Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit on laptop


  • Please log in to reply
5 replies to this topic

#1 lpeltier

lpeltier

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:03:00 PM

Posted 25 February 2014 - 07:38 PM

My laptop has a rootkit on it and I need advice on removing the rootkit. Operating system is Windows 7.



BC AdBot (Login to Remove)

 


m

#2 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:00 PM

Posted 25 February 2014 - 07:43 PM

What makes you think there is a rootkit?

 

Please download MINITOOLBOX and run it.

Checkmark following boxes:



Flush DNS
Reset FF proxy Settings
Reset Ie Proxy Settings
Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List Devices (problems only)



Click Go and paste the result.

 

Please download Junkware Removal Tool and save it on your desktop.

  • Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log is saved to your desktop and will automatically open.
  • Please paste  the JRT log.

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
Please Download Emisoft Emergency Kit from here.
https://www.emsisoft.com/en/software/eek/
Save the file to your desktop.
Right click and run as administrator. (xp users double click)
Click Accept and Extract.
This file will appear on the desktop.

I7zpP8t.png
Right click it, select run as administrator. (xp users double click)
Select Emergency Kit Scanner.
rxYDlQ1.png
A pop up requesting an update will appear, select yes.
dQaKPnk.png
After the update select this option in the picture below.
ExN4ZjP.png
Now select Quarantine Detected Objects.
g5ojhHp.png
When the update has finshed, go to scan pc ,select deep scan.
5IOAvyw.png
This scan will take a long time this is normal, as it scans your entire hard drive.
Click on view report, save report to your desktop paste  here in your next reply.



#3 lpeltier

lpeltier
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:03:00 PM

Posted 26 February 2014 - 07:58 AM

When scanning with McAfee it shows that one of the files it is scanning is Rootkit.

 

MiniToolBox by Farbar  Version: 23-01-2014
Ran by Logan (administrator) on 25-02-2014 at 18:49:52
Running from "C:\Users\Logan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ZTJ7R0K"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

127.0.0.1       localhost

========================= IP Configuration: ================================

Realtek RTL8191SE Wireless LAN 802.11n PCI-E NIC = Wireless Network Connection (Connected)
Realtek PCIe FE Family Controller = Local Area Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global

popd
# End of IPv4 configuration

 

Windows IP Configuration

   Host Name . . . . . . . . . . . . : Logan-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Unknown
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : att.net

Wireless LAN adapter Wireless Network Connection 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
   Physical Address. . . . . . . . . : 00-26-B6-43-8F-64
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . : att.net
   Description . . . . . . . . . . . : Realtek RTL8191SE Wireless LAN 802.11n PCI-E NIC
   Physical Address. . . . . . . . . : 00-26-B6-43-8F-64
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2602:306:cf8a:a380:38b7:ecfd:88f3:d9f6(Preferred)
   Temporary IPv6 Address. . . . . . : 2602:306:cf8a:a380:817:28c6:e5bd:c8ed(Preferred)
   Link-local IPv6 Address . . . . . : fe80::38b7:ecfd:88f3:d9f6%11(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.238(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Tuesday, February 25, 2014 6:20:02 PM
   Lease Expires . . . . . . . . . . : Wednesday, February 26, 2014 6:20:03 PM
   Default Gateway . . . . . . . . . : fe80::42b7:f3ff:fe29:ad70%11
                                       192.168.1.254
   DHCP Server . . . . . . . . . . . : 192.168.1.254
   DHCPv6 IAID . . . . . . . . . . . : 301999798
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-E2-CC-FB-00-1E-33-FD-C7-34
   DNS Servers . . . . . . . . . . . : 192.168.1.254
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : gateway.2wire.net
   Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
   Physical Address. . . . . . . . . : 00-1E-33-FD-C7-34
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.att.net:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : att.net
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:2c97:556:9307:55c7(Preferred)
   Link-local IPv6 Address . . . . . : fe80::2c97:556:9307:55c7%17(Preferred)
   Default Gateway . . . . . . . . . :
   NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Reusable ISATAP Interface {2774B031-B5AB-4EFA-9332-FC89726E3BB5}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.gateway.2wire.net:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  dsldevice.att.net
Address:  192.168.1.254

Name:    google.com
Addresses:  2607:f8b0:4000:808::1000
   74.125.225.227
   74.125.225.224
   74.125.225.230
   74.125.225.228
   74.125.225.229
   74.125.225.233
   74.125.225.232
   74.125.225.231
   74.125.225.238
   74.125.225.225
   74.125.225.226

Pinging google.com [2607:f8b0:4000:807::1008] with 32 bytes of data:
Request timed out.
Reply from 2607:f8b0:4000:807::1008: time=275ms

Ping statistics for 2607:f8b0:4000:807::1008:
    Packets: Sent = 2, Received = 1, Lost = 1 (50% loss),
Approximate round trip times in milli-seconds:
    Minimum = 275ms, Maximum = 275ms, Average = 275ms
Server:  dsldevice.att.net
Address:  192.168.1.254

Name:    yahoo.com
Addresses:  98.139.183.24
   206.190.36.45
   98.138.253.109

Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=294ms TTL=44
Reply from 98.139.183.24: bytes=32 time=289ms TTL=44

Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 289ms, Maximum = 294ms, Average = 291ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 13...00 26 b6 43 8f 64 ......Microsoft Virtual WiFi Miniport Adapter
 11...00 26 b6 43 8f 64 ......Realtek RTL8191SE Wireless LAN 802.11n PCI-E NIC
 10...00 1e 33 fd c7 34 ......Realtek PCIe FE Family Controller
  1...........................Software Loopback Interface 1
 19...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
 17...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
 20...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    192.168.1.254    192.168.1.238     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link     192.168.1.238    281
    192.168.1.238  255.255.255.255         On-link     192.168.1.238    281
    192.168.1.255  255.255.255.255         On-link     192.168.1.238    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.1.238    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.1.238    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 11    281 ::/0                     fe80::42b7:f3ff:fe29:ad70
  1    306 ::1/128                  On-link
 17     58 2001::/32                On-link
 17    306 2001:0:9d38:6ab8:2c97:556:9307:55c7/128
                                    On-link
 11     33 2602:306:cf8a:a380::/64  On-link
 11    281 2602:306:cf8a:a380:817:28c6:e5bd:c8ed/128
                                    On-link
 11    281 2602:306:cf8a:a380:38b7:ecfd:88f3:d9f6/128
                                    On-link
 11    281 fe80::/64                On-link
 17    306 fe80::/64                On-link
 17    306 fe80::2c97:556:9307:55c7/128
                                    On-link
 11    281 fe80::38b7:ecfd:88f3:d9f6/128
                                    On-link
  1    306 ff00::/8                 On-link
 17    306 ff00::/8                 On-link
 11    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog5 10 C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [24320] (National Instruments Corporation)
Catalog9 01 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog5 10 C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [26368] (National Instruments Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/25/2014 06:15:02 PM) (Source: Application Hang) (User: )
Description: The program Skype.exe version 6.3.73.105 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1040

Start Time: 01cf327d362e8e96

Termination Time: 893

Application Path: C:\Program Files (x86)\Skype\Phone\Skype.exe

Report Id:

Error: (10/08/2013 06:44:33 AM) (Source: Windows Search Service) (User: )
Description: Performance monitoring cannot be initialized for the gatherer object, because the counters are not loaded or the shared memory object cannot be opened. This only affects availability of the perfmon counters. Restart the computer.

