malwarebytes not finding malware, issues with running scan and bluescreen
- Thread starter Gbaby614
- Start date
Fiery
Level 1
- Jan 11, 2011
- 2,007
Gbaby614 said:
I don't think that would help..
I have gone through your quarantine logs multiple times, none of the tools removed any drivers. Your webcam stopped working after combofix removed some files but we have restored that and its registries.
So right now I think we have 2 viable options excluding trying to fix it as we have been doing for the past few days.
1) You can call or contact HP (http://h20180.www2.hp.com/apps/Nav?h_pagetype=s-006&h_lang=en&h_cc=ca&h_product=321957&h_client=S-A-R311-2&h_page=hpcom)
2) Perform a system restore to a previous point where your webcam worked and we will swiftly remove the malware again if they appear. We won't use combofix this time but instead use OTL, adwcleaner and RK. The removal process will be quick since I already know what is needed to remove.
Let me know
If you decide on the second option, after the restore finishes, run adwcleaner, RK then do a OTL scan with the instructions before.
- Jan 28, 2013
- 232
i think i need to do a system restore again, i was notified a little while ago that windows defender is no longer working an the reason was at this link for the error code given:
Windows defender stopped working/-----http://social.technet.microsoft.com/Forums/en-US/winservergen/thread/1897827f-f9ff-4018-b72c-30deee560825
I just keep running into issue after issue and if u don't mind... since we already did all this it should be easier to explain this time..id rather system restore.. are you going to be on in a few mins bc I am seriously delayed from your posts.. i dont know if it has anything to do with the state of my pc and the errors or not.. but i refresh often and never see your posts until i decide to msg u again..thus is why i sometimes leave msgs often
Windows defender stopped working/-----http://social.technet.microsoft.com/Forums/en-US/winservergen/thread/1897827f-f9ff-4018-b72c-30deee560825
I just keep running into issue after issue and if u don't mind... since we already did all this it should be easier to explain this time..id rather system restore.. are you going to be on in a few mins bc I am seriously delayed from your posts.. i dont know if it has anything to do with the state of my pc and the errors or not.. but i refresh often and never see your posts until i decide to msg u again..thus is why i sometimes leave msgs often
- Jan 28, 2013
- 232
Im having issues already... my webcam isn't loading at all now.. atleast the Youcam software would load now nothing. I had the webcam on briefly 2 days ago and after one of our scans and fixes is when i noticed it quit.. about 2/1/13.. I also started to run OTL but it wasnt on my system anymore so I clicked your link and i got the warning from geeks2go that it contained malicious content, so i closed it. I really dont knowwh at to do now. I need to run these scans, but dont have the progs.. i think i still have adwcleaner, i will run that and return but i need to know should i run the 2 files u sent earlier about updating webcam drivers? maybe the old ones were deleted on restore.....
my roguekiller is gone too
my roguekiller is gone too
- Jan 28, 2013
- 232
RogueKiller V8.4.4 [Feb 3 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User : Michelle [Admin rights]
Mode : Scan -- Date : 02/04/2013 03:34:10
| ARK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 12 ¤¤¤
[TASK][SUSP PATH] Test TimeTrigger : C:\Users\Michelle\AppData\Local\Temp\Runner.exe C:\Users\Michelle\AppData\Local\Temp\DNS.exe -> FOUND
[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKCU\[...]\System : DisableCMD (0) -> FOUND
[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKLM\[...]\System : DisableCMD (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableTaskMgr (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableCMD (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
i did NOT delete any of these items as u did NOT instruct me to do so...
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User : Michelle [Admin rights]
Mode : Scan -- Date : 02/04/2013 03:34:10
| ARK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 12 ¤¤¤
[TASK][SUSP PATH] Test TimeTrigger : C:\Users\Michelle\AppData\Local\Temp\Runner.exe C:\Users\Michelle\AppData\Local\Temp\DNS.exe -> FOUND
[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKCU\[...]\System : DisableCMD (0) -> FOUND
[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKLM\[...]\System : DisableCMD (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableTaskMgr (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableCMD (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
i did NOT delete any of these items as u did NOT instruct me to do so...
- Jan 28, 2013
- 232
OMG, I got it to work a little bit ago, around 8am, I tried to update the drivers and reinstalled the whole mediasmart program several times, and I finally saw imaging device in my device manager and got the webcam to load and work then it kept saying it had to close, and now its not showing imaging devices in the devicem anager anymore and I cannot update the Intel Corporation-Display-Mobile Intel(R) 4 Series Express Chipset Family which is what I was trying to update when I had it working.. but it fails. I have my driver recovery cd I just need to know how to find the right drivers to reload.. I can't guess..bc I don't want to mess anything up. There is a file called FUPDATE but again.. I need someone to guide me thru this. I searched all night and it says my drivers are missing or need updated or repaired, so if we can figure this out, I believe it will work again.
Fiery
Level 1
- Jan 11, 2011
- 2,007
Good to hear that your webcam is working again! Let's clean some stuff.
Open OTL. Under custom scan/fixes, copy and paste the following:
Then click Run Fix. Let your PC reboot to normal mode. A new log will be created automatically, post the content in the next reply.
Do a scan with roguekiller again. Uncheck all the detection except for:
[TASK][SUSP PATH] Test TimeTrigger : C:\Users\Michelle\AppData\Local\Temp\Runner.exe C:\Users\Michelle\AppData\Local\Temp\DNS.exe -> FOUND
It should be under the Registry tab. Click delete.
Please download AdwCleaner by Xplode onto your desktop.
Let's clean some stuff.Open OTL. Under custom scan/fixes, copy and paste the following:
Then click Run Fix. Let your PC reboot to normal mode. A new log will be created automatically, post the content in the next reply.
Do a scan with roguekiller again. Uncheck all the detection except for:
[TASK][SUSP PATH] Test TimeTrigger : C:\Users\Michelle\AppData\Local\Temp\Runner.exe C:\Users\Michelle\AppData\Local\Temp\DNS.exe -> FOUND
It should be under the Registry tab. Click delete.
Please download AdwCleaner by Xplode onto your desktop.
- Close all open programs and internet browsers.
- Double click on AdwCleaner.exe to run the tool(For Vista or Windows 7, right-click and select Run as Administrator to start)
- Click delete
- Please post the content of that logfile with your next reply.
- You can find the logfile at C:\AdwCleaner[S1].txt
- Jan 28, 2013
- 232
Sorry I took so long getting back, I had some things to tc of yesterday.. here is the OTL log, will return w RKlog and AdC log:
OTL by OldTimer - Version 3.2.69.0 log created on 02052013_071203
Files\Folders moved on Reboot...
C:\Users\Michelle\AppData\Local\Temp\Low\~DFCD6C.tmp moved successfully.
C:\Users\Michelle\AppData\Local\Temp\Low\~DFD0BC.tmp moved successfully.
C:\Users\Michelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WCANYHFI\newmailcount[4] moved successfully.
C:\Users\Michelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WCANYHFI\rsa[1].htm moved successfully.
C:\Users\Michelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WCANYHFI\Thread-malwarebytes-not-finding-malware-issues-with-running-scan-and-bluescreen[4].htm moved successfully.
C:\Users\Michelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\S8VN82WV\css[1].css moved successfully.
C:\Users\Michelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\S8VN82WV\search[3].htm moved successfully.
C:\Users\Michelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NWZSBO15\en-us[1].htm moved successfully.
C:\Users\Michelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NWZSBO15\js[1].js moved successfully.
C:\Users\Michelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NWZSBO15\newmailcount[4] moved successfully.
C:\Users\Michelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GL5AC7BK\oneMscomMaster[1].js moved successfully.
C:\Users\Michelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GL5AC7BK\search[2].htm moved successfully.
C:\Users\Michelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GL5AC7BK\Segments[1].js moved successfully.
C:\Users\Michelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Michelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
File\Folder C:\Windows\SysNative\OLD51B3.tmp not found!
File\Folder C:\Windows\SysNative\OLD51D3.tmp not found!
File\Folder C:\Windows\SysNative\OLD51D4.tmp not found!
File\Folder C:\Windows\SysNative\OLD51E4.tmp not found!
File\Folder C:\Windows\SysNative\OLDC553.tmp not found!
File\Folder C:\Windows\SysNative\SET2F42.tmp not found!
File\Folder C:\Windows\SysNative\SET2FD3.tmp not found!
File move failed. C:\Windows\SysNative\SET30CF.tmp scheduled to be moved on reboot.
File\Folder C:\Windows\SysNative\SET3AF7.tmp not found!
File move failed. C:\Windows\SysNative\SET3BF7.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\SET3F82.tmp scheduled to be moved on reboot.
File\Folder C:\Windows\SysNative\SET4512.tmp not found!
File move failed. C:\Windows\SysNative\SET45E0.tmp scheduled to be moved on reboot.
File\Folder C:\Windows\SysNative\SET499B.tmp not found!
File move failed. C:\Windows\SysNative\SETAEA5.tmp scheduled to be moved on reboot.
File\Folder C:\Windows\SysNative\SETC27B.tmp not found!
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
OTL by OldTimer - Version 3.2.69.0 log created on 02052013_071203
Files\Folders moved on Reboot...
C:\Users\Michelle\AppData\Local\Temp\Low\~DFCD6C.tmp moved successfully.
C:\Users\Michelle\AppData\Local\Temp\Low\~DFD0BC.tmp moved successfully.
C:\Users\Michelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WCANYHFI\newmailcount[4] moved successfully.
C:\Users\Michelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WCANYHFI\rsa[1].htm moved successfully.
C:\Users\Michelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WCANYHFI\Thread-malwarebytes-not-finding-malware-issues-with-running-scan-and-bluescreen[4].htm moved successfully.
C:\Users\Michelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\S8VN82WV\css[1].css moved successfully.
C:\Users\Michelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\S8VN82WV\search[3].htm moved successfully.
C:\Users\Michelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NWZSBO15\en-us[1].htm moved successfully.
C:\Users\Michelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NWZSBO15\js[1].js moved successfully.
C:\Users\Michelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NWZSBO15\newmailcount[4] moved successfully.
C:\Users\Michelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GL5AC7BK\oneMscomMaster[1].js moved successfully.
C:\Users\Michelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GL5AC7BK\search[2].htm moved successfully.
C:\Users\Michelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GL5AC7BK\Segments[1].js moved successfully.
C:\Users\Michelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Michelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
File\Folder C:\Windows\SysNative\OLD51B3.tmp not found!
File\Folder C:\Windows\SysNative\OLD51D3.tmp not found!
File\Folder C:\Windows\SysNative\OLD51D4.tmp not found!
File\Folder C:\Windows\SysNative\OLD51E4.tmp not found!
File\Folder C:\Windows\SysNative\OLDC553.tmp not found!
File\Folder C:\Windows\SysNative\SET2F42.tmp not found!
File\Folder C:\Windows\SysNative\SET2FD3.tmp not found!
File move failed. C:\Windows\SysNative\SET30CF.tmp scheduled to be moved on reboot.
File\Folder C:\Windows\SysNative\SET3AF7.tmp not found!
File move failed. C:\Windows\SysNative\SET3BF7.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\SET3F82.tmp scheduled to be moved on reboot.
File\Folder C:\Windows\SysNative\SET4512.tmp not found!
File move failed. C:\Windows\SysNative\SET45E0.tmp scheduled to be moved on reboot.
File\Folder C:\Windows\SysNative\SET499B.tmp not found!
File move failed. C:\Windows\SysNative\SETAEA5.tmp scheduled to be moved on reboot.
File\Folder C:\Windows\SysNative\SETC27B.tmp not found!
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
- Jan 28, 2013
- 232
OTL by OldTimer - Version 3.2.69.0 log created on 02052013_071203
Files\Folders moved on Reboot...
C:\Users\Michelle\AppData\Local\Temp\Low\~DFCD6C.tmp moved successfully.
C:\Users\Michelle\AppData\Local\Temp\Low\~DFD0BC.tmp moved successfully.
C:\Users\Michelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WCANYHFI\newmailcount[4] moved successfully.
C:\Users\Michelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WCANYHFI\rsa[1].htm moved successfully.
C:\Users\Michelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WCANYHFI\Thread-malwarebytes-not-finding-malware-issues-with-running-scan-and-bluescreen[4].htm moved successfully.
C:\Users\Michelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\S8VN82WV\css[1].css moved successfully.
C:\Users\Michelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\S8VN82WV\search[3].htm moved successfully.
C:\Users\Michelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NWZSBO15\en-us[1].htm moved successfully.
C:\Users\Michelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NWZSBO15\js[1].js moved successfully.
C:\Users\Michelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NWZSBO15\newmailcount[4] moved successfully.
C:\Users\Michelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GL5AC7BK\oneMscomMaster[1].js moved successfully.
C:\Users\Michelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GL5AC7BK\search[2].htm moved successfully.
