Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan\VBSOD.A virus found using Panda Cloud Antivirus free 2.3.0


  • Please log in to reply
9 replies to this topic

#1 Sauly25

Sauly25

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:09:32 PM

Posted 19 November 2013 - 04:31 AM

If anyone can help me i have windows 7 ultimate HP 64bit Pavilion dv7 I have recently changed antivirus program from Microsoft security Essential to Panda Cloud Antivirus free 2.3.0 and on the scan it picked up a trogan virus found in c:\System Volume Information I have 3 files in this folder of the same name two sizes the same one smaller i am not sure which one to manually delete? should i try a different program to remove it? 

Attached Files


Edited by hamluis, 19 November 2013 - 10:54 AM.
Moved from Win 7 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 Kilroy

Kilroy

  • BC Advisor
  • 3,324 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Launderdale, MN
  • Local time:06:32 AM

Posted 19 November 2013 - 01:58 PM

I'd recommend doing a scan with an online scanner, or two, to eliminate the possibility of a false positive.

 

Here are a couple to choose from:

 

Bitdefender - http://www.bitdefender.com/scanner/online/free.html

 

ESET - http://www.eset.com/us/online-scanner/

 

 



#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,137 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:32 AM

Posted 19 November 2013 - 07:06 PM

The detected _restore{GUID}\RP***\A00*****.xxx file(s) identified by your scan are in the System Volume Information Folder (SVI) which is a part of System Restore. The *** after 'RP' represents a sequential number automatically assigned by the operating system. The ***** after 'A00' also represents a sequential number where the original file(s) were backed up and renamed except for its extension. To learn more about this, refer to:System Restore is the feature that protects your computer by monitoring a core set of system and application files and by creating backups (snapshots saved as restore points) of vital system configurations, registry and files before changes are made. These restore points can be used to "roll back" your computer to a clean working state in the event of a problem. This makes it possible to undo harmful changes to your system configurations including registry modifications made by software or malware by reverting the operating systems configuration to an earlier date. See What's Restored when using System Restore and What's Not.

The SVI folder is protected by permissions that only allow the system to have access and is hidden by default on the root of every drive, partition or volume including most external drives, and some USB flash drives. For more detailed information, read System Restore Overview and How it works and How antivirus software and System Restore work together.

System Restore is enabled by default and will back up the good as well as malevolent files, so when malware is present on the system it gets included in restore points as an A00***** file. If you only get a detection on a file in the SVI folder, that means the original file was on your system in another location at some point and probably has been removed. However, when you scan your system with anti-virus or anti-malware tools, you may receive an alert that a malicious file was detected in the SVI folder (in System Restore points) but the anti-virus software was unable to remove it. Since the SVI folder is a protected directory, most anti-virus and scanning tools cannot access it to disinfect or delete these files. If not removed, they sometimes can reinfect your system if you accidentally use an old restore point.

If your anti-virus or anti-malware tool cannot move the file(s) to quarantine (or they keep returning as detections), they sometimes can reinfect your system if you accidentally use an old restore point. In order to avoid reinfection and remove these file(s) if your security tools cannot properly remove them, the easiest thing to do after disinfection is Create a New Restore Point to enable your computer to "roll-back" to a clean working state and use Disk Cleanup to remove all but the most recent restore point.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 Sauly25

Sauly25
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:09:32 PM

Posted 21 November 2013 - 01:01 AM

Thanks for the help guys for all your help I now know a bit more than before as of your help. Interestingly these are the steps i took after your information:
step one: i downloaded eset (online scanner i have used it before just not recently till now) scanner i than disabled panda cloud antivirus as i think it could play havic when i start using the online scanner (eset) than updated the eset, than ran a scan. It showed up two infections but i could not save a log file of the results. it was able to delete / quarantine the infected files.
Note: before and during these steps I had gone to control panel, folder options than made sure all hidden items were shown including system files.
 
Step 2: I enabled the panda could antivirus to see if it picked up anything and sure enough it still found that virus in the system volume information.
            So I thought i would download Malwarebytes anti - malware. then disable panda cloud antivirus and updated Malwarebytes anti - malware and ran a few scans I will attach those logs for you to have a look at and you will see that there were some nasty malware or adware. so after a few restarts and scans i eventually cleaned the laptop. 
 
