Jump to content

WGB

Members
  • Posts

    5
  • Joined

  • Last visited

Everything posted by WGB

  1. As part of the delete, i got a notification that an attempt to switch my default search away from google was made. the update was blocked (google kept as default search). # AdwCleaner v2.004 - Logfile created 10/12/2012 at 11:17:56 # Updated 06/10/2012 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Carol - WGBEECK-FAMILY2 # Boot Mode : Normal # Running from : C:\Users\Carol\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** File Deleted : C:\Program Files (x86)\Mozilla FireFox\searchplugins\Search_Results.xml File Deleted : C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\32bm6x6v.default\searchplugins\Search_Results.xml Folder Deleted : C:\Program Files (x86)\Free Offers from Freeze.com Folder Deleted : C:\Program Files (x86)\PriceGong Folder Deleted : C:\ProgramData\boost_interprocess Folder Deleted : C:\Users\Carol\AppData\LocalLow\mediabarim Folder Deleted : C:\Users\Carol\AppData\LocalLow\PriceGong Folder Deleted : C:\Users\Carol\AppData\Roaming\Mozilla\Firefox\Profiles\a4rfb78l.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0} Folder Deleted : C:\Users\Carol\AppData\Roaming\Mozilla\Firefox\Profiles\a4rfb78l.default\mediabarim Folder Deleted : C:\Users\Chelsea\AppData\LocalLow\PriceGong Folder Deleted : C:\Users\Chelsea\AppData\Roaming\Mozilla\Firefox\Profiles\ncm0s2u1.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0} Folder Deleted : C:\Users\Chelsea\AppData\Roaming\Mozilla\Firefox\Profiles\ncm0s2u1.default\FCTB Folder Deleted : C:\Users\Chelsea\AppData\Roaming\Mozilla\Firefox\Profiles\ncm0s2u1.default\mediabarim Folder Deleted : C:\Users\Christopher\AppData\LocalLow\mediabarim Folder Deleted : C:\Users\Christopher\AppData\LocalLow\PriceGong Folder Deleted : C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\32bm6x6v.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0} Folder Deleted : C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\32bm6x6v.default\mediabarim Folder Deleted : C:\Users\William\AppData\LocalLow\mediabarim Folder Deleted : C:\Users\William\AppData\LocalLow\PriceGong Folder Deleted : C:\Users\William\AppData\Roaming\Mozilla\Firefox\Profiles\da1njdot.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0} Folder Deleted : C:\Users\William\AppData\Roaming\Mozilla\Firefox\Profiles\da1njdot.default\mediabarim ***** [Registry] ***** Data Deleted : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\datamngr.dll C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\IEBHO.dll Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong Key Deleted : HKCU\Software\DataMngr Key Deleted : HKCU\Software\DataMngr_Toolbar Key Deleted : HKCU\Software\Headlight Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1631550F-191D-4826-B069-D9439253D926} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{28387537-E3F9-4ED7-860C-11E69AF4A8A0} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1631550F-191D-4826-B069-D9439253D926} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28387537-E3F9-4ED7-860C-11E69AF4A8A0} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{835315FC-1BF6-4CA9-80CD-F6C158D40692} Key Deleted : HKLM\SOFTWARE\Classes\AppID\PriceGongIE.DLL Key Deleted : HKLM\SOFTWARE\Classes\PriceFactorIE.PriceGongBHO Key Deleted : HKLM\SOFTWARE\Classes\PriceFactorIE.PriceGongBHO.1 Key Deleted : HKLM\SOFTWARE\Classes\PriceGongIE.PriceGongCtrl Key Deleted : HKLM\SOFTWARE\Classes\PriceGongIE.PriceGongCtrl.1 Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8B3372D0-09F0-41A5-8D9B-134E148672FB} Key Deleted : HKLM\Software\DataMngr Key Deleted : HKLM\Software\Freeze.com Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1631550F-191D-4826-B069-D9439253D926} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{28387537-E3F9-4ED7-860C-11E69AF4A8A0} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D2A2595C-4FE4-4315-AA9B-19DBD6271B71} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28387537-E3F9-4ED7-860C-11E69AF4A8A0} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{28387537-E3F9-4ED7-860C-11E69AF4A8A0} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PriceGong Key Deleted : HKLM\SOFTWARE\DataMngr Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21} Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr] Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{28387537-E3F9-4ED7-860C-11E69AF4A8A0}] ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.7601.17514 [OK] Registry is clean. -\\ Mozilla Firefox v16.0 (en-US) Profile name : default File : C:\Users\William\AppData\Roaming\Mozilla\Firefox\Profiles\da1njdot.default\prefs.js Deleted : user_pref("keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&appid=895&systemid=2&sr=0&q="); Profile name : default File : C:\Users\Carol\AppData\Roaming\Mozilla\Firefox\Profiles\a4rfb78l.default\prefs.js Deleted : user_pref("browser.search.selectedEngine", "Search Results"); Profile name : default File : C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\32bm6x6v.default\prefs.js Deleted : user_pref("browser.search.defaultenginename", "Search Results"); Deleted : user_pref("browser.search.order.1", "Search Results"); Deleted : user_pref("keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&appid=895&systemid=2&sr=0&q="); Profile name : default File : C:\Users\Chelsea\AppData\Roaming\Mozilla\Firefox\Profiles\ncm0s2u1.default\prefs.js C:\Users\Chelsea\AppData\Roaming\Mozilla\Firefox\Profiles\ncm0s2u1.default\user.js ... Deleted ! Deleted : user_pref("freecause5835466c49af4cbeb102a8c8b6313749.DNSCatch", false); Deleted : user_pref("freecause5835466c49af4cbeb102a8c8b6313749.FirstLaunchShown", true); Deleted : user_pref("freecause5835466c49af4cbeb102a8c8b6313749.LastDate", 8); Deleted : user_pref("freecause5835466c49af4cbeb102a8c8b6313749.customNewTab", false); Deleted : user_pref("freecause5835466c49af4cbeb102a8c8b6313749.processAddrBar", false); Deleted : user_pref("freecause5835466c49af4cbeb102a8c8b6313749.session", "598EBF29C083363C1BBCC47820EB7E199EA1[...] Deleted : user_pref("freecause5835466c49af4cbeb102a8c8b6313749.tb_lang", "en"); Deleted : user_pref("freecause5835466c49af4cbeb102a8c8b6313749.user_id", "20467347"); Deleted : user_pref("freecause5835466c49af4cbeb102a8c8b6313749.yahooSearch", false); ************************* AdwCleaner[R1].txt - [7640 octets] - [12/10/2012 08:05:07] AdwCleaner[R2].txt - [7700 octets] - [12/10/2012 11:17:32] AdwCleaner[s1].txt - [7579 octets] - [12/10/2012 11:17:56] ########## EOF - C:\AdwCleaner[s1].txt - [7639 octets] ##########
  2. i am a paying customer - but let's continue working together. # AdwCleaner v2.004 - Logfile created 10/12/2012 at 08:05:07 # Updated 06/10/2012 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Carol - WGBEECK-FAMILY2 # Boot Mode : Normal # Running from : C:\Users\Carol\Desktop\adwcleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** File Found : C:\Program Files (x86)\Mozilla FireFox\searchplugins\Search_Results.xml File Found : C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\32bm6x6v.default\searchplugins\Search_Results.xml Folder Found : C:\Program Files (x86)\Free Offers from Freeze.com Folder Found : C:\Program Files (x86)\PriceGong Folder Found : C:\ProgramData\boost_interprocess Folder Found : C:\Users\Carol\AppData\LocalLow\mediabarim Folder Found : C:\Users\Carol\AppData\LocalLow\PriceGong Folder Found : C:\Users\Carol\AppData\Roaming\Mozilla\Firefox\Profiles\a4rfb78l.