Go Back   Cyber Tech Help Support Forums > Software > Malware Removal

Notices

Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs

Reply
 
Topic Tools
  #1  
Old September 10th, 2017, 07:34 PM
bot96 bot96 is offline
Member
 
Join Date: Jun 2012
O/S: Windows 7 64-bit
Posts: 232
Need Help with GMER Scan.

Hello to all, I am in need of help with Gmer scan. looks like some sort of malware/rootkits. Thanks to all.
Reply With Quote
  #2  
Old September 10th, 2017, 11:30 PM
olgun52's Avatar
olgun52 olgun52 is offline
Malware Removal Team
 
Join Date: Feb 2014
O/S: Windows 10 Pro
Location: Europa
Posts: 2,066
Hi bot96,

What is the problem ?
The software has not been updated for a very long time. I want to suggest another software for you.
______________________________

Please do this;

RogueKiller scan:

Please download and run RogueKiller 32/64 bit to your desktop

Quit all running programs.

For Windows XP, double-click to start.
For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!

Post back the report which should be located on your desktop.
(please don't put logs in code or quotes)
Reply With Quote
  #3  
Old September 13th, 2017, 12:51 AM
bot96 bot96 is offline
Member
 
Join Date: Jun 2012
O/S: Windows 7 64-bit
Posts: 232
Thanks, I ran that today.
Reply With Quote
  #4  
Old September 13th, 2017, 12:52 AM
bot96 bot96 is offline
Member
 
Join Date: Jun 2012
O/S: Windows 7 64-bit
Posts: 232
RogueKiller V12.11.14.0 (x64) [Sep 11 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : bill [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 09/12/2017 19:33:16 (Duration : 00:15:36)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 21 ¤¤¤
[PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://toshiba13.msn.com/?pc=TNJB -> Found
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Found
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-438638920-2443111486-200382305-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced | Start_TrackProgs : 0 -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-438638920-2443111486-200382305-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced | Start_ShowMyComputer : 2 -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-438638920-2443111486-200382305-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced | Start_ShowControlPanel : 2 -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-438638920-2443111486-200382305-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced | Start_ShowMyDocs : 2 -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-438638920-2443111486-200382305-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced | Start_ShowDownloads : 2 -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-438638920-2443111486-200382305-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced | Start_ShowMyGames : 0 -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-438638920-2443111486-200382305-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced | Start_ShowMyMusic : 0 -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-438638920-2443111486-200382305-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced | Start_ShowUser : 0 -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-438638920-2443111486-200382305-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced | Start_ShowMyPics : 0 -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-438638920-2443111486-200382305-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced | Start_TrackProgs : 0 -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-438638920-2443111486-200382305-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced | Start_ShowMyComputer : 2 -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-438638920-2443111486-200382305-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced | Start_ShowControlPanel : 2 -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-438638920-2443111486-200382305-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced | Start_ShowMyDocs : 2 -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-438638920-2443111486-200382305-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced | Start_ShowDownloads : 2 -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-438638920-2443111486-200382305-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced | Start_ShowMyGames : 0 -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-438638920-2443111486-200382305-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced | Start_ShowMyMusic : 0 -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-438638920-2443111486-200382305-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced | Start_ShowUser : 0 -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-438638920-2443111486-200382305-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced | Start_ShowMyPics : 0 -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 1 ¤¤¤
[PUP.Gen1][Folder] C:\Users\bill\AppData\Roaming\Tencent -> Found

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][Firefox:Config] drgfohuh.default-1504050421706 : user_pref("browser.startup.homepage", "https://classic.startpage.com/"); -> Found

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MQ01ABD075 SCSI Disk Device +++++
--- User ---
[MBR] 9a515fd2252ec13d5901101905258e7e
[BSP] ff7a4072feb1da85342899412900e601 : HP|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 3074048 | Size: 704049 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 1444966400 | Size: 9854 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
Reply With Quote
  #5  
Old September 13th, 2017, 01:13 AM
bot96 bot96 is offline
Member
 
Join Date: Jun 2012
O/S: Windows 7 64-bit
Posts: 232
GMER 2.2.19882 - http://www.gmer.net
Rootkit scan 2017-09-12 20:13:12
Windows 6.1.7601 Service Pack 1 x64
Running: gmer.exe


