1
Malware removal help / Re: [Split]1st Time Using RogueKiller, Don't Know What To Remove
« on: September 29, 2015, 03:15:38 AM »
I could not zip it. There was some error. I deleted all the FRST files though. Thanks
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
2
Malware removal help / Re: [Split]1st Time Using RogueKiller, Don't Know What To Remove
« on: September 28, 2015, 07:03:56 PM »
Here.
3
Malware removal help / Re: [Split]1st Time Using RogueKiller, Don't Know What To Remove
« on: September 26, 2015, 07:50:13 AM »
Thanks. I completed the steps from the above posts. PC is running fine actually just before running the Fix I noticed a 55% memory usage with no programs except Google Chrome with one tab open. After the fix & the restart PC is still working fine & memory usage is down to 32~35% with one program & Chrome with 1 Tab open.
4
Malware removal help / Re: [Split]1st Time Using RogueKiller, Don't Know What To Remove
« on: September 19, 2015, 02:17:03 AM »
Here, thanks again.
5
Malware removal help / Re: [Split]1st Time Using RogueKiller, Don't Know What To Remove
« on: September 09, 2015, 02:39:31 AM »
RogueKiller V10.10.4.0 (x64) [Sep 4 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 10 (10.0.10240) 64 bits version
Started in : Normal mode
User : Leety [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller.exe
Mode : Scan -- Date : 09/09/2015 05:38:30
¤¤¤ Processes : 0 ¤¤¤
¤¤¤ Registry : 5 ¤¤¤
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Lightshot : C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8a4bb498-b0b0-44bc-ae58-9388f5795601} | DhcpNameServer : 42.201.255.26 ([PAKISTAN (PK)]) -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{FE3A53D7-3C41-47F2-A8BE-84B7AEB36906} | NameServer : 42.201.255.130 42.201.255.26 ([PAKISTAN (PK)][PAKISTAN (PK)]) -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{8a4bb498-b0b0-44bc-ae58-9388f5795601} | DhcpNameServer : 42.201.255.26 ([PAKISTAN (PK)]) -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{FE3A53D7-3C41-47F2-A8BE-84B7AEB36906} | NameServer : 42.201.255.130 42.201.255.26 ([PAKISTAN (PK)][PAKISTAN (PK)]) -> Found
¤¤¤ Tasks : 0 ¤¤¤
¤¤¤ Files : 0 ¤¤¤
¤¤¤ Hosts File : 0 ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0x20]) ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST500DM002-1BD142 +++++
--- User ---
[MBR] b002a17c1e68a5888fc3fca59c91a4a2
[BSP] cae03e6ffda7b01661dd3c9bc604aa9a : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 476938 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 10 (10.0.10240) 64 bits version
Started in : Normal mode
User : Leety [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller.exe
Mode : Scan -- Date : 09/09/2015 05:38:30
¤¤¤ Processes : 0 ¤¤¤
¤¤¤ Registry : 5 ¤¤¤
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Lightshot : C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8a4bb498-b0b0-44bc-ae58-9388f5795601} | DhcpNameServer : 42.201.255.26 ([PAKISTAN (PK)]) -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{FE3A53D7-3C41-47F2-A8BE-84B7AEB36906} | NameServer : 42.201.255.130 42.201.255.26 ([PAKISTAN (PK)][PAKISTAN (PK)]) -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{8a4bb498-b0b0-44bc-ae58-9388f5795601} | DhcpNameServer : 42.201.255.26 ([PAKISTAN (PK)]) -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{FE3A53D7-3C41-47F2-A8BE-84B7AEB36906} | NameServer : 42.201.255.130 42.201.255.26 ([PAKISTAN (PK)][PAKISTAN (PK)]) -> Found
¤¤¤ Tasks : 0 ¤¤¤
¤¤¤ Files : 0 ¤¤¤
¤¤¤ Hosts File : 0 ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0x20]) ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST500DM002-1BD142 +++++
--- User ---
[MBR] b002a17c1e68a5888fc3fca59c91a4a2
[BSP] cae03e6ffda7b01661dd3c9bc604aa9a : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 476938 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
6
Malware removal help / Re: [Split]1st Time Using RogueKiller, Don't Know What To Remove
« on: September 06, 2015, 11:35:06 AM »
Thanks alot for your help. It was working fine then once again I noticed 99% diskusage in the Task Manager just when I run Google Chrome a mysterious "svchost.exe" file appears with no apparent Program name which is located in the Windows/Temp folder of mine. I ran Malwarebytes since I'm on Windows 10 now, but I wasn't satisfied so I'm installing RogueKiller again, let's see what happens. I post you a report on a new topic or this one?
