Help
thank you so much for your time!
This post has been edited by hamluis: 19 July 2011 - 03:49 PM
Reason for edit: Moved to AII from XP.
Page 1 of 1
Computer Virus'? Uncertain if infected
#1
- New Member
-
- Group: Members
- Posts: 9
- Joined: 19-July 11
Posted 19 July 2011 - 03:22 PM
I am working on fixing a Dell Inspiron Laptop with Windows 7 Home Premium x64. The user clicked on an e-mail that looked valid but was not. I ran Malware Bytes and it found nothing, I ran System Analyzer and it found a hefty amount of items where it said Deletion Failed. for example it has lines like this: Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\en-US\fsquirt.exe.mui and I noticed a large amount of files with a .mui extension listed on them. I have the text file report and can paste all of the information if needed. I can't find much on if the detected files are bad but you never know so I am asking for help. any responses would be fantastic
thank you so much for your time!
thank you so much for your time!
Back to top
#2
- Bleepin Madman
-
- Group: BC Advisor
- Posts: 18,388
- Joined: 08-September 08
- Gender:Male
- Location:Catonsville, Md
Posted 19 July 2011 - 03:26 PM
can you post the logs from malwarebytes?
My work schedule is as follows: Mon and Tues 1800 to 0600, Friday - Sunday 1800EST to 0600, and Wednesday to Thursday 1800est to 0600. So if I do not respond right away I am at work.
----------------
If I am helping you, then Please Send Me a Message!with your thread link in it. This is only if I haven't replied back to you within 24 to 48 hours.
----------------
My Main Site || My Backup Site || steam://friends/add/cryptodan Add me to your Steam Friends.
#3
- Forum Addict
-
- Group: BC Advisor
- Posts: 5,784
- Joined: 12-January 11
- Gender:Male
- Location:New Jersey
Posted 19 July 2011 - 03:27 PM
I've asked a mod to move this to the appropriate forum. Please wait for a malware specialist to respond.
Admin, Tweaks.com Forums
#4
- New Member
-
- Group: Members
- Posts: 9
- Joined: 19-July 11
Posted 19 July 2011 - 04:20 PM
Malware Bytes did not find any infections but I will paste the log in here for you. It was Norton System Analyzer that found the multitudes of detected files. let me know if you want me to paste the analyzer log:
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org
Database version: 7204
Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385
7/19/2011 1:11:09 PM
mbam-log-2011-07-19 (13-11-09).txt
Scan type: Full scan (C:\|)
Objects scanned: 289690
Time elapsed: 32 minute(s), 56 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org
Database version: 7204
Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385
7/19/2011 1:11:09 PM
mbam-log-2011-07-19 (13-11-09).txt
Scan type: Full scan (C:\|)
Objects scanned: 289690
Time elapsed: 32 minute(s), 56 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
#5
- Bleepin Madman
-
- Group: BC Advisor
- Posts: 18,388
- Joined: 08-September 08
- Gender:Male
- Location:Catonsville, Md
Posted 19 July 2011 - 04:24 PM
SUPERAntiSpyware:
Now GMER
All scans above should be performed in regular boot mode, and if that is not possible then I will post instructions in a follow up reply on how to get into Safe Mode to perform the scans. Also all scans should be COMPLETE and not quick unless specifically instructed to do so.
Quote
Please download and scan with SUPERAntiSpyware Free
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.
Instructions:
Download and scan with SUPERAntiSpyware Free for Home Users
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.
- Double-click SUPERAntiSypware.exe and use the default settings for installation.
- An icon will be created on your desktop. Double-click that icon to launch the program.
- If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.
- If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
- In the Main Menu, click the Preferences... button.
- Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
- Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
- Close browsers before scanning.
- Scan for tracking cookies.
Scan with SUPERAntiSpyware as follows:[list] - Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
- On the left, make sure you check C:\Fixed Drive.
- On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
- After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
- Make sure everything has a checkmark next to it and click "Next".
- A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
- If asked if you want to reboot, click "Yes" and reboot normally.
- To retrieve the removal information after reboot, launch SUPERAntispyware again.[list]
- Click Preferences, then click the Statistics/Logs tab.
- Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
- If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
- Please copy and paste the Scan Log results in your next reply.
- Close browsers before scanning.
- Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.
Instructions:
Download and scan with SUPERAntiSpyware Free for Home Users
- Double-click SUPERAntiSpyware.exe and use the default settings for installation.
- An icon will be created on your desktop. Double-click that icon to launch the program.
- If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
- In the Main Menu, click the Preferences... button.
- Click the Scanning Control tab.
- Under Scanner Options make sure the following are checked (leave all others unchecked):
- Close browsers before scanning.
- Scan for tracking cookies.
- Terminate memory threats before quarantining.
- Close browsers before scanning.
- Click the "Close" button to leave the control center screen.
- Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
- On the left, make sure you check C:\Fixed Drive.
