Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware Security Suite Antivirus Security Pro HELP!!!!


  • This topic is locked This topic is locked
7 replies to this topic

#1 RamAthorn

RamAthorn

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:12 AM

Posted 15 October 2013 - 11:38 PM

Ok my wife's laptop some how picked up this virus that will not let me intall any programs or get online or delet it.

I ran the frst64 program to start things off here is the log.

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by SYSTEM on MININT-1FMGDB9 on 16-10-2013 00:15:11
Running from I:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-06-02] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2799912 2011-06-09] (Synaptics Incorporated)
HKLM\...\Run: [IntelPAN] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-07-27] (Intel® Corporation)
HKLM\...\Run: [SetDefault] - C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [44880 2011-12-19] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [DLBUCATS] - rundll32 C:\Windows\system32\spool\DRIVERS\x64\3\DLBUtime.dll,RunDLLEntry
HKLM\...\Run: [dlbumon.exe] - C:\Program Files (x86)\Dell Photo AIO Printer 942\dlbumon.exe [431600 2007-02-28] (Lexmark International, Inc.)
HKLM\...\Run: [MemoryCardManager] - C:\Program Files (x86)\Dell Photo AIO Printer 942\memcard.exe [304624 2007-02-28] ()
HKLM\...\Run: [AS2014] - C:\ProgramData\lXiVnns3\lXiVnns3.exe [650864 2013-10-13] ()
HKLM\...\Winlogon: [Userinit] userinit.exe,C:\ProgramData\lXiVnns3\lXiVnns3.exe -sm,
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2011-04-14] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [HPQuickWebProxy] - C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [169528 2011-10-07] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HPOSD] - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP CoolSense] - C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1342008 2011-08-26] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [421736 2012-03-27] (Apple Inc.)
HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [InboxToolbar] - C:\Program Files (x86)\Inbox Toolbar\Inbox.exe [1378784 2013-10-08] (Inbox.com, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKU\DAVIS\...\Run: [TomTomHOME.exe] - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [247728 2012-01-22] (TomTom)
HKU\DAVIS\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20681584 2013-07-25] (Skype Technologies S.A.)
HKU\DAVIS\...\Run: [AS2014] - C:\ProgramData\lXiVnns3\lXiVnns3.exe [650864 2013-10-13] ()
HKU\DAVIS\...\Run: [ctfmhelp] - rundll32 "C:\Windows\system32\javahost.dll",CreateProcessNotify
HKU\DAVIS\...\Run: [chknreg] - rundll32 "C:\Windows\system32\javahost64.dll",CreateProcessNotify
HKU\Guest\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)

==================== Services (Whitelisted) =================

S2 dlbu_device; C:\Windows\system32\dlbucoms.exe [567280 2007-02-28] ( )
S2 FPLService; C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe [260424 2011-08-26] (HP)
S2 HPAuto; C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [682040 2011-02-16] (Hewlett-Packard)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.287\McCHSvc.exe [234776 2012-09-11] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-07-27] ()
S2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe [138232 2012-03-27] (Symantec Corporation)
S2 HP Support Assistant Service; "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe" [x]

