Jump to content
IObit Forum
Top Free Driver Updater Tools Best 25 PC Optimization Software Best 22 Antimalware Best 22 Uninstaller Software IObit Coupons & Discount Offers PC Optimizer Mac Boost Advice IObit Coupons A Good Utility Program From IObit IObit Promo Codes IObit Coupon Codes IObit Coupons and Deals FAQs Driver Booster Pro Review

rouge program


rotorpowa

Recommended Posts

Posted

Logfile of Advanced SystemCare 3 Security Analyzer

Scan saved at 8:29:51 PM, on 30/10/2009

Platform: Windows Vista (WinNT 6.0)

MSIE: Internet Explorer v7.0 (7.0.6000.16386)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\rundll32.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Protector Suite QL\psqltray.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Eset\nod32kui.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\Java\jre1.5.0_17\bin\jusched.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe

C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe

C:\Program Files\CS\cs.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Windows Live\Toolbar\wltuser.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Java\jre1.5.0_17\bin\jucheck.exe

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: FCTBPos00Pos - {064F9A9F-3A73-41A1-8F33-D0660836FA8B} - C:\Program Files\Pirates - FB\Toolbar.dll

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)

O2 - BHO: (no name) - {35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC} - C:\Windows\System32\iehelpmod.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Search Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_17\bin\ssv.dll

O2 - BHO: Search Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Ask.com Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O2 - BHO: FCTBPos00Pos - {D484F49B-C743-42BB-BED0-DB1C9E36E477} - C:\Program Files\MyFarm\Toolbar.dll

O2 - BHO: FCTBPos00Pos - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O2 - BHO: FCTBPos00Pos - {F0626A63-410B-45E2-99A1-3F2475B2D695} - C:\Program Files\SGPSA\BHO.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Pirates - FB - {FCD92A5D-0984-4850-BE14-BDFA192150FF} - C:\Program Files\Pirates - FB\Toolbar.dll

O3 - Toolbar: MyFarm - {2BA760EE-6C34-415B-BDBB-041CF2A4609F} - C:\Program Files\MyFarm\Toolbar.dll

O3 - Toolbar: Ask.com Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O4 - HKCU\..\Run: [bigPond Connection Client] "C:\Program Files\Telstra\BigPond Connection Client\BigPondCC.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Google Update] "C:\Users\suzzi\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup

O4 - HKLM\..\Run: [NvSvc] "RUNDLL32.EXE" C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RtHDVCpl] "RtHDVCpl.exe"

O4 - HKLM\..\Run: [skytel] "Skytel.exe"

O4 - HKLM\..\Run: [synTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"

O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_17\bin\jusched.exe"

O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe" /startintray

O9 - Extra button: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

O9 - Extra button: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} -

O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Mahjong%20Escape%20-%20Ancient%20Japan/Images/stg_drm.ocx

O16 - DPF: {1B4F9DD7-2D7C-44B5-9126-73206DA0AE75} (CNavigationManager Object) - http://files.authentium.com/bigpond/bin/wizard.exe

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.5.0_17) - http://java.sun.com/update/1.5.0/jinstall-1_5_0_17-windows-i586.cab

O16 - DPF: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} (Java Plug-in 1.5.0_17) - http://java.sun.com/update/1.5.0/jinstall-1_5_0_17-windows-i586.cab

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.5.0_17) - http://java.sun.com/update/1.5.0/jinstall-1_5_0_17-windows-i586.cab

O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Mahjong%20Escape%20-%20Ancient%20Japan/Images/armhelper.ocx

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-au.cab

O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (http://www.webroot.com) - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown - %ProgramFiles%\Windows Media Player\wmpnetwk.exe

O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe

Posted

Hi rotorpowa

Ok, sorry hadn't checked that, but there were a manual method too??

Cheers

solbjerg

p.s. I suppose you have tried IS360 v. 1.10?

 

 

Thanks tried the program there but wont remove without payment
Posted

no worries i have tried advanced system care but not 360 my dad has the same rouge on one of his comps and he has paid for the full asc before 360 came out he said that either wont find it

Posted

i have tried to do the manual and cant seem to find one of the processes i found cs.exe but not tsc.exe it removed it from the tray but thats as far as i can get

Posted

Hi rotorpowa

Please read this link:

http://www.2-spyware.com/remove-cyber-security.html

 

The following is part of this link:

 

Cyber Security manual removal:

Kill processes:

tsc.exe csc.exe

HELP:

how to kill malicious processes

Delete registry values:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Cyber Security

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “1FD92E3F7C34799BFB075C41DA05D1FE”

HELP:

how to remove registry entries

Unregister DLLs:

winsource.dll iehelpmod.dll

HELP:

how to unregister malicious DLLs

Delete files:

tsc.exe csc.exe iehelpmod.dll winsource.dll Help.lnk Registration.lnk Cyber Security.lnk

HELP:

how to remove harmful files

Delete directories:

C:\Program Files\CS\

 

Cheers

solbjerg

 

just tried to download 360 and cyber security has blocked download.com and a heap of other things
Posted

Ok, i think i got it i used chrome instead of explorer and was able to download 360 and it worked. Just had to manually remove it from the programs list it was gone but still listed. Thanks for your help.

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...