Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

LookSafe Malware


  • This topic is locked This topic is locked
38 replies to this topic

#16 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,793 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:09:03 AM

Posted 18 May 2014 - 08:50 PM

Hi supadupadood,

 

Is the fact that Google is your homepage normal? Or did that come along with the infection?

 

Also, how do you launch Google Chrome? Do you double-click a shortcut on the Desktop, start it via a button pinned to the taskbar? etc.


CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.


BC AdBot (Login to Remove)

 


#17 supadupadood

supadupadood
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:03 AM

Posted 18 May 2014 - 10:55 PM

Yes, Google is my standard homepage, and I use a pinned button on my taskbar.



#18 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,793 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:09:03 AM

Posted 19 May 2014 - 02:56 PM

While I work on another possible fix for this, please try the following:

Launch Google Chrome via Run

  • Press and hold the Windows key + R on your keyboard.
  • In the Run box type chrome.exe and hit Enter.
  • Try replicating the issues you're experiencing now and let me know the results in your next post.


    Launch Google Chrome via Start Menu
     
  • Click Start.
  • Click All Programs
  • Click Google Chrome (folder).
  • Click Google Chrome.
  • Try replicating the issues you're experiencing now and let me know the results in your next post.
  • Let me know the results in your next post.

    =====================================================

    What I'd like to see in your next post:
     
  • Results of launching Google Chrome via Run
  • Results of launching Google Chrome via Start Menu

Edited by TheShooter93, 19 May 2014 - 03:05 PM.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.


#19 supadupadood

supadupadood
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:03 AM

Posted 20 May 2014 - 12:14 AM

Same results. It comes and goes, but when one is redirecting, they all redirect.



#20 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,793 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:09:03 AM

Posted 20 May 2014 - 08:48 AM

Hi supadupadood,
 
Please do the following:

Enable Hidden Files/Folders

  • Press and hold the Windows key + R on your keyboard.
  • In the Run box type control.exe folders and hit Enter.
  • Click the View tab.
  • Click the radio button that says Show hidden files, folders, and drives
  • Click OK.

=====================================================================
 
Opening Google Chrome User Preferences File

  • Please navigate to the following directory:  C:\Users\<username>\AppData\Local\Google\Chrome\User Data\Default
  • Once there, find a file named: Preferences
  • Right-click the file and hover over Send to....
  • Choose Compressed (zipped) folder.
  • Please attach that compressed folder to your next post.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.


#21 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,793 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:09:03 AM

Posted 23 May 2014 - 08:17 AM

3 Day Inactivity

This is the third day since my last post. Are you still there?

If you need more time, just let me know.

If you do not post within 48 hours, this thread will be closed due to inactivity.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.


#22 supadupadood

supadupadood
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:03 AM

Posted 23 May 2014 - 03:45 PM

Sorry, didn't see the previous email notification.

 

Attached is the file. I saw another file titled "preferences.bad" just below the file I sent you. Should I send that as well?

 

Thanks

Attached Files



#23 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,793 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:09:03 AM

Posted 23 May 2014 - 09:21 PM

Hi supadupadood,

 

For right now the regular preferences file should suffice.

 

Give me a little while to look over the file, as it is quite large. I will get back to you ASAP.


CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.


#24 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,793 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:09:03 AM

Posted 24 May 2014 - 11:55 AM

MiniToolbox

Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
  • List Restore Points
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

Edited by TheShooter93, 24 May 2014 - 11:56 AM.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.


#25 supadupadood

supadupadood
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:03 AM

Posted 25 May 2014 - 03:36 PM

Here are the MiniToolbar results.
 
that sounds MiniToolBox by Farbar  Version: 23-01-2014
Ran by Supadupadood (administrator) on 25-05-2014 at 12:34:39
Running from "C:\Users\Supadupadood\Downloads"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
 
127.0.0.1       localhost
 
========================= IP Configuration: ================================
 
DW1520 Wireless-N Half-Mini Card = Wireless Network Connection (Connected)
Intel® 82577LM Gigabit Network Connection = Local Area Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : Owner-PC
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : gci.net
 
Wireless LAN adapter Wireless Network Connection 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
   Physical Address. . . . . . . . . : 5C-AC-4C-07-DB-DF
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Ethernet adapter Local Area Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : gci.net
   Description . . . . . . . . . . . : Intel® 82577LM Gigabit Network Connection
   Physical Address. . . . . . . . . : 00-26-B9-EF-A9-73
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wireless Network Connection:
 
