Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Delta Search Redirect / Browsing Slowed Down


  • This topic is locked This topic is locked
18 replies to this topic

#1 blknit3

blknit3

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:12:35 AM

Posted 02 June 2013 - 05:23 PM

Delta Search always redirects when attempting to surf the internet with any web browser.  It has also made itself my homepage and even if I change it, it still makes itself my homepage again.  Also, my browsing has suddenly become increasingly slow even when having no other program open.  I attached the two logs necessary from DDS Tool.  Any help would be greatly appreciated, thank you very much.

 

------DDS.txt------

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16483  BrowserJavaVersion: 1.6.0_20
Run by Hachimitsu at 13:28:09 on 2013-06-02
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.4092.1338 [GMT -7:00]
.
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_8aadd48d\AESTSr64.exe
C:\Windows\system32\agr64svc.exe
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe
C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe
C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\SMINST\BLService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
uProxyServer = hxxp=127.0.0.1:54121
uURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
uWinlogon: Shell = explorer.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll
BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\IPSBHO.dll
BHO: {95B7759C-8C7F-4BF1-B163-73684A933233} - <orphaned>
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll
TB: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [HPAdvisor] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
uRun: [compstat] rundll32 "C:\Users\HACHIM~1\AppData\Local\Temp\contINFO.dll",DllEntryPoint
uRun: [conhost] C:\Users\Hachimitsu\AppData\Roaming\Microsoft\conhost.exe
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [Wow6432Node] C:\Users\Hachimitsu\AppData\Roaming\BA0EEC.exe
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [DVDAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
mRun: [TSMAgent] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
mRun: [CLMLServer for HP TouchSmart] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
mRun: [TVAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe"
mRun: [UCam_Menu] "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam"
mRun: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [DivXMediaServer] "C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mRun: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVXV1UtV0JEWEMtVllGTjMtUURKTUgtNDJBT0EtSzZIVTk"&"inst=NzctNzMxNTc2MzIzLVhMKzEtVDQtRkwxMCsxLUREVCswLVRVRyszLVNUMTJGT0krMS1FVUxBKzEtU1QxMkZBUFArMQ"&"prod=90"&"ver=2012.0.1809"&"mid=31218a19e38a47d1b78ed16d389edb8d-cd3bc9b3024464f6b0d0c67982dfc77562303b45
StartupFolder: C:\Users\HACHIM~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
uPolicies-Explorer: HideSCAHealth = dword:1
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{2581F90F-4610-4C46-9E33-BF42C6284399} : DHCPNameServer = 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.2.0\ViProtocol.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
x64-mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [SmartMenu] C:\Program Files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
x64-Run: [SysTrayApp] C:\Program Files (x86)\IDT\WDM\sttray64.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-mPolicies-Explorer: NoActiveDesktop = dword:1
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Hachimitsu\AppData\Roaming\Mozilla\Firefox\Profiles\22lum3be.default\
FF - prefs.js: browser.search.selectedEngine - Delta Search
FF - prefs.js: browser.startup.homepage - about:home
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.2.0\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: C:\Users\Hachimitsu\AppData\Roaming\Move Networks\plugins\npqmp071505000010.dll
FF - plugin: C:\Users\Hachimitsu\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll
FF - ExtSQL: 2013-05-29 16:15; avg@toolbar; C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.2.0.5
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-2-8 71480]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-2-8 311096]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-2-8 116536]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-2-8 45880]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-3-29 246072]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-2-8 206136]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-3-21 240952]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-5-27 45856]
