Author Topic: 1st Time Using RogueKiller, Don't Know What To Remove  (Read 5870 times)

0 Members and 1 Guest are viewing this topic.

April 02, 2015, 06:00:57 PM

bobo88

  • Newbie

  • Offline
  • *

  • 1
  • Reputation:
    0
    • View Profile
1st Time Using RogueKiller, Don't Know What To Remove
« on: April 02, 2015, 06:00:57 PM »
This is my first time using a malware removal program, and I have no idea what really needs to be deleted, and what doesn't. Here is the full report from RogueKiller:

RogueKiller V10.5.8.0 [Mar 30 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : chrislinder [Administrator]
Started from : C:\Users\chrislinder\Downloads\RogueKiller.exe
Mode : Scan -- Date : 04/02/2015  10:40:52

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 15 ¤¤¤
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-2460580099-1194042784-152637623-1001\Software\Microsoft\Windows NT\CurrentVersion\Windows | Load : C:\Users\CHRISL~1\LOCALS~1\Temp\msauwo.exe  -> Found
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-2460580099-1194042784-152637623-1001\Software\Microsoft\Windows NT\CurrentVersion\Windows | Load : C:\Users\CHRISL~1\LOCALS~1\Temp\msauwo.exe  -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2460580099-1194042784-152637623-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://my.aol.com/?mtmhp=acm50mtmhpunauthgreeting2  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2460580099-1194042784-152637623-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://my.aol.com/?mtmhp=acm50mtmhpunauthgreeting2  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 97.64.183.164 97.64.209.37 [(Unknown Country?) (XX)][(Unknown Country?) (XX)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 97.64.183.164 97.64.209.37 [(Unknown Country?) (XX)][(Unknown Country?) (XX)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 97.64.183.164 97.64.209.37 [(Unknown Country?) (XX)][(Unknown Country?) (XX)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{31583F41-7E3D-472E-8457-6B00155166F5} | DhcpNameServer : 97.64.183.164 97.64.209.37 [(Unknown Country?) (XX)][(Unknown Country?) (XX)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{31583F41-7E3D-472E-8457-6B00155166F5} | DhcpNameServer : 97.64.183.164 97.64.209.37 [(Unknown Country?) (XX)][(Unknown Country?) (XX)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{31583F41-7E3D-472E-8457-6B00155166F5} | DhcpNameServer : 97.64.183.164 97.64.209.37 [(Unknown Country?) (XX)][(Unknown Country?) (XX)]  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[ZeroAccess] (X64) HKEY_CLASSES_ROOT\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32 | (default) : C:\Users\chrislinder\AppData\Local\{4398abad-d365-5e64-3b6f-dbb525a60b63}\n.  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 12 ¤¤¤
[Suspicious.Path][File] 3D80.lnk -- C:\Users\chrislinder\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\3D80.lnk [LNK@] C:\PROGRA~3\{07D06~1\3D80.exe --startup=1 -> Found
[Suspicious.Path][File] 4D00.lnk -- C:\Users\chrislinder\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4D00.lnk [LNK@] C:\PROGRA~3\{A904D~1\4D00.exe --startup=1 -> Found
[Suspicious.Path][File] 5010.lnk -- C:\Users\chrislinder\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\5010.lnk [LNK@] C:\PROGRA~3\{35A42~1\5010.exe --startup=1 -> Found
[Suspicious.Path][File] 6F78.lnk -- C:\Users\chrislinder\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\6F78.lnk [LNK@] C:\PROGRA~3\{FB74D~1\6F78.exe --startup=1 -> Found
[Suspicious.Path][File] A480.lnk -- C:\Users\chrislinder\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\A480.lnk [LNK@] C:\PROGRA~3\{0F4F1~1\A480.exe --startup=1 -> Found
[Suspicious.Path][File] AFC0.lnk -- C:\Users\chrislinder\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AFC0.lnk [LNK@] C:\PROGRA~3\{B71E6~1\AFC0.exe --startup=1 -> Found
[ZeroAccess][Folder] L -- C:\Users\chrislinder\AppData\Local\{4398abad-d365-5e64-3b6f-dbb525a60b63}\L -> Found
[ZeroAccess][Folder] U -- C:\Users\chrislinder\AppData\Local\{4398abad-d365-5e64-3b6f-dbb525a60b63}\U -> Found
[ZeroAccess][Folder] L -- C:\$Recycle.Bin\S-1-5-18\$4398abadd3655e643b6fdbb525a60b63\L -> Found
[ZeroAccess][Folder] U -- C:\$Recycle.Bin\S-1-5-18\$4398abadd3655e643b6fdbb525a60b63\U -> Found
[ZeroAccess][Folder] L -- C:\$Recycle.Bin\S-1-5-21-2460580099-1194042784-152637623-1001\$4398abadd3655e643b6fdbb525a60b63\L -> Found
[ZeroAccess][Folder] U -- C:\$Recycle.Bin\S-1-5-21-2460580099-1194042784-152637623-1001\$4398abadd3655e643b6fdbb525a60b63\U -> Found

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS547550A9E384 SATA Disk Device +++++
--- User ---
[MBR] 45e84ecee8614e2f5c547cbb66939a64
[BSP] 4868ed9fcc77852a26b8c87d42b5ba80 : Windows Vista/7/8 MBR Code
Partition table:
User = LL1 ... OK
User = LL2 ... OK

Any help would be very much appreciated.

Reply #1April 03, 2015, 11:43:54 AM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Re: 1st Time Using RogueKiller, Don't Know What To Remove
« Reply #1 on: April 03, 2015, 11:43:54 AM »
Hi bobo88,

Welcome to Adlice.com Forum.

The report you posted was generated with the 32 bits version of RogueKiller.
Please download RogueKiller (64 bits version), redo a full scan and post the report obtained in your next reply.

Regards.