Redirecting virus? Help needed!

December 22, 2012 at 20:01:50
Specs: Windows 7

Hey, I was recently reading scanned manga online at a site which is trusted by many, including me. I've been using the site for years and I've never had a popup or anything, but it suddenly started redirecting me to some "computer sales" thing. So I tried to just continue reading but now it started spamming redirects, not just from that particular site either, so I shut down my internet browser (chrome) and restarted my computer. And.. here I am.

I'm not very good when it comes to computers, so I'm kinda lost as to how this could have happened. The thing is that I haven't been downloading anything at all, except maybe a game or two from Steam. So I don't quite get how I could possibly get a virus, though I guess I might have clicked on some link which wasn't safe. (I pressed a link for a picture yesterday, which instead of showing the picture wanted me to download it, maybe that's it? I did not install anything, but the "picture" was downloaded automatically in a second. Other than this all I can think of is my brother using my computer without permission and somehow ending up with this.)

Anyway, does anyone know how to deal with this thing? I do not own any anti-virus and I don't know how to deal with viruses. I would really like to remove this from my PC asap. Though I've had viruses before, I ended up reformating the computer those times, which is something I'd like to avoid doing as it is right now. My current actionplan is basicly installing malwarebytes and running a scan, but I doubt that will have any major effect. I'd be extremely glad for any help at all, or information.

(Edit: Malwarebytes showed me this: AppData\Local\Temp\.exe (Trojan.Agent) -> No action taken......... :'()


See More: Redirecting virus? Help needed!

Report •


#1
December 22, 2012 at 20:08:37

Malwarebytes is a great start, update it, run a full scan, delete what it finds. Then I would recommend downloading and install avast anti virus free., then run a scan a full scan with that once it updates.

http://www.avast.com/free-antivirus...


Report •

#2
December 22, 2012 at 22:18:19

redirects are generally caused by an unwanted rootkit. Run these 3 progs in EXACTLY the order listed and DO NOT REBOOT until AFTER the last scan
a- rkill.exe
http://www.bleepingcomputer.com/dow...
b- tdss killer
http://support.kaspersky.com/5350
c- malwarebytes
http://www.filehippo.com/download_m...
If the above does not work...then try the same order again in safe mode.

Another free trial to use is Hitman Pro
http://www.surfright.nl/en
It finds things others miss and will remove them for you.
Some HELP in posting on Computing.net plus free progs and instructions 7 Golds


Report •

#3
December 23, 2012 at 23:36:22

Okay so I've done all that, and it seems like nothing has been found. The only thing that ever was found was a Trojan.Agent when I did my first Malwarebytes scan, and it said it succeeded at removing it. However, from experience, I know that even though a antivirus program says everything is ok, it might not be. I'm however not having any troubles at all for the moment, as far as redirecting goes.

Thanks for the answers however, hopefully I'll be able to use my PC in peace for now!

(Edit: however however however however...)


Report •

Related Solutions

#4
December 23, 2012 at 23:47:19

Krillz,
It wouldn't hurt to run AdwCleaner from this link:
http://www.bleepingcomputer.com/dow...
AdwCleaner Usage Instructions:

Using AdwCleaner is very simple. Simply download the program and run it. You will then be presented with a screen that contains a Search and Delete button. The Search button will cause AdwCleaner to search your computer for unwanted programs and then display a log showing the various files, folders, and registry entries used by these programs.

To delete these unwanted programs simply click on the Delete button, which will cause AdwCleaner to reboot your computer and remove the files and registry entries associated with the various adware that you are removing. On reboot, AdwCleaner will display a log showing the files, folders, and registry entries that were removed.

Please include the log in your next reply.

Please reply and let us know if our help worked. Your feedback helps others. Maybe you?


Report •

#5
December 23, 2012 at 23:55:31

Okay, though before that I'd like to tell you that the "Hitman Pro" free program discovered some malware called "babylon", which seems to be the virus that's been bothering me. It also showed me something called "Softonic" which I have no idea what it is. After removing them it no longer shows when I run the program though. I'll post a log from Hitman Pro to begin with.