- On the right, under "Complete Scan", choose Perform Complete Scan.
- Click "Next" to start the scan. Please be patient while it scans your computer.
- After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
- Make sure everything has a checkmark next to it and click "Next".
- A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
- If asked if you want to reboot, click "Yes".
- To retrieve the removal information after reboot, launch SUPERAntispyware again.
- Click Preferences, then click the Statistics/Logs tab.
- Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
- If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
- Please copy and paste the Scan Log results in your next reply.
- Click Preferences, then click the Statistics/Logs tab.
- Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.
Now GMER
Quote
GMER does not work in 64bit Mode!!!!!!
Please download GMER from one of the following locations and save it to your desktop:
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning.
Please download GMER from one of the following locations and save it to your desktop:
- Main Mirror
This version will download a randomly named file (Recommended) - Zipped Mirror
This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
- Disconnect from the Internet and close all running programs.
- Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
- Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
- Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
- GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)
- If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
- Now click the Scan button. If you see a rootkit warning window, click OK.
- When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
- Click the Copy button and paste the results into your next reply.
- Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning.
All scans above should be performed in regular boot mode, and if that is not possible then I will post instructions in a follow up reply on how to get into Safe Mode to perform the scans. Also all scans should be COMPLETE and not quick unless specifically instructed to do so.
My work schedule is as follows: Mon and Tues 1800 to 0600, Friday - Sunday 1800EST to 0600, and Wednesday to Thursday 1800est to 0600. So if I do not respond right away I am at work.
----------------
If I am helping you, then Please Send Me a Message!with your thread link in it. This is only if I haven't replied back to you within 24 to 48 hours.
----------------
My Main Site || My Backup Site || steam://friends/add/cryptodan Add me to your Steam Friends.
#6
- New Member
-
- Group: Members
- Posts: 9
- Joined: 19-July 11
Posted 20 July 2011 - 09:21 AM
Both Super Anti Spyware and GMER found no infected files.
#7
- Bleepin Madman
-
- Group: BC Advisor
- Posts: 18,388
- Joined: 08-September 08
- Gender:Male
- Location:Catonsville, Md
Posted 20 July 2011 - 10:57 AM
Post the logs anyways.
My work schedule is as follows: Mon and Tues 1800 to 0600, Friday - Sunday 1800EST to 0600, and Wednesday to Thursday 1800est to 0600. So if I do not respond right away I am at work.
----------------
If I am helping you, then Please Send Me a Message!with your thread link in it. This is only if I haven't replied back to you within 24 to 48 hours.
----------------
My Main Site || My Backup Site || steam://friends/add/cryptodan Add me to your Steam Friends.
#8
- New Member
-
- Group: Members
- Posts: 9
- Joined: 19-July 11
Posted 20 July 2011 - 11:19 AM
There were no logs that it gave me to copy and paste, unless they are saved in a specific folder somewhere. Here is part of the one from Norton System Analyzer, going over it it looks like every file in the system32 directory
Webroot System Analyzer Command Line Interface
Copyright © 1997-2008 Webroot Software inc. All rights Reserved.
System Analyzer Version : 5.6.0.122
Spyware Definition Version : 1991 (7/19/2011)
Antivirus Definition Version: 3.19.1 (7/19/2011)
Security Product Definitions: 111 (9/27/2008)
CLI Switches used: /deepmem /rootkit /removal /output /all
FileName/Path to scan: C:\
Loading Spy definitions...
Searching For Security Software...
Gathering System Information...
Gathering memory information...
Gathering hard drives information...
Gathering system details...
Searching startup applications...