7
Malware removal help / Re: [Split]1st Time Using RogueKiller, Don't Know What To Remove
« on: April 27, 2015, 04:46:55 PM »
Ok I deleted these 3 entries, the after report looks like this.
RogueKiller V10.5.10.0 (x64) [Apr 14 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
Started in : Normal mode
User : Leety [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller.exe
Mode : Scan -- Date : 04/27/2015 19:46:21
¤¤¤ Processes : 1 ¤¤¤
[Suspicious.Path] NvOAWrapperCache.exe(4720) -- C:\Users\Leety\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe[7] -> Killed [TermProc]
¤¤¤ Registry : 8 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8FC09021-95CA-4B71-9826-6D888162FDDE} | DhcpNameServer : 42.201.255.26 [PAKISTAN (PK)] -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D6582575-DD30-41CF-B966-E0B648A21B39} | NameServer : 42.201.255.131 42.201.255.26 [PAKISTAN (PK)][PAKISTAN (PK)] -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{8FC09021-95CA-4B71-9826-6D888162FDDE} | DhcpNameServer : 42.201.255.26 [PAKISTAN (PK)] -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{D6582575-DD30-41CF-B966-E0B648A21B39} | NameServer : 42.201.255.131 42.201.255.26 [PAKISTAN (PK)][PAKISTAN (PK)] -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found
¤¤¤ Tasks : 0 ¤¤¤
¤¤¤ Files : 0 ¤¤¤
¤¤¤ Hosts File : 0 ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST500DM002-1BD142 +++++
--- User ---
[MBR] b002a17c1e68a5888fc3fca59c91a4a2
[BSP] cae03e6ffda7b01661dd3c9bc604aa9a : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 476938 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
============================================
RKreport_SCN_04202015_102659.log - RKreport_DEL_04202015_102743.log - RKreport_DEL_04202015_102747.log - RKreport_DEL_04202015_102751.log
RKreport_DEL_04202015_102753.log - RKreport_DEL_04202015_102758.log - RKreport_DEL_04202015_102809.log - RKreport_DEL_04202015_102812.log
RKreport_DEL_04202015_102816.log - RKreport_DEL_04202015_102911.log - RKreport_DEL_04202015_102915.log - RKreport_SCN_04262015_153813.log
RKreport_SCN_04262015_155125.log - RKreport_SCN_04272015_194155.log - RKreport_DEL_04272015_194259.log
RogueKiller V10.5.10.0 (x64) [Apr 14 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
Started in : Normal mode
User : Leety [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller.exe
Mode : Scan -- Date : 04/27/2015 19:46:21
¤¤¤ Processes : 1 ¤¤¤
[Suspicious.Path] NvOAWrapperCache.exe(4720) -- C:\Users\Leety\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe[7] -> Killed [TermProc]
¤¤¤ Registry : 8 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8FC09021-95CA-4B71-9826-6D888162FDDE} | DhcpNameServer : 42.201.255.26 [PAKISTAN (PK)] -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D6582575-DD30-41CF-B966-E0B648A21B39} | NameServer : 42.201.255.131 42.201.255.26 [PAKISTAN (PK)][PAKISTAN (PK)] -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{8FC09021-95CA-4B71-9826-6D888162FDDE} | DhcpNameServer : 42.201.255.26 [PAKISTAN (PK)] -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{D6582575-DD30-41CF-B966-E0B648A21B39} | NameServer : 42.201.255.131 42.201.255.26 [PAKISTAN (PK)][PAKISTAN (PK)] -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found
¤¤¤ Tasks : 0 ¤¤¤
¤¤¤ Files : 0 ¤¤¤
¤¤¤ Hosts File : 0 ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST500DM002-1BD142 +++++
--- User ---
[MBR] b002a17c1e68a5888fc3fca59c91a4a2
[BSP] cae03e6ffda7b01661dd3c9bc604aa9a : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 476938 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
============================================
RKreport_SCN_04202015_102659.log - RKreport_DEL_04202015_102743.log - RKreport_DEL_04202015_102747.log - RKreport_DEL_04202015_102751.log
RKreport_DEL_04202015_102753.log - RKreport_DEL_04202015_102758.log - RKreport_DEL_04202015_102809.log - RKreport_DEL_04202015_102812.log
RKreport_DEL_04202015_102816.log - RKreport_DEL_04202015_102911.log - RKreport_DEL_04202015_102915.log - RKreport_SCN_04262015_153813.log
RKreport_SCN_04262015_155125.log - RKreport_SCN_04272015_194155.log - RKreport_DEL_04272015_194259.log
8
Malware removal help / Re: [Split]1st Time Using RogueKiller, Don't Know What To Remove
« on: April 26, 2015, 12:46:34 PM »
Yes. I live in Pakistan. Here's the file. By the way I got susp and ran this file and Defender popped a message which said it's cleaning malware.
