« previous next »
Pages: [1]

Author Topic: Results of Roguekiller Scan--What do I delete?  (Read 5218 times)

0 Members and 1 Guest are viewing this topic.

September 24, 2014, 05:54:24 PM

perrin.michele@yahoo.com

  • Guest
Results of Roguekiller Scan--What do I delete?
« on: September 24, 2014, 05:54:24 PM »
I received the following Report after running Rogue killer on my laptop. I am trying to get rid of a wow.dll infection which is caused by folders in my temp file that I can't delete as I can't see them and even in cmd, I can see the folders, but can't do anything to them as they say "Access denied."  Can you help?  Below is the report from Roguekiller:

RogueKiller V9.2.12.0 (x64) [Sep 23 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Michele Gustafson [Admin rights]
Mode : Scan -- Date : 09/24/2014  08:41:45

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 12 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A677E9DA-4C83-42A5-B7E5-902CA52F102E} | DhcpNameServer : 172.20.10.1  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{A677E9DA-4C83-42A5-B7E5-902CA52F102E} | DhcpNameServer : 172.20.10.1  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{A677E9DA-4C83-42A5-B7E5-902CA52F102E} | DhcpNameServer : 172.20.10.1  -> FOUND
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0  -> FOUND
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0  -> FOUND
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> FOUND
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
[Suspicious.Path] (X64) HKEY_CLASSES_ROOT\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 |  : C:\Users\MICHEL~1\AppData\Local\Temp\sbpxiye\smvfiiq\wow64.dll  -> FOUND

¤¤¤ Scheduled tasks : 4 ¤¤¤
[Suspicious.Path] AVG-Secure-Search-Update_JUNE2013_TB_rmv.job -- C:\Windows\TEMP\{116CA6A9-0FA3-4F19-A638-F669C7BBCD0C}.exe (--uninstall=1) -> FOUND
[Suspicious.Path] EasyShare Registration Task.job -- C:\Windows\system32\rundll32.exe (C:\PROGRA~3\Kodak\EasyShareSetup\$REGIS~1\Registration_8.3.30.1.sxt _RegistrationOffer@16) -> FOUND
[Suspicious.Path] \\AVG-Secure-Search-Update_JUNE2013_TB_rmv -- C:\Windows\TEMP\{116CA6A9-0FA3-4F19-A638-F669C7BBCD0C}.exe (--uninstall=1) -> FOUND
[Suspicious.Path] \\EasyShare Registration Task -- C:\Windows\system32\rundll32.exe (C:\PROGRA~3\Kodak\EasyShareSetup\$REGIS~1\Registration_8.3.30.1.sxt _RegistrationOffer@16) -> FOUND

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: LOADED) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0:  +++++
--- User ---
[MBR] 3f7deb64ef072684ad19cb155b6aab77
[BSP] e1ee19ab36242d613dab29c1e0a8c48c : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 199 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 409600 | Size: 700871 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1435793408 | Size: 14230 MB
3 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 1464936448 | Size: 102 MB
User = LL1 ... OK
User != LL2 ... KO!
--- LL2 ---
[MBR] c54a8e6965c6e368351ea61ace2b5b5c
[BSP] e1ee19ab36242d613dab29c1e0a8c48c : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 409600 | Size: 77824 MB
1 - [XXXXXX] FAT16 (0x6) [VISIBLE] Offset (sectors): 159793152 | Size: 4000 MB
2 - [ACTIVE] FAT16 (0x6) [VISIBLE] Offset (sectors): 167985152 | Size: 2000 MB
3 - [XXXXXX] FAT16 (0x6) [VISIBLE] Offset (sectors): 172081152 | Size: 1000 MB


============================================
RKreport_SCN_09232014_163728.log - RKreport_SCN_09232014_164755.log
Logged
Reply #1September 30, 2014, 12:51:02 PM

Tigzy

  • Administrator
  • Hero Member
  • Offline
  • *****
  • 957
  • Reputation:
    91
  • Personal Text
    Owner, Adlice Software
    • View Profile
    • Adlice Software
Re: Results of Roguekiller Scan--What do I delete?
« Reply #1 on: September 30, 2014, 12:51:02 PM »
Hello
Not sure what you are trying to do since wow.dll is a legit DLL used by Windows to run X86 modules on 64 bits operating systems...
Logged
Pages: [1]
« previous next »