32 replies to this topic

[MrCharlie]

I have W7 but really don't use it...I mainly use XP pro.

Run RogueKiller again and post the log.............

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system (don't run any other options, they're not all bad!)
Post back the report.

MrC

[Aldiirn]

Ah, sorry I dont mean to keep sucking up your time. I see that there is a few bestbuy things in there, can I safely remove those? I made a diffrent user account with adminstrative rights because and it solved the systempropertiesprotection.exe thing. (And this Bestbuy thing post it self in my taskbar, startup and desktop, dont want that) Although I dont know how to run CMD with adminstration rights so I can do the sfc /scannow command that windows support suggest.


RogueKiller V7.5.4 [06/07/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Dustin Bechtel [Admin rights]
Mode: Scan -- Date: 06/07/2012 19:30:02
¤¤¤ Bad processes: 0 ¤¤¤
¤¤¤ Registry Entries: 6 ¤¤¤
[SUSP PATH] Best Buy pc app.lnk @Default : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> FOUND
[SUSP PATH] Best Buy pc app.lnk @Default User : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> FOUND
[SUSP PATH] Best Buy pc app.lnk @UpdatusUser : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> FOUND
[] HKCR\[...]\InprocServer32 : () -> ACCESS DENIED
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver: [NOT LOADED] ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: ST9750420AS +++++
--- User ---
[MBR] 4f4bd665ff46c263e84119abadf61f5d
[BSP] 6fe1c81a55733c3ca19f8cc11417786a : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 63 | Size: 22003 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 45062325 | Size: 693400 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1].txt >>
RKreport[1].txt

[MrCharlie]

Under the Registry tab put a check next to this one and uncheck the rest
Then click delete on the right hand column:

Quote

[] HKCR\[...]\InprocServer32 : () -> ACCESS DENIED

MrC

[Aldiirn]

Why does

Quote

[] HKCR\[...]\InprocServer32 : () -> ACCESS DENIED

Not show up in the rogue killer window, but show up in the result notepad?

[MrCharlie]

OK, it's saying that the keys isn't accessible.

Turn off UAC and see if that makes a difference:


http://www.howtogeek...-windows-vista/

MrC

[Aldiirn]

okay I disabled UAC and rebooted.. Results changed ...

RogueKiller V7.5.4 [06/07/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Dustin Bechtel [Admin rights]
Mode: Scan -- Date: 06/07/2012 20:17:19
¤¤¤ Bad processes: 0 ¤¤¤
¤¤¤ Registry Entries: 6 ¤¤¤
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[] HKCR\[...]\InprocServer32 : () -> ACCESS DENIED
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver: [NOT LOADED] ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: ST9750420AS +++++
--- User ---
[MBR] 4f4bd665ff46c263e84119abadf61f5d
[BSP] 6fe1c81a55733c3ca19f8cc11417786a : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 63 | Size: 22003 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 45062325 | Size: 693400 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1].txt >>
RKreport[1].txt

[Aldiirn]

Alright Mr.C I have been playing around a bit and my computer seems functional like it was orgininally.. No redirects.. its not slow anymore .. Everything seems normal .. Thank you so very much for your time and help.. (Eureka to knowing how to bypass the admin rules on w7 too now, I didnt know disabling UAC was there and would solve that if I need it)

[MrCharlie]

I didn't mean RogueKiller, I meant to try system restore and see if that problem still happens.

MrC

[Aldiirn]

Nope, I can access my system restore properties without prompts now , as well as run CMD prompt as admin to do the test win7 support suggested.

So all-in-all as far as I can tell I am clean..

[MrCharlie]

So you're OK now??? MrC

[Aldiirn]

Yea I beleive so

Much appreciated

[MrCharlie]

OK...Take care, MrC

[LDTate]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!