Step 3: I disabled panda cloud antivirus and than i ran the latest version of adwcleaner from bleeping computers downloads section and it came up with no adware or any thing meaning the laptop was cleaned.
 
Step 4: enabled panda cloud antivirus and ran a full scan and it came back with no threats detected. so all is good I think.

 

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.11.20.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16428
LDSAUL :: LDSAUL-HP2011 [administrator]

20/11/2013 12:17:56 PM
mbam-log-2013-11-20 (12-17-56).txt

Scan type: Full scan (C:\|D:\|E:\|G:\|Q:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 487406
Time elapsed: 9 hour(s), 10 minute(s), 31 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKLM\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Data: {205BDDED-899D-4ED6-AECA-C41EE55F8193} -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 20
C:\AdwCleaner\Quarantine\C\Users\LDSAUL\AppData\Local\SwvUpdater\Updater.exe.vir (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\CnCGenerals\#leeme#\Keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
C:\ProgramData\YouTube Downloader\ytd_installer.exe (PUP.Optional.Spigot.A) -> Quarantined and deleted successfully.
C:\ProgramData\YTD Video Downloader\ytd_installer.exe (PUP.Optional.Spigot.A) -> Quarantined and deleted successfully.
C:\Users\LDSAUL\AppData\Local\Temp\air406A.exe (PUP.Optional.AirInstaller) -> Quarantined and deleted successfully.
C:\Users\LDSAUL\AppData\Local\Temp\InstallMonetizer.exe (PUP.Optional.InstallMonetizer.A) -> Quarantined and deleted successfully.
C:\Users\LDSAUL\AppData\Local\Temp\instloffer.exe (PUP.Optional.VIT.A) -> Quarantined and deleted successfully.
C:\Users\LDSAUL\AppData\Local\Temp\K7vIAW+j.exe.part (PUP.Optional.Somoto) -> Quarantined and deleted successfully.
C:\Users\LDSAUL\AppData\Local\Temp\setup.exe (PUP.Optional.AirInstaller) -> Quarantined and deleted successfully.
C:\Users\LDSAUL\AppData\Local\Temp\toolbar45235516.exe (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Users\LDSAUL\AppData\Local\Temp\toolbar45246982.exe (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Users\LDSAUL\AppData\Local\Temp\TvKRq1Dn.exe.part (PUP.Optional.Somoto) -> Quarantined and deleted successfully.
C:\Users\LDSAUL\AppData\Local\Temp\uninstall45653692.exe (PUP.Optional.ExpressFiles.A) -> Quarantined and deleted successfully.
C:\Users\LDSAUL\AppData\Local\Temp\is1412836710\dp.exe (PUP.Optional.DealPly.A) -> Quarantined and deleted successfully.
C:\Users\LDSAUL\Downloads\587__The_Great_Train_Robbery_(2004)_downloader_au_99260.exe (PUP.Optional.ExpressFiles.A) -> Quarantined and deleted successfully.
C:\Users\LDSAUL\Downloads\installer_winrar_English.exe (PUP.Optional.VIT) -> Quarantined and deleted successfully.
C:\Users\LDSAUL\Downloads\setup.exe (PUP.Optional.AirInstaller) -> Quarantined and deleted successfully.
C:\Users\LDSAUL\Videos\Windows Loader 2.1.7 By Daz.rar (PUP.HackTool.H) -> Quarantined and deleted successfully.
C:\Windows\Installer\1092143.msi (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\Windows\Installer\1092155.msi (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.

(end)
 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.11.20.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16428
LDSAUL :: LDSAUL-HP2011 [administrator]

20/11/2013 12:17:56 PM
MBAM-log-2013-11-20 (21-46-36).txt

Scan type: Full scan (C:\|D:\|E:\|G:\|Q:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 487406
Time elapsed: 9 hour(s), 10 minute(s), 31 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> No action taken.

