go.wvydeo.com malware

I got it - how do I get rid of it?

Attach your basic diagnostic logs. (MBAM, FRST and aswMBR)
Instructions: https://forum.avast.com/index.php?topic=53253.0

I’ve attached the log file.

that is just one …

The important file(s) are the two diagnostic logs from Farbar Recovery Scan Tool

Here are the logs from FarBar. I will post the next one asap.

I tried the aswmbr scan three times. It stopped working on the same file each time (onedrive). I’ve left it try for about 30 minutes each time, stopped the scan, then restarted = same result.

The good news is the popups have stopped since running the first scan with Malwarebytes. I will repost a new thread if the problem returns.

Thanks for help. MERRY CHRISTMAS

There still are things that need to be fixed.

Let me know if this fixes all problems

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint: HKU\S-1-5-21-724047225-76994205-1713336889-1000\...\Run: [Alccworks] => regsvr32.exe C:\Users\Staff\AppData\Local\Alccworks\Oledyn.dll <===== ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION CHR HKU\S-1-5-21-724047225-76994205-1713336889-1000\SOFTWARE\Policies\Google: Restriction <======= ATTENTION BHO: No Name -> {5BDE3F24-D7B3-40D9-BD31-D1CFF12C47B4} -> No File Toolbar: HKU\S-1-5-21-724047225-76994205-1713336889-1000 -> No Name - {41525333-2D56-3700-76A7-7A786E7484D7} - No File 2015-08-11 07:28 - 2014-10-17 22:46 - 0009216 _____ () C:\Users\Staff\AppData\Local\Z@!-486dc01a-c34c-45da-9925-a5c345aa8739.tmp CustomCLSID: HKU\S-1-5-21-724047225-76994205-1713336889-1000_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-724047225-76994205-1713336889-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-724047225-76994205-1713336889-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-724047225-76994205-1713336889-1000_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-724047225-76994205-1713336889-1000_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-724047225-76994205-1713336889-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-724047225-76994205-1713336889-1000_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-724047225-76994205-1713336889-1000_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-724047225-76994205-1713336889-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Staff\AppData\Local\Google\Update\1.3.21.135\psuser.dll => No File CustomCLSID: HKU\S-1-5-21-724047225-76994205-1713336889-1000_Classes\CLSID\{08244EE6-92F0-47F2-9FC9-929BAA2E7235}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-724047225-76994205-1713336889-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\Staff\AppData\Local\Google\Update\1.3.21.99\psuser.dll => No File CustomCLSID: HKU\S-1-5-21-724047225-76994205-1713336889-1000_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-724047225-76994205-1713336889-1000_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-724047225-76994205-1713336889-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Staff\AppData\Local\Google\Update\1.3.25.5\psuser.dll => No File CustomCLSID: HKU\S-1-5-21-724047225-76994205-1713336889-1000_Classes\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-724047225-76994205-1713336889-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Staff\AppData\Local\Google\Update\1.3.23.9\psuser.dll => No File CustomCLSID: HKU\S-1-5-21-724047225-76994205-1713336889-1000_Classes\CLSID\{4657278A-411B-11D2-839A-00C04FD918D0}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-724047225-76994205-1713336889-1000_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-724047225-76994205-1713336889-1000_Classes\CLSID\{4E77131D-3629-431C-9818-C5679DC83E81}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-724047225-76994205-1713336889-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Staff\AppData\Local\Google\Update\1.3.21.145\psuser.dll => No File CustomCLSID: HKU\S-1-5-21-724047225-76994205-1713336889-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Staff\AppData\Local\Google\Update\1.3.21.123\psuser.dll => No File CustomCLSID: HKU\S-1-5-21-724047225-76994205-1713336889-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Staff\AppData\Local\Google\Update\1.3.21.153\psuser.dll => No File CustomCLSID: HKU\S-1-5-21-724047225-76994205-1713336889-1000_Classes\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-724047225-76994205-1713336889-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Staff\AppData\Local\Google\Update\1.3.24.15\psuser.dll => No File CustomCLSID: HKU\S-1-5-21-724047225-76994205-1713336889-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\Staff\AppData\Local\Google\Update\1.3.21.149\psuser.dll => No File CustomCLSID: HKU\S-1-5-21-724047225-76994205-1713336889-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Staff\AppData\Local\Google\Update\1.3.22.3\psuser.dll => No File CustomCLSID: HKU\S-1-5-21-724047225-76994205-1713336889-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Staff\AppData\Local\Google\Update\1.3.21.165\psuser.dll => No File CustomCLSID: HKU\S-1-5-21-724047225-76994205-1713336889-1000_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-724047225-76994205-1713336889-1000_Classes\CLSID\{B2C192C7-4005-4A8A-8485-BC7932DE3800}\localserver32 -> "C:\Program Files\LogMeIn\Ignition\LMIIgnition.exe" => No File CustomCLSID: HKU\S-1-5-21-724047225-76994205-1713336889-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\Staff\AppData\Local\Google\Update\1.3.21.115\psuser.dll => No File CustomCLSID: HKU\S-1-5-21-724047225-76994205-1713336889-1000_Classes\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-724047225-76994205-1713336889-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Staff\AppData\Local\Google\Update\1.3.22.5\psuser.dll => No File CustomCLSID: HKU\S-1-5-21-724047225-76994205-1713336889-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Staff\AppData\Local\Google\Update\1.3.21.111\psuser.dll => No File CustomCLSID: HKU\S-1-5-21-724047225-76994205-1713336889-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Staff\AppData\Local\Google\Update\1.3.24.7\psuser.dll => No File C:\Users\Staff\AppData\Local\Alccworks Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f RemoveProxy: EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S0].txt as well.

I’ve attached the fixlog.

AdwCleaner v5.026 - Logfile created 28/12/2015 at 15:18:36

Updated 21/12/2015 by Xplode

Database : 2015-12-23.1 [Server]

Operating system : Windows 10 Pro (x86)

Username : Staff - KARL

Running from : C:\Users\Staff\Desktop\AdwCleaner.exe

Option : Cleaning

Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

***** [ Files ] *****

***** [ DLLs ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

[-] [C:\Users\Staff\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : search.mywebsearch.com
[-] [C:\Users\Staff\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : microsoft-outlook-2010.en.softonic.com
[-] [C:\Users\Staff\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\Staff\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com


:: “Tracing” keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1146 bytes] ##########

Please let me know if I need to do anything else. Thanks for your help so far.

Any remaining problems ?