|
Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs |
|
Topic Tools |
#1
|
|||
|
|||
Need Help with GMER Scan.
Hello to all, I am in need of help with Gmer scan. looks like some sort of malware/rootkits. Thanks to all.
|
#2
|
||||
|
||||
Hi bot96,
What is the problem ? The software has not been updated for a very long time. I want to suggest another software for you. ______________________________ Please do this; RogueKiller scan: Please download and run RogueKiller 32/64 bit to your desktop Quit all running programs. For Windows XP, double-click to start. For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run. Click Scan to scan the system. When the scan completes > Close out the program > Don't Fix anything! Don't run any other options, they're not all bad! Post back the report which should be located on your desktop. (please don't put logs in code or quotes) |
#3
|
|||
|
|||
Thanks, I ran that today.
|
#4
|
|||
|
|||
RogueKiller V12.11.14.0 (x64) [Sep 11 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/ Feedback : https://forum.adlice.com Website : http://www.adlice.com/download/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : bill [Administrator] Started from : C:\Program Files\RogueKiller\RogueKiller64.exe Mode : Scan -- Date : 09/12/2017 19:33:16 (Duration : 00:15:36) ¤¤¤ Processes : 0 ¤¤¤ ¤¤¤ Registry : 21 ¤¤¤ [PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://toshiba13.msn.com/?pc=TNJB -> Found [PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Found [PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Found [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-438638920-2443111486-200382305-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced | Start_TrackProgs : 0 -> Found [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-438638920-2443111486-200382305-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced | Start_ShowMyComputer : 2 -> Found [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-438638920-2443111486-200382305-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced | Start_ShowControlPanel : 2 -> Found [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-438638920-2443111486-200382305-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced | Start_ShowMyDocs : 2 -> Found [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-438638920-2443111486-200382305-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced | Start_ShowDownloads : 2 -> Found [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-438638920-2443111486-200382305-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced | Start_ShowMyGames : 0 -> Found [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-438638920-2443111486-200382305-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced | Start_ShowMyMusic : 0 -> Found [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-438638920-2443111486-200382305-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced | Start_ShowUser : 0 -> Found [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-438638920-2443111486-200382305-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced | Start_ShowMyPics : 0 -> Found [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-438638920-2443111486-200382305-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced | Start_TrackProgs : 0 -> Found [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-438638920-2443111486-200382305-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced | Start_ShowMyComputer : 2 -> Found [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-438638920-2443111486-200382305-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced | Start_ShowControlPanel : 2 -> Found [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-438638920-2443111486-200382305-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced | Start_ShowMyDocs : 2 -> Found [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-438638920-2443111486-200382305-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced | Start_ShowDownloads : 2 -> Found [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-438638920-2443111486-200382305-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced | Start_ShowMyGames : 0 -> Found [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-438638920-2443111486-200382305-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced | Start_ShowMyMusic : 0 -> Found [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-438638920-2443111486-200382305-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced | Start_ShowUser : 0 -> Found [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-438638920-2443111486-200382305-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced | Start_ShowMyPics : 0 -> Found ¤¤¤ Tasks : 0 ¤¤¤ ¤¤¤ Files : 1 ¤¤¤ [PUP.Gen1][Folder] C:\Users\bill\AppData\Roaming\Tencent -> Found ¤¤¤ WMI : 0 ¤¤¤ ¤¤¤ Hosts File : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤ ¤¤¤ Web browsers : 1 ¤¤¤ [PUM.HomePage][Firefox:Config] drgfohuh.default-1504050421706 : user_pref("browser.startup.homepage", "https://classic.startpage.com/"); -> Found ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: TOSHIBA MQ01ABD075 SCSI Disk Device +++++ --- User --- [MBR] 9a515fd2252ec13d5901101905258e7e [BSP] ff7a4072feb1da85342899412900e601 : HP|VT.Unknown MBR Code Partition table: 0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 MB 1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 3074048 | Size: 704049 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 1444966400 | Size: 9854 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] User = LL1 ... OK User = LL2 ... OK |
