Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Rootkit removed, strange computer behavior

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Rootkit removed, strange computer behavior

Unread postby calai » November 9th, 2012, 3:40 pm

Hi Gary,

I removed hitman pro, and I ran the OTL again.

Here is the log. Thanks.

OTL logfile created on: 11/9/2012 11:39:00 AM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Clare\Desktop\logs and scanners
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.96 Gb Total Physical Memory | 2.47 Gb Available Physical Memory | 62.36% Memory free
7.93 Gb Paging File | 6.19 Gb Available in Paging File | 78.04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.61 Gb Total Space | 398.58 Gb Free Space | 87.87% Space Free | Partition Type: NTFS

Computer Name: CLARE-PC | User Name: Clare | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Custom Scans ==========

< dir "%userprofile%\Desktop" /s /c >
Volume in drive C is TI103289W0D
Volume Serial Number is 66CD-7D94
Directory of C:\Users\Clare\DESKTOP
11/09/2012 09:17 AM <DIR> .
11/09/2012 09:17 AM <DIR> ..
11/01/2012 09:13 PM <DIR> CSET science
11/04/2012 12:11 PM <DIR> CST T4 F12
11/09/2012 09:17 AM 69,889 desktop shanpshot.JPG
06/21/2012 09:09 PM 3,064 Education - Shortcut.lnk
11/04/2012 12:11 PM <DIR> Internet stuff
11/09/2012 11:39 AM <DIR> logs and scanners
11/08/2012 11:40 AM 128,998 mg scan msg.JPG
11/07/2012 03:04 PM <DIR> Secondary Methods
09/19/2012 05:45 PM 260,264 tickets.pdf
4 File(s) 462,215 bytes
Directory of C:\Users\Clare\DESKTOP\CSET science
11/01/2012 09:13 PM <DIR> .
11/01/2012 09:13 PM <DIR> ..
08/06/2012 08:34 PM 1,166,314 CS_118items.pdf
08/06/2012 08:31 PM 220,458 CS_118_SciSubTest I_general sci.pdf
08/06/2012 08:34 PM 1,035,154 CS_119items.pdf
08/06/2012 08:32 PM 219,468 CS_119_SciSubTest II_general sci.pdf
08/06/2012 08:34 PM 1,121,591 CS_120items.pdf
08/06/2012 08:32 PM 218,414 CS_120_SciSubTest III_life sci.pdf
08/06/2012 08:30 PM 114,740 CS_biologylifesci_SMR.pdf
08/06/2012 08:30 PM 139,024 CS_genscience_SMR.pdf
11/01/2012 09:12 PM 31,855 Sci Subtest I Study Guide 118.docx
09/05/2012 04:00 PM 187,099 Sci Subtest II Study Guide 119.docx
09/05/2012 09:57 PM 15,923 Sci Subtest III Study Guide 120.docx
11 File(s) 4,470,040 bytes
Directory of C:\Users\Clare\DESKTOP\CST T4 F12
11/04/2012 12:11 PM <DIR> .
11/04/2012 12:11 PM <DIR> ..
10/21/2012 10:09 PM 1,094,033,456 10.26 video obs 4.mov
10/26/2012 04:50 PM 111,226 2012-10-23 10.54.40.jpg
10/29/2012 11:54 AM 99,994 2012-10-29 11.44.49.jpg
10/29/2012 11:54 AM 92,726 2012-10-29 11.45.22.jpg
10/29/2012 11:54 AM 90,847 2012-10-29 11.45.58.jpg
10/29/2012 11:54 AM 93,116 2012-10-29 11.46.17.jpg
10/29/2012 11:54 AM 98,481 2012-10-29 11.46.40.jpg
08/07/2012 01:49 PM 158,969 Apx_22.02a_LastName_MM-DD-YY.pdf
08/07/2012 01:50 PM 95,447 Apx_22.02b_LastName_MM-DD-YY.pdf
08/07/2012 01:51 PM 80,896 Apx_22.02c_LastName_MM-DD-YY.doc
08/07/2012 01:51 PM 75,264 Apx_22.03_LastName_MM-DD-YY.doc
10/07/2012 10:07 PM 744,045 art hand prints.pdf
10/01/2012 10:39 PM 205,826 Art.4thgrade.CED.FINAL.pdf
10/28/2012 09:44 PM 68,576 Attachment 1 Multi-Flow Map.jpg
10/29/2012 12:55 AM 336,691 Attachment 2 Cause, Effect Strips.JPG
