Page 1 of 2 12 LastLast
Results 1 to 10 of 16
  1. #1
    Member
    Join Date
    Nov 2006
    Posts
    859
    Points
    1

    Default Do I have any issues?

    My machine has been a bit slow lately, I have an IE toolbar I didn't want and My page keeps going back to 100% size after I've changed it. MBAM also found a nasty this morning which I think it's fixed

    Here are my logs:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 15:30:39, on 11/04/2013
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16476)
    Boot mode: Normal

    Running processes:
    C:\Users\Steve\AppData\Roaming\Yontoo\YontooDesktop.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files (x86)\Launch Manager\LManager.exe
    C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\OpenOffice.org 3\program\scalc.exe
    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
    C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
    C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.10.0\bh\delta.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (file missing)
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O3 - Toolbar: Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.10.0\deltaTlbr.dll
    O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
    O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [Yontoo Desktop] "C:\Users\Steve\AppData\Roaming\Yontoo\YontooDesktop.exe"
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/...Control_32.CAB
    O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
    O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} (SopCore Control) -
    O17 - HKLM\System\CCS\Services\Tcpip\..\{21154EE5-7CB2-46C2-920A-33F508D8E011}: NameServer = 8.26.56.26,156.154.70.22
    O17 - HKLM\System\CCS\Services\Tcpip\..\{92561FF0-8786-484A-876F-FC411C5ED3A6}: NameServer = 8.26.56.26,156.154.70.22
    O17 - HKLM\System\CS1\Services\Tcpip\..\{21154EE5-7CB2-46C2-920A-33F508D8E011}: NameServer = 8.26.56.26,156.154.70.22
    O17 - HKLM\System\CS2\Services\Tcpip\..\{21154EE5-7CB2-46C2-920A-33F508D8E011}: NameServer = 8.26.56.26,156.154.70.22
    O20 - AppInit_DLLs: c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: BrowserProtect - Unknown owner - C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
    O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe
    O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
    O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\eMachines Games\eMachines Game Console\GameConsoleService.exe
    O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    O23 - Service: Updater Service - Acer Group - C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --




    End of file - 10205 bytes





    Malwarebytes Anti-Malware 1.75.0.1300
    Malwarebytes : Free anti-malware download

    Database version: v2013.04.11.05

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Steve :: ACERLAPTOP [administrator]

    11/04/2013 09:29:47
    mbam-log-2013-04-11 (09-29-47).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 219774
    Time elapsed: 12 minute(s), 18 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 1
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|1f58212dbff3 (Trojan.Agent.GPC) -> Data: C:\Users\Steve\AppData\Roaming\OpenOffice.org\3\user\config\soffice.cfg\modules\swriter\menubar\mcbuilder.exe -> Quarantined and deleted successfully.

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Users\Steve\AppData\Roaming\OpenOffice.org\3\user\config\soffice.cfg\modules\swriter\menubar\mcbuilder.exe (Trojan.Agent.GPC) -> Quarantined and deleted successfully.

    (end)





    SUPERAntiSpyware Scan Log
    SUPERAntiSpyware | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

    Generated 04/11/2013 at 11:31 AM

    Application Version : 5.6.1014

    Core Rules Database Version : 10248
    Trace Rules Database Version: 8060

    Scan type : Complete Scan
    Total Scan Time : 01:15:07

    Operating System Information
    Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
    UAC On - Limited User

    Memory items scanned : 565
    Memory threats detected : 0
    Registry items scanned : 72608
    Registry threats detected : 0
    File items scanned : 70658
    File threats detected : 25