Context:  Application, SystemIndex Catalog

Error: (09/21/2013 04:13:32 PM) (Source: Windows Search Service) (User: )
Description: The index cannot be initialized.

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (09/21/2013 04:13:32 PM) (Source: Windows Search Service) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (09/21/2013 04:13:32 PM) (Source: Windows Search Service) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (09/21/2013 04:13:32 PM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
 Element not found.  (HRESULT : 0x80070490) (0x80070490)

Error: (09/21/2013 04:13:30 PM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (09/21/2013 04:13:30 PM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service cannot load the property store information.

Context: Windows Application, SystemIndex Catalog

Details:
 The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (09/21/2013 04:13:30 PM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (09/21/2013 04:13:30 PM) (Source: Windows Search Service) (User: )
Description: The search service has detected corrupted data files in the index {id=4700}. The service will attempt to automatically correct this problem by rebuilding the index.

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

System errors:
=============
Error: (02/25/2014 06:18:46 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (02/25/2014 06:18:46 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (02/25/2014 06:18:46 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (02/25/2014 06:18:46 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (02/25/2014 06:18:46 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (02/25/2014 06:18:46 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (02/25/2014 06:18:46 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (02/25/2014 06:18:45 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (02/25/2014 06:18:45 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (02/25/2014 06:18:45 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2013-06-25 22:24:46.389
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-06-25 22:24:46.169
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-06-20 17:25:06.869
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-20 17:25:06.869
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-20 17:25:06.869
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-18 22:08:36.594
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-18 22:08:36.594
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-18 22:08:36.594
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-17 18:59:01.891
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-17 18:59:01.891
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

