RogueKiller app found Hidden.ADS & other issues (see log)

October 5, 2016 at 21:49:37
Specs: Window 10, Pentium E5300
I ran RogueKiller and it found Hidden.ADS. I deleted. Here is the report:
RogueKiller V12.7.0.0 (x64) [Oct 3 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/download/rogu...
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.14393) 64 bits version
Started in : Normal mode
User : Indy [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 10/05/2016 18:08:14 (Duration : 01:16:46)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 0 ¤¤¤

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 1 ¤¤¤
[Hidden.ADS][Stream] C:\Windows\SysWOW64\Adobe:Win32App_1 -> Deleted

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HDP725050GLA360 +++++
--- User ---
[MBR] edd92e89597fe015449341c51c748a8d
[BSP] ceb84c3e7b096f62a58a22cb4210973b : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 463332 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 948905984 | Size: 449 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 949827060 | Size: 13154 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: PNY USB 2.0 FD USB Device +++++
--- User ---
[MBR] 78490d117a17cbaf0a00d2764c86d6c6
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 64 | Size: 122495 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive2: Generic- Compact Flash USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive3: Generic- SM/xD-Picture USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive4: Generic- SD/MMC USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive5: Generic- MS/MS-Pro USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

I ran Adwcleaner:

# AdwCleaner v6.020 - Logfile created 05/10/2016 at 21:29:11
# Updated on 14/09/2016 by ToolsLib
# Database : 2016-10-06.1 [Server]
# Operating System : Windows 10 Pro (X64)
# Username : Indy - INDYPC
# Running from : C:\Users\Indy\Downloads\adwcleaner.exe
# Mode: Clean
# Support : https://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

***** [ Files ] *****

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled Tasks ] *****

***** [ Registry ] *****

[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.com/images/search?&q=Huangshan+Mountain+Range+China&qft=+filterui:photo-photo&FORM=EMSARS
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.com/images/search?&q=Huangshan+Mountain+Range+China&qft=+filterui:photo-photo&FORM=EMSARS

2nd report:

# AdwCleaner v6.020 - Logfile created 05/10/2016 at 21:27:49
# Updated on 14/09/2016 by ToolsLib
# Database : 2016-10-06.1 [Server]
# Operating System : Windows 10 Pro (X64)
# Username : Indy - INDYPC
# Running from : C:\Users\Indy\Downloads\adwcleaner.exe
# Mode: Scan
# Support : https://toolslib.net/forum

***** [ Services ] *****

No malicious services found.


***** [ Folders ] *****

No malicious folders found.


***** [ Files ] *****

No malicious files found.


***** [ DLL ] *****

No malicious DLLs found.


***** [ WMI ] *****

No malicious keys found.


***** [ Shortcuts ] *****

No infected shortcut found.


***** [ Scheduled Tasks ] *****

No malicious task found.


***** [ Registry ] *****

Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.com/images/search?&q=Huangshan+Mountain+Range+China&qft=+filterui:photo-photo&FORM=EMSARS
Key Found: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.com/images/search?&q=Huangshan+Mountain+Range+China&qft=+filterui:photo-photo&FORM=EMSARS


***** [ Web browsers ] *****

Firefox pref Found: [C:\Users\Indy\AppData\Roaming\Mozilla\Firefox\Profiles\0ois5ni1.default\prefs.js] - "extensions.TrafficLightSettings.ph_sign" - "/*********************************************************************
Firefox pref Found: [C:\Users\Indy\AppData\Roaming\Mozilla\Firefox\Profiles\0ois5ni1.default\prefs.js] - "extensions.TrafficLightSettings.ph_white" - "thecrims.com\nhattrick.org\nraiffeisenonline.ro\nbrd-net.ro\ningonlin
Chrome pref Found: [C:\Users\Indy\AppData\Local\Google\Chrome\User Data\Default\Web data] - aol.com
Chrome pref Found: [C:\Users\Indy\AppData\Local\Google\Chrome\User Data\Default\Web data] - ask.com

*************************

C:\AdwCleaner\AdwCleaner[S0].txt - [1822 Bytes] - [05/10/2016 21:27:49]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1895 Bytes] ##########

Is this an indication of being tracked?


See More: RogueKiller app found Hidden.ADS & other issues (see log)

Reply ↓  Report •


#1
October 5, 2016 at 21:50:37
Sorry...here is the 2nd RogueKiller report:

RogueKiller V12.7.0.0 (x64) [Oct 3 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/download/rogu...
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.14393) 64 bits version
Started in : Normal mode
User : Indy [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 10/05/2016 18:08:14 (Duration : 01:16:46)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 0 ¤¤¤

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 1 ¤¤¤
[Hidden.ADS][Stream] C:\Windows\SysWOW64\Adobe:Win32App_1 -> Found

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HDP725050GLA360 +++++
--- User ---
[MBR] edd92e89597fe015449341c51c748a8d
[BSP] ceb84c3e7b096f62a58a22cb4210973b : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 463332 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 948905984 | Size: 449 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 949827060 | Size: 13154 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: PNY USB 2.0 FD USB Device +++++
--- User ---
[MBR] 78490d117a17cbaf0a00d2764c86d6c6
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 64 | Size: 122495 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive2: Generic- Compact Flash USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive3: Generic- SM/xD-Picture USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive4: Generic- SD/MMC USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive5: Generic- MS/MS-Pro USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )


Reply ↓  Report •

#2
October 5, 2016 at 23:00:37
Usually "cleaner" utilities such as you list and have run delete any pests they find. The logs are there for reference if needs-be. If a pest cannot be removed the log will usually include that information.

As there is no message that a detected pest cannot be deleted it would suggest the system is clean?

Possibly Johnw and one or two others here who are very mch across pest removal will confirm the above, or correct it accordingly.

message edited by trvlr


Reply ↓  Report •

#3
October 7, 2016 at 08:48:32
Comodo ran its own scan and it found:

Trojware.Kryptic.HKQ@3983590777

I did "clean" for the 20 instances it found.

I ran Malwarebytes last night and it found nothing. Confused as to why comodo ran today and found these.


Reply ↓  Report •

Related Solutions

#4
October 7, 2016 at 13:48:56
Each utility has its targets; and some are common/shared with other utilities. No one utility can/will find all the pests; which is why to run two or three (at least) - regularly.

And keep one's virus utility up to date...

Why the trojan you mention above? It could have arrived from anywhere since your last run of cleaners etc?


Reply ↓  Report •

#5
October 9, 2016 at 09:28:57
If you haven't done so already run these two small freebies too as they can unearth things:

AdwCleaner:
https://toolslib.net/downloads/view...
(blue "Download Now" button on right).
Download and "Save" the file somewhere. Go to the saved file then double click it to run the program. Use the "Scan" button, followed by the "Clean" button.

Junkware Removal Tool (JRT)
https://www.malwarebytes.org/junkwa...
(blue Download button).
Download and "Save" the file somewhere. Go to the saved file then double click it to run JRT. It might appear to have stopped at times or flash the screen but sit tight until it has finished.

Please copy/paste the logs.

Always pop back and let us know the outcome - thanks


Reply ↓  Report •

#6
October 9, 2016 at 11:50:53
Note that JRT installs to the desktop, from where you run it. It opens into a small dos style window; follow the instructions therein. It will reboot the system as part of its process

Reply ↓  Report •

#7
October 11, 2016 at 03:16:56
Hi again Bangkokindy.

Thanks for the AdwCleaner log.

Don't worry about RougeKiller, I will wait for the JRT log & then go from there.

message edited by Johnw


Reply ↓  Report •


Ask Question