SpyWare BeWare! ASAP
April 28, 2017, 05:10:28 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News:
 
   Home   Help Search Calendar Donations Login Register Chat  



Google It!
Pages: 1 [2] 3   Go Down
  Print  
Author Topic: wgsdgsdgdsgsd.dll.... FBI MoneyPak Ransomware or the Reveton Trojan  (Read 4016 times)
0 Members and 1 Guest are viewing this topic.
melboy
Moderator
Hero Member
*****
Offline Offline

Date Registered:April 02, 2009, 02:56:03 AM
Posts: 756



« Reply #15 on: February 27, 2013, 05:56:16 PM »

Hi

When you post the mbam log, could you attach the AdwCleaner log to your next post too - thanks.

Attach file

  • In the Reply box, click Preview
  • Click + Additional options
  • Click Attach: Choose File
  • In the Open window, copy & paste the following in red into the File name: box and click Open

    C:\AdwCleaner[R1].txt

  • The file will attach to your post.
  • Click Post when you are ready to post your next reply.
Logged

pennylane821
Newbie
*
Offline Offline

Gender: Female
Date Registered:January 21, 2013, 05:15:53 PM
Posts: 23


"I'll see you on the dark side of the moon...."


« Reply #16 on: February 28, 2013, 11:29:13 AM »

when installing the malwarebytes it said to disable firewall and anti virus, should i do that?
Logged
melboy
Moderator
Hero Member
*****
Offline Offline

Date Registered:April 02, 2009, 02:56:03 AM
Posts: 756



« Reply #17 on: February 28, 2013, 12:07:24 PM »

Hi

You shouldn't really need to unless you have problems installing it. Try it without doing that first.

If you need to, there's help to disable AVG here:  http://www.avg.com/ww-en/faq.num-5238







Logged

pennylane821
Newbie
*
Offline Offline

Gender: Female
Date Registered:January 21, 2013, 05:15:53 PM
Posts: 23


"I'll see you on the dark side of the moon...."


« Reply #18 on: February 28, 2013, 07:50:30 PM »

I see it in the list! wow.... that's messed up.. okay but the problem now is it's not responding.. it's frozen ... it was maybe 3/4 of the way finished removing all ten million malicious files before it stopped responding.. now what...? Sad
Logged
pennylane821
Newbie
*
Offline Offline

Gender: Female
Date Registered:January 21, 2013, 05:15:53 PM
Posts: 23


"I'll see you on the dark side of the moon...."


« Reply #19 on: February 28, 2013, 08:05:58 PM »

false alarm... IS IT GONE?!?!?!

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.02.28.08

Windows Vista x86 NTFS
Internet Explorer 7.0.6000.16982
Melissa Bodine :: MELISSABODIN-PC [administrator]

2/28/2013 6:26:21 PM
mbam-log-2013-02-28 (18-26-21).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 232298
Time elapsed: 11 minute(s), 1 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 17
HKCR\CLSID\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\TypeLib\{44444444-4444-4444-4444-440044224458} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\Interface\{55555555-5555-5555-5555-550055225558} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0002258.BHO.1 (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\CLSID\{22222222-2222-2222-2222-220022222258} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0002258.Sandbox.1 (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0002258.Sandbox (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\CLSID\{33333333-3333-3333-3333-330033223358} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0002258.FBApi.1 (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0002258.FBApi (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0002258.BHO (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk (PUP.GamesPlayLab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk (PUP.GamesPlayLab) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 4
C:\Users\Melissa Bodine\Local Settings\Application Data\I Want This (Adware.GamePlayLab) -> Quarantined and deleted successfully.
C:\Users\Melissa Bodine\Local Settings\Application Data\I Want This\Chrome (Adware.GamePlayLab) -> Quarantined and deleted successfully.
C:\Users\Melissa Bodine\AppData\Local\I Want This (Adware.GamePlayLab) -> Quarantined and deleted successfully.
C:\Users\Melissa Bodine\AppData\Local\I Want This\Chrome (Adware.GamePlayLab) -> Quarantined and deleted successfully.

Files Detected: 5
C:\Users\Melissa Bodine\Downloads\photoscape setup.exe (PUP.AdBundle) -> Quarantined and deleted successfully.
C:\ProgramData\dsgsdgdsgdsgw.pad (Exploit.Drop.GSA) -> Quarantined and deleted successfully.
C:\Users\Melissa Bodine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk (Trojan.Ransom.SUGen) -> Quarantined and deleted successfully.
C:\Users\Melissa Bodine\Local Settings\Application Data\I Want This\Chrome\I Want This.crx (Adware.GamePlayLab) -> Quarantined and deleted successfully.
C:\Users\Melissa Bodine\AppData\Local\I Want This\Chrome\I Want This.crx (Adware.GamePlayLab) -> Quarantined and deleted successfully.