R1 BHDrvx64;Symantec Heuristics Driver;C:\Windows\System32\drivers\NISx64\1008030.006\BHDrvx64.sys [2011-10-10 334384]
R1 ccHP;Symantec Hash Provider;C:\Windows\System32\drivers\NISx64\1008030.006\cchpx64.sys [2011-10-10 561800]
.
=============== File Associations ===============
.
FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
.
==================== Find3M  ====================
.
2013-05-29 23:11:20    45856    ----a-w-    C:\Windows\System32\drivers\avgtpx64.sys
2013-05-22 09:08:56    692104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-05-22 09:08:55    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-15 10:14:04    75016696    ----a-w-    C:\Windows\System32\mrt.exe
2013-05-05 21:36:54    17818624    ----a-w-    C:\Windows\System32\mshtml.dll
2013-05-05 21:16:13    2382848    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-05-05 19:25:43    12324864    ----a-w-    C:\Windows\SysWow64\mshtml.dll
2013-05-05 19:12:55    2382848    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-05-02 15:29:56    278800    ------w-    C:\Windows\System32\MpSigStub.exe
2013-04-15 14:17:12    901496    ----a-w-    C:\Windows\System32\drivers\dxgkrnl.sys
2013-04-13 03:34:30    47104    ----a-w-    C:\Windows\System32\cdd.dll
2013-04-09 01:55:57    2774016    ----a-w-    C:\Windows\System32\win32k.sys
2013-04-05 01:19:09    10926080    ----a-w-    C:\Windows\System32\ieframe.dll
2013-04-05 01:08:44    2312704    ----a-w-    C:\Windows\System32\jscript9.dll
2013-04-05 01:01:06    1346560    ----a-w-    C:\Windows\System32\urlmon.dll
2013-04-05 01:00:30    1392128    ----a-w-    C:\Windows\System32\wininet.dll
2013-04-05 00:59:24    1494528    ----a-w-    C:\Windows\System32\inetcpl.cpl
2013-04-05 00:58:59    237056    ----a-w-    C:\Windows\System32\url.dll
2013-04-05 00:57:27    85504    ----a-w-    C:\Windows\System32\jsproxy.dll
2013-04-05 00:56:16    173056    ----a-w-    C:\Windows\System32\ieUnatt.exe
2013-04-05 00:55:57    816640    ----a-w-    C:\Windows\System32\jscript.dll
2013-04-05 00:55:47    599040    ----a-w-    C:\Windows\System32\vbscript.dll
2013-04-05 00:54:50    729088    ----a-w-    C:\Windows\System32\msfeeds.dll
2013-04-05 00:54:25    2147840    ----a-w-    C:\Windows\System32\iertutil.dll
2013-04-05 00:51:52    96768    ----a-w-    C:\Windows\System32\mshtmled.dll
2013-04-05 00:46:50    248320    ----a-w-    C:\Windows\System32\ieui.dll
2013-04-04 22:11:34    1800704    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-04-04 22:09:30    9738752    ----a-w-    C:\Windows\SysWow64\ieframe.dll
2013-04-04 22:02:59    1427968    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2013-04-04 22:02:58    1104384    ----a-w-    C:\Windows\SysWow64\urlmon.dll
2013-04-04 22:02:17    1129472    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-04-04 22:01:35    231936    ----a-w-    C:\Windows\SysWow64\url.dll
2013-04-04 21:59:49    65024    ----a-w-    C:\Windows\SysWow64\jsproxy.dll
2013-04-04 21:58:51    142848    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2013-04-04 21:58:24    717824    ----a-w-    C:\Windows\SysWow64\jscript.dll
2013-04-04 21:57:45    420864    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2013-04-04 21:56:41    607744    ----a-w-    C:\Windows\SysWow64\msfeeds.dll
2013-04-04 21:55:19    1796096    ----a-w-    C:\Windows\SysWow64\iertutil.dll
2013-04-04 21:54:42    73216    ----a-w-    C:\Windows\SysWow64\mshtmled.dll
2013-04-04 21:50:34    176640    ----a-w-    C:\Windows\SysWow64\ieui.dll
2013-04-04 21:50:32    25928    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2013-03-29 09:53:48    246072    ----a-w-    C:\Windows\System32\drivers\avgidsdrivera.sys
2013-03-21 10:08:24    240952    ----a-w-    C:\Windows\System32\drivers\avgtdia.sys
2013-03-11 13:33:42    4691304    ----a-w-    C:\Windows\System32\ntoskrnl.exe
2013-03-09 04:16:35    85504    ----a-w-    C:\Windows\System32\csrsrv.dll
2013-03-09 01:48:36    75264    ----a-w-    C:\Windows\System32\smss.exe
2013-03-08 04:18:52    451072    ----a-w-    C:\Windows\System32\winsrv.dll
2013-03-08 04:17:12    2425344    ----a-w-    C:\Windows\System32\mstscax.dll
2013-03-08 03:52:22    2067968    ----a-w-    C:\Windows\SysWow64\mstscax.dll
.
============= FINISH: 13:32:56.34 ===============
 

