Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
Fbdownloader problem
Message
<blockquote data-quote="Simmikke" data-source="post: 103917" data-attributes="member: 5699"><p>So sorry, but when I first did the OTL fix, and the notepad popped up, I closed the notepad, and I can't find it anymore... But I have the rest.</p><p></p><p></p><p></p><p>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~</p><p>Junkware Removal Tool (JRT) by Thisisu</p><p>Version: 4.6.3 (02.12.2013:1)</p><p>OS: Windows 7 Enterprise x86</p><p>Ran by Admin on Tue 02/12/2013 at 16:38:35.27</p><p>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~</p><p></p><p></p><p></p><p></p><p>~~~ Services</p><p></p><p></p><p></p><p>~~~ Registry Values</p><p></p><p>Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\Start Page</p><p>Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\main\\Start Page</p><p>Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\main\\Start Page</p><p>Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\main\\Start Page</p><p>Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\main\\Start Page</p><p>Successfully repaired: [Registry Value] hkey_users\S-1-5-21-1534182006-4126816034-2511487509-1000\software\microsoft\internet explorer\main\\Start Page</p><p>Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\DefaultScope</p><p>Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\\DefaultScope</p><p>Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\searchscopes\\DefaultScope</p><p>Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\searchscopes\\DefaultScope</p><p>Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\searchscopes\\DefaultScope</p><p>Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\searchscopes\\DefaultScope</p><p>Successfully repaired: [Registry Value] hkey_users\S-1-5-21-1534182006-4126816034-2511487509-1000\software\microsoft\internet explorer\searchscopes\\DefaultScope</p><p></p><p></p><p></p><p>~~~ Registry Keys</p><p></p><p>Successfully deleted: [Registry Key] hkey_local_machine\software\babylon</p><p>Successfully deleted: [Registry Key] hkey_local_machine\software\conduit</p><p>Successfully deleted: [Registry Key] hkey_current_user\software\cr_installer</p><p>Successfully deleted: [Registry Key] hkey_current_user\software\filescout</p><p>Successfully deleted: [Registry Key] hkey_local_machine\software\freeze.com</p><p>Successfully deleted: [Registry Key] hkey_current_user\software\softonic</p><p>Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduit</p><p>Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduitsearchscopes</p><p>Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\crossrider</p><p>Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\pricegong</p><p>Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\smartbar</p><p>Successfully deleted: [Registry Key] hkey_local_machine\software\classes\prod.cap</p><p>Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\mybabylontb_rasapi32</p><p>Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\mybabylontb_rasmancs</p><p>Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT3227981</p><p>Successfully deleted: [Registry Key] hkey_classes_root\clsid\{26d675ac-d925-4bbf-a720-62c2aa4a81eb}</p><p>Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{26d675ac-d925-4bbf-a720-62c2aa4a81eb}</p><p>Successfully deleted: [Registry Key] hkey_classes_root\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}</p><p>Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990}</p><p>Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990}</p><p>Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{95b7759c-8c7f-4bf1-b163-73684a933233}</p><p>Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}</p><p>Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}</p><p>Successfully deleted: [Registry Key] hkey_classes_root\clsid\{d824f0de-3d60-4f57-9eb1-66033ecd8abb}</p><p>Successfully deleted: [Registry Key] "hkey_local_machine\software\apn" </p><p>Successfully deleted: [Registry