10/07/2012 11:38 AM 290,362 Attachment 2 one pager template.JPG
10/29/2012 10:55 AM 10,472 Attachment 3 Grading Rubric (2).docx
10/06/2012 05:13 PM 11,075 Attachment 3 Grading Rubric.docx
10/07/2012 11:38 AM 41,969 Attachment 4 food chain flow map template.jpg
09/01/2012 02:23 PM 11,504 conference.docx
11/04/2012 12:06 PM 18,520,198 CST T4 F12.zip
10/08/2012 09:41 PM 77,924 Double Bubble Map.docx
10/04/2012 08:51 PM 461,865 Elements of Art.pptx
10/10/2012 10:58 PM 13,654 funny scary story.docx
09/14/2012 04:15 PM 1,104,317,823 IMG_1518.MOV
09/26/2012 03:42 PM 956,880,670 IMG_1532.MOV
10/07/2012 08:03 PM 1,026,533,976 IMG_1556.mov
09/10/2012 10:59 PM 11,380 Module 22 unit.docx
08/07/2012 01:51 PM 69,515 Module_22.pdf
10/29/2012 06:54 AM 131,256 photo.JPG
10/03/2012 09:30 PM 98,875 rabbit color_navalta.jpg
10/14/2012 11:36 PM 555,975 student 1.docx
10/14/2012 11:37 PM 576,530 student 2.docx
10/14/2012 11:38 PM 537,239 student 3.docx
10/14/2012 11:39 PM 522,104 student 5.docx
10/29/2012 11:59 AM 487,242 Student work.docx
10/29/2012 12:29 PM 725,504 Task 4.doc
10/07/2012 04:59 PM 760,348 Task_3_Score_4.pdf
10/14/2012 11:24 PM 541,696 TPA 3.doc
10/28/2012 05:34 PM 9,344 tpa 4 students.xlsx
10/24/2012 04:06 PM 684,799,041 tpa 4.mov
09/12/2012 04:31 PM <DIR> video permission slips T4 F. Li
41 File(s) 4,893,383,101 bytes
Directory of C:\Users\Clare\DESKTOP\CST T4 F12\video permission slips T4 F. Li
09/12/2012 04:31 PM <DIR> .
09/12/2012 04:31 PM <DIR> ..
09/12/2012 04:29 PM 318,589 photo 1 (2).JPG
09/12/2012 04:30 PM 343,401 photo 1 (3).JPG
09/12/2012 04:30 PM 337,287 photo 1 (4).JPG
09/12/2012 04:31 PM 342,385 photo 1 (5).JPG
09/12/2012 04:31 PM 360,016 photo 1 (6).JPG
09/12/2012 04:31 PM 337,536 photo 1 (7).JPG
09/12/2012 04:29 PM 360,059 photo 1.JPG
09/12/2012 04:29 PM 334,022 photo 2 (2).JPG
09/12/2012 04:30 PM 345,378 photo 2 (3).JPG
09/12/2012 04:30 PM 340,264 photo 2 (4).JPG
09/12/2012 04:31 PM 327,625 photo 2 (5).JPG
09/12/2012 04:31 PM 357,297 photo 2 (6).JPG
09/12/2012 04:31 PM 340,767 photo 2 (7).JPG
09/12/2012 04:29 PM 336,450 photo 2.JPG
09/12/2012 04:29 PM 332,353 photo 3 (2).JPG
09/12/2012 04:30 PM 346,808 photo 3 (3).JPG
09/12/2012 04:30 PM 333,650 photo 3 (4).JPG
09/12/2012 04:31 PM 352,931 photo 3 (5).JPG
09/12/2012 04:31 PM 357,695 photo 3 (6).JPG
09/12/2012 04:29 PM 335,090 photo 3.JPG
09/12/2012 04:29 PM 359,192 photo 4 (2).JPG
09/12/2012 04:30 PM 327,735 photo 4 (3).JPG
09/12/2012 04:30 PM 345,202 photo 4 (4).JPG
09/12/2012 04:31 PM 354,319 photo 4 (5).JPG
09/12/2012 04:31 PM 354,850 photo 4 (6).JPG
09/12/2012 04:29 PM 336,552 photo 4.JPG
09/12/2012 04:29 PM 330,260 photo 5 (2).JPG
09/12/2012 04:30 PM 334,261 photo 5 (3).JPG
09/12/2012 04:30 PM 340,183 photo 5 (4).JPG
09/12/2012 04:31 PM 356,598 photo 5 (5).JPG
09/12/2012 04:31 PM 349,361 photo 5 (6).JPG
09/12/2012 04:29 PM 340,799 photo 5.JPG
32 File(s) 10,968,915 bytes
Directory of C:\Users\Clare\DESKTOP\Internet stuff
11/04/2012 12:11 PM <DIR> .
11/04/2012 12:11 PM <DIR> ..
11/02/2012 06:18 PM 1,933 avast! Free Antivirus (2).lnk
06/21/2012 12:53 PM 1,852 avast! Free Antivirus.lnk
09/26/2012 04:50 PM 1,794 iTunes.lnk
11/03/2012 03:14 PM 1,120 Malwarebytes Anti-Malware (2).lnk
06/21/2012 08:46 PM 1,120 Malwarebytes Anti-Malware.lnk