------Attach.txt------

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 5/30/2009 4:13:00 AM
System Uptime: 6/1/2013 12:29:05 PM (25 hours ago)
.
Motherboard: Quanta |  | 3624
Processor: Intel® Core™2 Duo CPU     P7350  @ 2.00GHz | CPU | 600/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 453 GiB total, 326.923 GiB free.
D: is FIXED (NTFS) - 13 GiB total, 1.987 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Tun Miniport Adapter
Device ID: ROOT\*TUNMP\0001
Manufacturer: Microsoft
Name: Microsoft Tun Miniport Adapter #2
PNP Device ID: ROOT\*TUNMP\0001
Service: tunmp
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
 Update for Microsoft Office 2007 (KB2508958)
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.2
Adobe Shockwave Player 12.0
Agere Systems HDA Modem
Apple Application Support
Apple Software Update
ATI Catalyst Install Manager
AVG 2013
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
ccc-core-static
ccc-utility64
CCC Help English
CCleaner
Compatibility Pack for the 2007 Office system
DivX Setup
ESU for Microsoft Vista
Firestorm-Release (remove only)
Furcadia
Google Chrome
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Common Access Service Library
HP Customer Experience Enhancements
HP Help and Support
HP Integrated Module with Bluetooth wireless technology 6.0.1.6204
HP MediaSmart DVD
HP MediaSmart Music/Photo/Video
HP MediaSmart SlingPlayer
HP MediaSmart SmartMenu
HP MediaSmart TV
HP MediaSmart Webcam
HP Quick Launch Buttons 6.40 L1
HP Total Care Advisor
HP Total Care Setup
HP Update
HP User Guides 0134
HP Wireless Assistant
HPAsset component for HP Active Support Library
IDT Audio
J2SE Runtime Environment 5.0 Update 2
Java Auto Updater
Java™ 6 Update 20
Java™ 6 Update 7
JMicron JMB38X Flash Media Controller Driver
LightScribe System Software  1.14.17.1
Lost Saga
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Live Search Toolbar
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Works
Move Media Player
Mozilla Firefox 21.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Norton Internet Security
Norton PC Checkup
OpenOffice.org 3.2
ProtectSmart Hard Drive Protection
QuickTime
Realtek 8169 8168 8101E 8102E Ethernet Driver
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Singularity (remove only)
Skins
Skype Click to Call
Skype™ 6.3
Spelling Dictionaries Support For Adobe Reader 9
Spybot - Search & Destroy
swMSM
Synaptics Pointing Device Driver
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.6195
Visual Studio 2008 x64 Redistributables
Visual Studio 2010 x64 Redistributables
Windows Driver Package - ENE (enecir) HIDClass  (09/04/2008 2.6.0.0)
.
==== End Of File ===========================
 

Attached Files


Edited by blknit3, 02 June 2013 - 05:28 PM.


BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:11:35 PM

Posted 02 June 2013 - 08:02 PM

Hello blknit3,

 

  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
      
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
      
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

      
  • Finally, please reply using the Post  button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  •   I will be analyzing your log. I will get back to you with instructions.

 

 

1.

I do not recommend that you have more than one anti virus product installed and running on your computer at a time.  The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms".  It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove 2 of the following.   AVG or Microsoft Security Essentials,Norton Internet Security.

 

 

2.

Download AdwCleaner

  • Double click on AdwCleaner.exe to run the tool.
    ***Note: Windows Vista and Windows 7 users:
    Right click in the adwCleaner.exe and select
    Run%20as%20admin.png
  • Click the Delete button.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your next reply.
  • Or you can find the logfile at C:\AdwCleaner[R1].txt.

 

 

3.

  •    
  • Download RogueKiller on the desktop
       
  • Close all the running processes
       
  • Under Vista/Seven, right click -> Run as Administrator
       
  • Otherwise just double-click on RogueKiller.exe
       
  • When prompted, Click Scan 
       
  • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
       
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again

 

 

Things to include in your next reply::

Which 2 Antivirus did you get rid of

AdwCleaner log

Roguekiller log


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:11:35 PM

Posted 03 June 2013 - 06:11 PM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 3-5 days the topic will need to be closed.

Thanks for understanding :)

With Regards,
fireman4it


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#4 blknit3

blknit3
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:12:35 AM

Posted 04 June 2013 - 01:59 AM

Yes, I am still here and first off thank you for a response.  I am currently downloading the two programs and will reply back once I have the two logs ready as well as the other information you requested.  Thank again for responding in such a quick manner.



#5 blknit3

blknit3
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:12:35 AM

Posted 05 June 2013 - 04:19 PM

Yea I'm back, sorry for the delay I've been real busy with work.  Thanks again for the help.  Regarding the information you asked, I uninstalled Microsoft Security Essentials and Nortan Internet Security.  Here are the two logs that  you requested.

 

--------------------------------AdwCleaner[S2]-------------------------------

# AdwCleaner v2.301 - Logfile created 06/05/2013 at 11:42:56
# Updated 16/05/2013 by Xplode
# Operating system : Windows ™ Vista Home Premium Service Pack 2 (64 bits)
# User : Hachimitsu - HACHIMITSU-PC
# Boot Mode : Normal
# Running from : C:\Users\Hachimitsu\Downloads\adwcleaner(1).exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search
Deleted on reboot : C:\Users\Hachimitsu\AppData\LocalLow\AVG Security Toolbar
Deleted on reboot : C:\Users\Hachimitsu\AppData\LocalLow\boost_interprocess
File Deleted : C:\END
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\AVG Security Toolbar
Key Deleted : HKCU\Software\AVG Security Toolbar
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\5ee8fd0b039bf42
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Wow6432Node\5ee8fd0b039bf42
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16483

[OK] Registry is clean.

-\\ Mozilla Firefox v21.0 (en-US)

File : C:\Users\Hachimitsu\AppData\Roaming\Mozilla\Firefox\Profiles\22lum3be.default\prefs.js

Deleted : user_pref("browser.newtab.url", "hxxp://www.delta-search.com/?affID=119747&tt=gc_&babsrc=NT_ss&mntrI[...]
Deleted : user_pref("browser.search.order.1", "Delta Search");
Deleted : user_pref("browser.search.selectedEngine", "Delta Search");

-\\ Google Chrome v27.0.1453.94

File : C:\Users\Hachimitsu\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [6237 octets] - [02/06/2013 00:33:28]
AdwCleaner[S1].txt - [344 octets] - [02/06/2013 01:25:00]
AdwCleaner[S2].txt - [5839 octets] - [05/06/2013 11:42:56]

########## EOF - C:\AdwCleaner[S2].txt - [5899 octets] ##########
 

-------------------------------------------RkReport--------------------------------------------

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User : Hachimitsu [Admin rights]
Mode : Scan -- Date : 06/05/2013 14:15:08
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 11 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : compstat (rundll32 "C:\Users\HACHIM~1\AppData\Local\Temp\contINFO.dll",DllEntryPoint) [x] -> FOUND
[RUN][HJNAME] HKCU\[...]\Run : conhost (C:\Users\Hachimitsu\AppData\Roaming\Microsoft\conhost.exe) [x] -> FOUND
[RUN][SUSP PATH] HKCU\[...]\Run : Wow6432Node (C:\Users\Hachimitsu\AppData\Roaming\BA0EEC.exe) [x] -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-4186815338-4201418275-456293347-1000[...]\Run : compstat (rundll32 "C:\Users\HACHIM~1\AppData\Local\Temp\contINFO.dll",DllEntryPoint) [x] -> FOUND
[RUN][HJNAME] HKUS\S-1-5-21-4186815338-4201418275-456293347-1000[...]\Run : conhost (C:\Users\Hachimitsu\AppData\Roaming\Microsoft\conhost.exe) [x] -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-4186815338-4201418275-456293347-1000[...]\Run : Wow6432Node (C:\Users\Hachimitsu\AppData\Roaming\BA0EEC.exe) [x] -> FOUND
[TASK][SUSP PATH] EPUpdater : C:\Users\HACHIM~1\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe  [x] -> FOUND
[TASK][SUSP PATH] thpm780774721395451353 : \\.\globalroot\Device\HarddiskVolume1\Users\HACHIM~1\AppData\Local\Temp\thpm780774721395451353.tmp  [x] -> FOUND
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (hxxp=127.0.0.1:54121) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤
[Tr.Karagany][FOLDER] plugs : C:\Users\Hachimitsu\AppData\Roaming\Adobe\plugs --> FOUND
[Tr.Karagany][FOLDER] shed : C:\Users\Hachimitsu\AppData\Roaming\Adobe\shed --> FOUND

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1       localhost
::1             localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9500325AS ATA Device +++++
--- User ---
[MBR] 7cdfabf4fa8695fdeca7343888cab0c3
[BSP] e8f0fc7b7adf65069804d708372aacc5 : Toshiba MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 464058 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 950392832 | Size: 12878 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_06052013_02d1415.txt >>
RKreport[1]_S_06052013_02d1415.txt


 



#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:11:35 PM

Posted 05 June 2013 - 05:33 PM

  •    
  • Re-Run RogueKiller
       
  • Close all the running processes
       
  • Under Vista/Seven, right click -> Run as Administrator
       
  • Otherwise just double-click on RogueKiller.exe
       
  • When prompted, Click Delete 
       
  • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
       
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again

 

 

HOw is the machine running now?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 blknit3

blknit3
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:12:35 AM

Posted 05 June 2013 - 05:52 PM

It is still running slower than normal, but it is a little better.

 

Here are the RogueKiller Logs:

 

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User : Hachimitsu [Admin rights]
Mode : Scan -- Date : 06/05/2013 15:48:29
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 11 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : compstat (rundll32 "C:\Users\HACHIM~1\AppData\Local\Temp\contINFO.dll",DllEntryPoint) [x] -> FOUND
[RUN][HJNAME] HKCU\[...]\Run : conhost (C:\Users\Hachimitsu\AppData\Roaming\Microsoft\conhost.exe) [x] -> FOUND
[RUN][SUSP PATH] HKCU\[...]\Run : Wow6432Node (C:\Users\Hachimitsu\AppData\Roaming\BA0EEC.exe) [x] -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-4186815338-4201418275-456293347-1000[...]\Run : compstat (rundll32 "C:\Users\HACHIM~1\AppData\Local\Temp\contINFO.dll",DllEntryPoint) [x] -> FOUND
[RUN][HJNAME] HKUS\S-1-5-21-4186815338-4201418275-456293347-1000[...]\Run : conhost (C:\Users\Hachimitsu\AppData\Roaming\Microsoft\conhost.exe) [x] -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-4186815338-4201418275-456293347-1000[...]\Run : Wow6432Node (C:\Users\Hachimitsu\AppData\Roaming\BA0EEC.exe) [x] -> FOUND
[TASK][SUSP PATH] EPUpdater : C:\Users\HACHIM~1\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe  [x] -> FOUND
[TASK][SUSP PATH] thpm780774721395451353 : \\.\globalroot\Device\HarddiskVolume1\Users\HACHIM~1\AppData\Local\Temp\thpm780774721395451353.tmp  [x] -> FOUND
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (hxxp=127.0.0.1:54121) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤
[Tr.Karagany][FOLDER] plugs : C:\Users\Hachimitsu\AppData\Roaming\Adobe\plugs --> FOUND
[Tr.Karagany][FOLDER] shed : C:\Users\Hachimitsu\AppData\Roaming\Adobe\shed --> FOUND

