Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

IDP Program Detected and Prior to this DomalQ


  • Please log in to reply
13 replies to this topic

#1 Lemon8

Lemon8

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:20 PM

Posted 03 May 2014 - 09:00 AM

Hi There,
I have been having some issues with malware on my computer lately.  I think it all started when I switched to Chrome from Internet Explorer, the browser asked me to update the version of adobe acrobat that I was using, I clicked what I thought was a legitimate link and nothing happened.  I then proceeded to open pdf files over the next few days and AVG started detecting this DomalQ virus.  It would prompt me that it detected the file and said it was removed (this occurred 8-10 times).  So I ran AVG, Malware Bites and reset the settings of both browsers and things seemed to be ok.  I then shut down my computer and when I started it the next time AVG detected an IDP program - it resolved the issue, but I'm unsure whether my computer is good to go. Any assistance would be great :) Thanks

 



BC AdBot (Login to Remove)

 


m

#2 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:20 AM

Posted 03 May 2014 - 09:32 AM

Hallo Lemon8!

Please do the following:

Download Screen317 Security Check HERE and save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Please post the contents of that document.
Note:: If any security program requests permission to access the Internet, allow it to do so

Please download MiniToolBox HERE to your desktop to run it.
Checkmark the following boxes:
* List content of Hosts
* Flush DNS
* Report IE Proxy Settings
* Reset IE Proxy Settings
* Report FF Proxy Settings
* Reset FF Proxy Settings
* List last 10 Event Viewer log
* List Installed Programs
* List Devices (do NOT change any settings here)
* List Users, Partitions and Memory size
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
Click Go and Copy / Paste the result. (result.txt)


Edited by Alex&Vanko, 03 May 2014 - 09:55 AM.


#3 Lemon8

Lemon8
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:20 PM

Posted 03 May 2014 - 12:29 PM

 Results of screen317's Security Check version 0.99.82 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
AVG Internet Security 2013  
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 Java™ 6 Update 32 
 Java version out of Date!
 Adobe Flash Player 10 Flash Player out of Date!
 Adobe Reader 9 Adobe Reader out of Date!
 Google Chrome 34.0.1847.116 
 Google Chrome 34.0.1847.131 
````````Process Check: objlist.exe by Laurent```````` 
 AVG avgwdsvc.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 10%
````````````````````End of Log``````````````````````

 

MiniToolBox by Farbar  Version: 23-01-2014
Ran by ***** (administrator) on 03-05-2014 at 13:27:11
Running from "C:\Users\*****\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

 

========================= Event log errors: ===============================

Application errors:
==================
Error: (05/03/2014 09:33:13 AM) (Source: VzCdbSvc) (User: )
Description: Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error code = 0x80042019)

Error: (05/03/2014 09:33:12 AM) (Source: VzCdbSvc) (User: )
Description: Failed to load the plug-in module. (GUID = {48512A59-C8A5-4805-9048-23C9E4194BFA})(Error code = 0x80042000)

Error: (05/02/2014 10:01:45 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5540688

Error: (05/02/2014 10:01:45 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5540688

Error: (05/02/2014 10:01:45 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/02/2014 08:29:26 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1077

Error: (05/02/2014 08:29:26 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1077

Error: (05/02/2014 08:29:26 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/02/2014 07:03:09 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2773885

Error: (05/02/2014 07:03:09 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2773885

System errors:
=============
Error: (05/03/2014 09:33:11 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Roxio Upnp Server 10 service to connect.

Error: (05/03/2014 00:07:57 AM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (05/02/2014 09:22:47 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Roxio Upnp Server 10 service to connect.

Error: (05/01/2014 11:02:44 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (05/01/2014 03:03:00 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Roxio Upnp Server 10 service to connect.

Error: (05/01/2014 09:40:51 AM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (05/01/2014 08:03:14 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Roxio Upnp Server 10 service to connect.

Error: (04/30/2014 10:43:25 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (04/30/2014 07:05:55 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Roxio Upnp Server 10 service to connect.

