Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Strange RogueKiller Findings


  • Please log in to reply
5 replies to this topic

#1 krit86lr

krit86lr

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:54 PM

Posted 13 January 2014 - 07:03 PM

I don't know what to make of the RogueKiller scan.  It's reporting something strange about my partitions that I don't understand.  Is this a place that I can ask for help?



BC AdBot (Login to Remove)

 


#2 krit86lr

krit86lr
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:54 PM

Posted 13 January 2014 - 07:14 PM

RogueKiller V8.8.0 _x64_ [Dec 27 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
Started in : Normal mode
User : KRISTIN-H [Admin rights]
Mode : Scan -- Date : 01/11/2014 04:35:36
| ARK || FAK || MBR |

¤¤¤ Bad processes : 2 ¤¤¤
[SUSP PATH] VPDAgent_x64.exe -- C:\Windows\VPDAgent_x64.exe [-] -> KILLED [TermProc]
[SUSP PATH] RTFTrack.exe -- C:\Windows\RTFTrack.exe [7] -> KILLED [TermProc]

¤¤¤ Registry Entries : 6 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 1 ¤¤¤
[V2][SUSP PATH] OFFICE2013ACT : C:\ProgramData\Microsoft\Windows\OFFICEICON.vbs [-] -> FOUND

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) HGST HTS725050A7E630 +++++
--- User ---
[MBR] 89366378f1f864c3be6511608cd3a45f
[BSP] 30e161c03fd860e96ab15c3ddd10e5a1 : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1 | Size: 2097152 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ SCSI) HGST Touro Mobile Pro SCSI Disk Device +++++
--- User ---
[MBR] 31597e226b5bd1a7c339e7aafe41adb0
[BSP] 64ef1362fedb5a997ca11cae162d2a82 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x1] Incorrect function. )

+++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ USB) Seagate Portable USB Device +++++
--- User ---
[MBR] e09c78682ffc4dfa4dfc00678be76926
[BSP] 6ba62181b7ff8696dfbed034215c5258 : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1 | Size: 2097152 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )

+++++ PhysicalDrive3: (\\.\PHYSICALDRIVE3 @ SCSI) HGST Touro Mobile Pro SCSI Disk Device +++++
--- User ---
[MBR] cc86c8a24ed247c458fb76b841bff7c1
[BSP] af1d2806c1b6f96cd1dbe38214d7e7dc : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 16065 | Size: 953859 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x1] Incorrect function. )

+++++ PhysicalDrive4: (\\.\PHYSICALDRIVE4 @ USB) Verbatim micro USB USB Device +++++
--- User ---
[MBR] 157699598bcc7a5432b0b34e11836198
[BSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2416 | Size: 15198 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )

Finished : << RKreport[0]_S_01112014_043536.txt >>



#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,906 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:54 PM

Posted 29 January 2014 - 08:09 PM

Hello, you need one on one assistance with this. This tool is too stronger for the average user. Please repost this info with a DDS log from here.

Please follow this Preparation Guide, do steps 6,7 and 8 and post in a new topic.
Let me know if all went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 krit86lr

krit86lr
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:54 PM

Posted 01 February 2014 - 12:29 AM

I tried to run DDS, but it is not compatible with my OS.  I have done everything in the preparation guide that was compatible.  Should I post all of my log files here?



#5 krit86lr

krit86lr
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:54 PM

Posted 01 February 2014 - 12:41 AM

I have only allowed programs to scan and save log files.  I have logs for the following:

 

aswMBR

AutoRun

Emisisoft ER Kit

Farbar

Gorred

Malwarebytes Anti Rootkit

OTL

TCPView

TDSSKiller

AdwCleaner

FRST

FSS

GMER

MiniToolBox

ProcessExplorer

Security Check



#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,906 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:54 PM

Posted 01 February 2014 - 05:56 PM

Hello, Please go here
Virus, Trojan, Spyware, and Malware Removal Logs
http://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/

Start a new topic, same title, and repost the above posts in ONE post.

We need to run tools only allowed in that section. They will ask for the logs they need from your supply.

Thanks.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users