Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rkill results


  • Please log in to reply
11 replies to this topic

#1 sunset013

sunset013

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:41 PM

Posted 08 October 2012 - 02:22 PM

I ran Rkill from this website and copied and pasted results below. My question is regarding the 127.0.0.1 showing as local host. Is this normal? At times, when I'm on IE, I get a pop up msg containing these numbers and it wants me to enter a password (I have none to enter). I exit out of pop-up and it frequently re-visits. What is x86 mode? I have 32 bit mode on my computer?

Also, I was concurrently running a scan from a newly downloaded Malwarebytes program at the same time and its end result showed PUP.Adware.Agent file located within my System Volume Information. I had the program "fix it". Should the Rkill program have recognized the malware? Thank you for your assistance.


Program started at: 10/08/2012 01:43:35 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Reg

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 10/08/2012 01:45:04 PM
Execution time: 0 hours(s), 1 minute(s), and 28 seconds(s)

BC AdBot (Login to Remove)

 


#2 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:41 PM

Posted 08 October 2012 - 02:25 PM

127.0.0.1 localhost Is what you want to see. :thumbup2:

Update do a quick scan with Superantispyware remove all this finds reboot.
http://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWAREFREE


Run a scan with Eset.
http://www.eset.com/us/online-scanner/
When the scan finish list found threats save to clipboard copy to notepad Post the log here.




Please download FarbarServiceScanner and run it on the computer with the issue.
http://download.bleepingcomputer.com/farbar/FSS.exe


Make sure the following options are checked:
Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Please download MINITOOLBOX and run it.
http://download.bleepingcomputer.com/farbar/MiniToolBox.exe

Checkmark following boxes:


Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List Devices (problems only)



Click Go and post the result.



Download Adware Cleaner run it as admin Click the delete button allow it to run and post the log it creates.

http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner

Download Norman Malware Cleaner Run it Go to options then put a tick next to Enable rootkit cleaning. Hit the Full Scan>>>>>>>>Let it finish>>>>>>>>Go to the quarantine Tab>>>>>>> Tick the Select All>>>>>Then the Delete>>>>>>Quit
http://normanasa.vo.llnwd.net/o29/public/Norman_Malware_Cleaner.exe
A log will appear on your desktop post that here in your next reply.


REBoot after Norman.

Post the malwarebytes log please.

#3 sunset013

sunset013
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:41 PM

Posted 09 October 2012 - 10:36 AM

Norman, Thank you for answering my question. Are you saying that I should download each and everyone of the scan apps you listed or are they ones to pick from? I don't want to overwhelm anyone (by copying and pasting results from many apps) if I'm supposed to "pick one". Clarification before I proceed please. Thank you! Wendy

#4 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:41 PM

Posted 09 October 2012 - 05:54 PM

Go ahead and run every scan starting from top to bottom.
When done copy and paste all the logs seperate.
You will not overwhelm me with anything I volunteer to help here. :thumbup2:

#5 sunset013

sunset013
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:41 PM

Posted 15 October 2012 - 02:38 PM

I ran the Superantispareware which found 72 issues that were deleted. ESET Online Scanner Results 10-15-12. I copied and pasted it to "paint" but don't see a place attach here. Please correct me if I should be doing anything differently. The website results has an hourglass at bottom of page with "waiting for http//www.eset.com/us/online-scanner-popup/..". My attempts at downloading the app in Google Chrome failed and this is the result using IE. Thank you!

C:\Program Files\FoxTabFLVPlayer\FLVPlayer.exe a variant of Win32/InstallCore.A application cleaned by deleting - quarantined

#6 sunset013

sunset013
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:41 PM

Posted 15 October 2012 - 03:25 PM

Results of Farbar Service Scanner 10-15-12 (The first item RpcSs ad Plug Play was grayed out and checked off). I have Mozilla FF installed and it didn't mention it. Not sure why it shows Yahoo instead of IE.

