- Sep 18, 2014
- 3
RogueKiller V9.2.11.0 [Sep 9 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
Started in : Normal mode
User : Connor [Admin rights]
Mode : Scan -- Date : 09/18/2014 17:19:11
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 16 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 134.197.205.1 131.216.205.1 -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 134.197.205.1 131.216.205.1 -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1A227AA3-413D-47EA-85A7-DDF4B7D6E666} | DhcpNameServer : 134.197.6.1 134.197.5.1 -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{238B190B-0304-4D6C-8DA3-D8346938D832} | DhcpNameServer : 134.197.205.1 131.216.205.1 -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{1A227AA3-413D-47EA-85A7-DDF4B7D6E666} | DhcpNameServer : 134.197.6.1 134.197.5.1 -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{238B190B-0304-4D6C-8DA3-D8346938D832} | DhcpNameServer : 134.197.205.1 131.216.205.1 -> FOUND
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-311522894-2257072095-1875656134-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> FOUND
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-311522894-2257072095-1875656134-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-311522894-2257072095-1875656134-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> FOUND
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-311522894-2257072095-1875656134-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> FOUND
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-311522894-2257072095-1875656134-1001\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com -> FOUND
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-311522894-2257072095-1875656134-1001\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com -> FOUND
¤¤¤ Scheduled tasks : 0 ¤¤¤
¤¤¤ Files : 0 ¤¤¤
¤¤¤ HOSTS File : 0 ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: NOT LOADED [0xc000036b]) ¤¤¤
¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] jjd9qlfl.default-1390452539003 : user_pref("browser.startup.homepage", "http://astromenda.com/?f=1&a=ast_ir...ytG0E0BtAyDzy0D0ByCtCtCzy0E2Q&cr=37183167&ir="); -> FOUND
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 8c7408f9ec62449d4f4a0805095057c8
[BSP] b8e681ec20f3f51e484d81d4ade624cc : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 63 | Size: 22003 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 45062328 | Size: 570522 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1213493248 | Size: 122877 MB
User = LL1 ... OK
User = LL2 ... OK
I've already gone through and deleted the Trojan.0access with Malwarebytes, so I took this log with Rogue Killer, and this is what came up. I'm using Emisoft Emergency Kit to scan, along with Hitman Pro, and when these finish I'm using adwcleaner and combofix.
I want to see what you guys have to say about this log and what I should do though.
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
Started in : Normal mode
User : Connor [Admin rights]
Mode : Scan -- Date : 09/18/2014 17:19:11
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 16 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 134.197.205.1 131.216.205.1 -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 134.197.205.1 131.216.205.1 -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1A227AA3-413D-47EA-85A7-DDF4B7D6E666} | DhcpNameServer : 134.197.6.1 134.197.5.1 -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{238B190B-0304-4D6C-8DA3-D8346938D832} | DhcpNameServer : 134.197.205.1 131.216.205.1 -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{1A227AA3-413D-47EA-85A7-DDF4B7D6E666} | DhcpNameServer : 134.197.6.1 134.197.5.1 -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{238B190B-0304-4D6C-8DA3-D8346938D832} | DhcpNameServer : 134.197.205.1 131.216.205.1 -> FOUND
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-311522894-2257072095-1875656134-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> FOUND
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-311522894-2257072095-1875656134-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-311522894-2257072095-1875656134-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> FOUND
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-311522894-2257072095-1875656134-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> FOUND
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-311522894-2257072095-1875656134-1001\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com -> FOUND
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-311522894-2257072095-1875656134-1001\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com -> FOUND
¤¤¤ Scheduled tasks : 0 ¤¤¤
¤¤¤ Files : 0 ¤¤¤
¤¤¤ HOSTS File : 0 ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: NOT LOADED [0xc000036b]) ¤¤¤
¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] jjd9qlfl.default-1390452539003 : user_pref("browser.startup.homepage", "http://astromenda.com/?f=1&a=ast_ir...ytG0E0BtAyDzy0D0ByCtCtCzy0E2Q&cr=37183167&ir="); -> FOUND
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 8c7408f9ec62449d4f4a0805095057c8
[BSP] b8e681ec20f3f51e484d81d4ade624cc : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 63 | Size: 22003 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 45062328 | Size: 570522 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1213493248 | Size: 122877 MB
User = LL1 ... OK
User = LL2 ... OK
I've already gone through and deleted the Trojan.0access with Malwarebytes, so I took this log with Rogue Killer, and this is what came up. I'm using Emisoft Emergency Kit to scan, along with Hitman Pro, and when these finish I'm using adwcleaner and combofix.
I want to see what you guys have to say about this log and what I should do though.