9
Malware removal help / [Split]1st Time Using RogueKiller, Don't Know What To Remove
« on: April 20, 2015, 07:33:01 AM »
RogueKiller V10.5.10.0 (x64) [Apr 14 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
Started in : Normal mode
User : Leety [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller.exe
Mode : Delete -- Date : 04/20/2015 10:29:15
¤¤¤ Processes : 0 ¤¤¤
¤¤¤ Registry : 10 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ESEADriver2 (\??\C:\Users\Leety\AppData\Local\Temp\ESEADriver2.sys) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ESEADriver2 (\??\C:\Users\Leety\AppData\Local\Temp\ESEADriver2.sys) -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8FC09021-95CA-4B71-9826-6D888162FDDE} | DhcpNameServer : 42.201.255.26 [PAKISTAN (PK)] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D6582575-DD30-41CF-B966-E0B648A21B39} | NameServer : 42.201.255.131 42.201.255.26 [PAKISTAN (PK)][PAKISTAN (PK)] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{8FC09021-95CA-4B71-9826-6D888162FDDE} | DhcpNameServer : 42.201.255.26 [PAKISTAN (PK)] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{D6582575-DD30-41CF-B966-E0B648A21B39} | NameServer : 42.201.255.131 42.201.255.26 [PAKISTAN (PK)][PAKISTAN (PK)] -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
¤¤¤ Tasks : 1 ¤¤¤
[Suspicious.Path] \\Origin -- C:\Users\Leety\AppData\Roaming\Origin\update.vbe -> ERROR
¤¤¤ Files : 0 ¤¤¤
¤¤¤ Hosts File : 0 ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST500DM002-1BD142 +++++
--- User ---
[MBR] b002a17c1e68a5888fc3fca59c91a4a2
[BSP] cae03e6ffda7b01661dd3c9bc604aa9a : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 476938 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
============================================
RKreport_SCN_04202015_102659.log - RKreport_DEL_04202015_102743.log - RKreport_DEL_04202015_102747.log - RKreport_DEL_04202015_102751.log
RKreport_DEL_04202015_102753.log - RKreport_DEL_04202015_102758.log - RKreport_DEL_04202015_102809.log - RKreport_DEL_04202015_102812.log
RKreport_DEL_04202015_102816.log - RKreport_DEL_04202015_102911.log
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
Started in : Normal mode
User : Leety [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller.exe
Mode : Delete -- Date : 04/20/2015 10:29:15
¤¤¤ Processes : 0 ¤¤¤
¤¤¤ Registry : 10 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ESEADriver2 (\??\C:\Users\Leety\AppData\Local\Temp\ESEADriver2.sys) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ESEADriver2 (\??\C:\Users\Leety\AppData\Local\Temp\ESEADriver2.sys) -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8FC09021-95CA-4B71-9826-6D888162FDDE} | DhcpNameServer : 42.201.255.26 [PAKISTAN (PK)] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D6582575-DD30-41CF-B966-E0B648A21B39} | NameServer : 42.201.255.131 42.201.255.26 [PAKISTAN (PK)][PAKISTAN (PK)] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{8FC09021-95CA-4B71-9826-6D888162FDDE} | DhcpNameServer : 42.201.255.26 [PAKISTAN (PK)] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{D6582575-DD30-41CF-B966-E0B648A21B39} | NameServer : 42.201.255.131 42.201.255.26 [PAKISTAN (PK)][PAKISTAN (PK)] -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
¤¤¤ Tasks : 1 ¤¤¤
[Suspicious.Path] \\Origin -- C:\Users\Leety\AppData\Roaming\Origin\update.vbe -> ERROR
¤¤¤ Files : 0 ¤¤¤
¤¤¤ Hosts File : 0 ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST500DM002-1BD142 +++++
--- User ---
[MBR] b002a17c1e68a5888fc3fca59c91a4a2
[BSP] cae03e6ffda7b01661dd3c9bc604aa9a : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 476938 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
============================================
RKreport_SCN_04202015_102659.log - RKreport_DEL_04202015_102743.log - RKreport_DEL_04202015_102747.log - RKreport_DEL_04202015_102751.log
RKreport_DEL_04202015_102753.log - RKreport_DEL_04202015_102758.log - RKreport_DEL_04202015_102809.log - RKreport_DEL_04202015_102812.log
RKreport_DEL_04202015_102816.log - RKreport_DEL_04202015_102911.log
Pages: [1]
