SpyWare BeWare! ASAP
March 25, 2017, 12:52:19 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News:
 
   Home   Help Search Calendar Donations Login Register Chat  



Google It!
Pages: 1 2 [3]   Go Down
  Print  
Author Topic: wgsdgsdgdsgsd.dll.... FBI MoneyPak Ransomware or the Reveton Trojan  (Read 3927 times)
0 Members and 1 Guest are viewing this topic.
pennylane821
Newbie
*
Offline Offline

Gender: Female
Date Registered:January 21, 2013, 05:15:53 PM
Posts: 23


"I'll see you on the dark side of the moon...."


« Reply #30 on: March 03, 2013, 08:42:34 PM »

 Grin thumbsup biggrin yippee Cool

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 7.0.6000.16982  BrowserJavaVersion: 10.15.2
Run by Melissa Bodine at 19:32:21 on 2013-03-03
Microsoft® Windows Vista™ Home Premium   6.0.6000.0.1252.1.1033.18.3032.1516 [GMT -6:00]
.
.
============== Running Processes ================
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Users\Melissa Bodine\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\JustCloud\JustCloud.exe
C:\Users\Melissa Bodine\AppData\Local\Google\Update\1.3.21.135\GoogleCrashHandler.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe
C:\Program Files\JustCloud\BackupStack.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
EB: Adobe PDF: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Google Update] "c:\users\melissa bodine\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop elements 5.0\apdproxy.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [Adobe_ID0EYTHM] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\meliss~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\justcl~1.lnk - c:\program files\justcloud\JustCloud.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000003}\_SC_Acrobat.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobea~2.lnk - c:\program files\adobe\acrobat 8.0\acrobat\AdobeCollabSync.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{45E155ED-3E31-491B-85EC-99CB23007C90} : DHCPNameServer = 209.18.47.61 209.18.47.62
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Notify: igfxcui - igfxdev.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\melissa bodine\appdata\roaming\mozilla\firefox\profiles\awu69gy8.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\users\melissa bodine\appdata\local\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_171.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - plugin: c:\windows\system32\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-11-8 250080]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-8-24 301920]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-9-4 33112]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-11-2 5174392]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R2 BackupStack;Computer Backup (JustCloud);c:\program files\justcloud\BackupStack.exe [2013-1-8 32808]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2012-12-10 142176]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2012-1-29 122880]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\14.2.0\toolbarupdater.exe --> c:\program files\common files\avg secure search\vtoolbarupdater\14.2.0\ToolbarUpdater.exe [?]
S3 OKI OPHD DCS Loader;OKI OPHD DCS Loader;c:\windows\system32\spool\drivers\w32x86\3\OPHDLDCS.EXE [2006-12-29 24576]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2006-11-2 19968]
.
=============== File Associations ===============
.
FileExt: .js: jsfile="c:\program files\adobe\adobe dreamweaver cs3\Dreamweaver.exe","%1"
ShellExec: dreamweaver.exe: Open="c:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2013-03-01 18:42:22   63   ----a-w-   c:\windows\DeleteOnReboot.bat
2013-02-28 16:27:21   --------   d-----w-   c:\users\melissa bodine\appdata\roaming\Malwarebytes
2013-02-28 16:26:58   --------   d-----w-   c:\programdata\Malwarebytes
2013-02-28 16:26:56   21104   ----a-w-   c:\windows\system32\drivers\mbam.sys
2013-02-28 16:26:56   --------   d-----w-   C:\Malwarebytes' Anti-Malware
2013-02-23 04:32:03   94112   ----a-w-   c:\windows\system32\WindowsAccessBridge.dll
2013-02-12 19:52:54   --------   d-----w-   c:\users\melissa bodine\appdata\local\HP
.
==================== Find3M  ====================
.
2013-02-27 01:38:58   71024   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-27 01:38:58   691568   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
2013-02-23 04:30:47   861088   ----a-w-   c:\windows\system32\npDeployJava1.dll
2013-02-23 04:30:47   782240   ----a-w-   c:\windows\system32\deployJava1.dll
2013-02-19 17:41:08   33112   ----a-w-   c:\windows\system32\drivers\avgtpx86.sys
2012-12-10 09:28:36   142176   ----a-w-   c:\windows\system32\drivers\avgidsdriverx.sys
.
============= FINISH: 19:34:39.15 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 1/29/2012 1:38:24 AM
System Uptime: 3/3/2013 7:23:12 PM (0 hours ago)
.
Motherboard: Dell Inc. |  | 0D176M