"Potential Unwanted Programs _________________________________________________

HKLM\SOFTWARE\Classes\AppID\secman.DLL\ (Babylon)
HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}\ (Babylon)
HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}\ (Babylon)
HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}\ (Babylon)
HKLM\SOFTWARE\Classes\s\ (Softonic)
HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1\ (Babylon)
HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager\ (Babylon)
HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}\ (Babylon)
HKLM\SOFTWARE\Classes\Wow6432Node\AppID\secman.DLL\ (Babylon)
HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}\ (Babylon)
HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}\ (Babylon)
HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}\ (Babylon)
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}\ (Babylon)
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}\ (Babylon)
HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}\ (Babylon)

Cookies _____________________________________________________________________

C:\Users\carrycriwle\AppData\Local\Google\Chrome\User Data\Default\Cookies:247realmedia.com
C:\Users\carrycriwle\AppData\Local\Google\Chrome\User Data\Default\Cookies:2o7.net
C:\Users\carrycriwle\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad-emea.doubleclick.net
C:\Users\carrycriwle\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.360yield.com
C:\Users\carrycriwle\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.adlegend.com
C:\Users\carrycriwle\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.propellerads.com
C:\Users\carrycriwle\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.yieldmanager.com
C:\Users\carrycriwle\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.zanox.com
C:\Users\carrycriwle\AppData\Local\Google\Chrome\User Data\Default\Cookies:adbrite.com
C:\Users\carrycriwle\AppData\Local\Google\Chrome\User Data\Default\Cookies:adinterax.com
C:\Users\carrycriwle\AppData\Local\Google\Chrome\User Data\Default\Cookies:adlegend.com
C:\Users\carrycriwle\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.247activemedia.com
C:\Users\carrycriwle\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.ad4game.com
C:\Users\carrycriwle\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.adtiger.de
C:\Users\carrycriwle\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.aftonbladet.se
C:\Users\carrycriwle\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.creative-serving.com
C:\Users\carrycriwle\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.digitalmedianet.com
C:\Users\carrycriwle\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.intergi.com
C:\Users\carrycriwle\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.p161.net
C:\Users\carrycriwle\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pubmatic.com
C:\Users\carrycriwle\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.tahono.com
C:\Users\carrycriwle\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.undertone.com
C:\Users\carrycriwle\AppData\Local\Google\Chrome\User Data\Default\Cookies:adserver.adtechus.com
C:\Users\carrycriwle\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtech.de
C:\Users\carrycriwle\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtechus.com
C:\Users\carrycriwle\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com
C:\Users\carrycriwle\AppData\Local\Google\Chrome\User Data\Default\Cookies:adviva.net
C:\Users\carrycriwle\AppData\Local\Google\Chrome\User Data\Default\Cookies:afe2.specificclick.net
C:\Users\carrycriwle\AppData\Local\Google\Chrome\User Data\Default\Cookies:ar.atwola.com
C:\Users\carrycriwle\AppData\Local\Google\Chrome\User Data\Default\Cookies:at.atwola.com
C:\Users\carrycriwle\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