(end)
Logged
melboy
Moderator
Hero Member
*****
Offline Offline

Date Registered:April 02, 2009, 02:56:03 AM
Posts: 756



« Reply #20 on: March 01, 2013, 12:46:48 PM »

Hi Smiley

It's starting to look a lot better, how are things running now?

AdwCleaner

  • Right click AdwCleaner.exe & chosse "Run as Administrator" to run it
  • Click Delete.
  • Click OK to the prompt.
  • The tool will run & your computer will be rebooted automatically. A logfile will open after the restart.
  • Post the contents of the logfile with your next reply.
  • You can also find the logfile at C:\AdwCleaner[s1].txt.
.
Note: If AdwCleaner prompts you an update is available, click Cancel and continue with the instructions.
Logged

pennylane821
Newbie
*
Offline Offline

Gender: Female
Date Registered:January 21, 2013, 05:15:53 PM
Posts: 23


"I'll see you on the dark side of the moon...."


« Reply #21 on: March 01, 2013, 01:17:26 PM »

It is running way faster...:-) I am eternally grateful and really would like to know how to thank you...
Logged
melboy
Moderator
Hero Member
*****
Offline Offline

Date Registered:April 02, 2009, 02:56:03 AM
Posts: 756



« Reply #22 on: March 01, 2013, 01:29:04 PM »

It is running way faster...:-) I am eternally grateful and really would like to know how to thank you...
You just did!  thumbsup

Do you have the AdwCleaner log? Smiley
Logged

pennylane821
Newbie
*
Offline Offline

Gender: Female
Date Registered:January 21, 2013, 05:15:53 PM
Posts: 23


"I'll see you on the dark side of the moon...."


« Reply #23 on: March 01, 2013, 03:38:05 PM »

It keeps freezing up around probably 10% completion... I had to force close the first time and I am trying again but same story... I let it sit for almost an hour before deciding to 'x' out of it...
Logged
melboy
Moderator
Hero Member
*****
Offline Offline

Date Registered:April 02, 2009, 02:56:03 AM
Posts: 756



« Reply #24 on: March 01, 2013, 03:52:00 PM »

Hi

It should only take a few minutes at most. Try running AdwCleaner in safe mode.


Safe mode

How to boot into Safe Mode:

Restart your computer and as soon as it starts booting up again continuously tap the F8 key. The Advanced Boot Options menu should appear where you will be given the option to enter Safe Mode, please do so.

If any problems refer to this tutorial.
Logged

pennylane821
Newbie
*
Offline Offline

Gender: Female
Date Registered:January 21, 2013, 05:15:53 PM
Posts: 23


"I'll see you on the dark side of the moon...."


« Reply #25 on: March 01, 2013, 11:28:55 PM »

I can't find it in safe mode... idiot2
Logged
melboy
Moderator
Hero Member
*****
Offline Offline

Date Registered:April 02, 2009, 02:56:03 AM
Posts: 756



« Reply #26 on: March 02, 2013, 03:09:59 AM »

Hi

It should still be in the same location.

C:\Users\Melissa Bodine\Downloads\Adwcleaner.exe
Logged

pennylane821
Newbie
*
Offline Offline

Gender: Female
Date Registered:January 21, 2013, 05:15:53 PM
Posts: 23


"I'll see you on the dark side of the moon...."


« Reply #27 on: March 02, 2013, 02:47:05 PM »

# AdwCleaner v2.113 - Logfile created 03/02/2013 at 13:32:11
# Updated 23/02/2013 by Xplode
# Operating system : Windows Vista (TM) Home Premium  (32 bits)
# User : Melissa Bodine - MELISSABODIN-PC
# Boot Mode : Safe mode
# Running from : C:\Users\Melissa Bodine\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\Program Files\Mozilla FireFox\searchplugins\Search_Results.xml
File Deleted : C:\user.js
File Deleted : C:\Users\Melissa Bodine\AppData\Roaming\Mozilla\Firefox\Profiles\awu69gy8.default\searchplugins\Search_Results.xml
Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
Folder Deleted : C:\Users\MELISS~1\AppData\Local\Temp\avg@toolbar
Folder Deleted : C:\Users\Melissa Bodine\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Melissa Bodine\AppData\Local\Babylon
Folder Deleted : C:\Users\Melissa Bodine\AppData\Local\Conduit
Folder Deleted : C:\Users\Melissa Bodine\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_mpfapcdfbbledbojijcbcclmlieaoogk_0
Folder Deleted : C:\Users\Melissa Bodine\AppData\Local\Zoom_Downloader
Folder Deleted : C:\Users\Melissa Bodine\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Melissa Bodine\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Melissa Bodine\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Melissa Bodine\AppData\LocalLow\BitTorrentControl_v12
Folder Deleted : C:\Users\Melissa Bodine\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Melissa Bodine\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Melissa Bodine\AppData\Roaming\Mozilla\Firefox\Profiles\awu69gy8.default\Smartbar