Key] "hkey_local_machine\software\asktoolbar" </p><p>Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\0cfe535c35f99574e8340bfa75bf92c2" </p><p>Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\120dfadeb50841f408f04d2a278f9509" </p><p>Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\261f213d1f55267499b1f87d0cc3bcf7" </p><p>Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\741b4adf27276464790022c965ab6da8" </p><p>Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\7de196b10195f5647a2b21b761f3de01" </p><p>Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\9d4f5849367142e4685ed8c25e44c5ed" </p><p>Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\a5875b04372c19545beb90d4d606c472" </p><p>Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\a876d9e80b896ec44a8620248cc79296" </p><p>Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\b66ffab725b92594c986de826a867888" </p><p></p><p></p><p></p><p>~~~ Files</p><p></p><p>Successfully deleted: [File] "C:\Windows\system32\roboot.exe"</p><p></p><p></p><p></p><p>~~~ Folders</p><p></p><p>Successfully deleted: [Folder] "C:\ProgramData\babylon"</p><p>Failed to delete: [Folder] "C:\ProgramData\wecarereminder"</p><p>Successfully deleted: [Folder] "C:\Users\Admin\AppData\Roaming\babylon"</p><p>Successfully deleted: [Folder] "C:\Users\Admin\AppData\Roaming\datamgr"</p><p>Successfully deleted: [Folder] "C:\Users\Admin\AppData\Roaming\fbdownloader"</p><p>Successfully deleted: [Folder] "C:\Users\Admin\AppData\Roaming\opencandy"</p><p>Successfully deleted: [Folder] "C:\Users\Admin\AppData\Roaming\performersoft"</p><p>Successfully deleted: [Folder] "C:\Users\Admin\AppData\Roaming\registry mechanic"</p><p>Successfully deleted: [Folder] "C:\Users\Admin\appdata\local\conduit"</p><p>Successfully deleted: [Folder] "C:\Users\Admin\appdata\locallow\babylontoolbar"</p><p>Successfully deleted: [Folder] "C:\Users\Admin\appdata\locallow\conduit"</p><p>Successfully deleted: [Folder] "C:\Users\Admin\appdata\locallow\pricegong"</p><p>Successfully deleted: [Folder] "C:\Users\Admin\appdata\locallow\searchresultstb"</p><p>Successfully deleted: [Folder] "C:\Program Files\conduit"</p><p>Successfully deleted: [Folder] "C:\Program Files\file scout"</p><p>Successfully deleted: [Folder] "C:\Program Files\i want this"</p><p>Successfully deleted: [Folder] "C:\Program Files\inbox toolbar"</p><p>Successfully deleted: [Folder] "C:\Program Files\pc performer"</p><p>Successfully deleted: [Folder] "C:\Program Files\registry mechanic"</p><p>Successfully deleted: [Folder] "C:\Program Files\toolbar2"</p><p>Successfully deleted: [Folder] "C:\Users\Admin\AppData\Roaming\microsoft\windows\start menu\programs\rivalgaming"</p><p>Successfully deleted: [Folder] "C:\Program Files\ask.com" </p><p></p><p></p><p></p><p>~~~ Event Viewer Logs were cleared</p><p></p><p></p><p></p><p></p><p></p><p>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~</p><p>Scan was completed on Tue 02/12/2013 at 16:44:49.16</p><p>End of JRT log</p><p>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~</p><p></p><p></p><p>RogueKiller V8.5.1 [Feb 12 2013] by Tigzy</p><p>mail : tigzyRK<at>gmail<dot>com</p><p>Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/</p><p>Website : http://tigzy.geekstogo.com/roguekiller.php</p><p>Blog : http://tigzyrk.blogspot.com/</p><p></p><p>Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version</p><p>Started in : Normal mode</p><p>User : Admin [Admin rights]</p><p>Mode : Scan -- Date : 02/12/2013 16:49:40</p><p>| ARK || FAK || MBR |</p><p></p><p>¤¤¤ Bad processes : 0 ¤¤¤</p><p></p><p>¤¤¤ Registry Entries : 13 ¤¤¤</p><p>[RUN][SUSP PATH] HKCU\[...]\Run : SCheck ("C:\Users\Admin\AppData\Roaming\SCheck\SCheck.exe" check ) [-] -> FOUND</p><p>[RUN][SUSP PATH] HKCU\[...]\Run : SSync ("C:\Users\Admin\AppData\Roaming\SSync\SSync.exe") [-] -> FOUND</p><p>[RUN][SUSP PATH] HKCU\[...]\Run : DataMgr ("C:\Users\Admin\AppData\Roaming\DataMgr\DataMgr.exe") [x] -> FOUND</p><p>[RUN][SUSP PATH] HKLM\[...]\Run : ShopAtHomeWatcher (C:\Users\Admin\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe) [x] -> FOUND</p><p>[RUN][SUSP PATH] HKUS\S-1-5-21-1534182006-4126816034-2511487509-1000[...]\Run : SCheck ("C:\Users\Admin\AppData\Roaming\SCheck\SCheck.exe" check ) [-] -> FOUND</p><p>[RUN][SUSP PATH] HKUS\S-1-5-21-1534182006-4126816034-2511487509-1000[...]\Run : SSync ("C:\Users\Admin\AppData\Roaming\SSync\SSync.exe") [-] -> FOUND</p><p>[RUN][SUSP PATH] HKUS\S-1-5-21-1534182006-4126816034-2511487509-1000[...]