I believe my computer is hacked and my own stupidity for using both Fiddler2 and Leethax as a way to acquire coins/spins for a couple games I was playing in facebook via Mozilla FF. I'd been using it for 2+ years for one game with no problems. It wasn't until June this year, that I used it for the benefit of another game that I began having major problems. People that are not on my friendlist accessed my account and probably my computer regularly; names were showing up that I have no idea who they are and were sending spin gifts. Tokens within a couple of my other games were decreasing on a daily basis beginning about the time I started using the 2 programs. I had also downloaded Charles Proxy and though I've uninstalled it, I see bits and pieces of it when I browze through H-key folders and subfolders. I had also clicked on utube videos that installed partial files on this computer but they would never complete downloading in a way for me to make them function, yet imbedded files on my computer. I hadn't been on facebook since mid July and did access it yesterday to view one of my accounts. I don't dare go on it and interact because I don't want to compromise any of my friend's computers or accounts. I have a lot of friends worried about my absence because I used to practically live on FB. I had a FB friend that works on computers for a living, access my laptop from his in July and he spent 4 hours trying to fix the issue, had me change my password and the next morning I went into my FB account and it had been accessed while I was sleeping. One of the games that gives a bonus every 4 hours said I had 1 hour 44 minutes remaining before I could collect it and I had not been asleep. The FB timeline does not reflect any activity. I hope that my honesty here is not going to get me in deeper trouble. For anyone that reads this, please learn a lesson and do NOT go on websites to do this sort of thing. I bought this computer several years ago from ebay as a refurbished one and it did not come with installation CDs. Fortunately I do not do my banking or other personal things from this computer. I'm sorry and if this is "too much", I understand.

I have no idea how to interpret it, but here is the log:

Farbar Service Scanner Version: 07-10-2012
Ran by User (administrator) on 15-10-2012 at 15:43:01
Running from "C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\IYFW5U4Z"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll
[2008-06-03 10:01] - [2008-06-03 10:01] - 0126976 ____A (Microsoft Corporation) C51DE19619D50CBD03708647ACA10E70

C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys
[2008-07-28 07:53] - [2008-07-28 07:53] - 0361600 ____A (Microsoft Corporation) 367DE8E5F638C091F49273144274F629

C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll
[2008-04-28 10:07] - [2008-04-28 10:07] - 0330752 ____A (Microsoft Corporation) 4F10A2FA76B5BD54CD68AFA94E8ADB39

C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll
[2009-08-13 09:55] - [2008-10-16 15:07] - 0023576 ____A (Microsoft Corporation) AAE1A6FFBA2B0436E91795120F48C461

C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll
[2008-07-07 16:23] - [2008-07-07 16:23] - 0253952 ____A (Microsoft Corporation) F17F6226BDC0CD5F0BEF0DAF84D29BEC

C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll
[2009-08-10 15:58] - [2009-08-10 15:58] - 0401408 ____A (Microsoft Corporation) 9222562D44021B988B9F9F62207FB6F2

C:\WINDOWS\system32\services.exe
[2009-08-10 15:58] - [2009-08-10 15:58] - 0110592 ____A (Microsoft Corporation) 020CEAAEDC8EB655B6506B8C70D53BB6


Extra List:
=======
Gpc(6) IPSec(4) NetBT(5) PSched(7) s24trans(8) Tcpip(3)
0x0D000000040000000100000002000000030000000B0000000C0000000D00000005000000060000000700000008000000090000000A000000
IpSec Tag value is correct.

**** End of log ****



#7 sunset013

sunset013
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:41 PM

Posted 15 October 2012 - 03:35 PM

Thank you AGAIN!!!

