Results 1 to 9 of 9

Thread: can someone verify my logs look ok? its a considerable amount of yellow flags

  1. #1
    Junior Member
    Join Date
    Mar 2017
    Location
    pdx
    Posts
    9

    Default can someone verify my logs look ok? its a considerable amount of yellow flags

    Darn It, I thought I had a full Log, it was an old one. So its still running the scan, please wait I will paste it when its complete. Sorry

    I see this for now... And will add that log later..

    RootAlyzer Quick Scan Results

    Files in Windows folder
    ----------------------------------------
    108 files tested.
    No hidden files detected.
    ========================================

    Files in System folder
    ----------------------------------------
    2495 files tested.
    No hidden files detected.
    ========================================

    Global run entries
    ----------------------------------------
    5 values tested.
    No hidden entries detected.
    ========================================

    Winlogon entries
    ----------------------------------------
    1 keys tested.
    No hidden entries detected.
    ========================================

    Invisible processes (from handles)
    ----------------------------------------
    No handle process IDs tested.
    No hidden processes detected.
    ========================================

    Invisible processes (from threads)
    ----------------------------------------
    128 processes tested.
    No hidden processes detected.
    ========================================
    Last edited by wolfdogg; 2018-03-20 at 23:37. Reason: wrong log, sorry

  2. #2
    Junior Member
    Join Date
    Mar 2017
    Location
    pdx
    Posts
    9

    Default

    NO way to edit the post after a few hours?

    Ok, so here is the log.

    // info: Rootkit removal help file
    // copyright: (c) 2008-2018 Safer-Networking Ltd. All rights reserved.