\Run : DataMgr ("C:\Users\Admin\AppData\Roaming\DataMgr\DataMgr.exe") [x] -> FOUND</p><p>[TASK][SUSP PATH] Updater2258.exe : C:\Users\Admin\AppData\Local\Updater2258\Updater2258.exe /extensionid=2258 /extensionname="I Want This" /chromeid=mpfapcdfbbledbojijcbcclmlieaoogk [x] -> FOUND</p><p>[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND</p><p>[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND</p><p>[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND</p><p>[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND</p><p>[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND</p><p></p><p>¤¤¤ Particular Files / Folders: ¤¤¤</p><p></p><p>¤¤¤ Driver : [LOADED] ¤¤¤</p><p></p><p>¤¤¤ HOSTS File: ¤¤¤</p><p>--> C:\Windows\system32\drivers\etc\hosts</p><p></p><p>ÿþ1</p><p></p><p>¤¤¤ MBR Check: ¤¤¤</p><p></p><p>+++++ PhysicalDrive0: HTS548060M9AT00 ATA Device +++++</p><p>--- User ---</p><p>[MBR] 4729a7a0d798ea9755a9450070adc944</p><p>[BSP] e0bb65034f1a36dad08a571bb3d82723 : Windows 7/8 MBR Code</p><p>Partition table:</p><p>0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 48140 Mo</p><p>1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 98590905 | Size: 9083 Mo</p><p>User = LL1 ... OK!</p><p>User = LL2 ... OK!</p><p></p><p>Finished : << RKreport[1]_S_02122013_02d1649.txt >></p><p>RKreport[1]_S_02122013_02d1649.txt</p></blockquote><p></p>
[QUOTE="Simmikke, post: 103917, member: 5699"] So sorry, but when I first did the OTL fix, and the notepad popped up, I closed the notepad, and I can't find it anymore... But I have the rest. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.6.3 (02.12.2013:1) OS: Windows 7 Enterprise x86 Ran by Admin on Tue 02/12/2013 at 16:38:35.27 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\Start Page Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\main\\Start Page Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\main\\Start Page Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\main\\Start Page Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\main\\Start Page Successfully repaired: [Registry Value] hkey_users\S-1-5-21-1534182006-4126816034-2511487509-1000\software\microsoft\internet explorer\main\\Start Page Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\DefaultScope Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\\DefaultScope Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\searchscopes\\DefaultScope Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\searchscopes\\DefaultScope Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\searchscopes\\DefaultScope Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\searchscopes\\DefaultScope Successfully repaired: [Registry Value] hkey_users\S-1-5-21-1534182006-4126816034-2511487509-1000\software\microsoft\internet explorer\searchscopes\\DefaultScope ~~~ Registry Keys Successfully deleted: [Registry Key] hkey_local_machine\software\babylon Successfully deleted: [Registry Key] hkey_local_machine\software\conduit Successfully deleted: [Registry Key] hkey_current_user\software\cr_installer Successfully deleted: [Registry Key] hkey_current_user\software\filescout Successfully deleted: [Registry Key] hkey_local_machine\software\freeze.com Successfully deleted: [Registry Key] hkey_current_user\software\softonic Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduit Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduitsearchscopes Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\crossrider Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\pricegong Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\smartbar Successfully deleted: [Registry Key] hkey_local_machine\software\classes\prod.cap Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\mybabylontb_rasapi32 Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\mybabylontb_rasmancs Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT3227981 Successfully deleted: [Registry Key] hkey_classes_root\clsid\{26d675ac-d925-4bbf-a720-62c2aa4a81eb} Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{26d675ac-d925-4bbf-a720-62c2aa4a81eb} Successfully deleted: [Registry Key] hkey_classes_root\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1} Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990} Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990} Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{95b7759c-8c7f-4bf1-b163-73684a933233} Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} Successfully deleted: [Registry Key] hkey_classes_root\clsid\{d824f0de-3d60-4f57-9eb1-66033ecd8abb} Successfully deleted: [Registry Key] "hkey_local_machine\software\apn" Successfully deleted: [Registry Key] "hkey_local_machine\software\asktoolbar" Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\0cfe535c35f99574e8340bfa75bf92c2" Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\120dfadeb50841f408f04d2a278f9509" Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\261f213d1f55267499b1f87d0cc3bcf7" Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\741b4adf27276464790022c965ab6da8" Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\7de196b10195f5647a2b21b761f3de01" Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\9d4f5849367142e4685ed8c25e44c5ed" Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\a5875b04372c19545beb90d4d606c472" Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\a876d9e80b896ec44a8620248cc79296" Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\b66ffab725b92594c986de826a867888" ~~~ Files Successfully deleted: [File] "C:\Windows\system32\roboot.exe" ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\babylon" Failed to delete: [Folder] "C:\ProgramData\wecarereminder" Successfully deleted: [Folder] "C:\Users\Admin\AppData\Roaming\babylon" Successfully deleted: [Folder] "C:\Users\Admin\AppData\Roaming\datamgr" Successfully deleted: [Folder] "C:\Users\Admin\AppData\Roaming\fbdownloader" Successfully deleted: [Folder] "C:\Users\Admin\AppData\Roaming\opencandy" Successfully deleted: [Folder] "C:\Users\Admin\AppData\Roaming\performersoft" Successfully deleted: [Folder] "C:\Users\Admin\AppData\Roaming\registry mechanic" Successfully deleted: [Folder] "C:\Users\Admin\appdata\local\conduit" Successfully deleted: [Folder] "C:\Users\Admin\appdata\locallow\babylontoolbar" Successfully deleted: [Folder] "C:\Users\Admin\appdata\locallow\conduit" Successfully deleted: [Folder] "C:\Users\Admin\appdata\locallow\pricegong" Successfully deleted: [Folder] "C:\Users\Admin\appdata\locallow\searchresultstb" Successfully deleted: [Folder] "C:\Program Files\conduit" Successfully deleted: [Folder] "C:\Program Files\file scout" Successfully deleted: [Folder] "C:\Program Files\i want this" Successfully deleted: [Folder] "C:\Program Files\inbox toolbar" Successfully deleted: [Folder] "C:\Program Files\pc performer" Successfully deleted: [Folder] "C:\Program Files\registry mechanic" Successfully deleted: [Folder] "C:\Program Files\toolbar2" Successfully deleted: [Folder] "C:\Users\Admin\AppData\Roaming\microsoft\windows\start menu\programs\rivalgaming" Successfully deleted: [Folder] "C:\Program Files\ask.com" ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Tue 02/12/2013 at 16:44:49.16 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ RogueKiller V8.5.1 [Feb 12 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version Started in : Normal mode User : Admin [Admin rights] Mode : Scan -- Date : 02/12/2013 16:49:40 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 13 ¤¤¤ [RUN][SUSP PATH] HKCU\[...]\Run : SCheck ("C:\Users\Admin\AppData\Roaming\SCheck\SCheck.exe" check ) [-] -> FOUND [RUN][SUSP PATH] HKCU\[...]\Run : SSync ("C:\Users\Admin\AppData\Roaming\SSync\SSync.exe") [-] -> FOUND [RUN][SUSP PATH] HKCU\[...]\Run : DataMgr ("C:\Users\Admin\AppData\Roaming\DataMgr\DataMgr.exe") [x] -> FOUND [RUN][SUSP PATH] HKLM\[...]\Run : ShopAtHomeWatcher (C:\Users\Admin\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe) [x] -> FOUND [RUN][SUSP PATH] HKUS\S-1-5-21-1534182006-4126816034-2511487509-1000[...]\Run : SCheck ("C:\Users\Admin\AppData\Roaming\SCheck\SCheck.exe" check ) [-] -> FOUND [RUN][SUSP PATH] HKUS\S-1-5-21-1534182006-4126816034-2511487509-1000[...]\Run : SSync ("C:\Users\Admin\AppData\Roaming\SSync\SSync.exe") [-] -> FOUND [RUN][SUSP PATH] HKUS\S-1-5-21-1534182006-4126816034-2511487509-1000[...]\Run : DataMgr ("C:\Users\Admin\AppData\Roaming\DataMgr\DataMgr.exe") [x] -> FOUND [TASK][SUSP PATH] Updater2258.exe : C:\Users\Admin\AppData\Local\Updater2258\Updater2258.exe /extensionid=2258 /extensionname="I Want This" /chromeid=mpfapcdfbbledbojijcbcclmlieaoogk [x] -> FOUND [HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND [HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts ÿþ1 ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: HTS548060M9AT00 ATA Device +++++ --- User --- [MBR] 4729a7a0d798ea9755a9450070adc944 [BSP] e0bb65034f1a36dad08a571bb3d82723 : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 48140 Mo 1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 98590905 | Size: 9083 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1]_S_02122013_02d1649.txt >> RKreport[1]_S_02122013_02d1649.txt [/QUOTE]
Insert quotes…
Verification
Post reply
Top