5 File(s) 7,819 bytes
Directory of C:\Users\Clare\DESKTOP\logs and scanners
11/09/2012 11:39 AM <DIR> .
11/09/2012 11:39 AM <DIR> ..
11/04/2012 12:54 AM 14,258 Attach 11.4.12.txt
11/07/2012 09:10 AM 224,002 avast sc 1 11.3.12.JPG
11/07/2012 09:11 AM 134,746 avast sc 2 11.3.12.JPG
11/07/2012 09:27 AM 833 CCleaner.lnk
11/09/2012 11:39 AM 85 cmd.bat
11/09/2012 11:39 AM 0 cmd.txt
11/04/2012 12:53 AM 17,950 DDS 11.4.12.txt
11/07/2012 09:23 AM 50,477 Defogger.exe
11/07/2012 09:25 AM 472 defogger_disable 11.7.12.log
01/01/2011 01:14 AM 2,254 eula 11.4.12.txt
11/04/2012 02:25 PM 55,130 Extras 11.4.12.Txt
11/08/2012 11:26 AM 55,822 Extras.Txt
11/05/2012 08:44 AM <DIR> FRST
11/04/2012 12:42 AM 10,529 hijackthis 11.4.12.txt
11/07/2012 09:57 AM 1,120 Malwarebytes Anti-Malware.lnk
11/07/2012 09:36 AM 10,669,952 mb.exe.exe
11/07/2012 12:10 PM 1,826 mbam-log-2012-11-07 (09-58-01).txt
11/07/2012 09:37 AM 1,863,682 MGtools.exe
11/04/2012 02:23 PM 86,032 OTL 11.4.12.Txt
11/04/2012 02:05 PM 602,112 OTL.exe
11/08/2012 11:26 AM 84,616 OTL.Txt
11/07/2012 12:38 PM 2,845 RKreport 2 11.7.12.txt
11/07/2012 09:54 AM 2,615 RKreport[1]_S_11072012_02d0954.txt
11/07/2012 12:38 PM <DIR> RK_Quarantine
11/07/2012 09:35 AM 662,016 RogueKiller.exe
11/04/2012 12:15 PM 64,844 TDSSKiller log 11.4.12.txt
11/07/2012 10:14 AM 129,774 TDSSKiller log 11.7.12.txt
11/04/2012 12:10 PM 2,213,976 TDSSKiller.exe
26 File(s) 16,951,968 bytes
Directory of C:\Users\Clare\DESKTOP\logs and scanners\FRST
11/05/2012 08:44 AM <DIR> .
11/05/2012 08:44 AM <DIR> ..
11/05/2012 08:44 AM <DIR> Hives
11/05/2012 08:46 AM <DIR> Logs
11/05/2012 08:44 AM <DIR> Quarantine
0 File(s) 0 bytes
Directory of C:\Users\Clare\DESKTOP\logs and scanners\FRST\Hives
11/05/2012 08:44 AM <DIR> .
11/05/2012 08:44 AM <DIR> ..
09/05/2009 12:58 AM 24,576 BCD.C
11/05/2012 08:43 AM 28,672 BCD.D
11/05/2012 08:42 AM 524,288 default
11/05/2012 08:43 AM 262,144 sam
11/05/2012 08:43 AM 262,144 security
11/05/2012 08:42 AM 64,749,568 software
11/05/2012 08:43 AM 16,252,928 system
7 File(s) 82,104,320 bytes
Directory of C:\Users\Clare\DESKTOP\logs and scanners\FRST\Logs
11/05/2012 08:46 AM <DIR> .
11/05/2012 08:46 AM <DIR> ..
11/05/2012 08:46 AM 36,110 FRST_05-11-2012_08-46-42.txt
1 File(s) 36,110 bytes
Directory of C:\Users\Clare\DESKTOP\logs and scanners\FRST\Quarantine
11/05/2012 08:44 AM <DIR> .
11/05/2012 08:44 AM <DIR> ..
0 File(s) 0 bytes
Directory of C:\Users\Clare\DESKTOP\logs and scanners\RK_Quarantine
11/07/2012 12:38 PM <DIR> .
11/07/2012 12:38 PM <DIR> ..
11/07/2012 12:33 PM 3,769 Eula.txt
11/07/2012 12:38 PM 116,648 GoogleUpdate.exe.vir
11/07/2012 12:38 PM 408 NewStartPanel_{20D04FE0-0.reg
11/07/2012 12:38 PM 408 NewStartPanel_{59031a47-0.reg
11/07/2012 12:38 PM 512 PhysicalDrive0_User.dat
11/07/2012 12:38 PM 2,187 QuarantineReport.txt
11/07/2012 12:38 PM 406 Run_Google_Upd0.reg
11/07/2012 12:38 PM 336 System_ConsentPro0.reg
11/07/2012 12:38 PM 302 System_EnableLUA0.reg
9 File(s) 124,976 bytes
Directory of C:\Users\Clare\DESKTOP\Secondary Methods
11/07/2012 03:04 PM <DIR> .
11/07/2012 03:04 PM <DIR> ..
10/03/2012 10:29 PM 30,208 Basic Lesson Plan.doc
10/01/2012 10:14 PM 70,656 Course Syllabus for X330.3-30-2012.doc
10/31/2012 01:21 PM <DIR> Lesson 1
10/28/2012 01:00 PM <DIR> Lesson 2