MiniToolBox by Farbar Version: 23-07-2012
Ran by User (administrator) on 15-10-2012 at 16:29:32
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Broadcom 570x Gigabit Integrated Controller = Local Area Connection (Disconnected)
Dell Wireless 1450 Dual Band WLAN Mini-PCI Card = Wireless Network Connection 4 (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Wireless Network Connection 4"

set address name="Wireless Network Connection 4" source=dhcp
set dns name="Wireless Network Connection 4" source=static addr=8.8.8.8 register=PRIMARY
add dns name="Wireless Network Connection 4" addr=8.8.4.4 index=2
set wins name="Wireless Network Connection 4" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : WENDYLap

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : TRENDnet



Ethernet adapter Wireless Network Connection 4:



Connection-specific DNS Suffix . : TRENDnet

Description . . . . . . . . . . . : Dell Wireless 1450 Dual Band WLAN Mini-PCI Card

Physical Address. . . . . . . . . : 00-11-F5-01-43-CF

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.10.101

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.10.1

DHCP Server . . . . . . . . . . . : 192.168.10.1

DNS Servers . . . . . . . . . . . : 8.8.8.8

8.8.4.4

Lease Obtained. . . . . . . . . . : Monday, October 15, 2012 9:13:23 AM

Lease Expires . . . . . . . . . . : Monday, October 22, 2012 9:13:23 AM

Server: google-public-dns-a.google.com
Address: 8.8.8.8

Name: google.com
Addresses: 74.125.228.40, 74.125.228.41, 74.125.228.46, 74.125.228.39
74.125.228.36, 74.125.228.34, 74.125.228.37, 74.125.228.33, 74.125.228.38
74.125.228.32, 74.125.228.35



Pinging google.com [74.125.228.40] with 32 bytes of data:



Reply from 74.125.228.40: bytes=32 time=33ms TTL=53

Reply from 74.125.228.40: bytes=32 time=37ms TTL=53



Ping statistics for 74.125.228.40:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 33ms, Maximum = 37ms, Average = 35ms

Server: google-public-dns-a.google.com
Address: 8.8.8.8

Name: yahoo.com
Addresses: 72.30.38.140, 98.138.253.109, 98.139.183.24



Pinging yahoo.com [72.30.38.140] with 32 bytes of data:



Reply from 72.30.38.140: bytes=32 time=871ms TTL=45

Reply from 72.30.38.140: bytes=32 time=998ms TTL=45



Ping statistics for 72.30.38.140:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 871ms, Maximum = 998ms, Average = 934ms

Server: google-public-dns-a.google.com
Address: 8.8.8.8

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 11 f5 01 43 cf ...... Dell Wireless 1450 Dual Band WLAN Mini-PCI Card - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.10.1 192.168.10.101 25
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.10.0 255.255.255.0 192.168.10.101 192.168.10.101 25
192.168.10.101 255.255.255.255 127.0.0.1 127.0.0.1 25
192.168.10.255 255.255.255.255 192.168.10.101 192.168.10.101 25
224.0.0.0 240.0.0.0 192.168.10.101 192.168.10.101 25
255.255.255.255 255.255.255.255 192.168.10.101 192.168.10.101 1
Default Gateway: 192.168.10.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (10/15/2012 08:47:23 AM) (Source: Application Error) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5634, faulting module shell32.dll, version 6.0.2900.6242, fault address 0x0006477b.
Processing media-specific event for [explorer.exe!ws!]

Error: (07/15/2012 03:59:33 PM) (Source: MsiInstaller) (User: WENDYLAP)WENDYLAP
Description: Product: Charles 3.6.5 -- Error 1706. An installation package for the product Charles 3.6.5 cannot be found. Try the installation again using a valid copy of the installation package 'charles-proxy_3.6.5 (1).msi'.(NULL)(NULL)(NULL)(NULL)

Error: (07/08/2012 04:46:12 PM) (Source: MatSvc) (User: )
Description: The MATS service encountered a failure when uploading data. hr=0x80004004

Error: (07/08/2012 04:46:12 PM) (Source: MatSvc) (User: )
Description: The MATS service encountered a web service failure. hr=0x80004004

Error: (07/07/2012 10:52:51 AM) (Source: MSSQL$SQLEXPRESS) (User: )
Description: Cannot find the object 'all_objects', because it does not exist or you do not have permission.

