0 Members and 2 Guests are viewing this topic.
C:\Users\Moa\AppData\Roaming\javaupd.exeC:\Users\Moa\AppData\Local\Temp\agpiikow.sysC:\Program Files (x86)\mIRC\mirc.exe
RogueKiller V12.1.1.0 (x64) [Apr 4 2016] (Free) by Adlice Softwaremail : http://www.adlice.com/contact/Feedback : http://forum.adlice.comWebsite : http://www.adlice.com/software/roguekiller/Blog : http://www.adlice.comOperating System : Windows 10 (10.0.10586) 64 bits versionStarted in : Normal modeUser : David [Administrator]Started from : F:\Users\David\Downloads\Programs\RogueKillerX64.exeMode : Scan -- Date : 04/08/2016 10:03:13¤¤¤ Processes : 1 ¤¤¤[Proc.Injected] ClipMate.exe(10364) -- O:\Program Files (x86)\ClipMate7\ClipMate.exe -> Found¤¤¤ Registry : 18 ¤¤¤[PUP] (X86) HKEY_LOCAL_MACHINE\Software\AppSafe -> Found[PUP] (X86) HKEY_LOCAL_MACHINE\Software\ExpressFiles -> Found[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Lightspark Team -> Found[PUP] (X86) HKEY_LOCAL_MACHINE\Software\PIP -> Found[PUP] (X86) HKEY_LOCAL_MACHINE\Software\SlimWare Utilities, Inc. -> Found[Hidden.From.SCM] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\WUDFRd (\SystemRoot\system32\DRIVERS\WUDFRd.sys) -> Found[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-960806728-1607608830-987004840-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : proxy-nl.privateinternetaccess.com -> Found[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-960806728-1607608830-987004840-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : proxy-nl.privateinternetaccess.com -> Found[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 162.248.221.182 70.38.99.32 ([X][-]) -> Found[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 162.248.221.182 70.38.99.32 ([X][-]) -> Found[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{36939f71-5de6-4be9-bbcb-7353241f72c7} | DhcpNameServer : 172.27.35.1 ([X]) -> Found[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8d862535-ff56-4dcc-adf7-e596795860d4} | DhcpNameServer : 162.248.221.182 70.38.99.32 ([X][-]) -> Found[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{b0b3febb-ac5c-4c9f-afe2-b1f3b287dce8} | NameServer : 162.248.221.182,70.38.99.32 ([X][-]) -> Found[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{df46461e-aaf3-4a0a-9a83-4ac6d1f4caea} | NameServer : 162.248.221.182,70.38.99.32 ([X][-]) -> Found[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{36939f71-5de6-4be9-bbcb-7353241f72c7} | DhcpNameServer : 172.27.35.1 ([X]) -> Found[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{8d862535-ff56-4dcc-adf7-e596795860d4} | DhcpNameServer : 162.248.221.182 70.38.99.32 ([X][-]) -> Found[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{b0b3febb-ac5c-4c9f-afe2-b1f3b287dce8} | NameServer : 162.248.221.182,70.38.99.32 ([X][-]) -> Found[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{df46461e-aaf3-4a0a-9a83-4ac6d1f4caea} | NameServer : 162.248.221.182,70.38.99.32 ([X][-]) -> Found¤¤¤ Tasks : 3 ¤¤¤[Suspicious.Path] %WINDIR%\Tasks\AppCloudUpdater.job -- C:\Users\David\AppData\Roaming\AppCloudUpdater\UpdateProc\UpdateTask.exe (/Check) -> Found[Suspicious.Path] \AppCloudUpdater -- C:\Users\David\AppData\Roaming\AppCloudUpdater\UpdateProc\UpdateTask.exe (/Check) -> Found[Suspicious.Path] \DelayedItemsByChemtableSoftware\Send to OneNote -- "C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk" (/tsr) -> Found¤¤¤ Files : 0 ¤¤¤¤¤¤ Hosts File : 0 [Too big!] ¤¤¤¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤¤¤¤ Web browsers : 7 ¤¤¤[PUP][CHROME:Addon] Default : EditThisCookie [fngmhnnpilhplaeedifhccceomclgfbg] -> Found[PUP][CHROME:Addon] Default : Chromium browser automation [jmbmjnojfkcohdpkpjmeeijckfbebbon] -> Found[PUP][CHROME:Addon] Default : Awesome Dictionary Widget [ANTP] [kdigjjbkpjljoknifbgaijaemafihhga] -> Found[PUP][CHROME:Addon] Default : Awesome New Tab Page [mgmiemnjjchgkmgbeljfocdjjnpjnmcg] -> Found[PUP][CHROME:Addon] Default : Click&Clean App [pdabfienifkbhoihedcgeogidfmibmhp] -> Found[PUM.Proxy][FIREFX:Config] 0fpo3x59.default : user_pref("network.proxy.http", "209.240.134.74"); -> Found[PUM.Proxy][FIREFX:Config] 