==================== Drivers (Whitelisted) ====================

S3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120507.001\BHDrvx64.sys [1160824 2012-04-02] (Symantec Corporation)
S3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120507.001\BHDrvx64.sys [1160824 2012-04-02] (Symantec Corporation)
S3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1307010.005\ccSetx64.sys [167048 2011-11-29] (Symantec Corporation)
S3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [482936 2012-03-17] (Symantec Corporation)
S3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [482936 2012-03-17] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138360 2012-03-17] (Symantec Corporation)
S3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120511.001\IDSvia64.sys [488568 2012-05-01] (Symantec Corporation)
S3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120511.001\IDSvia64.sys [488568 2012-05-01] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120511.021\ENG64.SYS [117880 2012-05-13] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120511.021\ENG64.SYS [117880 2012-05-13] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120511.021\EX64.SYS [2048632 2012-05-13] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120511.021\EX64.SYS [2048632 2012-05-13] (Symantec Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1307010.005\SRTSP64.SYS [737912 2012-03-28] (Symantec Corporation)
S3 SRTSPX; C:\Windows\system32\drivers\NISx64\1307010.005\SRTSPX64.SYS [37496 2012-03-28] (Symantec Corporation)
S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [141384 2010-11-11] (MCCI Corporation)
S3 SymDS; C:\Windows\system32\drivers\NISx64\1307010.005\SYMDS64.SYS [451192 2011-07-25] (Symantec Corporation)
S3 SymEFA; C:\Windows\system32\drivers\NISx64\1307010.005\SYMEFA64.SYS [1092728 2012-03-28] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2012-03-28] (Symantec Corporation)
S3 SymIRON; C:\Windows\system32\drivers\NISx64\1307010.005\Ironx64.SYS [190072 2012-03-28] (Symantec Corporation)
S3 SymNetS; C:\Windows\System32\Drivers\NISx64\1307010.005\SYMNETS.SYS [405624 2012-03-28] (Symantec Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-16 00:14 - 2013-10-16 00:14 - 00000000 ____D C:\FRST
2013-10-15 19:49 - 2013-10-15 19:50 - 00000000 ____D C:\Users\DAVIS\Desktop\CCleaner Professional and Business Edition 3.27.1900 Incl Crack [TorDigger]
2013-10-15 11:41 - 2013-10-15 19:01 - 00000000 ____D C:\Users\DAVIS\Desktop\SpyHunter Security Suite v3.4.9+Crack-HeartBug
2013-10-14 12:36 - 2013-10-15 19:57 - 00001666 _____ C:\Users\DAVIS\Desktop\Antivirus Security Pro.lnk
2013-10-14 12:36 - 2013-10-15 19:57 - 00000118 _____ C:\Users\DAVIS\Desktop\Antivirus Security Pro support.url
2013-10-13 14:09 - 2013-10-13 14:09 - 00074240 _____ C:\Windows\System32\javahost64.dll
2013-10-13 14:09 - 2013-10-13 14:09 - 00065024 _____ C:\Windows\SysWOW64\javahost.dll
2013-10-13 14:00 - 2013-10-13 14:09 - 00000000 ____D C:\ProgramData\lXiVnns3
2013-10-12 17:29 - 2013-10-12 17:29 - 00001084 _____ C:\Users\DAVIS\Desktop\Linksys Smart Wi-Fi.lnk
2013-10-12 17:29 - 2013-10-12 17:29 - 00000226 _____ C:\Users\DAVIS\Desktop\Linksys Smart Wi-Fi.txt
2013-10-12 17:18 - 2013-10-12 17:28 - 00000000 ____D C:\ProgramData\Cisco Systems
2013-10-11 10:39 - 2013-09-22 15:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-11 10:39 - 2013-09-22 15:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-11 10:39 - 2013-09-22 15:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-11 10:39 - 2013-09-22 15:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-11 10:39 - 2013-09-22 15:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-11 10:39 - 2013-09-22 15:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-11 10:39 - 2013-09-22 15:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-11 10:39 - 2013-09-22 15:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-11 10:39 - 2013-09-22 15:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-11 10:39 - 2013-09-22 15:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-10-11 10:39 - 2013-09-22 15:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-10-11 10:39 - 2013-09-22 15:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-11 10:39 - 2013-09-22 15:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-10-11 10:39 - 2013-09-22 14:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-10-11 10:39 - 2013-09-22 14:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-10-11 10:39 - 2013-09-22 14:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-10-11 10:39 - 2013-09-22 14:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-10-11 10:39 - 2013-09-22 14:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-10-11 10:39 - 2013-09-22 14:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-10-11 10:39 - 2013-09-22 14:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-10-11 10:39 - 2013-09-22 14:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-10-11 10:39 - 2013-09-22 14:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-10-11 10:39 - 2013-09-22 14:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-10-11 10:39 - 2013-09-22 14:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-10-11 10:39 - 2013-09-22 14:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-10-11 10:39 - 2013-09-22 14:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-10-11 10:39 - 2013-09-22 14:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-10-11 10:39 - 2013-09-20 19:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-10-11 10:39 - 2013-09-20 19:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-11 10:39 - 2013-09-20 18:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-10-11 10:39 - 2013-09-20 18:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-10-10 11:12 - 2013-10-10 11:12 - 00003148 _____ C:\Windows\System32\Tasks\MirageAgent