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1       localhost
::1             localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9500325AS ATA Device +++++
--- User ---
[MBR] 7cdfabf4fa8695fdeca7343888cab0c3
[BSP] e8f0fc7b7adf65069804d708372aacc5 : Toshiba MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 464058 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 950392832 | Size: 12878 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_S_06052013_02d1548.txt >>
RKreport[1]_S_06052013_02d1415.txt ; RKreport[2]_S_06052013_02d1548.txt


 



#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:11:35 PM

Posted 05 June 2013 - 06:25 PM

Please read the directions carefully.

 

  •    
  • Re-Run RogueKiller
       
  • Close all the running processes
       
  • Under Vista/Seven, right click -> Run as Administrator
       
  • Otherwise just double-click on RogueKiller.exe
       
  • When prompted, Click Delete 
       
  • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
       
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 blknit3

blknit3
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:12:35 AM

Posted 05 June 2013 - 06:53 PM

When you say close all the running processes, you mean all programs that are open right?  If not, what exactly do you mean sorry to ask.



#10 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:11:35 PM

Posted 07 June 2013 - 04:04 PM

When you say close all the running processes, you mean all programs that are open right?

 

Yes you are correct. :thumbup2:

Things like internet explorer, Outlook, any games etc


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#11 blknit3

blknit3
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:12:35 AM

Posted 07 June 2013 - 04:55 PM

Uhm okay, well I closed just about everythign possible and here are the results:

 

----------------------------RogueKiller Log---------------------------------------

 

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User : Hachimitsu [Admin rights]
Mode : Scan -- Date : 06/07/2013 14:51:12
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 11 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : compstat (rundll32 "C:\Users\HACHIM~1\AppData\Local\Temp\contINFO.dll",DllEntryPoint) [x] -> FOUND
[RUN][HJNAME] HKCU\[...]\Run : conhost (C:\Users\Hachimitsu\AppData\Roaming\Microsoft\conhost.exe) [x] -> FOUND
[RUN][SUSP PATH] HKCU\[...]\Run : Wow6432Node (C:\Users\Hachimitsu\AppData\Roaming\BA0EEC.exe) [x] -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-4186815338-4201418275-456293347-1000[...]\Run : compstat (rundll32 "C:\Users\HACHIM~1\AppData\Local\Temp\contINFO.dll",DllEntryPoint) [x] -> FOUND
[RUN][HJNAME] HKUS\S-1-5-21-4186815338-4201418275-456293347-1000[...]\Run : conhost (C:\Users\Hachimitsu\AppData\Roaming\Microsoft\conhost.exe) [x] -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-4186815338-4201418275-456293347-1000[...]\Run : Wow6432Node (C:\Users\Hachimitsu\AppData\Roaming\BA0EEC.exe) [x] -> FOUND
[TASK][SUSP PATH] EPUpdater : C:\Users\HACHIM~1\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe  [x] -> FOUND
[TASK][SUSP PATH] thpm780774721395451353 : \\.\globalroot\Device\HarddiskVolume1\Users\HACHIM~1\AppData\Local\Temp\thpm780774721395451353.tmp  [x] -> FOUND
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (hxxp=127.0.0.1:54121) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤
[Tr.Karagany][FOLDER] plugs : C:\Users\Hachimitsu\AppData\Roaming\Adobe\plugs --> FOUND
[Tr.Karagany][FOLDER] shed : C:\Users\Hachimitsu\AppData\Roaming\Adobe\shed --> FOUND