Processor: Pentium(R) Dual-Core CPU       T4400  @ 2.20GHz | U2E1 | 1200/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 233 GiB total, 133.823 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Ethernet Controller
Device ID: PCI\VEN_14E4&DEV_1698&SUBSYS_02BE1028&REV_10\4&2BCEBCDB&0&00E5
Manufacturer:
Name: Ethernet Controller
PNP Device ID: PCI\VEN_14E4&DEV_1698&SUBSYS_02BE1028&REV_10\4&2BCEBCDB&0&00E5
Service:
.
Class GUID:
Description: Base System Device
Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_02BE1028&REV_12\4&31FC8C23&0&0AF0
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_02BE1028&REV_12\4&31FC8C23&0&0AF0
Service:
.
Class GUID:
Description: Base System Device
Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_02BE1028&REV_12\4&31FC8C23&0&0BF0
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_02BE1028&REV_12\4&31FC8C23&0&0BF0
Service:
.
Class GUID:
Description: Base System Device
Device ID: PCI\VEN_1180&DEV_0852&SUBSYS_02BE1028&REV_12\4&31FC8C23&0&0CF0
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_1180&DEV_0852&SUBSYS_02BE1028&REV_12\4&31FC8C23&0&0CF0
Service:
.
Class GUID:
Description: SM Bus Controller
Device ID: PCI\VEN_8086&DEV_2930&SUBSYS_02BE1028&REV_03\3&11583659&0&FB
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_8086&DEV_2930&SUBSYS_02BE1028&REV_03\3&11583659&0&FB
Service:
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
 Update for Microsoft Office 2007 (KB2508958)
Add or Remove Adobe Creative Suite 3 Web Premium
Adobe Acrobat 8 Professional
Adobe Acrobat Connect Add-in
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Common File Installer
Adobe Contribute CS3
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Help Center 2.1
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Photoshop Elements 5.0
Adobe Premiere Elements 3.0.2
Adobe Premiere Elements 3.0.2 Templates
Adobe Reader X (10.1.6)
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Version Cue CS3 Server
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
AHV content for Acrobat and Flash
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG 2012
Bonjour
Business Contact Manager for Outlook 2007 SP2
Canon Easy-WebPrint EX
Canon MP Navigator EX 3.1
Canon MX340 series MP Drivers
Canon MX340 series User Registration
Canon Speed Dial Utility
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
Corel Graphics - Windows Shell Extension
CorelDRAW Graphics Suite X6
CorelDRAW Graphics Suite X6 - Capture
CorelDRAW Graphics Suite X6 - Common
CorelDRAW Graphics Suite X6 - Connect
CorelDRAW Graphics Suite X6 - Custom Data
CorelDRAW Graphics Suite X6 - Draw
CorelDRAW Graphics Suite X6 - EN
CorelDRAW Graphics Suite X6 - Filters
CorelDRAW Graphics Suite X6 - FontNav
CorelDRAW Graphics Suite X6 - IPM
CorelDRAW Graphics Suite X6 - PHOTO-PAINT
CorelDRAW Graphics Suite X6 - Photozoom Plugin
CorelDRAW Graphics Suite X6 - Redist
CorelDRAW Graphics Suite X6 - Setup Files
CorelDRAW Graphics Suite X6 - VBA
CorelDRAW Graphics Suite X6 - VideoBrowser
CorelDRAW Graphics Suite X6 - VSTA
CorelDRAW Graphics Suite X6 - Writing Tools
File Type Assistant
Free File Viewer 2011
FreeFixer
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
Google Chrome
Google Earth
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
Intel(R) Graphics Media Accelerator Driver
Intel(R) TV Wizard
iTunes
Java 7 Update 15
Java Auto Updater
JustCloud
Malwarebytes Anti-Malware version 1.70.0.1100
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual Basic for Applications 7.1 (x86)
Microsoft Visual Basic for Applications 7.1 (x86) English
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual Studio Tools for Applications 2.0 - ENU
Microsoft Visual Studio Tools for Applications 2.0 Runtime
Mozilla Firefox 19.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
PDF Settings
PhotoScape
Picasa 3
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
System Requirements Lab
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2767848) 32-Bit Edition
.
==== End Of File ===========================
Logged
melboy
Moderator
Hero Member
*****
Offline Offline

Date Registered:April 02, 2009, 02:56:03 AM
Posts: 756



« Reply #31 on: March 04, 2013, 12:40:05 PM »


Hi

It's hard to tell how you got infected but It most likely came from an infected torrent or web based exploit. You removed bittorent so that should help, & updating vulnerable programs such as Adobe and Oracle Java can mitigate the threat from exploits. It's unlikely that any of your personal docs in your backups are infected.

Incidently, Adobe Reader has been updated again in the time we have been busy with this thread.

Update Adobe Reader

Your Adobe Reader is out of date.
Older versions may have vulnerabilities that malware can use to infect your system.

  • Using the internal updater ensure the software is updated to the current increment 10.1.6
  • Open Adobe Reader go to > Help > Check for updates and allow the updater to check.
  • Click to download and install any necessary updates.
.

