Advertisement
Advertisement
 Search | |
| |
27-Feb-2013, 05:37 PM
#1 | ||||||
 Lavasoft Search redirect hijack Please help any tech guy/girl, My computer is infected with the Lavasoft Securesearch/Delta Search Redirect Hijack. I have deleted all visible and hidden files which relate to Lavasoft ( I believe ) and Lavasoft no longer appears in my search settings. My firewall was being turned off regularly and registry settings attempted to be altered (Spybot S and D alerting me to that) Unfortunately GMER keeps crashing so I cannot post the log of that one. I should be Most grateful for any assistance in delivering my computer from this affliction!! Tech Support Guy System Info Utility version 1.0.0.2 OS Version: Microsoft® Windows Vista™ Home Premium, Service Pack 1, 32 bit Processor: Intel(R) Pentium(R) Dual CPU E2180 @ 2.00GHz, x64 Family 6 Model 15 Stepping 13 Processor Count: 2 RAM: 2036 Mb Graphics Card: Intel(R) G33/G31 Express Chipset Family, 320 Mb Hard Drives: C: Total - 228113 MB, Free - 101274 MB; D: Total - 10239 MB, Free - 6147 MB; Motherboard: Dell Inc., 0K216C Antivirus: Kaspersky Internet Security, Updated and Enabled Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:32:50, on 22/02/2013 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.19088) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Nokia\NSeries PC Suite\System Utilities\PcSync2.exe C:\Program Files\Boots F2CD\Picture Suite\InsDetect.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtblfs.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Users\millymatt\Downloads\HijackThis.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Skype C2C Service - Unknown owner - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- End of file - 3482 bytes DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 8.0.6001.19088 Run by millymatt at 20:56:40 on 2013-02-27 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.2036.297 [GMT 0:00] . AV: Kaspersky Internet Security *Enabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984} SP: Kaspersky Internet Security *Enabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Kaspersky Internet Security *Enabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF} . ============== Running Processes ================ . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\WLANExt.exe C:\Windows\System32\spoolsv.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe C:\Windows\system32\WUDFHost.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Nokia\NSeries PC Suite\System Utilities\PcSync2.exe C:\Program Files\Boots F2CD\Picture Suite\InsDetect.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtblfs.exe C:\Windows\servicing\TrustedInstaller.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe c:\program files\windows defender\MpCmdRun.exe C:\Windows\system32\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k bthsvcs C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup . ============== Pseudo HJT Report =============== . uStart Page = hxxp://securesearch.lavasoft.com/?source=f439e2c0&tbp=homepage&toolbarid=adawaretb&v=2_5&u=9D8690EDDF2C1B978 CD2A85126B4E0FB uWindow Title = Internet Explorer provided by Dell uSearch Bar = hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60195 uDefault_Page_URL = hxxp://www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=6080702 uURLSearchHooks: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - <orphaned> dURLSearchHooks: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - <orphaned> BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned> BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: AddLyrics: {4145006D-47F8-42F2-8186-2225AAFECDD3} - BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll BHO: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - c:\program files\kaspersky lab\kaspersky internet security 2012\ievkbd.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.8313.1002\swg.dll BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - c:\program files\kaspersky lab\kaspersky internet security 2012\klwtbbho.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [NSeries.PCSync] c:\program files\nokia\nseries pc suite\system utilities\PcSync2.exe /NoDialog uRun: [Boots Insert Detect] c:\program files\boots f2cd\picture suite\InsDetect.exe uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide mRun: [ECenter] c:\dell\e-center\EULALauncher.exe mRun: [RtHDVCpl] RtHDVCpl.exe mRun: [IgfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [NSLauncher] c:\program files\nokia\nokia software launcher\NSLauncher.exe /startup mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4\OpwareSE4.exe" mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe" mRun: [Wireless Manager] "c:\program files\virgin broadband wireless\Wireless Manager.exe" startup mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2012\avp.