Adlice forum
General Category => Malware removal help => Topic started by: robgru on July 02, 2015, 01:19:37 PM
-
Hello Roguekiller,
I am experiencing the following problem. Browser response i quick in safe mode and slow in normal mode W7. I was advised to use roguekiller to solve this issue.
Roguekiller identified 3 PUP's control set services on F. This could be because i once tried to make an disk image of C: on F.
see attached.
But it also identified two suspicious paths see attached.
I would appreciate if you could advise.
Thanks,
Robert
-
Hi Robert,
Welcome to Adlice.com Forum.
1. Please relaunch RogueKiller and delete the following entries :
[PUP] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_F_EEF7\ControlSet001\Services\WindowsProtectManger -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_F_EEF7\ControlSet002\Services\WindowsProtectManger -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\WindowsProtectManger -> Found
[PUM.Proxy] (X64) HKEY_USERS\RK_Guest_ON_F_68CB\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : localhost:8080 -> Found
[PUM.Proxy] (X86) HKEY_USERS\RK_Guest_ON_F_68CB\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : localhost:8080 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1390572715-3771932231-3025841129-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : localhost:8080 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1390572715-3771932231-3025841129-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : localhost:8080 -> Found
2. Please download Farbar Recovery Scan Tool (x64) (http://download.bleepingcomputer.com/farbar/FRST64.exe) and save it to your Desktop.
- Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
- Press Scan button.
- It will produce a log called FRST.txt in the same directory the tool is run from.
- Please copy and paste log back here.
- The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe). Please also paste that along with the FRST.txt into your reply.
Regards.
-
Thanks for the help.
I removed all but because I could not locate them, ( I recaned with Roguekiller)
PUM.Proxy] (X64) HKEY_USERS\RK_Guest_ON_F_68CB\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : localhost:8080 -> Found
[PUM.Proxy] (X86) HKEY_USERS\RK_Guest_ON_F_68CB\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : localhost:8080 -> Found
I reran Roguekiller the following line in the Registry is still exists colour is yellow/orange
Hidden from SCM service HKEY_Local_machine (x64) system\currentcontrolset\services
please advice if this should be deleted as well
looking forward in hearing from you
Robert
-
Hi Robert,
According to the informations FRST returned, your system is pretty damaged and running low on ressources.
We wil try to improve things a bit.
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system !
Run FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
How is the computer running ?
Regards.
-
Thanks
I ran FRST64 as instructed (from the same directory)
computer runs okay, My primary goal was to improve the page loading speed (in safe mode, the page loading is much quicker)
the page loading in normal mode does seem to be quicker than before
Thanks again for your assistance
Robert
-
Hi Robert,
You are very welcome. :)
Regards.