Jump to content

I started: Security Check, AdwCleaner, Roguekiller for 64bit and need help to finish


Skygazer
 Share

Recommended Posts

I just signed up and this is my 1st post. If I posted my question in wrong area, I apologize in advance.

 

Hi,

 

After few online searches I found a this site.

After reading some post on bleepingcomputer and some on this site, I started the following process to delete all unwanted items on my computer

 

1st Step: Download & Run "Security Check" and copy Report

2nd Step: Download & Run "AdwCleaner" and copy Report

3rd Step: Download & Run "Roguekiller for 64bit" and copy Report

4th Step: (Pending) Download & Run "Malwarebytes"

 

Since the post I read was based on Report specific to that computer, I couldn't follow further.

 

I need help with what to do based on these Reports.

 

Here are my Reports on first 3 steps:

 

Security Check -------------------------------------------------------------------------------------------------------

 

 Results of screen317's Security Check version 0.99.96  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 JavaFX 2.1.1    
 Java 7 Update 45  
 Java version 32-bit out of Date!
  Java 64-bit 8 Update 31
 Adobe Flash Player 16.0.0.235  
 Mozilla Firefox (35.0.1) 
 Mozilla Thunderbird (31.3.0) 
 Google Chrome (40.0.2214.111) 
 Google Chrome (40.0.2214.94) 
````````Process Check: objlist.exe by Laurent````````
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast avastui.exe  
 AVAST Software Avast ng vbox\AvastVBoxSVC.exe 
 AVAST Software Avast ng ngservice.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 1% 
````````````````````End of Log``````````````````````
 
 
AdwCleaner -------------------------------------------------------------------------------------------------------
 
# AdwCleaner v4.110 - Logfile created 09/02/2015 at 19:21:14
# Updated 05/02/2015 by Xplode
# Database : 2015-02-09.1 [server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Amin - MYGATEWAY
# Running from : C:\Users\Amin\Downloads\adwcleaner_4.110.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\Amin\AppData\Local\PackageAware
Folder Deleted : C:\Users\Amin\AppData\LocalLow\Conduit
File Deleted : C:\END
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17496
 
 
-\\ Mozilla Firefox v35.0.1 (x86 en-US)
 
 
-\\ Google Chrome v40.0.2214.111
 
 
*************************
 
AdwCleaner[R0].txt - [1719 bytes] - [09/02/2015 18:49:19]
AdwCleaner[s0].txt - [1668 bytes] - [09/02/2015 19:21:14]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1727  bytes] ##########
 
 
Roguekiller for 64bit -------------------------------------------------------------------------------------------------------
 
