Jump to content

kwawny

Members
  • Posts

    17
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Thank you so much for your help. I really appreciate it. You can close this thread now. Good day.
  2. I apologize for the double post (not sure how to edit posts or if that's possible?) but I have one final question after the above question: I'm a very paranoid person and I was wondering if I should visit a computer specialist after this malware attack?
  3. Hello. Thank you so much for your help/advice. I changed the default password when I first got the router but I was wondering if it should be changed if one has a malware scare?
  4. Thank you so much for your help and your advice. I will check out the internet/pc safety links soon. I have a few more questions/concerns: 1. When turning my laptop on before I ran the ComboFix script it took a really long time to get to the Windows screen, so I decided to manually restart it. Then it went into Startup Repair mode. After scanning it said something like: Root Cause Found: System volume on disk is corrupt. Repair action: File system repair (chkdsk) Result: Completed Successfully. Error Code = 0x0 Also, when I unplug my laptop, it immediately shuts off. My laptop can only run when plugged in. (My adapter is fairly new. Got it in June 2013). I think there's something internally wrong with my computer but I'm not sure what it is. Do you know what I should do about that? 2. When I used Rogue Killer some days ago, immediately after the "Deleting Finished" info showed in the status box, the following happened: A pop-up (it looked legit and I think it is) said something like "Windows Report, Internet Explorer Restored." (I'm not sure exactly what was written because it appeared and disappeared rather quickly) Then, the desktop briefly disappeared (the icons and such disappeared) before reappearing again. I'm not sure if that's a normal part of the Rogue Killer process or not. 3. The Internet Explorer Icon/Logo which is located on my desktop is titled “The Internet.” I can’t remember if I’ve seen this before. I’m not sure if this is normal. 4. I have a folder called “backups” on my desktop that contains alleged backup files, but I don’t know how it came to be. Most of the files have a “blank page” icon and just have the words “backup,” a date (August 6, 2013), and some seemingly random numbers (One of the files has the name “Secunia PSI Tray.”) Do you think I should delete the folder? 5. Should I change my router passwords as well?
  5. Hello. I have read your message. I cannot fully respond at this time. I will be able to respond by tomorrow. Please keep this thread open. Thank you.
  6. I gave up on the ESET scanner and decided to do the F-Secure Online Scan. It did not find anything.
  7. So, here's my update: I re-started the ESET scan at 6:40 PM and it's been scanning for nearly 3 hours. It's still on 20%....
  8. I accidentally hit "Stop" thinking that was the pause button and the scan ended. I will have to start the scan over. ;_; I will update you as soon as possible.
  9. Thank you. I have been running the ESET scan for almost 8 hours and it is only on 20%. Is that normal? Should I restart it?
  10. Hello. Sorry for the late response. I did the first step (remove unneeded start-up entries) and my computer is running much faster. Thank you. About the ESET scanner: Is it safe to run the online scanner while Norton 360's real time scanner is off?
  11. Hello. Sorry for the late response. I didn't have any problems doing the requested activities. Currently (besides the issues mentioned in my previous posts), my computer seems to be doing fine. Below are the reports: Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.08.04.05 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Lapreasha :: LAPREASHA-PC [administrator] 8/4/2013 5:51:12 PM mbam-log-2013-08-04 (17-51-12).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | PUP | PUM | P2P Scan options disabled: Heuristics/Shuriken Objects scanned: 225777 Time elapsed: 9 minute(s), 54 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 8:31:48 PM, on 8/4/2013 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16496) Boot mode: Normal Running processes: C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\RtHDVCpl.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\ehome\ehtray.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Secunia\PSI\psi_tray.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Users\Lapreasha\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\20.4.0.40\coIEPlg.dll O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\20.4.0.40\IPS\IPSBHO.DLL O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\20.4.0.40\coIEPlg.dll O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe O4 - HKLM\..\Run: [skytel] Skytel.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start O4 - HKLM\..\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\Jumpstart\jswpsapi.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe O23 - Service: Norton PC Checkup Application Launcher - Symantec Corporation - C:\Program Files\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe O23 - Service: pinger - Unknown owner - C:\TOSHIBA\IVP\ISM\pinger.exe O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files\Secunia\PSI\PSIA.exe O23 - Service: Secunia Update Agent - Secunia - C:\Program Files\Secunia\PSI\sua.exe O23 - Service: SmartFaceVWatchSrv - Toshiba - C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- End of file - 8456 bytes
  12. Hello. Things that may need to be addressed: 1. When turning my laptop on for the first time today (before I ran the ComboFix script) it took a really long time to get to the Windows screen, so I decided to manually restart it. Then it went into Startup Repair mode. After scanning it said something like: Root Cause Found: System volume on disk is corrupt. Repair action: File system repair (chkdsk) Result: Completed Successfully. Error Code = 0x0 Also, when I unplug my laptop, it immediately shuts off. My laptop can only run when plugged in. (My adapter is fairly new. Got it in June 2013). I think there's something internally wrong with my computer but I'm not sure what it is. 2. Yesterday, while using Rogue Killer, immediately after the "Deleting Finished" info showed in the status box, the following happened: A pop-up (it looked legit and I think it is) said something like "Windows Report, Internet Explorer Restored." (I'm not sure exactly what was written because it appeared and disappeared rather quickly) Then, the desktop briefly disappeared (the icons and such disappeared) before reappearing again. I'm not sure if that's a normal part of the Rogue Killer process or not. 3. Yesterday, after I did the Rogue Killer scan, there was a Rogue Killer Quarantine folder on my desktop that was filled with quarantined items. Today, the folder only has something called “Rogue Killer Configuration Settings” in it. I'm not sure if that’s normal or not. 4. The Internet Explorer Icon/Logo which is located on my desktop is titled “The Internet.” I can’t remember if I’ve seen this before. I’m not sure if this is normal. That’s about it. Aside from the above mentioned issues, the laptop is working fine. No overt weirdness. Below is the ComboFix Report. As I was running Combofix, it asked me if I wanted to update it and so I updated it. (Then, I did the scan) I hope that’s okay? After running the ComboFix script, my laptop appears to be doing fine. ComboFix 13-08-02.03 - Lapreasha 08/03/2013 16:03:26.2.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2813.1669 [GMT -4:00]Running from: c:\users\Lapreasha\Desktop\ComboFix.exeCommand switches used :: c:\users\Lapreasha\Desktop\CFScript.txtAV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((( Files Created from 2013-07-03 to 2013-08-03 )))))))))))))))))))))))))))))))..2013-08-03 20:17 . 2013-08-03 20:17 -------- d-----w- c:\users\Lapreasha\AppData\Local\temp2013-08-03 20:17 . 2013-08-03 20:17 -------- d-----w- c:\users\Default\AppData\Local\temp2013-08-03 15:35 . 2013-08-03 15:35 -------- d-----w- C:\found.0032013-08-01 22:35 . 2013-08-01 22:35 -------- d-----w- c:\windows\ERUNT2013-07-31 09:59 . 2013-07-31 09:59 -------- d-----w- C:\found.0022013-07-31 07:19 . 2013-07-31 07:26 -------- d-----w- c:\windows\system32\MRT2013-07-31 06:02 . 2013-07-31 06:02 -------- d-----w- c:\program files\OpenOffice 42013-07-29 20:41 . 2013-07-29 20:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2013-07-29 20:41 . 2013-04-04 18:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys2013-07-29 18:31 . 2013-07-29 19:09 -------- d-----w- c:\users\Lapreasha\AppData\Local\NPE2013-07-28 21:17 . 2013-07-28 21:21 -------- d-----w- c:\program files\Norton PC Checkup 3.02013-07-11 09:07 . 2013-06-04 01:50 2049024 ----a-w- c:\windows\system32\win32k.sys...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-07-19 02:37 . 2012-10-14 18:41 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe2013-07-19 02:37 . 2011-08-27 04:03 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2013-07-03 08:32 . 2013-07-03 08:32 16024 ----a-w- c:\windows\system32\drivers\psi_mf_x86.sys2013-06-29 22:26 . 2013-06-29 22:26 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C4FA82EA-9848-40D3-AD47-42E6C7D65276}\offreg.dll2013-06-17 22:29 . 2011-06-29 05:47 142496 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS2013-06-17 06:10 . 2013-06-29 22:10 7068072 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C4FA82EA-9848-40D3-AD47-42E6C7D65276}\mpengine.dll2013-05-23 05:25 . 2013-06-15 07:39 934488 ----a-w- c:\windows\system32\drivers\N360\1404000.028\symefa.sys2013-05-21 05:02 . 2013-06-15 07:39 367704 ----a-w- c:\windows\system32\drivers\N360\1404000.028\symds.sys2013-05-16 05:02 . 2013-06-15 07:39 603224 ----a-w- c:\windows\system32\drivers\N360\1404000.028\srtsp.sys2013-05-09 08:58 . 2013-06-29 22:34 229648 ----a-w- c:\windows\system32\aswBoot.exe2013-05-08 03:40 . 2013-06-12 19:40 914792 ----a-w- c:\windows\system32\drivers\tcpip.sys2013-05-08 01:58 . 2013-06-12 19:40 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-05-15 4760816].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-02-06 431456]"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-06-16 448080]"Skytel"="Skytel.exe" [2007-11-21 1826816]"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-11-01 54608]"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-04-29 417792]"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-03-19 716800]"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-05-31 152392]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2013-7-3 563416].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"EnableUIADesktopToggle"= 0 (0x0).[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2013-05-07 115440].[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]@="Service".S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2013-05-23 119056]..[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache.[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2013-07-31 23:10 1173456 ----a-w- c:\program files\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2013-08-03 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-14 02:37].2013-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2013-07-31 23:06].2013-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2013-07-31 23:06]..------- Supplementary Scan -------.uStart Page = uInternet Settings,ProxyOverride = *.localTCP: DhcpNameServer = 192.168.0.1FF - ProfilePath - c:\users\Lapreasha\AppData\Roaming\Mozilla\Firefox\Profiles\n52indrg.default\FF - prefs.js: network.proxy.type - 0.- - - - ORPHANS REMOVED - - - -.SafeBoot-39190515.sys...**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2013-08-03 16:17Windows 6.0.6002 Service Pack 2 NTFS.scanning hidden processes ... .scanning hidden autostart entries ... .scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\N360]"ImagePath"="\"c:\program files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\20.4.0.40\diMaster.dll\" /prefetch:1".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000"MSCurrentCountry"=dword:000000b5.Completion time: 2013-08-03 16:21:04ComboFix-quarantined-files.txt 2013-08-03 20:20.Pre-Run: 186,865,541,120 bytes freePost-Run: 186,896,818,176 bytes free.- - End Of File - - 3B264BA87770ED844301C5D45B68124A5B5E648D12FCADC244C1EC30318E1EB9
  13. Hello. Here are my questions and updates: After clicking "Change parameters" while using TDSSKiller, I literally checked all of the boxes (including the Additional options "Verify file digital signatures" and "Detect TDLFS file system"). Is that okay? Also, while using Rogue Killer, immediately after the "Deleting Finished" info showed in the status box, the following happened: A pop-up (it looked legit and I think it is) said something like "Windows Report, Internet Explorer Restored." (I'm not sure exactly what was written because it appeared and disappeared rather quickly) Then, the desktop briefly disappeared (the icons and such disappeared) before reappearing again. I'm not sure if that's a normal part of the Rogue Killer process or not. Otherwise, my computer seems to be fine. Nothing else besides the above mentioned incident has happened. I have attached the TDSSKiller report because I had trouble posting it. Posted below is the Rogue Killer report. PLEASE NOTE: I could not find RKreport[2]. I could only find RKreport[0]. I hope that is fine. RogueKiller V8.6.4 [Jul 29 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.adlice.com/forum/ Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://tigzyrk.blogspot.com/ Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version Started in : Normal mode User : Lapreasha [Admin rights] Mode : Scan -- Date : 08/02/2013 20:45:29 | ARK || FAK || MBR | ¤¤¤ Bad processes : 1 ¤¤¤ [sUSP PATH][DLL] explorer.exe -- C:\Users\Lapreasha\Desktop\7-Zip\7-zip.dll [x] -> UNLOADED ¤¤¤ Registry Entries : 3 ¤¤¤ [HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 1 ¤¤¤ [V2][ROGUE ST] 4793 : wscript.exe - C:\Users\LAPREA~1\AppData\Local\Temp\launchie.vbs //B -> FOUND ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ [Tr.Karagany][Folder] plugs : C:\Users\Lapreasha\AppData\Roaming\Adobe\plugs [-] --> FOUND [Tr.Karagany][Folder] shed : C:\Users\Lapreasha\AppData\Roaming\Adobe\shed [-] --> FOUND ¤¤¤ Driver : [LOADED] ¤¤¤ [Address] SSDT[13] : NtAlertResumeThread @ 0x8509F7FF -> HOOKED (Unknown @ 0x89AC18A0) [Address] SSDT[14] : NtAlertThread @ 0x85018357 -> HOOKED (Unknown @ 0x89AC1980) [Address] SSDT[18] : NtAllocateVirtualMemory @ 0x850546AD -> HOOKED (Unknown @ 0x89AC32F0) [Address] SSDT[21] : NtAlpcConnectPort @ 0x84FF689D -> HOOKED (Unknown @ 0x898A14E8) [Address] SSDT[42] : NtAssignProcessToJobObject @ 0x84FC9B2E -> HOOKED (Unknown @ 0x89AC1048) [Address] SSDT[67] : NtCreateMutant @ 0x8502C9A3 -> HOOKED (Unknown @ 0x89AC15F0) [Address] SSDT[77] : NtCreateSymbolicLinkObject @ 0x84FCC345 -> HOOKED (Unknown @ 0x89ABFD70) [Address] SSDT[78] : NtCreateThread @ 0x8509DE14 -> HOOKED (Unknown @ 0x89AC3738) [Address] SSDT[116] : NtDebugActiveProcess @ 0x85070F04 -> HOOKED (Unknown @ 0x89AC1128) [Address] SSDT[129] : NtDuplicateObject @ 0x85004581 -> HOOKED (Unknown @ 0x89AC3480) [Address] SSDT[147] : NtFreeVirtualMemory @ 0x84E90E15 -> HOOKED (Unknown @ 0x89AC30E8) [Address] SSDT[156] : NtImpersonateAnonymousToken @ 0x84FC6F3B -> HOOKED (Unknown @ 0x89AC16E0) [Address] SSDT[158] : NtImpersonateThread @ 0x84FDC580 -> HOOKED (Unknown @ 0x89AC17C0) [Address] SSDT[165] : NtLoadDriver @ 0x84F77E12 -> HOOKED (Unknown @ 0x8989F2F8) [Address] SSDT[177] : NtMapViewOfSection @ 0x8501C99C -> HOOKED (Unknown @ 0x89AC1FB0) [Address] SSDT[184] : NtOpenEvent @ 0x85005DFF -> HOOKED (Unknown @ 0x89AC1510) [Address] SSDT[194] : NtOpenProcess @ 0x8502D13F -> HOOKED (Unknown @ 0x89AC3620) [Address] SSDT[195] : NtOpenProcessToken @ 0x8500DA60 -> HOOKED (Unknown @ 0x89AC33C0) [Address] SSDT[197] : NtOpenSection @ 0x8501D794 -> HOOKED (Unknown @ 0x89AC1350) [Address] SSDT[201] : NtOpenThread @ 0x8502863B -> HOOKED (Unknown @ 0x89AC3550) [Address] SSDT[210] : NtProtectVirtualMemory @ 0x850263F2 -> HOOKED (Unknown @ 0x89ABFF60) [Address] SSDT[282] : NtResumeThread @ 0x85027C5A -> HOOKED (Unknown @ 0x89AC1A60) [Address] SSDT[289] : NtSetContextThread @ 0x8509F2AB -> HOOKED (Unknown @ 0x89AC1D00) [Address] SSDT[305] : NtSetInformationProcess @ 0x850209EE -> HOOKED (Unknown @ 0x89AC1DE0) [Address] SSDT[317] : NtSetSystemInformation @ 0x84FF2F14 -> HOOKED (Unknown @ 0x89AC1208) [Address] SSDT[330] : NtSuspendProcess @ 0x8509F73B -> HOOKED (Unknown @ 0x89AC1430) [Address] SSDT[331] : NtSuspendThread @ 0x84FA6943 -> HOOKED (Unknown @ 0x89AC1B40) [Address] SSDT[335] : unknown @ 0x85028670 -> HOOKED (Unknown @ 0x89AC1C20) [Address] SSDT[348] : NtUnmapViewOfSection @ 0x8501CC5F -> HOOKED (Unknown @ 0x89AC1ED0) [Address] SSDT[358] : NtWriteVirtualMemory @ 0x85019A2F -> HOOKED (Unknown @ 0x89AC31D8) [Address] SSDT[382] : NtCreateThreadEx @ 0x85028125 -> HOOKED (Unknown @ 0x89ABFE60) [Address] Shadow SSDT[317] : NtUserAttachThreadInput -> HOOKED (Unknown @ 0x890157B8) [Address] Shadow SSDT[397] : NtUserGetAsyncKeyState -> HOOKED (Unknown @ 0x89A670E0) [Address] Shadow SSDT[428] : NtUserGetKeyboardState -> HOOKED (Unknown @ 0x8B4442E0) [Address] Shadow SSDT[430] : NtUserGetKeyState -> HOOKED (Unknown @ 0x89ABB180) [Address] Shadow SSDT[442] : NtUserGetRawInputData -> HOOKED (Unknown @ 0x89A67248) [Address] Shadow SSDT[479] : NtUserMessageCall -> HOOKED (Unknown @ 0x89A68008) [Address] Shadow SSDT[497] : NtUserPostMessage -> HOOKED (Unknown @ 0x8B444210) [Address] Shadow SSDT[498] : NtUserPostThreadMessage -> HOOKED (Unknown @ 0x8B444120) [Address] Shadow SSDT[573] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x89ABB4E0) [Address] Shadow SSDT[576] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x8B457128) ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD2500BEVS-26VAT0 ATA Device +++++ --- User --- [MBR] 7234b6c29d9aff6cf6a65b7846751187 [bSP] 6d7f06fc31fcf694dff506027a434f45 : Windows Vista MBR Code Partition table: 0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 230934 Mo 2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 476026880 | Size: 6040 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[0]_S_08022013_204529.txt >> TDSSKiller.2.8.16.0_02.08.2013_19.15.23_log.txt
  14. Hello. Here's a problem that I had: Even though I disabled Norton 360's "Smart Firewall" and "Antivirus Auto-Protect" for five hours, Combofix said "Combofix has detected the following real time scanners to be active: norton." I decided to just run Combofix anyway. I hope that's okay? Current Computer Status: My CPU Usage gets as high as 100% sometimes, but that's about it. The computer seems to be working fine. Here is my Combofix Log: ComboFix 13-08-01.01 - Lapreasha 08/01/2013 23:57:34.1.2 - x86Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2813.1786 [GMT -4:00]Running from: c:\users\Lapreasha\Desktop\ComboFix.exeAV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((( Files Created from 2013-07-02 to 2013-08-02 )))))))))))))))))))))))))))))))..2013-08-02 04:12 . 2013-08-02 04:12 -------- d-----w- c:\users\Lapreasha\AppData\Local\temp2013-08-02 04:12 . 2013-08-02 04:12 -------- d-----w- c:\users\Default\AppData\Local\temp2013-08-01 22:35 . 2013-08-01 22:35 -------- d-----w- c:\windows\ERUNT2013-07-31 09:59 . 2013-07-31 09:59 -------- d-----w- C:\found.0022013-07-31 07:19 . 2013-07-31 07:26 -------- d-----w- c:\windows\system32\MRT2013-07-31 06:02 . 2013-07-31 06:02 -------- d-----w- c:\program files\OpenOffice 42013-07-29 20:41 . 2013-07-29 20:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2013-07-29 20:41 . 2013-04-04 18:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys2013-07-29 18:31 . 2013-07-29 19:09 -------- d-----w- c:\users\Lapreasha\AppData\Local\NPE2013-07-28 21:17 . 2013-07-28 21:21 -------- d-----w- c:\program files\Norton PC Checkup 3.02013-07-11 09:07 . 2013-06-04 01:50 2049024 ----a-w- c:\windows\system32\win32k.sys2013-07-03 08:32 . 2013-07-03 08:32 16024 ----a-w- c:\windows\system32\drivers\psi_mf_x86.sys...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-07-19 02:37 . 2012-10-14 18:41 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe2013-07-19 02:37 . 2011-08-27 04:03 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2013-06-29 22:26 . 2013-06-29 22:26 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C4FA82EA-9848-40D3-AD47-42E6C7D65276}\offreg.dll2013-06-17 22:29 . 2011-06-29 05:47 142496 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS2013-06-17 06:10 . 2013-06-29 22:10 7068072 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C4FA82EA-9848-40D3-AD47-42E6C7D65276}\mpengine.dll2013-05-23 05:25 . 2013-06-15 07:39 934488 ----a-w- c:\windows\system32\drivers\N360\1404000.028\symefa.sys2013-05-21 05:02 . 2013-06-15 07:39 367704 ----a-w- c:\windows\system32\drivers\N360\1404000.028\symds.sys2013-05-16 05:02 . 2013-06-15 07:39 603224 ----a-w- c:\windows\system32\drivers\N360\1404000.028\srtsp.sys2013-05-09 08:58 . 2013-06-29 22:34 229648 ----a-w- c:\windows\system32\aswBoot.exe2013-05-08 03:40 . 2013-06-12 19:40 914792 ----a-w- c:\windows\system32\drivers\tcpip.sys2013-05-08 01:58 . 2013-06-12 19:40 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-05-15 4760816].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-02-06 431456]"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-06-16 448080]"Skytel"="Skytel.exe" [2007-11-21 1826816]"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-11-01 54608]"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-04-29 417792]"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-03-19 716800]"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-05-31 152392]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2013-7-3 563416].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"EnableUIADesktopToggle"= 0 (0x0).[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2013-05-07 115440].[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]@="Service".S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2013-05-23 119056]..--- Other Services/Drivers In Memory ---.*NewlyCreated* - WS2IFSL.[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache.[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2013-07-31 23:10 1173456 ----a-w- c:\program files\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2013-08-02 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-14 02:37].2013-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2013-07-31 23:06].2013-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2013-07-31 23:06]..------- Supplementary Scan -------.uStart Page = uInternet Settings,ProxyOverride = *.localTCP: DhcpNameServer = 192.168.0.1FF - ProfilePath - c:\users\Lapreasha\AppData\Roaming\Mozilla\Firefox\Profiles\n52indrg.default\FF - prefs.js: network.proxy.type - 0.- - - - ORPHANS REMOVED - - - -.Toolbar-Locked - (no file)WebBrowser-{E49D8D56-543D-4B71-BA78-150D6DD38374} - (no file)SafeBoot-WudfPfSafeBoot-WudfRd...**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2013-08-02 00:13Windows 6.0.6002 Service Pack 2 NTFS.scanning hidden processes ... .scanning hidden autostart entries ... .scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\N360]"ImagePath"="\"c:\program files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\20.4.0.40\diMaster.dll\" /prefetch:1".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000"MSCurrentCountry"=dword:000000b5.Completion time: 2013-08-02 00:17:40ComboFix-quarantined-files.txt 2013-08-02 04:17.Pre-Run: 180,137,779,200 bytes freePost-Run: 187,039,059,968 bytes free.- - End Of File - - E0129562CF77BBDC738B1F7A2161E26D5B5E648D12FCADC244C1EC30318E1EB9
  15. Finally figured out what to do. My computer seems to be running normally. (Except "Start-up" seems faster than it used to be.) Here are my logs (adwcleaner and JWT respectively): # AdwCleaner v2.306 - Logfile created 08/01/2013 at 18:24:10# Updated 19/07/2013 by Xplode# Operating system : Windows Vista Home Premium Service Pack 2 (32 bits)# User : Lapreasha - LAPREASHA-PC# Boot Mode : Normal# Running from : C:\Users\Lapreasha\Desktop\AdwCleaner.exe# Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** File Deleted : C:\Program Files\Mozilla Firefox\.autoregFile Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xmlFile Deleted : C:\user.jsFolder Deleted : C:\Program Files\AutocompleteProFolder Deleted : C:\Program Files\ConduitFolder Deleted : C:\ProgramData\BabylonFolder Deleted : C:\ProgramData\WeCareReminderFolder Deleted : C:\Users\Lapreasha\AppData\Local\BabylonFolder Deleted : C:\Users\Lapreasha\AppData\Local\ConduitFolder Deleted : C:\Users\Lapreasha\AppData\Local\Zoom_DownloaderFolder Deleted : C:\Users\Lapreasha\AppData\LocalLow\Conduit ***** [Registry] ***** Key Deleted : HKCU\Software\AppDataLow\Software\ConduitKey Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopesKey Deleted : HKCU\Software\AutocompleteProBHOKey Deleted : HKCU\Software\InstallCoreKey Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKCU\Software\SoftonicKey Deleted : HKCU\Software\YahooPartnerToolbarKey Deleted : HKCU\Software\ZugoKey Deleted : HKLM\Software\BabylonKey Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{28A88B70-D874-4F73-BBBA-9B2B222FB7D6}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLLKey Deleted : HKLM\SOFTWARE\Classes\AppID\kt_bho_dll.dllKey Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}Key Deleted : HKLM\SOFTWARE\Classes\Prod.capKey Deleted : HKLM\Software\ConduitKey Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966Key Deleted : HKLM\SOFTWARE\SoftwareKey Deleted : HKLM\Software\Tarma InstallerKey Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16496 [OK] Registry is clean. -\\ Mozilla Firefox v22.0 (en-US) File : C:\Users\Lapreasha\AppData\Roaming\Mozilla\Firefox\Profiles\n52indrg.default\prefs.js [OK] File is clean. -\\ Google Chrome v28.0.1500.95 File : C:\Users\Lapreasha\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[s1].txt - [339 octets] - [01/08/2013 18:24:06]AdwCleaner[s2].txt - [3896 octets] - [01/08/2013 18:24:10] ########## EOF - C:\AdwCleaner[s2].txt - [3956 octets] ########## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 5.2.9 (07.30.2013:1)OS: Windows Vista Home Premium x86Ran by Lapreasha on Thu 08/01/2013 at 18:35:47.48~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{FDCBB2B1-A29C-492F-B25C-B71A7B5CB529} ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Users\Lapreasha\AppData\Roaming\pccustubinstaller"Successfully deleted: [Folder] "C:\Windows\system32\ai_recyclebin" ~~~ FireFox Emptied folder: C:\Users\Lapreasha\AppData\Roaming\mozilla\firefox\profiles\n52indrg.default\minidumps [16 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Thu 08/01/2013 at 18:43:13.29End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.