Registry Values Detected: 1
HKLM\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Data: {205BDDED-899D-4ED6-AECA-C41EE55F8193} -> No action taken.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 20
C:\AdwCleaner\Quarantine\C\Users\LDSAUL\AppData\Local\SwvUpdater\Updater.exe.vir (PUP.Optional.Amonetize.A) -> No action taken.
C:\Program Files (x86)\CnCGenerals\#leeme#\Keygen.exe (RiskWare.Tool.CK) -> No action taken.
C:\ProgramData\YouTube Downloader\ytd_installer.exe (PUP.Optional.Spigot.A) -> No action taken.
C:\ProgramData\YTD Video Downloader\ytd_installer.exe (PUP.Optional.Spigot.A) -> No action taken.
C:\Users\LDSAUL\AppData\Local\Temp\air406A.exe (PUP.Optional.AirInstaller) -> No action taken.
C:\Users\LDSAUL\AppData\Local\Temp\InstallMonetizer.exe (PUP.Optional.InstallMonetizer.A) -> No action taken.
C:\Users\LDSAUL\AppData\Local\Temp\instloffer.exe (PUP.Optional.VIT.A) -> No action taken.
C:\Users\LDSAUL\AppData\Local\Temp\K7vIAW+j.exe.part (PUP.Optional.Somoto) -> No action taken.
C:\Users\LDSAUL\AppData\Local\Temp\setup.exe (PUP.Optional.AirInstaller) -> No action taken.
C:\Users\LDSAUL\AppData\Local\Temp\toolbar45235516.exe (PUP.Optional.Babylon.A) -> No action taken.
C:\Users\LDSAUL\AppData\Local\Temp\toolbar45246982.exe (PUP.Optional.Wajam.A) -> No action taken.
C:\Users\LDSAUL\AppData\Local\Temp\TvKRq1Dn.exe.part (PUP.Optional.Somoto) -> No action taken.
C:\Users\LDSAUL\AppData\Local\Temp\uninstall45653692.exe (PUP.Optional.ExpressFiles.A) -> No action taken.
C:\Users\LDSAUL\AppData\Local\Temp\is1412836710\dp.exe (PUP.Optional.DealPly.A) -> No action taken.
C:\Users\LDSAUL\Downloads\587__The_Great_Train_Robbery_(2004)_downloader_au_99260.exe (PUP.Optional.ExpressFiles.A) -> No action taken.
C:\Users\LDSAUL\Downloads\installer_winrar_English.exe (PUP.Optional.VIT) -> No action taken.
C:\Users\LDSAUL\Downloads\setup.exe (PUP.Optional.AirInstaller) -> No action taken.
C:\Users\LDSAUL\Videos\Windows Loader 2.1.7 By Daz.rar (PUP.HackTool.H) -> No action taken.
C:\Windows\Installer\1092143.msi (PUP.Optional.SweetIM) -> No action taken.
C:\Windows\Installer\1092155.msi (PUP.Optional.SweetIM) -> No action taken.

(end)
 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.11.20.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16428
LDSAUL :: LDSAUL-HP2011 [administrator]

20/11/2013 9:56:18 PM
mbam-log-2013-11-20 (21-56-18).txt

Scan type: Full scan (C:\|D:\|E:\|G:\|Q:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 487586
Time elapsed: 1 hour(s), 27 minute(s), 22 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Program Files (x86)\FLVPlayer\FLVPlayer.exe (PUP.Optional.InstallCore) -> Quarantined and deleted successfully.

(end)
 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.11.20.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16428
LDSAUL :: LDSAUL-HP2011 [administrator]

21/11/2013 12:03:29 AM
mbam-log-2013-11-21 (00-03-29).txt

Scan type: Full scan (C:\|D:\|E:\|G:\|Q:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 487535
Time elapsed: 1 hour(s), 43 minute(s), 56 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 



#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,137 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:32 AM

Posted 21 November 2013 - 08:51 AM

What Malwarebytes found was mostly PUPs (potentially unwanted programs). You can read more about them and how they were installed in this topic: About those Toolbars and Add-ons which change your browser settings - Removal Tips

You should continue as follows:

Please download and use the following tools (in the order listed) which will search for and remove many potentially unwanted programs (PUPs), adware, toolbars, browser hijackers, extensions, add-ons and other junkware as well as related registry entries (values, keys) and remnants.

RKill by Grinler.
AdwCleaner by Xplode.
Junkware Removal Tool by thisisu.