#5
|
|||
|
|||
GMER 2.2.19882 - http://www.gmer.net
Rootkit scan 2017-09-12 20:13:12 Windows 6.1.7601 Service Pack 1 x64 Running: gmer.exe ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Par ameters\Instup_15004048634312303@SetupOperations ???;?;?????????????????t?????????;???l???????????? ??????System???????????;??????????????????Le?????? ???????;je??System??\^??????-4???????????????????????????????????????????(???B? B?B??.NT?????v2.10|Action=Allow|Active=FALSE|Dir=I n|Protocol=6|Profile=Private|Profile=Public|LPort= 2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRo ot%\system32\svchost.exe|Svc=Qwave|Name=@FirewallA PI.dll,-31261|Desc=@FirewallAPI.dll,-31264|EmbedCtxt=@FirewallAPI.dll,-31252|????v2.10|Action=Allow|Active=FALSE|Dir=In|P rotocol=6|Profile=Private|Profile=Public|LPort=535 8|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name= @FirewallAPI.dll,-31773|Desc=@FirewallAPI.dll,-31774|EmbedCtxt=@FirewallAPI.dll,-31752|??????????<??????????????Pd????????????????? ??;???;???????????;???????;???;???????????;??????? <???;???????????;???????<???;??????????????aswSP?? ??????<???;???????;???????????????????????<??????? ??????????????? <???????????????P?????;?????????;??????????????v2. 10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Pr ofile=Private|Profile=Publ Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Par ameters\Instup_15042240344712310@SetupOperations ???h?y????<??????????????????????????(???????????? ???????????????????(?????????????????????????????? ?`?f?i?i????????v2.10|Action=Allow|Active=FALSE|Di r=In|Protocol=6|Profile=Private|Profile=Public|LPo rt=135|RA4=LocalSubnet|RA6=LocalSubnet|App=%system root%\system32\svchost.exe|Svc=rpcss|Name=@Firewal lAPI.dll,-34755|Desc=@FirewallAPI.dll,-34756|EmbedCtxt=@FirewallAPI.dll,-34752|?|???v2.10|Action=Allow|Active=TRUE|Dir=In|P rotocol=17|LPort=546|RPort=547|App=%SystemRoot%\sy stem32\svchost.exe|Svc=dhcp|Name=@FirewallAPI.dll,-25304|Desc=@FirewallAPI.dll,-25306|EmbedCtxt=@FirewallAPI.dll,-25000|???????N????5???????????????????????????x??? ??t????v2.10|Action=Allow|Active=FALSE|Dir=In|Prot ocol=6|Profile=Domain|LPort=135|App=%systemroot%\s ystem32\svchost.exe|Svc=rpcss|Name=@FirewallAPI.dl l,-34755|Desc=@FirewallAPI.dll,-34756|EmbedCtxt=@FirewallAPI.dll,-34752|?ll??? ???????z???????s?????????????????????????????????? ?????i???????????e???7???????????????????????????? ???????}??{00000000-0000-0000-0000-000000000000}???????(N Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Paramet ers\Instup_15004048634312303@SetupOperations ????)???ssud.Install? ??? ?????????????????????0???????????????????????????? ????????????? r?????????????????? V??????????????????????????????????????????????l?? ?????????????????????????????????????i???l???????? ???????k??? ?????????????????????0?????????????????????????i?? ????????????????????? ?????????????????????,?????????????????f??? ?????????????????????0??L????????? ???????????? ?????????????????????0????????????&??????????????? ?????F??? ?????????????????????0????????????????????? ???????????????????_?0???????????????????????????? ????????????????????????volsnap.inf:MSFT.NTamd64:v olume_snapshot_install:6.1.7600.16385:storage\volu mesnapshot??????????????? ?????????????????????0????????????????????? ???????????????????`?0???????????????????????????? ?????????????_??????????? ?????????????????????0???????????????????????????? ????????????? ???????????????????t?0???????????????????????????? ?J???????????f??????????????????? ?????????????????????0????????????&??????????????? ????????? ?????????????????????0??????? Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Paramet ers\Instup_15042240344712310@SetupOperations ????????????????????????? ?????????????????????,??????$????? ???????????? ???????n?????????????,????????R?'??????t??????\\?\ STORAGE#VOLUMESNAPSHOT#HARDDISKVOLUMESNAPSHOT8#{53 f5630d-b6bf-11d0-94f2-00a0c91efb8b}????????????s???h??????????????? ???????????????????s?0????????0???????????? ??????????????????????????????????? ????????*??????????i?,??0??? ?H??? ???????????? ?????????????????????0???????????????????????????? ????????????????????????????? ???????????????????????????? ???'??????????????1???????????v??????????????????? ,??????????????????%SystemRoot%\system32\wpdshext. dll,-704?????? ???????????????????s?0????????????????????.NTAMD64 ????????????????????r????????????????????????????? ???????????????.??LegacyDriver????oem21.inf??????? ?????????????????????????o?????t?????????????????? ??????system32\DRIVERS\ssudbus.sys??????N????????? ??D?c_??????????????????????3????????????????????? ???????????1??????n???Microsoft???? 0??????T???????????????????????????????????????T?? ?????????????h???????????????????????d??.1? ---- EOF - GMER 2.2 ---- |
#6
|
|||
|
|||
Sending the Gmer report also.