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\BitTorrentControl_v12
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\I Want This
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\BitTorrentControl_v12
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4B69AB9E-64FC-40A5-B51E-275841AF64AA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E20AC1DB-792A-41CC-BC36-70C2EFE618C2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3225826
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4CCC95C6-5A2B-445F-8471-D265388F0AE0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8028255A-A01A-4FF6-AE28-710090AEC3DC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E20AC1DB-792A-41CC-BC36-70C2EFE618C2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\Software\Tarma Installer
Key Deleted : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Key Deleted : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{28387537-E3F9-4ED7-860C-11E69AF4A8A0}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [Internet Browsers] *****

-\\ Internet Explorer v7.0.6000.16982

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?babsrc=HP_Prot --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://isearch.avg.com/tab?cid={886F4E32-CF75-48F1-873E-995A1DE92691}&mid=19a4c4d07c4147d18f2c1d955f2f7fa6-e9ace9bb0cf9b350409bebb1e50452052adfb509&lang=en&ds=ft011&pr=sa&d=2012-07-14 11:24:52&pid=avg&sg=&v=14.2.0.1&sap=nt --> hxxp://www.google.com

-\\ Mozilla Firefox v19.0 (en-US)

File : C:\Users\Melissa Bodine\AppData\Roaming\Mozilla\Firefox\Profiles\awu69gy8.default\prefs.js

C:\Users\Melissa Bodine\AppData\Roaming\Mozilla\Firefox\Profiles\awu69gy8.default\user.js ... Deleted !

Deleted : user_pref("CT3225826.129887590378280857.APP_WIN_FEATURES", "resizable=0,saveresizedsize=0,titlebar=0[...]
Deleted : user_pref("CT3225826.BT_Stats", "{\"last_log\":1354742832,\"uuid\":592939124055163,\"seq_id\":43,\"s[...]
Deleted : user_pref("CT3225826.BT_Usage", "{\"uuid\":592939124055163,\"seq_id\":11}");
Deleted : user_pref("CT3225826.CBOpenMAMSettings", "0");
Deleted : user_pref("CT3225826.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"false\"}");
Deleted : user_pref("CT3225826.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Deleted : user_pref("CT3225826.FirstTime", "true");
Deleted : user_pref("CT3225826.FirstTimeFF3", "true");
Deleted : user_pref("CT3225826.UserID", "UN39771894164519916");
Deleted : user_pref("CT3225826.addressBarTakeOverEnabledInHidden", "true");
Deleted : user_pref("CT3225826.autoDisableScopes", 14);
Deleted : user_pref("CT3225826.cb", "0");
Deleted : user_pref("CT3225826.cb_experience_000", "522");
Deleted : user_pref("CT3225826.cb_firstuse0100", "1");
Deleted : user_pref("CT3225826.cbcountry_001", "US");
Deleted : user_pref("CT3225826.cbfirsttime", "Sat Sep 22 2012 18:48:33 GMT-0500 (Central Daylight Time)");
Deleted : user_pref("CT3225826.defaultSearch", "FALSE");
Deleted : user_pref("CT3225826.embeddedsData", "[{\"appId\":\"129830626805552092\",\"apiPermissions\":{\"cross[...]
Deleted : user_pref("CT3225826.enableAlerts", "always");
Deleted : user_pref("CT3225826.enableSearchFromAddressBar", "FALSE");
Deleted : user_pref("CT3225826.firstTimeDialogOpened", "true");
Deleted : user_pref("CT3225826.fixPageNotFoundError", "true");
Deleted : user_pref("CT3225826.fixPageNotFoundErrorInHidden", "true");
Deleted : user_pref("CT3225826.fixUrls", true);
Deleted : user_pref("CT3225826.hxxp___www_socialgrowthtechnologies_com_couponbuddy_v001.APP_WIN_FEATURES", "op[...]
Deleted : user_pref("CT3225826.installId", "fftDA29.tmp.exe");
Deleted : user_pref("CT3225826.installType", "XPE");
Deleted : user_pref("CT3225826.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3225826.isNewTabEnabled", false);
Deleted : user_pref("CT3225826.isPerformedSmartBarTransition", "true");
Deleted : user_pref("CT3225826.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Deleted : user_pref("CT3225826.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Deleted : user_pref("CT3225826.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxps[...]
Deleted : user_pref("CT3225826.openThankYouPage", "true");
Deleted : user_pref("CT3225826.openUninstallPage", "FALSE");
Deleted : user_pref("CT3225826.search.searchAppId", "129830626805552092");
Deleted : user_pref("CT3225826.search.searchCount", "0");
Deleted : user_pref("CT3225826.searchInNewTabEnabled", "false");
Deleted : user_pref("CT3225826.searchInNewTabEnabledInHidden", "true");
Deleted : user_pref("CT3225826.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3225826.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"false\"}");
Deleted : user_pref("CT3225826.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Deleted : user_pref("CT3225826.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Deleted : user_pref("CT3225826.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Deleted : user_pref("CT3225826.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3225826.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3225826.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Deleted : user_pref("CT3225826.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Deleted : user_pref("CT3225826.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1354051245877");
Deleted : user_pref("CT3225826.serviceLayer_services_appTracking_lastUpdate", "1352299999763");
Deleted : user_pref("CT3225826.serviceLayer_services_appsMetadata_lastUpdate", "1354748494356");
Deleted : user_pref("CT3225826.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1354726631552");
Deleted : user_pref("CT3225826.serviceLayer_services_login_10.10.27.6_lastUpdate", "1354741032473");
Deleted : user_pref("CT3225826.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1354726631645");
Deleted : user_pref("CT3225826.serviceLayer_services_searchAPI_lastUpdate", "1354742516365");
Deleted : user_pref("CT3225826.serviceLayer_services_serviceMap_lastUpdate", "1354742515298");
Deleted : user_pref("CT3225826.serviceLayer_services_toolbarContextMenu_lastUpdate", "1354726631480");
Deleted : user_pref("CT3225826.serviceLayer_services_toolbarSettings_lastUpdate", "1354748494020");
Deleted : user_pref("CT3225826.serviceLayer_services_translation_lastUpdate", "1354742515473");
Deleted : user_pref("CT3225826.settingsINI", true);
Deleted : user_pref("CT3225826.shouldFirstTimeDialog", "false");
Deleted : user_pref("CT3225826.smartbar.CTID", "CT3225826");
Deleted : user_pref("CT3225826.smartbar.Uninstall", "0");
Deleted : user_pref("CT3225826.smartbar.isHidden", true);
Deleted : user_pref("CT3225826.smartbar.toolbarName", "BitTorrentControl_v12 ");
Deleted : user_pref("CT3225826.toolbarBornServerTime", "23-9-2012");
Deleted : user_pref("CT3225826.toolbarCurrentServerTime", "5-12-2012");
Deleted : user_pref("CT3225826.url_history0001", "hxxps://www.google.com:::clickhandler:::1354746702089,,,hxxp[...]
Deleted : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\11.1.0.12");
Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Deleted : user_pref("browser.search.order.1", "Search Results");
Deleted : user_pref("keyword.URL", "hxxps://isearch.avg.com/search?cid={886F4E32-CF75-48F1-873E-995A1DE92691}&[...]

