Jump to content

bubba2435

Members
  • Posts

    4
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Hi Gringo, Thanks for checking in. I did Rogue Killer. Here is the report- it generated a report 1 and a report 2 so here they both are: RogueKiller V8.5.2 [Feb 23 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7600 ) 32 bits version Started in : Normal mode User : ronk [Admin rights] Mode : Scan -- Date : 02/26/2013 22:50:06 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 3 ¤¤¤ [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ SSDT[70] : NtCreateKey @ 0x82E55E2D -> HOOKED (Unknown @ 0x89327100) SSDT[79] : NtCreateProcess @ 0x82F223A5 -> HOOKED (Unknown @ 0x89326340) SSDT[80] : NtCreateProcessEx @ 0x82F223F0 -> HOOKED (Unknown @ 0x89326600) SSDT[87] : NtCreateThread @ 0x82F221AE -> HOOKED (Unknown @ 0x89327F60) SSDT[88] : NtCreateThreadEx @ 0x82E80331 -> HOOKED (Unknown @ 0x89328100) SSDT[93] : NtCreateUserProcess @ 0x82E9D423 -> HOOKED (Unknown @ 0x893268C0) SSDT[103] : NtDeleteKey @ 0x82E44652 -> HOOKED (Unknown @ 0x89327680) SSDT[106] : NtDeleteValueKey @ 0x82E2A28A -> HOOKED (Unknown @ 0x89327940) SSDT[155] : NtLoadDriver @ 0x82DE8313 -> HOOKED (Unknown @ 0x893282A0) SSDT[190] : NtOpenProcess @ 0x82EC8B14 -> HOOKED (Unknown @ 0x89326B80) SSDT[358] : NtSetValueKey @ 0x82E479EA -> HOOKED (Unknown @ 0x893273C0) SSDT[370] : NtTerminateProcess @ 0x82EA9165 -> HOOKED (Unknown @ 0x89326E40) SSDT[399] : NtWriteVirtualMemory @ 0x82ECEB95 -> HOOKED (Unknown @ 0x89327DC0) S_SSDT[584] : NtUserSetWindowsHookAW -> HOOKED (Unknown @ 0x893288C0) S_SSDT[585] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x893286E0) ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD2500BEKT-75A25T0 +++++ --- User --- [MBR] 2c9552691007f8dce07ea82a85b88d1e [bSP] 1e74a58fee200fce8a21e9f082c112ee : Windows Vista MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 223434 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1]_S_02262013_02d2250.txt >> RKreport[1]_S_02262013_02d2250.txt RogueKiller V8.5.2 [Feb 23 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7600 ) 32 bits version Started in : Normal mode User : ronk [Admin rights] Mode : Remove -- Date : 02/26/2013 22:51:23 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 3 ¤¤¤ [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1) [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ SSDT[70] : NtCreateKey @ 0x82E55E2D -> HOOKED (Unknown @ 0x89327100) SSDT[79] : NtCreateProcess @ 0x82F223A5 -> HOOKED (Unknown @ 0x89326340) SSDT[80] : NtCreateProcessEx @ 0x82F223F0 -> HOOKED (Unknown @ 0x89326600) SSDT[87] : NtCreateThread @ 0x82F221AE -> HOOKED (Unknown @ 0x89327F60) SSDT[88] : NtCreateThreadEx @ 0x82E80331 -> HOOKED (Unknown @ 0x89328100) SSDT[93] : NtCreateUserProcess @ 0x82E9D423 -> HOOKED (Unknown @ 0x893268C0) SSDT[103] : NtDeleteKey @ 0x82E44652 -> HOOKED (Unknown @ 0x89327680) SSDT[106] : NtDeleteValueKey @ 0x82E2A28A -> HOOKED (Unknown @ 0x89327940) SSDT[155] : NtLoadDriver @ 0x82DE8313 -> HOOKED (Unknown @ 0x893282A0) SSDT[190] : NtOpenProcess @ 0x82EC8B14 -> HOOKED (Unknown @ 0x89326B80) SSDT[358] : NtSetValueKey @ 0x82E479EA -> HOOKED (Unknown @ 0x893273C0) SSDT[370] : NtTerminateProcess @ 0x82EA9165 -> HOOKED (Unknown @ 0x89326E40) SSDT[399] : NtWriteVirtualMemory @ 0x82ECEB95 -> HOOKED (Unknown @ 0x89327DC0) S_SSDT[584] : NtUserSetWindowsHookAW -> HOOKED (Unknown @ 0x893288C0) S_SSDT[585] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x893286E0) ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD2500BEKT-75A25T0 +++++ --- User --- [MBR] 2c9552691007f8dce07ea82a85b88d1e [bSP] 1e74a58fee200fce8a21e9f082c112ee : Windows Vista MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 223434 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[2]_D_02262013_02d2251.txt >> RKreport[1]_S_02262013_02d2250.txt ; RKreport[2]_D_02262013_02d2251.txt
  2. HI Gringo. Thanks for your patience. I had some personal issues come up and finally am able to devote some more time to working on this. My computer *appears* to be running normally again- I haven't received any of the click livesearchnow redirects when using either IE or Google Chrome in a couple of days. However, I ran both Security Check and ADW Cleaner and will post those results below. Let me know if I should still do Rogue Killer too. Also, I'm wondering where did I "pick up" this redirect virus in the first place? Does it come from some bad website or accidentally clicking on a bad link? I just want to try to avoid it in the future. Thank you. Results of screen317's Security Check version 0.99.59 Windows 7 x86 (UAC is enabled) Out of date service pack!! Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Disabled! Trend Micro Internet Security Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.70.0.1100 CCleaner Java 6 Update 21 Java 7 Update 13 Adobe Reader 10.0.1 Adobe Reader out of Date! Google Chrome 24.0.1312.56 Google Chrome 24.0.1312.57 ````````Process Check: objlist.exe by Laurent```````` Trend Micro Internet Security SfCtlCom.exe Trend Micro BM TMBMSRV.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 7% ````````````````````End of Log`````````````````````` # AdwCleaner v2.112 - Logfile created 02/20/2013 at 23:01:55 # Updated 10/02/2013 by Xplode # Operating system : Windows 7 Professional (32 bits) # User : ronk - RONK-PC # Boot Mode : Normal # Running from : C:\Users\ronk\Desktop\adwcleaner0.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** ***** [Registry] ***** Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966 ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16464 [OK] Registry is clean. -\\ Google Chrome v24.0.1312.57 File : C:\Users\ronk\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[s1].txt - [773 octets] - [20/02/2013 23:01:55] ########## EOF - C:\AdwCleaner[s1].txt - [832 octets] ##########
  3. HI Gringo, I need some more time. Your instructions were clear but i had some personal matters that came up unexpectedly this week. I expect to devote more time to working through your instructions this weekend. I will be in touch soon. Thanks.
  4. Hi. Thanks for taking the time to look at my case. I have been experiencing the click.livesearchnow redirect virus issue in both Internet Explorer v9 and Google Chrome. I ran Malware bytes free version and came back with a trojan happili about a week ago and removed that. but the malicious redirect problem still happens. i clean out my history, caches and all that on a regular basis and sometimes it SEEMS like the redirect stops. I can run a search in google or yahoo search or whatever and open up links without issue. Then two days later the redirect comes back. It's driving me crazy :/ In addition to running scans on malware bytes every other day or so I also downloaded CCleaner (I saw it suggested in one of the forums here) and used that to wipe out the temp files and so forth. But the redirects in the browsers remain. I've attached the attach.txt and dds. txt files here. Oh P.S. I have Windows 7 Thank you so much! attach.txt dds.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.