DriverPath . . . . : \SystemRoot\system32\drivers\atapi.sys
StartIo . . . . . : 00000000 +0
IRP_MJ_SCSI . . . : 807AB9A8 \SystemRoot\system32\drivers\ataport.SYS+18856
Malware _____________________________________________________________________
Master Boot Record (sector 0)
> HitmanPro . . . . : Win32/Bootkit
Partition Type LBA Number of sectors
0 27 2048 3072000
1 07 3074048 309506048
2* 17 312581792 16
3 00 0 0
0000 33 C0 8E D0 BC 00 7C 8E C0 8E D8 BE 00 7C BF 00 3.....|......|..
0010 06 B9 00 02 FC F3 A4 50 68 1C 06 CB FB B9 04 00 .......Ph.......
0020 BD BE 07 80 7E 00 00 7C 0B 0F 85 10 01 83 C5 10 ....~..|........
0030 E2 F1 CD 18 88 56 00 55 C6 46 11 05 C6 46 10 00 .....V.U.F...F..
0040 B4 41 BB AA 55 CD 13 5D 72 0F 81 FB 55 AA 75 09 .A..U..]r...U.u.
0050 F7 C1 01 00 74 03 FE 46 10 66 60 80 7E 10 00 74 ....t..F.f`.~..t
0060 26 66 68 00 00 00 00 66 FF 76 08 68 00 00 68 00 &fh....f.v.h..h.
0070 7C 68 01 00 68 10 00 B4 42 8A 56 00 8B F4 CD 13 |h..h...B.V.....
0080 9F 83 C4 10 9E EB 14 B8 01 02 BB 00 7C 8A 56 00 ............|.V.
0090 8A 76 01 8A 4E 02 8A 6E 03 CD 13 66 61 73 1E FE .v..N..n...fas..
00A0 4E 11 0F 85 0C 00 80 7E 00 80 0F 84 8A 00 B2 80 N......~........
00B0 EB 82 55 32 E4 8A 56 00 CD 13 5D EB 9C 81 3E FE ..U2..V...]...>.
00C0 7D 55 AA 75 6E FF 76 00 E8 8A 00 0F 85 15 00 B0 }U.un.v.........
00D0 D1 E6 64 E8 7F 00 B0 DF E6 60 E8 78 00 B0 FF E6 ..d......`.x....
00E0 64 E8 71 00 B8 00 BB CD 1A 66 23 C0 75 3B 66 81 d.q......f#.u;f.
00F0 FB 54 43 50 41 75 32 81 F9 02 01 72 2C 66 68 07 .TCPAu2....r,fh.
0100 BB 00 00 66 68 00 02 00 00 66 68 08 00 00 00 66 ...fh....fh....f
0110 53 66 53 66 55 66 68 00 00 00 00 66 68 00 7C 00 SfSfUfh....fh.|.
0120 00 66 61 68 00 00 07 CD 1A 5A 32 F6 EA 00 7C 00 .fah.....Z2...|.
0130 00 CD 18 A0 B7 07 EB 08 A0 B6 07 EB 03 A0 B5 07 ................
0140 32 E4 05 00 07 8B F0 AC 3C 00 74 FC BB 07 00 B4 2.......<.t.....
0150 0E CD 10 EB F2 2B C9 E4 64 EB 00 24 02 E0 F8 24 .....+..d..$...$
0160 02 C3 49 6E 76 61 6C 69 64 20 70 61 72 74 69 74 ..Invalid partit
0170 69 6F 6E 20 74 61 62 6C 65 00 45 72 72 6F 72 20 ion table.Error
0180 6C 6F 61 64 69 6E 67 20 6F 70 65 72 61 74 69 6E loading operatin
0190 67 20 73 79 73 74 65 6D 00 4D 69 73 73 69 6E 67 g system.Missing
01A0 20 6F 70 65 72 61 74 69 6E 67 20 73 79 73 74 65 operating syste
01B0 6D 00 00 00 00 00 00 00 62 39 63 39 00 00 00 20 m.......b9c9...
01C0 21 00 27 59 1A BF 00 08 00 00 00 E0 2E 00 00 59 !.'Y...........Y
01D0 1B BF 07 FE FF FF 00 E8 2E 00 00 B0 72 12 80 FE ............r...
01E0 FF FF 17 FE FF FF A0 9E A1 12 10 00 00 00 00 00 ................