|
#7
|
||||
|
||||
Hi bot96,
Gmer lines belong to Avast software.!! ======================================== Adwcleaner scan: Please download AdwCleaner by Xplode onto your desktop.
|
#8
|
|||
|
|||
# AdwCleaner 7.0.2.1 - Logfile created on Thu Sep 14 23:56:25 2017
# Updated on 2017/29/08 by Malwarebytes # Database: 09-13-2017.1 # Running on Windows 7 Professional (X64) # Mode: scan # Support: https://www.malwarebytes.com/support ***** [ Services ] ***** No malicious services found. ***** [ Folders ] ***** No malicious folders found. ***** [ Files ] ***** No malicious files found. ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious WMI found. ***** [ Shortcuts ] ***** No malicious shortcuts found. ***** [ Tasks ] ***** No malicious tasks found. ***** [ Registry ] ***** No malicious registry entries found. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries. ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries. ************************* C:/AdwCleaner/AdwCleaner[C0].txt - [2503 B] - [2017/7/3 3:30:41] C:/AdwCleaner/AdwCleaner[C2].txt - [3593 B] - [2017/7/13 0:0:26] C:/AdwCleaner/AdwCleaner[S0].txt - [2721 B] - [2017/7/3 3:28:46] C:/AdwCleaner/AdwCleaner[S10].txt - [2721 B] - [2017/7/24 23:57:49] C:/AdwCleaner/AdwCleaner[S11].txt - [2790 B] - [2017/7/25 0:11:45] C:/AdwCleaner/AdwCleaner[S12].txt - [2807 B] - [2017/7/29 21:39:1] C:/AdwCleaner/AdwCleaner[S13].txt - [2875 B] - [2017/8/1 0:44:15] C:/AdwCleaner/AdwCleaner[S14].txt - [2770 B] - [2017/8/1 0:58:37] C:/AdwCleaner/AdwCleaner[S15].txt - [2276 B] - [2017/8/1 1:13:22] C:/AdwCleaner/AdwCleaner[S16].txt - [2197 B] - [2017/8/1 1:23:5] C:/AdwCleaner/AdwCleaner[S17].txt - [2229 B] - [2017/8/1 1:29:32] C:/AdwCleaner/AdwCleaner[S18].txt - [2296 B] - [2017/8/3 2:23:0] C:/AdwCleaner/AdwCleaner[S19].txt - [2362 B] - [2017/8/6 21:12:27] C:/AdwCleaner/AdwCleaner[S1].txt - [1302 B] - [2017/7/7 21:57:44] C:/AdwCleaner/AdwCleaner[S20].txt - [2430 B] - [2017/8/17 19:46:9] C:/AdwCleaner/AdwCleaner[S21].txt - [2498 B] - [2017/8/18 19:19:2] C:/AdwCleaner/AdwCleaner[S22].txt - [2566 B] - [2017/8/22 22:15:16] C:/AdwCleaner/AdwCleaner[S23].txt - [2635 B] - [2017/8/24 22:17:57] C:/AdwCleaner/AdwCleaner[S24].txt - [2704 B] - [2017/8/26 0:46:0] C:/AdwCleaner/AdwCleaner[S25].txt - [2771 B] - [2017/8/27 21:12:11] C:/AdwCleaner/AdwCleaner[S26].txt - [2840 B] - [2017/8/29 22:50:30] C:/AdwCleaner/AdwCleaner[S27].txt - [2909 B] - [2017/8/31 23:59:1] C:/AdwCleaner/AdwCleaner[S28].txt - [2977 B] - [2017/9/5 22:53:1] C:/AdwCleaner/AdwCleaner[S29].txt - [3066 B] - [2017/9/8 23:51:34] C:/AdwCleaner/AdwCleaner[S2].txt - [1755 B] - [2017/7/12 23:59:59] C:/AdwCleaner/AdwCleaner[S30].txt - [3112 B] - [2017/9/9 21:45:22] C:/AdwCleaner/AdwCleaner[S31].txt - [3180 B] - [2017/9/10 13:47:59] C:/AdwCleaner/AdwCleaner[S32].txt - [3249 B] - [2017/9/10 17:37:43] C:/AdwCleaner/AdwCleaner[S33].txt - [3422 B] - [2017/9/13 19:55:38] C:/AdwCleaner/AdwCleaner[S3].txt - [1520 B] - [2017/7/13 23:29:5] C:/AdwCleaner/AdwCleaner[S4].txt - [1352 B] - [2017/7/17 21:33:21] C:/AdwCleaner/AdwCleaner[S5].txt - [1796 B] - [2017/7/18 19:18:3] C:/AdwCleaner/AdwCleaner[S6].txt - [1624 B] - [2017/7/19 22:59:1] C:/AdwCleaner/AdwCleaner[S7].txt - [1658 B] - [2017/7/21 23:3:53] C:/AdwCleaner/AdwCleaner[S8].txt - [2585 B] - [2017/7/24 22:59:35] C:/AdwCleaner/AdwCleaner[S9].txt - [2653 B] - [2017/7/24 23:12:6] ########## EOF - C:\AdwCleaner\AdwCleaner[S34].txt ########## |
#9
|
|||
|
|||
Other day, it found tencent and removed. my computer is slowing down something is wrong.
