Adlice forum

General Category => Malware removal help => Topic started by: William Smith on January 04, 2015, 11:15:52 PM

Title: getting redirected all the time
Post by: William Smith on January 04, 2015, 11:15:52 PM

I seem to be getting redirected most of the time now. I deleted a few I knew to be hostile but would like a little help on the questionable items. Here is my scan log. Thanks for any help. FYI it seems to be with chrome. Explorer works just fine.


RogueKiller V10.1.1.0 [Dec 23 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Dad [Administrator]
Mode : Scan -- Date : 01/04/2015  16:57:04

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 13 ¤¤¤
[PUM.HomePage] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com  -> Found
[PUM.HomePage] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com  -> Found
[PUM.HomePage] HKEY_USERS\S-1-5-21-823518204-436374069-1801674531-1004\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com  -> Found
[PUM.SearchPage] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main | Search Page : www.google.com  -> Found
[PUM.SearchPage] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main | Search Page : www.google.com  -> Found
[PUM.SearchPage] HKEY_USERS\S-1-5-21-823518204-436374069-1801674531-1004\Software\Microsoft\Internet Explorer\Main | Search Page : www.google.com  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 209.18.47.61 209.18.47.62 [UNITED STATES (US)][UNITED STATES (US)]  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 209.18.47.61 209.18.47.62 [UNITED STATES (US)][UNITED STATES (US)]  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 209.18.47.61 209.18.47.62 [UNITED STATES (US)][UNITED STATES (US)]  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{49B2A077-C036-4931-A216-3C85EC6F9D49} | DhcpNameServer : 209.18.47.61 209.18.47.62 [UNITED STATES (US)][UNITED STATES (US)]  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{49B2A077-C036-4931-A216-3C85EC6F9D49} | DhcpNameServer : 209.18.47.61 209.18.47.62 [UNITED STATES (US)][UNITED STATES (US)]  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{49B2A077-C036-4931-A216-3C85EC6F9D49} | DhcpNameServer : 209.18.47.61 209.18.47.62 [UNITED STATES (US)][UNITED STATES (US)]  -> Found
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 1 ¤¤¤
[C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1       localhost

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD3200BEKX-75B7WT0 +++++
--- User ---
[MBR] ce049c1fef3744606f2afb1ebef94de0
[BSP] 2e8a8c95bbfb3ca45489556e0a5d56c3 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 305234 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_DEL_01042015_163514.log - RKreport_DEL_01042015_164136.log - RKreport_DEL_01042015_164822.log - RKreport_SCN_01042015_145246.log
RKreport_SCN_01042015_155203.log - RKreport_SCN_01042015_155739.log - RKreport_SCN_01042015_160844.log - RKreport_SCN_01042015_163646.log
RKreport_SCN_01042015_164303.log

Title: Re: getting redirected all the time
Post by: Curson on January 06, 2015, 04:42:31 PM

Hi,

RogueKiller has not detected any malware.
We need to investigate this more thoroughly.

1. Malwarebytes Anti-Malware

Please download Malwarebytes Anti-Malware (http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe) and save it to your desktop.

• Double-click on the setup file (mbam-setup.exe), then click on Run to install.
  Malwarebytes will automatically open to it's Dashboard. If you have never run this version, you should see a red note at the top indicating "A scan has never been run on your system".
  

• Click on Update Now to download the current database definitions, then click the Scan Now button.
  If you have run this version before, you should see a green note at the top indicating "Your system is fully protected".
  

The THREAT SCAN will automatically begin.
When the scan has completed, the results will be displayed. Click on Quarantine All, then click on Apply Actions.

To complete any actions taken you will be prompted to restart your computer...click on Yes.
Failure to reboot normally will prevent Malwarebytes from removing all the malware.

After rebooting the computer, copy and past the mbam.log in your next reply.

To retrieve the scan log information (Method 1) :

• Open Malwarebytes Anti-Malware.
• Click the History Tab at the top and select Application Logs.
  
• Select the box next to Scan Log. Choose the most current scan.
  
• Click the Export button and save the log as a .txt file on your Desktop or another location.
  
• Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

To retrieve the scan log information (Method 2) :

• Open Malwarebytes Anti-Malware.
• Click the Scan Tab at the top.
  
• Click the View detailed log link on the right.
  
• Click the Export button and save the log as a .txt file on your Desktop or another location.
  
• Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

Alternatively, logs are named by the date of scan in the following format: mbam-log-yyyy-mm-dd and automatically saved to the following locations:

• -- XP: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd
• -- Vista, Windows 7/8: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd

2. OTL

Please download OTL (http://oldtimer.geekstogo.com/OTL.exe) by OldTimer and save the file to your desktop.

• Double-click on the setup file (OTL.exe)and select Run as Administrator to start the tool.
• Make sure that Scan All Users, LOP check and Purity check are ticked.
• For 64-bit systems only - make sure that Include 64-bit option is also ticked.
• Sections Processes, Modules, Services, Drivers, Standard Registry are set to Use Safelist.
• Section Extra Registry is also set to Use Safelist.

Push Run Scan and wait patiently.
Two notepad windows will be opened after this run: OTL.txt (maximized) and Extras.txt (minimized).

Please include the content of both logfiles in your next reply.

Regards.