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1       localhost
::1             localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9500325AS ATA Device +++++
--- User ---
[MBR] 7cdfabf4fa8695fdeca7343888cab0c3
[BSP] e8f0fc7b7adf65069804d708372aacc5 : Toshiba MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 464058 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 950392832 | Size: 12878 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[3]_S_06072013_02d1451.txt >>
RKreport[1]_S_06052013_02d1415.txt ; RKreport[2]_S_06052013_02d1548.txt ; RKreport[3]_S_06072013_02d1451.txt


 



#12 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:11:35 PM

Posted 08 June 2013 - 07:29 PM

Please read the direction carefully about deleteing.

 

  •    
  • Re-Run RogueKiller
       
  • Close all the running processes
       
  • Under Vista/Seven, right click -> Run as Administrator
       
  • Otherwise just double-click on RogueKiller.exe
       
  • When prompted, Click Delete 
       
  • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
       
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#13 blknit3

blknit3
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:12:35 AM

Posted 08 June 2013 - 10:23 PM

Oh, I'm sorry man I don't know how I overlooked that part.  I thought I did that, I apologize and thanks for the help again.  Here is the log you requested.

 

 

---------------------------------RogueKiller Log------------------------------------

 

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User : Hachimitsu [Admin rights]
Mode : Remove -- Date : 06/08/2013 20:18:47
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 1 ¤¤¤
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (hxxp=127.0.0.1:54121) -> NOT REMOVED, USE PROXYFIX

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1       localhost
::1             localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9500325AS ATA Device +++++
--- User ---
[MBR] 2576c24eaf2f68870cead4ee057cd56b
[BSP] a037a8e5a32c347de707b5c28c0ad622 : Toshiba MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 464058 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 950392832 | Size: 12878 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[6]_D_06082013_02d2018.txt >>
RKreport[1]_S_06052013_02d1415.txt ; RKreport[2]_S_06052013_02d1548.txt ; RKreport[3]_S_06072013_02d1451.txt ; RKreport[4]_S_06082013_02d2006.txt ; RKreport[5]_D_06082013_02d2010.txt ;
RKreport[6]_D_06082013_02d2018.txt
 



#14 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:11:35 PM

Posted 08 June 2013 - 10:57 PM

  •    
  • Re-Run RogueKiller
       
  • Close all the running processes
       
  • Under Vista/Seven, right click -> Run as Administrator
       
  • Otherwise just double-click on RogueKiller.exe
       
  • When prompted, Click Proxyfix 
       
  • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
       
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#15 blknit3

blknit3
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:12:35 AM

Posted 10 June 2013 - 08:00 PM

Here are logs as requested, thanks,

 

----------------------------------RogueKiller Logs----------------------------------------

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User : Hachimitsu [Admin rights]
Mode : Scan -- Date : 06/09/2013 20:24:21
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 1 ¤¤¤
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (hxxp=127.0.0.1:54121) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1       localhost
::1             localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9500325AS ATA Device +++++
--- User ---
[MBR] 7cdfabf4fa8695fdeca7343888cab0c3
[BSP] e8f0fc7b7adf65069804d708372aacc5 : Toshiba MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 464058 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 950392832 | Size: 12878 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[7]_S_06092013_02d2024.txt >>
RKreport[1]_S_06052013_02d1415.txt ; RKreport[2]_S_06052013_02d1548.txt ; RKreport[3]_S_06072013_02d1451.txt ; RKreport[4]_S_06082013_02d2006.txt ; RKreport[5]_D_06082013_02d2010.txt ;
RKreport[6]_D_06082013_02d2018.txt ; RKreport[7]_S_06092013_02d2024.txt


 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users