10/21/2012 07:50 PM <DIR> Lesson 3
10/31/2012 03:18 PM <DIR> Lesson 4
11/07/2012 02:31 PM <DIR> Lesson 5
11/07/2012 03:26 PM <DIR> Lesson 6
11/04/2012 11:53 AM 955,698 Secondary Methods.zip
3 File(s) 1,056,562 bytes
Directory of C:\Users\Clare\DESKTOP\Secondary Methods\Lesson 1
10/31/2012 01:21 PM <DIR> .
10/31/2012 01:21 PM <DIR> ..
10/04/2012 12:22 AM 133,120 Basic Instructional Design.doc
10/03/2012 10:30 PM 39,424 Characteristics of Teenagers.doc
10/03/2012 10:31 PM 66,048 Diagnostic Procedures.doc
10/03/2012 10:29 PM 659,892 Frys Readability Chart.jpg
10/04/2012 01:14 AM 30,208 Lesson One (A) Assignment Instructions.doc
10/09/2012 04:20 PM 41,984 Lesson One (A)_Lesson Plan_Navalta.doc
10/01/2012 10:30 PM 34,304 Lesson One-B Assignment Instructions.doc
10/03/2012 10:31 PM 30,720 Readability Level of Text Materials.doc
8 File(s) 1,035,700 bytes
Directory of C:\Users\Clare\DESKTOP\Secondary Methods\Lesson 2
10/28/2012 01:00 PM <DIR> .
10/28/2012 01:00 PM <DIR> ..
10/20/2012 05:28 PM 48,640 Assessments that Work.doc
10/09/2012 09:16 PM 34,816 Introduction to Brain-Based Learning.doc
10/21/2012 04:34 PM 31,339 Lesson 2 Assignment_Navalta.docx
10/20/2012 07:40 PM 37,888 Lesson Two Assignment Instructions.doc
10/20/2012 04:27 PM 56,832 Memory and Storage Systems.doc
10/21/2012 04:56 PM 11,691 paper pencil assessment lesson 2.docx
10/11/2012 09:22 PM 43,520 The Amazing Teen Brain.doc
7 File(s) 264,726 bytes
Directory of C:\Users\Clare\DESKTOP\Secondary Methods\Lesson 3
10/21/2012 07:50 PM <DIR> .
10/21/2012 07:50 PM <DIR> ..
10/21/2012 04:42 PM 70,144 Gathering Facts About Learners.doc
10/21/2012 07:50 PM 20,301 Lesson 3 strategies chart.docx
10/21/2012 05:27 PM 39,424 Lesson Three Assignment Instructions.doc
10/21/2012 05:48 PM 13,144 PPT notes.docx
4 File(s) 143,013 bytes
Directory of C:\Users\Clare\DESKTOP\Secondary Methods\Lesson 4
10/31/2012 03:18 PM <DIR> .
10/31/2012 03:18 PM <DIR> ..
10/31/2012 03:18 PM 15,283 Assignment 4, Content Standards for bio unit.docx
10/31/2012 12:57 PM 60,416 Group Think.doc
10/27/2012 09:15 AM 34,304 Lesson Four Assignment Instructions.doc
10/30/2012 03:14 PM 62,976 Why Standardized Tests Rarely tell you.doc
4 File(s) 172,979 bytes
Directory of C:\Users\Clare\DESKTOP\Secondary Methods\Lesson 5
11/07/2012 02:31 PM <DIR> .
11/07/2012 02:31 PM <DIR> ..
11/06/2012 02:33 PM 49,664 Curriculum Mapping Format and Example.doc
11/03/2012 03:16 PM 53,248 Lesson Five Assignment Instructions.doc
11/05/2012 03:15 PM 94,208 Strategies for Differentiating Access to Content.doc
3 File(s) 197,120 bytes
Directory of C:\Users\Clare\DESKTOP\Secondary Methods\Lesson 6
11/07/2012 03:26 PM <DIR> .
11/07/2012 03:26 PM <DIR> ..
11/07/2012 03:07 PM 43,008 Additional Cooperative Learning Strategies.doc
11/07/2012 03:05 PM 34,816 Assignment Instructions.doc
11/07/2012 03:06 PM 83,968 More Graphic Organizers.doc
11/07/2012 03:11 PM 39,936 Part IV, Research Findings that can be used.doc
11/07/2012 03:10 PM 48,640 Research Findings Part II.doc
11/07/2012 03:08 PM 44,032 Research Findings-Part I.doc
11/07/2012 03:12 PM 45,056 Research Findings-Part III.doc
7 File(s) 339,456 bytes
Total Files Listed:
172 File(s) 5,011,719,020 bytes
53 Dir(s) 427,976,331,264 bytes free

