Jump to content

Change Mode

sons computer is running slow


Recommended Posts

RogueKiller V10.11.6.0 [Nov 16 2015] (Free) by Adlice Software

mail : http://www.adlice.com/contact/

Feedback : http://forum.adlice.com

Website : http://www.adlice.com/software/roguekiller/

Blog : http://www.adlice.com

 

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : mike [Administrator]

Started from : C:\Users\mike\Desktop\RogueKiller(1).exe

Mode : Scan -- Date : 11/21/2015 17:48:35

 

¤¤¤ Processes : 1 ¤¤¤

[suspicious.Path] wermgr.exe(4504) -- C:\ProgramData\Microsoft\Windows\WER\wermgr.exe[-] -> Killed [TermProc]

 

¤¤¤ Registry : 5 ¤¤¤

[suspicious.Path] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | wermgr : C:\ProgramData\Microsoft\Windows\WER\wermgr.exe [-] -> Found

[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-2368672887-3863149176-669151158-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Found

[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-2368672887-3863149176-669151158-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Found

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5228361B-9E7C-407B-83BF-28A546BBC0F9} | DhcpNameServer : 172.20.10.1 ([X]) -> Found

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{5228361B-9E7C-407B-83BF-28A546BBC0F9} | DhcpNameServer : 172.20.10.1 ([X]) -> Found

 

¤¤¤ Tasks : 0 ¤¤¤

 

¤¤¤ Files : 9 ¤¤¤

[PUP][Folder] C:\ProgramData\{0F47B255-CF9F-48C5-B558-B7DAF9345268} -> Found

[PUP][Folder] C:\ProgramData\{23D58E70-3B83-4B83-A227-68770F84F5EC} -> Found

[PUP][Folder] C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D} -> Found

[PUP][Folder] C:\ProgramData\{42E04EE4-AB57-407A-9691-3FFA8B8FEBBE} -> Found

[PUP][Folder] C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001} -> Found

[PUP][Folder] C:\ProgramData\{D76294E6-03B8-4971-AF2E-3F846161A690} -> Found

[PUP][Folder] C:\ProgramData\{E1ED556E-3EA0-4F44-8BE7-CC5FB0F4B424} -> Found

[PUP][Folder] C:\ProgramData\{E91883C8-8CDC-46A4-A45F-CB40EB82ED60} -> Found

[PUP][Folder] C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6} -> Found

 

¤¤¤ Hosts File : 36 ¤¤¤

[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost

[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly

[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 tracking.opencandy.com.s3.amazonaws.com

[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 media.opencandy.com

[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.opencandy.com

[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 tracking.opencandy.com

[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 api.opencandy.com

[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 api.recommendedsw.com

[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 installer.betterinstaller.com

[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 installer.filebulldog.com

[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net

[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 inno.bisrv.com

[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 nsis.bisrv.com

[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.file2desktop.com

[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.goateastcach.us

[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.guttastatdk.us

[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.inskinmedia.com

[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.insta.oibundles2.com

[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.insta.playbryte.com

[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.llogetfastcach.us

[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.montiera.com

[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.msdwnld.com

[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.mypcbackup.com

[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.ppdownload.com

[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.riceateastcach.us

[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.shyapotato.us

[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.solimba.com

[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.tuto4pc.com

[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.appround.biz

[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.bigspeedpro.com

[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.bispd.com

[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.bisrv.com

[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.cdndp.com

[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.download.sweetpacks.com

[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.dpdownload.com

[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.visualbee.net

 

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ MBR Check : ¤¤¤

+++++ PhysicalDrive0: +++++

--- User ---

[MBR] d8d268d8047e1faa9b945dbdc98d2c25

[bSP] 837f63b937cbc3ae99160a903cd3e57e : Windows Vista/7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]

1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 941553 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]

2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1928507392 | Size: 12214 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]

User = LL1 ... OK

User = LL2 ... OK

 

+++++ PhysicalDrive1: +++++

--- User ---

[MBR] 7dbeb153604ba477657883006c233caa

[bSP] 7291ef5b4894c4288494038c0bd00195 : Compressed BootMgr MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1936269394 | Size: 896492 MB [Error reading VBR! ([17] Data error (cyclic redundancy check). )]

1 - [XXXXXX] UNKNOWN (0x73) [VISIBLE] Offset (sectors): 1917848077 | Size: 265838 MB

2 - [XXXXXX] SYLSTOR (0x2b) [VISIBLE] Offset (sectors): 1818575915 | Size: 265710 MB

3 - [XXXXXX] UNKNOWN (0x61) [VISIBLE] Offset (sectors): 2844524554 | Size: 26 MB

User != LL1 ... KO!

--- LL1 ---

[MBR] 7dbeb153604ba477657883006c233caa

[bSP] 7291ef5b4894c4288494038c0bd00195 : Compressed BootMgr MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1936269394 | Size: 896492 MB[invalid]

1 - [XXXXXX] UNKNOWN (0x73) [VISIBLE] Offset (sectors): 1917848077 | Size: 265838 MB

2 - [XXXXXX] SYLSTOR (0x2b) [VISIBLE] Offset (sectors): 1818575915 | Size: 265710 MB

3 - [XXXXXX] UNKNOWN (0x61) [VISIBLE] Offset (sectors): 2844524554 | Size: 26 MB

Error reading LL2 MBR! ([32] The request is not supported. )

 

+++++ PhysicalDrive2: +++++

--- User ---

[MBR] f0cbafcf8557128e2ac994c03804c1bf

[bSP] a83a24340e59ea8cbbf2d8eaa19e98b0 : Windows XP MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 15483 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]

User = LL1 ... OK

Error reading LL2 MBR! ([32] The request is not supported. )

Link to post
Share on other sites
  • Replies 58
  • Created
  • Last Reply

Top Posters In This Topic

It's okay ... we can get back to it tomorrow.

 

I have had my doubts about [suspicious.Path] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | wermgr : C:\ProgramData\Microsoft\Windows\WER\wermgr.exe [-] -> Found

 

Let me look through this log and investigate it more.

Link to post
Share on other sites

Select all of these for removal:

 

[suspicious.Path] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | wermgr : C:\ProgramData\Microsoft\Windows\WER\wermgr.exe [-] -> Found

[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-2368672887-3863149176-669151158-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Found

[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-2368672887-3863149176-669151158-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Found

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5228361B-9E7C-407B-83BF-28A546BBC0F9} | DhcpNameServer : 172.20.10.1 ([X]) -> Found

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{5228361B-9E7C-407B-83BF-28A546BBC0F9} | DhcpNameServer : 172.20.10.1 ([X]) -> Found

 

[PUP][Folder] C:\ProgramData\{0F47B255-CF9F-48C5-B558-B7DAF9345268} -> Found

[PUP][Folder] C:\ProgramData\{23D58E70-3B83-4B83-A227-68770F84F5EC} -> Found

[PUP][Folder] C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D} -> Found

[PUP][Folder] C:\ProgramData\{42E04EE4-AB57-407A-9691-3FFA8B8FEBBE} -> Found

[PUP][Folder] C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001} -> Found

[PUP][Folder] C:\ProgramData\{D76294E6-03B8-4971-AF2E-3F846161A690} -> Found

[PUP][Folder] C:\ProgramData\{E1ED556E-3EA0-4F44-8BE7-CC5FB0F4B424} -> Found

[PUP][Folder] C:\ProgramData\{E91883C8-8CDC-46A4-A45F-CB40EB82ED60} -> Found

[PUP][Folder] C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6} -> Found

 

When done, reboot.

Link to post
Share on other sites

×
×
  • Create New...