    Adware.Tracking Cookie
    C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Cookies\PCHNYZTU.txt [ /invitemedia.com ]
    C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Cookies\UDBLR6VQ.txt [ /media6degrees.com ]
    C:\USERS\STEVE\AppData\Roaming\Microsoft\Windows\Cookies\Low\ID7B6848.txt [ Cookie:steve@interclick.com/ ]
    C:\USERS\STEVE\AppData\Roaming\Microsoft\Windows\Cookies\Low\B33PW4XB.txt [ Cookie:steve@track.adform.net/ ]
    C:\USERS\STEVE\AppData\Roaming\Microsoft\Windows\Cookies\Low\0BMS6DHS.txt [ Cookie:steve@amazon-adsystem.com/ ]
    C:\USERS\STEVE\AppData\Roaming\Microsoft\Windows\Cookies\Low\0JZ6XE64.txt [ Cookie:steve@ladbrokesaccount.solution.weborama.fr/ ]
    C:\USERS\STEVE\AppData\Roaming\Microsoft\Windows\Cookies\Low\LUI9BWKW.txt [ Cookie:steve@casalemedia.com/ ]
    C:\USERS\STEVE\AppData\Roaming\Microsoft\Windows\Cookies\Low\DWTSJ90W.txt [ Cookie:steve@invitemedia.com/ ]
    C:\USERS\STEVE\AppData\Roaming\Microsoft\Windows\Cookies\Low\CQ0FFEA1.txt [ Cookie:steve@www.googleadservices.com/pagead/conversion/1064271475/ ]
    C:\USERS\STEVE\AppData\Roaming\Microsoft\Windows\Cookies\Low\2CO18VD1.txt [ Cookie:steve@legolas-media.com/ ]
    C:\USERS\STEVE\AppData\Roaming\Microsoft\Windows\Cookies\Low\LFCBHYCG.txt [ Cookie:steve@ar.atwola.com/ ]
    C:\USERS\STEVE\AppData\Roaming\Microsoft\Windows\Cookies\Low\NHC08JDE.txt [ Cookie:steve@media6degrees.com/ ]
    C:\USERS\STEVE\AppData\Roaming\Microsoft\Windows\Cookies\Low\VGJF0NTB.txt [ Cookie:steve@www.googleadservices.com/pagead/conversion/1070339399/ ]
    C:\USERS\STEVE\AppData\Roaming\Microsoft\Windows\Cookies\Low\SZ1AO330.txt [ Cookie:steve@weborama.fr/ ]
    C:\USERS\STEVE\AppData\Roaming\Microsoft\Windows\Cookies\Low\FC6BK353.txt [ Cookie:steve@liveperson.net/hc/32020749 ]
    C:\USERS\STEVE\AppData\Roaming\Microsoft\Windows\Cookies\Low\DKKVEIIN.txt [ Cookie:steve@tracking.dc-storm.com/ ]
    C:\USERS\STEVE\AppData\Roaming\Microsoft\Windows\Cookies\Low\35XJNSUO.txt [ Cookie:steve@lucidmedia.com/ ]
    C:\USERS\STEVE\AppData\Roaming\Microsoft\Windows\Cookies\Low\VY6LAF1G.txt [ Cookie:steve@adform.net/ ]
    C:\USERS\STEVE\AppData\Roaming\Microsoft\Windows\Cookies\Low\UD2E2HMM.txt [ Cookie:steve@atwola.com/ ]
    C:\USERS\STEVE\AppData\Roaming\Microsoft\Windows\Cookies\Low\LBOZ76YW.txt [ Cookie:steve@flagcounter.com/ ]
    C:\USERS\STEVE\AppData\Roaming\Microsoft\Windows\Cookies\Low\8LL6CD82.txt [ Cookie:steve@www.googleadservices.com/pagead/conversion/1032532277/ ]
    C:\USERS\STEVE\AppData\Roaming\Microsoft\Windows\Cookies\Low\RWQZI6GP.txt [ Cookie:steve@track.omguk.com/ ]
    C:\USERS\STEVE\AppData\Roaming\Microsoft\Windows\Cookies\Low\TX4Z7ZZF.txt [ Cookie:steve@blog.van-discount.co.uk/ ]
    C:\USERS\STEVE\Cookies\PCHNYZTU.txt [ Cookie:steve@invitemedia.com/ ]
    C:\USERS\STEVE\Cookies\UDBLR6VQ.txt [ Cookie:steve@media6degrees.com/ ]



    Thanks

  2. #2
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    Hello MickKnipfler,

    Welcome to Help2Go. Please run the following tools and post their logs.

    1.
    Download AdwCleaner
    • Double click on AdwCleaner.exe to run the tool.
      ***Note: Windows Vista and Windows 7 users:
      Right click in the adwCleaner.exe and select
    • Click the Delete button.
    • A logfile will automatically open after the scan has finished.
    • Please post the content of that logfile in your next reply.
    • Or you can find the logfile at C:\AdwCleaner[R1].txt.