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0} Folder Found : C:\Users\Carol\AppData\Roaming\Mozilla\Firefox\Profiles\a4rfb78l.default\mediabarim Folder Found : C:\Users\Chelsea\AppData\LocalLow\PriceGong Folder Found : C:\Users\Chelsea\AppData\Roaming\Mozilla\Firefox\Profiles\ncm0s2u1.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0} Folder Found : C:\Users\Chelsea\AppData\Roaming\Mozilla\Firefox\Profiles\ncm0s2u1.default\FCTB Folder Found : C:\Users\Chelsea\AppData\Roaming\Mozilla\Firefox\Profiles\ncm0s2u1.default\mediabarim Folder Found : C:\Users\Christopher\AppData\LocalLow\mediabarim Folder Found : C:\Users\Christopher\AppData\LocalLow\PriceGong Folder Found : C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\32bm6x6v.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0} Folder Found : C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\32bm6x6v.default\mediabarim Folder Found : C:\Users\William\AppData\LocalLow\mediabarim Folder Found : C:\Users\William\AppData\LocalLow\PriceGong Folder Found : C:\Users\William\AppData\Roaming\Mozilla\Firefox\Profiles\da1njdot.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0} Folder Found : C:\Users\William\AppData\Roaming\Mozilla\Firefox\Profiles\da1njdot.default\mediabarim ***** [Registry] ***** Data Found : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\datamngr.dll C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\IEBHO.dll Key Found : HKCU\Software\AppDataLow\Software\PriceGong Key Found : HKCU\Software\DataMngr Key Found : HKCU\Software\DataMngr_Toolbar Key Found : HKCU\Software\Headlight Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1631550F-191D-4826-B069-D9439253D926} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{28387537-E3F9-4ED7-860C-11E69AF4A8A0} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1631550F-191D-4826-B069-D9439253D926} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28387537-E3F9-4ED7-860C-11E69AF4A8A0} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21} Key Found : HKLM\SOFTWARE\Classes\AppID\{835315FC-1BF6-4CA9-80CD-F6C158D40692} Key Found : HKLM\SOFTWARE\Classes\AppID\PriceGongIE.DLL Key Found : HKLM\SOFTWARE\Classes\PriceFactorIE.PriceGongBHO Key Found : HKLM\SOFTWARE\Classes\PriceFactorIE.PriceGongBHO.1 Key Found : HKLM\SOFTWARE\Classes\PriceGongIE.PriceGongCtrl Key Found : HKLM\SOFTWARE\Classes\PriceGongIE.PriceGongCtrl.1 Key Found : HKLM\SOFTWARE\Classes\TypeLib\{8B3372D0-09F0-41A5-8D9B-134E148672FB} Key Found : HKLM\Software\DataMngr Key Found : HKLM\Software\Freeze.com Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1631550F-191D-4826-B069-D9439253D926} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{28387537-E3F9-4ED7-860C-11E69AF4A8A0} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D2A2595C-4FE4-4315-AA9B-19DBD6271B71} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28387537-E3F9-4ED7-860C-11E69AF4A8A0} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{28387537-E3F9-4ED7-860C-11E69AF4A8A0} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PriceGong Key Found : HKLM\SOFTWARE\DataMngr Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21} Key Found : HKU\S-1-5-21-1243048483-1266450303-411617422-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Key Found : HKU\S-1-5-21-1243048483-1266450303-411617422-1001\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21} Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr] Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{28387537-E3F9-4ED7-860C-11E69AF4A8A0}] ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.7601.17514 [OK] Registry is clean. -\\ Mozilla Firefox v16.0 (en-US) Profile name : default File : C:\Users\William\AppData\Roaming\Mozilla\Firefox\Profiles\da1njdot.default\prefs.js Found : user_pref("keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&appid=895&systemid=2&sr=0&q="); Profile name : default File : C:\Users\Carol\AppData\Roaming\Mozilla\Firefox\Profiles\a4rfb78l.default\prefs.js