06-05-2013 08:46 PM
Combofix took the leftover registry key I wanted
- - - - ORPHANS REMOVED - - - -
Wow6432Node-HKCU-Run-KHCONF - c:\users\Jeremy\AppData\Local\KHCONF\dimruouw.dll
Are you getting redirected / hijacked now??
06-05-2013 08:53 PM
i tested with several searches, and no hijacking. however, i am receiving a message upon some sites loading which states:
"you are about to leave a secure internet connection. it will be possible for others to view information you send. do you want to continue"
no idea what that is. i did turn all securities back to defualt or the searches, i hope that was ok
06-05-2013 08:57 PM
Are you using Internet Explorer (IE)??
"you are about to leave a secure internet connection. it will be possible for others to view information you send. do you want to continue" I have seen in IE as part of it's security settings.
06-05-2013 08:58 PM
yes i am. i think i understand it now to be just the option to never show that message having refreshed to allow it, and i forgot it was normal. so all in all testing shows no problems then :)
06-05-2013 09:03 PM
OK time ti remove all of combofix's files and OTL cleanup.
Disable Norton / Symantec for say 30mins
Start OTL, (Right click and from the menu choose "Run as Administrator")
Click the Scan All Users checkbox.
Change file age to 60 days
A new OTL.txt will be created to attach