2013-10-10 11:11 - 2013-10-10 11:11 - 00001365 _____ C:\Users\Public\Desktop\CyberLink YouCam.lnk
2013-10-10 11:11 - 2013-10-10 11:11 - 00001365 _____ C:\ProgramData\Desktop\CyberLink YouCam.lnk
2013-10-10 11:11 - 2013-10-10 11:11 - 00000000 ____D C:\Users\Public\Documents\YouCam
2013-10-10 11:11 - 2013-10-10 11:11 - 00000000 ____D C:\ProgramData\Documents\YouCam
2013-10-10 11:10 - 2013-10-10 11:11 - 00000000 ____D C:\Program Files (x86)\CyberLink
2013-10-10 10:58 - 2013-09-13 17:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2013-10-10 10:58 - 2013-09-07 18:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-10-10 10:58 - 2013-09-07 18:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\System32\mswsock.dll
2013-10-10 10:58 - 2013-09-07 18:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-10-10 10:58 - 2013-08-28 18:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-10-10 10:58 - 2013-08-28 18:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2013-10-10 10:58 - 2013-08-28 18:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\System32\tdh.dll
2013-10-10 10:58 - 2013-08-28 18:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll
2013-10-10 10:58 - 2013-08-28 18:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\System32\advapi32.dll
2013-10-10 10:58 - 2013-08-28 17:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-10-10 10:58 - 2013-08-28 17:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-10-10 10:58 - 2013-08-28 17:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-10-10 10:58 - 2013-08-28 17:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2013-10-10 10:58 - 2013-08-28 17:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-10-10 10:58 - 2013-08-28 17:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-10-10 10:58 - 2013-08-28 16:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-10-10 10:58 - 2013-08-28 16:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-10-10 10:58 - 2013-08-28 16:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-10-10 10:58 - 2013-08-28 16:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-10-10 10:58 - 2013-08-27 17:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-10-10 10:58 - 2013-07-12 02:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbvideo.sys
2013-10-10 10:58 - 2013-07-12 02:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbcir.sys
2013-10-10 10:58 - 2013-07-04 04:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\System32\WebClnt.dll
2013-10-10 10:58 - 2013-07-04 04:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\System32\comctl32.dll
2013-10-10 10:58 - 2013-07-04 04:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\System32\davclnt.dll
2013-10-10 10:58 - 2013-07-04 03:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-10-10 10:58 - 2013-07-04 03:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-10-10 10:58 - 2013-07-04 03:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-10 10:58 - 2013-07-04 02:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxdav.sys
2013-10-10 10:58 - 2013-07-02 20:40 - 00042496 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbscan.sys
2013-10-10 10:58 - 2013-07-02 20:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidclass.sys
2013-10-10 10:58 - 2013-07-02 20:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidparse.sys
2013-10-10 10:58 - 2013-06-25 14:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys
2013-10-10 10:58 - 2013-06-05 21:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\System32\lpk.dll
2013-10-10 10:58 - 2013-06-05 21:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\System32\fontsub.dll
2013-10-10 10:58 - 2013-06-05 21:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\System32\dciman32.dll
2013-10-10 10:58 - 2013-06-05 21:47 - 00046080 _____ (Adobe Systems) C:\Windows\System32\atmlib.dll
2013-10-10 10:58 - 2013-06-05 20:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-10-10 10:58 - 2013-06-05 20:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-10-10 10:58 - 2013-06-05 20:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-10-10 10:58 - 2013-06-05 19:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2013-10-10 10:58 - 2013-06-05 19:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-10 10:58 - 2013-06-05 19:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-10 10:57 - 2013-08-27 17:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\System32\scavengeui.dll
2013-10-10 10:57 - 2013-08-01 01:19 - 00984512 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-10-10 10:57 - 2013-08-01 01:19 - 00265152 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2013-10-10 10:57 - 2013-07-20 02:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 10:57 - 2013-07-20 02:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-09-27 19:10 - 2013-09-27 19:28 - 00004712 _____ C:\dlbu.log
2013-09-27 19:09 - 2013-09-27 19:09 - 02467304 _____ C:\ProgramData\SPLC04C.tmp
2013-09-27 19:08 - 2013-09-27 19:08 - 00000000 ____D C:\Users\DAVIS\AppData\Roaming\Catalina – Print Savings