-------------------------------------

Your log now appears to be clean. Congratulations!

This is my general post for when your logs show no more signs of malware Wink - Please let me know if you still are having problems with your computer and what these problems are.


AdwCleaner

  • Right click AdwCleaner.exe & choose "Run as Administrator" to run it.
  • Click Uninstall.
  • Click Yes to the prompt.
    AdwCleaner will close and uninstall itself
.
Note: If AdwCleaner prompts you an update is available, click Cancel and continue to uninstall.


OTL by OldTimer

  • Right click on OTL.exe and select "Run as Administrator"
  • Click the CleanUp! button
  • Select Yes when the Begin cleanup Process? Prompt appears
  • If you are prompted to Reboot during the cleanup, select Yes
  • The tool will delete itself once it finishes, if not delete it by yourself
.


Create a new, clean System Restore point

  • Click on Start > Control Panel.
  • Double click on System.
  • On the left, click on the System Protection link.
  • At the bottom right hand corner, click on the Create... button.
  • Give this System Restore point a descriptive name and click on Create.
  • You should receive a prompt that a System Restore point is created successfully. Click OK to confirm.
  • Click OK again to close the System Protection window. Then close Control Panel.
.
Warning: Do not clear infected System Restore points before creating a new System Restore point first!

Please read the above to create a new System Restore point first, then clear out the infected System Restore points.


Clear infected System Restore points

  • Click on Start > All Programs > Accessories > System Tools.
  • Right click on Disk Cleanup and select Run As Administrator to run it. UAC will prompt. Allow it.
  • Select your C drive and click OK.
  • Select the More Options tab.
  • Under System Restore and Shadow Copies, click on the Clean up... button.
  • You will receive a prompt. Click on Delete to delete the old System Restore points.
  • When done, click OK. You will receive another prompt. Click Delete Files to confirm.
  • When done, Disk Cleanup will automatically close.
.

--------------------------------------


General Security and Computer Health
Below are some steps to follow in order to dramatically lower the chances of reinfection. You may have already implemented some of the steps below, however you should follow any steps that you have not already implemented.


Enable UAC

User Account Control (UAC) is a feature in Windows that can help prevent unauthorized changes to your computer.  Here's an explanation.

  • Click on Start > Control Panel.
  • Double click on User Accounts.
  • Under Make changes to your user account, click on Turn User Account Control on or off.
  • Check (tick) this box: Use User Account Control (UAC) to help protect the computer.
  • Click OK.
.
  • Make sure that you keep your antivirus updated
    New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
    Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.

  • Security Updates for Windows, Internet Explorer & Microsoft Office
    Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC.  Keeping up with these patches will help to prevent malicious software being installed on your PC. Manually check for Windows updates via Start (Vista Orb)  > All Programs > Windows Update > In the left pane, click Check for updates, and then wait while Windows looks for the latest updates for your PC, or visit the Microsoft Update site on a regular basis.
    Note: The update process uses ActiveX, so you will need to use internet explorer for it and allow the ActiveX control to install.

  • Update Non-Microsoft Programs
    Microsoft isn't the only company whose products can contain security vulnerabilities.  To check whether other programs running on your PC are in need of an update, you can use the Secunia Software Inspector - I suggest that you run it at least once a month.
    .

    Recommended Programs

    I would recommend the download and installation of some or all of the following programs (if not already present), and the updating of them on a regular basis.

    • WinPatrol
      As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission.  WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.  For more information, please visit HERE.

    • Malwarebytes' Anti-Malware
      As you already have Malwarebytes' Anti-Malware on board I would keep it regularly updated and run regular quick scans with it. Malwarebytes' Anti-Malware is an anti-malware application that can thoroughly remove even the most advanced malware. The Full version can be used as an addition to an anti-virus & includes a number of features, including a built in protection monitor that blocks malicious processes before they even start. It's IP Protection provides an additional layer of security for your computer, by preventing access to known malicious IP addresses and IP ranges. You can now trial the full versions features within the program. Click the Protection Tab to see.

    • Hosts File
      For added protection you may also like to add a host file.  A simple explanation of what a Hosts file does is HERE and for more information regarding host files read HERE.
    .


    Finally I am trying to make one point very clear. It is absolutely essential to keep all of your security programs up to date.

    Also please read this great article by Tony Klein So How Did I Get Infected In First Place

    I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

    Happy surfing and stay clean!
[/quote]
Logged

pennylane821
Newbie
*
Offline Offline

Gender: Female
Date Registered:January 21, 2013, 05:15:53 PM
Posts: 23


"I'll see you on the dark side of the moon...."


