1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

lavasoft adware blekko search engine

Discussion in 'Virus & Other Malware Removal' started by isasooner, Oct 22, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. isasooner

    isasooner Thread Starter

    Joined:
    Oct 22, 2012
    Messages:
    111
    Can you send the specific roguekiller instructions again so I know exactly what to do as I got confused with the last bit of instructions you sent earlier.
     
  2. Satchfan

    Satchfan Malware Specialist

    Joined:
    Jan 12, 2009
    Messages:
    650
    Run RogueKiller
    • when the prescan is finished, click on Scan
    • after it has completed, click on the “Registry” tab
      uncheck the following false positives
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    • make sure the other entries there are checked, then click on Delete
    Re-start RogueKillerm run a scan and send a new log.
     
  3. isasooner

    isasooner Thread Starter

    Joined:
    Oct 22, 2012
    Messages:
    111
    After running the scan, no new log is available to send..
     
  4. Satchfan

    Satchfan Malware Specialist

    Joined:
    Jan 12, 2009
    Messages:
    650
    As RogueKiller found infections on the first run, they must still be there as we didn't "fix" them. It is not the report I want at this stage, just to fix the bad files.

    Please run the scan again. When the scan is finished, click on the Registry button and make sure there is a check mark next to these entries:

    [TASK][ROGUEST] 0 : c:\program files (x86)\internet explorer\iexplore.exe -> FOUND
    [TASK][ROGUE ST] 4688 : wscript.exeC:\Users\Idris\AppData\Local\Temp\launchie.vbs //B -> FOUND
    [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
    [HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND

    Remove the check mark from these entries:

    [HJDESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1)-> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1)-> FOUND



    When you have done that, click on Delete.

    Now run a new scan and when the scan is finished, click on Report and post that in your reply.
     
  5. isasooner

    isasooner Thread Starter

    Joined:
    Oct 22, 2012
    Messages:
    111
    RogueKiller V8.2.0 [10/22/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website: http://tigzy.geekstogo.com/roguekiller.php
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Idris [Admin rights]
    Mode : Scan -- Date : 10/30/2012 10:46:34

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 3 ¤¤¤
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    [FILEASSO] HKLM\[...]\command : ("C:\Program Files (x86)\Internet Explorer\iexplore.exe") -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\windows\system32\drivers\etc\hosts

    127.0.0.1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: Hitachi HTS543232A7A384 ATA Device +++++
    --- User ---
    [MBR] bb8815480b4049995f78ce33c908329c
    [BSP] dcfc4537725933b1ce39cacdd24e39f1 : Windows Vista MBR Code
    Partition table:
    0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 288645 Mo
    2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 594219008 | Size: 15099 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[3].txt >>
    RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt
     
  6. Satchfan

    Satchfan Malware Specialist

    Joined:
    Jan 12, 2009
    Messages:
    650
    Good job.

    There is one more to fix.

    Run a scan again and this time make sure that this one has a check mark next to it:

    [FILEASSO] HKLM\[...]\command : ("C:\Program Files (x86)\Internet Explorer\iexplore.exe") -> FOUND

    Press Delete

    Send a new scan and tell me what problems remain.
     
  7. isasooner

    isasooner Thread Starter

    Joined:
    Oct 22, 2012
    Messages:
    111
    RogueKiller V8.2.0 [10/22/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website: http://tigzy.geekstogo.com/roguekiller.php
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Idris [Admin rights]
    Mode : Remove -- Date : 10/30/2012 11:31:14

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 3 ¤¤¤
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NOT SELECTED
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NOT SELECTED
    [FILEASSO] HKLM\[...]\command : ("C:\Program Files (x86)\Internet Explorer\iexplore.exe") -> REPLACED ("C:\Program Files (x86)\Internet Explorer\iexplore.exe")

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\windows\system32\drivers\etc\hosts

    127.0.0.1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: Hitachi HTS543232A7A384 ATA Device +++++
    --- User ---
    [MBR] bb8815480b4049995f78ce33c908329c
    [BSP] dcfc4537725933b1ce39cacdd24e39f1 : Windows Vista MBR Code
    Partition table:
    0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 288645 Mo
    2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 594219008 | Size: 15099 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[6].txt >>
    RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ;
    RKreport[6].txt
     
  8. Satchfan

    Satchfan Malware Specialist

    Joined:
    Jan 12, 2009
    Messages:
    650
    How are things running now?
     
  9. isasooner

    isasooner Thread Starter

    Joined:
    Oct 22, 2012
    Messages:
    111
    I am at work right now, I will let .you know latet
     
  10. Satchfan

    Satchfan Malware Specialist

    Joined:
    Jan 12, 2009
    Messages:
    650
  11. isasooner

    isasooner Thread Starter

    Joined:
    Oct 22, 2012
    Messages:
    111
    My DVD drive is still missing. do you have any idea how to relocate it?
     
  12. Satchfan

    Satchfan Malware Specialist

    Joined:
    Jan 12, 2009
    Messages:
    650
    Have you tried troubleshooting the problem?


    • open the Hardware and Devices troubleshooter by clicking Start, Control Panel.
    • click Troubleshooting. Under Hardware and Sound, click Configure a device.
    • if you're prompted for an administrator password or confirmation, type the password or provide confirmation.
    Let me know if that works
     
  13. isasooner

    isasooner Thread Starter

    Joined:
    Oct 22, 2012
    Messages:
    111
    Thanks that was a quick fix but, I still have lavasoft search engine on my laptop.everytime I open google chrome when signed in to my account 4 tabs open. My home page, 2 lavasoft search engine tabs and a bing search engine tab. How can we fix this?
     
  14. Satchfan

    Satchfan Malware Specialist

    Joined:
    Jan 12, 2009
    Messages:
    650
    One big problem with Chrome is that we cannot remove addons like we can with other browsers and uninstalling, re-installing Chrome is usually the only solution.

    When you uninstall, if asked about user data or settings, removethose also.
     
  15. isasooner

    isasooner Thread Starter

    Joined:
    Oct 22, 2012
    Messages:
    111
    I unistalled google chrome then reinstalled it and when logged into my google chrome account, every time I open my web browser still the same 4 tabs open. My home page, 2 lavasoft search engine tabs and a bing search engine tab. So do I just log out of my google chrome account or create another? I don't know how to get lavasoft off my laptop.Also I never use internet explorer web browser because I find it very slow compared to the others so I tried to delete it in my computer but could not find it to delete it. How do I delete internet explorer?
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1073716