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\en-US\windowsanytimeupgradeResults.exe.mui
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\en-US\windowsanytimeupgradeResults.exe.mui
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\en-US\wisptis.exe.mui
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\en-US\wksprt.exe.mui
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\en-US\wksprt.exe.mui
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\en-US\wpcmig.dll.mui
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\en-US\wpnpinst.exe.mui
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\en-US\wsepno.dll.mui
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\en-US\wsepno.dll.mui
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\en-US\WWanMM.dll.mui
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\en-US\WWanMM.dll.mui
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\en-US\Wwanpref.dll.mui
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\en-US\Wwanpref.dll.mui
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\en-US\xlog.exe.mui
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\en-US\xrWCbgnd.dll.mui
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\en-US\xrWCtmg2.dll.mui
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\en-US\xrWPusd.dll.mui
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\en-US\batt.dll.mui
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\en-US\bthci.dll.mui
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\en-US\mctadmin.exe.mui
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\en-US\mctadmin.exe.mui
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\en-US\pnpui.dll.mui
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\en-US\pnpui.dll.mui
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\drivers\lsi_sas2.sys
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\drivers\lsi_sas2.sys
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\config\SYSTEM.LOG1
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\wmicmiplugin.dll
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\wmicmiplugin.dll
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{d22ce3aa-86f4-4794-bd11-1b5035259640}\snapshot.etl
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\drivers\amdk8.sys
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\drivers\amdk8.sys
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\drivers\GAGP30KX.SYS
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\drivers\GAGP30KX.SYS
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\spp\plugin-manifests-signed\sppobjs-spp-plugin-manifest-signed.xrm-ms
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\spp\plugin-manifests-signed\sppobjs-spp-plugin-manifest-signed.xrm-ms
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\config\COMPONENTS{563365d5-06d0-11e0-9fb9-9b71ed465bd3}.TM.blf
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\wbem\en-US\cimwin32.dll.mui
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\wbem\en-US\cimwin32.dll.mui
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\drivers\BrSerId.sys
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\drivers\BrSerId.sys
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\drivers\mrxdav.sys
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\iglhxa64.cpa
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\igfxpph.dll
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\config\SOFTWARE.LOG1
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\en-US\werconcpl.dll.mui
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\en-US\fsquirt.exe.mui
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\perfh009.dat
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\perfh009.dat
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\en-US\fverecover.dll.mui
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\WinSAT.exe
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\WinSAT.exe
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\config\SYSTEM.LOG
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\config\SYSTEM.LOG
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\config\SOFTWARE.LOG
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\config\SOFTWARE.LOG
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\config\DEFAULT.LOG
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\config\DEFAULT.LOG
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\en-US\biocpl.dll.mui
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\en-US\biocpl.dll.mui
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\en-US\sppsvc.exe.mui
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\en-US\sppsvc.exe.mui
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT{38411064-3fc8-11e0-8558-89b8b415a8c9}.TM.blf
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\drivers\USBSTOR.SYS
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\wdi\{533a67eb-9fb5-473d-b884-958cf4b9c4a3}\{0fcfcb4e-7e0d-44ec-8727-96d288ea7988}\snapshot.etl
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\drivers\srvnet.sys
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT{72fd0397-684f-11e0-9880-80c8ad0a55c9}.TM.blf
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\config\COMPONENTS{525ad4e1-5d64-11e0-9d75-ba0719559ad0}.TMContainer00000000000000000002.regtrans-ms
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\config\COMPONENTS{f438e9a7-7006-11e0-b3e3-eb05d7b6add5}.TMContainer00000000000000000001.regtrans-ms
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT{1a513aa1-8e58-11e0-a004-b5915edafed7}.TMContainer00000000000000000002.regtrans-ms
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\config\COMPONENTS{525ad4e1-5d64-11e0-9d75-ba0719559ad0}.TM.blf
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT{bd055a10-72e0-11e0-802e-a6b5a7c8c5e0}.TM.blf
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\drivers\Diskdump.sys
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT{901495ec-a525-11e0-a6fe-cf600d750dd6}.TMContainer00000000000000000001.regtrans-ms
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT{901495ec-a525-11e0-a6fe-cf600d750dd6}.TMContainer00000000000000000002.regtrans-ms
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{4c74c410-15cb-43c7-960c-e95a36ce2b2e}\snapshot.etl
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT{1a513aa1-8e58-11e0-a004-b5915edafed7}.TM.blf
