Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Any Help would be appreciated! RogueKiller Log attached what should I delete?


  • This topic is locked This topic is locked
5 replies to this topic

#1 Not2bashful

Not2bashful

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:49 PM

Posted 21 October 2014 - 02:59 PM

RogueKiller V10.0.2.0 [Oct 16 2014] by Adlice Software
 
Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Lashley Home [Administrator]
Mode : Scan -- Date : 10/21/2014  13:18:57
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 21 ¤¤¤
[Suspicious.Path] HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run | Bomgar_Cleanup_ZD6620630358 : cmd.exe /C rd /S /Q "C:\ProgramData\iyogi-scc-52411F96" & reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Bomgar_Cleanup_ZD6620630358 /f  -> Found
[Suspicious.Path] HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run | Bomgar_Cleanup_ZD15946410449 : cmd.exe /C rd /S /Q "C:\ProgramData\bomgar-scc-0x53feb81d" & reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Bomgar_Cleanup_ZD15946410449 /f  -> Found
[Suspicious.Path] HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run | Bomgar_Cleanup_ZD6620630358 : cmd.exe /C rd /S /Q "C:\ProgramData\iyogi-scc-52411F96" & reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Bomgar_Cleanup_ZD6620630358 /f  -> Found
[Suspicious.Path] HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run | Bomgar_Cleanup_ZD15946410449 : cmd.exe /C rd /S /Q "C:\ProgramData\bomgar-scc-0x53feb81d" & reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Bomgar_Cleanup_ZD15946410449 /f  -> Found
[Hj.RegVal] HKEY_LOCAL_MACHINE\RK_Software_ON_D_8306\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell : cmd.exe /k start cmd.exe  -> Found
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\mbr (\??\C:\Users\LASHLE~1\AppData\Local\Temp\mbr.sys) -> Found
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mbr (\??\C:\Users\LASHLE~1\AppData\Local\Temp\mbr.sys) -> Found
[PUM.HomePage] HKEY_USERS\S-1-5-21-1298243350-4168526417-2768172632-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://google.com/  -> Found
[PUM.SearchPage] HKEY_USERS\S-1-5-21-1298243350-4168526417-2768172632-1000\Software\Microsoft\Internet Explorer\Main | Search Page :   -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ADC23A46-8D93-4FFC-A1F8-9681BCA75B96} | DhcpNameServer : 172.20.10.1  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C313C20E-348F-40EA-BF45-3106AD24660E} | DhcpNameServer : 172.20.10.1  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{ADC23A46-8D93-4FFC-A1F8-9681BCA75B96} | DhcpNameServer : 172.20.10.1  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{C313C20E-348F-40EA-BF45-3106AD24660E} | DhcpNameServer : 172.20.10.1  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{ADC23A46-8D93-4FFC-A1F8-9681BCA75B96} | DhcpNameServer : 172.20.10.1  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{C313C20E-348F-40EA-BF45-3106AD24660E} | DhcpNameServer : 172.20.10.1  -> Found
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-1298243350-4168526417-2768172632-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {645FF040-5081-101B-9F08-00AA002F954E} : 1  -> Found
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\RK_Software_ON_D_8306\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\RK_Software_ON_D_8306\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-1298243350-4168526417-2768172632-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {645FF040-5081-101B-9F08-00AA002F954E} : 1  -> Found
 
¤¤¤ Tasks : 1 ¤¤¤
[Suspicious.Path] \\4797 -- wscript.exe (C:\Users\LASHLE~1\AppData\Local\Temp\launchie.vbs //B) -> Found
 
¤¤¤ Files : 1 ¤¤¤
[File.Forged][File] npfs.sys -- C:\Windows\System32\drivers\npfs.sys -> Found
 