=========================== Installed Programs ============================

 Update for Microsoft Office 2007 (KB2508958)
Adobe Flash Player 11 Plugin (Version: 11.8.800.168)
Adobe Flash Player 12 ActiveX (Version: 12.0.0.70)
Adobe Reader XI (11.0.03) (Version: 11.0.03)
Amazon Links (Version: 2.02)
Apple Application Support (Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
ATT-RC Self Support Tool
Bejeweled 2 Deluxe (Version: 2.2.0.82)
Bing Bar (Version: 6.3.2291.0)
Bing Bar Platform (Version: 6.3.2291.0)
Bing Rewards Client Installer (Version: 16.0.345.0)
Bonjour (Version: 3.0.0.10)
CCleaner (Version: 3.20)
Chuzzle Deluxe (Version: 2.2.0.82)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
D3DX10 (Version: 15.4.2368.0902)
Dropbox (Version: 2.4.11)
Escape Rosecliff Island (Version: 2.2.0.82)
FATE - The Traitor Soul (Version: 2.2.0.82)
GIMP 2.6.11 (Version: 2.6.11)
Google Chrome (Version: 28.0.1500.95)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.5.4413.1752)
Google Update Helper (Version: 1.3.21.153)
HI-TECH C Compiler for the PIC10/12/16 MCUs V9.82PL0 (Version: 9.82)
HI-TECH C51-lite V9.60PL0 (Version: 9.60)
HP Deskjet 3050A J611 series Basic Device Software (Version: 25.0.571.0)
HP Deskjet 3050A J611 series Help (Version: 140.0.2.2)
HP Deskjet 3050A J611 series Product Improvement Study (Version: 25.0.571.0)
HP Photo Creations (Version: 1.0.0.5192)
HP Update (Version: 5.003.000.004)
iCloud (Version: 1.1.0.40)
Intel® Matrix Storage Manager
iTunes (Version: 11.0.5.5)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
Jewel Quest 3 (Version: 2.2.0.82)
Junk Mail filter update (Version: 15.4.3502.0922)
Label@Once 1.0 (Version: 1.0)
Lexmark 3600-4600 Series
Lost Cases of Sherlock Holmes
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Math Kernel Libraries (64-bit) (Version: 1.0.23.0)
Math Kernel Libraries (Version: 1.0.23.0)
McAfee Online Backup (Version: 1.16.4.0)
McAfee Security Scan Plus (Version: 2.1.121.2)
McAfee Total Protection (Version: 12.8.750)
McAfee Virtual Technician (Version: 6.5.0.2101)
Messenger Companion (Version: 15.4.3502.0922)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Default Manager (Version: 2.2.114.0)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Suite Activation Assistant (Version: 2.9)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Search Enhancement Pack (Version: 3.0.131.0)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Works (Version: 9.7.0621)
MobileMe Control Panel (Version: 3.1.8.0)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)
Nancy Drew: Message in a Haunted Mansion
National Instruments Software (Version: )
NI .NET Framework 4.0 (Version: 4.01.49152)
NI ActiveX Container (64-bit) (Version: 12.0.14.0)
NI ActiveX Container (Version: 12.0.14.0)
NI Authentication 12.0.0 (64-bit) (Version: 12.0.367.0)
NI Authentication 12.0.0 (Version: 12.0.367.0)
NI Circuit Design Suite 12.0.1 Core (Version: 12.0.948)
NI Circuit Design Suite 12.0.1 Edu Licenses (Version: 12.0.923)
NI Circuit Design Suite 12.0.1 Education (Version: 12.0.923)
NI Curl 12.0.0 (64-bit) (Version: 12.0.412.0)
NI Curl 12.0.0 (Version: 12.0.412.0)
NI DataSocket 5.0 (64-bit) (Version: 5.0.115.0)
NI DataSocket 5.0 (Version: 5.0.115.0)
NI DN 2.0 SP1 installer (Version: 2.11.49152)
NI Error Reporting 2012 (Version: 12.0.172.0)
NI EulaDepot (Version: 3.10.393)
NI Example Finder 12.0 (Version: 12.0.291.0)
NI GMP Windows 32-bit Installer 12.0.0 (Version: 12.0.46.0)
NI GMP Windows 64-bit Installer 12.0.0 (Version: 12.0.46.0)
NI Help Assistant (64bit) (Version: 1.0.11)
NI Help Assistant (Version: 1.0.11)
NI LabVIEW 2011 Real-Time NBFifo (Version: 11.0.250.0)
NI LabVIEW 2012 Deployable License (Version: 12.0.364.0)
NI LabVIEW 2012 Deployment Framework (Version: 12.0.369.0)
NI LabVIEW 2012 Real-Time NBFifo (Version: 12.0.219.0)
NI LabVIEW 2012 Run-Time Engine Web Server (Version: 12.0.406.0)
NI LabVIEW Run-Time Engine 2011 SP1 (Version: 11.0.448.0)
NI LabVIEW Run-Time Engine 2012 f3 (Version: 12.0.435.0)
NI LabVIEW Run-Time Engine Interop 2011 (Version: 11.0.449.0)
NI LabVIEW Run-Time Engine Interop 2012 (Version: 12.0.204.0)
NI LabVIEW Web Server for Run-Time Engine (Version: 11.0.375.0)
NI LabWindows/CVI 2010 SP1 Analysis Library (64-bit) (Version: 10.0.1434)
NI LabWindows/CVI 2010 SP1 Analysis Library (Version: 10.0.1434)
NI LabWindows/CVI 2010 SP1 Low-Level Driver (Original) (Version: 10.0.1434)
NI LabWindows/CVI 2010 SP1 Low-Level Driver (Updated) (Version: 10.0.1434)
NI LabWindows/CVI 2010 SP1 Network Variable Library (64-bit) (Version: 10.0.1434)
NI LabWindows/CVI 2010 SP1 Network Variable Library (Version: 10.0.1434)
NI LabWindows/CVI 2010 SP1 Run-Time Engine (64-bit) (Version: 10.0.1434)
NI LabWindows/CVI 2010 SP1 TDM Streaming Library (64-bit) (Version: 10.0.1434)
NI LabWindows/CVI 2010 SP1 TDM Streaming Library (Version: 10.0.1434)
NI LabWindows/CVI Run-Time Engine 2010 SP1 (Updated) (Version: 10.0.1434)
NI LabWindows/CVI Run-Time Engine 2010 SP1 (Version: 10.0.1434)
NI License Manager (Version: 3.7.44)
NI Logos 5.4 (64-bit) (Version: 5.4.303.0)
NI Logos 5.4 (Version: 5.4.303.0)
NI Logos XT Support (Version: 5.4.295.0)
NI Logos64 XT Support (Version: 5.4.295.0)
NI Math Kernel Libraries (64-bit) (Version: 1.0.10.0)
NI Math Kernel Libraries (Version: 1.0.10.0)
NI Math Kernel Libraries (Version: 1.0.861.0)
NI MAX Remote Configuration 64-bit Installer 5.0 (Version: 5.00.49153)
NI MAX Remote Configuration Installer 5.0 (Version: 5.00.49153)
NI MDF Support (Version: 3.10.393)
NI mDNS Responder 2.1 for Windows 64-bit (Version: 2.10.49152)
NI mDNS Responder 2.1.0 (Version: 2.10.49152)
NI MetaSuite Installer (Version: 3.10.393)
NI MXS 5.3.0 (Version: 5.30.49152)
NI MXS 5.3.0 for 64 Bit Windows (Version: 5.30.49152)
NI NI LabVIEW 2011 SP1 Run-Time Engine Non-English Support (Version: 11.0.302.0)
NI NI LabVIEW 2012 Run-Time Engine Non-English Support. (Version: 12.0.363.0)
NI OPC Support (Version: 12.0.295.0)
NI SSL LabVIEW RTE 2012 Support (Version: 12.0.125.0)
NI SSL Support (64-bit) (Version: 12.0.408.0)
NI SSL Support (Version: 12.0.408.0)
NI System State Publisher (64-bit) (Version: 12.0.218.0)
NI System State Publisher (Version: 12.0.358.0)
NI System Web Server 12.0 (Version: 12.0.414.0)
NI System Web Server Base 12.0.0 (64-bit) (Version: 12.0.407.0)
NI System Web Server Base 12.0.0 (Version: 12.0.407.0)
NI TDM Streaming 2.4 (64-bit) (Version: 2.4.55.0)
NI TDM Streaming 2.4 (Version: 2.4.55.0)
NI Trace Engine (64-bit) (Version: 12.0.401.0)
NI Trace Engine (Version: 12.0.401.0)
NI Uninstaller (Version: 3.10.393)
NI Update Service 2.2.1 (Version: 2.21.7.0)
NI USI 2.0.0 (Version: 2.0.04901)
NI USI 2.0.0 64-Bit (Version: 2.0.04901)
NI Variable Engine (64-bit) (Version: 2.6.296.0)
NI Variable Engine 2.6.0 (Version: 2.6.296.0)
NI VC2005MSMs x64 (Version: 8.05.0)
NI VC2005MSMs x86 (Version: 8.05.0)
NI VC2008MSMs x64 (Version: 9.0.401)
NI VC2008MSMs x86 (Version: 9.0.401)
NI VC2010MSMs x64 (Version: 10.0.001)
NI VC2010MSMs x86 (Version: 10.0.001)
NI Web Application Server 12.0 (64-bit) (Version: 12.0.422.0)
NI Web Application Server 12.0 (Version: 12.0.422.0)
NI Web Pipeline 2.0.1 (Version: 2.0.128.0)
NI Web Pipeline 2.0.1 64-bit support (Version: 2.0.122.0)
NI Xerces Delay Load 2.7.3 (Version: 2.7.180.0)
NI Xerces Delay Load 2.7.3 64-bit (Version: 2.7.190.0)
NI-Mesa (Version: 11.0.11.0)
NI-RPC 4.3.0f0 (Version: 4.30.49152)
NI-RPC 4.3.0f0 for 64 Bit Windows (Version: 4.30.49152)
NI-RPC 4.3.0f0 for Phar Lap ETS (Version: 4.30.49152)
Norton PC Checkup (Version: 3.0.2.90.0)
Penguins! (Version: 2.2.0.82)
PlayReady PC Runtime amd64 (Version: 1.3.0)
Polar Bowler (Version: 2.2.0.82)
PSpice Student 9.1
Quickbooks Financial Center (Version: 2.02)
QuickTime (Version: 7.74.80.86)
Realtek USB 2.0 Card Reader (Version: 6.1.7600.30111)
Realtek WLAN Driver (Version: 2.00.0011)
Revo Uninstaller 1.94 (Version: 1.94)
Secure Download Manager (Version: 3.0.5)
Shared C Run-time for x64 (Version: 10.0.0)
Skype Launcher (Version: 2.01)
Skype™ 6.3 (Version: 6.3.105)
Synaptics Pointing Device Driver (Version: 15.0.8.1)
TOSHIBA Application Installer (Version: 9.0.1.0)
TOSHIBA Assist (Version: 3.00.10)
TOSHIBA Bulletin Board (Version: 1.6.07.64)
TOSHIBA Disc Creator (Version: 2.1.0.2 for x64)
TOSHIBA Face Recognition (Version: 3.1.3.64)
TOSHIBA Hardware Setup (Version: 2.00.04)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.6)
Toshiba Laptop Checkup (Version: 2.0.3.198)
TOSHIBA Media Controller (Version: 1.0.80.3.64)
TOSHIBA Media Controller Plug-in (Version: 1.0.4.9)
Toshiba Online Backup (Version: 1.2.0.38)
TOSHIBA Quality Application (Version: 1.0.3)
TOSHIBA Recovery Media Creator (Version: 2.1.0.4 for x64)
TOSHIBA ReelTime (Version: 1.6.06.64)
TOSHIBA Service Station (Version: 2.1.40)
TOSHIBA Supervisor Password (Version: 2.00.03)
TOSHIBA Value Added Package (Version: 1.3.3.64)
TOSHIBA Web Camera Application (Version: 1.1.1.15)
ToshibaRegistration (Version: 1.0.4)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update Installer for WildTangent Games App
Virtual Families (Version: 2.2.0.82)
Virtual Villagers - The Secret City (Version: 2.2.0.82)
WildTangent Games (Version: 1.0.0.80)
WildTangent Games App (Toshiba Games) (Version: 4.0.10.2)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live Messenger Companion Core (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
WinZip 16.0 (Version: 16.0.9715)
Zuma's Revenge (Version: 2.2.0.82)

========================= Devices: ================================

========================= Memory info: ===================================

Percentage of memory in use: 77%
Total physical RAM: 2939.99 MB
Available physical RAM: 667.49 MB
Total Pagefile: 5878.16 MB
Available Pagefile: 3398.94 MB
Total Virtual: 4095.88 MB
Available Virtual: 3982.86 MB

========================= Partitions: =====================================

1 Drive c: (TI105847W0F) (Fixed) (Total:222.47 GB) (Free:141.31 GB) NTFS

========================= Users: ========================================

User accounts for \\LOGAN-PC

Administrator            Guest                    Logan                   

**** End of log ****

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Home Premium x64
Ran by Logan on Tue 02/25/2014 at 18:57:10.16
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs

 

~~~ Files

 

~~~ Folders

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 02/25/2014 at 19:12:11.81
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

# AdwCleaner v3.019 - Report created 25/02/2014 at 21:26:12
# Updated 17/02/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Logan - LOGAN-PC
# Running from : C:\Users\Logan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\60ZK9AW0\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

File Deleted : C:\windows\System32\Tasks\Scheduled Update for Ask Toolbar

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16798

-\\ Google Chrome v28.0.1500.95

[ File : C:\Users\Logan\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [1063 octets] - [25/02/2014 21:23:56]
AdwCleaner[S0].txt - [992 octets] - [25/02/2014 21:26:12]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1051 octets] ##########

 

Emsisoft Emergency Kit - Version 4.0
Last update: 2/25/2014 9:41:17 PM
User account: Logan-PC\Logan

Scan settings:

Scan type: Deep Scan
Objects: Rootkits, Memory, Traces, C:\

Detect PUPs: On
Scan archives: On
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start: 2/25/2014 9:42:37 PM
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\W3I  detected: Application.InstallAd (A)
Key: HKEY_USERS\S-1-5-21-3570718409-851134573-778263843-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SMART FORTRESS 2012  detected: Rogue.Win32.WinWebSec (A)
Value: HKEY_USERS\S-1-5-21-3570718409-851134573-778263843-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR  detected: Setting.DisableTaskMgr (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS  detected: Setting.DisableRegistryTools (A)
Value: HKEY_USERS\S-1-5-21-3570718409-851134573-778263843-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS  detected: Setting.DisableRegistryTools (A)

Scanned 251173
Found 5

Scan end: 2/26/2014 12:35:48 AM
Scan time: 2:53:11

Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS Quarantined Setting.DisableRegistryTools (A)
Value: HKEY_USERS\S-1-5-21-3570718409-851134573-778263843-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS Quarantined Setting.DisableRegistryTools (A)
Value: HKEY_USERS\S-1-5-21-3570718409-851134573-778263843-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR Quarantined Setting.DisableTaskMgr (A)
Key: HKEY_USERS\S-1-5-21-3570718409-851134573-778263843-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SMART FORTRESS 2012 Quarantined Rogue.Win32.WinWebSec (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\W3I Quarantined Application.InstallAd (A)

Quarantined 5



#4 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:00 PM

Posted 26 February 2014 - 11:17 PM

Please download TDSSKiller.exe to your desktop.. Vista/Windows 7 users right-click and select Run As Administrator.

  • Click on Change Parameters and click Detect TDLFS File System.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A TDSSKiller text file would be saved in Local Disk C.
  • Copy and paste the contents of that file in your next reply.

 

Please download Norman Malware Cleaner from Here.
You will need to enter your email into the box in picture below.
FVsHTzR.png
Click the download button after email is entered, this will appear.
rTZ5124.png
Click Download Norman Malware Cleaner.exe
This is a large download so it will take some time to complete.
Disable your antivirus,  prior to starting this scan.
Save it to your desktop, right click and run as administrator. ( Xp users double click)
Click Accept to the user agreement.
Select Full Scan.
Hit the start button.
When the scan is complete a log will generate onto your desktop, please copy and paste it here in your next reply.


 


Edited by InadequateInfirmity, 26 February 2014 - 11:17 PM.


#5 lpeltier

lpeltier
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:03:00 PM

Posted 02 March 2014 - 12:56 PM

TDSS Killer didn't detect anything.

 

Norman Malware Cleaner v2.08.08
Copyright © 1990 - 2013, Norman Shark AS.

Norman Scanner Engine Version: 7.02.06
nvcbin.def: Version: 7.02.7290, Date: 2014/03/01 21:54:28, Variants: 26837675

Operating System: Windows 7 Service Pack 1 x64

Switches: /iagree

Scan started: 2014/03/02 09:04:06

Running pre-scan cleanup routine...

Number of malicious objects found: 0
Number of malicious objects cleaned: 0
Scanning time: 0s

Scanning running processes and process memory...

Number of files found: 572
Number of objects found: 4379
Number of objects scanned: 4379
Number of objects not scanned: 0
Number of malicious memory objects found: 0
Number of malicious objects cleaned: 0
Number of malicious files found: 0
Number of malicious files cleaned: 0
Scanning time: 2m 47s

Scanning system for FakeAV...

Number of malicious objects found: 0
Number of malicious objects cleaned: 0
Number of malicious files found: 0
Number of malicious files cleaned: 0
Scanning time: 0s

Running full scan...
C:\Program Files\Common Files\McAfee\AMCore\EM\EMSystemWideDataStore_00.PTF: Error opening file for read: 0x00000020
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log: Error opening file for read: 0x00000020
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb: Error opening file for read: 0x00000020
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb: Error opening file for read: 0x00000020
C:\ProgramData\Microsoft\Windows\DRM\Cache\Indiv01.tmp: Error opening file for read: 0x00000020
C:\System Volume Information\Syscache.hve: Error opening file for read: 0x00000020
C:\System Volume Information\Syscache.hve.LOG1: Error opening file for read: 0x00000020
C:\System Volume Information\Syscache.hve.LOG2: Error opening file for read: 0x00000020
C:\Users\Logan\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{22E4A3CB-A219-11E3-B908-001E33FDC734}.dat: Error opening file for read: 0x00000020
C:\Users\Logan\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{22E4A3CC-A219-11E3-B908-001E33FDC734}.dat: Error opening file for read: 0x00000020
C:\Users\Logan\AppData\Local\Microsoft\Windows\UsrClass.dat: Error opening file for read: 0x00000020
C:\Users\Logan\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1: Error opening file for read: 0x00000020
C:\Users\Logan\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2: Error opening file for read: 0x00000020
C:\Users\Logan\AppData\Local\Microsoft\Windows\WebCache\V01.log: Error opening file for read: 0x00000020
C:\Users\Logan\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat: Error opening file for read: 0x00000020
C:\Users\Logan\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.tmp: Error opening file for read: 0x00000020
C:\Users\Logan\AppData\Local\Temp\scoped_dir4728_28692\data_0: Error opening file for read: 0x00000020
C:\Users\Logan\AppData\Local\Temp\scoped_dir4728_28692\data_1: Error opening file for read: 0x00000020
C:\Users\Logan\AppData\Local\Temp\scoped_dir4728_28692\data_2: Error opening file for read: 0x00000020
C:\Users\Logan\AppData\Local\Temp\scoped_dir4728_28692\index: Error opening file for read: 0x00000020
C:\Users\Logan\AppData\Local\Temp\scoped_dir4728_28692\data_3: Error opening file for read: 0x00000020
C:\Users\Logan\AppData\Local\Temp\~DF4DEFD7C763F154FB.TMP: Error opening file for read: 0x00000020
C:\Users\Logan\AppData\Local\Temp\~DFB59D233149F17C3A.TMP: Error opening file for read: 0x00000020
C:\Users\Logan\AppData\Roaming\Skype\live#3al.peltier_1\bistats.lock: Error opening file for read: 0x00000020
C:\Users\Logan\AppData\Roaming\Skype\live#3al.peltier_1\keyval.lock: Error opening file for read: 0x00000020
C:\Users\Logan\AppData\Roaming\Skype\live#3al.peltier_1\main.lock: Error opening file for read: 0x00000020
C:\Users\Logan\AppData\Roaming\Skype\live#3al.peltier_1\msn.lock: Error opening file for read: 0x00000020
C:\Users\Logan\AppData\Roaming\Skype\shared_dynco\dc.lock: Error opening file for read: 0x00000020
C:\Users\Logan\AppData\Roaming\Skype\shared_httpfe\queue.lock: Error opening file for read: 0x00000020
C:\Users\Logan\Downloads\dds.com: File infected with winpe/Rootkit.FAQK
Delete file: C:\Users\Logan\Downloads\dds.com
Cleaning successful
C:\Users\Logan\ntuser.dat: Error opening file for read: 0x00000020
C:\Users\Logan\ntuser.dat.LOG1: Error opening file for read: 0x00000020
C:\Users\Logan\ntuser.dat.LOG2: Error opening file for read: 0x00000020
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat: Error opening file for read: 0x00000020
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat: Error opening file for read: 0x00000020
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\PeerNetworking\37f28fec69c6bbb5c6eb55fbfc092d44c1f157ac.HomeGroupClassifier\e27e6eed852e73fbda8bacd06103640d\grouping\db.mdb: Error opening file for read: 0x00000020
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\PeerNetworking\37f28fec69c6bbb5c6eb55fbfc092d44c1f157ac.HomeGroupClassifier\e27e6eed852e73fbda8bacd06103640d\grouping\edb.log: Error opening file for read: 0x00000020
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\PeerNetworking\37f28fec69c6bbb5c6eb55fbfc092d44c1f157ac.HomeGroupClassifier\e27e6eed852e73fbda8bacd06103640d\grouping\tmp.edb: Error opening file for read: 0x00000020
C:\Windows\ServiceProfiles\LocalService\ntuser.dat: Error opening file for read: 0x00000020
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG1: Error opening file for read: 0x00000020
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG2: Error opening file for read: 0x00000020
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat: Error opening file for read: 0x00000020
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG1: Error opening file for read: 0x00000020
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG2: Error opening file for read: 0x00000020
C:\Windows\SoftwareDistribution\Download\279aa81fde54a5290cd8a5c52c6030f6c5ac6892/noname.7z/netfx_core_x64.msi: I/O error scanning file: 0x00002000
C:\Windows\SoftwareDistribution\Download\279aa81fde54a5290cd8a5c52c6030f6c5ac6892/noname.7z/netfx_core_x86.msi: I/O error scanning file: 0x00002000
C:\Windows\SoftwareDistribution\Download\279aa81fde54a5290cd8a5c52c6030f6c5ac6892/noname.7z/netfx_extended_x64.msi: I/O error scanning file: 0x00002000
C:\Windows\SoftwareDistribution\Download\279aa81fde54a5290cd8a5c52c6030f6c5ac6892/noname.7z/netfx_extended_x86.msi: I/O error scanning file: 0x00002000
C:\Windows\SoftwareDistribution\Download\279aa81fde54a5290cd8a5c52c6030f6c5ac6892/noname.7z/netfx_Full_GDR_x64.msi: I/O error scanning file: 0x00002000
C:\Windows\SoftwareDistribution\Download\279aa81fde54a5290cd8a5c52c6030f6c5ac6892/noname.7z/netfx_Full_GDR_x86.msi: I/O error scanning file: 0x00002000
C:\Windows\SoftwareDistribution\Download\279aa81fde54a5290cd8a5c52c6030f6c5ac6892/noname.7z/netfx_Full_LDR_x64.msi: I/O error scanning file: 0x00002000
C:\Windows\SoftwareDistribution\Download\279aa81fde54a5290cd8a5c52c6030f6c5ac6892/noname.7z/netfx_Full_LDR_x86.msi: I/O error scanning file: 0x00002000
C:\Windows\SoftwareDistribution\Download\279aa81fde54a5290cd8a5c52c6030f6c5ac6892/noname.7z/netfx_Full_x64.msi: I/O error scanning file: 0x00002000
C:\Windows\SoftwareDistribution\Download\279aa81fde54a5290cd8a5c52c6030f6c5ac6892/noname.7z/netfx_Full_x86.msi: I/O error scanning file: 0x00002000
C:\Windows\SoftwareDistribution\Download\279aa81fde54a5290cd8a5c52c6030f6c5ac6892/noname.7z/header.bmp: I/O error scanning file: 0x00002000