0fpo3x59.default : user_pref("network.proxy.http_port", 80); -> Found¤¤¤ MBR Check : ¤¤¤+++++ PhysicalDrive0: ST3000DM001-1CH166 +++++--- User ---[MBR] a7e800f69b4cb2500665500759a0a577[BSP] e897dd8278912e0e2e18aad99cb66889 : Empty|VT.Unknown MBR CodePartition table:0 - Basic data partition | Offset (sectors): 16065 | Size: 664124 MB1 - Basic data partition | Offset (sectors): 1360143288 | Size: 404833 MB2 - Basic data partition | Offset (sectors): 2189241810 | Size: 1136700 MB3 - Basic data partition | Offset (sectors): 4517204902 | Size: 142310 MB4 - Basic data partition | Offset (sectors): 4808656896 | Size: 513608 MBUser = LL1 ... OKUser = LL2 ... OK+++++ PhysicalDrive1: WDC WD40E31X-00HY4A0 +++++--- User ---[MBR] 29c4d127450b4c0343ff25ed8f29e666[BSP] 5d38ebc157718a81a78a39db4bd81b69 : Windows Vista/7/8|VT.Unknown MBR CodePartition table:0 - Microsoft reserved partition | Offset (sectors): 34 | Size: 128 MB1 - Basic data partition | Offset (sectors): 264192 | Size: 1883100 MB2 - Basic data partition | Offset (sectors): 3856855040 | Size: 1668139 MB3 - Basic data partition | Offset (sectors): 7273205760 | Size: 264075 MBUser = LL1 ... OKUser = LL2 ... OK+++++ PhysicalDrive2: ST3000DM001-1CH166 +++++--- User ---[MBR] 9e3cc1b6227003de1a2076ae3c805e83[BSP] dd84239348de550d8f702fb1123363d6 : Windows Vista/7/8|VT.Unknown MBR CodePartition table:1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 228585 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]User = LL1 ... OKUser = LL2 ... OK+++++ PhysicalDrive3: ADATA SX900 +++++--- User ---[MBR] e3854da19d52a76bcb4108a8de60e198[BSP] 1535218b785a463a7343d6643ab38b68 : Empty|VT.Unknown MBR CodePartition table:0 - | Offset (sectors): 40 | Size: 244198 MBUser = LL1 ... OKUser = LL2 ... OK+++++ PhysicalDrive4: Generic- SD/MMC USB Device +++++Error reading User MBR! ([15] The device is not ready. )Error reading LL1 MBR! NOT VALID!Error reading LL2 MBR! ([32] The request is not supported. )+++++ PhysicalDrive5: Generic- Compact Flash USB Device +++++Error reading User MBR! ([15] The device is not ready. )Error reading LL1 MBR! NOT VALID!Error reading LL2 MBR! ([32] The request is not supported. )+++++ PhysicalDrive6: Generic- SM/xD Picture USB Device +++++Error reading User MBR! ([15] The device is not ready. )Error reading LL1 MBR! NOT VALID!Error reading LL2 MBR! ([32] The request is not supported. )+++++ PhysicalDrive7: Generic- MS/MS-Pro USB Device +++++Error reading User MBR! ([15] The device is not ready. )Error reading LL1 MBR! NOT VALID!Error reading LL2 MBR! ([32] The request is not supported. )+++++ PhysicalDrive8: TRUSTED Mass Storage USB Device +++++--- User ---[MBR] 1bb36fb0db2124e6ef43a147496e1e5d[BSP] 6bb52253c0292faa1444fc34eb5cf779 : Windows XP|VT.Unknown MBR CodePartition table:0 - DROBO GPT PARTITION | Offset (sectors): 40 | Size: 16777088 MBUser = LL1 ... OKError reading LL2 MBR! ([32] The request is not supported. )+++++ PhysicalDrive9: Microsoft Virtual Disk +++++--- User ---[MBR] 0086f36f0b7bc8b257f89fc226376c3d[BSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows Vista/7/8 MBR CodePartition table:0 - Microsoft reserved partition | Offset (sectors): 34 | Size: 128 MB1 - Basic data partition | Offset (sectors): 264192 | Size: 102270 MBUser = LL1 ... OKError reading LL2 MBR! ([1] Incorrect function. )
[PUM.Proxy][FIREFX:Config] 0fpo3x59.default : user_pref("network.proxy.http", "209.240.134.74"); -> Found[PUM.Proxy][FIREFX:Config] 0fpo3x59.default : user_pref("network.proxy.http_port", 80); -> Found
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\AppSafe -> Found[PUP] (X86) HKEY_LOCAL_MACHINE\Software\ExpressFiles -> Found[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Lightspark Team -> Found[PUP] (X86) HKEY_LOCAL_MACHINE\Software\PIP -> Found[PUP] (X86) HKEY_LOCAL_MACHINE\Software\SlimWare Utilities, Inc. -> Found[Suspicious.Path] %WINDIR%\Tasks\AppCloudUpdater.job -- C:\Users\David\AppData\Roaming\AppCloudUpdater\UpdateProc\UpdateTask.exe (/Check) -> Found[Suspicious.Path] \AppCloudUpdater -- C:\Users\David\AppData\Roaming\AppCloudUpdater\UpdateProc\UpdateTask.exe (/Check) -> Found