01F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA ..............U.
Volume Boot Record (Sector 312581792)
C:$VBR_312581792
C:\Windows\FeedingFrenzy.scr -> Quarantined
Size . . . . . . . : 811,008 bytes
Age . . . . . . . : 2977.3 days (2004-08-20 18:00:00)
Entropy . . . . . : 6.5
SHA-256 . . . . . : 6B66E7CA71FB76B04E9E3339E1C9D7A83BC6E3AB23678DA3931B2ED7FC10EA0E
Product . . . . . : Feeding Frenzy
Publisher . . . . : Sprout Games, LLC
Description . . . : Feeding Frenzy
Version . . . . . : 2.4.2.2
Copyright . . . . : Copyright © 2004 Sprout Games, LLC
> Ikarus . . . . . . : Trojan-Downloader.SuspectCRC!IK
Fuzzy . . . . . . : 102.0
Cookies _____________________________________________________________________
C:\Users\lalit\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.yabuka.com
C:\Users\lalit\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.yieldmanager.com
C:\Users\lalit\AppData\Local\Google\Chrome\User Data\Default\Cookies:adbrite.com
C:\Users\lalit\AppData\Local\Google\Chrome\User Data\Default\Cookies:adinterax.com
C:\Users\lalit\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtech.de
C:\Users\lalit\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com
C:\Users\lalit\AppData\Local\Google\Chrome\User Data\Default\Cookies:at.atwola.com
C:\Users\lalit\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
C:\Users\lalit\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com
C:\Users\lalit\AppData\Local\Google\Chrome\User Data\Default\Cookies:collective-media.net
C:\Users\lalit\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
C:\Users\lalit\AppData\Local\Google\Chrome\User Data\Default\Cookies:invitemedia.com
C:\Users\lalit\AppData\Local\Google\Chrome\User Data\Default\Cookies:premiumtv.122.2o7.net
C:\Users\lalit\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net
C:\Users\lalit\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com
C:\Users\lalit\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com
C:\Users\lalit\AppData\Local\Google\Chrome\User Data\Default\Cookies:statcounter.com
C:\Users\lalit\AppData\Local\Google\Chrome\User Data\Default\Cookies:yieldmanager.net
C:\Users\lalit\AppData\Local\Google\Chrome\User Data\Default\Cookies:zedo.com
C:\Users\lalit\AppData\Roaming\Microsoft\Windows\Cookies\lalit@ad.yieldmanager[6].txt
C:\Users\lalit\AppData\Roaming\Microsoft\Windows\Cookies\lalit@adinterax[1].txt
C:\Users\lalit\AppData\Roaming\Microsoft\Windows\Cookies\lalit@atdmt[2].txt
C:\Users\lalit\AppData\Roaming\Microsoft\Windows\Cookies\lalit@c1.atdmt[1].txt
C:\Users\lalit\AppData\Roaming\Microsoft\Windows\Cookies\lalit@in.getclicky[1].txt
C:\Users\lalit\AppData\Roaming\Microsoft\Windows\Cookies\lalit@microsoftsto.112.2o7[2].txt
C:\Users\lalit\AppData\Roaming\Microsoft\Windows\Cookies\lalit@overture[3].txt
C:\Users\lalit\AppData\Roaming\Microsoft\Windows\Cookies\lalit@questionmarket[2].txt
C:\Users\lalit\AppData\Roaming\Microsoft\Windows\Cookies\lalit@tradedoubler[2].txt
C:\Users\lalit\AppData\Roaming\Microsoft\Windows\Cookies\lalit@tribalfusion[2].txt
C:\Users\LalitMamta\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.adperium.com
C:\Users\LalitMamta\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.yieldmanager.com
C:\Users\LalitMamta\AppData\Local\Google\Chrome\User Data\Default\Cookies:adbrite.com
C:\Users\LalitMamta\AppData\Local\Google\Chrome\User Data\Default\Cookies:adinterax.com
C:\Users\LalitMamta\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.adk2.com
C:\Users\LalitMamta\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.allaboutvision.com
C:\Users\LalitMamta\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.cpxcenter.com
C:\Users\LalitMamta\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.iadserving.com
C:\Users\LalitMamta\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.ibibo.com
C:\Users\LalitMamta\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.lzjl.com