Error: (07/07/2012 10:52:51 AM) (Source: MSSQL$SQLEXPRESS) (User: )
Description: Cannot find the object 'all_views', because it does not exist or you do not have permission.

Error: (07/07/2012 10:52:51 AM) (Source: MSSQL$SQLEXPRESS) (User: )
Description: Cannot find the object 'all_columns', because it does not exist or you do not have permission.

Error: (07/07/2012 10:52:51 AM) (Source: MSSQL$SQLEXPRESS) (User: )
Description: Cannot find the object 'all_parameters', because it does not exist or you do not have permission.

Error: (07/07/2012 10:52:51 AM) (Source: MSSQL$SQLEXPRESS) (User: )
Description: Cannot find the object 'all_sql_modules', because it does not exist or you do not have permission.

Error: (07/07/2012 10:52:51 AM) (Source: MSSQL$SQLEXPRESS) (User: )
Description: Cannot find the object 'objects', because it does not exist or you do not have permission.


System errors:
=============
Error: (10/15/2012 09:14:36 AM) (Source: Service Control Manager) (User: )
Description: The Microsoft Automated Troubleshooting Service service failed to start due to the following error:
%%1053

Error: (10/15/2012 09:14:36 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Microsoft Automated Troubleshooting Service service to connect.

Error: (10/15/2012 09:14:36 AM) (Source: Service Control Manager) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%3

Error: (10/15/2012 09:14:36 AM) (Source: Service Control Manager) (User: )
Description: The Windows Driver Foundation - User-mode Driver Framework service terminated with the following error:
%%31

Error: (10/14/2012 10:57:21 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
PCIIde

Error: (10/14/2012 10:57:05 PM) (Source: Service Control Manager) (User: )
Description: The Microsoft Automated Troubleshooting Service service failed to start due to the following error:
%%1053

Error: (10/14/2012 10:57:05 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Microsoft Automated Troubleshooting Service service to connect.

Error: (10/14/2012 10:57:05 PM) (Source: Service Control Manager) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%3

Error: (10/14/2012 10:57:05 PM) (Source: Service Control Manager) (User: )
Description: The Windows Driver Foundation - User-mode Driver Framework service terminated with the following error:
%%31

Error: (10/12/2012 07:18:39 PM) (Source: Service Control Manager) (User: )
Description: The SABProcEnum service failed to start due to the following error:
%%2


Microsoft Office Sessions:
=========================
Error: (10/15/2012 08:47:23 AM) (Source: Application Error)(User: )
Description: explorer.exe6.0.2900.5634shell32.dll6.0.2900.62420006477b

Error: (07/15/2012 03:59:33 PM) (Source: MsiInstaller)(User: WENDYLAP)WENDYLAP
Description: Product: Charles 3.6.5 -- Error 1706. An installation package for the product Charles 3.6.5 cannot be found. Try the installation again using a valid copy of the installation package 'charles-proxy_3.6.5 (1).msi'.(NULL)(NULL)(NULL)(NULL)

Error: (07/08/2012 04:46:12 PM) (Source: MatSvc)(User: )
Description: hr=0x80004004C:\Program Files\Microsoft Fix it Center\MATS\ReportCab\ea0761d6-1622-2c8b-7863-8cd96ecd99a7.cab

Error: (07/08/2012 04:46:12 PM) (Source: MatSvc)(User: )
Description: hr=0x80004004IDataUploadService::UploadResult

Error: (07/07/2012 10:52:51 AM) (Source: MSSQL$SQLEXPRESS)(User: )
Description: findobjectall_objects

Error: (07/07/2012 10:52:51 AM) (Source: MSSQL$SQLEXPRESS)(User: )
Description: findobjectall_views

Error: (07/07/2012 10:52:51 AM) (Source: MSSQL$SQLEXPRESS)(User: )
Description: findobjectall_columns

