Hi, i ran a full scan with avast a while ago and something strange happened, the iu started blinking and when i checked it it said “avast protection is off” then i went back to normal aka “all secured” (not sure if high cpu usage while running a full scan can do that)
ran roguekiller and found this
RogueKiller V8.8.2 [Jan 17 2014] by Tigzy
mail : tigzyRKgmailcom
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : PatricK [Admin rights]
Mode : Scan – Date : 01/23/2014 14:39:38
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 5 ¤¤¤
[HJ POL][PUM] HKCU[…]\System : DisableTaskMgr (0) → FOUND
[HJ POL][PUM] HKCU[…]\System : DisableRegistryTools (0) → FOUND
[HJ POL][PUM] HKLM[…]\System : DisableRegistryTools (0) → FOUND
[HJ DESK][PUM] HKCU[…]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) → FOUND
[HJ DESK][PUM] HKCU[…]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) → FOUND
¤¤¤ Scheduled tasks : 0 ¤¤¤
¤¤¤ Startup Entries : 0 ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ Browser Addons : 0 ¤¤¤
¤¤¤ Particular Files / Folders: ¤¤¤
[Faked][File] hxxp.sys : C:\Windows\system32\drivers\hxxp.sys [-] → FOUND
[Faked][File] iaStorV.sys : C:\Windows\system32\drivers\iaStorV.sys [-] → FOUND
[Faked][File] ipfltdrv.sys : C:\Windows\system32\drivers\ipfltdrv.sys [-] → FOUND
[Faked][File] ks.sys : C:\Windows\system32\drivers\ks.sys [-] → FOUND
[Faked][File] lsi_scsi.sys : C:\Windows\system32\drivers\lsi_scsi.sys [-] → FOUND
[Faked][File] mouclass.sys : C:\Windows\system32\drivers\mouclass.sys [-] → FOUND
[Faked][File] mrxsmb10.sys : C:\Windows\system32\drivers\mrxsmb10.sys [-] → FOUND
[Faked][File] netbt.sys : C:\Windows\system32\drivers\netbt.sys [-] → FOUND
[Faked][File] rdbss.sys : C:\Windows\system32\drivers\rdbss.sys [-] → FOUND
[Faked][File] VX3000.sys : C:\Windows\system32\drivers\VX3000.sys [-] → FOUND
¤¤¤ Driver : [LOADED] ¤¤¤
¤¤¤ External Hives: ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
→ %SystemRoot%\System32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: (\.\PHYSICALDRIVE0 @ IDE) WDC WD5000AADS-67S9B1 ATA Device +++++
— User —
[MBR] 5985724ba892a5726b4ce24e2f48fbe8
[BSP] eb11fb66582f439466a24426dcc02753 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 76217 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 156299264 | Size: 400620 Mo
User = LL1 … OK!
User = LL2 … OK!
Finished : << RKreport[0]_S_01232014_143937.txt >>
RKreport[0]_S_12312013_072810.txt
in the particular file section is that something to be worried about?