« previous next »
Pages: [1]

Author Topic: Please help , Im not sure what this means.  (Read 4261 times)

0 Members and 1 Guest are viewing this topic.

October 02, 2014, 12:15:45 PM

DynasTii

  • Guest
Please help , Im not sure what this means.
« on: October 02, 2014, 12:15:45 PM »
Hi , Ive just ran RK and the following popped up . Im not sure what this means im kind of new , please help ! :
edit : Should i delete the ticked in the scan ?


mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User : Dane [Admin rights]
Mode : Scan -- Date : 10/02/2014  11:57:08

¤¤¤ Bad processes : 15 ¤¤¤
[Proc.Hidden]  --
  • -> KILLED [TermThr]
[Proc.Hidden]  --
  • -> KILLED [TermThr]
[Proc.Hidden]  --
  • -> KILLED [TermThr]
[Proc.Hidden]  --
  • -> KILLED [TermThr]
[Proc.Hidden]  --
  • -> KILLED [TermThr]
[Proc.Hidden]  --
  • -> KILLED [TermThr]
[Proc.Hidden]  --
  • -> KILLED [TermThr]
[Proc.Hidden]  --
  • -> KILLED [TermThr]
[Proc.Hidden]  --
  • -> KILLED [TermThr]
[Proc.Hidden]  --
  • -> KILLED [TermThr]
[Proc.Hidden]  --
  • -> KILLED [TermThr]
[Proc.Hidden]  --
  • -> KILLED [TermThr]
[Proc.Hidden]  --
  • -> KILLED [TermThr]
[Proc.Hidden]  --
  • -> KILLED [TermThr]
[Proc.Hidden]  --
  • -> KILLED [TermThr]


¤¤¤ Registry Entries : 16 ¤¤¤
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-3216726235-3226656139-428209498-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell : expstart.exe  -> FOUND
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-3216726235-3226656139-428209498-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell : expstart.exe  -> FOUND
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3216726235-3226656139-428209498-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> FOUND
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3216726235-3226656139-428209498-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-3216726235-3226656139-428209498-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-3216726235-3226656139-428209498-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-3216726235-3226656139-428209498-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-3216726235-3226656139-428209498-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3216726235-3226656139-428209498-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.buenosearch.com/?babsrc=HP_ss&mntrId=5662D43D7E4E58E8&affID=128403&tsp=5187  -> FOUND
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3216726235-3226656139-428209498-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.buenosearch.com/?babsrc=HP_ss&mntrId=5662D43D7E4E58E8&affID=128403&tsp=5187  -> FOUND
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-3216726235-3226656139-428209498-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://feed.snap.do/?publisher=ShoppingHelper&dpid=RY_2525&co=ZA&userid=6d1ab653-78bc-0fe4-b401-98ef0cd00c7e&searchtype=ds&q={searchTerms}&installDate=17/01/2014  -> FOUND
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-3216726235-3226656139-428209498-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://feed.snap.do/?publisher=ShoppingHelper&dpid=RY_2525&co=ZA&userid=6d1ab653-78bc-0fe4-b401-98ef0cd00c7e&searchtype=ds&q={searchTerms}&installDate=17/01/2014  -> FOUND

¤¤¤ Scheduled tasks : 6 ¤¤¤
[Suspicious.Path] AmiUpdXp.job -- C:\Users\Dane\AppData\Local\1715\a20859.exe -> FOUND
[Suspicious.Path] Dealply.job -- C:\Users\Dane\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE (/Check) -> FOUND
[Suspicious.Path] \\AmiUpdXp -- C:\Users\Dane\AppData\Local\1715\a20859.exe -> FOUND
[Suspicious.Path] \\Dealply -- C:\Users\Dane\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE (/Check) -> FOUND
[Suspicious.Path] \\DTReg -- C:\Users\Dane\AppData\Roaming\DefaultTab\DefaultTab\DTReg.exe -> FOUND
[Suspicious.Path] \\EPUpdater -- C:\Users\Dane\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe -> FOUND

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: NOT LOADED [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] lvgbj5qg.default : user_pref("browser.startup.homepage", "http://www.buenosearch.com/?babsrc=HP_ss&mntrId=5662D43D7E4E58E8&affID=128403&tsp=5187"); -> FOUND

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST3500418AS ATA Device +++++
--- User ---
[MBR] 7a0adb9c6131db28140f6b391d03cf2c
[BSP] 66d3cef4cb795c8a89430e8c98068d93 : HP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1200 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2459648 | Size: 465737 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 956291072 | Size: 10000 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: ST500DM002-1BD142 ATA Device +++++
--- User ---
[MBR] b69af2def38f1ae30881170aee88e1ba
[BSP] 8ff8a2c0f0b6e1243d8b61d75d4834ae : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 476937 MB
User = LL1 ... OK
User = LL2 ... OK
« Last Edit: October 02, 2014, 12:19:36 PM by DynasTii »
Logged
Reply #1October 02, 2014, 12:22:56 PM

Tigzy

  • Administrator
  • Hero Member
  • Offline
  • *****
  • 957
  • Reputation:
    91
  • Personal Text
    Owner, Adlice Software
    • View Profile
    • Adlice Software
Re: Please help , Im not sure what this means.
« Reply #1 on: October 02, 2014, 12:22:56 PM »
Hello
Do you know that: expstart.exe ?
Sounds like a theme changer. If yes, then skip that line.

Remove all the tasks, and you have some adwares,
scan with AdwCleaner
Logged
Reply #2October 02, 2014, 03:40:07 PM

DynasTii

  • Guest
Re: Please help , Im not sure what this means.
« Reply #2 on: October 02, 2014, 03:40:07 PM »
Thank you so much for the help !
Logged
Pages: [1]
« previous next »