Author Topic: 1st time using RogueKiller Suspicious items in Registry Not sure to remove?  (Read 6582 times)

0 Members and 1 Guest are viewing this topic.

June 30, 2015, 07:16:55 PM

RosaPerry

  • Newbie

  • Offline
  • *

  • 1
  • Reputation:
    0
    • View Profile
Thank you in advance for your assistance. My PC has been acting weird lately, browsers slow, Chrome and IE, Windows Explorer crashes constantly. I have done all other checks, virus, performance and everything is coming up clear. I downloaded Rogue Killer and this is the result.
Hopefully someone is able to assist.
Kind regards
Rosa

RogueKiller V10.8.7.0 (x64) [Jun 29 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Rosa [Administrator]
Started from : C:\Users\Rosa\Downloads\Anti Virus Other\RogueKillerX64.exe
Mode : Scan -- Date : 07/01/2015  02:52:24

¤¤¤ Processes : 1 ¤¤¤
[Suspicious.Path|VT.Unknown] explorer.exe(3160) -- C:\ProgramData\Application Data\IDriveSync\IDSyncContext.dll[7] -> Unloaded

¤¤¤ Registry : 8 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2136722436-89632170-3717489445-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://media.telstra.com.au/home.html  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2136722436-89632170-3717489445-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://media.telstra.com.au/home.html  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F0A32AD6-566A-4FD9-921A-3D177ADB93D2} | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{F0A32AD6-566A-4FD9-921A-3D177ADB93D2} | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{F0A32AD6-566A-4FD9-921A-3D177ADB93D2} | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)]  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HDS722020ALA330 +++++
--- User ---
[MBR] fa42166d7fe0464ed3cea64050eade13
[BSP] 8a9754d2f2908886a2a7d08ded6d8cbb : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 1894276 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 3879684096 | Size: 13351 MB [Error reading VBR! ([83] An attempt was made to move the file pointer before the beginning of the file. )]
User != LL1 ... KO!
--- LL1 ---
[MBR] fa42166d7fe0464ed3cea64050eade13
[BSP] 8a9754d2f2908886a2a7d08ded6d8cbb : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 1894276 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 3879684096 | Size: 13351 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User != LL2 ... KO!
--- LL2 ---
[MBR] fa42166d7fe0464ed3cea64050eade13
[BSP] 8a9754d2f2908886a2a7d08ded6d8cbb : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 1894276 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 3879684096 | Size: 13351 MB[Invalid]

+++++ PhysicalDrive1: Generic- SD/MMC USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive2: Generic- Compact Flash USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive3: Generic- SM/xD-Picture USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive4: Generic- MS/MS-Pro USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )


============================================
RKreport_SCN_01292015_021047.log - RKreport_DEL_01292015_022003.log - RKreport_SCN_06142015_194022.log - RKreport_DEL_06142015_200729.log
RKreport_SCN_07012015_013813.log

Reply #1July 03, 2015, 03:23:37 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Hi Rosa,

Welcome to Adlice.com Forum.

Please download Farbar Recovery Scan Tool (x64) and save it to your Desktop.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe). Please also paste that along with the FRST.txt into your reply.
Regards.