---- Registry - GMER 2.2 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Par ameters\Instup_15004048634312303@SetupOperations ???;?;?????????????????t?????????;???l???????????? ??????System???????????;??????????????????Le?????? ???????;je??System??\^??????-4???????????????????????????????????????????(???B? B?B??.NT?????v2.10|Action=Allow|Active=FALSE|Dir=I n|Protocol=6|Profile=Private|Profile=Public|LPort= 2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRo ot%\system32\svchost.exe|Svc=Qwave|Name=@FirewallA PI.dll,-31261|Desc=@FirewallAPI.dll,-31264|EmbedCtxt=@FirewallAPI.dll,-31252|????v2.10|Action=Allow|Active=FALSE|Dir=In|P rotocol=6|Profile=Private|Profile=Public|LPort=535 8|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name= @FirewallAPI.dll,-31773|Desc=@FirewallAPI.dll,-31774|EmbedCtxt=@FirewallAPI.dll,-31752|??????????<??????????????Pd????????????????? ??;???;???????????;???????;???;???????????;??????? <???;???????????;???????<???;??????????????aswSP?? ??????<???;???????;???????????????????????<??????? ??????????????? <???????????????P?????;?????????;??????????????v2. 10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Pr ofile=Private|Profile=Publ
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Par ameters\Instup_15042240344712310@SetupOperations ???h?y????<??????????????????????????(???????????? ???????????????????(?????????????????????????????? ?`?f?i?i????????v2.10|Action=Allow|Active=FALSE|Di r=In|Protocol=6|Profile=Private|Profile=Public|LPo rt=135|RA4=LocalSubnet|RA6=LocalSubnet|App=%system root%\system32\svchost.exe|Svc=rpcss|Name=@Firewal lAPI.dll,-34755|Desc=@FirewallAPI.dll,-34756|EmbedCtxt=@FirewallAPI.dll,-34752|?|???v2.10|Action=Allow|Active=TRUE|Dir=In|P rotocol=17|LPort=546|RPort=547|App=%SystemRoot%\sy stem32\svchost.exe|Svc=dhcp|Name=@FirewallAPI.dll,-25304|Desc=@FirewallAPI.dll,-25306|EmbedCtxt=@FirewallAPI.dll,-25000|???????N????5???????????????????????????x??? ??t????v2.10|Action=Allow|Active=FALSE|Dir=In|Prot ocol=6|Profile=Domain|LPort=135|App=%systemroot%\s ystem32\svchost.exe|Svc=rpcss|Name=@FirewallAPI.dl l,-34755|Desc=@FirewallAPI.dll,-34756|EmbedCtxt=@FirewallAPI.dll,-34752|?ll??? ???????z???????s?????????????????????????????????? ?????i???????????e???7???????????????????????????? ???????}??{00000000-0000-0000-0000-000000000000}???????(N
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Paramet ers\Instup_15004048634312303@SetupOperations ????)???ssud.Install? ??? ?????????????????????0???????????????????????????? ????????????? r?????????????????? V??????????????????????????????????????????????l?? ?????????????????????????????????????i???l???????? ???????k??? ?????????????????????0?????????????????????????i?? ????????????????????? ?????????????????????,?????????????????f??? ?????????????????????0??L????????? ???????????? ?????????????????????0????????????&??????????????? ?????F??? ?????????????????????0????????????????????? ???????????????????_?0???????????????????????????? ????????????????????????volsnap.inf:MSFT.NTamd64:v olume_snapshot_install:6.1.7600.16385:storage\volu mesnapshot??????????????? ?????????????????????0????????????????????? ???????????????????`?0???????????????????????????? ?????????????_??????????? ?????????????????????0???????????????????????????? ????????????? ???????????????????t?0???????????????????????????? ?J???????????f??????????????????? ?????????????????????0????????????&??????????????? ????????? ?????????????????????0???????
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Paramet ers\Instup_15042240344712310@SetupOperations ????????????????????????? ?????????????????????,??????$????? ???????????? ???????n?????????????,????????R?'??????t??????\\?\ STORAGE#VOLUMESNAPSHOT#HARDDISKVOLUMESNAPSHOT8#{53 f5630d-b6bf-11d0-94f2-00a0c91efb8b}????????????s???h??????????????? ???????????????????s?0????????0???????????? ??????????????????????????????????? ????????*??????????i?,??0??? ?H??? ???????????? ?????????????????????0???????????????????????????? ????????????????????????????? ???????????????????????????? ???'??????????????1???????????v??????????????????? ,??????????????????%SystemRoot%\system32\wpdshext. dll,-704?????? ???????????????????s?0????????????????????.NTAMD64 ????????????????????r????????????????????????????? ???????????????.??LegacyDriver????oem21.inf??????? ?????????????????????????o?????t?????????????????? ??????system32\DRIVERS\ssudbus.sys??????N????????? ??D?c_??????????????????????3????????????????????? ???????????1??????n???Microsoft???? 0??????T???????????????????????????????????????T?? ?????????????h???????????????????????d??.1?