-\\ Google Chrome v25.0.1364.97

File : C:\Users\Melissa Bodine\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.1] : icon_url ={"apps_promo_counter":11,"backup":{"_signature":"bjs6ljZH6ecBxZXawS/HsKKbuKcf0z6siYn0gilKsxE=","_ver[...]

*************************

AdwCleaner[R1].txt - [76173 octets] - [27/02/2013 16:20:24]
AdwCleaner[S1].txt - [375 octets] - [01/03/2013 12:41:57]
AdwCleaner[S2].txt - [375 octets] - [01/03/2013 14:27:10]
AdwCleaner[S3].txt - [19889 octets] - [02/03/2013 13:32:11]

########## EOF - C:\AdwCleaner[S3].txt - [19950 octets] ##########
Logged
melboy
Moderator
Hero Member
*****
Offline Offline

Date Registered:April 02, 2009, 02:56:03 AM
Posts: 756



« Reply #28 on: March 03, 2013, 06:35:23 AM »

Hi

Well done. One last check and we are just about done. Smiley

Let me know if you are having any more problems.


Re-run DDS

  • Double click dds.scr to run the tool.
  • When done, please copy &  paste the contents of:
    .
  • DDS.txt
    .
  • Post it in your next reply.
Logged

pennylane821
Newbie
*
Offline Offline

Gender: Female
Date Registered:January 21, 2013, 05:15:53 PM
Posts: 23


"I'll see you on the dark side of the moon...."


« Reply #29 on: March 03, 2013, 08:35:48 PM »

DDS is running right now... is there a way to tell where the virus(es) came from?  I have my files and what not all backed up on JustCloud and I don't want to reinfect my computer?  The only stuff I don't want to lose are my pictures and some work stuff in Office... do you have any advice for me? 

Once again, I am so grateful for your help.  I have already told everyone I know about this forum and I have a couple of people that want me to do the same to their computer.  You guys are really wonderful, thank you.

Melissa
Logged
Pages: 1 [2] 3   Go Up
  Print  
 
Jump to:  


Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2013, Simple Machines Valid XHTML 1.0! Valid CSS!