1. Double-click on RKill to launch the tool. A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

Important: Do not reboot your computer until you complete the next step.

2. Double-click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on each one and uncheck any items you want to keep (except you cannot uncheck Chrome and Firefox preferences lines).


Close all open programs and shut down any protection/security software to avoid potential conflicts....

3. Double-click on JRT.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log file named JRT.txt will automatically open and be saved to your Desktop.
  • Copy and paste the contents of JRT.txt in your next reply.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 Sauly25

Sauly25
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:09:32 PM

Posted 23 November 2013 - 05:30 AM

Hello did you want me to post rkill log file as well?

 here is adwcleaner log

 

# AdwCleaner v3.012 - Report created 23/11/2013 at 20:57:58
# Updated 11/11/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : LDSAUL - LDSAUL-HP2011
# Running from : C:\Users\LDSAUL\Downloads\AdwCleaner(2).exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v25.0.1 (en-US)

[ File : C:\Users\LDSAUL\AppData\Roaming\Mozilla\Firefox\Profiles\q3s2vfei.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [2225 octets] - [24/08/2013 00:11:58]
AdwCleaner[R1].txt - [905 octets] - [29/08/2013 13:51:51]
AdwCleaner[R2].txt - [3794 octets] - [14/09/2013 15:39:14]
AdwCleaner[R3].txt - [1233 octets] - [14/09/2013 18:31:55]
AdwCleaner[R4].txt - [1202 octets] - [23/09/2013 17:43:16]
AdwCleaner[R5].txt - [1262 octets] - [23/09/2013 17:45:05]
AdwCleaner[R6].txt - [3266 octets] - [17/11/2013 23:49:34]
AdwCleaner[R7].txt - [1447 octets] - [21/11/2013 07:31:07]
AdwCleaner[R8].txt - [1507 octets] - [23/11/2013 20:57:17]
AdwCleaner[S0].txt - [2314 octets] - [24/08/2013 00:13:52]
AdwCleaner[S1].txt - [3884 octets] - [14/09/2013 15:40:23]
AdwCleaner[S2].txt - [1301 octets] - [14/09/2013 18:32:31]
AdwCleaner[S3].txt - [3335 octets] - [17/11/2013 23:50:51]
AdwCleaner[S4].txt - [1428 octets] - [23/11/2013 20:57:58]

########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [1488 octets] ##########

