littlemike1313 Posted November 22, 2015 Author Share Posted November 22, 2015 RogueKiller V10.11.6.0 [Nov 16 2015] (Free) by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/software/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : mike [Administrator] Started from : C:\Users\mike\Desktop\RogueKiller(1).exe Mode : Scan -- Date : 11/21/2015 17:48:35 ¤¤¤ Processes : 1 ¤¤¤ [suspicious.Path] wermgr.exe(4504) -- C:\ProgramData\Microsoft\Windows\WER\wermgr.exe[-] -> Killed [TermProc] ¤¤¤ Registry : 5 ¤¤¤ [suspicious.Path] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | wermgr : C:\ProgramData\Microsoft\Windows\WER\wermgr.exe [-] -> Found [PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-2368672887-3863149176-669151158-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Found [PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-2368672887-3863149176-669151158-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5228361B-9E7C-407B-83BF-28A546BBC0F9} | DhcpNameServer : 172.20.10.1 ([X]) -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{5228361B-9E7C-407B-83BF-28A546BBC0F9} | DhcpNameServer : 172.20.10.1 ([X]) -> Found ¤¤¤ Tasks : 0 ¤¤¤ ¤¤¤ Files : 9 ¤¤¤ [PUP][Folder] C:\ProgramData\{0F47B255-CF9F-48C5-B558-B7DAF9345268} -> Found [PUP][Folder] C:\ProgramData\{23D58E70-3B83-4B83-A227-68770F84F5EC} -> Found [PUP][Folder] C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D} -> Found [PUP][Folder] C:\ProgramData\{42E04EE4-AB57-407A-9691-3FFA8B8FEBBE} -> Found [PUP][Folder] C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001} -> Found [PUP][Folder] C:\ProgramData\{D76294E6-03B8-4971-AF2E-3F846161A690} -> Found [PUP][Folder] C:\ProgramData\{E1ED556E-3EA0-4F44-8BE7-CC5FB0F4B424} -> Found [PUP][Folder] C:\ProgramData\{E91883C8-8CDC-46A4-A45F-CB40EB82ED60} -> Found [PUP][Folder] C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6} -> Found ¤¤¤ Hosts File : 36 ¤¤¤ [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 tracking.opencandy.com.s3.amazonaws.com [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 media.opencandy.com [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.opencandy.com [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 tracking.opencandy.com [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 api.opencandy.com [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 api.recommendedsw.com [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 installer.betterinstaller.com [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 installer.filebulldog.com [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 inno.bisrv.com [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 nsis.bisrv.com [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.file2desktop.com [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.goateastcach.us [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.guttastatdk.us [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.inskinmedia.com [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.insta.oibundles2.com [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.insta.playbryte.com [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.llogetfastcach.us [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.montiera.com [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.msdwnld.com [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.mypcbackup.com [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.ppdownload.com [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.riceateastcach.us [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.shyapotato.us [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.solimba.com [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.tuto4pc.com [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.appround.biz [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.bigspeedpro.com [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.bispd.com [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.bisrv.com [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.cdndp.com [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.download.sweetpacks.com [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.dpdownload.com [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.visualbee.net ¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: +++++ --- User --- [MBR] d8d268d8047e1faa9b945dbdc98d2c25 [bSP] 837f63b937cbc3ae99160a903cd3e57e : Windows Vista/7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 941553 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1928507392 | Size: 12214 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] User = LL1 ... OK User = LL2 ... OK +++++ PhysicalDrive1: +++++ --- User --- [MBR] 7dbeb153604ba477657883006c233caa [bSP] 7291ef5b4894c4288494038c0bd00195 : Compressed BootMgr MBR Code Partition table: 0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1936269394 | Size: 896492 MB [Error reading VBR! ([17] Data error (cyclic redundancy check). )] 1 - [XXXXXX] UNKNOWN (0x73) [VISIBLE] Offset (sectors): 1917848077 | Size: 265838 MB 2 - [XXXXXX] SYLSTOR (0x2b) [VISIBLE] Offset (sectors): 1818575915 | Size: 265710 MB 3 - [XXXXXX] UNKNOWN (0x61) [VISIBLE] Offset (sectors): 2844524554 | Size: 26 MB User != LL1 ... KO! --- LL1 --- [MBR] 7dbeb153604ba477657883006c233caa [bSP] 7291ef5b4894c4288494038c0bd00195 : Compressed BootMgr MBR Code Partition table: 0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1936269394 | Size: 896492 MB[invalid] 1 - [XXXXXX] UNKNOWN (0x73) [VISIBLE] Offset (sectors): 1917848077 | Size: 265838 MB 2 - [XXXXXX] SYLSTOR (0x2b) [VISIBLE] Offset (sectors): 1818575915 | Size: 265710 MB 3 - [XXXXXX] UNKNOWN (0x61) [VISIBLE] Offset (sectors): 2844524554 | Size: 26 MB Error reading LL2 MBR! ([32] The request is not supported. ) +++++ PhysicalDrive2: +++++ --- User --- [MBR] f0cbafcf8557128e2ac994c03804c1bf [bSP] a83a24340e59ea8cbbf2d8eaa19e98b0 : Windows XP MBR Code Partition table: 0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 15483 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] User = LL1 ... OK Error reading LL2 MBR! ([32] The request is not supported. ) Link to comment Share on other sites More sharing options...
