My Laptop was being used massively lately by some guests around the house and avast has blocked a few things over the web at this period…though i have a Default deny HIPS running and MBAM Pro…I would love to get my logs analyzed by essexboy…since he is qualified and knows better than my head ;D
I know this Laptop is clean…but anyway… ;D
Attaching my OTL logs for a review…Please tell me your opinions
You need to have this checked out PRC - [2009/07/14 06:44:46 | 000,115,200 | ---- | M] () – \?\C:\Windows\System32\wbem\WMIADAP.EXE as it is not normally a global root file
Could you run aswMBR
Download and Install Combofix
Download ComboFix from one of the following locations: Link 1 Link 2
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
[*]Double click on ComboFix.exe & follow the prompts.
[*]Accept the disclaimer and allow to update if it asks
[2010/11/20 17:47:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 – C:\Windows\System32\userinit.exe <<- combofix deemed this as malware
[2010/11/20 17:47:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 – C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe <<-- file used as replacement also has same MD5 as the one removed by CF.
Is this a false-Detection from CF??
EDIT: File is confirmed as FP by SUBs from MBAM Forum…it has been reported.
SUB’s said he had the same exact file on his VM and CF didnt detect it… Would it be Alright to uninstall CF now?? I guess this system cannot be anymore trusted or what??