going to run jrt now



#7 Sauly25

Sauly25
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:09:32 PM

Posted 23 November 2013 - 05:48 AM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by LDSAUL on Sat 23/11/2013 at 21:27:12.13
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.dynamicbarbutton
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.dynamicbarbutton.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.feedmanager
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.feedmanager.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.htmlmenu
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.htmlmenu.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.htmlpanel
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.htmlpanel.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.multiplebutton
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.multiplebutton.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.pseudotransparentplugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.pseudotransparentplugin.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.radio
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.radio.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.radiosettings
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.radiosettings.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.scriptbutton
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.scriptbutton.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.settingsplugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.settingsplugin.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.skinlauncher
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.skinlauncher.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.skinlaunchersettings
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.skinlaunchersettings.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.thirdpartyinstaller
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.thirdpartyinstaller.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.urlalertbutton
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.urlalertbutton.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.xmlsessionplugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.xmlsessionplugin.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1241CEBD-9777-4BC6-AAE5-2A77E25DB246}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{173A5778-34BF-48A2-8A5E-6963CE922FED}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1796EC91-D094-4A5F-B681-E16015D1CEAC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{37ED966D-4D0E-4D66-9633-BEA542C92860}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3ED5E5EC-0965-4DD3-B7D8-DBC48A1172B9}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4B7D0B0C-CFF3-49C5-9BC3-FFABC031C822}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4F28FA5F-7D15-4753-B4FC-D548A0F02BFB}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{5E1BDCF6-DD5F-4DD3-8783-B1454AEF1830}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{7D4DFAF7-F2CE-4C91-91A4-514C9612914D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{9B58A6CE-B337-43D5-9C2F-8C6D92FBA094}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A083C35D-61A9-4625-BBB6-FB54E71B8527}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A35FF019-6DBE-4044-B080-6F3FA78A947F}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{B70E008C-967B-4104-BC7B-6F7C77DBC38D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{C4A25B73-8EF5-4282-9D21-C8920DD577A1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{CAE88E60-CEA5-4FCB-B611-54EA6305D8AB}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{DB1384D8-1BDA-4C8D-A743-E9CA671FEB00}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E045DF14-BF1D-405C-A37B-A75C1551AD17}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{F3477E9D-D2F6-49F0-9B23-854D7958D07E}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3463772007-78525877-3270104758-1000\Software\sweetim



~~~ Files

Successfully deleted: [File] C:\Windows\syswow64\shoCC04.tmp



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\ytd video downloader"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader"
Successfully deleted: [Empty Folder] C:\Users\LDSAUL\appdata\local\{004D77A1-4968-408A-8BBD-CD61EF81210A}
Successfully deleted: [Empty Folder] C:\Users\LDSAUL\appdata\local\{017C76D3-FE7E-4E83-B760-8811DE4086DC}
Successfully deleted: [Empty Folder] C:\Users\LDSAUL\appdata\local\{033D6372-C41B-469A-AD81-7B3DDF479784}
Successfully deleted: [Empty Folder] C:\Users\LDSAUL\appdata\local\{045E1E44-DFF4-4D0C-AA6D-FB2EC1D54796}
Successfully deleted: [Empty Folder] C:\Users\LDSAUL\appdata\local\{15597522-7D53-4668-B1A6-FB966F86D085}
Successfully deleted: [Empty Folder] C:\Users\LDSAUL\appdata\local\{1F78C72B-9C2D-4B87-982F-3FF530BC18BA}
Successfully deleted: [Empty Folder] C:\Users\LDSAUL\appdata\local\{2047534D-0251-4899-8B3F-8E3CEB65B8F0}
Successfully deleted: [Empty Folder] C:\Users\LDSAUL\appdata\local\{24F2FA33-D467-4CF4-A6FF-CDC522CFD2AF}
Successfully deleted: [Empty Folder] C:\Users\LDSAUL\appdata\local\{2CD43909-48E6-4A71-BF55-7AAA55D73695}
Successfully deleted: [Empty Folder] C:\Users\LDSAUL\appdata\local\{382F0946-40D0-40A4-84BE-AAE7B8D8F701}