< End of report >
calai
Regular Member
 
Posts: 21
Joined: November 4th, 2012, 4:38 am
Advertisement
Register to Remove

Re: Rootkit removed, strange computer behavior

Unread postby Gary R » November 10th, 2012, 2:34 am

I don't see the $CA study guide.docx file listed that you said you were seeing, or any System Folders either.

I do see a number of folders that would not normally be found on a default desktop, but they look to be ones you've created yourself for school/college, or as a repository for the various tools you've been using to "clean" your computer. There's quite a few there that I haven't asked you to run, and that should not have been used without guidance.

Have you been helped with your problem by someone else, and if so can you give me a link to your previous help topic?
User avatar
Gary R
Administrator
Administrator
 
Posts: 21868
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Rootkit removed, strange computer behavior

Unread postby calai » November 12th, 2012, 1:33 am

Hi Gary.

After you told me that my problem could have been a software issue instead of a malware issue, I posted on another forum to see if they had any other input since I was still experiencing strange behavior. I didn't do much with my computer after I posted on the other forum, except run some scans that they had suggested.

Here it is: http://forums.majorgeeks.com/showthread.php?t=269202

They, too, could not find anything.
calai
Regular Member
 
Posts: 21
Joined: November 4th, 2012, 4:38 am

Re: Rootkit removed, strange computer behavior

Unread postby Gary R » November 12th, 2012, 3:00 am

I'm not a member at Major Geeks, so I don't have access to the logs there, as they were posted as attachments, however it would appear that TimW came to the same conclusion as myself, and that your problems do not appear to be Malware related.

At this point since it would seem you do not want to reformat, I think it would be best to refer you to one of the "general" help forums, who specialise in non-Malware related issues.

Below, in no order of preference, are links to forums where this kind of help is offered, and where the standard of help is generally of a high standard ....

http://forums.whatthetech.com/index.php?showforum=119
http://www.bleepingcomputer.com/forums/forum167.html
http://www.geekstogo.com/forum/forum/79 ... windows-7/

If anyone at those forums asks you if you've checked for Malware, please feel free to refer them to this topic.

You may wish to keep the logs from the various tools we've used to investigate your computer, to show to your next helper, but if you don't wish to do that, then to safely remove the tools we've been using on your computer, please do the following ....

Let's clear out OTL and the files and folders it created. This will also remove TDSSKiller and FRST (provided the USB drive with it on is attached to your computer).
  • Double click OTL.exe to launch the program.
  • Click on the CleanUp! button.
  • OTL will download a list from the Internet, if your firewall or other defensive programmes alerts you, allow it access.
  • You will be prompted to allow the clean up procedure, click Yes
  • When finished exit out of OTL
  • Now delete OTL.exe (if still present).

Sorry we couldn't resolve your issues, and I do wish you the best of luck in getting them resolved.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21868
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Rootkit removed, strange computer behavior

Unread postby Gary R » November 16th, 2012, 7:19 pm

This topic is now closed.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21868
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 57 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware