Jump to content

Skygazer

Members
  • Posts

    1
  • Joined

  • Last visited

Everything posted by Skygazer

  1. I just signed up and this is my 1st post. If I posted my question in wrong area, I apologize in advance. Hi, After few online searches I found a this site. After reading some post on bleepingcomputer and some on this site, I started the following process to delete all unwanted items on my computer 1st Step: Download & Run "Security Check" and copy Report 2nd Step: Download & Run "AdwCleaner" and copy Report 3rd Step: Download & Run "Roguekiller for 64bit" and copy Report 4th Step: (Pending) Download & Run "Malwarebytes" Since the post I read was based on Report specific to that computer, I couldn't follow further. I need help with what to do based on these Reports. Here are my Reports on first 3 steps: Security Check ------------------------------------------------------------------------------------------------------- Results of screen317's Security Check version 0.99.96 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! avast! Antivirus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` JavaFX 2.1.1 Java 7 Update 45 Java version 32-bit out of Date! Java 64-bit 8 Update 31 Adobe Flash Player 16.0.0.235 Mozilla Firefox (35.0.1) Mozilla Thunderbird (31.3.0) Google Chrome (40.0.2214.111) Google Chrome (40.0.2214.94) ````````Process Check: objlist.exe by Laurent```````` AVAST Software Avast AvastSvc.exe AVAST Software Avast avastui.exe AVAST Software Avast ng vbox\AvastVBoxSVC.exe AVAST Software Avast ng ngservice.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 1% ````````````````````End of Log`````````````````````` AdwCleaner ------------------------------------------------------------------------------------------------------- # AdwCleaner v4.110 - Logfile created 09/02/2015 at 19:21:14# Updated 05/02/2015 by Xplode# Database : 2015-02-09.1 [server]# Operating system : Windows 7 Home Premium Service Pack 1 (x64)# Username : Amin - MYGATEWAY# Running from : C:\Users\Amin\Downloads\adwcleaner_4.110.exe# Option : Cleaning ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\Users\Amin\AppData\Local\PackageAwareFolder Deleted : C:\Users\Amin\AppData\LocalLow\ConduitFile Deleted : C:\END ***** [ Scheduled tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigckKey Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLLKey Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlprKey Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1Key Deleted : HKLM\SOFTWARE\Classes\Prod.capKey Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local> ***** [ Web browsers ] ***** -\\ Internet Explorer v11.0.9600.17496 -\\ Mozilla Firefox v35.0.1 (x86 en-US) -\\ Google Chrome v40.0.2214.111 ************************* AdwCleaner[R0].txt - [1719 bytes] - [09/02/2015 18:49:19]AdwCleaner[s0].txt - [1668 bytes] - [09/02/2015 19:21:14] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1727 bytes] ########## Roguekiller for 64bit ------------------------------------------------------------------------------------------------------- RogueKiller V10.2.0.0 (x64) [Jan 19 2015] by Adlice Softwaremail : http://www.adlice.com/contact/Feedback : http://forum.adlice.comWebsite : http://www.adlice.com/softwares/roguekiller/Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : Amin [Administrator]Mode : Delete -- Date : 02/09/2015 21:13:16 ¤¤¤ Processes : 0 ¤¤¤ ¤¤¤ Registry : 12 ¤¤¤[PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : https://www.yahoo.com?fr=hp-avast&type=avastbcl -> Not selected [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3393652132-3854537398-1406664269-1000\Software\Microsoft\Internet Explorer\Main | Start Page : https://www.yahoo.com?fr=hp-avast&type=avastbcl -> Not selected [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3393652132-3854537398-1406664269-1000\Software\Microsoft\Internet Explorer\Main | Start Page : https://www.yahoo.com?fr=hp-avast&type=avastbcl -> Not selected [PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-3393652132-3854537398-1406664269-1000\Software\Microsoft\Internet Explorer\Main | Search Page : https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} -> Not selected [PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-3393652132-3854537398-1406664269-1000\Software\Microsoft\Internet Explorer\Main | Search Page : https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} -> Not selected [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{07377933-027F-4841-BE8E-1920BF653684} | DhcpNameServer : 10.1.10.1 [(Private Address) (XX)] -> Not selected[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{07377933-027F-4841-BE8E-1920BF653684} | DhcpNameServer : 10.1.10.1 [(Private Address) (XX)] -> Not selected[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{07377933-027F-4841-BE8E-1920BF653684} | DhcpNameServer : 10.1.10.1 [(Private Address) (XX)] -> Not selected[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Replaced (0) ¤¤¤ Tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ Hosts File : 0 ¤¤¤ ¤¤¤ Antirootkit : 31 (Driver: Loaded) ¤¤¤[iAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.dll - CloseHandle : Unknown @ 0x715d003c (push dword 0x715c0022|ret |jmp dword near [0x715c001e]|jmp 0x10)[iAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.dll - ReadFile : Unknown @ 0x7149003c (push dword 0x71480022|ret |jmp dword near [0x7148001e]|jmp 0x10)[iAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.dll - CreateProcessW : Unknown @ 0x7145003c (push dword 0x71440022|ret |jmp dword near [0x7144001e]|jmp 0x10)[iAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.dll - WriteFile : Unknown @ 0x7155003c (push dword 0x71540022|ret |jmp dword near [0x7154001e]|jmp 0x10)[iAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.dll - SetUnhandledExceptionFilter : Unknown @ 0x71a4003c (push dword 0x71a30022|ret |jmp dword near [0x71a3001e]|jmp 0x10)[iAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtMapViewOfSection : Unknown @ 0x71a0003c (jmp 0xfffffffff9f403d2|jmp dword near [0x719f001e]|jmp 0x10)[iAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - ShowWindow : Unknown @ 0x716e003c (push dword 0x716d0022|ret |jmp dword near [0x716d001e]|jmp 0x10)[iAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - PeekMessageW : Unknown @ 0x719c003c (push dword 0x719b0022|ret |jmp dword near [0x719b001e]|jmp 0x10)[iAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - TranslateMessage : Unknown @ 0x716a003c (push dword 0x71690022|ret |jmp dword near [0x7169001e]|jmp 0x10)[iAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - CreateWindowExA : c:\program files (x86)\trusteer\rapport\bin\rooksbas.dll @ 0x693d91a0 (jmp dword near [0x7191001e]|jmp 0x10|jmp 0xfffffffff7ab9160)[iAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - SetWindowLongW : Unknown @ 0x7172003c (push dword 0x71710022|ret |jmp dword near [0x7171001e]|jmp 0x10)[iAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - CreateWindowExW : c:\program files (x86)\trusteer\rapport\bin\rooksbas.dll @ 0x693d8e80 (jmp dword near [0x7195001e]|jmp 0x10|jmp 0xfffffffff7a78e40)[iAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - SetParent : Unknown @ 0x7176003c (push dword 0x71750022|ret |jmp dword near [0x7175001e]|jmp 0x10)[iAT:Inl(Hook.IEAT)] (chrome.exe) GDI32.dll - BitBlt : Unknown @ 0x718a003c (push dword 0x71890022|ret |jmp dword near [0x7189001e]|jmp 0x10)[iAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - GetClipboardData : Unknown @ 0x7180003c (push dword 0x717f0022|ret |jmp dword near [0x717f001e]|jmp 0x10)[iAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - BeginPaint : Unknown @ 0x7186003c (push dword 0x71850022|ret |jmp dword near [0x7185001e]|jmp 0x10)[iAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.dll - CreateIoCompletionPort : Unknown @ 0x714d003c (push dword 0x714c0022|ret |jmp dword near [0x714c001e]|jmp 0x10)[iAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.dll - GetQueuedCompletionStatus : Unknown @ 0x7161003c (push dword 0x71600022|ret |jmp dword near [0x7160001e]|jmp 0x10)[iAT:Inl(Hook.IEAT)] (chrome.exe) CRYPT32.dll - CertVerifyCertificateChainPolicy : Unknown @ 0x718e003c (push dword 0x718d0022|ret |jmp dword near [0x718d001e]|jmp 0x10)[iAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.dll - CancelIo : Unknown @ 0x7159003c (push dword 0x71580022|ret |jmp dword near [0x7158001e]|jmp 0x10)[iAT:Inl(Hook.IEAT)] (chrome.exe) WS2_32.dll - getaddrinfo : Unknown @ 0x7166003c (jmp 0xfffffffffa59bd8c|jmp dword near [0x7165001e]|jmp 0x10)[iAT:Inl(Hook.IEAT)] (chrome.exe) user32.dll - BeginPaint : Unknown @ 0x7186003c (push dword 0x71850022|ret |jmp dword near [0x7185001e]|jmp 0x10)[iAT:Inl(Hook.IEAT)] (chrome.exe) user32.dll - SetParent : Unknown @ 0x7176003c (push dword 0x71750022|ret |jmp dword near [0x7175001e]|jmp 0x10)[iAT:Inl(Hook.IEAT)] (chrome.exe) user32.dll - ShowWindow : Unknown @ 0x716e003c (push dword 0x716d0022|ret |jmp dword near [0x716d001e]|jmp 0x10)[iAT:Inl(Hook.IEAT)] (chrome.exe) user32.dll - GetClipboardData : Unknown @ 0x7180003c (push dword 0x717f0022|ret |jmp dword near [0x717f001e]|jmp 0x10)[iAT:Inl(Hook.IEAT)] (chrome.exe) user32.dll - SetWindowLongW : Unknown @ 0x7172003c (push dword 0x71710022|ret |jmp dword near [0x7171001e]|jmp 0x10)[iAT:Inl(Hook.IEAT)] (chrome.exe) user32.dll - TranslateMessage : Unknown @ 0x716a003c (push dword 0x71690022|ret |jmp dword near [0x7169001e]|jmp 0x10)[iAT:Inl(Hook.IEAT)] (chrome.exe) user32.dll - CreateWindowExW : c:\program files (x86)\trusteer\rapport\bin\rooksbas.dll @ 0x693d8e80 (jmp dword near [0x7195001e]|jmp 0x10|jmp 0xfffffffff7a78e40)[iAT:Inl(Hook.IEAT)] (chrome.exe) user32.dll - PeekMessageW : Unknown @ 0x719c003c (push dword 0x719b0022|ret |jmp dword near [0x719b001e]|jmp 0x10)[iAT:Inl(Hook.IEAT)] (chrome.exe) ADVAPI32.dll - CreateProcessAsUserW : Unknown @ 0x7141003c (push dword 0x71400022|ret |jmp dword near [0x7140001e]|jmp 0x10)[iAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.dll - CreateNamedPipeW : Unknown @ 0x7151003c (push dword 0x71500022|ret |jmp dword near [0x7150001e]|jmp 0x10) ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤+++++ PhysicalDrive0: WDC WD5000BPVT-22HXZT3 ATA Device +++++--- User ---[MBR] 1cbc9c9454a23d288cc3ab6e52d772b0[bSP] 478016f1513bebf6195bcd22db75a460 : Windows Vista/7/8 MBR CodePartition table:0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 18432 MB1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 37750784 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 37955584 | Size: 458406 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]User = LL1 ... OKUser = LL2 ... OK ============================================RKreport_SCN_02092015_194857.log I would appreciate any help I can get.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.