==================== One Month Modified Files and Folders =======

2013-10-16 00:14 - 2013-10-16 00:14 - 00000000 ____D C:\FRST
2013-10-15 20:04 - 2009-07-13 21:13 - 00727334 _____ C:\Windows\System32\PerfStringBackup.INI
2013-10-15 20:04 - 2009-07-13 20:45 - 00032064 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-15 20:04 - 2009-07-13 20:45 - 00032064 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-15 19:57 - 2013-10-14 12:36 - 00001666 _____ C:\Users\DAVIS\Desktop\Antivirus Security Pro.lnk
2013-10-15 19:57 - 2013-10-14 12:36 - 00000118 _____ C:\Users\DAVIS\Desktop\Antivirus Security Pro support.url
2013-10-15 19:57 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-15 19:57 - 2009-07-13 20:51 - 00185028 _____ C:\Windows\setupact.log
2013-10-15 19:50 - 2013-10-15 19:49 - 00000000 ____D C:\Users\DAVIS\Desktop\CCleaner Professional and Business Edition 3.27.1900 Incl Crack [TorDigger]
2013-10-15 19:42 - 2012-07-23 18:58 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-15 19:12 - 2012-03-15 20:01 - 00003926 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{FFA09A19-5E4C-40B0-ABCF-6902E34499A5}
2013-10-15 19:01 - 2013-10-15 11:41 - 00000000 ____D C:\Users\DAVIS\Desktop\SpyHunter Security Suite v3.4.9+Crack-HeartBug
2013-10-15 04:57 - 2012-04-19 19:39 - 00000000 ____D C:\Firefox
2013-10-14 17:10 - 2012-02-27 13:09 - 01902443 _____ C:\Windows\WindowsUpdate.log
2013-10-14 12:36 - 2010-11-20 19:47 - 00018004 _____ C:\Windows\PFRO.log
2013-10-13 14:09 - 2013-10-13 14:09 - 00074240 _____ C:\Windows\System32\javahost64.dll
2013-10-13 14:09 - 2013-10-13 14:09 - 00065024 _____ C:\Windows\SysWOW64\javahost.dll
2013-10-13 14:09 - 2013-10-13 14:00 - 00000000 ____D C:\ProgramData\lXiVnns3
2013-10-13 06:50 - 2012-06-14 20:56 - 00000000 ____D C:\Program Files\Dl_cats
2013-10-12 17:29 - 2013-10-12 17:29 - 00001084 _____ C:\Users\DAVIS\Desktop\Linksys Smart Wi-Fi.lnk
2013-10-12 17:29 - 2013-10-12 17:29 - 00000226 _____ C:\Users\DAVIS\Desktop\Linksys Smart Wi-Fi.txt
2013-10-12 17:28 - 2013-10-12 17:18 - 00000000 ____D C:\ProgramData\Cisco Systems
2013-10-12 17:28 - 2012-03-31 09:57 - 00000000 ____D C:\Users\DAVIS\AppData\Roaming\Skype
2013-10-11 10:58 - 2009-07-13 20:45 - 00413312 _____ C:\Windows\System32\FNTCACHE.DAT
2013-10-11 10:57 - 2013-03-13 14:27 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-11 10:57 - 2013-03-13 14:27 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-11 10:40 - 2012-11-07 16:32 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-11 10:33 - 2013-07-21 17:13 - 00000000 ____D C:\Windows\System32\MRT
2013-10-11 10:30 - 2012-05-15 10:59 - 80541720 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-10-10 15:42 - 2013-06-10 15:51 - 00010185 _____ C:\Users\DAVIS\Documents\Work sheet.xlsx
2013-10-10 15:38 - 2012-04-14 15:25 - 00000000 ____D C:\Users\DAVIS\AppData\Local\CrashDumps
2013-10-10 11:46 - 2013-04-20 16:23 - 00000000 ____D C:\Users\DAVIS\Documents\Youcam
2013-10-10 11:40 - 2012-09-09 18:13 - 00000000 ____D C:\Program Files (x86)\Inbox Toolbar
2013-10-10 11:12 - 2013-10-10 11:12 - 00003148 _____ C:\Windows\System32\Tasks\MirageAgent
2013-10-10 11:11 - 2013-10-10 11:11 - 00001365 _____ C:\Users\Public\Desktop\CyberLink YouCam.lnk
2013-10-10 11:11 - 2013-10-10 11:11 - 00001365 _____ C:\ProgramData\Desktop\CyberLink YouCam.lnk
2013-10-10 11:11 - 2013-10-10 11:11 - 00000000 ____D C:\Users\Public\Documents\YouCam
2013-10-10 11:11 - 2013-10-10 11:11 - 00000000 ____D C:\ProgramData\Documents\YouCam
2013-10-10 11:11 - 2013-10-10 11:10 - 00000000 ____D C:\Program Files (x86)\CyberLink
2013-10-09 14:24 - 2011-11-09 20:51 - 00000000 ____D C:\ProgramData\Skype
2013-10-09 12:25 - 2012-05-24 20:23 - 00000000 ____D C:\Users\DAVIS\AppData\Roaming\SoftGrid Client
2013-10-08 13:55 - 2012-07-23 18:58 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-08 13:55 - 2012-07-23 18:58 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-08 13:55 - 2011-11-09 20:41 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-29 11:17 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2013-09-27 19:28 - 2013-09-27 19:10 - 00004712 _____ C:\dlbu.log
2013-09-27 19:09 - 2013-09-27 19:09 - 02467304 _____ C:\ProgramData\SPLC04C.tmp
2013-09-27 19:08 - 2013-09-27 19:08 - 00000000 ____D C:\Users\DAVIS\AppData\Roaming\Catalina – Print Savings
2013-09-27 17:37 - 2012-03-15 20:01 - 00003186 _____ C:\Windows\System32\Tasks\HPCeeScheduleForDAVIS
2013-09-27 17:37 - 2012-03-15 20:01 - 00000332 _____ C:\Windows\Tasks\HPCeeScheduleForDAVIS.job
2013-09-24 15:00 - 2013-08-22 10:31 - 00383986 _____ C:\Users\DAVIS\Documents\Weather.pptx
2013-09-23 17:00 - 2012-12-05 15:07 - 00003218 _____ C:\Windows\System32\Tasks\HPCeeScheduleForDAVIS-HP$
2013-09-23 17:00 - 2012-12-05 15:07 - 00000342 _____ C:\Windows\Tasks\HPCeeScheduleForDAVIS-HP$.job
2013-09-22 15:28 - 2013-10-11 10:39 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-22 15:28 - 2013-10-11 10:39 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-22 15:27 - 2013-10-11 10:39 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-22 15:27 - 2013-10-11 10:39 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-22 15:27 - 2013-10-11 10:39 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-22 15:27 - 2013-10-11 10:39 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-22 15:27 - 2013-10-11 10:39 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-22 15:27 - 2013-10-11 10:39 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-22 15:27 - 2013-10-11 10:39 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-22 15:27 - 2013-10-11 10:39 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-22 15:27 - 2013-10-11 10:39 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-22 15:27 - 2013-10-11 10:39 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-22 15:27 - 2013-10-11 10:39 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-22 14:55 - 2013-10-11 10:39 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-09-22 14:55 - 2013-10-11 10:39 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-09-22 14:55 - 2013-10-11 10:39 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-09-22 14:54 - 2013-10-11 10:39 - 19252224 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-09-22 14:54 - 2013-10-11 10:39 - 15404544 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-09-22 14:54 - 2013-10-11 10:39 - 03959296 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-09-22 14:54 - 2013-10-11 10:39 - 02647552 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-09-22 14:54 - 2013-10-11 10:39 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-09-22 14:54 - 2013-10-11 10:39 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-09-22 14:54 - 2013-10-11 10:39 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-09-22 14:54 - 2013-10-11 10:39 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-09-22 14:54 - 2013-10-11 10:39 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-09-22 14:54 - 2013-10-11 10:39 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-09-22 14:54 - 2013-10-11 10:39 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-09-20 19:38 - 2013-10-11 10:39 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-09-20 19:30 - 2013-10-11 10:39 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-20 18:48 - 2013-10-11 10:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-09-20 18:39 - 2013-10-11 10:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