C:\Users\Michelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GL5AC7BK\Segments[1].js moved successfully.
C:\Users\Michelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Michelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
File\Folder C:\Windows\SysNative\OLD51B3.tmp not found!
File\Folder C:\Windows\SysNative\OLD51D3.tmp not found!
File\Folder C:\Windows\SysNative\OLD51D4.tmp not found!
File\Folder C:\Windows\SysNative\OLD51E4.tmp not found!
File\Folder C:\Windows\SysNative\OLDC553.tmp not found!
File\Folder C:\Windows\SysNative\SET2F42.tmp not found!
File\Folder C:\Windows\SysNative\SET2FD3.tmp not found!
File move failed. C:\Windows\SysNative\SET30CF.tmp scheduled to be moved on reboot.
File\Folder C:\Windows\SysNative\SET3AF7.tmp not found!
File move failed. C:\Windows\SysNative\SET3BF7.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\SET3F82.tmp scheduled to be moved on reboot.
File\Folder C:\Windows\SysNative\SET4512.tmp not found!
File move failed. C:\Windows\SysNative\SET45E0.tmp scheduled to be moved on reboot.
File\Folder C:\Windows\SysNative\SET499B.tmp not found!
File move failed. C:\Windows\SysNative\SETAEA5.tmp scheduled to be moved on reboot.
File\Folder C:\Windows\SysNative\SETC27B.tmp not found!
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Files\Folders moved on Reboot...
C:\Users\Michelle\AppData\Local\Temp\Low\~DFCD6C.tmp moved successfully.
C:\Users\Michelle\AppData\Local\Temp\Low\~DFD0BC.tmp moved successfully.
C:\Users\Michelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WCANYHFI\newmailcount[4] moved successfully.
C:\Users\Michelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WCANYHFI\rsa[1].htm moved successfully.
C:\Users\Michelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WCANYHFI\Thread-malwarebytes-not-finding-malware-issues-with-running-scan-and-bluescreen[4].htm moved successfully.
C:\Users\Michelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\S8VN82WV\css[1].css moved successfully.
C:\Users\Michelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\S8VN82WV\search[3].htm moved successfully.
C:\Users\Michelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NWZSBO15\en-us[1].htm moved successfully.
C:\Users\Michelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NWZSBO15\js[1].js moved successfully.
C:\Users\Michelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NWZSBO15\newmailcount[4] moved successfully.
C:\Users\Michelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GL5AC7BK\oneMscomMaster[1].js moved successfully.
C:\Users\Michelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GL5AC7BK\search[2].htm moved successfully.
C:\Users\Michelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GL5AC7BK\Segments[1].js moved successfully.
C:\Users\Michelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Michelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
File\Folder C:\Windows\SysNative\OLD51B3.tmp not found!
File\Folder C:\Windows\SysNative\OLD51D3.tmp not found!
File\Folder C:\Windows\SysNative\OLD51D4.tmp not found!
File\Folder C:\Windows\SysNative\OLD51E4.tmp not found!
File\Folder C:\Windows\SysNative\OLDC553.tmp not found!
File\Folder C:\Windows\SysNative\SET2F42.tmp not found!
File\Folder C:\Windows\SysNative\SET2FD3.tmp not found!
File move failed. C:\Windows\SysNative\SET30CF.tmp scheduled to be moved on reboot.
File\Folder C:\Windows\SysNative\SET3AF7.tmp not found!
File move failed. C:\Windows\SysNative\SET3BF7.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\SET3F82.tmp scheduled to be moved on reboot.
File\Folder C:\Windows\SysNative\SET4512.tmp not found!
File move failed. C:\Windows\SysNative\SET45E0.tmp scheduled to be moved on reboot.
File\Folder C:\Windows\SysNative\SET499B.tmp not found!
File move failed. C:\Windows\SysNative\SETAEA5.tmp scheduled to be moved on reboot.
File\Folder C:\Windows\SysNative\SETC27B.tmp not found!
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
- Jan 28, 2013
- 232
RogueKiller V8.4.4 [Feb 3 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User : Michelle [Admin rights]
Mode : Remove -- Date : 02/05/2013 08:09:00
| ARK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 12 ¤¤¤
[TASK][SUSP PATH] Test TimeTrigger : C:\Users\Michelle\AppData\Local\Temp\Runner.exe C:\Users\Michelle\AppData\Local\Temp\DNS.exe -> DELETED
[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> NOT SELECTED
[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> NOT SELECTED
[HJPOL] HKCU\[...]\System : DisableCMD (0) -> NOT SELECTED
[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> NOT SELECTED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> NOT SELECTED
[HJPOL] HKLM\[...]\System : DisableCMD (0) -> NOT SELECTED
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableTaskMgr (0) -> NOT SELECTED
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> NOT SELECTED
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableCMD (0) -> NOT SELECTED
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NOT SELECTED
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NOT SELECTED
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User : Michelle [Admin rights]
Mode : Remove -- Date : 02/05/2013 08:09:00
| ARK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 12 ¤¤¤
[TASK][SUSP PATH] Test TimeTrigger : C:\Users\Michelle\AppData\Local\Temp\Runner.exe C:\Users\Michelle\AppData\Local\Temp\DNS.exe -> DELETED
[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> NOT SELECTED
[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> NOT SELECTED
[HJPOL] HKCU\[...]\System : DisableCMD (0) -> NOT SELECTED
[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> NOT SELECTED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> NOT SELECTED
[HJPOL] HKLM\[...]\System : DisableCMD (0) -> NOT SELECTED
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableTaskMgr (0) -> NOT SELECTED
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> NOT SELECTED
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableCMD (0) -> NOT SELECTED
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NOT SELECTED
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NOT SELECTED
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
- Jan 28, 2013
- 232
this is the 1st time I got this warning, was the link to the adwcleaner u posted clean?? it said not signed by publisher and doesn't want me to dl... or was i supposed to tuen off my virusprotection to dl this? here is what i see:
going to just leave this set until u reply........
going to just leave this set until u reply........
Attachments
- Jan 24, 2011
- 9,378
Hello Gbaby614,
Adwcleaner is a safe and known tool, that alert from Internet Explorer Smart Screen filter is just a false possitive....
TIP: If you ever suspect that a file might be infected, you can upload it to virustotal.com to be scanned with multiple antivirus engines.
Adwcleaner Virustotal scan: https://www.virustotal.com/file/ae3337886b874ae8c5c402d8ede284493176ffe61f57f87bad113967e0c2e3ca/analysis/
Adwcleaner is a safe and known tool, that alert from Internet Explorer Smart Screen filter is just a false possitive....
TIP: If you ever suspect that a file might be infected, you can upload it to virustotal.com to be scanned with multiple antivirus engines.
Adwcleaner Virustotal scan: https://www.virustotal.com/file/ae3337886b874ae8c5c402d8ede284493176ffe61f57f87bad113967e0c2e3ca/analysis/
- Jan 28, 2013
- 232
# AdwCleaner v2.111 - Logfile created 02/05/2013 at 08:56:59
# Updated 05/02/2013 by Xplode
# Operating system : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# User : Michelle - MICHELLE-PC
# Boot Mode : Normal
# Running from : C:\Users\Michelle\Desktop\AdwCleaner.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
Deleted on reboot : C:\Program Files (x86)\Ask.com
Deleted on reboot : C:\ProgramData\Ask
Deleted on reboot : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
***** [Registry] *****
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16457
[OK] Registry is clean.
-\\ Mozilla Firefox v18.0.1 (en-US)
File : C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\2v64zce3.default\prefs.js
[OK] File is clean.
-\\ Google Chrome v24.0.1312.57
File : C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[S3].txt - [1067 octets] - [05/02/2013 08:56:59]
########## EOF - C:\AdwCleaner[S3].txt - [1127 octets] ##########
# Updated 05/02/2013 by Xplode
# Operating system : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# User : Michelle - MICHELLE-PC
# Boot Mode : Normal
# Running from : C:\Users\Michelle\Desktop\AdwCleaner.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
Deleted on reboot : C:\Program Files (x86)\Ask.com
Deleted on reboot : C:\ProgramData\Ask
Deleted on reboot : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
***** [Registry] *****
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16457
[OK] Registry is clean.
-\\ Mozilla Firefox v18.0.1 (en-US)
File : C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\2v64zce3.default\prefs.js
[OK] File is clean.
-\\ Google Chrome v24.0.1312.57
File : C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[S3].txt - [1067 octets] - [05/02/2013 08:56:59]
########## EOF - C:\AdwCleaner[S3].txt - [1127 octets] ##########
Similar threads
- Locked