   Connection-specific DNS Suffix  . : gci.net
   Description . . . . . . . . . . . : DW1520 Wireless-N Half-Mini Card
   Physical Address. . . . . . . . . : 5C-AC-4C-07-DB-DF
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::6d80:8bf5:7082:d8aa%11(Preferred) 
   IPv4 Address. . . . . . . . . . . : 10.0.1.4(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Saturday, May 24, 2014 1:10:13 PM
   Lease Expires . . . . . . . . . . : Monday, May 26, 2014 1:40:16 AM
   Default Gateway . . . . . . . . . : 10.0.1.1
   DHCP Server . . . . . . . . . . . : 10.0.1.1
   DHCPv6 IAID . . . . . . . . . . . : 190622796
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-DF-E8-C5-5C-AC-4C-07-DB-DF
   DNS Servers . . . . . . . . . . . : 208.69.150.252
                                       208.69.150.250
   NetBIOS over Tcpip. . . . . . . . : Enabled
Server:  UnKnown
Address:  208.69.150.252
 
Name:    google.com.gci.net
Address:  54.208.19.28
 
 
Pinging google.com [74.125.226.194] with 32 bytes of data:
Reply from 74.125.226.194: bytes=32 time=103ms TTL=50
Reply from 74.125.226.194: bytes=32 time=103ms TTL=50
 
Ping statistics for 74.125.226.194:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 103ms, Maximum = 103ms, Average = 103ms
Server:  UnKnown
Address:  208.69.150.252
 
Name:    yahoo.com.gci.net
Address:  54.208.19.28
 
 
Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=47ms TTL=52
Reply from 206.190.36.45: bytes=32 time=49ms TTL=52
 
Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 47ms, Maximum = 49ms, Average = 48ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 14...5c ac 4c 07 db df ......Microsoft Virtual WiFi Miniport Adapter
 13...00 26 b9 ef a9 73 ......Intel® 82577LM Gigabit Network Connection
 11...5c ac 4c 07 db df ......DW1520 Wireless-N Half-Mini Card
  1...........................Software Loopback Interface 1
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0         10.0.1.1         10.0.1.4     20
         10.0.1.0    255.255.255.0         On-link          10.0.1.4    276
         10.0.1.4  255.255.255.255         On-link          10.0.1.4    276
       10.0.1.255  255.255.255.255         On-link          10.0.1.4    276
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link          10.0.1.4    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link          10.0.1.4    276
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 11    276 fe80::/64                On-link
 11    276 fe80::6d80:8bf5:7082:d8aa/128
                                    On-link
  1    306 ff00::/8                 On-link
 11    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648] (Microsoft Corp.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760] (Microsoft Corp.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (05/23/2014 06:31:24 PM) (Source: Bonjour Service) (User: )
Description: Client application bug: DNSServiceResolve(bc:67:78:58:a5:a1@fe80::be67:78ff:fe58:a5a1._apple-mobdev._tcp.local.) active for over two minutes. This places considerable burden on the network.
 
Error: (05/23/2014 06:25:17 PM) (Source: Bonjour Service) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 24
 
Error: (05/23/2014 06:25:17 PM) (Source: Bonjour Service) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 23
 
Error: (05/23/2014 06:25:17 PM) (Source: Bonjour Service) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 22
 
Error: (05/23/2014 06:25:17 PM) (Source: Bonjour Service) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 21
 
Error: (05/23/2014 06:25:17 PM) (Source: Bonjour Service) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 20
 
Error: (05/23/2014 06:25:17 PM) (Source: Bonjour Service) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 19
 
Error: (05/23/2014 06:25:17 PM) (Source: Bonjour Service) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 18
 
Error: (05/23/2014 06:25:17 PM) (Source: Bonjour Service) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 17
 
Error: (05/23/2014 06:25:17 PM) (Source: Bonjour Service) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 16
 
 
System errors:
=============
Error: (05/24/2014 01:10:10 PM) (Source: Service Control Manager) (User: )
Description: The MBAMService service failed to start due to the following error: 
%%2
 
Error: (05/24/2014 01:10:10 PM) (Source: Service Control Manager) (User: )
Description: The MBAMScheduler service failed to start due to the following error: 
%%2
 
Error: (05/23/2014 03:48:18 PM) (Source: Service Control Manager) (User: )
Description: The MBAMService service failed to start due to the following error: 
%%2
 
Error: (05/23/2014 03:48:18 PM) (Source: Service Control Manager) (User: )
Description: The MBAMScheduler service failed to start due to the following error: 
%%2
 
Error: (05/23/2014 00:26:58 PM) (Source: Service Control Manager) (User: )
Description: The MBAMService service failed to start due to the following error: 
%%2
 
Error: (05/23/2014 00:26:58 PM) (Source: Service Control Manager) (User: )
Description: The MBAMScheduler service failed to start due to the following error: 
%%2
 
Error: (05/22/2014 11:28:57 AM) (Source: Service Control Manager) (User: )
Description: The MBAMService service failed to start due to the following error: 
%%2
 
Error: (05/22/2014 11:28:57 AM) (Source: Service Control Manager) (User: )
Description: The MBAMScheduler service failed to start due to the following error: 
%%2
 
Error: (05/21/2014 05:52:35 PM) (Source: Service Control Manager) (User: )
Description: The MBAMService service failed to start due to the following error: 
%%2
 
Error: (05/21/2014 05:52:35 PM) (Source: Service Control Manager) (User: )
Description: The MBAMScheduler service failed to start due to the following error: 
%%2
 
 
Microsoft Office Sessions:
=========================
Error: (05/23/2014 06:31:24 PM) (Source: Bonjour Service)(User: )
Description: Client application bug: DNSServiceResolve(bc:67:78:58:a5:a1@fe80::be67:78ff:fe58:a5a1._apple-mobdev._tcp.local.) active for over two minutes. This places considerable burden on the network.
 
Error: (05/23/2014 06:25:17 PM) (Source: Bonjour Service)(User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 24
 
Error: (05/23/2014 06:25:17 PM) (Source: Bonjour Service)(User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 23
 
Error: (05/23/2014 06:25:17 PM) (Source: Bonjour Service)(User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 22
 
Error: (05/23/2014 06:25:17 PM) (Source: Bonjour Service)(User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 21
 
Error: (05/23/2014 06:25:17 PM) (Source: Bonjour Service)(User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 20
 
Error: (05/23/2014 06:25:17 PM) (Source: Bonjour Service)(User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 19
 
Error: (05/23/2014 06:25:17 PM) (Source: Bonjour Service)(User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 18
 
Error: (05/23/2014 06:25:17 PM) (Source: Bonjour Service)(User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 17
 
Error: (05/23/2014 06:25:17 PM) (Source: Bonjour Service)(User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 16
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-05-05 02:12:24.266
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-05-05 02:12:24.145
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
=========================== Installed Programs ============================
 
7-Zip 9.20
AccelerometerP11 (Version: 2.00.10.34)
Ace of Spades
Adobe Flash Player 13 ActiveX (Version: 13.0.0.214)
Adobe Flash Player 13 Plugin (Version: 13.0.0.214)
Adobe Reader XI (11.0.07) (Version: 11.0.07)
Apple Application Support (Version: 3.0.3)
Apple Mobile Device Support (Version: 7.1.1.3)
Apple Software Update (Version: 2.1.3.127)
Audacity 2.0.3 (Version: 2.0.3)
avast! Free Antivirus (Version: 9.0.2018)
Awesomenauts
Battle.net
Beatbuddy: Tale of the Guardians
Bonjour (Version: 3.0.0.10)
Child Of Light Demo
Cisco EAP-FAST Module (Version: 2.2.14)
Cisco LEAP Module (Version: 1.0.19)
Cisco PEAP Module (Version: 1.1.6)
Curse (Version: 6.0.0.0)
D3DX10 (Version: 15.4.2368.0902)
Dell ControlVault Host Components Installer 64 bit (Version: 2.3.24.1437)
Dell System Detect (Version: 4.0.5.6)
Dell Touchpad (Version: 7.1106.101.111)
Diablo III
Dishonored
DreamScene Seven version 1.6 (Version: 1.6)
Dust: An Elysian Tail
DW WLAN Card Utility (Version: 5.60.18.44)
EPSON Connect version 1.0 (Version: 1.0)
Epson Customer Participation (Version: 1.6.0.0)
Epson Event Manager (Version: 3.10.0017)
Epson E-Web Print (Version: 1.19.0000)
EPSON Scan
EPSON XP-410 Series Printer Uninstall
EpsonNet Print (Version: 2.6.0)
Fallout 3 - Game of the Year Edition
Fallout: New Vegas
FEZ
Giana Sisters: Twisted Dreams
Google Chrome (Version: 35.0.1916.114)
Google Drive (Version: 1.15.6556.8063)
Google Update Helper (Version: 1.3.24.7)
Guacamelee! Gold Edition
Hearthstone
Intel® Turbo Boost Technology Driver (Version: 01.01.00.1005)
iTunes (Version: 11.2.0.114)
Java 7 Update 17 (64-bit) (Version: 7.0.170)
Java 7 Update 55 (Version: 7.0.550)
Java Auto Updater (Version: 2.1.9.8)
League of Legends (Version: 1.3)
LIMBO
Logitech Gaming Software (Version: 8.45.88)
Logitech Gaming Software 8.45 (Version: 8.45.88)
Malwarebytes Anti-Malware version 2.0.1.1004 (Version: 2.0.1.1004)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Silverlight (Version: 5.1.30214.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft XNA Framework Redistributable 4.0 Refresh (Version: 4.0.30901.0)
Mixxx 1.11.0 (Version: 1.11.0)
Monaco
Movie Maker (Version: 16.4.3508.0205)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT110 (Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1109.0912)
Need For Speed™ World (Version: 1.0.0.1398)
NVIDIA Control Panel 320.49 (Version: 320.49)
NVIDIA Graphics Driver 320.49 (Version: 320.49)
NVIDIA HD Audio Driver 1.3.24.2 (Version: 1.3.24.2)
NVIDIA Install Application (Version: 2.1002.124.810)
NVIDIA nView 140.62 (Version: 140.62)
NVIDIA nView Desktop Manager (Version: 6.14.10.12152)
NVIDIA PhysX (Version: 9.11.1111)
OpenAL
OpenOffice.org 3.4.1 (Version: 3.41.9593)
Pando Media Booster (Version: 2.6.0.9)
Papers, Please
Photo Gallery (Version: 16.4.3508.0205)
PVSonyDll (Version: 1.00.0001)
QuickTime 7 (Version: 7.75.80.95)
RaidCall (Version: 7.3.4-1.0.12786.82)
Razer Synapse 2.0 (Version: 1.18.02)
RICOH Media Driver ver.2.08.01.06 (Version: 2.08.01.06)
Rogue Legacy
Sid Meier's Civilization V
Skype Click to Call (Version: 7.2.15747.10003)
Skype™ 6.14 (Version: 6.14.104)
Smart Technology Programming Software 7.0.27.13 (Version: 7.0.27.13)
Software Updater (Version: 4.2.7)
Spotify (Version: 0.9.1.57.ge7405149)
Starseed Pilgrim
Steam (Version: 1.0.0.0)
Super Meat Boy
System Requirements Lab CYRI (Version: 6.0.3.0)
System Requirements Lab for Intel (Version: 4.5.13.0)
The Binding of Isaac
The Swapper
TrackMania² Canyon
Uplay (Version: 4.3)
VirtualDJ Home FREE (Version: 7.4)
VLC media player 2.1.3 (Version: 2.1.3)
Windows Live Communications Platform (Version: 16.4.3508.0205)
Windows Live Essentials (Version: 16.4.3508.0205)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (Version: 16.4.3508.0205)
Windows Live Photo Common (Version: 16.4.3508.0205)
Windows Live PIMT Platform (Version: 16.4.3508.0205)
Windows Live SOXE (Version: 16.4.3508.0205)
Windows Live SOXE Definitions (Version: 16.4.3508.0205)
Windows Live UX Platform (Version: 16.4.3508.0205)
Windows Live UX Platform Language Pack (Version: 16.4.3508.0205)
 
========================= Devices: ================================
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Lexmark X422
Description: Lexmark X422
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Lexmark
Service: usbscan
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 35%
Total physical RAM: 8181.86 MB
Available physical RAM: 5310.65 MB
Total Pagefile: 16361.89 MB
Available Pagefile: 12992.48 MB
Total Virtual: 4095.88 MB
Available Virtual: 3986.98 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:111.69 GB) (Free:22.47 GB) NTFS
3 Drive e: () (Removable) (Total:7.39 GB) (Free:5.76 GB) FAT32
4 Drive f: (External Hard Drive) (Fixed) (Total:465.76 GB) (Free:195.38 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\OWNER-PC
 
Administrator            Guest                    Supadupadood             
 
========================= Minidump Files ==================================
 
========================= Restore Points ==================================
 
21-05-2014 18:01:59 Windows Update
24-05-2014 01:58:28 Installed Razer Synapse 2.0.
 
**** End of log ****


#26 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,793 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:09:03 AM

Posted 27 May 2014 - 08:30 AM

Hello supadupadood,

 

I wanted to apologize for my delay in responding this past weekend -- it was a busy one for me.

 

I am hoping to get your next set of instructions posted this afternoon. :)


CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.


#27 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,793 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:09:03 AM

Posted 27 May 2014 - 12:47 PM

Hi,

 

Please try Creating a New Google Chrome User Profile.

 

Once logged in to the new user profile, try replicating the redirection.


CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.


#28 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,793 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:09:03 AM

Posted 30 May 2014 - 10:59 AM

3 Day Inactivity

This is the third day since my last post. Are you still there?

If you need more time, just let me know.

If you do not post within 48 hours, this thread will be closed due to inactivity.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.


#29 supadupadood

supadupadood
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:03 AM

Posted 31 May 2014 - 12:05 AM

Sorry, out of town for the last 2 days.

 

That seems to do the trick. I created a new Chrome user, and it no longer redirects searches.

 

Thanks!

 

Ben



#30 supadupadood

supadupadood
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:03 AM

Posted 31 May 2014 - 12:06 AM

Wait, nevermind. it's still there.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users