¤¤¤ Hosts File : 0 [Too big!] ¤¤¤
 
¤¤¤ Antirootkit : 6 (Driver: Loaded) ¤¤¤
[IAT:Addr] (explorer.exe @ PRINTUI.dll) ACTIVEDS.dll -  : C:\Windows\system32\adsldpc.dll @ 0x73892ab0
[IAT:Addr] (explorer.exe @ PRINTUI.dll) CFGMGR32.dll - CM_Get_Device_IDW : C:\Windows\system32\SETUPAPI.dll @ 0x75ebfd3d
[IAT:Addr] (explorer.exe @ PRINTUI.dll) CFGMGR32.dll - CM_Get_Device_ID_Size : C:\Windows\system32\SETUPAPI.dll @ 0x75ebfd77
[IAT:Addr] (explorer.exe @ PRINTUI.dll) CFGMGR32.dll - CM_Get_Parent : C:\Windows\system32\SETUPAPI.dll @ 0x75ec36c5
[IAT:Addr] (explorer.exe @ PRINTUI.dll) CFGMGR32.dll - CMP_WaitNoPendingInstallEvents : C:\Windows\system32\SETUPAPI.dll @ 0x75ec38af
[IAT:Addr] (explorer.exe @ PRINTUI.dll) CFGMGR32.dll - CM_Open_DevNode_Key : C:\Windows\system32\SETUPAPI.dll @ 0x75f7a341
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0:  +++++
--- User ---
[MBR] 3497ee1d918371b0838217997882715a
[BSP] 5e9b7aa524ee40f5ae558c170dac6832 : HP MBR Code
Partition table:
0 - [XXXXXX] FAT16 (0x6) [VISIBLE] Offset (sectors): 63 | Size: 39 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 81920 | Size: 15000 MB
2 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 30801920 | Size: 290204 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1:  +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive2: EDGE DiskGO C2 USB Device +++++
--- User ---
[MBR] f3384abd376809c298cd19fe45dd6407
[BSP] a4baad7695025fe50e7e6b69852a226e : Legit.Unknown MBR Code
Partition table:
0 - [ACTIVE] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 64 | Size: 31999 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )
 


BC AdBot (Login to Remove)

 


#2 Queen-Evie

Queen-Evie

    Official Bleepin' G.R.I.T.S. (and proud of it)


  • Members
  • 16,485 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:My own little corner of the universe (somewhere in Alabama). It's OK, they know me here
  • Local time:03:49 PM

Posted 21 October 2014 - 08:15 PM

Is this the same computer as the one in your topic here http://www.bleepingcomputer.com/forums/t/552812/corrupt-file-error-messagescomputer-randomly-reboots-please-help-me

#3 Not2bashful

Not2bashful
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:49 PM

Posted 22 October 2014 - 12:45 AM

Yes it is Queen-Evie. I didn't know if posting in one area might get me a faster response than the other.  I will delete the other if need be.  Just at a loss of what to do. 

Thanks for any help you can give me Queen-Evie. 



#4 Queen-Evie

Queen-Evie

    Official Bleepin' G.R.I.T.S. (and proud of it)


  • Members
  • 16,485 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:My own little corner of the universe (somewhere in Alabama). It's OK, they know me here
  • Local time:03:49 PM

Posted 22 October 2014 - 01:09 AM

Posting in more than one area will not get you help any faster, at least not in Malware Removal Logs.

Due to the number of requests for help and logs posted, there is a backlog in MRL. It could be several days before you receive help in this forum.

Having said that, in your other topic Broni stated he has replied to you at TechSpot.
The request for help you made there is HERE

 

You need to decide if you want to continue at TechSpot or here at Bleeping Computer.

 

You should only seek help at one forum. We ask that you select one forum from those where you sought help and ask the others to close your topics.

 

Although we understand you wish your problems to be addressed as soon as possible, there are reasons why multi-posting causes problems.

 

By Multi Posting you are utilizing the time of two (or more) trained helpers. Helpers take a long time to train. They need a great deal of expertise and knowledge to be able to safely remove Malware from your computer and because of this are in short supply. We wish to use them to help the maximum number of people, and if they helping  someone who is already being helped elsewhere, then their time and effort is going to waste. Understandably this causes a certain amount of  frustration for the helper who has needlessly spent time researching your log and compiling and posting instructions.

 

Advice from two separate helpers can cause problems. A helper at one place has no idea what a helper somewhere else is doing. Different helpers may use different methods to combat your infection. While each one is safe to use, problems can arise if you follow the advice of both together. Some of the tools used are very powerful and have to be used in a specific way and in some cases do not combine well with others. By using advice from two different sources it is possible that tools may be used that do not combine well and you may severely damage your computer, even rendering it inoperable in some circumstances. By following BOTH sets of instructions, the clean up process could be delayed. Please let us know WHERE you want to continue to receive help from. If elsewhere this topic will be closed.


Edited by Queen-Evie, 22 October 2014 - 01:14 AM.


#5 Not2bashful

Not2bashful
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:49 PM

Posted 22 October 2014 - 01:18 AM

Queen-Evie-

 

Since Broni has replied to my post at TechSpot I will close this topic here and just work with her. Thanks for replying so kindly. I didn't mean to cause any trouble.  I didn't think of the issues it would cause by posting in multiple areas. Thanks again for your kindness.  



#6 Queen-Evie

Queen-Evie

    Official Bleepin' G.R.I.T.S. (and proud of it)


  • Members
  • 16,485 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:My own little corner of the universe (somewhere in Alabama). It's OK, they know me here
  • Local time:03:49 PM

Posted 22 October 2014 - 01:29 AM

Wise decision, since you won't have to wait for several days for someone to respond here.

 

Good luck with the cleaning process.

 

This topic is closed.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users