Successfully deleted: [Empty Folder] C:\Users\LDSAUL\appdata\local\{3A0D0C53-1506-4D46-9EF5-67E2606D7636}
Successfully deleted: [Empty Folder] C:\Users\LDSAUL\appdata\local\{3B30432C-C04D-4083-A833-8AAD7A6EDF6C}
Successfully deleted: [Empty Folder] C:\Users\LDSAUL\appdata\local\{3D48301A-1988-424C-9646-D3E87B303A2E}
Successfully deleted: [Empty Folder] C:\Users\LDSAUL\appdata\local\{3D7F144A-A66E-4C21-8FDB-960FD184AFBA}
Successfully deleted: [Empty Folder] C:\Users\LDSAUL\appdata\local\{46DFAE45-6FD1-4A0C-97BA-7E0766FF9331}
Successfully deleted: [Empty Folder] C:\Users\LDSAUL\appdata\local\{48B5B557-81B0-4947-A271-0D136604A4A6}
Successfully deleted: [Empty Folder] C:\Users\LDSAUL\appdata\local\{491DE210-2261-4237-99A8-D6211B1CCD3A}
Successfully deleted: [Empty Folder] C:\Users\LDSAUL\appdata\local\{4E7ACA9F-0F8C-4E79-AC1D-4DF52F9EB474}
Successfully deleted: [Empty Folder] C:\Users\LDSAUL\appdata\local\{52D326A4-101A-4F59-911D-FB429BF320DF}
Successfully deleted: [Empty Folder] C:\Users\LDSAUL\appdata\local\{54E41B86-A322-4F7C-8B78-ADD26530F7FE}
Successfully deleted: [Empty Folder] C:\Users\LDSAUL\appdata\local\{58BEFCEC-5CEF-4DD2-8587-281795B1AD1E}
Successfully deleted: [Empty Folder] C:\Users\LDSAUL\appdata\local\{5963F474-4103-48C1-8EC7-41B4FBD546A4}
Successfully deleted: [Empty Folder] C:\Users\LDSAUL\appdata\local\{60842F00-0433-4A4F-B40A-524E00268A8C}
Successfully deleted: [Empty Folder] C:\Users\LDSAUL\appdata\local\{62A34F52-81F4-4F7E-8053-7311A89DE1F3}
Successfully deleted: [Empty Folder] C:\Users\LDSAUL\appdata\local\{62F0E2D9-E0DA-4B5F-BE01-74284A598FCC}
Successfully deleted: [Empty Folder] C:\Users\LDSAUL\appdata\local\{64C1087C-4C7A-4012-8A4E-E543A542E876}
Successfully deleted: [Empty Folder] C:\Users\LDSAUL\appdata\local\{6DFDC2B3-FDCF-4D08-BA4A-6A13015C428A}
Successfully deleted: [Empty Folder] C:\Users\LDSAUL\appdata\local\{6F75F7A7-7588-49F6-982C-760C629A1B3B}
Successfully deleted: [Empty Folder] C:\Users\LDSAUL\appdata\local\{718A0B34-B51B-4DE9-9834-7FB62B2FCE4A}
Successfully deleted: [Empty Folder] C:\Users\LDSAUL\appdata\local\{74A16CCC-3356-4128-835C-BA087D992900}
Successfully deleted: [Empty Folder] C:\Users\LDSAUL\appdata\local\{7726E521-A1C0-4FA5-A587-35927CF225B7}
Successfully deleted: [Empty Folder] C:\Users\LDSAUL\appdata\local\{7B0F859F-3361-4AD1-8654-46539896EBF5}
Successfully deleted: [Empty Folder] C:\Users\LDSAUL\appdata\local\{82201B59-1DED-4AD9-A78F-ABC8BB0400B8}
Successfully deleted: [Empty Folder] C:\Users\LDSAUL\appdata\local\{8242B30C-6598-45AD-904C-21E0DC8EEAC1}
Successfully deleted: [Empty Folder] C:\Users\LDSAUL\appdata\local\{876F6F01-DC5F-463D-9F96-3C6DD2EF8C6E}
Successfully deleted: [Empty Folder] C:\Users\LDSAUL\appdata\local\{893719E6-AD7B-447C-B593-F12B73DD147A}
Successfully deleted: [Empty Folder] C:\Users\LDSAUL\appdata\local\{8E169A65-895A-4214-B2A1-774B765BF766}
Successfully deleted: [Empty Folder] C:\Users\LDSAUL\appdata\local\{8E6442D3-7976-4568-80BA-6E3EC89A52A6}
Successfully deleted: [Empty Folder] C:\Users\LDSAUL\appdata\local\{8F5C04B4-84C9-4A93-9282-881FA40ECB98}
Successfully deleted: [Empty Folder] C:\Users\LDSAUL\appdata\local\{8FA5F2A6-D6D8-4C11-92C5-12CB3C60914E}
Successfully deleted: [Empty Folder] C:\Users\LDSAUL\appdata\local\{9167B3FB-75A3-4436-9311-BB3709BBAA53}
Successfully deleted: [Empty Folder] C:\Users\LDSAUL\appdata\local\{9C73D550-7A75-4B95-BFE2-A7EB5DB15986}
Successfully deleted: [Empty Folder] C:\Users\LDSAUL\appdata\local\{A4FBD1B6-67BE-4E52-B54D-454CC1698C2C}
Successfully deleted: [Empty Folder] C:\Users\LDSAUL\appdata\local\{A5E65041-5C9E-4FED-9780-AE5E3239001A}
Successfully deleted: [Empty Folder] C:\Users\LDSAUL\appdata\local\{A7CE2089-3FB8-403E-8146-9DF30C1ECC80}
Successfully deleted: [Empty Folder] C:\Users\LDSAUL\appdata\local\{A9714268-6079-4A49-A84D-D8F5D9091327}
Successfully deleted: [Empty Folder] C:\Users\LDSAUL\appdata\local\{AB0612E6-C40E-4A3A-8FAC-6572121B18CC}
Successfully deleted: [Empty Folder] C:\Users\LDSAUL\appdata\local\{B166BE3B-2820-4BBB-98DB-3185B69E5E05}
Successfully deleted: [Empty Folder] C:\Users\LDSAUL\appdata\local\{B97C9117-8865-49E1-BE47-A5E5E507A4AF}
Successfully deleted: [Empty Folder] C:\Users\LDSAUL\appdata\local\{BFB8FC57-5EC8-40B4-A1A5-08DC36A796B6}
Successfully deleted: [Empty Folder] C:\Users\LDSAUL\appdata\local\{C80F2FD0-78DD-43AC-835E-7C5EAB925B43}
Successfully deleted: [Empty Folder] C:\Users\LDSAUL\appdata\local\{D457BD2D-DDCD-424F-8FC4-7CC9E96B3819}
Successfully deleted: [Empty Folder] C:\Users\LDSAUL\appdata\local\{DED74806-18ED-4A4C-9859-8F6BC085D64E}
Successfully deleted: [Empty Folder] C:\Users\LDSAUL\appdata\local\{E5FE7844-E1CC-45B2-9736-50ABC5BA9133}
Successfully deleted: [Empty Folder] C:\Users\LDSAUL\appdata\local\{EC9F261A-DD00-4A18-9602-46F67D34F581}
Successfully deleted: [Empty Folder] C:\Users\LDSAUL\appdata\local\{F0C8C507-DAD0-400A-BCAE-A9AF9CCFB0E5}
Successfully deleted: [Empty Folder] C:\Users\LDSAUL\appdata\local\{F0EABF20-16D8-4B73-B4A6-0EE7112AB6F9}
Successfully deleted: [Empty Folder] C:\Users\LDSAUL\appdata\local\{F1AB026F-3BF8-47F3-AE6E-1D532854A839}
Successfully deleted: [Empty Folder] C:\Users\LDSAUL\appdata\local\{FE3DD7C2-D0FF-4A5C-9520-B03A2FB3CD57}