Error: (07/07/2012 10:52:51 AM) (Source: MSSQL$SQLEXPRESS)(User: )
Description: findobjectall_parameters

Error: (07/07/2012 10:52:51 AM) (Source: MSSQL$SQLEXPRESS)(User: )
Description: findobjectall_sql_modules

Error: (07/07/2012 10:52:51 AM) (Source: MSSQL$SQLEXPRESS)(User: )
Description: findobjectobjects


=========================== Installed Programs ============================

Adobe Flash Player 11 ActiveX (Version: 11.4.402.287)
Adobe Flash Player 11 Plugin (Version: 11.4.402.287)
Adobe Shockwave Player 11.6 (Version: 11.6.5.635)
ATI - Software Uninstall Utility (Version: 6.14.10.1014)
ATI Control Panel (Version: 6.14.10.5173)
ATI Display Driver (Version: 8.20-051110a1-028793C-Dell)
AVG 2011 (Version: 10.0.1435)
AVG PC Tuneup (Version: 10.0.0.27)
Bejeweled 2 Deluxe
Bejeweled Blitz
C-Major Audio (Version: 42xx)
CCleaner (Version: 3.23)
Conexant D480 MDC V.92 Modem
ESET Online Scanner v3
Fiddler2 (Version: 2.3.5.2)
Google Chrome (Version: 22.0.1229.79)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Update Helper (Version: 1.2.183.23)
ImgBurn (Version: 2.5.0.0)
Java 7 Update 7 (Version: 7.0.70)
Java Auto Updater (Version: 2.1.9.0)
Malwarebytes Anti-Malware version 1.65.0.1400 (Version: 1.65.0.1400)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Multi-Targeting Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft ASP.NET MVC 2 (Version: 2.0.50217.0)
Microsoft Automated Troubleshooting Services Shim
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Help Viewer 1.0 (Version: 1.0.30319)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft Silverlight 3 SDK (Version: 3.0.40818.0)
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Common Files (Version: 10.0.1600.22)
Microsoft SQL Server 2008 Common Files (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Database Engine Services (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Database Engine Shared (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Native Client (Version: 10.1.2531.0)
Microsoft SQL Server 2008 R2 Management Objects (Version: 10.50.1447.4)
Microsoft SQL Server 2008 RsFx Driver (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Setup Support Files (Version: 10.1.2731.0)
Microsoft SQL Server Database Publishing Wizard 1.4 (Version: 10.1.2512.8)
Microsoft SQL Server System CLR Types (Version: 10.50.1447.4)
Microsoft SQL Server VSS Writer (Version: 10.1.2531.0)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (Version: 10.0.30319)
Microsoft Visual Web Developer 2010 Express - ENU (Version: 10.0.30319)
Mozilla Firefox (3.6.17) (Version: 3.6.17 (en-US))
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Nero 7 Essentials (Version: 7.03.1084)
neroxml (Version: 1.0.0)
OpenOffice.org 3.3 (Version: 3.3.9567)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealUpgrade 1.1 (Version: 1.1.0)
Service Pack 1 for SQL Server 2008 (KB968369) (Version: 10.1.2531.0)
Sql Server Customer Experience Improvement Program (Version: 10.1.2531.0)
SUPERAntiSpyware (Version: 5.6.1008)
swMSM (Version: 12.0.0.1)
TimeLineRemove 0.8.2 (Version: 0.8.2)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2749655) (Version: 1)
VLC media player 1.0.0 (Version: 1.0.0)
Web Deployment Tool (Version: 1.1.0618)
WebFldrs XP (Version: 9.50.7523)
WhiteSmoke US Toolbar (Version: 6.8.10.0)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 11
Windows Rights Management Client Backwards Compatibility SP2 (Version: 5.2.95)
Windows Rights Management Client with Service Pack 2 (Version: 5.2.95)

