Author Topic: Roguekiller - what if anything to delete-if nothing help I still have problem!  (Read 3882 times)

0 Members and 1 Guest are viewing this topic.

August 23, 2015, 03:54:05 pm

gilbytheo

  • Newbie

  • Offline
  • *

  • 1
  • Reputation:
    0
    • View Profile
Hi all.  I need a little help please.  I was running MSE and had been for years but we were really running into constant problems lately  I uninstalled it.  I installed Malwarebytes and ran it along with Avast! and also ran it both yesterday.  I am continuing to have problems with new sessions of firefox opening when you are browsing and click on anything.  I also have jabuticaba popping up in the right hand corner.  I searched to find a resolution and based upon suggestions ran adware - still no fix.  Then I ran roguekiller.  Please see my log below. 

My questions are - is it clean?  If not what do I need to delete?  If it IS clean then how do I get rid of whatever keeps opening new browsers and the annoying jabuticaba?  I thought the virus software would have cleaned all that but I must be missing something.  I am running windows 7. 

Thanks in advance.

RogueKiller V10.10.1.0 (x64) [Aug 17 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Craig and Lisa [Administrator]
Started from : C:\Users\Craig and Lisa\Downloads\RogueKillerX64.exe
Mode : Scan -- Date : 08/23/2015 09:32:04

Processes : 0

Registry : 14
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-2215247407-2568484809-1437753554-1000\Software\Microsoft\Windows\CurrentVersion\Run | WorkForce 630(Network) : C:\windows\system32\spool\DRIVERS\x64\3\E_IATIGBA.EXE /FU "C:\Users\CRAIGA~1\AppData\Local\Temp\E_S54DA.tmp" /EF "HKCU" [7]
  • -> Found
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-2215247407-2568484809-1437753554-1000\Software\Microsoft\Windows\CurrentVersion\Run | WorkForce 630(Network) : C:\windows\system32\spool\DRIVERS\x64\3\E_IATIGBA.EXE /FU "C:\Users\CRAIGA~1\AppData\Local\Temp\E_S54DA.tmp" /EF "HKCU" [7]
  • -> Found
[PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://homepage.aol.com/?mtmhp=txtlnkusaolp00000800  -> Found
[PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://homepage.aol.com/?mtmhp=txtlnkusaolp00000800  -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2215247407-2568484809-1437753554-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://homepage.aol.com/?mtmhp=txtlnkusaolp00000800  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2215247407-2568484809-1437753554-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://homepage.aol.com/?mtmhp=txtlnkusaolp00000800  -> Found
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-2215247407-2568484809-1437753554-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-2215247407-2568484809-1437753554-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.1 ([(Private Address) (XX)])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.1 ([(Private Address) (XX)])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.1 ([(Private Address) (XX)])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{32B0B705-0D1A-4700-A416-FCEDDA9AF5E0} | DhcpNameServer : 10.0.0.1 ([(Private Address) (XX)])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{32B0B705-0D1A-4700-A416-FCEDDA9AF5E0} | DhcpNameServer : 10.0.0.1 ([(Private Address) (XX)])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{32B0B705-0D1A-4700-A416-FCEDDA9AF5E0} | DhcpNameServer : 10.0.0.1 ([(Private Address) (XX)])  -> Found

Tasks : 1
[Suspicious.Path] \Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan -- c:\Program Files\Microsoft Security Client\MpCmdRun.exe (Scan -ScheduleJob -RestrictPrivileges) -> Found

Files : 0

Hosts File : 0

Antirootkit : 0 (Driver: Loaded)

Web browsers : 0

MBR Check :
+++++ PhysicalDrive0: TOSHIBA MK5075GSX ATA Device +++++
--- User ---
[MBR] 04ce99b82b0fd7a90e00b770dd66d712
[BSP] e4e6b729da54baff041aedb62ba06e34 : HP MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 3074048 | Size: 460424 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 946022400 | Size: 15015 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK


Reply #1August 24, 2015, 05:43:51 pm

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2526
  • Reputation:
    85
    • View Profile
Hi gilbytheo,

Welcome to Adlice.com Forum.
Did Malwarebytes or Avast found anything ?

Please download Farbar Recovery Scan Tool (x64) and save it to your Desktop.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST64.exe). Please also paste that along with the FRST.txt into your reply.
Regards.