Recent Posts

Pages: [1] 2 3 ... 10
1
RogueKiller / Re: False positve
« Last post by Curson on November 18, 2017, 11:57:09 pm »
Hi mr5Adlice,

Thanks for the feedback. If you used it, you will have known.
Don't worry about the delay, it's perfectly fine.

Regards.
2
RogueKiller / Re: False positve
« Last post by mr5Adlice on November 18, 2017, 08:46:29 pm »
i cant say i know if i do or not use bitlocker. Sorry for the extremely late reply
3
Hi BrokenPerson,

Licenses and other information are tied to your Microsoft account, so that's normal.
When installing Windows, if you don't specify the installer to keep your data, it makes a "fresh" install.

Regards.
4
While my gut tells me the NSA, Mossad & CIA have compromised my UEFI.  I might be wrong.  I was wrong in the past a lot. 

I did a fresh install of windows 10 x64 which upgraded me to V 1609.  I like it.  However, I noticed some licenses still remained.  Some other settings which I can not recall also remained after a fresh install. How is that possible?  Is it normal/common (always happen)?  If this is not the government coming to get me what is it?  How did "these things" (licenses & others) survive the fresh install while most other things were removed & 'newly' installed?

Is there anyway to do a "true" fresh install without buying a new hard drive?  C:\ format? 
5
RogueKiller / Re: False positve
« Last post by Curson on November 16, 2017, 02:05:17 pm »
Hi mr5Adlice,

Welcome to Adlice.com Forum.
Yes, it's indeed a false positive. Do you use BitLocker on this computer ?

Regards.
6
RogueKiller / Re: False positve
« Last post by mr5Adlice on November 16, 2017, 07:51:32 am »
Here the .txt file just incase


RogueKiller V12.11.24.0 (x64) [Nov 13 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.16299) 64 bits version
Started in : Normal mode
User : matth [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 11/16/2017 00:59:08 (Duration : 00:23:31)

Processes : 1
[Proc.RunPE] svchost.exe(3028) -- c:\Windows\System32\svchost.exe[7] -> Found

Registry : 15
[PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : https://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-df066c95  -> Found
[PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : https://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-df066c95  -> Found
[PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://hp17win10.msn.com/?pc=HCTE  -> Found
[PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://hp17win10.msn.com/?pc=HCTE  -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3448816122-827311409-3711641623-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://hp17win10.msn.com/?pc=HCTE  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3448816122-827311409-3711641623-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://hp17win10.msn.com/?pc=HCTE  -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://hp17win10.msn.com/?pc=HCTE  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://hp17win10.msn.com/?pc=HCTE  -> Found
[PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://hp17win10.msn.com/?pc=HCTE  -> Found
[PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://hp17win10.msn.com/?pc=HCTE  -> Found
[PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://hp17win10.msn.com/?pc=HCTE  -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3448816122-827311409-3711641623-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://hp17win10.msn.com/?pc=HCTE  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3448816122-827311409-3711641623-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://hp17win10.msn.com/?pc=HCTE  -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://hp17win10.msn.com/?pc=HCTE  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://hp17win10.msn.com/?pc=HCTE  -> Found

Tasks : 1
[Suspicious.Path] \Hewlett-Packard\HP Support Assistant\HP Support Assistant printer driver installation -- C:\WINDOWS\TEMP\sp81731.exe -> Found

Files : 1
[PUP.uTorrentAds][File] C:\Users\matth\AppData\Roaming\uTorrent\updates\3.5.0_44090\utorrentie.exe -> Found

WMI : 0

Hosts File : 0

Antirootkit : 0 (Driver: Loaded)

Web browsers : 0

MBR Check :
+++++ PhysicalDrive0: HGST HTS721010A9E630 +++++
--- User ---
[MBR] e41bc5ab5d8867337f68978416e26cae
[BSP] 6660c97e02e685edf7c7681da1a25e0d : Empty MBR Code
Partition table:
0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 260 MB
1 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 534528 | Size: 16 MB
2 - Basic data partition | Offset (sectors): 567296 | Size: 940210 MB
3 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1926117376 | Size: 980 MB
4 - [SYSTEM] Basic data partition | Offset (sectors): 1928124416 | Size: 12396 MB
User = LL1 ... OK
User = LL2 ... OK
7
RogueKiller / False positve
« Last post by mr5Adlice on November 16, 2017, 07:46:05 am »
It detect svchost as proc.runPe and idk if it was a false positive any help is appreciated


Here is the JSON file download- https://drive.google.com/file/d/1hulFVduEhRWBlnbJ9_ofkXuXPJ7eTN0s/view?usp=sharingFNHTN8
8
Malware removal help / Re: Procces Injections removal
« Last post by Curson on November 15, 2017, 12:11:10 am »
Hi BoxDirty,

Don't worry about reply time, this is normal.

Please uninstall AVG Secure Search. If you do not use TeamViewer, please also uninstall it.

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system !

Run FRST and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please attach it to your reply.

A folder named FRST should have been created at the root of your system drive (C:\FRST). Could you please zip it and attach it as well ?
Please also run a new scan with RogueKiller and attach the JSON report as well.

Regards.
9
Malware removal help / Re: Procces Injections removal
« Last post by BoxDirty on November 14, 2017, 10:47:21 pm »
I'm sorry for the late reply work is getting in the way of doing this.
Here you go: https://drive.google.com/drive/folders/1xTl4VdSndND-_cuK3E1O3Xp1wDNUcR-7?usp=sharing
10
RogueKiller / Re: X64_HKEY_CLASSES_ROOT\CLSID|{03EBOE9C-7A91-4381-A220-9B52B641CDB1}
« Last post by Curson on November 14, 2017, 09:25:05 pm »
Hi Crsness,

Welcome to Adlice.com Forum.
This is linked to Admedia adware. You can safely remove it.

Regards.

Note : This thread has been moved to the "RogueKiller" section for clarity.
Pages: [1] 2 3 ... 10