========================= Devices: ================================

Name: Broadcom 570x Gigabit Integrated Controller
Description: Broadcom 570x Gigabit Integrated Controller
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Broadcom
Service: b57w2k
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


========================= Memory info: ===================================

Percentage of memory in use: 59%
Total physical RAM: 1023.23 MB
Available physical RAM: 411.82 MB
Total Pagefile: 2471.18 MB
Available Pagefile: 1958.82 MB
Total Virtual: 2047.88 MB
Available Virtual: 1970 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:55.88 GB) (Free:37.21 GB) NTFS

========================= Users: ========================================

User accounts for \\WENDYLAP

Administrator ASPNET Guest
HelpAssistant IUSR_BTGPC IWAM_BTGPC
SUPPORT_388945a0 User


**** End of log ****




#8 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:41 PM

Posted 15 October 2012 - 08:29 PM

The Norman and adware cleaner logs?

Download tdss killer

http://support.kaspersky.com/downloads/utils/tdsskiller.exe



Right Click it Run as Admin . Click on Change parameters Select TDLFS file system

Hit the Scan button Post the LOG In your next reply

Do not change the default options on scan results



Run the program below as admin hit the scan button allow it to finish then hit the delete button.

http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe

Download Rkill run it post the log.
http://www.bleepingcomputer.com/download/rkill/

Download the junkware removal tool save it to your desktop run it in safe mode post the log.
http://thisisudax.org/downloads/JRT.exe


Download Autoruns and Autorunsc Unzip it to your desktop and then double click autoruns.exe After the scan is finished then click on File>>>>>>>>>>>Save The default name will be autoruns.arn make sure to save it as Autoruns.txt under the file type option. in other words make sure it is a .txt file instead of .arn Attach the text in your next reply.

http://download.sysinternals.com/files/Autoruns.zip

#9 sunset013

sunset013
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:41 PM

Posted 16 October 2012 - 06:44 AM

I didn't think this computer had an option to log on as "Admin". Only one account on it and it simply says "user" when I go to log off/on. I've now gone to control panel and discovered that "user" is "Administrator" on this computer. I just now renamed it to Admin Wendy. The guest user account was turned off so I left it that way. On my desktop computer, it clearly says "Administrator" for user name, this computer had only the one name, "user". I will now follow your other steps and post results I wasn't sure how to proceed with the other 2 steps last night after I logged off and discovered no ADMIN user. and nothing to switch between. By that time my daughter came over for dinner so I didn't get back on computer last night.

And thank you for not giving up on me!! Wendy :)

Edited by sunset013, 16 October 2012 - 07:07 AM.


#10 sunset013

sunset013
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:41 PM

Posted 16 October 2012 - 01:47 PM

I had a power outage and yayyy, power is back on! Here is the next log you requested. I am astounded at all the files that were deleted! I'm onto the next task! I appreciate everything you are doing, for me, an absolute stranger to you! THANK YOU!!! :) ~Wendy

# AdwCleaner v2.005 - Logfile created 10/16/2012 at 14:18:50
# Updated 14/10/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : User - WENDYLAP
# Boot Mode : Normal
# Running from : C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\IYFW5U4Z\adwcleaner[1].exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pkpcdceijednnilobgleblmagjchmofe
File Deleted : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\jbf57iza.default\searchplugins\Conduit.xml
File Deleted : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\jbf57iza.default\searchplugins\Search_Results.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\Program Files\Mozilla FireFox\searchplugins\Search_Results.xml
File Deleted : C:\user.js
Folder Deleted : C:\Documents and Settings\User\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\jbf57iza.default\ConduitCommon
Folder Deleted : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\jbf57iza.default\Smartbar
Folder Deleted : C:\Documents and Settings\User\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\User\Local Settings\Application Data\Ilivid Player
Folder Deleted : C:\Documents and Settings\User\Local Settings\Application Data\WhiteSmoke_US
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\OApps
Folder Deleted : C:\Program Files\WhiteSmoke_US