~~~ FireFox

Emptied folder: C:\Users\LDSAUL\AppData\Roaming\mozilla\firefox\profiles\q3s2vfei.default\minidumps [61 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 23/11/2013 at 21:38:19.61
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,137 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:32 AM

Posted 23 November 2013 - 07:05 AM

Try doing an online scan to see if it finds anything else that the other scans may have missed.

Please perform a scan with Eset Online Anti-virus Scanner.
If using Mozilla Firefox, you will be prompted to download and use the ESET Smart Installer. Just double-click on esetsmartinstaller_enu.exe to install.
Vista/Windows 7/8 users need to run Internet Explorer/Firefox as Administrator.
To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run As Administrator from the context menu.

  • Click the green esetOnline.png button.
  • Read the End User License Agreement and check the box:
  • Check esetAcceptTerms.png.
  • Click the esetStart.png button.
  • Accept any security warnings from your browser and allow the download/installation of any require files.
  • Under scan settings, check esetScanArchives.png and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click the Start button.
  • ESET will install itself, download virus signature database updates, and begin scanning your computer.
  • The scan can take some time to complete...close all programs and do NOT use the computer while the scan is running.
    If given the option (when threats are found), choose "Quarantine" instead of delete.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop as ESETScan.txt.
  • Push the esetBack.png button, then Finish.
  • Copy and paste the contents of ESETScan.txt in your next reply. If no threats are found, there is no option to create a log.


-- Note: If you recognize any of the detections as legitimate programs, it's possible they are "false positives" and you can ignore them or get a second opinion if you're not sure. Eset's detection rate is high and can include legitimate files which it considers suspicious, a Risk Tool, Hacking Tool, Potentially Unwanted Program, a possible threat or even Malware (virus/trojan) when that is not the case. Be careful what you choose to remove. If in doubt, ask before taking action.
 


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 denmangu

denmangu

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:32 PM

Posted 24 November 2013 - 04:37 PM

do you know how to delete it on registry.try deletin it using regedit.exe.type regedit in start menu then click it.try find that word there then delete it.but this is risky



#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,137 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:32 AM

Posted 24 November 2013 - 05:37 PM

do you know how to delete it on registry.try deletin it using regedit.exe.type regedit in start menu then click it.try find that word there then delete it.but this is risky

I have no idea what you are referring to.

How do I get help? Who is helping me?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users