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [SearchProtection] c:\programdata\search protection\_run.bat StartupFolder: c:\users\millym~1\appdata\roaming\micros~1\windows\startm~1\programs\startu p\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\photof~1.lnk - c:\program files\panasonic\photofunstudio -viewer-\PhAutoRun.exe mPolicies-System: EnableUIADesktopToggle = dword:0 IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2012\ievkbd.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2012\klwtbbho.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: NameServer = 192.168.1.1 TCP: Interfaces\{7BE2A03A-D429-4EBA-AD07-186B52FAA70D} : DHCPNameServer = 192.168.1.1 Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - c:\program files\tiscali\tiscali internet\dlls\tiscalifilter.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll Notify: igfxcui - igfxdev.dll Notify: klogon - c:\windows\system32\klogon.dll AppInit_DLLs= c:\progra~1\google\google~2\goec62~1.dll LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\25.0.1364.97\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome . ============= SERVICES / DRIVERS =============== . R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-2-21 13560] R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2011-3-4 11352] R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2011-3-10 23856] R2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky internet security 2012\avp.exe [2011-4-24 206448] R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-2-22 398184] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-2-22 682344] R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2013-2-21 1153368] R2 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2013-1-31 3289208] R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-2 19984] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-2-22 21104] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate1c9f1c17e3d4712;Google Update Service (gupdate1c9f1c17e3d4712);c:\program files\google\update\GoogleUpdate.exe [2009-6-20 133104] S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944] S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-7-2 30192] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v040 0.exe [2010-3-18 753504] . =============== Created Last 30 ================ . 2013-02-27 08:45:13 -------- d-----w- c:\windows\system32\EventProviders 2013-02-26 08:11:58 6954968 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{70ef4817-1bf8-4a2c-80d3-08f707c0984b}\mpengine.dll 2013-02-22 03:38:03 -------- d-----w- c:\users\millymatt\appdata\roaming\Malwarebytes 2013-02-22 03:37:21 -------- d-----w- c:\programdata\Malwarebytes 2013-02-22 03:37:20 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-02-22 03:37:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-02-22 02:55:17 -------- d-----w- c:\program files\CCleaner 2013-02-22 00:05:29 -------- d-----w- c:\programdata\Ad-Aware Antivirus 2013-02-22 00:04:18 -------- d-----w- c:\users\millymatt\appdata\roaming\LavasoftStatistics 2013-02-21 23:59:54 -------- d-----w- c:\programdata\Search Protection 2013-02-21 23:59:43 -------- d-----w- c:\users\millymatt\appdata\roaming\SecureSearch 2013-02-21 23:58:07 -------- d-----w- c:\programdata\Downloaded Installations 2013-02-21 23:57:12 44424 ----a-w- c:\windows\system32\sbbd.exe 2013-02-21 23:57:12 13560 ----a-w- c:\windows\system32\drivers\gfibto.sys 2013-02-21 23:57:11 -------- d-----w- c:\users\millymatt\appdata\roaming\Ad-Aware Antivirus 2013-02-21 22:31:00 -------- d-----w- c:\program files\Spybot - Search & Destroy 2013-02-21 18:42:58 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2013-02-21 18:42:32 -------- d-----w- c:\program files\Spybot - Search & Destroy 2 2013-02-21 18:06:08 -------- d-----w- c:\program files\Enigma Software Group 2013-02-21 18:04:54 -------- d-----w- c:\windows\0AC0F1B261C74B6EACEF58FCC0B94835.TMP 2013-02-21 18:04:45 -------- d-----w- c:\program files\common files\Wise Installation Wizard 2013-02-21 16:06:42 -------- d-----w- c:\windows\system32\searchplugins 2013-02-21 16:06:42 -------- d-----w- c:\windows\system32\Extensions 2013-02-21 16:06:35 -------- d-----w- c:\programdata\BrowserProtect 2013-02-15 22:31:23 186432 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll . ==================== Find3M ==================== . 