C:\Users\carrycriwle\AppData\Local\Google\Chrome\User Data\Default\Cookies:atwola.com
C:\Users\carrycriwle\AppData\Local\Google\Chrome\User Data\Default\Cookies:bestwestern.solution.weborama.fr
C:\Users\carrycriwle\AppData\Local\Google\Chrome\User Data\Default\Cookies:bs.serving-sys.com
C:\Users\carrycriwle\AppData\Local\Google\Chrome\User Data\Default\Cookies:burstnet.com
C:\Users\carrycriwle\AppData\Local\Google\Chrome\User Data\Default\Cookies:c.atdmt.com
C:\Users\carrycriwle\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com
C:\Users\carrycriwle\AppData\Local\Google\Chrome\User Data\Default\Cookies:cms.ad.yieldmanager.net
C:\Users\carrycriwle\AppData\Local\Google\Chrome\User Data\Default\Cookies:collective-media.net
C:\Users\carrycriwle\AppData\Local\Google\Chrome\User Data\Default\Cookies:dmtracker.com
C:\Users\carrycriwle\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
C:\Users\carrycriwle\AppData\Local\Google\Chrome\User Data\Default\Cookies:eaeacom.112.2o7.net
C:\Users\carrycriwle\AppData\Local\Google\Chrome\User Data\Default\Cookies:eas.apm.emediate.eu
C:\Users\carrycriwle\AppData\Local\Google\Chrome\User Data\Default\Cookies:eas4.emediate.eu
C:\Users\carrycriwle\AppData\Local\Google\Chrome\User Data\Default\Cookies:eas8.emediate.eu
C:\Users\carrycriwle\AppData\Local\Google\Chrome\User Data\Default\Cookies:fastclick.net
C:\Users\carrycriwle\AppData\Local\Google\Chrome\User Data\Default\Cookies:fim.122.2o7.net
C:\Users\carrycriwle\AppData\Local\Google\Chrome\User Data\Default\Cookies:fr.sitestat.com
C:\Users\carrycriwle\AppData\Local\Google\Chrome\User Data\Default\Cookies:hitbox.com
C:\Users\carrycriwle\AppData\Local\Google\Chrome\User Data\Default\Cookies:in.getclicky.com
C:\Users\carrycriwle\AppData\Local\Google\Chrome\User Data\Default\Cookies:interclick.com
C:\Users\carrycriwle\AppData\Local\Google\Chrome\User Data\Default\Cookies:invitemedia.com
C:\Users\carrycriwle\AppData\Local\Google\Chrome\User Data\Default\Cookies:kaspersky.122.2o7.net
C:\Users\carrycriwle\AppData\Local\Google\Chrome\User Data\Default\Cookies:kontera.com
C:\Users\carrycriwle\AppData\Local\Google\Chrome\User Data\Default\Cookies:linksynergy.com
C:\Users\carrycriwle\AppData\Local\Google\Chrome\User Data\Default\Cookies:livejasmin.com
C:\Users\carrycriwle\AppData\Local\Google\Chrome\User Data\Default\Cookies:media6degrees.com
C:\Users\carrycriwle\AppData\Local\Google\Chrome\User Data\Default\Cookies:mediaplex.com
C:\Users\carrycriwle\AppData\Local\Google\Chrome\User Data\Default\Cookies:mm.chitika.net
C:\Users\carrycriwle\AppData\Local\Google\Chrome\User Data\Default\Cookies:partypoker.com
C:\Users\carrycriwle\AppData\Local\Google\Chrome\User Data\Default\Cookies:phg.hitbox.com
C:\Users\carrycriwle\AppData\Local\Google\Chrome\User Data\Default\Cookies:premiumtv.122.2o7.net
C:\Users\carrycriwle\AppData\Local\Google\Chrome\User Data\Default\Cookies:realmedia.com
C:\Users\carrycriwle\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net
C:\Users\carrycriwle\AppData\Local\Google\Chrome\User Data\Default\Cookies:rts.pgmediaserve.com
C:\Users\carrycriwle\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com
C:\Users\carrycriwle\AppData\Local\Google\Chrome\User Data\Default\Cookies:se.sitestat.com
C:\Users\carrycriwle\AppData\Local\Google\Chrome\User Data\Default\Cookies:server.cpmstar.com
C:\Users\carrycriwle\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com
C:\Users\carrycriwle\AppData\Local\Google\Chrome\User Data\Default\Cookies:singaporetourismboard.122.2o7.net
C:\Users\carrycriwle\AppData\Local\Google\Chrome\User Data\Default\Cookies:smartadserver.com
C:\Users\carrycriwle\AppData\Local\Google\Chrome\User Data\Default\Cookies:sonymediasoftware.112.2o7.net
C:\Users\carrycriwle\AppData\Local\Google\Chrome\User Data\Default\Cookies:specificclick.net
C:\Users\carrycriwle\AppData\Local\Google\Chrome\User Data\Default\Cookies:statcounter.com
C:\Users\carrycriwle\AppData\Local\Google\Chrome\User Data\Default\Cookies:stats.complex.com
C:\Users\carrycriwle\AppData\Local\Google\Chrome\User Data\Default\Cookies:statse.webtrendslive.com
C:\Users\carrycriwle\AppData\Local\Google\Chrome\User Data\Default\Cookies:survey.g.doubleclick.net
C:\Users\carrycriwle\AppData\Local\Google\Chrome\User Data\Default\Cookies:sv.partypoker.com
C:\Users\carrycriwle\AppData\Local\Google\Chrome\User Data\Default\Cookies:tacoda.at.atwola.com
C:\Users\carrycriwle\AppData\Local\Google\Chrome\User Data\Default\Cookies:tacoda.net
C:\Users\carrycriwle\AppData\Local\Google\Chrome\User Data\Default\Cookies:teliasonera.112.2o7.net
C:\Users\carrycriwle\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.adform.net
C:\Users\carrycriwle\AppData\Local\Google\Chrome\User Data\Default\Cookies:tradedoubler.com
C:\Users\carrycriwle\AppData\Local\Google\Chrome\User Data\Default\Cookies:tribalfusion.com
C:\Users\carrycriwle\AppData\Local\Google\Chrome\User Data\Default\Cookies:view.atdmt.com
C:\Users\carrycriwle\AppData\Local\Google\Chrome\User Data\Default\Cookies:weborama.fr
C:\Users\carrycriwle\AppData\Local\Google\Chrome\User Data\Default\Cookies:ww251.smartadserver.com
C:\Users\carrycriwle\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.burstnet.com
C:\Users\carrycriwle\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.googleadservices.com
C:\Users\carrycriwle\AppData\Local\Google\Chrome\User Data\Default\Cookies:xiti.com
C:\Users\carrycriwle\AppData\Local\Google\Chrome\User Data\Default\Cookies:yieldmanager.net
C:\Users\carrycriwle\AppData\Local\Google\Chrome\User Data\Default\Cookies:zedo.com
C:\Users\carrycriwle\AppData\Roaming\Microsoft\Windows\Cookies\02V5DNKC.txt
C:\Users\carrycriwle\AppData\Roaming\Microsoft\Windows\Cookies\3LS1QODI.txt
C:\Users\carrycriwle\AppData\Roaming\Microsoft\Windows\Cookies\5WD914G5.txt
C:\Users\carrycriwle\AppData\Roaming\Microsoft\Windows\Cookies\879HZLII.txt
C:\Users\carrycriwle\AppData\Roaming\Microsoft\Windows\Cookies\8VZOA8V3.txt
C:\Users\carrycriwle\AppData\Roaming\Microsoft\Windows\Cookies\AIL8O4LK.txt
C:\Users\carrycriwle\AppData\Roaming\Microsoft\Windows\Cookies\C89L0B2G.txt
C:\Users\carrycriwle\AppData\Roaming\Microsoft\Windows\Cookies\CVFLPILL.txt
C:\Users\carrycriwle\AppData\Roaming\Microsoft\Windows\Cookies\HTW7VFXY.txt
C:\Users\carrycriwle\AppData\Roaming\Microsoft\Windows\Cookies\KKBOZG5G.txt
C:\Users\carrycriwle\AppData\Roaming\Microsoft\Windows\Cookies\KKWVRBFZ.txt
C:\Users\carrycriwle\AppData\Roaming\Microsoft\Windows\Cookies\KQU0WWDF.txt
C:\Users\carrycriwle\AppData\Roaming\Microsoft\Windows\Cookies\KWGKV94I.txt
C:\Users\carrycriwle\AppData\Roaming\Microsoft\Windows\Cookies\MSON4BUP.txt
C:\Users\carrycriwle\AppData\Roaming\Microsoft\Windows\Cookies\NEAD9G9H.txt
C:\Users\carrycriwle\AppData\Roaming\Microsoft\Windows\Cookies\P39N4IW5.txt
C:\Users\carrycriwle\AppData\Roaming\Microsoft\Windows\Cookies\PAPAMEW5.txt
C:\Users\carrycriwle\AppData\Roaming\Microsoft\Windows\Cookies\S461OJH4.txt
C:\Users\carrycriwle\AppData\Roaming\Microsoft\Windows\Cookies\SBTGHKHJ.txt
C:\Users\carrycriwle\AppData\Roaming\Microsoft\Windows\Cookies\V2C3S66J.txt
C:\Users\carrycriwle\AppData\Roaming\Microsoft\Windows\Cookies\W2NMTFOE.txt
C:\Users\carrycriwle\AppData\Roaming\Microsoft\Windows\Cookies\X3NOR9N5.txt
C:\Users\carrycriwle\AppData\Roaming\Microsoft\Windows\Cookies\XAV6VUMU.txt
C:\Users\carrycriwle\AppData\Roaming\Microsoft\Windows\Cookies\XJKN9EJO.txt
C:\Users\carrycriwle\AppData\Roaming\Microsoft\Windows\Cookies\YIH2WCK4.txt
C:\Users\carrycriwle\AppData\Roaming\Microsoft\Windows\Cookies\YKWLCW6F.txt
C:\Users\carrycriwle\AppData\Roaming\Microsoft\Windows\Cookies\YTK1WQ7K.txt"


Report •

#6
December 24, 2012 at 00:03:34

And this is the log I get after running AdwCleaner after I've done all of this. It seems to at least find that annoying search bar which I accidently accepted when I downloaded something for a long time ago.

***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Program Files (x86)\AVG Secure Search
Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\ProgramData\AVG Secure Search
Folder Found : C:\Users\CARRYC~1\AppData\Local\Temp\boost_interprocess
Folder Found : C:\Users\carrycriwle\AppData\Local\AVG Secure Search
Folder Found : C:\Users\carrycriwle\AppData\Local\Conduit
Folder Found : C:\Users\carrycriwle\AppData\LocalLow\AVG Secure Search
Folder Found : C:\Users\carrycriwle\AppData\LocalLow\Conduit

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AVG Secure Search
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\Software\AVG Secure Search
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKU\S-1-5-21-3380757163-3716756321-271964940-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run []
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxps://isearch.avg.com/?cid={E1EDC1E9-790B-48B3-BD22-7ADF90ED962D}&mid=103b90e4010447d0afc2252442725f29-48e169d4364a11d8378e8cd09e98533f657c0073&lang=en&ds=tt014&pr=sa&d=2012-10-05 17:04:34&v=13.0.0.7&sap=hp

-\\ Google Chrome v23.0.1271.97

File : C:\Users\carrycriwle\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found [l.13] : urls_to_restore_on_startup = [ "hxxps://isearch.avg.com/?cid={E1EDC1E9-790B-48B3-BD22-7ADF90ED962D}&mid=103b90e4010447d0afc2252442725f29-48e169d4364a11d8378e8cd09e98533f657c0073&lang=en&ds=tt014&pr=sa&d=2012-10-05 17:04:34&v=13.0.0.7&sap=hp" ]
Found [l.2621] : urls_to_restore_on_startup = [ "hxxps://isearch.avg.com/?cid={E1EDC1E9-790B-48B3-BD22-7ADF90ED962D}&mid=103b90e4010447d0afc2252442725f29-48e169d4364a11d8378e8cd09e98533f657c0073&lang=en&ds=tt014&pr=sa&d=2012-10-05 17:04:34&v=13.0.0.7&sap=hp" ]

*************************


Report •

#7
December 24, 2012 at 00:26:24

Please download and run Rougekiller from this link:
http://majorgeeks.com/RogueKiller_d...
Instructions:
•Please quit all programs
•Right-click the RogueKiller file and select "Run as Administrator'
•Press: SCAN
•On the RogueKiller console, click the Registry tab.
•Make sure the entries there are checked. 
•Then, press the [Delete] button.
An RKreport Log (Mode: Delete) is created on the Desktop.
Please provide the RKreport Log in your reply.
Restart the computer.

Please reply and let us know if our help worked. Your feedback helps others. Maybe you?


Report •

#8
December 24, 2012 at 20:40:59

Done, log below!

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : carrycriwle [Admin rights]
Mode : Remove -- Date : 12/25/2012 05:38:53

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts


Report •

#9
December 24, 2012 at 20:45:12

Now update and run a full malwarebytes scan, include the log if it finds anything?

Please reply and let us know if our help worked. Your feedback helps others. Maybe you?


Report •

#10
January 1, 2013 at 15:13:31

My malwarebytes is out of time, but I ran avast! and it did not find anything. I'm not having any problems either. I'm really glad for all the help guys, and if there is anything else I should do to take action against whatever might be left of this, please tell me so!

And if this is it, big THANKS for all the answers, they were all very useful. I'd be completely without a chance if I had to deal with this alone!

God Bless!


Report •

#11
January 1, 2013 at 16:07:40

Please update and run Malwarebytes, it has jumped to the free version now and works just as well as the full version.

Please reply and let us know if our help worked. Your feedback helps others. Maybe you?


Report •

#12
January 7, 2013 at 15:47:49

Krillz, If a solution worked for you, you can make it Best Answer and that will show that your problem is solved....thanks...

Some HELP in posting on Computing.net plus free progs and instructions 7 Golds


Report •

#13
January 8, 2013 at 16:15:05

Not quite sure which one to set as best answer though, since they have been quite helpful all of them. o.o

Report •


Ask Question