Some content of TEMP:
====================
C:\Users\DAVIS\AppData\Local\Temp\APNStub.exe
C:\Users\DAVIS\AppData\Local\Temp\Couponscom.exe
C:\Users\DAVIS\AppData\Local\Temp\Extract.exe
C:\Users\DAVIS\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\DAVIS\AppData\Local\Temp\mssinstaller.exe
C:\Users\DAVIS\AppData\Local\Temp\SP56215.exe
C:\Users\DAVIS\AppData\Local\Temp\SP56217.exe
C:\Users\DAVIS\AppData\Local\Temp\SP56221.exe
C:\Users\DAVIS\AppData\Local\Temp\SP56494.exe
C:\Users\DAVIS\AppData\Local\Temp\SP56665.exe
C:\Users\DAVIS\AppData\Local\Temp\SP56750.exe
C:\Users\DAVIS\AppData\Local\Temp\SP56878.exe
C:\Users\DAVIS\AppData\Local\Temp\SP56929.exe
C:\Users\DAVIS\AppData\Local\Temp\SP56978.exe
C:\Users\DAVIS\AppData\Local\Temp\SP57103.exe
C:\Users\DAVIS\AppData\Local\Temp\SP57232.exe
C:\Users\DAVIS\AppData\Local\Temp\SP57474.exe
C:\Users\DAVIS\AppData\Local\Temp\sp58915.exe
C:\Users\DAVIS\AppData\Local\Temp\UninstallHPSA.exe