    :: RootAlyzer Results
    File:"Unknown ADS","D:\installs\~installs.old\Unreal Commander\ini backup.txt:Uncom.bar 1:$DATA"
    File:"Unknown ADS","D:\installs\~installs.old\Unreal Commander\ini backup.txt:Uncom.bar 2:$DATA"
    File:"Unknown ADS","D:\installs\~installs.old\Unreal Commander\ini backup.txt:Uncom.bar 3:$DATA"
    File:"Unknown ADS","D:\installs\~installs.old\Unreal Commander\ini backup.txt:Uncom.ini 1:$DATA"
    File:"Unknown ADS","D:\installs\~installs.old\Unreal Commander\ini backup.txt:Uncom.ini 2:$DATA"
    File:"Unknown ADS","D:\installs\~installs.old\Unreal Commander\ini backup.txt:Uncom.ini 3:$DATA"
    File:"Unknown ADS","D:\installs\~installs.old\Unreal Commander\ini backup.txt:Uncomstyles.ini 1:$DATA"
    File:"Unknown ADS","D:\installs\~installs.old\Unreal Commander\ini backup.txt:Uncomstyles.ini 2:$DATA"
    File:"Unknown ADS","D:\installs\~installs.old\Unreal Commander\ini backup.txt:Uncomstyles.ini 3:$DATA"
    File:"Unknown ADS","D:\dusers\Wolfdogg\Pictures\import_withmeta\1-cull+finalmeta\2010s\2017\McMinnville Vaca with Girls:AFP_AfpInfo:$DATA"
    File:"Unknown ADS","D:\dusers\Wolfdogg\Favorites\Comcast TV Shows Listings  Movies  Airings  Channels - XFINITY TV.webloc:AFP_Resource:$DATA"
    File:"Unknown ADS","D:\dusers\Wolfdogg\Favorites\Dog sings while the baby cries - YouTube.webloc:AFP_Resource:$DATA"
    File:"Unknown ADS","D:\dusers\Wolfdogg\Favorites\Gold Rush-03-Special-SinisterGrin@1chann  SockShare.webloc:AFP_Resource:$DATA"
    File:"Unknown ADS","D:\dusers\Wolfdogg\Favorites\How to do SSH Tunneling (Port Forwarding) - Screen-cast  Ramki .webloc:AFP_Resource:$DATA"
    File:"Unknown ADS","D:\dusers\Wolfdogg\Favorites\Portland, Oregon TV Listings.webloc:AFP_Resource:$DATA"
    File:"Unknown ADS","D:\dusers\Wolfdogg\Favorites\Set up Apache server and SSH client to allow tunneling SSH over .webloc:AFP_Resource:$DATA"
    File:"Unknown ADS","D:\dusers\Wolfdogg\Favorites\SSH Tunneling · Whatbox.webloc:AFP_Resource:$DATA"
    File:"Unknown ADS","D:\dusers\Wolfdogg\Data\Dropbox\Photos\iPhoto Library\ThemeCache:com.dropbox.attributes:$DATA"
    File:"Unknown ADS","D:\dusers\Guest\AppData\Local\Google\Chrome\User Data\SwReporter\8.62.4\software_reporter_tool.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\videos\Feature Films\`PG`+ Music + Docu +\Attack Of The Killer Tomatoes (1978).avi:AFP_Resource:$DATA"
    File:"Unknown ADS","D:\dpub\videos\Feature Films\`PG`+ Music + Docu +\Attack Of The Killer Tomatoes (1978).avi:com.apple.LaunchServices.OpenWith:$DATA"
    File:"Unknown ADS","D:\dpub\videos\Feature Films\`PG +G (Childrens Mostly)\Pippi Longstocking (1973).avi:AFP_Resource:$DATA"
    File:"Unknown ADS","D:\dpub\videos\Feature Films\`PG +G (Childrens Mostly)\Pippi Longstocking (1973).avi:com.apple.LaunchServices.OpenWith:$DATA"
    File:"Unknown ADS","D:\dpub\videos\Feature Films\`PG +G (Childrens Mostly)\20 000 Leagues Under The Sea\20 000 Leagues Under The Sea.avi:AFP_Resource:$DATA"
    File:"Unknown ADS","D:\dpub\videos\Feature Films\`PG +G (Childrens Mostly)\20 000 Leagues Under The Sea\20 000 Leagues Under The Sea.avi:com.apple.LaunchServices.OpenWith:$DATA"
    File:"Unknown ADS","D:\dpub\videos\Documentary\`Reality\R5 Sons\R5 Sons - When Things Go Wrong.avi:TOC.WMV:$DATA"
    File:"Unknown ADS","D:\dpub\videos\Documentary\`Food\Hells Kitchen\S2\S02E05 Hells Kitchen Lol.avi:AFP_Resource:$DATA"
    File:"Unknown ADS","D:\dpub\videos\Cartoon Shorts\Yogi Bear\Yogi Bear 07 Tally Ho Ho Ho.avi:AFP_Resource:$DATA"
    File:"Unknown ADS","D:\dpub\Support\_opsystems\VirtualBox-5.1.14-112924-Win.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Support\_host-specific\merlin asus maximus\378.49-desktop-win8-win7-64bit-international-whql.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Support\_host-specific\merlin asus maximus\GeForce_Experience_v3.3.0.95.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Support\_host-specific\merlin asus maximus\Git-2.10.2-64-bit.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Support\_host-specific\merlin asus maximus\npp.7.3.1.Installer.x64.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Support\_host-specific\merlin asus maximus\vcredist_x64.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Support\_host-specific\merlin asus maximus\vcredist_x86.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Support\_host-specific\Falcon Server GA-M61PM-S2 rev2\motherboard_bios_ga-m61pm-s2_f8.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Support\_host-specific\Falcon Server GA-M61PM-S2 rev2\motherboard_bios_ga-m61pm-s2_f9d.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Support\_all_drivers\pc game controllers\Pro_Flight_FSX_Plugin_7_0_50_1_x64_Software.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Support\_all_drivers\pc game controllers\Saitek_X52_Flight_Controller_7_0_53_6_x64_Drivers.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Support\_all_drivers\pc game controllers\Saitek_X52_Flight_Controller_7_0_53_6_x64_Software.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\music\audio\animals-nature\nature\Sounds of Nature\Sounds of the Dolphin alias:AFP_AfpInfo:$DATA"
    File:"Unknown ADS","D:\dpub\music\audio\animals-nature\nature\Sounds of Nature\Sounds of the Dolphin alias 2:AFP_AfpInfo:$DATA"
    File:"Unknown ADS","D:\dpub\Games\Sims (all)\Nostalgic and Old games\intellivision\nostalgia4_setup.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Games\Sims (all)\Nostalgic and Old games\intellivision\nostalgia5_setup.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Games\Sims (all)\Nostalgic and Old games\intellivision\intellivision\emulators\jzinstall.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Games\1st and 3rd Person Tactical Land Games\Elder Scrolls Skyrim\dxwebsetup.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Games\1st and 3rd Person Tactical Land Games\Elder Scrolls Skyrim\addons\Nexus Mod Manager-0.62.1.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Games\1st and 3rd Person Tactical Land Games\Elder Scrolls Skyrim\addons\skse_1_07_03_installer.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\Net Nanny 6.31+serial\SETUP.EXE:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\2017\2XClient_12.0_build_2193.paf.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\2017\342.01-desktop-win8-win7-winvista-64bit-international.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\2017\EpicSetup.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\2017\esetsmartinstaller_enu.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\2017\Ext2Fsd-0.68.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\2017\JetBrains.dotPeek.2016.3.2.web (1).exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\2017\kodi-16.1-Jarvis.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\2017\Linux_Reader.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\2017\LSPFix.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\2017\mp3tagv281setup.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\2017\MPC-HCPortable_1.7.10.paf.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\2017\Nexus Mod Manager-0.63.13.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\2017\picard-setup-1.4.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\2017\PortableRDC.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\2017\PSISetup.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\2017\TagRename3913.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\2017\VirtualBox-5.1.12-112440-Win.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\2017\VirtualBox-5.1.14-112924-Win.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\2017\WinCDEmu-4.1.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\2017\WinPcap_4_1_3.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\2017\Wireshark-win32-2.2.4.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\2017\WoWS_internet_install_na.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\2017\Xming-6-9-0-31-setup.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\2017\Xming-fonts-7-7-0-10-setup.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\2017\utilities\virus removal\FRST.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\2017\utilities\virus removal\FRST64.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\2017\utilities\virus removal\JRT.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\2017\utilities\virus removal\MiniToolBox.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\2016\AutoSplitter_setup.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\2016\boinc_7.6.22_windows_x86_64_vbox.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\2016\boinc_7.6.33_windows_x86_64_vbox.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\2016\CreationKit DLCs Fixer V3-25146-3.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\2016\DCS_World_Web_Installer.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\2016\deskew.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\2016\DNGCodec_2_0_Installer.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\2016\eMule0.50a-Installer.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\2016\gimp-2.8.18-setup.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\2016\Git-2.10.2-64-bit.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\2016\googledrivesync.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\2016\heroku-toolbelt (1).exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\2016\heroku-toolbelt.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\2016\lprof-setup-1.11.4.1.2.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\2016\MEGAsyncSetup.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\2016\MultiCommander_x64_(6.4.8.2265).exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\2016\naps2-5.3.1-setup.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\2016\Nexus Mod Manager-0.62.1.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\2016\Quarantine_Tool.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\2016\rbsetup.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\2016\setup-x86_64.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\2016\TeamSpeak3-Client-win64-3.0.19.4.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\2016\unetbootin-windows-625.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\2016\VDFilterPack.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\2016\VidCoder-1.5.34-x64.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\2016\x264.2744.x86_64.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\2016\x264vfw.2273kMod.x86_64.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\2016\zeetreewin-ztw22x64.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\2016\scanner\SIE-0.2.603-win64.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\2016\scanner\vuex6495.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\2016\p2p\2peer087.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\2016\p2p\aresregular243_installer.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\2016\p2p\setup_gigatribe_v3.04.013.6884.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\2016\dl_utils\winrar\wrar540.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\2016\dl_media_editing\DScaler4115.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\2016\dl_media_editing\x264vfw_full_43_2694bm_43159_fix.exe:BDU:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\2015\Defogger.exe:com.apple.metadatakMDItemWhereFroms:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\2015\kg5g4n0t.exe:com.apple.metadatakMDItemWhereFroms:$DATA"
    File:"Unknown ADS","D:\dpub\Downloads\2015\dl_utils\SecurityCheck.exe:com.apple.metadatakMDItemWhereFroms:$DATA"
    File:"No admin in ACL","C:\ProgramData\Microsoft\SLDL\5673e322-818b-4767-9f7c-0ff3f9da9a49\5a09f637-321b-4ade-a8fe-686820e1cb57"


    Note, this last entry is RED. all the rest are yellow.
    Last edited by tashi; 2018-03-21 at 02:13. Reason: Removed code wrap

  3. #3
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,955

    Default

    Hello wolfdogg,

    Quote Originally Posted by wolfdogg View Post
    NO way to edit the post after a few hours?

    1. In the Malware Removal Forum, members may not edit their posts.
    2. In the Spybot-S&D forum and others, there is a 15 minute time frame to edit one's post. It lessens the chance of an answer referring to things the original poster has deleted.


    As the RootAlyzer is an analyst tool and not a scan and fix program, it would be helpful if you provide the following information.



    • The operating system
    • Security programs installed
    • Reason for running a rootkit scan
    • Using peer-to-peer (P2P) file sharing clients?
    • Farbar Recovery Scan Tool, (FRST) shows in the log, what was this tool used for please.
    • Last but not least, how the computer running?


    Best regards.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  4. #4
    Junior Member
    Join Date
    Mar 2017
    Location
    pdx
    Posts
    9

    Default

    Quote Originally Posted by tashi View Post
    Hello wolfdogg,




    1. In the Malware Removal Forum, members may not edit their posts.
    2. In the Spybot-S&D forum and others, there is a 15 minute time frame to edit one's post. It lessens the chance of an answer referring to things the original poster has deleted.


    As the RootAlyzer is an analyst tool and not a scan and fix program, it would be helpful if you provide the following information.



    • The operating system
    • Security programs installed
    • Reason for running a rootkit scan
    • Using peer-to-peer (P2P) file sharing clients?
    • Farbar Recovery Scan Tool, (FRST) shows in the log, what was this tool used for please.
    • Last but not least, how the computer running?


    Best regards.
    Hello,
    Sorry, I thought I had added that info, maybe it got lost during the initial edit. Here it goes again;

    its Win7x64 Ult 7.3 experience index, with processor being the 7.3 bottleneck. Memory is 7.5 rest is 7.7.

    I have Spyboy S&D, MalwareBytes, which is all i have been using, and all i have running now.

    I ran rootkit scan to keep up on security.

    I dont use peer to peer client.

    In the past, several months ago, I have used hitmanpro, FRST (if i recall correctly), JRT, ADWCleaner, RogueKiller, rkill, and iexplore(to kill any dangerous programs first, so i can safely run scans), I also had ran ESET at that time. I had been getting what seemed malicious network traffic, and constant supersloooowwwwww performance, if not a dead stand-still alot of times. I had comodo internet firewall, which in the end by removing that alot of the problems went away.

    Months later, I have been getting the slow performance again, with 2 or 3 instances of chrome users running, one user with two browser instances running, one of which has about 30 tabs open, a couple each on the others. (I use multiple users; 1 for development, 1 for audio music or news, and 1 for personal for separation of concerns and better organization)

    So with all my software development tabs open, things seemed to come to a standstill at some random point, right when i opened a new tab and that page got stuck on loading, then i had a you tube ad blocker plugin go unreponsive, so i disabled that, but a day later, yesterday, without that plugin enabled i was getting the same issues.

    I have recently installed a program that I really want to keep, its RandomPhotoScreensaver rps4.5.10.1.exe, and its possible this is causing the latest issue. With this one, it seems sometimes when i come back to my computer, when i resume desktop usage after it has ran, it doesnt seem to close all the way. However, from what i remember, that was because opening that browser tab caused me to walk away.

    During these times, I wasnt even able to open perfmon until walking away, coming back in the morning, and doing some random operation still in the slowness, the perfmon UAC finally popped up, wow...., so then when looking at perfmon, chrome is the one taking up the most memory. Memory usage at the time is about 9 out of 12GB, and for the cpu I see some redline, which means a process is not responding. the cpu performance is only about 30% at the time, but the cpu queuing is sometimes near 100%, and the redlines are in the 20-30% range, but I didn't notice which program was causing it, i thought maybe chrome.

    See redline example taskman-perf-redline.JPG. However, things are running fine, i actually didnt expect to see that, and am not used to seeing that actually either.

    Here is the resource monitor now, when things are running smooth (taken 2 mins after the former screenshot, just now) resmon-perf1.jpg
    Last edited by wolfdogg; 2018-03-23 at 21:44.

  5. #5
    Junior Member
    Join Date
    Mar 2017
    Location
    pdx
    Posts
    9

    Default

    I noticed in the previous screenshot, the CPU area was not scrolled correctly, here is that info resmon-perf2.jpg

    By the way, I just noticed an entry in there called
    xvpnd.exe
    I had subscribed for expressVPN recenltly so i can use P2P, but there was a payment problem, so it only worked for a few hours(the vpn connection) but I let it cancel because I think I found a better company anyway, that i havent signed up for yet. I can see how that may be causing network adapter issues.. I uninstalled that just now.
    Last edited by wolfdogg; 2018-03-23 at 21:55.

  6. #6
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,955

    Default

    Hello wolfdogg,

    Quote Originally Posted by wolfdogg View Post
    I dont use peer to peer client.
    Your logs shows:
    p2p\2peer087.exe
    eMule0.50a-Installer.exe
    p2p\aresregular243_installer.exe
    p2p\setup_gigatribe_v3.04.013.6884.exe

    Where did you download this from please.
    Downloads\Net Nanny 6.31+serial\SETUP.EXE

    Best regards.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  7. #7
    Junior Member
    Join Date
    Mar 2017
    Location
    pdx
    Posts
    9

    Default

    Quote Originally Posted by tashi View Post
    Hello wolfdogg,



    Your logs shows:
    p2p\2peer087.exe
    eMule0.50a-Installer.exe
    p2p\aresregular243_installer.exe
    p2p\setup_gigatribe_v3.04.013.6884.exe

    Where did you download this from please.
    Downloads\Net Nanny 6.31+serial\SETUP.EXE

    Best regards.
    I keep downloads all the way back to 1998, this is a new operating system, the stuff from 2016 was from a previous installation of windows. that directory your seeing references are is an archive.

    As far as the Net Nanny, I'm not sure where I got that, but its not installed, and is also from 2016. I only keep the downloads, not their sources.

    Do you see a problem related to any of those?

    And also, I guess the main question, based on the logs, how would I use the rootkit search to find something that may be actively being used on boot? I think thats what im aiming for, as opposed to removing any unsafe downloads from years past that aren't installed.

  8. #8
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,955

    Default

    Hello wolfdogg,

    We had a similar conversation previously in 2017:
    https://forums.spybot.info/showthrea...ideos-and-more

    If you want to find out if there are any infections you can start a topic in the malware forum as suggested last time.

    As you know, the tools used will remove any bad items found on a machine, archived or not.

    Best regards.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  9. #9
    Junior Member
    Join Date
    Mar 2017
    Location
    pdx
    Posts
    9

    Default

    Quote Originally Posted by tashi View Post
    Hello wolfdogg,

    We had a similar conversation previously in 2017:
    https://forums.spybot.info/showthrea...ideos-and-more

    If you want to find out if there are any infections you can start a topic in the malware forum as suggested last time.

    As you know, the tools used will remove any bad items found on a machine, archived or not.

    Best regards.
    Thanks for the responses, and help!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •