[http://websearch.soft-quick.info/ Have run TDSS Killer.]

I am really not sure if there is a problem, I am concerned as I have sensitive information/accoutns that I access on this computer regularly.

[http://websearch.soft-quick.info/ Have run TDSS Killer.]

It still redirects when I load up google chrome. I have no idea how much this reflects the state of my computer/ If the problem is still present.

Log:

ComboFix 13-01-11.02 - Ryan 12/01/2013 23:29:51.1.4 - x86

Microsoft Windows 7 Professional 6.1.7601.1.1252.61.1033.18.3070.2250 [GMT 11:00]

Running from: c:\users\Ryan\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\install.exe

c:\users\Ryan\AppData\Roaming\Roaming

c:\users\Ryan\AppData\Roaming\Roaming\HoldemManager\config\FTPRushTables.xml

c:\users\Ryan\AppData\Roaming\Roaming\HoldemManager\Importing\Work Folder\Thumbs.db

c:\windows\ST6UNST.000

c:\windows\wininit.ini

.

.

((((((((((((((((((((((((( Files Created from 2012-12-12 to 2013-01-12 )))))))))))))))))))))))))))))))

.

.

2013-01-12 12:40 . 2013-01-12 12:40 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2013-01-12 12:40 . 2013-01-12 12:40 -------- d-----w- c:\users\postgres\AppData\Local\temp

2013-01-12 12:40 . 2013-01-12 12:40 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-01-12 07:32 . 2013-01-12 07:32 15616 ----a-w- c:\windows\system32\drivers\TrueSight.sys

2013-01-12 02:18 . 2013-01-12 02:18 -------- d-----w- c:\users\Ryan\AppData\Local\Mikogo4

2013-01-12 02:06 . 2013-01-12 02:06 -------- d-----w- C:\TDSSKiller_Quarantine

2013-01-11 00:47 . 2013-01-11 00:47 -------- d-----w- c:\programdata\Cloud Software LTD

2013-01-11 00:47 . 2013-01-11 00:47 -------- d-----w- c:\program files\SoftQuick

2013-01-11 00:45 . 2013-01-11 00:45 -------- d-----w- c:\programdata\CloudSoft

2013-01-11 00:45 . 2013-01-11 00:45 -------- d-----w- c:\program files\ContinueToSave

2013-01-11 00:44 . 2013-01-12 01:59 -------- d-----w- c:\programdata\continuetosave

2013-01-09 08:50 . 2012-11-23 02:56 2345984 ----a-w- c:\windows\system32\win32k.sys

2013-01-09 08:50 . 2012-11-09 04:43 492032 ----a-w- c:\windows\system32\win32spl.dll

2013-01-09 08:43 . 2012-11-01 04:47 1389568 ----a-w- c:\windows\system32\msxml6.dll

2013-01-09 08:41 . 2012-11-20 04:51 220160 ----a-w- c:\windows\system32\ncrypt.dll

2013-01-09 08:41 . 2012-11-23 02:48 49152 ----a-w- c:\windows\system32\taskhost.exe

2012-12-21 20:27 . 2012-12-21 20:27 -------- d-----w- C:\found.000

2012-12-21 16:01 . 2012-12-16 14:13 295424 ----a-w- c:\windows\system32\atmfd.dll

2012-12-21 16:01 . 2012-12-16 14:13 34304 ----a-w- c:\windows\system32\atmlib.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-01-12 07:41 . 2010-02-11 16:16 16608 ----a-w- c:\windows\gdrv.sys

2012-11-25 15:44 . 2012-11-25 15:44 3328 ----a-w- C:\STF17D9.tmp

2012-11-25 14:31 . 2012-11-25 14:31 3328 ----a-w- C:\STFDF59.tmp

2012-11-25 14:16 . 2012-11-25 14:16 3328 ----a-w- C:\STF3267.tmp

2012-11-25 12:15 . 2012-11-25 12:15 3328 ----a-w- C:\STF3ACC.tmp

2012-11-12 11:52 . 2012-12-12 09:25 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2012-11-09 04:42 . 2012-12-12 09:18 2048 ----a-w- c:\windows\system32\tzres.dll

2012-11-02 05:11 . 2012-12-12 09:10 376832 ----a-w- c:\windows\system32\dpnet.dll

2012-10-27 06:26 . 2012-12-12 09:25 981504 ----a-w- c:\windows\system32\wininet.dll

2012-10-21 12:36 . 2012-10-21 12:36 477168 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-10-21 12:36 . 2010-12-02 13:37 473072 ----a-w- c:\windows\system32\deployJava1.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{44C1C2CB-695A-942B-C94C-5C4A8B9FE74A}]

2013-01-11 01:06 118784 ----a-w- c:\programdata\continuetosave\50ef65a0ba02e.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]

@="{C5994560-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 00:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]

@="{C5994561-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 00:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]

@="{C5994562-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 00:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]

@="{C5994563-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 00:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]

@="{C5994564-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 00:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]

@="{C5994565-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 00:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]

@="{C5994566-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 00:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]

@="{C5994567-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 00:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]

@="{C5994568-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 00:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]

"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2013-01-10 969104]

"Steam"="c:\program files\Steam\Steam.exe" [2012-12-09 1354736]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]

"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-07-30 2596984]

"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2010-11-24 1233856]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]

"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-12-10 2254768]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart

.

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [x]

R2 M4-Service;M4-Service;c:\users\Ryan\AppData\Roaming\Mikogo 4\M4-Service.exe [x]

R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]

R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]

R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [x]

R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [x]

R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [x]

S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [x]

S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]

S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x]

S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x]

S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [x]

S2 ES lite Service;ES lite Service for program management.;c:\program files\Gigabyte\EasySaver\ESSVR.EXE [x]

S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [x]

S2 postgresql-8.4;PostgreSQL Server 8.4;C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 -D C:/Program Files/PostgreSQL/8.4/data -w [x]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]

S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [x]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [x]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfilterx.sys [x]

S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2013-01-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cd2dc7f72695e5.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-08 02:44]

.

2013-01-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cd2dc7f82cbf1c.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-08 02:44]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com

mStart Page = hxxp://www.google.com

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

TCP: DhcpNameServer = 220.101.191.16 220.101.191.17 180.216.255.56

.

- - - - ORPHANS REMOVED - - - -

.

SafeBoot-60845039.sys

AddRemove-ContinueToSave - c:\progra~2\INSTAL~1\CONTIN~1\Setup.exe

AddRemove-WinZip - c:\program files\WinZip\WINZIP32.EXE

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\postgresql-8.4]

"ImagePath"="C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files/PostgreSQL/8.4/data\" -w"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\postgresql-8.4]

"ImagePath"="C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files/PostgreSQL/8.4/data\" -w"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-01-12 23:43:02

ComboFix-quarantined-files.txt 2013-01-12 12:43

.

Pre-Run: 86,930,231,296 bytes free

Post-Run: 86,906,507,264 bytes free

.

- - End Of File - - 99C896CEE372DB44267317C4E14F0AD7

[http://websearch.soft-quick.info/ Have run TDSS Killer.]

Thank you for the speedy reply. Here is what you requested. Let me know if I have left anything out or made any mistakes. Thanks again.

Security Check

Results of screen317's Security Check version 0.99.56

Windows 7 Service Pack 1 x86 (UAC is disabled!)

Internet Explorer 8 Out of date!

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

AVG Anti-Virus Free Edition 2012

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Spybot - Search & Destroy

Trojan Remover 6.8.2

Java 6 Update 37

Java version out of Date!

Adobe Flash Player 10 Flash Player out of Date!

Adobe Flash Player 10.2.152.32 Flash Player out of Date!

Adobe Reader 10.1.4 Adobe Reader out of Date!

Google Chrome 21.0.1180.83

Google Chrome 21.0.1180.89

Google Chrome 22.0.1229.79

Google Chrome 22.0.1229.92

Google Chrome 22.0.1229.94

Google Chrome 23.0.1271.64

Google Chrome 23.0.1271.91

Google Chrome 23.0.1271.95

Google Chrome 23.0.1271.97

````````Process Check: objlist.exe by Laurent````````

AVG avgwdsvc.exe

AVG avgtray.exe

AVG avgrsx.exe

AVG avgnsx.exe

AVG avgemc.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 0%

````````````````````End of Log``````````````````````

AdwCleaner

# AdwCleaner v2.105 - Logfile created 01/12/2013 at 18:39:19

# Updated 08/01/2013 by Xplode

# Operating system : Windows 7 Professional Service Pack 1 (32 bits)

# User : Ryan - RYAN-PC

# Boot Mode : Normal

# Running from : C:\Users\Ryan\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

Stopped & Deleted : RelevantKnowledge

***** [Files / Folders] *****

File Deleted : C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\lcz8z7r8.default\searchplugins\WebSearch.xml

Folder Deleted : C:\Program Files\ScanQuery

Folder Deleted : C:\ProgramData\InstallMate

Folder Deleted : C:\ProgramData\ScanQuery

Folder Deleted : C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla

***** [Registry] *****

Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~1\contin~1\sprote~1.dll

Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~1\softqu~1\sprote~1.dll

Key Deleted : HKCU\Software\AppDataLow\SProtector

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{100EB1FD-D03E-47FD-81F3-EE91287F9465}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}

Key Deleted : HKLM\SOFTWARE\14919ea49a8f3b4aa3cf1058d9a64cec

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0D82ACD6-A652-4496-A298-2BDE705F4227}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7025E484-D4B0-441A-9F0B-69063BD679CE}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{8258B35C-05B8-4C0E-9525-9BCCC70F8F2D}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A89256AD-EC17-4A83-BEF5-4B8BC4F39306}

Key Deleted : HKLM\SOFTWARE\Classes\ShopperReports.Reporter

Key Deleted : HKLM\SOFTWARE\Classes\ShopperReports.Reporter.1

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}

Key Deleted : HKLM\Software\SP Global

Key Deleted : HKLM\Software\SProtector

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://websearch.soft-quick.info/ --> hxxp://www.google.com

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://websearch.soft-quick.info/ --> hxxp://www.google.com

-\\ Mozilla Firefox v [unable to get version]

File : C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\lcz8z7r8.default\prefs.js

Deleted : user_pref("FlashVD.cache.video", "hxxp://vids.myspace.com\nhxxp://www.yourfilehost.com\nhxxp://www.m[...]

Deleted : user_pref("browser.startup.homepage", "hxxp://websearch.soft-quick.info/");

Deleted : user_pref("browser.search.order.1", "WebSearch");

Deleted : user_pref("browser.search.defaultenginename", "WebSearch");

Deleted : user_pref("browser.search.selectedEngine", "WebSearch");

Deleted : user_pref("browser.search.defaulturl", "hxxp://websearch.soft-quick.info/?l=1&q=");

Deleted : user_pref("browser.search.order.1,S", "WebSearch");

Deleted : user_pref("browser.search.defaultenginename,S", "WebSearch");

Deleted : user_pref("browser.search.selectedEngine,S", "WebSearch");

Deleted : user_pref("keyword.URL", "hxxp://websearch.soft-quick.info/?l=1&q=");

-\\ Google Chrome v23.0.1271.97

File : C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[s1].txt - [4083 octets] - [12/01/2013 18:39:19]

########## EOF - C:\AdwCleaner[s1].txt - [4143 octets] ##########

RogueKiller

RogueKiller V8.4.3 [Jan 10 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version

Started in : Normal mode

User : Ryan [Admin rights]

Mode : Remove -- Date : 01/12/2013 18:34:34

¤¤¤ Bad processes : 4 ¤¤¤

[sUSP PATH] M4-Service.exe -- C:\Users\Ryan\AppData\Roaming\Mikogo 4\M4-Service.exe -> KILLED [TermProc]

[sUSP PATH] M4-Capture.exe -- C:\Users\Ryan\AppData\Roaming\Mikogo 4\M4-Capture.exe -> KILLED [TermProc]

[sUSP PATH] ContinueToSave.exe -- C:\ProgramData\CloudSoft\ContinueToSave\ContinueToSave.exe -> KILLED [TermProc]

[sUSP PATH] mikogo-host.exe -- C:\Users\Ryan\AppData\Roaming\Mikogo 4\mikogo-host.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 7 ¤¤¤

[RUN][sUSP PATH] HKCU\[...]\Run : Mikogo ("C:\Users\Ryan\AppData\Roaming\Mikogo 4\mikogo-host.exe" -asp) -> DELETED

[TASK][sUSP PATH] {675A3B96-EF52-4BBC-A8F0-8BC959A3A0A1}.job : C:\ProgramData\CloudSoft\ContinueToSave\ContinueToSave.exe /schedule /profile "C:\PROGRA~2\CLOUDS~1\CONTIN~1\profile.ini" -> DELETED

[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)

[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HD753LJ ATA Device +++++

--- User ---

[MBR] 58449ff1ec31d0767013088de73d5498

[bSP] 54dfd271db19cd1aae71562c07e5ab77 : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 715394 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[2]_D_01122013_02d1834.txt >>

RKreport[1]_S_01122013_02d1833.txt ; RKreport[2]_D_01122013_02d1834.txt

[http://websearch.soft-quick.info/ Have run TDSS Killer.]

Symptoms: Redirects to Bing homepage via http://websearch.soft-quick.info.

I am particularly worried about this collecting sensitive data (passwords etc) and key loggers etc

My HijackThis log is attached. Thank you in advance for any assistance.

hijackthis.log