littlemike1313 Posted November 22, 2015 Author Share Posted November 22, 2015 Jacee, Sorry I some how posted the log twice I'm just screwing up all kinds tonight Link to comment Share on other sites More sharing options...
Jacee Posted November 22, 2015 Share Posted November 22, 2015 It's okay ... we can get back to it tomorrow. I have had my doubts about [suspicious.Path] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | wermgr : C:\ProgramData\Microsoft\Windows\WER\wermgr.exe [-] -> Found Let me look through this log and investigate it more. Link to comment Share on other sites More sharing options...
Jacee Posted November 22, 2015 Share Posted November 22, 2015 Select all of these for removal: [suspicious.Path] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | wermgr : C:\ProgramData\Microsoft\Windows\WER\wermgr.exe [-] -> Found [PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-2368672887-3863149176-669151158-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Found [PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-2368672887-3863149176-669151158-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5228361B-9E7C-407B-83BF-28A546BBC0F9} | DhcpNameServer : 172.20.10.1 ([X]) -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{5228361B-9E7C-407B-83BF-28A546BBC0F9} | DhcpNameServer : 172.20.10.1 ([X]) -> Found [PUP][Folder] C:\ProgramData\{0F47B255-CF9F-48C5-B558-B7DAF9345268} -> Found [PUP][Folder] C:\ProgramData\{23D58E70-3B83-4B83-A227-68770F84F5EC} -> Found [PUP][Folder] C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D} -> Found [PUP][Folder] C:\ProgramData\{42E04EE4-AB57-407A-9691-3FFA8B8FEBBE} -> Found [PUP][Folder] C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001} -> Found [PUP][Folder] C:\ProgramData\{D76294E6-03B8-4971-AF2E-3F846161A690} -> Found [PUP][Folder] C:\ProgramData\{E1ED556E-3EA0-4F44-8BE7-CC5FB0F4B424} -> Found [PUP][Folder] C:\ProgramData\{E91883C8-8CDC-46A4-A45F-CB40EB82ED60} -> Found [PUP][Folder] C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6} -> Found When done, reboot. Link to comment Share on other sites More sharing options...
Jacee Posted November 23, 2015 Share Posted November 23, 2015 I don't know where you are right now, but I also want you to disable "auto runs": http://www.sevenforums.com/tutorials/161443-autorun-inf-files-completely-block.html Let me know what's going on. Link to comment Share on other sites More sharing options...
littlemike1313 Posted November 23, 2015 Author Share Posted November 23, 2015 Spyware zero jacee one. No more pop ups or redirects. I left the firefox open overnight and checked this morning and everything is good And computer seems to running faster as well. You are the greatest jacee and thanks for everything Link to comment Share on other sites More sharing options...
Jacee Posted November 23, 2015 Share Posted November 23, 2015 Phew! ... Let's keep our fingers crossed and nothing comes back Link to comment Share on other sites More sharing options...
littlemike1313 Posted November 26, 2015 Author Share Posted November 26, 2015 Jacee, Everything is still good and i wanted to thank you again for the help it was very nice of you and happy thanksgiving Link to comment Share on other sites More sharing options...
Jacee Posted November 27, 2015 Share Posted November 27, 2015 Hope you had a happy one too, and you're so welcome!! Link to comment Share on other sites More sharing options...
Recommended Posts