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

13
Restore point made on: 2013-08-23 12:17:36
Restore point made on: 2013-08-27 12:58:12
Restore point made on: 2013-09-02 12:57:55
Restore point made on: 2013-09-08 11:55:21
Restore point made on: 2013-09-12 13:37:59
Restore point made on: 2013-09-13 11:02:14
Restore point made on: 2013-09-17 11:31:16
Restore point made on: 2013-09-22 17:27:01
Restore point made on: 2013-09-27 11:19:31
Restore point made on: 2013-10-01 13:47:05
Restore point made on: 2013-10-06 09:02:21
Restore point made on: 2013-10-10 11:00:00
Restore point made on: 2013-10-11 10:24:20

==================== Memory info ===========================

Percentage of memory in use: 11%
Total physical RAM: 8139.86 MB
Available physical RAM: 7173.96 MB
Total Pagefile: 8138.01 MB
Available Pagefile: 7188.81 MB
Total Virtual: 8192 MB
Available Virtual: 8191.87 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:673.19 GB) (Free:602.32 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (Recovery) (Fixed) (Total:21.28 GB) (Free:2.29 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:1.07 GB) FAT32
Drive i: () (Removable) (Total:0.95 GB) (Free:0.95 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.25 GB) (Free:0.25 GB) NTFS
Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: 5886C2AB)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=673 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=21 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=4 GB) - (Type=0C)

========================================================
Disk: 1 (Size: 974 MB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=973 MB) - (Type=06)


LastRegBack: 2013-09-23 11:44

==================== End Of Log ============================

 

Any Help would be great thanks

 

RAM



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:12 PM

Posted 16 October 2013 - 03:59 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

Fix with FRST (Recovery Environment)


  • Open notepad (Start =>All Programs => Accessories => Notepad).
  • Please copy the entire contents of the code box below.
    (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

    HKLM\...\Run: [AS2014] - C:\ProgramData\lXiVnns3\lXiVnns3.exe [650864 2013-10-13] ()
    HKLM\...\Winlogon: [Userinit] userinit.exe,C:\ProgramData\lXiVnns3\lXiVnns3.exe -sm,
    HKLM-x32\...\Run: [InboxToolbar] - C:\Program Files (x86)\Inbox Toolbar\Inbox.exe [1378784 2013-10-08] (Inbox.com, Inc.)
    HKU\DAVIS\...\Run: [AS2014] - C:\ProgramData\lXiVnns3\lXiVnns3.exe [650864 2013-10-13] ()
    HKU\DAVIS\...\Run: [ctfmhelp] - rundll32 "C:\Windows\system32\javahost.dll",CreateProcessNotify
    HKU\DAVIS\...\Run: [chknreg] - rundll32 "C:\Windows\system32\javahost64.dll",CreateProcessNotify
    
    C:\ProgramData\lXiVnns3
    C:\Program Files (x86)\Inbox Toolbar
    C:\Windows\system32\javahost.dll
    C:\Windows\system32\javahost64.dll
    C:\Users\DAVIS\Desktop\Antivirus Security Pro.lnk
    C:\Users\DAVIS\Desktop\Antivirus Security Pro support.url
    C:\Users\DAVIS\AppData\Local\Temp\APNStub.exe
    C:\Users\DAVIS\AppData\Local\Temp\Couponscom.exe
    C:\Users\DAVIS\AppData\Local\Temp\Extract.exe
    C:\Users\DAVIS\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
    C:\Users\DAVIS\AppData\Local\Temp\mssinstaller.exe
    C:\Users\DAVIS\AppData\Local\Temp\SP56215.exe
    C:\Users\DAVIS\AppData\Local\Temp\SP56217.exe
    C:\Users\DAVIS\AppData\Local\Temp\SP56221.exe
    C:\Users\DAVIS\AppData\Local\Temp\SP56494.exe
    C:\Users\DAVIS\AppData\Local\Temp\SP56665.exe
    C:\Users\DAVIS\AppData\Local\Temp\SP56750.exe
    C:\Users\DAVIS\AppData\Local\Temp\SP56878.exe
    C:\Users\DAVIS\AppData\Local\Temp\SP56929.exe
    C:\Users\DAVIS\AppData\Local\Temp\SP56978.exe
    C:\Users\DAVIS\AppData\Local\Temp\SP57103.exe
    C:\Users\DAVIS\AppData\Local\Temp\SP57232.exe
    C:\Users\DAVIS\AppData\Local\Temp\SP57474.exe
    C:\Users\DAVIS\AppData\Local\Temp\sp58915.exe
    C:\Users\DAVIS\AppData\Local\Temp\UninstallHPSA.exe

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Now please enter System Recovery Options again.

  • Run frst.exe (on 64bit, run frst64.exe) and press the Fix button just once and wait.
  • The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

 

 

 

Now boot into windows.

 

 

Full System Scan with Malwarebytes Antimalware

  • If not existing, please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.


If the program is already installed:
  • Run Malwarebytes Antimalware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 RamAthorn

RamAthorn
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:12 AM

Posted 16 October 2013 - 08:47 AM

Here is the log you asked for

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-10-2013
Ran by SYSTEM at 2013-10-16 09:43:34 Run:1
Running from I:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
HKLM\...\Run: [AS2014] - C:\ProgramData\lXiVnns3\lXiVnns3.exe [650864 2013-10-13] ()
HKLM\...\Winlogon: [Userinit] userinit.exe,C:\ProgramData\lXiVnns3\lXiVnns3.exe -sm,
HKLM-x32\...\Run: [InboxToolbar] - C:\Program Files (x86)\Inbox Toolbar\Inbox.exe [1378784 2013-10-08] (Inbox.com, Inc.)
HKU\DAVIS\...\Run: [AS2014] - C:\ProgramData\lXiVnns3\lXiVnns3.exe [650864 2013-10-13] ()
HKU\DAVIS\...\Run: [ctfmhelp] - rundll32 "C:\Windows\system32\javahost.dll",CreateProcessNotify
HKU\DAVIS\...\Run: [chknreg] - rundll32 "C:\Windows\system32\javahost64.dll",CreateProcessNotify