C:\Windows\SoftwareDistribution\Download\279aa81fde54a5290cd8a5c52c6030f6c5ac6892/noname.7z/SplashScreen.bmp: I/O error scanning file: 0x00002000
C:\Windows\SoftwareDistribution\Download\279aa81fde54a5290cd8a5c52c6030f6c5ac6892/noname.7z/watermark.bmp: I/O error scanning file: 0x00002000
C:\Windows\SoftwareDistribution\Download\279aa81fde54a5290cd8a5c52c6030f6c5ac6892/noname.7z/DisplayIcon.ico: I/O error scanning file: 0x00002000
C:\Windows\SoftwareDistribution\Download\279aa81fde54a5290cd8a5c52c6030f6c5ac6892/noname.7z/Graphics/Print.ico: I/O error scanning file: 0x00002000
C:\Windows\SoftwareDistribution\Download\279aa81fde54a5290cd8a5c52c6030f6c5ac6892/noname.7z/Graphics/Rotate1.ico: I/O error scanning file: 0x00002000
C:\Windows\SoftwareDistribution\Download\279aa81fde54a5290cd8a5c52c6030f6c5ac6892/noname.7z/Graphics/Rotate2.ico: I/O error scanning file: 0x00002000
C:\Windows\SoftwareDistribution\Download\279aa81fde54a5290cd8a5c52c6030f6c5ac6892/noname.7z/Graphics/Rotate3.ico: I/O error scanning file: 0x00002000
C:\Windows\SoftwareDistribution\Download\279aa81fde54a5290cd8a5c52c6030f6c5ac6892/noname.7z/Graphics/Rotate4.ico: I/O error scanning file: 0x00002000
C:\Windows\SoftwareDistribution\Download\279aa81fde54a5290cd8a5c52c6030f6c5ac6892/noname.7z/Graphics/Rotate5.ico: I/O error scanning file: 0x00002000
C:\Windows\SoftwareDistribution\Download\279aa81fde54a5290cd8a5c52c6030f6c5ac6892/noname.7z/Graphics/Rotate6.ico: I/O error scanning file: 0x00002000
C:\Windows\SoftwareDistribution\Download\279aa81fde54a5290cd8a5c52c6030f6c5ac6892/noname.7z/Graphics/Rotate7.ico: I/O error scanning file: 0x00002000
C:\Windows\SoftwareDistribution\Download\279aa81fde54a5290cd8a5c52c6030f6c5ac6892/noname.7z/Graphics/Rotate8.ico: I/O error scanning file: 0x00002000
C:\Windows\SoftwareDistribution\Download\279aa81fde54a5290cd8a5c52c6030f6c5ac6892/noname.7z/Graphics/Save.ico: I/O error scanning file: 0x00002000
C:\Windows\SoftwareDistribution\Download\279aa81fde54a5290cd8a5c52c6030f6c5ac6892/noname.7z/Graphics/Setup.ico: I/O error scanning file: 0x00002000
C:\Windows\SoftwareDistribution\Download\279aa81fde54a5290cd8a5c52c6030f6c5ac6892/noname.7z/Graphics/stop.ico: I/O error scanning file: 0x00002000
C:\Windows\SoftwareDistribution\Download\279aa81fde54a5290cd8a5c52c6030f6c5ac6892/noname.7z/Graphics/SysReqMet.ico: I/O error scanning file: 0x00002000
C:\Windows\SoftwareDistribution\Download\279aa81fde54a5290cd8a5c52c6030f6c5ac6892/noname.7z/Graphics/SysReqNotMet.ico: I/O error scanning file: 0x00002000
C:\Windows\SoftwareDistribution\Download\279aa81fde54a5290cd8a5c52c6030f6c5ac6892/noname.7z/Graphics/warn.ico: I/O error scanning file: 0x00002000
C:\Windows\SoftwareDistribution\Download\279aa81fde54a5290cd8a5c52c6030f6c5ac6892/noname.7z/1025/LocalizedData.xml: I/O error scanning file: 0x00002000
C:\Windows\SoftwareDistribution\Download\279aa81fde54a5290cd8a5c52c6030f6c5ac6892/noname.7z/2052/LocalizedData.xml: I/O error scanning file: 0x00002000
C:\Windows\SoftwareDistribution\Download\279aa81fde54a5290cd8a5c52c6030f6c5ac6892/noname.7z/1028/LocalizedData.xml: I/O error scanning file: 0x00002000
C:\Windows\SoftwareDistribution\Download\279aa81fde54a5290cd8a5c52c6030f6c5ac6892/noname.7z/1030/LocalizedData.xml: I/O error scanning file: 0x00002000
C:\Windows\SoftwareDistribution\Download\279aa81fde54a5290cd8a5c52c6030f6c5ac6892/noname.7z/1029/LocalizedData.xml: I/O error scanning file: 0x00002000
C:\Windows\SoftwareDistribution\Download\279aa81fde54a5290cd8a5c52c6030f6c5ac6892/noname.7z/1033/LocalizedData.xml: I/O error scanning file: 0x00002000
C:\Windows\SoftwareDistribution\Download\279aa81fde54a5290cd8a5c52c6030f6c5ac6892/noname.7z/1031/LocalizedData.xml: I/O error scanning file: 0x00002000
C:\Windows\SoftwareDistribution\Download\279aa81fde54a5290cd8a5c52c6030f6c5ac6892/noname.7z/1032/LocalizedData.xml: I/O error scanning file: 0x00002000
C:\Windows\SoftwareDistribution\Download\279aa81fde54a5290cd8a5c52c6030f6c5ac6892/noname.7z/1035/LocalizedData.xml: I/O error scanning file: 0x00002000
C:\Windows\SoftwareDistribution\Download\279aa81fde54a5290cd8a5c52c6030f6c5ac6892/noname.7z/3082/LocalizedData.xml: I/O error scanning file: 0x00002000
C:\Windows\SoftwareDistribution\Download\279aa81fde54a5290cd8a5c52c6030f6c5ac6892/noname.7z/1037/LocalizedData.xml: I/O error scanning file: 0x00002000
C:\Windows\SoftwareDistribution\Download\279aa81fde54a5290cd8a5c52c6030f6c5ac6892/noname.7z/1036/LocalizedData.xml: I/O error scanning file: 0x00002000
C:\Windows\SoftwareDistribution\Download\279aa81fde54a5290cd8a5c52c6030f6c5ac6892/noname.7z/1040/LocalizedData.xml: I/O error scanning file: 0x00002000
C:\Windows\SoftwareDistribution\Download\279aa81fde54a5290cd8a5c52c6030f6c5ac6892/noname.7z/1038/LocalizedData.xml: I/O error scanning file: 0x00002000
C:\Windows\SoftwareDistribution\Download\279aa81fde54a5290cd8a5c52c6030f6c5ac6892/noname.7z/1042/LocalizedData.xml: I/O error scanning file: 0x00002000
C:\Windows\SoftwareDistribution\Download\279aa81fde54a5290cd8a5c52c6030f6c5ac6892/noname.7z/1041/LocalizedData.xml: I/O error scanning file: 0x00002000
C:\Windows\SoftwareDistribution\Download\279aa81fde54a5290cd8a5c52c6030f6c5ac6892/noname.7z/1044/LocalizedData.xml: I/O error scanning file: 0x00002000
C:\Windows\SoftwareDistribution\Download\279aa81fde54a5290cd8a5c52c6030f6c5ac6892/noname.7z/1043/LocalizedData.xml: I/O error scanning file: 0x00002000
C:\Windows\SoftwareDistribution\Download\279aa81fde54a5290cd8a5c52c6030f6c5ac6892/noname.7z/1046/LocalizedData.xml: I/O error scanning file: 0x00002000
C:\Windows\SoftwareDistribution\Download\279aa81fde54a5290cd8a5c52c6030f6c5ac6892/noname.7z/2070/LocalizedData.xml: I/O error scanning file: 0x00002000
C:\Windows\SoftwareDistribution\Download\279aa81fde54a5290cd8a5c52c6030f6c5ac6892/noname.7z/1045/LocalizedData.xml: I/O error scanning file: 0x00002000
C:\Windows\SoftwareDistribution\Download\279aa81fde54a5290cd8a5c52c6030f6c5ac6892/noname.7z/1053/LocalizedData.xml: I/O error scanning file: 0x00002000
C:\Windows\SoftwareDistribution\Download\279aa81fde54a5290cd8a5c52c6030f6c5ac6892/noname.7z/1049/LocalizedData.xml: I/O error scanning file: 0x00002000
C:\Windows\SoftwareDistribution\Download\279aa81fde54a5290cd8a5c52c6030f6c5ac6892/noname.7z/1055/LocalizedData.xml: I/O error scanning file: 0x00002000
C:\Windows\SoftwareDistribution\Download\279aa81fde54a5290cd8a5c52c6030f6c5ac6892/noname.7z/ParameterInfo.xml: I/O error scanning file: 0x00002000
