Need help, We Care and others have me captive

gooner72 · June 23, 2014

Hi, was infected with wecare trovi, gorilla price etc. I ran malwarebytes and quarantined and deleted a bunch. Problem is, still see we care and others. I was unable to connect to the internet for a bit, but now seems like I can. So I reconfigured settings to my web search choices, but can't disable we care. I also seem to only be able to navigate to https sites not http. I am not very knowledgeable about things so hopefully you can help. I re-ran the malwarebytes scan so I'm posting the threats log:

Malwarebytes Anti-Malware

www.malwarebytes.org

Scan Date: 6/23/2014

Scan Time: 11:30:49 AM

Logfile:

Administrator: Yes

Version: 2.00.2.1012

Malware Database: v2014.06.23.10

Rootkit Database: v2014.06.20.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled

OS: Windows Vista Service Pack 2

CPU: x64

File System: NTFS

User: Ortega

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 287444

Time Elapsed: 15 min, 28 sec

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

Processes: 0

(No malicious items detected)

Modules: 0

(No malicious items detected)

Registry Keys: 23

PUP.Optional.DefaultTab.A, HKLM\SOFTWARE\CLASSES\APPID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}, , [5393bbc0e19a93a3855505440ef49967],

PUP.Optional.DefaultTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}, , [5393bbc0e19a93a3855505440ef49967],

PUP.Optional.WeCare.A, HKLM\SOFTWARE\CLASSES\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}, , [dd0937445229ad891fd5dba0fd057090],

PUP.Optional.WeCare.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE}, , [dd0937445229ad891fd5dba0fd057090],

PUP.Optional.WeCare.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{F773BB94-6C19-4643-A570-0E429103D1C3}, , [dd0937445229ad891fd5dba0fd057090],

PUP.Optional.WeCare.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{F773BB94-6C19-4643-A570-0E429103D1C3}, , [dd0937445229ad891fd5dba0fd057090],

PUP.Optional.WeCare.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE}, , [dd0937445229ad891fd5dba0fd057090],

PUP.Optional.WeCare.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}, , [dd0937445229ad891fd5dba0fd057090],

PUP.Optional.WeCare.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}, , [dd0937445229ad891fd5dba0fd057090],

PUP.Optional.WeCare.A, HKU\S-1-5-21-4278524220-2020624585-3401851079-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}, , [dd0937445229ad891fd5dba0fd057090],

PUP.Optional.WeCare.A, HKU\S-1-5-21-4278524220-2020624585-3401851079-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}, , [dd0937445229ad891fd5dba0fd057090],

Trojan.Vundo, HKU\S-1-5-21-4278524220-2020624585-3401851079-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{56256A51-B582-467e-B8D4-7786EDA79AE0}, , [8e582457accf68ce37b3c2b3af53d729],

Trojan.Vundo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{56256A51-B582-467E-B8D4-7786EDA79AE0}, , [8e582457accf68ce37b3c2b3af53d729],

PUP.Optional.FunWebProducts.A, HKU\S-1-5-21-4278524220-2020624585-3401851079-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}, , [fbeb5e1ddaa1c76fa05a473652b0cc34],

PUP.Optional.FunWebProducts.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}, , [fbeb5e1ddaa1c76fa05a473652b0cc34],

PUP.Optional.DefaultTab.A, HKU\S-1-5-21-4278524220-2020624585-3401851079-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}, , [6a7cee8d304bc472439891b8d131aa56],

PUP.Optional.InstallBrain.A, HKLM\SOFTWARE\WOW6432NODE\InstallIQ, , [09dd08731f5cf541e991dde8e02258a8],

PUP.Optional.WeCare.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\ippkomaaonokjnfjoikaemidanojkfmm, , [dd095a21c4b7b77f86df635bba48c33d],

PUP.Optional.GorillaPrice, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\gorillaprice, , [a83ecdae8bf07eb8b6db5a71a062fb05],

PUP.Optional.GorillaPrice.A, HKU\S-1-5-21-4278524220-2020624585-3401851079-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\GorillaPrice, , [db0ba1da77049d9929291baadb271ae6],

PUP.Optional.FunWebProducts.A, HKU\S-1-5-21-4278524220-2020624585-3401851079-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Fun Web Products, , [c224c5b65328270fc1f2129d49b9d828],

PUP.Optional.FunWebProducts.A, HKU\S-1-5-21-4278524220-2020624585-3401851079-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\FunWebProducts, , [03e31e5d6e0da09622921c93857d11ef],

PUP.Optional.FreeCauseTB.A, HKU\S-1-5-21-4278524220-2020624585-3401851079-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\FREECAUSE\Toolbars, , [16d07b00bac153e3e6dd9a28f50d07f9],

Registry Values: 2

Hijack.Regedit, HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM|DisableRegedit, 0, , [499dbebdbcbf0135f62c80bc976c6b95]

Hijack.Regedit, HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM|DisableRegedit, 0, , [e600d3a8dba0053134ee93a913f0b947]

Registry Data: 0

(No malicious items detected)

Folders: 0

(No malicious items detected)

Files: 1

PUP.Optional.PCPerformer.A, C:\Windows\System32\roboot64.exe, , [955183f80b70c27453013c89887ac838],

Physical Sectors: 0

(No malicious items detected)

(end)

gringo_pr · July 23, 2014

Hello

I would like to apologize for the delay and ask if you still need help with this?

Gringo

gringo_pr · July 28, 2014

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Sign In

Need help, We Care and others have me captive

Recommended Posts

gooner72

Link to post

Share on other sites

gringo_pr

Link to post

Share on other sites

gringo_pr

Link to post

Share on other sites

Recently Browsing 0 members

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information