|
#10
|
||||
|
||||
Quote:
Which avast product you used before ? Please uninstall Avast: https://www.avast.com/uninstall-utility ----------------------------------------------------------- How is your PC behaving now? |
#11
|
|||
|
|||
deleted avast.
|
#12
|
|||
|
|||
ran rogue killer again found 21 items.
|
#13
|
|||
|
|||
RogueKiller V12.11.14.0 (x64) [Sep 11 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/ Feedback : https://forum.adlice.com Website : http://www.adlice.com/download/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : bill [Administrator] Started from : C:\Program Files\RogueKiller\RogueKiller64.exe Mode : Scan -- Date : 09/16/2017 12:07:53 (Duration : 00:16:19) ¤¤¤ Processes : 0 ¤¤¤ ¤¤¤ Registry : 21 ¤¤¤ [PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://toshiba13.msn.com/?pc=TNJB -> Found [PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Found [PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Found [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-438638920-2443111486-200382305-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced | Start_TrackProgs : 0 -> Found [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-438638920-2443111486-200382305-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced | Start_ShowMyComputer : 2 -> Found [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-438638920-2443111486-200382305-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced | Start_ShowControlPanel : 2 -> Found [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-438638920-2443111486-200382305-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced | Start_ShowMyDocs : 2 -> Found [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-438638920-2443111486-200382305-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced | Start_ShowDownloads : 2 -> Found [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-438638920-2443111486-200382305-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced | Start_ShowMyGames : 0 -> Found [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-438638920-2443111486-200382305-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced | Start_ShowMyMusic : 0 -> Found [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-438638920-2443111486-200382305-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced | Start_ShowUser : 0 -> Found [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-438638920-2443111486-200382305-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced | Start_ShowMyPics : 0 -> Found [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-438638920-2443111486-200382305-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced | Start_TrackProgs : 0 -> Found [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-438638920-2443111486-200382305-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced | Start_ShowMyComputer : 2 -> Found [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-438638920-2443111486-200382305-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced | Start_ShowControlPanel : 2 -> Found [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-438638920-2443111486-200382305-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced | Start_ShowMyDocs : 2 -> Found [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-438638920-2443111486-200382305-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced | Start_ShowDownloads : 2 -> Found [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-438638920-2443111486-200382305-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced | Start_ShowMyGames : 0 -> Found [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-438638920-2443111486-200382305-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced | Start_ShowMyMusic : 0 -> Found [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-438638920-2443111486-200382305-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced | Start_ShowUser : 0 -> Found [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-438638920-2443111486-200382305-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced | Start_ShowMyPics : 0 -> Found ¤¤¤ Tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ WMI : 0 ¤¤¤ ¤¤¤ Hosts File : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤ ¤¤¤ Web browsers : 1 ¤¤¤ [PUM.HomePage][Firefox:Config] drgfohuh.default-1504050421706 : user_pref("browser.startup.homepage", "https://classic.startpage.com/"); -> Found ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: TOSHIBA MQ01ABD075 SCSI Disk Device +++++ --- User --- [MBR] 9a515fd2252ec13d5901101905258e7e [BSP] ff7a4072feb1da85342899412900e601 : HP|VT.Unknown MBR Code Partition table: 0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 MB 1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 3074048 | Size: 704049 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 1444966400 | Size: 9854 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] User = LL1 ... OK User = LL2 ... OK |
#14
|
||||
|
||||
They are clean. Is there any issue ?
|
#15
|
|||
|
|||
I found 2 things wrong.
1. avast has behave shield and I ripped its heart out. 2. firefox has 2 instants of it running at the same time and I killed that. I see an improvement. |
Bookmarks |
«
Previous Topic
|
Next Topic
»
Topic Tools | |
|
|
All times are GMT +1. The time now is 07:13 AM.