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D425283-D487-4337-BAB6-AB8354A81457}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CCE665DD-F6DD-4808-968E-EAEC971F70EF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCE665DD-F6DD-4808-968E-EAEC971F70EF}
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\WhiteSmoke_US
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKCU\Toolbar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E3CB8E43-F1A0-472F-9663-7D280B3219B2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3198785
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pkpcdceijednnilobgleblmagjchmofe
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E3CB8E43-F1A0-472F-9663-7D280B3219B2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke_US Toolbar
Key Deleted : HKLM\Software\WhiteSmoke_US
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v3.6.17 (en-US)

-\\ Google Chrome v22.0.1229.79

File : C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [5807 octets] - [16/10/2012 14:18:50]

########## EOF - C:\AdwCleaner[S1].txt - [5867 octets] ##########




#11 sunset013

sunset013
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:41 PM

Posted 16 October 2012 - 05:54 PM

Here are the results of the Norman Malware Cleaner. There wasn't anything in the Quaratine tab. Next, I'm going to re-boot and run the tdss killer per your instructions. Thank you! :)


Norman Malware Cleaner v2.06.01
Copyright 1990 - 2012, Norman ASA.

Norman Scanner Engine Version: 7.00.12
nvcbin.def: Version: 7.00.1475, Date: 2012/10/16 08:37:40, Variants: 19057168
nvcmacro.def: Version: 0.00.00, Date: 1969/12/31 19:00:00, Variants: 0

Operating System: Windows XP Service Pack 3

Switches: /iagree /cleanrootkit /nomt /nosb

Scan started: 2012/10/16 15:28:40

Running pre-scan cleanup routine...

Number of malicious objects found: 0
Number of malicious objects cleaned: 0
Scanning time: 0s

Scanning system for active rootkit activity...

Number of malicious objects found: 0
Number of malicious objects cleaned: 0
Number of malicious files found: 0
Number of malicious files cleaned: 0
Scanning time: 0s

Scanning running processes and process memory...

Number of objects found: 1687
Number of objects scanned: 1687
Number of objects not scanned: 0
Number of malicious memory objects found: 0
Number of malicious objects cleaned: 0
Number of malicious files found: 0
Number of malicious files cleaned: 0
Scanning time: 1m 8s

Scanning system for FakeAV...

Number of malicious objects found: 0
Number of malicious objects cleaned: 0
Number of malicious files found: 0
Number of malicious files cleaned: 0
Scanning time: 0s

Running full scan...
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat: Error opening file for read: 0x00000020
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG: Error opening file for read: 0x00000020
C:\Documents and Settings\LocalService\NTUSER.DAT: Error opening file for read: 0x00000020
C:\Documents and Settings\LocalService\ntuser.dat.LOG: Error opening file for read: 0x00000020
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat: Error opening file for read: 0x00000020
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG: Error opening file for read: 0x00000020
C:\Documents and Settings\NetworkService\NTUSER.DAT: Error opening file for read: 0x00000020
C:\Documents and Settings\NetworkService\ntuser.dat.LOG: Error opening file for read: 0x00000020
C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{DD723803-17C0-11E2-976C-0011F50143CF}.dat: Error opening file for read: 0x00000020
C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{3DDBB480-17C1-11E2-976C-0011F50143CF}.dat: Error opening file for read: 0x00000020
C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{DD723804-17C0-11E2-976C-0011F50143CF}.dat: Error opening file for read: 0x00000020
C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat: Error opening file for read: 0x00000020
C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG: Error opening file for read: 0x00000020
C:\Documents and Settings\User\Local Settings\Temp\~DF1ADC.tmp: Error opening file for read: 0x00000020
C:\Documents and Settings\User\Local Settings\Temp\~DF46EE.tmp: Error opening file for read: 0x00000020
C:\Documents and Settings\User\Local Settings\Temp\~DF5166.tmp: Error opening file for read: 0x00000020
C:\Documents and Settings\User\Local Settings\Temp\~DF5171.tmp: Error opening file for read: 0x00000020
C:\Documents and Settings\User\Local Settings\Temp\~DF51C9.tmp: Error opening file for read: 0x00000020
C:\Documents and Settings\User\Local Settings\Temp\~DF51D4.tmp: Error opening file for read: 0x00000020
C:\Documents and Settings\User\Local Settings\Temp\~DF520F.tmp: Error opening file for read: 0x00000020
C:\Documents and Settings\User\Local Settings\Temp\~DF521A.tmp: Error opening file for read: 0x00000020
C:\Documents and Settings\User\Local Settings\Temp\~DF6C43.tmp: Error opening file for read: 0x00000020
C:\Documents and Settings\User\ntuser.dat: Error opening file for read: 0x00000020
C:\Documents and Settings\User\ntuser.dat.LOG: Error opening file for read: 0x00000020
C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\DATA\master.mdf: Error opening file for read: 0x00000020
C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\DATA\mastlog.ldf: Error opening file for read: 0x00000020
C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\DATA\model.mdf: Error opening file for read: 0x00000020
C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\DATA\modellog.ldf: Error opening file for read: 0x00000020
C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\DATA\MSDBData.mdf: Error opening file for read: 0x00000020
C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\DATA\MSDBLog.ldf: Error opening file for read: 0x00000020
C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\DATA\tempdb.mdf: Error opening file for read: 0x00000020
C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\DATA\templog.ldf: Error opening file for read: 0x00000020
C:\WINDOWS\system32\config\default: Error opening file for read: 0x00000020
C:\WINDOWS\system32\config\default.LOG: Error opening file for read: 0x00000020
C:\WINDOWS\system32\config\SAM: Error opening file for read: 0x00000020
C:\WINDOWS\system32\config\SAM.LOG: Error opening file for read: 0x00000020
C:\WINDOWS\system32\config\SECURITY: Error opening file for read: 0x00000020
C:\WINDOWS\system32\config\SECURITY.LOG: Error opening file for read: 0x00000020
C:\WINDOWS\system32\config\software: Error opening file for read: 0x00000020
C:\WINDOWS\system32\config\software.LOG: Error opening file for read: 0x00000020
C:\WINDOWS\system32\config\system: Error opening file for read: 0x00000020
C:\WINDOWS\system32\config\system.LOG: Error opening file for read: 0x00000020
C:\WINDOWS\Temp\Perflib_Perfdata_924.dat: Error opening file for read: 0x00000020
C:\WINDOWS\Temp\Perflib_Perfdata_e10.dat: Error opening file for read: 0x00000020

Number of files found: 61196
Number of archives unpacked: 3508
Number of objects found: 329108
Number of objects scanned: 329064
Number of objects not scanned: 44
Number of malicious objects found: 0
Number of malicious objects cleaned: 0
Number of malicious files found: 0
Number of malicious files cleaned: 0
Scanning time: 1h 41m 42s

Running post-scan cleanup routine...

Number of malicious objects found: 0
Number of malicious objects cleaned: 0
Scanning time: 0s

Results:
Total number of files found: 61196
Total number of archives unpacked: 3508
Total number of objects found: 330795
Total number of objects scanned: 330751
Total number of objects not scanned: 44
Total number of malicious objects found: 0
Total scanning time: 1h 42m 50s




#12 sunset013

sunset013
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:41 PM

Posted 16 October 2012 - 09:36 PM

Sorry, the rkill wouldn't let me copy contents so I had no way to post it here. Should I proceed with next step? Also, because the one and only user is Administrator, there is NOTHING when I right click on any of the run programs. I'll wait to hear from you and give you time to digest everything I posted today. I do notice that when typing, everything is slow. I can type a sentence before the words appear on screen; this just started sometime today, a bit annoying...and probably a reason for it happening...thanks for all your generosity! Good Night ~Wendy :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users