No 2 about:SecurityRisk - please identify the problem

[pcbugfixer]

G'day MrC,

Thanks for your help.

I needed to strt this new Topic as the 1st was closed and I trust that this is the correct report that you needed to help mje fix the problem on Peters Laptop.

He has uTorrent installed but is not active, i.e. is not loaded at start or active in the system tray.

Here is the RogueKiller 32 Bit report as requested (RKreport[1]_S_05162013_02d1057.txt)

------------------------------Start of report>

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo...13-roguekiller/

Website : http://tigzy.geeksto...roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User : PeterM [Admin rights]

Mode : Scan -- Date : 05/16/2013 10:57:03

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 6 ¤¤¤

[RUN][sUSP PATH] HKLM\[...]\RunOnce : InnoSetupRegFile.0000000001 ("C:\WINDOWS\is-LGMK4.exe" /REG /REGSVRMODE) [7] -> FOUND

[HJ] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> FOUND

[HJ] HKLM\[...]\Security Center : FirewallDisableNotify (1) -> FOUND

[HJ] HKLM\[...]\Security Center : UpdatesDisableNotify (1) -> FOUND

[HJ SMENU] HKLM\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\WINDOWS\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD3200BEVT-22ZCT0 +++++

--- User ---

[MBR] 038a452f85140fd6c5677f49bc4a0aa8

[bSP] a2aa97dfef50c98ba4e36bc74176a801 : MBR Code unknown

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 60078 Mo

1 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 123050384 | Size: 143867 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 417690000 | Size: 101284 Mo

3 - [XXXXXX] UNKNOWN (0xdf) [VISIBLE] Offset (sectors): 625121280 | Size: 7 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD3200BEVT-22ZCT0 +++++

--- User ---

[MBR] 56fa57febb65c83171d5943c430b435a

[bSP] e7b3bcfe6ef1595af6e0059ae0243e2a : Windows XP MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 305234 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_05162013_02d1057.txt >>

RKreport[1]_S_05162013_02d1057.txt

<End of report------------------------------

I trust that it is what you needed ?

other attached files are from the Report and the Folder it generated = RK_Quarantine of which some files are not allowed (so I found out)

Regards

Roger H.

RKreport1_S_05162013_02d1057.txt

QuarantineReport.txt

Eula.txt

[MrCharlie]

I'm not exactly sure what your concerns are but.......

Run RogueKiller again and click Scan

When the scan completes > click on the Registry tab

Put a check next to all of these and uncheck the rest: (if found)

[RUN][sUSP PATH] HKLM\[...]\RunOnce : InnoSetupRegFile.0000000001 ("C:\WINDOWS\is-LGMK4.exe" /REG /REGSVRMODE) [7] -> FOUND

[HJ] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> FOUND

[HJ] HKLM\[...]\Security Center : FirewallDisableNotify (1) -> FOUND

[HJ] HKLM\[...]\Security Center : UpdatesDisableNotify (1) -> FOUND

Now click Delete on the right hand column under Options

-------------

Then..........

Download Malwarebytes Anti-Rootkit from HERE

• Unzip the contents to a folder in a convenient location.
  
• Open the folder where the contents were unzipped and run mbar.exe
  
• Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  
• Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  
• Wait while the system shuts down and the cleanup process is performed.
  
• Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  
• When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt
  

To attach a log if needed:

Bottom right corner of this page.

New window that comes up.

~~~~~~~~~~~~~~~~~~~~~~~

Note:

If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

Internet access

Windows Update

Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot. It's located in the Plugins folder which is in the MBAR folder.

Just run fixdamage.exe.

Verify that your system is now functioning normally.

MrC

[LDTate]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!