---- EOF - GMER 2.2 ----
Reply With Quote
  #6  
Old September 13th, 2017, 01:14 AM
bot96 bot96 is offline
Member
 
Join Date: Jun 2012
O/S: Windows 7 64-bit
Posts: 232
Sending the Gmer report also.
Reply With Quote
  #7  
Old September 13th, 2017, 04:16 PM
olgun52's Avatar
olgun52 olgun52 is offline
Malware Removal Team
 
Join Date: Feb 2014
O/S: Windows 10 Pro
Location: Europa
Posts: 2,066
Hi bot96,

Gmer lines belong to Avast software.!!
========================================

Adwcleaner scan:

Please download AdwCleaner by Xplode onto your desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan, then Clean.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
Reply With Quote
  #8  
Old September 15th, 2017, 01:00 AM
bot96 bot96 is offline
Member
 
Join Date: Jun 2012
O/S: Windows 7 64-bit
Posts: 232
# AdwCleaner 7.0.2.1 - Logfile created on Thu Sep 14 23:56:25 2017
# Updated on 2017/29/08 by Malwarebytes
# Database: 09-13-2017.1
# Running on Windows 7 Professional (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries.

*************************

C:/AdwCleaner/AdwCleaner[C0].txt - [2503 B] - [2017/7/3 3:30:41]
C:/AdwCleaner/AdwCleaner[C2].txt - [3593 B] - [2017/7/13 0:0:26]
C:/AdwCleaner/AdwCleaner[S0].txt - [2721 B] - [2017/7/3 3:28:46]
C:/AdwCleaner/AdwCleaner[S10].txt - [2721 B] - [2017/7/24 23:57:49]
C:/AdwCleaner/AdwCleaner[S11].txt - [2790 B] - [2017/7/25 0:11:45]
C:/AdwCleaner/AdwCleaner[S12].txt - [2807 B] - [2017/7/29 21:39:1]
C:/AdwCleaner/AdwCleaner[S13].txt - [2875 B] - [2017/8/1 0:44:15]
C:/AdwCleaner/AdwCleaner[S14].txt - [2770 B] - [2017/8/1 0:58:37]
C:/AdwCleaner/AdwCleaner[S15].txt - [2276 B] - [2017/8/1 1:13:22]
C:/AdwCleaner/AdwCleaner[S16].txt - [2197 B] - [2017/8/1 1:23:5]
C:/AdwCleaner/AdwCleaner[S17].txt - [2229 B] - [2017/8/1 1:29:32]
C:/AdwCleaner/AdwCleaner[S18].txt - [2296 B] - [2017/8/3 2:23:0]
C:/AdwCleaner/AdwCleaner[S19].txt - [2362 B] - [2017/8/6 21:12:27]
C:/AdwCleaner/AdwCleaner[S1].txt - [1302 B] - [2017/7/7 21:57:44]
C:/AdwCleaner/AdwCleaner[S20].txt - [2430 B] - [2017/8/17 19:46:9]
C:/AdwCleaner/AdwCleaner[S21].txt - [2498 B] - [2017/8/18 19:19:2]
C:/AdwCleaner/AdwCleaner[S22].txt - [2566 B] - [2017/8/22 22:15:16]
C:/AdwCleaner/AdwCleaner[S23].txt - [2635 B] - [2017/8/24 22:17:57]
C:/AdwCleaner/AdwCleaner[S24].txt - [2704 B] - [2017/8/26 0:46:0]
C:/AdwCleaner/AdwCleaner[S25].txt - [2771 B] - [2017/8/27 21:12:11]
C:/AdwCleaner/AdwCleaner[S26].txt - [2840 B] - [2017/8/29 22:50:30]
C:/AdwCleaner/AdwCleaner[S27].txt - [2909 B] - [2017/8/31 23:59:1]
C:/AdwCleaner/AdwCleaner[S28].txt - [2977 B] - [2017/9/5 22:53:1]
C:/AdwCleaner/AdwCleaner[S29].txt - [3066 B] - [2017/9/8 23:51:34]
C:/AdwCleaner/AdwCleaner[S2].txt - [1755 B] - [2017/7/12 23:59:59]
C:/AdwCleaner/AdwCleaner[S30].txt - [3112 B] - [2017/9/9 21:45:22]
C:/AdwCleaner/AdwCleaner[S31].txt - [3180 B] - [2017/9/10 13:47:59]
C:/AdwCleaner/AdwCleaner[S32].txt - [3249 B] - [2017/9/10 17:37:43]
C:/AdwCleaner/AdwCleaner[S33].txt - [3422 B] - [2017/9/13 19:55:38]
C:/AdwCleaner/AdwCleaner[S3].txt - [1520 B] - [2017/7/13 23:29:5]
C:/AdwCleaner/AdwCleaner[S4].txt - [1352 B] - [2017/7/17 21:33:21]
C:/AdwCleaner/AdwCleaner[S5].txt - [1796 B] - [2017/7/18 19:18:3]
C:/AdwCleaner/AdwCleaner[S6].txt - [1624 B] - [2017/7/19 22:59:1]
C:/AdwCleaner/AdwCleaner[S7].txt - [1658 B] - [2017/7/21 23:3:53]
C:/AdwCleaner/AdwCleaner[S8].txt - [2585 B] - [2017/7/24 22:59:35]
C:/AdwCleaner/AdwCleaner[S9].txt - [2653 B] - [2017/7/24 23:12:6]