2013-01-17 01:28:58 232336 ------w- c:\windows\system32\MpSigStub.exe 2013-01-10 15:48:52 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-01-10 15:48:51 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl . ============= FINISH: 20:59:37.59 =============== DDS (Ver_2012-11-20.01) . Microsoft® Windows Vista™ Home Premium Boot Device: \Device\HarddiskVolume3 Install Date: 02/07/2008 04:34:30 System Uptime: 27/02/2013 20:28:51 (0 hours ago) . Motherboard: Dell Inc. | | 0K216C Processor: Intel(R) Pentium(R) Dual CPU E2180 @ 2.00GHz | Socket 775 | 2000/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 223 GiB total, 98.633 GiB free. D: is FIXED (NTFS) - 10 GiB total, 6.003 GiB free. E: is CDROM () F: is Removable G: is Removable H: is Removable I: is Removable K: is Removable . ==== Disabled Device Manager Items ============= . Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a} Description: Nokia N95 8GB Device ID: ROOT\WPD\0000 Manufacturer: Nokia Name: Nokia N95 8GB PNP Device ID: ROOT\WPD\0000 Service: WUDFRd . ==== System Restore Points =================== . . ==== Installed Programs ====================== . Acrobat.com Adobe AIR Adobe Flash Player 11 ActiveX Adobe Reader X (10.1.6) Apple Mobile Device Support Apple Software Update ArcSoft Software Suite Bonjour Boots F2CD Picture Suite Canon MP Navigator EX 1.0 Canon MP610 series Canon MP610 series User Registration Canon My Printer Canon Utilities Easy-PhotoPrint EX Canon Utilities Solution Menu CCleaner CD-LabelPrint Compatibility Pack for the 2007 Office system Dell Driver Download Manager Dell Getting Started Guide Dell Support Center Drug Calculations for Health Professionals EDocs Forte Free 2.0 Google Chrome Google Desktop Google Toolbar for Internet Explorer Google Update Helper Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Intel(R) PRO Network Connections 12.1.11.0 Internet From BT iTunes Java Auto Updater Java(TM) 6 Update 22 Java(TM) 6 Update 5 Java(TM) 6 Update 7 Kaspersky Internet Security 2012 Malwarebytes Anti-Malware version 1.70.0.1100 Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Works MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB941833) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Nokia Connectivity Cable Driver Nokia Lifeblog 2.5 Nokia NSeries Application Installer Nokia NSeries Content Copier Nokia NSeries Multimedia Player Nokia NSeries One Touch Access Nokia NSeries System Utilities Nokia Software Launcher Nokia Software Updater OpenOffice.org 3.3 PC Connectivity Solution PHOTOfunSTUDIO -viewer- PIXMA Extended Survey Program QuickTime Realtek High Definition Audio Driver Roxio Creator Audio Roxio Creator Copy Roxio Creator Data Roxio Creator DE Roxio Creator Tools Roxio Express Labeler 3 Roxio Update Manager ScanSoft OmniPage SE 4 Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Sheet Music Plus Digital Print SILKYPIX Developer Studio 3.0 SE Skype Click to Call Skype™ 5.10 Spybot - Search & Destroy Tiscali Internet Update for Microsoft .NET Framework 3.5 SP1 (KB963707) VLC media player 1.0.1 Wireless Manager Yahoo! BrowserPlus 2.9.8 Yahoo! Install Manager Yahoo! Search Protection Yahoo! Software Update . ==== End Of File =========================== |
27-Feb-2013, 06:02 PM
#2 | ||||||
| There are a few items remaining including a hijack of your Search page. This should clean out the hijack and other related files, then we can remove anything that remains. SCAN 1 Click on this link to download : ADWCleaner and save it to your desktop. NOTE: If using Internet Explorer and you get an alert that stops the program downloading click on Tools > Smartscreen Filter > Turn off Smartscreen Filter then click on OK in the box that opens. Then click on the link again. Close your browser and click on this icon on your desktop:  You will then see the screen below, click on the Delete button (as indicated), accept any prompts that appear and allow it to reboot the PC. When the PC has rebooted you will be presented with the report, copy & paste it into your next post.  SCAN 2 Download RogueKiller (by tigzy) and save direct to your Desktop. On the web page select the 32bit or 64bit button to match the bit rate of your version of Windows.
