New
#11
OK I tried a scan with RogueKiller. Although it didnt produce a file called RKreport.txt, after the scan ran, under the registry tab it seemed to find a few things, which were by default ticked. So I clicked "Delete", and then "Report" which produced this text:
RogueKiller V8.6.4 _x64_ [Jul 29 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : Forum
Website : RogueKiller download
Blog : tigzy-RK
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Xxxx [Admin rights]
Mode : Remove -- Date : 08/01/2013 21:34:39
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 11 ¤¤¤
[HJ POL] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
[HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ POL] HKLM\[...]\System : DisableTaskMgr (0) -> DELETED
[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ POL] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : DisableTaskMgr (0) -> [0x2] The system cannot find the file specified.
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> [0x2] The system cannot find the file specified.
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
¤¤¤ Scheduled tasks : 0 ¤¤¤
¤¤¤ Startup Entries : 0 ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
¤¤¤ External Hives: ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
127.0.0.1 localhost
192.168.111.249 auctionairsvr
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: INTEL SSDSA2CW300G3 ATA Device +++++
--- User ---
[MBR] 6a915b1c608c67ddad89ce3b86333bff
[BSP] 7fe233195ddbffa0f47d27f8b707cb38 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 286066 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[0]_D_08012013_213439.txt >>
RKreport[0]_S_08012013_212857.txt
So I then ran a SECOND scan, and this time the report didnt find much:
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: INTEL SSDSA2CW300G3 ATA Device +++++
--- User ---
[MBR] 6a915b1c608c67ddad89ce3b86333bff
[BSP] 7fe233195ddbffa0f47d27f8b707cb38 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 286066 Mo
User = LL1 ... OK!
User = LL2 ... OK!
>>>
Meanwhile SpyHunter 4 is still finding 21 Threats (and counting) including Web Cake... This may of course be a false alarm but it is worrying.
Now what?