Show Posts
1
Malware removal help / getting redirected all the time
« on: January 04, 2015, 11:15:52 PM »
I seem to be getting redirected most of the time now. I deleted a few I knew to be hostile but would like a little help on the questionable items. Here is my scan log. Thanks for any help. FYI it seems to be with chrome. Explorer works just fine.
RogueKiller V10.1.1.0 [Dec 23 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Dad [Administrator]
Mode : Scan -- Date : 01/04/2015 16:57:04
¤¤¤ Processes : 0 ¤¤¤
¤¤¤ Registry : 13 ¤¤¤
[PUM.HomePage] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com -> Found
[PUM.HomePage] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com -> Found
[PUM.HomePage] HKEY_USERS\S-1-5-21-823518204-436374069-1801674531-1004\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com -> Found
[PUM.SearchPage] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main | Search Page : www.google.com -> Found
[PUM.SearchPage] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main | Search Page : www.google.com -> Found
[PUM.SearchPage] HKEY_USERS\S-1-5-21-823518204-436374069-1801674531-1004\Software\Microsoft\Internet Explorer\Main | Search Page : www.google.com -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 209.18.47.61 209.18.47.62 [UNITED STATES (US)][UNITED STATES (US)] -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 209.18.47.61 209.18.47.62 [UNITED STATES (US)][UNITED STATES (US)] -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 209.18.47.61 209.18.47.62 [UNITED STATES (US)][UNITED STATES (US)] -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{49B2A077-C036-4931-A216-3C85EC6F9D49} | DhcpNameServer : 209.18.47.61 209.18.47.62 [UNITED STATES (US)][UNITED STATES (US)] -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{49B2A077-C036-4931-A216-3C85EC6F9D49} | DhcpNameServer : 209.18.47.61 209.18.47.62 [UNITED STATES (US)][UNITED STATES (US)] -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{49B2A077-C036-4931-A216-3C85EC6F9D49} | DhcpNameServer : 209.18.47.61 209.18.47.62 [UNITED STATES (US)][UNITED STATES (US)] -> Found
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
¤¤¤ Tasks : 0 ¤¤¤
¤¤¤ Files : 0 ¤¤¤
¤¤¤ Hosts File : 1 ¤¤¤
[C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1 localhost
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD3200BEKX-75B7WT0 +++++
--- User ---
[MBR] ce049c1fef3744606f2afb1ebef94de0
[BSP] 2e8a8c95bbfb3ca45489556e0a5d56c3 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 305234 MB
User = LL1 ... OK
User = LL2 ... OK
============================================
RKreport_DEL_01042015_163514.log - RKreport_DEL_01042015_164136.log - RKreport_DEL_01042015_164822.log - RKreport_SCN_01042015_145246.log
RKreport_SCN_01042015_155203.log - RKreport_SCN_01042015_155739.log - RKreport_SCN_01042015_160844.log - RKreport_SCN_01042015_163646.log
RKreport_SCN_01042015_164303.log
RogueKiller V10.1.1.0 [Dec 23 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Dad [Administrator]
Mode : Scan -- Date : 01/04/2015 16:57:04
¤¤¤ Processes : 0 ¤¤¤
¤¤¤ Registry : 13 ¤¤¤
[PUM.HomePage] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com -> Found
[PUM.HomePage] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com -> Found
[PUM.HomePage] HKEY_USERS\S-1-5-21-823518204-436374069-1801674531-1004\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com -> Found
[PUM.SearchPage] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main | Search Page : www.google.com -> Found
[PUM.SearchPage] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main | Search Page : www.google.com -> Found
[PUM.SearchPage] HKEY_USERS\S-1-5-21-823518204-436374069-1801674531-1004\Software\Microsoft\Internet Explorer\Main | Search Page : www.google.com -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 209.18.47.61 209.18.47.62 [UNITED STATES (US)][UNITED STATES (US)] -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 209.18.47.61 209.18.47.62 [UNITED STATES (US)][UNITED STATES (US)] -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 209.18.47.61 209.18.47.62 [UNITED STATES (US)][UNITED STATES (US)] -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{49B2A077-C036-4931-A216-3C85EC6F9D49} | DhcpNameServer : 209.18.47.61 209.18.47.62 [UNITED STATES (US)][UNITED STATES (US)] -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{49B2A077-C036-4931-A216-3C85EC6F9D49} | DhcpNameServer : 209.18.47.61 209.18.47.62 [UNITED STATES (US)][UNITED STATES (US)] -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{49B2A077-C036-4931-A216-3C85EC6F9D49} | DhcpNameServer : 209.18.47.61 209.18.47.62 [UNITED STATES (US)][UNITED STATES (US)] -> Found
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
¤¤¤ Tasks : 0 ¤¤¤
¤¤¤ Files : 0 ¤¤¤
¤¤¤ Hosts File : 1 ¤¤¤
[C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1 localhost
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD3200BEKX-75B7WT0 +++++
--- User ---
[MBR] ce049c1fef3744606f2afb1ebef94de0
[BSP] 2e8a8c95bbfb3ca45489556e0a5d56c3 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 305234 MB
User = LL1 ... OK
User = LL2 ... OK
============================================
RKreport_DEL_01042015_163514.log - RKreport_DEL_01042015_164136.log - RKreport_DEL_01042015_164822.log - RKreport_SCN_01042015_145246.log
RKreport_SCN_01042015_155203.log - RKreport_SCN_01042015_155739.log - RKreport_SCN_01042015_160844.log - RKreport_SCN_01042015_163646.log
RKreport_SCN_01042015_164303.log