C:\Windows\SoftwareDistribution\Download\279aa81fde54a5290cd8a5c52c6030f6c5ac6892/noname.7z/Strings.xml: I/O error scanning file: 0x00002000
C:\Windows\SoftwareDistribution\Download\279aa81fde54a5290cd8a5c52c6030f6c5ac6892/noname.7z/UiInfo.xml: I/O error scanning file: 0x00002000
C:\Windows\SoftwareDistribution\Download\279aa81fde54a5290cd8a5c52c6030f6c5ac6892/noname.7z/SetupUi.xsd: I/O error scanning file: 0x00002000
C:\Windows\SoftwareDistribution\Download\279aa81fde54a5290cd8a5c52c6030f6c5ac6892/noname.7z/DHtmlHeader.html: I/O error scanning file: 0x00002000
C:\Windows\SoftwareDistribution\Download\279aa81fde54a5290cd8a5c52c6030f6c5ac6892/noname.7z/1025/eula.rtf: I/O error scanning file: 0x00002000
C:\Windows\SoftwareDistribution\Download\279aa81fde54a5290cd8a5c52c6030f6c5ac6892/noname.7z/1029/eula.rtf: I/O error scanning file: 0x00002000
C:\Windows\SoftwareDistribution\Download\279aa81fde54a5290cd8a5c52c6030f6c5ac6892/noname.7z/1028/eula.rtf: I/O error scanning file: 0x00002000
C:\Windows\SoftwareDistribution\Download\279aa81fde54a5290cd8a5c52c6030f6c5ac6892/noname.7z/1030/eula.rtf: I/O error scanning file: 0x00002000
C:\Windows\SoftwareDistribution\Download\279aa81fde54a5290cd8a5c52c6030f6c5ac6892/noname.7z/1031/eula.rtf: I/O error scanning file: 0x00002000
C:\Windows\SoftwareDistribution\Download\279aa81fde54a5290cd8a5c52c6030f6c5ac6892/noname.7z/1033/eula.rtf: I/O error scanning file: 0x00002000
C:\Windows\SoftwareDistribution\Download\279aa81fde54a5290cd8a5c52c6030f6c5ac6892/noname.7z/1032/eula.rtf: I/O error scanning file: 0x00002000
C:\Windows\SoftwareDistribution\Download\279aa81fde54a5290cd8a5c52c6030f6c5ac6892/noname.7z/1035/eula.rtf: I/O error scanning file: 0x00002000
C:\Windows\SoftwareDistribution\Download\279aa81fde54a5290cd8a5c52c6030f6c5ac6892/noname.7z/1036/eula.rtf: I/O error scanning file: 0x00002000
C:\Windows\SoftwareDistribution\Download\279aa81fde54a5290cd8a5c52c6030f6c5ac6892/noname.7z/1037/eula.rtf: I/O error scanning file: 0x00002000
C:\Windows\SoftwareDistribution\Download\279aa81fde54a5290cd8a5c52c6030f6c5ac6892/noname.7z/1040/eula.rtf: I/O error scanning file: 0x00002000
C:\Windows\SoftwareDistribution\Download\279aa81fde54a5290cd8a5c52c6030f6c5ac6892/noname.7z/1038/eula.rtf: I/O error scanning file: 0x00002000
C:\Windows\SoftwareDistribution\Download\279aa81fde54a5290cd8a5c52c6030f6c5ac6892/noname.7z/1042/eula.rtf: I/O error scanning file: 0x00002000
C:\Windows\SoftwareDistribution\Download\279aa81fde54a5290cd8a5c52c6030f6c5ac6892/noname.7z/1041/eula.rtf: I/O error scanning file: 0x00002000
C:\Windows\SoftwareDistribution\Download\279aa81fde54a5290cd8a5c52c6030f6c5ac6892/noname.7z/1044/eula.rtf: I/O error scanning file: 0x00002000
C:\Windows\SoftwareDistribution\Download\279aa81fde54a5290cd8a5c52c6030f6c5ac6892/noname.7z/1043/eula.rtf: I/O error scanning file: 0x00002000
C:\Windows\SoftwareDistribution\Download\279aa81fde54a5290cd8a5c52c6030f6c5ac6892/noname.7z/1046/eula.rtf: I/O error scanning file: 0x00002000
C:\Windows\SoftwareDistribution\Download\279aa81fde54a5290cd8a5c52c6030f6c5ac6892/noname.7z/1045/eula.rtf: I/O error scanning file: 0x00002000
C:\Windows\SoftwareDistribution\Download\279aa81fde54a5290cd8a5c52c6030f6c5ac6892/noname.7z/1053/eula.rtf: I/O error scanning file: 0x00002000
C:\Windows\SoftwareDistribution\Download\279aa81fde54a5290cd8a5c52c6030f6c5ac6892/noname.7z/1055/eula.rtf: I/O error scanning file: 0x00002000
C:\Windows\SoftwareDistribution\Download\279aa81fde54a5290cd8a5c52c6030f6c5ac6892/noname.7z/1049/eula.rtf: I/O error scanning file: 0x00002000
C:\Windows\SoftwareDistribution\Download\279aa81fde54a5290cd8a5c52c6030f6c5ac6892/noname.7z/2052/eula.rtf: I/O error scanning file: 0x00002000
C:\Windows\SoftwareDistribution\Download\279aa81fde54a5290cd8a5c52c6030f6c5ac6892/noname.7z/2070/eula.rtf: I/O error scanning file: 0x00002000
C:\Windows\SoftwareDistribution\Download\279aa81fde54a5290cd8a5c52c6030f6c5ac6892/noname.7z/3082/eula.rtf: I/O error scanning file: 0x00002000
C:\Windows\SoftwareDistribution\Download\279aa81fde54a5290cd8a5c52c6030f6c5ac6892/noname.7z/Setup.exe: I/O error scanning file: 0x00002000
C:\Windows\SoftwareDistribution\Download\279aa81fde54a5290cd8a5c52c6030f6c5ac6892/noname.7z/SetupUtility.exe: I/O error scanning file: 0x00002000
C:\Windows\SoftwareDistribution\Download\279aa81fde54a5290cd8a5c52c6030f6c5ac6892/noname.7z/SetupEngine.dll: I/O error scanning file: 0x00002000
C:\Windows\SoftwareDistribution\Download\279aa81fde54a5290cd8a5c52c6030f6c5ac6892/noname.7z/1025/SetupResources.dll: I/O error scanning file: 0x00002000
C:\Windows\SoftwareDistribution\Download\279aa81fde54a5290cd8a5c52c6030f6c5ac6892/noname.7z/2052/SetupResources.dll: I/O error scanning file: 0x00002000
C:\Windows\SoftwareDistribution\Download\279aa81fde54a5290cd8a5c52c6030f6c5ac6892/noname.7z/1028/SetupResources.dll: I/O error scanning file: 0x00002000
C:\Windows\SoftwareDistribution\Download\279aa81fde54a5290cd8a5c52c6030f6c5ac6892/noname.7z/1042/SetupResources.dll: I/O error scanning file: 0x00002000
C:\Windows\SoftwareDistribution\Download\279aa81fde54a5290cd8a5c52c6030f6c5ac6892/noname.7z/1041/SetupResources.dll: I/O error scanning file: 0x00002000
C:\Windows\SoftwareDistribution\Download\279aa81fde54a5290cd8a5c52c6030f6c5ac6892/noname.7z/1037/SetupResources.dll: I/O error scanning file: 0x00002000
C:\Windows\SoftwareDistribution\Download\279aa81fde54a5290cd8a5c52c6030f6c5ac6892/noname.7z/1033/SetupResources.dll: I/O error scanning file: 0x00002000
C:\Windows\SoftwareDistribution\Download\279aa81fde54a5290cd8a5c52c6030f6c5ac6892/noname.7z/1030/SetupResources.dll: I/O error scanning file: 0x00002000
C:\Windows\SoftwareDistribution\Download\279aa81fde54a5290cd8a5c52c6030f6c5ac6892/noname.7z/1044/SetupResources.dll: I/O error scanning file: 0x00002000
C:\Windows\SoftwareDistribution\Download\279aa81fde54a5290cd8a5c52c6030f6c5ac6892/noname.7z/1053/SetupResources.dll: I/O error scanning file: 0x00002000
C:\Windows\SoftwareDistribution\Download\279aa81fde54a5290cd8a5c52c6030f6c5ac6892/noname.7z/1029/SetupResources.dll: I/O error scanning file: 0x00002000
C:\Windows\SoftwareDistribution\Download\279aa81fde54a5290cd8a5c52c6030f6c5ac6892/noname.7z/1035/SetupResources.dll: I/O error scanning file: 0x00002000
C:\Windows\SoftwareDistribution\Download\279aa81fde54a5290cd8a5c52c6030f6c5ac6892/noname.7z/1040/SetupResources.dll: I/O error scanning file: 0x00002000
C:\Windows\SoftwareDistribution\Download\279aa81fde54a5290cd8a5c52c6030f6c5ac6892/noname.7z/1045/SetupResources.dll: I/O error scanning file: 0x00002000