    2.
    • Download RogueKiller on the desktop
    • Close all the running processes
    • Under Vista/Seven, right click -> Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • When prompted, Click Scan
    • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again


    Things to include in your next reply::
    AdwCleaner log
    Roguekiller log
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-




  3. #3
    Member
    Join Date
    Nov 2006
    Posts
    859
    Points
    1

    Default

    # AdwCleaner v2.200 - Logfile created 04/12/2013 at 11:46:33
    # Updated 02/04/2013 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
    # User : Steve - ACERLAPTOP
    # Boot Mode : Normal
    # Running from : C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9NLE5B75\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****

    Stopped & Deleted : BrowserProtect
    Stopped & Deleted : Yontoo Desktop Updater

    ***** [Files / Folders] *****

    File Deleted : C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
    Folder Deleted : C:\Program Files (x86)\Delta
    Folder Deleted : C:\Program Files (x86)\FreeRIP
    Folder Deleted : C:\Program Files (x86)\Yontoo
    Folder Deleted : C:\Program Files\DomaIQ Uninstaller
    Folder Deleted : C:\ProgramData\Babylon
    Folder Deleted : C:\ProgramData\BrowserProtect
    Folder Deleted : C:\ProgramData\FreeRIP
    Folder Deleted : C:\ProgramData\Tarma Installer
    Folder Deleted : C:\Users\Steve\AppData\LocalLow\Delta
    Folder Deleted : C:\Users\Steve\AppData\LocalLow\ilividtoolbarguid
    Folder Deleted : C:\Users\Steve\AppData\Roaming\BabSolution
    Folder Deleted : C:\Users\Steve\AppData\Roaming\Babylon
    Folder Deleted : C:\Users\Steve\AppData\Roaming\Delta
    Folder Deleted : C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect
    Folder Deleted : C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeRIP
    Folder Deleted : C:\Users\Steve\AppData\Roaming\Yontoo
    Folder Deleted : C:\Windows\Installer\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}

    ***** [Registry] *****

    Key Deleted : HKCU\Software\APN PIP
    Key Deleted : HKCU\Software\BabylonToolbar
    Key Deleted : HKCU\Software\DataMngr
    Key Deleted : HKCU\Software\DataMngr_Toolbar
    Key Deleted : HKCU\Software\Delta
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    Key Deleted : HKCU\Software\857d7dbe039e945
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
    Key Deleted : HKLM\Software\Babylon
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
    Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaappCore
    Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaappCore.1
    Key Deleted : HKLM\SOFTWARE\Classes\delta.deltadskBnd
    Key Deleted : HKLM\SOFTWARE\Classes\delta.deltadskBnd.1
    Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaHlpr
    Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaHlpr.1
    Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
    Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
    Key Deleted : HKLM\SOFTWARE\Classes\esrv.deltaESrvc
    Key Deleted : HKLM\SOFTWARE\Classes\esrv.deltaESrvc.1
    Key Deleted : HKLM\Software\Classes\Installer\Features\9EE58E3C298524145B73CBBED3CAC4D3
    Key Deleted : HKLM\Software\Classes\Installer\Features\EB6AF8AEEB922FA4392548F13812E50B
    Key Deleted : HKLM\Software\Classes\Installer\Products\9EE58E3C298524145B73CBBED3CAC4D3
    Key Deleted : HKLM\Software\Classes\Installer\Products\EB6AF8AEEB922FA4392548F13812E50B
    Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
    Key Deleted : HKLM\Software\DataMngr
    Key Deleted : HKLM\Software\Delta
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLivid_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLivid_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Deleted : HKLM\Software\PIP
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\857d7dbe039e945
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9FF9AE6F-4553-41A7-B645-B0E88850EABF}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Delta
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DomaIQ Uninstaller
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Search Results Toolbar
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9FF9AE6F-4553-41A7-B645-B0E88850EABF}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
    Key Deleted : HKLM\SOFTWARE\Tarma Installer
    Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{0F827075-B026-42F3-885D-98981EE7B1AE}]
    Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{82E1477C-B154-48D3-9891-33D83C26BCD3}]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16476

    [OK] Registry is clean.