C:\ProgramData\lXiVnns3
C:\Program Files (x86)\Inbox Toolbar
C:\Windows\system32\javahost.dll
C:\Windows\system32\javahost64.dll
C:\Users\DAVIS\Desktop\Antivirus Security Pro.lnk
C:\Users\DAVIS\Desktop\Antivirus Security Pro support.url
C:\Users\DAVIS\AppData\Local\Temp\APNStub.exe
C:\Users\DAVIS\AppData\Local\Temp\Couponscom.exe
C:\Users\DAVIS\AppData\Local\Temp\Extract.exe
C:\Users\DAVIS\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\DAVIS\AppData\Local\Temp\mssinstaller.exe
C:\Users\DAVIS\AppData\Local\Temp\SP56215.exe
C:\Users\DAVIS\AppData\Local\Temp\SP56217.exe
C:\Users\DAVIS\AppData\Local\Temp\SP56221.exe
C:\Users\DAVIS\AppData\Local\Temp\SP56494.exe
C:\Users\DAVIS\AppData\Local\Temp\SP56665.exe
C:\Users\DAVIS\AppData\Local\Temp\SP56750.exe
C:\Users\DAVIS\AppData\Local\Temp\SP56878.exe
C:\Users\DAVIS\AppData\Local\Temp\SP56929.exe
C:\Users\DAVIS\AppData\Local\Temp\SP56978.exe
C:\Users\DAVIS\AppData\Local\Temp\SP57103.exe
C:\Users\DAVIS\AppData\Local\Temp\SP57232.exe
C:\Users\DAVIS\AppData\Local\Temp\SP57474.exe
C:\Users\DAVIS\AppData\Local\Temp\sp58915.exe
C:\Users\DAVIS\AppData\Local\Temp\UninstallHPSA.exe
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\AS2014 => Value deleted successfully.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Userinit => Value was restored successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\InboxToolbar => Value deleted successfully.
HKU\DAVIS\Software\Microsoft\Windows\CurrentVersion\Run\\AS2014 => Value deleted successfully.
HKU\DAVIS\Software\Microsoft\Windows\CurrentVersion\Run\\ctfmhelp => Value deleted successfully.
HKU\DAVIS\Software\Microsoft\Windows\CurrentVersion\Run\\chknreg => Value deleted successfully.
C:\ProgramData\lXiVnns3 => Moved successfully.
C:\Program Files (x86)\Inbox Toolbar => Moved successfully.
"C:\Windows\system32\javahost.dll" => File/Directory not found.
C:\Windows\system32\javahost64.dll => Moved successfully.
C:\Users\DAVIS\Desktop\Antivirus Security Pro.lnk => Moved successfully.
C:\Users\DAVIS\Desktop\Antivirus Security Pro support.url => Moved successfully.
C:\Users\DAVIS\AppData\Local\Temp\APNStub.exe => Moved successfully.
C:\Users\DAVIS\AppData\Local\Temp\Couponscom.exe => Moved successfully.
C:\Users\DAVIS\AppData\Local\Temp\Extract.exe => Moved successfully.
C:\Users\DAVIS\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe => Moved successfully.
C:\Users\DAVIS\AppData\Local\Temp\mssinstaller.exe => Moved successfully.
C:\Users\DAVIS\AppData\Local\Temp\SP56215.exe => Moved successfully.
C:\Users\DAVIS\AppData\Local\Temp\SP56217.exe => Moved successfully.
C:\Users\DAVIS\AppData\Local\Temp\SP56221.exe => Moved successfully.
C:\Users\DAVIS\AppData\Local\Temp\SP56494.exe => Moved successfully.
C:\Users\DAVIS\AppData\Local\Temp\SP56665.exe => Moved successfully.
C:\Users\DAVIS\AppData\Local\Temp\SP56750.exe => Moved successfully.
C:\Users\DAVIS\AppData\Local\Temp\SP56878.exe => Moved successfully.
C:\Users\DAVIS\AppData\Local\Temp\SP56929.exe => Moved successfully.
C:\Users\DAVIS\AppData\Local\Temp\SP56978.exe => Moved successfully.
C:\Users\DAVIS\AppData\Local\Temp\SP57103.exe => Moved successfully.
C:\Users\DAVIS\AppData\Local\Temp\SP57232.exe => Moved successfully.
C:\Users\DAVIS\AppData\Local\Temp\SP57474.exe => Moved successfully.
C:\Users\DAVIS\AppData\Local\Temp\sp58915.exe => Moved successfully.
C:\Users\DAVIS\AppData\Local\Temp\UninstallHPSA.exe => Moved successfully.

==== End of Fixlog ====

 

Now running Malwarebytes Antimalware

Thanks so much for your time.



#4 RamAthorn

RamAthorn
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:12 AM

Posted 16 October 2013 - 11:27 AM

Ok done with Malwarebytes

 

LOG

 

Malwarebytes' Anti-Malware 1.37
Database version: 2182
Windows 6.1.7601 Service Pack 1

10/16/2013 12:15:04 PM
mbam-log-2013-10-16 (12-15-04).txt

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 255858
Time elapsed: 1 hour(s), 48 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook.1 (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\Control Panel\don't load\wscui.cpl (Hijack.SecurityCenter) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\program files (x86)\norton internet security\Engine\19.7.1.5\msl.dll (Adware.Agent) -> Quarantined and deleted successfully.
 



#5 RamAthorn

RamAthorn
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:12 AM

Posted 16 October 2013 - 11:50 AM

Should I just run Malwarebytes' Anti-Malware as my  anti virus program?   She runs Norton now on her laptop and you see where that got us. I run on my pc Microsoft Security Essentials.


Edited by RamAthorn, 16 October 2013 - 11:50 AM.


#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:12 PM

Posted 17 October 2013 - 02:28 AM

Your version of MBAM is outdated - please uninstall it and repeat the procedure following my steps above.

MBAM isn´t a real-time protecting antivirus software, so you´ll need to have another program like Norton running in the background.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 RamAthorn

RamAthorn
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:12 AM

Posted 17 October 2013 - 03:42 PM

You can close this post now I got to mad at it and did a full wipe of my HDD.

I would like to thank you TB for your fast respones times and your willing to help

me with this virus.



#8 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:12 PM

Posted 18 October 2013 - 02:09 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users