RogueKiller V10.2.0.0 (x64) [Jan 19 2015] by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Amin [Administrator]
Mode : Delete -- Date : 02/09/2015  21:13:16
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 12 ¤¤¤
[PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : https://www.yahoo.com?fr=hp-avast&type=avastbcl -> Not selected
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3393652132-3854537398-1406664269-1000\Software\Microsoft\Internet Explorer\Main | Start Page : https://www.yahoo.com?fr=hp-avast&type=avastbcl -> Not selected
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3393652132-3854537398-1406664269-1000\Software\Microsoft\Internet Explorer\Main | Start Page : https://www.yahoo.com?fr=hp-avast&type=avastbcl -> Not selected
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-3393652132-3854537398-1406664269-1000\Software\Microsoft\Internet Explorer\Main | Search Page : https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} -> Not selected
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-3393652132-3854537398-1406664269-1000\Software\Microsoft\Internet Explorer\Main | Search Page : https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{07377933-027F-4841-BE8E-1920BF653684} | DhcpNameServer : 10.1.10.1 [(Private Address) (XX)]  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{07377933-027F-4841-BE8E-1920BF653684} | DhcpNameServer : 10.1.10.1 [(Private Address) (XX)]  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{07377933-027F-4841-BE8E-1920BF653684} | DhcpNameServer : 10.1.10.1 [(Private Address) (XX)]  -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Replaced (0)
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 31 (Driver: Loaded) ¤¤¤
[iAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.dll - CloseHandle : Unknown @ 0x715d003c (push dword 0x715c0022|ret |jmp dword near [0x715c001e]|jmp 0x10)
[iAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.dll - ReadFile : Unknown @ 0x7149003c (push dword 0x71480022|ret |jmp dword near [0x7148001e]|jmp 0x10)
[iAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.dll - CreateProcessW : Unknown @ 0x7145003c (push dword 0x71440022|ret |jmp dword near [0x7144001e]|jmp 0x10)
[iAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.dll - WriteFile : Unknown @ 0x7155003c (push dword 0x71540022|ret |jmp dword near [0x7154001e]|jmp 0x10)
[iAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.dll - SetUnhandledExceptionFilter : Unknown @ 0x71a4003c (push dword 0x71a30022|ret |jmp dword near [0x71a3001e]|jmp 0x10)
[iAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtMapViewOfSection : Unknown @ 0x71a0003c (jmp 0xfffffffff9f403d2|jmp dword near [0x719f001e]|jmp 0x10)
[iAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - ShowWindow : Unknown @ 0x716e003c (push dword 0x716d0022|ret |jmp dword near [0x716d001e]|jmp 0x10)
[iAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - PeekMessageW : Unknown @ 0x719c003c (push dword 0x719b0022|ret |jmp dword near [0x719b001e]|jmp 0x10)
[iAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - TranslateMessage : Unknown @ 0x716a003c (push dword 0x71690022|ret |jmp dword near [0x7169001e]|jmp 0x10)
[iAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - CreateWindowExA : c:\program files (x86)\trusteer\rapport\bin\rooksbas.dll @ 0x693d91a0 (jmp dword near [0x7191001e]|jmp 0x10|jmp 0xfffffffff7ab9160)
[iAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - SetWindowLongW : Unknown @ 0x7172003c (push dword 0x71710022|ret |jmp dword near [0x7171001e]|jmp 0x10)
[iAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - CreateWindowExW : c:\program files (x86)\trusteer\rapport\bin\rooksbas.dll @ 0x693d8e80 (jmp dword near [0x7195001e]|jmp 0x10|jmp 0xfffffffff7a78e40)
[iAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - SetParent : Unknown @ 0x7176003c (push dword 0x71750022|ret |jmp dword near [0x7175001e]|jmp 0x10)
[iAT:Inl(Hook.IEAT)] (chrome.exe) GDI32.dll - BitBlt : Unknown @ 0x718a003c (push dword 0x71890022|ret |jmp dword near [0x7189001e]|jmp 0x10)
[iAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - GetClipboardData : Unknown @ 0x7180003c (push dword 0x717f0022|ret |jmp dword near [0x717f001e]|jmp 0x10)
[iAT:Inl(Hook.IEAT)] (chrome.exe) USER32.dll - BeginPaint : Unknown @ 0x7186003c (push dword 0x71850022|ret |jmp dword near [0x7185001e]|jmp 0x10)
[iAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.dll - CreateIoCompletionPort : Unknown @ 0x714d003c (push dword 0x714c0022|ret |jmp dword near [0x714c001e]|jmp 0x10)
[iAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.dll - GetQueuedCompletionStatus : Unknown @ 0x7161003c (push dword 0x71600022|ret |jmp dword near [0x7160001e]|jmp 0x10)
[iAT:Inl(Hook.IEAT)] (chrome.exe) CRYPT32.dll - CertVerifyCertificateChainPolicy : Unknown @ 0x718e003c (push dword 0x718d0022|ret |jmp dword near [0x718d001e]|jmp 0x10)
[iAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.dll - CancelIo : Unknown @ 0x7159003c (push dword 0x71580022|ret |jmp dword near [0x7158001e]|jmp 0x10)
[iAT:Inl(Hook.IEAT)] (chrome.exe) WS2_32.dll - getaddrinfo : Unknown @ 0x7166003c (jmp 0xfffffffffa59bd8c|jmp dword near [0x7165001e]|jmp 0x10)
[iAT:Inl(Hook.IEAT)] (chrome.exe) user32.dll - BeginPaint : Unknown @ 0x7186003c (push dword 0x71850022|ret |jmp dword near [0x7185001e]|jmp 0x10)
[iAT:Inl(Hook.IEAT)] (chrome.exe) user32.dll - SetParent : Unknown @ 0x7176003c (push dword 0x71750022|ret |jmp dword near [0x7175001e]|jmp 0x10)
[iAT:Inl(Hook.IEAT)] (chrome.exe) user32.dll - ShowWindow : Unknown @ 0x716e003c (push dword 0x716d0022|ret |jmp dword near [0x716d001e]|jmp 0x10)
[iAT:Inl(Hook.IEAT)] (chrome.exe) user32.dll - GetClipboardData : Unknown @ 0x7180003c (push dword 0x717f0022|ret |jmp dword near [0x717f001e]|jmp 0x10)
[iAT:Inl(Hook.IEAT)] (chrome.exe) user32.dll - SetWindowLongW : Unknown @ 0x7172003c (push dword 0x71710022|ret |jmp dword near [0x7171001e]|jmp 0x10)
[iAT:Inl(Hook.IEAT)] (chrome.exe) user32.dll - TranslateMessage : Unknown @ 0x716a003c (push dword 0x71690022|ret |jmp dword near [0x7169001e]|jmp 0x10)
[iAT:Inl(Hook.IEAT)] (chrome.exe) user32.dll - CreateWindowExW : c:\program files (x86)\trusteer\rapport\bin\rooksbas.dll @ 0x693d8e80 (jmp dword near [0x7195001e]|jmp 0x10|jmp 0xfffffffff7a78e40)
[iAT:Inl(Hook.IEAT)] (chrome.exe) user32.dll - PeekMessageW : Unknown @ 0x719c003c (push dword 0x719b0022|ret |jmp dword near [0x719b001e]|jmp 0x10)
[iAT:Inl(Hook.IEAT)] (chrome.exe) ADVAPI32.dll - CreateProcessAsUserW : Unknown @ 0x7141003c (push dword 0x71400022|ret |jmp dword near [0x7140001e]|jmp 0x10)
[iAT:Inl(Hook.IEAT)] (chrome.exe) KERNEL32.dll - CreateNamedPipeW : Unknown @ 0x7151003c (push dword 0x71500022|ret |jmp dword near [0x7150001e]|jmp 0x10)
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD5000BPVT-22HXZT3 ATA Device +++++
--- User ---
[MBR] 1cbc9c9454a23d288cc3ab6e52d772b0
[bSP] 478016f1513bebf6195bcd22db75a460 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 18432 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 37750784 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 37955584 | Size: 458406 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 
 
============================================
RKreport_SCN_02092015_194857.log
 
 
I would appreciate any help I can get.
 
 
Link to post
Share on other sites

  • 1 month later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.