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\drivers\nvraid.sys
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT{901495ec-a525-11e0-a6fe-cf600d750dd6}.TM.blf
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\config\COMPONENTS{f438e9a7-7006-11e0-b3e3-eb05d7b6add5}.TMContainer00000000000000000002.regtrans-ms
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT{72fd0397-684f-11e0-9880-80c8ad0a55c9}.TMContainer00000000000000000001.regtrans-ms
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-EventTracing%4Admin.evtx
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\umpnpmgr.dll
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\config\COMPONENTS{14c6f0ca-79be-11e0-887c-f92df847b6cc}.TM.blf
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\wdi\{ffc42108-4920-4acf-a4fc-8abdcc68ada4}\{ee91380c-29e3-4fe0-a822-615112c03ae8}\snapshot.etl
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT{bd055a10-72e0-11e0-802e-a6b5a7c8c5e0}.TMContainer00000000000000000002.regtrans-ms
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{7c763679-78bb-45e9-982e-e620084ddd9c}\snapshot.etl
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\config\COMPONENTS{dc642941-7002-11e0-9e56-78e400529130}.TMContainer00000000000000000001.regtrans-ms
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\config\COMPONENTS{14c6f0ca-79be-11e0-887c-f92df847b6cc}.TMContainer00000000000000000001.regtrans-ms
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT{1a513aa1-8e58-11e0-a004-b5915edafed7}.TMContainer00000000000000000001.regtrans-ms
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\wbem\Performance\WmiApRpl.ini
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\wdi\LogFiles\WdiContextLog.etl.002
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\drivers\srv2.sys
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\drivers\bowser.sys
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\wdi\{533a67eb-9fb5-473d-b884-958cf4b9c4a3}\{6563ce08-36d3-46e5-acad-0de7fa9087f6}\snapshot.etl
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\wdi\{ffc42108-4920-4acf-a4fc-8abdcc68ada4}\{ece8836d-832b-49b4-85b9-80760efbc81b}\snapshot.etl
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT{901496b3-a525-11e0-a6fe-cf600d750dd6}.TMContainer00000000000000000001.regtrans-ms
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{b2cf2ad8-f44c-48a1-8a78-8e296864d275}\snapshot.etl
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT{901496b3-a525-11e0-a6fe-cf600d750dd6}.TMContainer00000000000000000002.regtrans-ms
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\NDF\eventlog.etl
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\drivers\srv.sys
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{de359b1b-5d8d-413a-9fe1-db489e9b2832}\snapshot.etl
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\wdi\{533a67eb-9fb5-473d-b884-958cf4b9c4a3}\{440cca28-0348-40b2-89b9-1ed7d57ca66d}\snapshot.etl
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{a7baca7a-18b0-438d-bf2a-0811867e1c42}\snapshot.etl
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{6c5065fb-a2a0-490e-aac8-238600496aa0}\snapshot.etl
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\config\RegBack\SECURITY
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\drivers\nvstor.sys
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\FXSCOVER.exe
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\kdusb.dll
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\kd1394.dll
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\dnsrslvr.dll
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\kdcom.dll
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT{72fd0397-684f-11e0-9880-80c8ad0a55c9}.TMContainer00000000000000000002.regtrans-ms
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\drivers\mrxsmb20.sys
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\config\RegBack\SOFTWARE
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\wdi\{ffc42108-4920-4acf-a4fc-8abdcc68ada4}\{37fe51f9-8bad-404a-99c0-1932db621110}\snapshot.etl
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\config\COMPONENTS{14c6f0ca-79be-11e0-887c-f92df847b6cc}.TMContainer00000000000000000002.regtrans-ms
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\config\COMPONENTS{525ad4e1-5d64-11e0-9d75-ba0719559ad0}.TMContainer00000000000000000001.regtrans-ms
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{c1109fd5-c172-4c38-80a6-752c3465cc47}\snapshot.etl
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\Boot\winresume.efi
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\winresume.efi
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\Boot\winload.efi
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\winload.efi
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\Boot\winresume.exe
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{43f4fddb-273f-4394-8249-c4b5c301cb5e}\snapshot.etl
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\config\RegBack\SYSTEM
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\drivers\iaStorV.sys
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\drivers\dfsc.sys
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\drivers\mrxsmb10.sys
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\config\RegBack\DEFAULT
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\win32k.sys
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\drivers\afd.sys
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\drivers\tcpip.sys
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\wdi\{533a67eb-9fb5-473d-b884-958cf4b9c4a3}\{12e7cead-b88c-49c6-8a94-0a0b018b9575}\snapshot.etl
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\perfc009.dat
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\perfc009.dat
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\wdi\{ffc42108-4920-4acf-a4fc-8abdcc68ada4}\{2db50fec-1957-4ada-b3a0-2a0ee8a616bb}\snapshot.etl
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\wdi\{533a67eb-9fb5-473d-b884-958cf4b9c4a3}\{3103b9a9-579c-4d4f-8fe6-cff735f9c570}\snapshot.etl
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\MRT.exe
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\drivers\mrxsmb.sys
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\wdi\{ffc42108-4920-4acf-a4fc-8abdcc68ada4}\{c0a5fb60-1373-4a2a-97c4-e74eb7e8e350}\snapshot.etl
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\wdi\{ffc42108-4920-4acf-a4fc-8abdcc68ada4}\{21e35f56-04ff-449a-b7b5-3c1c9b6fb5bd}\snapshot.etl