__________________ Please Copy & Paste scan results into your replies, DO NOT send them as attachments or in Code or Quote boxes unless asked to. Last edited by Mark1956; 27-Feb-2013 at 06:48 PM.. |
27-Feb-2013, 06:09 PM
#4 | ||||||
| Thank you so much for your post. I must get to bed now however (plastering ceilings tomorrow) and can sleep easier knowing a likely solution at hand. Will attend to this tomorrow eve. |
27-Feb-2013, 06:13 PM
#6 | ||||||
| p.s I tried updating twice (in last day ) but it failed for some reason and haven't tried it again. I can be slow to update some things and in fact my laptop was running mysteriously slow for long time and I scoured forums seeking advice til I found a note to keep updates updated ! QED! |
27-Feb-2013, 06:14 PM
#7 | ||||||
| pps this problem is desktop! |
27-Feb-2013, 06:47 PM
#8 | ||||||
| Service Pack 2 for Vista was released a long time ago April 2009 and your install date was July 2008, so there is something wrong or you had Windows Update turned off all that time which leaves your system vulnerable to infection due to the lack of security updates. We will look into the update issue as we go along, but for now I have added another scan to my earlier post.
__________________ Please Copy & Paste scan results into your replies, DO NOT send them as attachments or in Code or Quote boxes unless asked to. |
28-Feb-2013, 02:41 PM
#9 | ||||||
| Hi Mark , Two problems, Firstly, I accidentally deleted the log from Adw cleaner because the computer shut down twice (I did not realise I had dwnloaded twice and got mixed up with the screens! Secondly, Kaspersky tells me that Rogue Killer contains a virus and will not allow me to continue. Hoping all is not lost!!! Awaiting your best advice! Many thanks. |
28-Feb-2013, 05:04 PM
#10 | ||||||
| ps.. I tried again to upgrade to Vista Service Pack 2 but the installation failed as before... |
28-Feb-2013, 05:15 PM
#11 | ||||||
| pps Took courage after reviewing roguekiller and disabled Kaspersky allowing the following log to be created: RogueKiller V8.5.2 [Feb 23 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files...3-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows Vista (6.0.6001 Service Pack 1) 32 bits version Started in : Normal mode User : millymatt [Admin rights] Mode : Scan -- Date : 02/28/2013 22:12:02 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 3 ¤¤¤ [RUN][SUSP PATH] HKLM\[...]\Run : SearchProtection (C:\ProgramData\Search Protection\_run.bat) [x] -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ Extern Hives: ¤¤¤ -> D:\windows\system32\config\SOFTWARE -> D:\windows\system32\config\SYSTEM -> D:\Users\Default\NTUSER.DAT ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ::1 localhost |
28-Feb-2013, 05:34 PM
#12 | ||||||
| I can assure you that any tools you are asked to run are completely safe and free from any infections. RogueKiller found one suspicious startup entry, very likely related to your problem. Please run RogueKiller again, once you have completed the scan hit the Delete button, then the Report button and post the log. For your problem with ADWCleaner it should have saved a copy of the log on your C: drive, it will be listed as ADWCLeaner[S1].txt the number in the brackets may be different, if you ran it more than once please post the log from the first scan you did.
__________________ Please Copy & Paste scan results into your replies, DO NOT send them as attachments or in Code or Quote boxes unless asked to. |
28-Feb-2013, 05:50 PM
#13 | ||||||
| So here is ADW Cleaner's log and in a minute will rune roguekiller again and post. Thanks so much for your attendance on my troubles! # AdwCleaner v2.113 - Logfile created 02/28/2013 at 18:54:48 # Updated 23/02/2013 by Xplode # Operating system : Windows Vista (TM) Home Premium Service Pack 1 (32 bits) # User : millymatt - MILLYMATT-PC # Boot Mode : Normal # Running from : C:\Users\millymatt\Downloads\adwcleaner (1).exe # Option [Delete] ***** [Services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\Program Files\Crawler Folder Deleted : C:\ProgramData\BrowserProtect Folder Deleted : C:\ProgramData\search protection ***** [Registry] ***** Key Deleted : HKCU\Software\5c28fdeb36aed44 Key Deleted : HKCU\Software\DataMngr Key Deleted : HKCU\Software\DataMngr_Toolbar Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{4EF645BD-65B0-4F98-AD56-D0437B7045F6}_is1 Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CCB69577-088B-4004-9ED8-FF5BCC83A039} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCB69577-088B-4004-9ED8-FF5BCC83A039} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} Key