« Reply #32 on: March 05, 2013, 01:20:29 PM »

I am worried there is still something wrong with it.. It is still saying "not responding" more often than I think it should.. and it freezes.... I was trying to install the update for iTunes and it froze up so I hit "stop" and it has been in the process of "cancelling" for a few minutes now...maybe my computer is just old and slow?  Do you have any advice as to how to keep this from happening again?
Logged
melboy
Moderator
Hero Member
*****
Offline Offline

Date Registered:April 02, 2009, 02:56:03 AM
Posts: 756



« Reply #33 on: March 05, 2013, 01:58:53 PM »

Hi

Is this specifically your browser - which one?

How far did you get with my instructions above?

Logged

pennylane821
Newbie
*
Offline Offline

Gender: Female
Date Registered:January 21, 2013, 05:15:53 PM
Posts: 23


"I'll see you on the dark side of the moon...."


« Reply #34 on: March 05, 2013, 04:24:42 PM »

Hi,

I use Mozilla if that is what you mean but the "not responding" message happens everywhere... just a minute ago Word stopped responding and had to close...in regards to your list, I am currently working on the "System Restore Point"... did I do something wrong...?
Logged
melboy
Moderator
Hero Member
*****
Offline Offline

Date Registered:April 02, 2009, 02:56:03 AM
Posts: 756



« Reply #35 on: March 05, 2013, 05:28:04 PM »

Hi

No, nothing wrong.

I don't believe at this stage your current problems are malware related. We'll perform some general maintenance & then bring Windows up to date. You have no service packs installed. Service Packs and other updates contain both security fixes and bug fixes for stability too. Currently with no service packs installed, your version of Windows is unsupported. 

First check your hard disk for errors.

The instructions on how to do this are here.

Check for both file errors and physical errors, selecting both Automatically fix file system errors and Scan for and attempt recovery of bad sectors.

--------------------------------

When you've completed that, download and install Service Pack 1 for Windows Vista from here.

Let me know when you have completed that, or if you encounter any problems.
Logged

pennylane821
Newbie
*
Offline Offline

Gender: Female
Date Registered:January 21, 2013, 05:15:53 PM
Posts: 23


"I'll see you on the dark side of the moon...."


« Reply #36 on: March 05, 2013, 07:02:40 PM »

Question (surprise, surprise)... When this computer was purchased in 2010 it came with Windows 7... In 2011 it was infected with some other virus and my ex-husband cleared the whole thing off... he said he couldn't find the key to reinstall Windows 7 and for some reason put Vista on it... Should I contact Dell and get the key to put Windows 7 back on here?  Is that a better operating system?  I thought I should ask before doing anymore Windows related updates, etc.... Again, Thank you so so so so much for your help
Logged
melboy
Moderator
Hero Member
*****
Offline Offline

Date Registered:April 02, 2009, 02:56:03 AM
Posts: 756



« Reply #37 on: March 05, 2013, 07:21:40 PM »

Hi

As this is a Dell there should be the option to restore it to factory settings. You shouldn't need the key if you restore it using this method.

Instructions here

If you are not able to do this, contact Dell support to order the recovery media. Available here.

Whichever way you choose, ensure all your personal files are backed up first.
Logged

pennylane821
Newbie
*
Offline Offline

Gender: Female
Date Registered:January 21, 2013, 05:15:53 PM
Posts: 23


"I'll see you on the dark side of the moon...."


« Reply #38 on: March 07, 2013, 11:28:46 AM »

If I have everything backed up to 'JustCloud.com' do i still need to do that backup through windows?  Only asking because it needs blank cds and I am wondering if I should go buy some or not...I am sorry for all of the questions... Isn't it sad to know that I am the "computer person" everyone comes to with questions at my office?
Logged
melboy
Moderator
Hero Member
*****
Offline Offline

Date Registered:April 02, 2009, 02:56:03 AM
Posts: 756



« Reply #39 on: March 07, 2013, 06:36:56 PM »

Hi Smiley

Although it wouldn't hurt to have an alternative backup plan in place as well, if you're happy enough that your all your important personal data is backed up to JustCloud, then it doesn't really matter where or what media your data is backed up to - be it online storage, external hard drive or CD/DVD's.
Logged

melboy
Moderator
Hero Member
*****
Offline Offline

Date Registered:April 02, 2009, 02:56:03 AM
Posts: 756



« Reply #40 on: March 12, 2013, 04:43:38 PM »

As this issue appears resolved this Topic is now closed.

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine.

Any other members requiring Malware Removal assistance, Please Start HERE!


If you have been helped and wish to donate to help with the costs of this volunteer site:
Please Help Support This Site and ASAP™


Thanks!
Logged

Pages: 1 2 [3]   Go Up
  Print  
 
Jump to:  


Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2013, Simple Machines Valid XHTML 1.0! Valid CSS!