########## EOF - C:\AdwCleaner\AdwCleaner[S34].txt ##########
Reply With Quote
  #9  
Old September 15th, 2017, 01:01 AM
bot96 bot96 is offline
Member
 
Join Date: Jun 2012
O/S: Windows 7 64-bit
Posts: 232
Other day, it found tencent and removed. my computer is slowing down something is wrong.
Reply With Quote
  #10  
Old September 15th, 2017, 12:51 PM
olgun52's Avatar
olgun52 olgun52 is offline
Malware Removal Team
 
Join Date: Feb 2014
O/S: Windows 10 Pro
Location: Europa
Posts: 2,066
Quote:
Originally Posted by bot96 View Post
Other day, it found tencent and removed. my computer is slowing down something is wrong.
Tencent is unnecessary software.

Which avast product you used before ?
Please uninstall Avast:
https://www.avast.com/uninstall-utility

-----------------------------------------------------------
How is your PC behaving now?
Reply With Quote
  #11  
Old September 16th, 2017, 05:26 PM
bot96 bot96 is offline
Member
 
Join Date: Jun 2012
O/S: Windows 7 64-bit
Posts: 232
deleted avast.
Reply With Quote
  #12  
Old September 16th, 2017, 05:27 PM
bot96 bot96 is offline
Member
 
Join Date: Jun 2012
O/S: Windows 7 64-bit
Posts: 232
ran rogue killer again found 21 items.
Reply With Quote
  #13  
Old September 16th, 2017, 05:28 PM
bot96 bot96 is offline
Member
 
Join Date: Jun 2012
O/S: Windows 7 64-bit
Posts: 232
RogueKiller V12.11.14.0 (x64) [Sep 11 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : bill [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 09/16/2017 12:07:53 (Duration : 00:16:19)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 21 ¤¤¤
[PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://toshiba13.msn.com/?pc=TNJB -> Found
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Found
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-438638920-2443111486-200382305-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced | Start_TrackProgs : 0 -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-438638920-2443111486-200382305-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced | Start_ShowMyComputer : 2 -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-438638920-2443111486-200382305-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced | Start_ShowControlPanel : 2 -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-438638920-2443111486-200382305-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced | Start_ShowMyDocs : 2 -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-438638920-2443111486-200382305-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced | Start_ShowDownloads : 2 -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-438638920-2443111486-200382305-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced | Start_ShowMyGames : 0 -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-438638920-2443111486-200382305-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced | Start_ShowMyMusic : 0 -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-438638920-2443111486-200382305-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced | Start_ShowUser : 0 -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-438638920-2443111486-200382305-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced | Start_ShowMyPics : 0 -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-438638920-2443111486-200382305-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced | Start_TrackProgs : 0 -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-438638920-2443111486-200382305-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced | Start_ShowMyComputer : 2 -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-438638920-2443111486-200382305-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced | Start_ShowControlPanel : 2 -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-438638920-2443111486-200382305-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced | Start_ShowMyDocs : 2 -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-438638920-2443111486-200382305-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced | Start_ShowDownloads : 2 -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-438638920-2443111486-200382305-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced | Start_ShowMyGames : 0 -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-438638920-2443111486-200382305-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced | Start_ShowMyMusic : 0 -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-438638920-2443111486-200382305-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced | Start_ShowUser : 0 -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-438638920-2443111486-200382305-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced | Start_ShowMyPics : 0 -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][Firefox:Config] drgfohuh.default-1504050421706 : user_pref("browser.startup.homepage", "https://classic.startpage.com/"); -> Found

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MQ01ABD075 SCSI Disk Device +++++
--- User ---
[MBR] 9a515fd2252ec13d5901101905258e7e
[BSP] ff7a4072feb1da85342899412900e601 : HP|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 3074048 | Size: 704049 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 1444966400 | Size: 9854 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
Reply With Quote
  #14  
Old September 18th, 2017, 02:49 PM
olgun52's Avatar
olgun52 olgun52 is offline
Malware Removal Team
 
Join Date: Feb 2014
O/S: Windows 10 Pro
Location: Europa
Posts: 2,066
They are clean. Is there any issue ?
Reply With Quote
  #15  
Old September 19th, 2017, 02:16 AM
bot96 bot96 is offline
Member
 
Join Date: Jun 2012
O/S: Windows 7 64-bit
Posts: 232
I found 2 things wrong.
1. avast has behave shield and I ripped its heart out.
2. firefox has 2 instants of it running at the same time and I killed that.
I see an improvement.
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +1. The time now is 02:29 AM.