    -\\ Google Chrome v26.0.1410.64

    File : C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Preferences

    Deleted [l.4] : homepage = "hxxp://www.delta-search.com/?affID=120519&babsrc=HP_ss&mntrId=CA9218F46A23A441",
    Deleted [l.298] : urls_to_restore_on_startup ="session": {"restore_on_startup": 4, [ "hxxp://www.delta-search.com[...]

    *************************

    AdwCleaner[S1].txt - [9343 octets] - [12/04/2013 11:46:33]

    ########## EOF - C:\AdwCleaner[S1].txt - [9403 octets] ##########

  4. #4
    Member
    Join Date
    Nov 2006
    Posts
    859
    Points
    1

    Default

    RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : RogueKiller - Geeks to Go Forums
    Website : Download RogueKiller (Official website)
    Blog : tigzy-RK

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Steve [Admin rights]
    Mode : Scan -- Date : 04/12/2013 11:59:34
    | ARK || FAK || MBR |

    Bad processes : 0

    Registry Entries : 13
    [RUN][SUSP PATH] HKCU\[...]\Run : Yontoo Desktop ("C:\Users\Steve\AppData\Roaming\Yontoo\YontooDesktop.exe") [x] -> FOUND
    [RUN][SUSP PATH] HKUS\S-1-5-21-1273041481-2009067861-2962665579-1001[...]\Run : Yontoo Desktop ("C:\Users\Steve\AppData\Roaming\Yontoo\YontooDesktop.exe") [x] -> FOUND
    [DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{21154EE5-7CB2-46C2-920A-33F508D8E011} : NameServer (8.26.56.26,156.154.70.22) -> FOUND
    [DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{92561FF0-8786-484A-876F-FC411C5ED3A6} : NameServer (8.26.56.26,156.154.70.22) -> FOUND
    [DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{21154EE5-7CB2-46C2-920A-33F508D8E011} : NameServer (8.26.56.26,156.154.70.22) -> FOUND
    [DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{92561FF0-8786-484A-876F-FC411C5ED3A6} : NameServer (8.26.56.26,156.154.70.22) -> FOUND
    [HJPOL] HKCU\[...]\System : disableregistrytools (0) -> FOUND
    [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
    [HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
    [HJ DESK] HKCU\[...]\ClassicStartMenu : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> FOUND
    [HJ DESK] HKCU\[...]\NewStartPanel : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> FOUND
    [HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    [HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    Particular Files / Folders:

    Driver : [NOT LOADED]

    HOSTS File:
    --> C:\Windows\system32\drivers\etc\hosts

    127.0.0.1 localhost


    MBR Check:

    +++++ PhysicalDrive0: Hitachi HTS545025B9A300 +++++
    --- User ---
    [MBR] 601f2eb2568f60b8a1e2a763443c83da
    [BSP] b170e8480018669e8793807a4f9a14bd : Windows 7/8 MBR Code
    Partition table:
    0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 13312 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 27265024 | Size: 100 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 27469824 | Size: 225061 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[1]_S_04122013_02d1159.txt >>
    RKreport[1]_S_04122013_02d1159.txt

  5. #5
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    • Re-Run RogueKiller
    • Close all the running processes
    • Under Vista/Seven, right click -> Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • When prompted, Click Delete
    • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again



    Download and run Junkware Removal Tool. ***Your Anti Virus may see this download as malicious, don't worry continue on.

    Please download Junkware Removal Tool to your desktop.

    • shut down your protection software now to avoid potential conflicts.
    • run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
      the tool will open and start scanning your system
    • please be patient as this can take a while to complete depending on your system's specifications
    • on completion, a log (JRT.txt) is saved to your desktop and will automatically open
    • post the contents of JRT.txt into your next Reply.
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-




  6. #6
    Member
    Join Date
    Nov 2006
    Posts
    859
    Points
    1

    Default

    RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : RogueKiller - Geeks to Go Forums
    Website : Download RogueKiller (Official website)
    Blog : tigzy-RK

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Steve [Admin rights]
    Mode : Remove -- Date : 04/18/2013 00:08:42
    | ARK || FAK || MBR |

    Bad processes : 0

    Registry Entries : 4
    [DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{21154EE5-7CB2-46C2-920A-33F508D8E011} : NameServer (8.26.56.26,156.154.70.22) -> NOT REMOVED, USE DNSFIX
    [DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{92561FF0-8786-484A-876F-FC411C5ED3A6} : NameServer (8.26.56.26,156.154.70.22) -> NOT REMOVED, USE DNSFIX
    [DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{21154EE5-7CB2-46C2-920A-33F508D8E011} : NameServer (8.26.56.26,156.154.70.22) -> NOT REMOVED, USE DNSFIX
    [DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{92561FF0-8786-484A-876F-FC411C5ED3A6} : NameServer (8.26.56.26,156.154.70.22) -> NOT REMOVED, USE DNSFIX

    Particular Files / Folders:

    Driver : [NOT LOADED]

    HOSTS File:
    --> C:\Windows\system32\drivers\etc\hosts

    127.0.0.1 localhost


    MBR Check:

    +++++ PhysicalDrive0: Hitachi HTS545025B9A300 +++++
    --- User ---
    [MBR] 601f2eb2568f60b8a1e2a763443c83da
    [BSP] b170e8480018669e8793807a4f9a14bd : Windows 7/8 MBR Code
    Partition table:
    0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 13312 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 27265024 | Size: 100 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 27469824 | Size: 225061 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive1: Samsung S2 Portable USB Device +++++
    --- User ---
    [MBR] 167dafa1b7bdc54d86a19cf85b98d075
    [BSP] 65619f4e28c1ba0f7dac66e81bed37df : Windows XP MBR Code
    Partition table:
    0 - [ACTIVE] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 64 | Size: 953867 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    Finished : << RKreport[4]_D_04182013_02d0008.txt >>
    RKreport[1]_S_04122013_02d1159.txt ; RKreport[2]_S_04182013_02d0006.txt ; RKreport[3]_D_04182013_02d0007.txt ; RKreport[4]_D_04182013_02d0008.txt

  7. #7
    Member
    Join Date
    Nov 2006
    Posts
    859
    Points
    1

    Default

    RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : RogueKiller - Geeks to Go Forums
    Website : Download RogueKiller (Official website)
    Blog : tigzy-RK

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Steve [Admin rights]
    Mode : Scan -- Date : 04/18/2013 00:06:28
    | ARK || FAK || MBR |

    Bad processes : 0

    Registry Entries : 13
    [RUN][SUSP PATH] HKCU\[...]\Run : Yontoo Desktop ("C:\Users\Steve\AppData\Roaming\Yontoo\YontooDesktop.exe") [x] -> FOUND
    [RUN][SUSP PATH] HKUS\S-1-5-21-1273041481-2009067861-2962665579-1001[...]\Run : Yontoo Desktop ("C:\Users\Steve\AppData\Roaming\Yontoo\YontooDesktop.exe") [x] -> FOUND
    [DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{21154EE5-7CB2-46C2-920A-33F508D8E011} : NameServer (8.26.56.26,156.154.70.22) -> FOUND
    [DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{92561FF0-8786-484A-876F-FC411C5ED3A6} : NameServer (8.26.56.26,156.154.70.22) -> FOUND
    [DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{21154EE5-7CB2-46C2-920A-33F508D8E011} : NameServer (8.26.56.26,156.154.70.22) -> FOUND
    [DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{92561FF0-8786-484A-876F-FC411C5ED3A6} : NameServer (8.26.56.26,156.154.70.22) -> FOUND
    [HJPOL] HKCU\[...]\System : disableregistrytools (0) -> FOUND
    [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
    [HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
    [HJ DESK] HKCU\[...]\ClassicStartMenu : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> FOUND
    [HJ DESK] HKCU\[...]\NewStartPanel : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> FOUND
    [HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    [HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    Particular Files / Folders:

    Driver : [NOT LOADED]

    HOSTS File:
    --> C:\Windows\system32\drivers\etc\hosts

    127.0.0.1 localhost


    MBR Check:

    +++++ PhysicalDrive0: Hitachi HTS545025B9A300 +++++
    --- User ---
    [MBR] 601f2eb2568f60b8a1e2a763443c83da
    [BSP] b170e8480018669e8793807a4f9a14bd : Windows 7/8 MBR Code
    Partition table:
    0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 13312 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 27265024 | Size: 100 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 27469824 | Size: 225061 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive1: Samsung S2 Portable USB Device +++++
    --- User ---
    [MBR] 167dafa1b7bdc54d86a19cf85b98d075
    [BSP] 65619f4e28c1ba0f7dac66e81bed37df : Windows XP MBR Code
    Partition table:
    0 - [ACTIVE] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 64 | Size: 953867 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    Finished : << RKreport[2]_S_04182013_02d0006.txt >>
    RKreport[1]_S_04122013_02d1159.txt ; RKreport[2]_S_04182013_02d0006.txt

  8. #8
    Member
    Join Date
    Nov 2006
    Posts
    859
    Points
    1

    Default

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 4.8.4 (04.16.2013:1)
    OS: Windows 7 Home Premium x64
    Ran by Steve on 18/04/2013 at 0:13:40.91
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values

    Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\windows nt\currentversion\windows\\AppInit_DLLs



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\interface\{66666666-6666-6666-6666-660066436652}
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\wow6432node\clsid\{22222222-2222-2222-2222-220022432252}



    ~~~ Files



    ~~~ Folders

    Successfully deleted: [Folder] "C:\ProgramData\fighters"
    Successfully deleted: [Folder] "C:\Users\Steve\AppData\Roaming\fighters"
    Successfully deleted: [Folder] "C:\Users\Steve\appdata\locallow\datamngr"
    Successfully deleted: [Folder] "C:\Program Files (x86)\free ride games"



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 18/04/2013 at 0:22:09.69
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  9. #9
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    1.
    • Re-Run RogueKiller
    • Close all the running processes
    • Under Vista/Seven, right click -> Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • When prompted, Click Delete
    • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again



    2.
    • Re-Run RogueKiller
    • Close all the running processes
    • Under Vista/Seven, right click -> Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • When prompted, Click DNSFIX
    • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-




  10. #10
    Member
    Join Date
    Nov 2006
    Posts
    859
    Points
    1

    Default

    RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files...3-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Steve [Admin rights]
    Mode : Remove -- Date : 04/18/2013 07:43:21
    | ARK || FAK || MBR |

    Bad processes : 0

    Registry Entries : 6
    [DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{21154EE5-7CB2-46C2-920A-33F508D8E011} : NameServer (8.26.56.26,156.154.70.22) -> NOT REMOVED, USE DNSFIX
    [DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{92561FF0-8786-484A-876F-FC411C5ED3A6} : NameServer (8.26.56.26,156.154.70.22) -> NOT REMOVED, USE DNSFIX
    [DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{21154EE5-7CB2-46C2-920A-33F508D8E011} : NameServer (8.26.56.26,156.154.70.22) -> NOT REMOVED, USE DNSFIX
    [DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{92561FF0-8786-484A-876F-FC411C5ED3A6} : NameServer (8.26.56.26,156.154.70.22) -> NOT REMOVED, USE DNSFIX
    [HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
    [HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED

    Particular Files / Folders:

    Driver : [NOT LOADED]

    HOSTS File:
    --> C:\Windows\system32\drivers\etc\hosts

    127.0.0.1 localhost


    MBR Check:

    +++++ PhysicalDrive0: Hitachi HTS545025B9A300 +++++
    --- User ---
    [MBR] 601f2eb2568f60b8a1e2a763443c83da
    [BSP] b170e8480018669e8793807a4f9a14bd : Windows 7/8 MBR Code
    Partition table:
    0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 13312 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 27265024 | Size: 100 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 27469824 | Size: 225061 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive1: Samsung S2 Portable USB Device +++++
    --- User ---
    [MBR] 167dafa1b7bdc54d86a19cf85b98d075
    [BSP] 65619f4e28c1ba0f7dac66e81bed37df : Windows XP MBR Code
    Partition table:
    0 - [ACTIVE] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 64 | Size: 953867 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    Finished : << RKreport[6]_D_04182013_02d0743.txt >>
    RKreport[1]_S_04122013_02d1159.txt ; RKreport[2]_S_04182013_02d0006.txt ; RKreport[3]_D_04182013_02d0007.txt ; RKreport[4]_D_04182013_02d0008.txt ; RKreport[5]_S_04182013_02d0742.txt ;
    RKreport[6]_D_04182013_02d0743.txt








    RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files...3-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Steve [Admin rights]
    Mode : Scan -- Date : 04/18/2013 07:45:26
    | ARK || FAK || MBR |

    Bad processes : 0

    Registry Entries : 4
    [DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{21154EE5-7CB2-46C2-920A-33F508D8E011} : NameServer (8.26.56.26,156.154.70.22) -> FOUND
    [DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{92561FF0-8786-484A-876F-FC411C5ED3A6} : NameServer (8.26.56.26,156.154.70.22) -> FOUND
    [DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{21154EE5-7CB2-46C2-920A-33F508D8E011} : NameServer (8.26.56.26,156.154.70.22) -> FOUND
    [DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{92561FF0-8786-484A-876F-FC411C5ED3A6} : NameServer (8.26.56.26,156.154.70.22) -> FOUND

    Particular Files / Folders:

    Driver : [NOT LOADED]

    HOSTS File:
    --> C:\Windows\system32\drivers\etc\hosts

    127.0.0.1 localhost


    MBR Check:

    +++++ PhysicalDrive0: Hitachi HTS545025B9A300 +++++
    --- User ---
    [MBR] 601f2eb2568f60b8a1e2a763443c83da
    [BSP] b170e8480018669e8793807a4f9a14bd : Windows 7/8 MBR Code
    Partition table:
    0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 13312 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 27265024 | Size: 100 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 27469824 | Size: 225061 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive1: Samsung S2 Portable USB Device +++++
    --- User ---
    [MBR] 167dafa1b7bdc54d86a19cf85b98d075
    [BSP] 65619f4e28c1ba0f7dac66e81bed37df : Windows XP MBR Code
    Partition table:
    0 - [ACTIVE] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 64 | Size: 953867 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    Finished : << RKreport[7]_S_04182013_02d0745.txt >>
    RKreport[1]_S_04122013_02d1159.txt ; RKreport[2]_S_04182013_02d0006.txt ; RKreport[3]_D_04182013_02d0007.txt ; RKreport[4]_D_04182013_02d0008.txt ; RKreport[5]_S_04182013_02d0742.txt ;
    RKreport[6]_D_04182013_02d0743.txt ; RKreport[7]_S_04182013_02d0745.txt







    RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : RogueKiller - Geeks to Go Forums
    Website : Download RogueKiller (Official website)
    Blog : tigzy-RK

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Steve [Admin rights]
    Mode : DNSFix -- Date : 04/18/2013 07:45:37
    | ARK || FAK || MBR |

    Bad processes : 0

    Registry Entries : 4
    [DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{21154EE5-7CB2-46C2-920A-33F508D8E011} : NameServer (8.26.56.26,156.154.70.22) -> REPLACED ()
    [DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{92561FF0-8786-484A-876F-FC411C5ED3A6} : NameServer (8.26.56.26,156.154.70.22) -> REPLACED ()
    [DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{21154EE5-7CB2-46C2-920A-33F508D8E011} : NameServer (8.26.56.26,156.154.70.22) -> REPLACED ()
    [DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{92561FF0-8786-484A-876F-FC411C5ED3A6} : NameServer (8.26.56.26,156.154.70.22) -> REPLACED ()

    Driver : [NOT LOADED]

    Finished : << RKreport[8]_DN_04182013_02d0745.txt >>
    RKreport[1]_S_04122013_02d1159.txt ; RKreport[2]_S_04182013_02d0006.txt ; RKreport[3]_D_04182013_02d0007.txt ; RKreport[4]_D_04182013_02d0008.txt ; RKreport[5]_S_04182013_02d0742.txt ;
    RKreport[6]_D_04182013_02d0743.txt ; RKreport[7]_S_04182013_02d0745.txt ; RKreport[8]_DN_04182013_02d0745.txt

Page 1 of 2 12 LastLast