Found : user_pref("browser.search.selectedEngine", "Search Results"); Profile name : default File : C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\32bm6x6v.default\prefs.js Found : user_pref("browser.search.defaultenginename", "Search Results"); Found : user_pref("browser.search.order.1", "Search Results"); Found : user_pref("keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&appid=895&systemid=2&sr=0&q="); Profile name : default File : C:\Users\Chelsea\AppData\Roaming\Mozilla\Firefox\Profiles\ncm0s2u1.default\prefs.js Found : user_pref("freecause5835466c49af4cbeb102a8c8b6313749.DNSCatch", false); Found : user_pref("freecause5835466c49af4cbeb102a8c8b6313749.FirstLaunchShown", true); Found : user_pref("freecause5835466c49af4cbeb102a8c8b6313749.LastDate", 8); Found : user_pref("freecause5835466c49af4cbeb102a8c8b6313749.customNewTab", false); Found : user_pref("freecause5835466c49af4cbeb102a8c8b6313749.processAddrBar", false); Found : user_pref("freecause5835466c49af4cbeb102a8c8b6313749.session", "598EBF29C083363C1BBCC47820EB7E199EA1[...] Found : user_pref("freecause5835466c49af4cbeb102a8c8b6313749.tb_lang", "en"); Found : user_pref("freecause5835466c49af4cbeb102a8c8b6313749.user_id", "20467347"); Found : user_pref("freecause5835466c49af4cbeb102a8c8b6313749.yahooSearch", false); ************************* AdwCleaner[R1].txt - [7521 octets] - [12/10/2012 08:05:07] ########## EOF - C:\AdwCleaner[R1].txt - [7581 octets] ##########
  3. I've been trying to remove Bearshare and it seems there are pieces still hanging around. IE seems OK (I can set homepage) but Firefox won't take the update to a new homepage. If you notice anything else that should be cleaned up please let me know. My kids and my wife tend to click on links without regard to the consequences. Thanks in advance for your time. DDS.txt Attach.txt
  4. I noticed these messages in the protection log. I've attached both the protection log and the mbam log. A concern that I have is I don't recall being on the system at these times. 00:30:02 (null) DETECTION C:\PROGRAM FILES (X86)\HOWTO-OUTLOOK\OUTLOOKTOOLS 2\OUTLOOKTOOLS.EXE Trojan.MSIL.SD DENY 00:30:07 (null) DETECTION C:\Program Files (x86)\HowTo-Outlook\OutlookTools 2\OutlookTools.exe Trojan.MSIL.SD DENY 02:00:02 (null) ERROR Scheduled update failed: WinHttpSendRequest failed with error code 12007 02:15:00 (null) MESSAGE Scheduled scan executed successfully 02:53:39 (null) DETECTION C:\PROGRAM FILES (X86)\HOWTO-OUTLOOK\OUTLOOKTOOLS 2\OUTLOOKTOOLS.EXE Trojan.MSIL.SD DENY 02:53:46 (null) DETECTION C:\Program Files (x86)\HowTo-Outlook\OutlookTools 2\OutlookTools.exe Trojan.MSIL.SD DENY 07:06:58 Carol MESSAGE Protection started successfully 07:07:02 Carol MESSAGE IP Protection started successfully 18:04:46 William MESSAGE Protection started successfully 18:04:49 William MESSAGE IP Protection started successfully 18:35:29 William MESSAGE Protection started successfully 18:35:33 William MESSAGE IP Protection started successfully 19:01:43 Carol MESSAGE Protection started successfully 19:01:47 Carol MESSAGE IP Protection started successfully 19:16:11 Carol MESSAGE Protection started successfully 19:16:15 Carol MESSAGE IP Protection started successfully protection-log-2011-04-20.txt mbam-log-2011-04-20 (02-26-28).txt
  5. I've been running malwarebyte's for a few months now, and I ran into this problem this morning when upgrading from 1.30 to the 1.31 release and I saw the errors when the machine rebooted (XP SP3). I tried the 1st post in topic 7377 (http://www.malwarebytes.org/forums/index.php?showtopic=7377) but that didn't fix the error. I then uninstalled malwarebytes, rebooted, installed malwarebytes, rebooted - and I recieved no error messages.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.