C:\Users\LalitMamta\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.ozonemedia.co.in
C:\Users\LalitMamta\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.songspk.pk
C:\Users\LalitMamta\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.sun.com
C:\Users\LalitMamta\AppData\Local\Google\Chrome\User Data\Default\Cookies:adserver.adreactor.com
C:\Users\LalitMamta\AppData\Local\Google\Chrome\User Data\Default\Cookies:adserver.adtechus.com
C:\Users\LalitMamta\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtech.de
C:\Users\LalitMamta\AppData\Local\Google\Chrome\User Data\Default\Cookies:adviva.net
C:\Users\LalitMamta\AppData\Local\Google\Chrome\User Data\Default\Cookies:apmebf.com
C:\Users\LalitMamta\AppData\Local\Google\Chrome\User Data\Default\Cookies:at.atwola.com
C:\Users\LalitMamta\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
C:\Users\LalitMamta\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com
C:\Users\LalitMamta\AppData\Local\Google\Chrome\User Data\Default\Cookies:clicksor.com
C:\Users\LalitMamta\AppData\Local\Google\Chrome\User Data\Default\Cookies:dmtracker.com
C:\Users\LalitMamta\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
C:\Users\LalitMamta\AppData\Local\Google\Chrome\User Data\Default\Cookies:fastclick.net
C:\Users\LalitMamta\AppData\Local\Google\Chrome\User Data\Default\Cookies:gmap.112.2o7.net
C:\Users\LalitMamta\AppData\Local\Google\Chrome\User Data\Default\Cookies:h.atdmt.com
C:\Users\LalitMamta\AppData\Local\Google\Chrome\User Data\Default\Cookies:invitemedia.com
C:\Users\LalitMamta\AppData\Local\Google\Chrome\User Data\Default\Cookies:kontera.com
C:\Users\LalitMamta\AppData\Local\Google\Chrome\User Data\Default\Cookies:mm.chitika.net
C:\Users\LalitMamta\AppData\Local\Google\Chrome\User Data\Default\Cookies:myroitracking.com
C:\Users\LalitMamta\AppData\Local\Google\Chrome\User Data\Default\Cookies:overture.com
C:\Users\LalitMamta\AppData\Local\Google\Chrome\User Data\Default\Cookies:questionmarket.com
C:\Users\LalitMamta\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net
C:\Users\LalitMamta\AppData\Local\Google\Chrome\User Data\Default\Cookies:rochediagnostics.solution.weborama.fr
C:\Users\LalitMamta\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com
C:\Users\LalitMamta\AppData\Local\Google\Chrome\User Data\Default\Cookies:server.cpmstar.com
C:\Users\LalitMamta\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com
C:\Users\LalitMamta\AppData\Local\Google\Chrome\User Data\Default\Cookies:specificclick.net
C:\Users\LalitMamta\AppData\Local\Google\Chrome\User Data\Default\Cookies:statcounter.com
C:\Users\LalitMamta\AppData\Local\Google\Chrome\User Data\Default\Cookies:statse.webtrendslive.com
C:\Users\LalitMamta\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.in.omgpm.com
C:\Users\LalitMamta\AppData\Local\Google\Chrome\User Data\Default\Cookies:tribalfusion.com
C:\Users\LalitMamta\AppData\Local\Google\Chrome\User Data\Default\Cookies:weborama.fr
C:\Users\LalitMamta\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.googleadservices.com
C:\Users\LalitMamta\AppData\Local\Google\Chrome\User Data\Default\Cookies:xiti.com
C:\Users\LalitMamta\AppData\Local\Google\Chrome\User Data\Default\Cookies:yadro.ru
C:\Users\LalitMamta\AppData\Local\Google\Chrome\User Data\Default\Cookies:yieldmanager.net
C:\Users\LalitMamta\AppData\Local\Google\Chrome\User Data\Default\Cookies:zedo.com
C:\Users\Vijay\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.yieldmanager.com
C:\Users\Vijay\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com
C:\Users\Vijay\AppData\Local\Google\Chrome\User Data\Default\Cookies:at.atwola.com
C:\Users\Vijay\AppData\Local\Google\Chrome\User Data\Default\Cookies:content.yieldmanager.com
C:\Users\Vijay\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
C:\Users\Vijay\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net
C:\Users\Vijay\AppData\Local\Google\Chrome\User Data\Default\Cookies:tacoda.at.atwola.com