|
Post by silentes on Oct 27, 2014 18:07:57 GMT -8
Report attached.
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Oct 27, 2014 18:15:01 GMT -8
roguekiller does not show it either
hmmmmm thinking
Quads
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Oct 27, 2014 18:19:00 GMT -8
Ok
Start FRST and in the serach box have the below in bold
rundll32.exe javascript:
Then have FRST scan the Registry not the scan file
Should come back with a search.txt file
Quads
|
|
|
Post by silentes on Oct 27, 2014 18:25:14 GMT -8
Search.txt attached.
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Oct 27, 2014 18:38:47 GMT -8
Did you use the x64 version of Roguekiller??
Quads
|
|
|
Post by silentes on Oct 27, 2014 18:45:46 GMT -8
When I clicked the link it started the download automatically.
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Oct 27, 2014 18:50:40 GMT -8
|
|
|
Post by silentes on Oct 27, 2014 19:15:59 GMT -8
RogueKiller V10.0.3.0 (x64) [Oct 16 2014] by Adlice Software mail : www.adlice.com/contact/Feedback : forum.adlice.comWebsite : www.adlice.com/softwares/roguekiller/Blog : www.adlice.comOperating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Jeremy [Administrator] Mode : Scan -- Date : 10/27/2014 22:14:46 ¤¤¤ Processes : 0 ¤¤¤ ¤¤¤ Registry : 6 ¤¤¤ [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2021864660-184726159-3145544098-1000\Software\Microsoft\Internet Explorer\Main | Start Page : yahoo.com/ -> Found [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2021864660-184726159-3145544098-1000\Software\Microsoft\Internet Explorer\Main | Start Page : yahoo.com/ -> Found [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found ¤¤¤ Tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ Hosts File : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: ST1000DM003-1CH162 ATA Device +++++ --- User --- [MBR] 9a1cc5555a020284ecba368919856696 [BSP] d775e63d1f366ec84988a3336a299cd0 : Windows Vista/7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB User = LL1 ... OK User = LL2 ... OK ============================================ RKreport_SCN_10272014_210540.log
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Oct 27, 2014 19:27:39 GMT -8
Still does not find it
OK since you have restarted the system
Delete your copy of addition.txt that is on the desktop
Start FRST
Make sure the addition option is ticked
Then run another scan with FRST to create 2 new logs to post back here
Quads
|
|
|
Post by silentes on Oct 28, 2014 2:48:20 GMT -8
|
|