C:\Windows\SoftwareDistribution\Download\279aa81fde54a5290cd8a5c52c6030f6c5ac6892/noname.7z/1046/SetupResources.dll: I/O error scanning file: 0x00002000
C:\Windows\SoftwareDistribution\Download\279aa81fde54a5290cd8a5c52c6030f6c5ac6892/noname.7z/1049/SetupResources.dll: I/O error scanning file: 0x00002000
C:\Windows\SoftwareDistribution\Download\279aa81fde54a5290cd8a5c52c6030f6c5ac6892/noname.7z/2070/SetupResources.dll: I/O error scanning file: 0x00002000
C:\Windows\SoftwareDistribution\Download\279aa81fde54a5290cd8a5c52c6030f6c5ac6892/noname.7z/1031/SetupResources.dll: I/O error scanning file: 0x00002000
C:\Windows\SoftwareDistribution\Download\279aa81fde54a5290cd8a5c52c6030f6c5ac6892/noname.7z/1036/SetupResources.dll: I/O error scanning file: 0x00002000
C:\Windows\SoftwareDistribution\Download\279aa81fde54a5290cd8a5c52c6030f6c5ac6892/noname.7z/1038/SetupResources.dll: I/O error scanning file: 0x00002000
C:\Windows\SoftwareDistribution\Download\279aa81fde54a5290cd8a5c52c6030f6c5ac6892/noname.7z/3082/SetupResources.dll: I/O error scanning file: 0x00002000
C:\Windows\SoftwareDistribution\Download\279aa81fde54a5290cd8a5c52c6030f6c5ac6892/noname.7z/1032/SetupResources.dll: I/O error scanning file: 0x00002000
C:\Windows\SoftwareDistribution\Download\279aa81fde54a5290cd8a5c52c6030f6c5ac6892/noname.7z/1043/SetupResources.dll: I/O error scanning file: 0x00002000
C:\Windows\SoftwareDistribution\Download\279aa81fde54a5290cd8a5c52c6030f6c5ac6892/noname.7z/1055/SetupResources.dll: I/O error scanning file: 0x00002000
C:\Windows\SoftwareDistribution\Download\279aa81fde54a5290cd8a5c52c6030f6c5ac6892/noname.7z/SetupUi.dll: I/O error scanning file: 0x00002000
C:\Windows\SoftwareDistribution\Download\279aa81fde54a5290cd8a5c52c6030f6c5ac6892/noname.7z/sqmapi.dll: I/O error scanning file: 0x00002000
C:\Windows\SoftwareDistribution\Download\279aa81fde54a5290cd8a5c52c6030f6c5ac6892/noname.7z/Windows6.0-KB956250-v6001-x64.msu: I/O error scanning file: 0x00002000
C:\Windows\SoftwareDistribution\Download\279aa81fde54a5290cd8a5c52c6030f6c5ac6892/noname.7z/Windows6.0-KB956250-v6001-x86.msu: I/O error scanning file: 0x00002000
C:\Windows\SoftwareDistribution\Download\279aa81fde54a5290cd8a5c52c6030f6c5ac6892/noname.7z/Windows6.1-KB958488-v6001-x64.msu: I/O error scanning file: 0x00002000
C:\Windows\SoftwareDistribution\Download\279aa81fde54a5290cd8a5c52c6030f6c5ac6892/noname.7z/Windows6.1-KB958488-v6001-x86.msu: I/O error scanning file: 0x00002000
C:\Windows\SoftwareDistribution\Download\279aa81fde54a5290cd8a5c52c6030f6c5ac6892/noname.7z/netfx_Full_GDR.mzz: I/O error scanning file: 0x00002000
C:\Windows\SoftwareDistribution\Download\279aa81fde54a5290cd8a5c52c6030f6c5ac6892/noname.7z/netfx_Full_LDR.mzz: I/O error scanning file: 0x00002000
C:\Windows\System32\catroot2\edb.log: Error opening file for read: 0x00000020
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb: Error opening file for read: 0x00000020
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb: Error opening file for read: 0x00000020
C:\Windows\System32\config\default: Error opening file for read: 0x00000020
C:\Windows\System32\config\DEFAULT.LOG1: Error opening file for read: 0x00000020
C:\Windows\System32\config\DEFAULT.LOG2: Error opening file for read: 0x00000020
C:\Windows\System32\config\RegBack\DEFAULT: Error opening file for read: 0x00000020
C:\Windows\System32\config\RegBack\SAM: Error opening file for read: 0x00000020
C:\Windows\System32\config\RegBack\SECURITY: Error opening file for read: 0x00000020
C:\Windows\System32\config\RegBack\SOFTWARE: Error opening file for read: 0x00000020
C:\Windows\System32\config\RegBack\SYSTEM: Error opening file for read: 0x00000020
C:\Windows\System32\config\sam: Error opening file for read: 0x00000020
C:\Windows\System32\config\SAM.LOG1: Error opening file for read: 0x00000020
C:\Windows\System32\config\SAM.LOG2: Error opening file for read: 0x00000020
C:\Windows\System32\config\security: Error opening file for read: 0x00000020
C:\Windows\System32\config\SECURITY.LOG1: Error opening file for read: 0x00000020
C:\Windows\System32\config\SECURITY.LOG2: Error opening file for read: 0x00000020
C:\Windows\System32\config\software: Error opening file for read: 0x00000020
C:\Windows\System32\config\SOFTWARE.LOG1: Error opening file for read: 0x00000020
C:\Windows\System32\config\SOFTWARE.LOG2: Error opening file for read: 0x00000020
C:\Windows\System32\config\system: Error opening file for read: 0x00000020
C:\Windows\System32\config\SYSTEM.LOG1: Error opening file for read: 0x00000020
C:\Windows\System32\config\SYSTEM.LOG2: Error opening file for read: 0x00000020
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl: Error opening file for read: 0x00000020
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl: Error opening file for read: 0x00000020
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl: Error opening file for read: 0x00000020
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl: Error opening file for read: 0x00000020
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTUBPM.etl: Error opening file for read: 0x00000020

Number of files found: 192824
Number of archives unpacked: 4891
Number of objects found: 740062
Number of objects scanned: 739874
Number of objects not scanned: 188
Number of malicious objects found: 1
Number of malicious objects cleaned: 1
Number of malicious files found: 1
Number of malicious files cleaned: 1
Scanning time: 2h 47m 34s

Running post-scan cleanup routine...

Number of malicious objects found: 0
Number of malicious objects cleaned: 0
Scanning time: 0s

Results:
Total number of files found: 193396
Total number of archives unpacked: 4891
Total number of objects found: 744441
Total number of objects scanned: 744253
Total number of objects not scanned: 188
Total number of malicious objects found: 1
Total number of malicious objects cleaned: 1
Total number of malicious files found: 1
Total number of malicious files cleaned: 1
Total number of objects quarantined: 1
Total scanning time: 2h 50m 23s



#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,240 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:00 PM

Posted 02 March 2014 - 09:23 PM

Hello
what rootkit did you think was here and what said you had it?

Download Malwarebytes Anti-Rootkit from HERE to your Desktop.
  • Unzip downloaded file.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • DO NOT click on the Cleanup button. Simply exit the program.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users