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\wdi\LogFiles\WdiContextLog.etl.001
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\oem\MakeEdocsShortcut.log
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\sysprep\Panther\setuperr.log
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\sysprep\Sysprep_succeeded.tag
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\Microsoft\Protect\S-1-5-18\User\f22e410f-f947-4e08-8f2a-8f65df603f8d
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\Microsoft\Protect\S-1-5-18\User\Preferred
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\config\RegBack\SECURITY.LOG1
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\config\RegBack\SECURITY.LOG2
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\config\RegBack\SOFTWARE.LOG1
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\config\RegBack\SOFTWARE.LOG2
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\wbem\ntfs.mof
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\wbem\ntfs.mof
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\wbem\Wdf01000Uninstall.mof
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\wbem\Wdf01000Uninstall.mof
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\wbem\Win32_EncryptableVolumeUninstall.mof
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\wbem\Win32_EncryptableVolumeUninstall.mof
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\wbem\en-US\subscrpt.mfl
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\config\COMPONENTS.LOG2
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\config\DEFAULT.LOG2
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\config\SAM.LOG2
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\config\SECURITY.LOG2
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\config\SOFTWARE.LOG2
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\config\SYSTEM.LOG2
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\config\systemprofile\ntuser.dat.LOG2
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT.LOG2
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\oobe\info\oobe.xml
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\config\RegBack\SYSTEM.LOG1
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\config\RegBack\SYSTEM.LOG2
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\Microsoft\Protect\S-1-5-18\83fe2ee9-52f5-4257-9b67-04a35eabaf4d
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\Microsoft\Protect\S-1-5-18\Preferred
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\config\RegBack\DEFAULT.LOG1
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\chklogo6_faileddrivers.txt
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\restore\MachineGuid.txt
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\Microsoft\Protect\S-1-5-18\User\b86ce1ef-3049-4d0e-8529-d8fbf22dcf1f
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B90B117906B8A74C79D1BC450C2B94B1_E980C1BCB6BDE88F60C90A9C017422D9
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B90B117906B8A74C79D1BC450C2B94B1_E980C1BCB6BDE88F60C90A9C017422D9
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\Microsoft\Protect\S-1-5-18\User\7b821131-b367-431b-9355-aade75b1f2ad
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Portable Devices\wpdlog00.sqm
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\config\RegBack\DEFAULT.LOG2
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\config\RegBack\SAM.LOG1
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\config\RegBack\SAM.LOG2
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\Microsoft\Protect\S-1-5-18\User\04774331-45f5-4f50-925c-34184a5ca330
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\GfxUI.exe.config
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\drivers\Msft_Kernel_SynTP_01009.Wdf
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\Microsoft\Protect\S-1-5-18\User\4cc02fb5-f3b4-412f-a1de-b95d928b9643
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\sysprep\Panther\IE\setuperr.log
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\wbem\Logs\wmiprov.log
Found(Removed) Adware [rogue security products] in HKLM\software\microsoft\windows nt\currentversion\winlogon\shell
Scan Summary of: C:\
Items Scanned : 342765
Items Infected : 2589
Items Removed : 3
Scan Time: 00:45:26
C:\SystemAnalyzer>
Webroot System Analyzer Command Line Interface
Copyright © 1997-2008 Webroot Software inc. All rights Reserved.
System Analyzer Version : 5.6.0.122
Spyware Definition Version : 1991 (7/19/2011)
Antivirus Definition Version: 3.19.1 (7/19/2011)
Security Product Definitions: 111 (9/27/2008)
CLI Switches used: /deepmem /rootkit /removal /output /all
FileName/Path to scan: C:\
Loading Spy definitions...
Searching For Security Software...
Gathering System Information...
Gathering memory information...
Gathering hard drives information...
Gathering system details...
Searching startup applications...
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\en-US\windowsanytimeupgradeResults.exe.mui
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\en-US\windowsanytimeupgradeResults.exe.mui
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\en-US\wisptis.exe.mui
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\en-US\wksprt.exe.mui
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\en-US\wksprt.exe.mui
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\en-US\wpcmig.dll.mui
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\en-US\wpnpinst.exe.mui
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\en-US\wsepno.dll.mui
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\en-US\wsepno.dll.mui
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\en-US\WWanMM.dll.mui
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\en-US\WWanMM.dll.mui
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\en-US\Wwanpref.dll.mui
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\en-US\Wwanpref.dll.mui
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\en-US\xlog.exe.mui
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\en-US\xrWCbgnd.dll.mui
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\en-US\xrWCtmg2.dll.mui
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\en-US\xrWPusd.dll.mui
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\en-US\batt.dll.mui
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\en-US\bthci.dll.mui
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\en-US\mctadmin.exe.mui
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\en-US\mctadmin.exe.mui
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\en-US\pnpui.dll.mui
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\en-US\pnpui.dll.mui
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\drivers\lsi_sas2.sys
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\drivers\lsi_sas2.sys
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\config\SYSTEM.LOG1
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\wmicmiplugin.dll
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\wmicmiplugin.dll
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{d22ce3aa-86f4-4794-bd11-1b5035259640}\snapshot.etl
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\drivers\amdk8.sys
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\drivers\amdk8.sys
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\drivers\GAGP30KX.SYS
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\drivers\GAGP30KX.SYS
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\spp\plugin-manifests-signed\sppobjs-spp-plugin-manifest-signed.xrm-ms
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\spp\plugin-manifests-signed\sppobjs-spp-plugin-manifest-signed.xrm-ms
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\config\COMPONENTS{563365d5-06d0-11e0-9fb9-9b71ed465bd3}.TM.blf
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\wbem\en-US\cimwin32.dll.mui
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\wbem\en-US\cimwin32.dll.mui
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\drivers\BrSerId.sys
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\drivers\BrSerId.sys
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\drivers\mrxdav.sys
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\iglhxa64.cpa
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\igfxpph.dll
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\config\SOFTWARE.LOG1
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\en-US\werconcpl.dll.mui
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\en-US\fsquirt.exe.mui
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\perfh009.dat
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\perfh009.dat
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\en-US\fverecover.dll.mui
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\WinSAT.exe
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\WinSAT.exe
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\config\SYSTEM.LOG
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\config\SYSTEM.LOG
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\config\SOFTWARE.LOG
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\config\SOFTWARE.LOG
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\config\DEFAULT.LOG
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\config\DEFAULT.LOG
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\en-US\biocpl.dll.mui
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\en-US\biocpl.dll.mui
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\en-US\sppsvc.exe.mui
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\en-US\sppsvc.exe.mui
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT{38411064-3fc8-11e0-8558-89b8b415a8c9}.TM.blf
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\drivers\USBSTOR.SYS
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\wdi\{533a67eb-9fb5-473d-b884-958cf4b9c4a3}\{0fcfcb4e-7e0d-44ec-8727-96d288ea7988}\snapshot.etl
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\drivers\srvnet.sys
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT{72fd0397-684f-11e0-9880-80c8ad0a55c9}.TM.blf
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\config\COMPONENTS{525ad4e1-5d64-11e0-9d75-ba0719559ad0}.TMContainer00000000000000000002.regtrans-ms
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\config\COMPONENTS{f438e9a7-7006-11e0-b3e3-eb05d7b6add5}.TMContainer00000000000000000001.regtrans-ms
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT{1a513aa1-8e58-11e0-a004-b5915edafed7}.TMContainer00000000000000000002.regtrans-ms
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\config\COMPONENTS{525ad4e1-5d64-11e0-9d75-ba0719559ad0}.TM.blf
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT{bd055a10-72e0-11e0-802e-a6b5a7c8c5e0}.TM.blf
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\drivers\Diskdump.sys
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT{901495ec-a525-11e0-a6fe-cf600d750dd6}.TMContainer00000000000000000001.regtrans-ms
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT{901495ec-a525-11e0-a6fe-cf600d750dd6}.TMContainer00000000000000000002.regtrans-ms
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{4c74c410-15cb-43c7-960c-e95a36ce2b2e}\snapshot.etl
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT{1a513aa1-8e58-11e0-a004-b5915edafed7}.TM.blf
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\drivers\nvraid.sys
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT{901495ec-a525-11e0-a6fe-cf600d750dd6}.TM.blf
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\config\COMPONENTS{f438e9a7-7006-11e0-b3e3-eb05d7b6add5}.TMContainer00000000000000000002.regtrans-ms
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT{72fd0397-684f-11e0-9880-80c8ad0a55c9}.TMContainer00000000000000000001.regtrans-ms
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-EventTracing%4Admin.evtx
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\umpnpmgr.dll
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\config\COMPONENTS{14c6f0ca-79be-11e0-887c-f92df847b6cc}.TM.blf
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\wdi\{ffc42108-4920-4acf-a4fc-8abdcc68ada4}\{ee91380c-29e3-4fe0-a822-615112c03ae8}\snapshot.etl
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT{bd055a10-72e0-11e0-802e-a6b5a7c8c5e0}.TMContainer00000000000000000002.regtrans-ms
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{7c763679-78bb-45e9-982e-e620084ddd9c}\snapshot.etl
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\config\COMPONENTS{dc642941-7002-11e0-9e56-78e400529130}.TMContainer00000000000000000001.regtrans-ms
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\config\COMPONENTS{14c6f0ca-79be-11e0-887c-f92df847b6cc}.TMContainer00000000000000000001.regtrans-ms
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT{1a513aa1-8e58-11e0-a004-b5915edafed7}.TMContainer00000000000000000001.regtrans-ms
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\wbem\Performance\WmiApRpl.ini
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\wdi\LogFiles\WdiContextLog.etl.002
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\drivers\srv2.sys
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\drivers\bowser.sys
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\wdi\{533a67eb-9fb5-473d-b884-958cf4b9c4a3}\{6563ce08-36d3-46e5-acad-0de7fa9087f6}\snapshot.etl
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\wdi\{ffc42108-4920-4acf-a4fc-8abdcc68ada4}\{ece8836d-832b-49b4-85b9-80760efbc81b}\snapshot.etl
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT{901496b3-a525-11e0-a6fe-cf600d750dd6}.TMContainer00000000000000000001.regtrans-ms
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{b2cf2ad8-f44c-48a1-8a78-8e296864d275}\snapshot.etl
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT{901496b3-a525-11e0-a6fe-cf600d750dd6}.TMContainer00000000000000000002.regtrans-ms
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\NDF\eventlog.etl
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\drivers\srv.sys
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{de359b1b-5d8d-413a-9fe1-db489e9b2832}\snapshot.etl
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\wdi\{533a67eb-9fb5-473d-b884-958cf4b9c4a3}\{440cca28-0348-40b2-89b9-1ed7d57ca66d}\snapshot.etl
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{a7baca7a-18b0-438d-bf2a-0811867e1c42}\snapshot.etl
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{6c5065fb-a2a0-490e-aac8-238600496aa0}\snapshot.etl
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\config\RegBack\SECURITY
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\drivers\nvstor.sys
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\FXSCOVER.exe
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\kdusb.dll
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\kd1394.dll
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\dnsrslvr.dll
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\kdcom.dll
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT{72fd0397-684f-11e0-9880-80c8ad0a55c9}.TMContainer00000000000000000002.regtrans-ms
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\drivers\mrxsmb20.sys
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\config\RegBack\SOFTWARE
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\wdi\{ffc42108-4920-4acf-a4fc-8abdcc68ada4}\{37fe51f9-8bad-404a-99c0-1932db621110}\snapshot.etl
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\config\COMPONENTS{14c6f0ca-79be-11e0-887c-f92df847b6cc}.TMContainer00000000000000000002.regtrans-ms
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\config\COMPONENTS{525ad4e1-5d64-11e0-9d75-ba0719559ad0}.TMContainer00000000000000000001.regtrans-ms
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{c1109fd5-c172-4c38-80a6-752c3465cc47}\snapshot.etl
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\Boot\winresume.efi
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\winresume.efi
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\Boot\winload.efi
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\winload.efi
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\Boot\winresume.exe
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{43f4fddb-273f-4394-8249-c4b5c301cb5e}\snapshot.etl
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\config\RegBack\SYSTEM
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\drivers\iaStorV.sys
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\drivers\dfsc.sys
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\drivers\mrxsmb10.sys
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\config\RegBack\DEFAULT
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\win32k.sys
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\drivers\afd.sys
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\drivers\tcpip.sys
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\wdi\{533a67eb-9fb5-473d-b884-958cf4b9c4a3}\{12e7cead-b88c-49c6-8a94-0a0b018b9575}\snapshot.etl
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\perfc009.dat
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\perfc009.dat
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\wdi\{ffc42108-4920-4acf-a4fc-8abdcc68ada4}\{2db50fec-1957-4ada-b3a0-2a0ee8a616bb}\snapshot.etl
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\wdi\{533a67eb-9fb5-473d-b884-958cf4b9c4a3}\{3103b9a9-579c-4d4f-8fe6-cff735f9c570}\snapshot.etl
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\MRT.exe
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\drivers\mrxsmb.sys
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\wdi\{ffc42108-4920-4acf-a4fc-8abdcc68ada4}\{c0a5fb60-1373-4a2a-97c4-e74eb7e8e350}\snapshot.etl
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\wdi\{ffc42108-4920-4acf-a4fc-8abdcc68ada4}\{21e35f56-04ff-449a-b7b5-3c1c9b6fb5bd}\snapshot.etl
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\wdi\LogFiles\WdiContextLog.etl.001
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\oem\MakeEdocsShortcut.log
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\sysprep\Panther\setuperr.log
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\sysprep\Sysprep_succeeded.tag
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\Microsoft\Protect\S-1-5-18\User\f22e410f-f947-4e08-8f2a-8f65df603f8d
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\Microsoft\Protect\S-1-5-18\User\Preferred
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\config\RegBack\SECURITY.LOG1
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\config\RegBack\SECURITY.LOG2
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\config\RegBack\SOFTWARE.LOG1
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\config\RegBack\SOFTWARE.LOG2
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\wbem\ntfs.mof
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\wbem\ntfs.mof
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\wbem\Wdf01000Uninstall.mof
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\wbem\Wdf01000Uninstall.mof
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\wbem\Win32_EncryptableVolumeUninstall.mof
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\wbem\Win32_EncryptableVolumeUninstall.mof
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\wbem\en-US\subscrpt.mfl
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\config\COMPONENTS.LOG2
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\config\DEFAULT.LOG2
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\config\SAM.LOG2
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\config\SECURITY.LOG2
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\config\SOFTWARE.LOG2
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\config\SYSTEM.LOG2
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\config\systemprofile\ntuser.dat.LOG2
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT.LOG2
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\oobe\info\oobe.xml
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\config\RegBack\SYSTEM.LOG1
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\config\RegBack\SYSTEM.LOG2
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\Microsoft\Protect\S-1-5-18\83fe2ee9-52f5-4257-9b67-04a35eabaf4d
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\Microsoft\Protect\S-1-5-18\Preferred
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\config\RegBack\DEFAULT.LOG1
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\chklogo6_faileddrivers.txt
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\restore\MachineGuid.txt
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\Microsoft\Protect\S-1-5-18\User\b86ce1ef-3049-4d0e-8529-d8fbf22dcf1f
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B90B117906B8A74C79D1BC450C2B94B1_E980C1BCB6BDE88F60C90A9C017422D9
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B90B117906B8A74C79D1BC450C2B94B1_E980C1BCB6BDE88F60C90A9C017422D9
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\Microsoft\Protect\S-1-5-18\User\7b821131-b367-431b-9355-aade75b1f2ad
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Portable Devices\wpdlog00.sqm
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\config\RegBack\DEFAULT.LOG2
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\config\RegBack\SAM.LOG1
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\config\RegBack\SAM.LOG2
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\Microsoft\Protect\S-1-5-18\User\04774331-45f5-4f50-925c-34184a5ca330
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\GfxUI.exe.config
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\drivers\Msft_Kernel_SynTP_01009.Wdf
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\Microsoft\Protect\S-1-5-18\User\4cc02fb5-f3b4-412f-a1de-b95d928b9643
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\sysprep\Panther\IE\setuperr.log
Found(Deletion failed) System Monitor [potentially rootkit-masked files] in C:\Windows\System32\wbem\Logs\wmiprov.log
Found(Removed) Adware [rogue security products] in HKLM\software\microsoft\windows nt\currentversion\winlogon\shell
Scan Summary of: C:\
Items Scanned : 342765
Items Infected : 2589
Items Removed : 3
Scan Time: 00:45:26
C:\SystemAnalyzer>
#9
- Bleepin Madman
-
- Group: BC Advisor
- Posts: 18,388
- Joined: 08-September 08
- Gender:Male
- Location:Catonsville, Md
Posted 20 July 2011 - 11:29 AM
That looks like a bunch of false positives.
Please try a free Online Scan from ESET and then post the log.
Please try a free Online Scan from ESET and then post the log.
My work schedule is as follows: Mon and Tues 1800 to 0600, Friday - Sunday 1800EST to 0600, and Wednesday to Thursday 1800est to 0600. So if I do not respond right away I am at work.
----------------
If I am helping you, then Please Send Me a Message!with your thread link in it. This is only if I haven't replied back to you within 24 to 48 hours.
----------------
My Main Site || My Backup Site || steam://friends/add/cryptodan Add me to your Steam Friends.
#10
- New Member
-
- Group: Members
- Posts: 9
- Joined: 19-July 11
Posted 20 July 2011 - 03:53 PM
Scan Results
No threats found.
Scanned Files: 138655
Infected Files: 0
Cleaned files: 0
Total scan time: 00:27:43
Scasn status: finished
No threats found.
Scanned Files: 138655
Infected Files: 0
Cleaned files: 0
Total scan time: 00:27:43
Scasn status: finished
#11
- New Member
-
- Group: Members
- Posts: 9
- Joined: 19-July 11
Posted 21 July 2011 - 12:40 PM
I have ran into some other issues and am going to restore the machine to factory defaults. If three different programs didn't find anything and one did I will go with they are False Positives. thank you for the help and ideas of what to try for next time. Can mark this as closed if need be
thank you very much!
thank you very much!
#12
- Bleepin Madman
-
- Group: BC Advisor
- Posts: 18,388
- Joined: 08-September 08
- Gender:Male
- Location:Catonsville, Md
Posted 21 July 2011 - 12:54 PM
Let us know how that goes.
My work schedule is as follows: Mon and Tues 1800 to 0600, Friday - Sunday 1800EST to 0600, and Wednesday to Thursday 1800est to 0600. So if I do not respond right away I am at work.
----------------
If I am helping you, then Please Send Me a Message!with your thread link in it. This is only if I haven't replied back to you within 24 to 48 hours.
----------------
My Main Site || My Backup Site || steam://friends/add/cryptodan Add me to your Steam Friends.
#13
- New Member
-
- Group: Members
- Posts: 9
- Joined: 19-July 11
Posted 22 July 2011 - 01:15 PM
the reload of the OS fixed my issues and no scans found any infections or false positives. thanks again for your assistance and ideas to try next time
#14
- Bleepin Madman
-
- Group: BC Advisor
- Posts: 18,388
- Joined: 08-September 08
- Gender:Male
- Location:Catonsville, Md
Posted 22 July 2011 - 01:31 PM
I got a feeling that they were not false positives.
My work schedule is as follows: Mon and Tues 1800 to 0600, Friday - Sunday 1800EST to 0600, and Wednesday to Thursday 1800est to 0600. So if I do not respond right away I am at work.
----------------
If I am helping you, then Please Send Me a Message!with your thread link in it. This is only if I haven't replied back to you within 24 to 48 hours.
----------------
My Main Site || My Backup Site || steam://friends/add/cryptodan Add me to your Steam Friends.
#15
- New Member
-
- Group: Members
- Posts: 9
- Joined: 19-July 11
Posted 22 July 2011 - 04:08 PM
As do I 
just shocking that only one program out of 4 different ones finds the issues
just shocking that only one program out of 4 different ones finds the issues
Share this topic:
Page 1 of 1