Jump to content

iChipd

Members
 View Profile  See their activity

  • Posts

    4

  • Joined

  • Last visited

Reputation

0 Neutral
  1. iChipd
    I am really not sure if there is a problem, I am concerned as I have sensitive information/accoutns that I access on this computer regularly.
  2. iChipd
    It still redirects when I load up google chrome. I have no idea how much this reflects the state of my computer/ If the problem is still present. Log: ComboFix 13-01-11.02 - Ryan 12/01/2013 23:29:51.1.4 - x86 Microsoft Windows 7 Professional 6.1.7601.1.1252.61.1033.18.3070.2250 [GMT 11:00] Running from: c:\users\Ryan\Desktop\ComboFix.exe AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\install.exe c:\users\Ryan\AppData\Roaming\Roaming c:\users\Ryan\AppData\Roaming\Roaming\HoldemManager\config\FTPRushTables.xml c:\users\Ryan\AppData\Roaming\Roaming\HoldemManager\Importing\Work Folder\Thumbs.db c:\windows\ST6UNST.000 c:\windows\wininit.ini . . ((((((((((((((((((((((((( Files Created from 2012-12-12 to 2013-01-12 ))))))))))))))))))))))))))))))) . . 2013-01-12 12:40 . 2013-01-12 12:40 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2013-01-12 12:40 . 2013-01-12 12:40 -------- d-----w- c:\users\postgres\AppData\Local\temp 2013-01-12 12:40 . 2013-01-12 12:40 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-01-12 07:32 . 2013-01-12 07:32 15616 ----a-w- c:\windows\system32\drivers\TrueSight.sys 2013-01-12 02:18 . 2013-01-12 02:18 -------- d-----w- c:\users\Ryan\AppData\Local\Mikogo4 2013-01-12 02:06 . 2013-01-12 02:06 -------- d-----w- C:\TDSSKiller_Quarantine 2013-01-11 00:47 . 2013-01-11 00:47 -------- d-----w- c:\programdata\Cloud Software LTD 2013-01-11 00:47 . 2013-01-11 00:47 -------- d-----w- c:\program files\SoftQuick 2013-01-11 00:45 . 2013-01-11 00:45 -------- d-----w- c:\programdata\CloudSoft 2013-01-11 00:45 . 2013-01-11 00:45 -------- d-----w- c:\program files\ContinueToSave 2013-01-11 00:44 . 2013-01-12 01:59 -------- d-----w- c:\programdata\continuetosave 2013-01-09 08:50 . 2012-11-23 02:56 2345984 ----a-w- c:\windows\system32\win32k.sys 2013-01-09 08:50 . 2012-11-09 04:43 492032 ----a-w- c:\windows\system32\win32spl.dll 2013-01-09 08:43 . 2012-11-01 04:47 1389568 ----a-w- c:\windows\system32\msxml6.dll 2013-01-09 08:41 . 2012-11-20 04:51 220160 ----a-w- c:\windows\system32\ncrypt.dll 2013-01-09 08:41 . 2012-11-23 02:48 49152 ----a-w- c:\windows\system32\taskhost.exe 2012-12-21 20:27 . 2012-12-21 20:27 -------- d-----w- C:\found.000 2012-12-21 16:01 . 2012-12-16 14:13 295424 ----a-w- c:\windows\system32\atmfd.dll 2012-12-21 16:01 . 2012-12-16 14:13 34304 ----a-w- c:\windows\system32\atmlib.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-01-12 07:41 . 2010-02-11 16:16 16608 ----a-w- c:\windows\gdrv.sys 2012-11-25 15:44 . 2012-11-25 15:44 3328 ----a-w- C:\STF17D9.tmp 2012-11-25 14:31 . 2012-11-25 14:31 3328 ----a-w- C:\STFDF59.tmp 2012-11-25 14:16 . 2012-11-25 14:16 3328 ----a-w- C:\STF3267.tmp 2012-11-25 12:15 . 2012-11-25 12:15 3328 ----a-w- C:\STF3ACC.tmp 2012-11-12 11:52 . 2012-12-12 09:25 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2012-11-09 04:42 . 2012-12-12 09:18 2048 ----a-w- c:\windows\system32\tzres.dll 2012-11-02 05:11 . 2012-12-12 09:10 376832 ----a-w- c:\windows\system32\dpnet.dll 2012-10-27 06:26 . 2012-12-12 09:25 981504 ----a-w- c:\windows\system32\wininet.dll 2012-10-21 12:36 . 2012-10-21 12:36 477168 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-10-21 12:36 . 2010-12-02 13:37 473072 ----a-w- c:\windows\system32\deployJava1.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{44C1C2CB-695A-942B-C94C-5C4A8B9FE74A}] 2013-01-11 01:06 118784 ----a-w- c:\programdata\continuetosave\50ef65a0ba02e.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal] @="{C5994560-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 00:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified] @="{C5994561-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 00:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict] @="{C5994562-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 00:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked] @="{C5994563-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 00:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly] @="{C5994564-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 00:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted] @="{C5994565-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 00:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded] @="{C5994566-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 00:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored] @="{C5994567-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 00:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned] @="{C5994568-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 00:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696] "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2013-01-10 969104] "Steam"="c:\program files\Steam\Steam.exe" [2012-12-09 1354736] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656] "AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-07-30 2596984] "TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2010-11-24 1233856] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896] "LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-12-10 2254768] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart . R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [x] R2 M4-Service;M4-Service;c:\users\Ryan\AppData\Roaming\Mikogo 4\M4-Service.exe [x] R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x] R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x] R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [x] R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [x] R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [x] S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [x] S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x] S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x] S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x] S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [x] S2 ES lite Service;ES lite Service for program management.;c:\program files\Gigabyte\EasySaver\ESSVR.EXE [x] S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [x] S2 postgresql-8.4;PostgreSQL Server 8.4;C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 -D C:/Program Files/PostgreSQL/8.4/data -w [x] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x] S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [x] S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [x] S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfilterx.sys [x] S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x] . . Contents of the 'Scheduled Tasks' folder . 2013-01-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cd2dc7f72695e5.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-02-08 02:44] . 2013-01-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cd2dc7f82cbf1c.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-02-08 02:44] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com mStart Page = hxxp://www.google.com uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: DhcpNameServer = 220.101.191.16 220.101.191.17 180.216.255.56 . - - - - ORPHANS REMOVED - - - - . SafeBoot-60845039.sys AddRemove-ContinueToSave - c:\progra~2\INSTAL~1\CONTIN~1\Setup.exe AddRemove-WinZip - c:\program files\WinZip\WINZIP32.EXE . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\postgresql-8.4] "ImagePath"="C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files/PostgreSQL/8.4/data\" -w" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\postgresql-8.4] "ImagePath"="C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files/PostgreSQL/8.4/data\" -w" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-01-12 23:43:02 ComboFix-quarantined-files.txt 2013-01-12 12:43 . Pre-Run: 86,930,231,296 bytes free Post-Run: 86,906,507,264 bytes free . - - End Of File - - 99C896CEE372DB44267317C4E14F0AD7
  3. iChipd
    Thank you for the speedy reply. Here is what you requested. Let me know if I have left anything out or made any mistakes. Thanks again. Security Check Results of screen317's Security Check version 0.99.56 Windows 7 Service Pack 1 x86 (UAC is disabled!) Internet Explorer 8 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! AVG Anti-Virus Free Edition 2012 Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Spybot - Search & Destroy Trojan Remover 6.8.2 Java 6 Update 37 Java version out of Date! Adobe Flash Player 10 Flash Player out of Date! Adobe Flash Player 10.2.152.32 Flash Player out of Date! Adobe Reader 10.1.4 Adobe Reader out of Date! Google Chrome 21.0.1180.83 Google Chrome 21.0.1180.89 Google Chrome 22.0.1229.79 Google Chrome 22.0.1229.92 Google Chrome 22.0.1229.94 Google Chrome 23.0.1271.64 Google Chrome 23.0.1271.91 Google Chrome 23.0.1271.95 Google Chrome 23.0.1271.97 ````````Process Check: objlist.exe by Laurent```````` AVG avgwdsvc.exe AVG avgtray.exe AVG avgrsx.exe AVG avgnsx.exe AVG avgemc.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log`````````````````````` AdwCleaner # AdwCleaner v2.105 - Logfile created 01/12/2013 at 18:39:19 # Updated 08/01/2013 by Xplode # Operating system : Windows 7 Professional Service Pack 1 (32 bits) # User : Ryan - RYAN-PC # Boot Mode : Normal # Running from : C:\Users\Ryan\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** Stopped & Deleted : RelevantKnowledge ***** [Files / Folders] ***** File Deleted : C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\lcz8z7r8.default\searchplugins\WebSearch.xml Folder Deleted : C:\Program Files\ScanQuery Folder Deleted : C:\ProgramData\InstallMate Folder Deleted : C:\ProgramData\ScanQuery Folder Deleted : C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla ***** [Registry] ***** Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~1\contin~1\sprote~1.dll Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~1\softqu~1\sprote~1.dll Key Deleted : HKCU\Software\AppDataLow\SProtector Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{100EB1FD-D03E-47FD-81F3-EE91287F9465} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} Key Deleted : HKLM\SOFTWARE\14919ea49a8f3b4aa3cf1058d9a64cec Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0D82ACD6-A652-4496-A298-2BDE705F4227} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7025E484-D4B0-441A-9F0B-69063BD679CE} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{8258B35C-05B8-4C0E-9525-9BCCC70F8F2D} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A89256AD-EC17-4A83-BEF5-4B8BC4F39306} Key Deleted : HKLM\SOFTWARE\Classes\ShopperReports.Reporter Key Deleted : HKLM\SOFTWARE\Classes\ShopperReports.Reporter.1 Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755} Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} Key Deleted : HKLM\Software\SP Global Key Deleted : HKLM\Software\SProtector ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.7601.17514 Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://websearch.soft-quick.info/ --> hxxp://www.google.com Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://websearch.soft-quick.info/ --> hxxp://www.google.com -\\ Mozilla Firefox v [unable to get version] File : C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\lcz8z7r8.default\prefs.js Deleted : user_pref("FlashVD.cache.video", "hxxp://vids.myspace.com\nhxxp://www.yourfilehost.com\nhxxp://www.m[...] Deleted : user_pref("browser.startup.homepage", "hxxp://websearch.soft-quick.info/"); Deleted : user_pref("browser.search.order.1", "WebSearch"); Deleted : user_pref("browser.search.defaultenginename", "WebSearch"); Deleted : user_pref("browser.search.selectedEngine", "WebSearch"); Deleted : user_pref("browser.search.defaulturl", "hxxp://websearch.soft-quick.info/?l=1&q="); Deleted : user_pref("browser.search.order.1,S", "WebSearch"); Deleted : user_pref("browser.search.defaultenginename,S", "WebSearch"); Deleted : user_pref("browser.search.selectedEngine,S", "WebSearch"); Deleted : user_pref("keyword.URL", "hxxp://websearch.soft-quick.info/?l=1&q="); -\\ Google Chrome v23.0.1271.97 File : C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[s1].txt - [4083 octets] - [12/01/2013 18:39:19] ########## EOF - C:\AdwCleaner[s1].txt - [4143 octets] ########## RogueKiller RogueKiller V8.4.3 [Jan 10 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version Started in : Normal mode User : Ryan [Admin rights] Mode : Remove -- Date : 01/12/2013 18:34:34 ¤¤¤ Bad processes : 4 ¤¤¤ [sUSP PATH] M4-Service.exe -- C:\Users\Ryan\AppData\Roaming\Mikogo 4\M4-Service.exe -> KILLED [TermProc] [sUSP PATH] M4-Capture.exe -- C:\Users\Ryan\AppData\Roaming\Mikogo 4\M4-Capture.exe -> KILLED [TermProc] [sUSP PATH] ContinueToSave.exe -- C:\ProgramData\CloudSoft\ContinueToSave\ContinueToSave.exe -> KILLED [TermProc] [sUSP PATH] mikogo-host.exe -- C:\Users\Ryan\AppData\Roaming\Mikogo 4\mikogo-host.exe -> KILLED [TermProc] ¤¤¤ Registry Entries : 7 ¤¤¤ [RUN][sUSP PATH] HKCU\[...]\Run : Mikogo ("C:\Users\Ryan\AppData\Roaming\Mikogo 4\mikogo-host.exe" -asp) -> DELETED [TASK][sUSP PATH] {675A3B96-EF52-4BBC-A8F0-8BC959A3A0A1}.job : C:\ProgramData\CloudSoft\ContinueToSave\ContinueToSave.exe /schedule /profile "C:\PROGRA~2\CLOUDS~1\CONTIN~1\profile.ini" -> DELETED [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2) [HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1) [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1) [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: SAMSUNG HD753LJ ATA Device +++++ --- User --- [MBR] 58449ff1ec31d0767013088de73d5498 [bSP] 54dfd271db19cd1aae71562c07e5ab77 : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 715394 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[2]_D_01122013_02d1834.txt >> RKreport[1]_S_01122013_02d1833.txt ; RKreport[2]_D_01122013_02d1834.txt
  4. iChipd
    Symptoms: Redirects to Bing homepage via http://websearch.soft-quick.info. I am particularly worried about this collecting sensitive data (passwords etc) and key loggers etc My HijackThis log is attached. Thank you in advance for any assistance. hijackthis.log
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.