Deleted : HKCU\Software\Softonic Key Deleted : HKLM\SOFTWARE\5c28fdeb36aed44 Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48} Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap Key Deleted : HKLM\Software\DataMngr Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4B3803EA-5230-4DC3-A7FC-33638F3D3542}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}] ***** [Internet Browsers] ***** -\\ Internet Explorer v8.0.6001.19088 Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60195 --> hxxp://www.google.com -\\ Google Chrome v25.0.1364.97 File : C:\Users\millymatt\AppData\Local\Google\Chrome\User Data\Default\Preferences Deleted [l.3480] : urls_to_restore_on_startup = [ "hxxp://securesearch.lavasoft.com/?source=f439e2c0&tbp=homepag[...] ************************* AdwCleaner[S1].txt - [4516 octets] - [28/02/2013 18:54:48] ########## EOF - C:\AdwCleaner[S1].txt - [4576 octets] ########## |
28-Feb-2013, 05:51 PM
#14 | ||||||
| So here is ADW Cleaner's log and in a minute will rune roguekiller again and post. Thanks so much for your attendance on my troubles! # AdwCleaner v2.113 - Logfile created 02/28/2013 at 18:54:48 # Updated 23/02/2013 by Xplode # Operating system : Windows Vista (TM) Home Premium Service Pack 1 (32 bits) # User : millymatt - MILLYMATT-PC # Boot Mode : Normal # Running from : C:\Users\millymatt\Downloads\adwcleaner (1).exe # Option [Delete] ***** [Services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\Program Files\Crawler Folder Deleted : C:\ProgramData\BrowserProtect Folder Deleted : C:\ProgramData\search protection ***** [Registry] ***** Key Deleted : HKCU\Software\5c28fdeb36aed44 Key Deleted : HKCU\Software\DataMngr Key Deleted : HKCU\Software\DataMngr_Toolbar Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{4EF645BD-65B0-4F98-AD56-D0437B7045F6}_is1 Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CCB69577-088B-4004-9ED8-FF5BCC83A039} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCB69577-088B-4004-9ED8-FF5BCC83A039} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} Key Deleted : HKCU\Software\Softonic Key Deleted : HKLM\SOFTWARE\5c28fdeb36aed44 Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48} Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap Key Deleted : HKLM\Software\DataMngr Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4B3803EA-5230-4DC3-A7FC-33638F3D3542}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}] ***** [Internet Browsers] ***** -\\ Internet Explorer v8.0.6001.19088 Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60195 --> hxxp://www.google.com -\\ Google Chrome v25.0.1364.97 File : C:\Users\millymatt\AppData\Local\Google\Chrome\User Data\Default\Preferences Deleted [l.3480] : urls_to_restore_on_startup = [ "hxxp://securesearch.lavasoft.com/?source=f439e2c0&tbp=homepag[...] ************************* AdwCleaner[S1].txt - [4516 octets] - [28/02/2013 18:54:48] ########## EOF - C:\AdwCleaner[S1].txt - [4576 octets] ########## |
28-Feb-2013, 06:02 PM
#15 | ||||||
| ... And here's the roguekiller log RogueKiller V8.5.2 [Feb 23 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files...3-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows Vista (6.0.6001 Service Pack 1) 32 bits version Started in : Normal mode User : millymatt [Admin rights] Mode : Remove -- Date : 02/28/2013 23:00:10 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 3 ¤¤¤ [RUN][SUSP PATH] HKLM\[...]\Run : SearchProtection (C:\ProgramData\Search Protection\_run.bat) [x] -> DELETED [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ Extern Hives: ¤¤¤ -> D:\windows\system32\config\SOFTWARE -> D:\windows\system32\config\SYSTEM -> D:\Users\Default\NTUSER.DAT ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST3250310AS ATA Device +++++ --- User --- [MBR] 8b5b659faa81e45c42691f1b52e1dc96 [BSP] 7d4755e7c820a24a8f2162a6ed0543bc : Windows Vista MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 62 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 129024 | Size: 10240 Mo 2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 21100544 | Size: 228114 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[3]_D_02282013_02d2300.txt >> RKreport[1]_S_02282013_02d2212.txt ; RKreport[2]_S_02282013_02d2258.txt ; RKreport[3]_D_02282013_02d2300.txt |
Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.
If you're not already familiar with forums, watch our Welcome Guide to get started.
| |
| Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
| Thread Tools | |
| |
