Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Injected by Jellybrum.


  • Please log in to reply
2 replies to this topic

#1 DarknessVoided

DarknessVoided

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:10:44 AM

Posted 15 June 2015 - 03:59 AM

Here are the AdwCleaner Logs.

# AdwCleaner v4.206 - Logfile created 15/06/2015 at 16:53:07
# Updated 01/06/2015 by Xplode
# Database : 2015-05-31.5 [Local]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Xavier - XAVIER-PC
# Running from : C:\Users\Xavier\Downloads\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
Service Found : Live Malware Protection
Service Found : PrivoxyService
 
***** [ Files / Folders ] *****
 
File Found : C:\Windows\mlwps.exe
Folder Found : C:\ProgramData\Partner
Folder Found : C:\Users\Xavier\AppData\Roaming\Updater
 
***** [ Scheduled tasks ] *****
 
Task Found : Malware Cleaner
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1
Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - 127.0.0.1:8118
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{20B9D1AE-AD1A-38B4-87FE-AF278DA9861D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D3C24E2B-C820-4492-9B69-11BF7163F998}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3C24E2B-C820-4492-9B69-11BF7163F998}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{20B9D1AE-AD1A-38B4-87FE-AF278DA9861D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D3C24E2B-C820-4492-9B69-11BF7163F998}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{20B9D1AE-AD1A-38B4-87FE-AF278DA9861D}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3C24E2B-C820-4492-9B69-11BF7163F998}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IM
Key Found : HKLM\SOFTWARE\sweet-pageSoftware
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [DefaultConnectionSettings]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [SavedLegacySettings]
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17840
 
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxps://gosearch.me/?u=29c96a0bac4dee6fa6cd7b9094266e57&c=up1&src=hp&inst=1434337368
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.sweet-page.com/web/?type=ds&ts=1430050135&from=cor&uid=WDCXWD7500BPVT-22HXZT1_WD-WXD1E70KD039KD039&q={searchTerms}
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.sweet-page.com/web/?type=ds&ts=1430050135&from=cor&uid=WDCXWD7500BPVT-22HXZT1_WD-WXD1E70KD039KD039&q={searchTerms}
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs] - hxxps://gosearch.me/?u=29c96a0bac4dee6fa6cd7b9094266e57&c=up1&src=hp&inst=1434337368
Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.sweet-page.com/web/?type=ds&ts=1430050135&from=cor&uid=WDCXWD7500BPVT-22HXZT1_WD-WXD1E70KD039KD039&q={searchTerms}
Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.sweet-page.com/web/?type=ds&ts=1430050135&from=cor&uid=WDCXWD7500BPVT-22HXZT1_WD-WXD1E70KD039KD039&q={searchTerms}
 
-\\ Google Chrome v43.0.2357.124
 
 
*************************
 
AdwCleaner[R0].txt - [3416 bytes] - [15/06/2015 16:53:07]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [3475 bytes] ##########

Edited by hamluis, 15 June 2015 - 05:31 AM.
Moved from MRL to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 DarknessVoided

DarknessVoided
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:10:44 AM

Posted 15 June 2015 - 04:57 AM

If anyone could inform me if this automatically grabs saved password from google chrome/garena/any other program that would be great. Thanks

#3 DarknessVoided

DarknessVoided
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:10:44 AM

Posted 15 June 2015 - 09:06 AM

Fixed. Factory resetted xD




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users