Error: (04/30/2014 07:04:53 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Microsoft Office Sessions:
=========================
Error: (05/03/2014 09:33:13 AM) (Source: VzCdbSvc)(User: )
Description: {56F9312C-C989-4E04-8C23-299DEE3A36F5}0x80042019

Error: (05/03/2014 09:33:12 AM) (Source: VzCdbSvc)(User: )
Description: {48512A59-C8A5-4805-9048-23C9E4194BFA}0x80042000

Error: (05/02/2014 10:01:45 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5540688

Error: (05/02/2014 10:01:45 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5540688

Error: (05/02/2014 10:01:45 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/02/2014 08:29:26 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1077

Error: (05/02/2014 08:29:26 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1077

Error: (05/02/2014 08:29:26 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/02/2014 07:03:09 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2773885

Error: (05/02/2014 07:03:09 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2773885

=========================== Installed Programs ============================

Adobe AIR (Version: 1.5.3.9130)
Adobe Digital Editions 3.0 (Version: 3.0)
Adobe Flash Player 10 Plugin (Version: 10.0.32.18)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.170)
Adobe Reader 9.2 (Version: 9.2.0)
Alps Pointing-device for VAIO
Apple Application Support (Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (Version: 2.1.3.127)
ArcSoft Magic-i Visual Effects 2 (Version: 2.0.1.85)
ArcSoft WebCam Companion 3 (Version: 3.0.21.390)
AVG 2013 (Version: 13.0.3469)
AVG 2013 (Version: 13.0.3722)
AVG 2013 (Version: 2013.0.3469)
Bonjour (Version: 3.0.0.10)
Citrix Access Gateway Endpoint Analysis (Version: 9.2.48.6)
Citrix online plug-in - web (Version: 12.1.0.30)
Citrix online plug-in (DV) (Version: 12.1.0.30)
Citrix online plug-in (HDX) (Version: 12.1.0.30)
Citrix online plug-in (USB) (Version: 12.1.0.30)
Citrix online plug-in (Web) (Version: 12.1.0.30)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Evernote (Version: 3.5.0.545)
Google Chrome (Version: 34.0.1847.131)
Google Update Helper (Version: 1.3.23.9)
Intel® Control Center (Version: 1.2.1.1007)
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.2040)
Intel® Management Engine Components (Version: 6.0.0.1179)
Intel® Rapid Storage Technology (Version: 9.5.4.1001)
iTunes (Version: 11.1.3.8)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 18 (64-bit) (Version: 6.0.180)
Java™ 6 Update 32 (Version: 6.0.320)
Malwarebytes Anti-Malware version 2.0.1.1004 (Version: 2.0.1.1004)
Media Gallery (Version: 1.1.1.11200)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Home and Student 2010 (Version: 14.0.7015.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Single Image 2010 (Version: 14.0.7015.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Silverlight (Version: 5.1.30214.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
OOBE (Version: 3.00.0215)
PMB (Version: 5.0.00.10260)
PMB VAIO Edition Guide (Version: 1.0.00.09250)
PMB VAIO Edition plug-in (Click to Disc) (Version: 3.0.01.11230)
PMB VAIO Edition plug-in (VAIO Image Optimizer) (Version: 1.0.00.10150)
PMB VAIO Edition plug-in (VAIO Movie Story) (Version: 2.0.01.12010)
QuickTime (Version: 7.74.80.86)
Realtek High Definition Audio Driver (Version: 6.0.1.5992)
Roxio Central Audio (Version: 3.8.0)
Roxio Central Copy (Version: 3.8.0)
Roxio Central Core (Version: 3.8.0)
Roxio Central Data (Version: 3.8.0)
Roxio Central Tools (Version: 3.8.0)
Roxio Easy Media Creator 10 LJ (Version: 10.3)
Roxio Easy Media Creator Home (Version: 10.3.183)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Setting Utility Series (Version: 5.1.0.11200)
Skype™ 6.14 (Version: 6.14.104)
SmartWi Connection Utility (Version: 4.10.4.20100121.2442)
Sony Home Network Library (Version: 2.0.1.10160)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition
Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition
Update for Microsoft Visio 2010 (KB2553444) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
VAIO Care (Version: 6.4.2.11150)
VAIO Content Metadata Intelligent Analyzing Manager (Version: 3.7.0.14191)
VAIO Content Metadata XML Interface Library (Version: 3.7.0.14191)
VAIO Content Monitoring Settings (Version: 2.4.1.09180)
VAIO Control Center (Version: 4.1.1.07160)
VAIO Data Restore Tool (Version: 1.2.0.09150)
VAIO DVD Menu Data (Version: 2.0.00.09240)
VAIO Entertainment Platform (Version: 3.6.0.09150)
VAIO Event Service (Version: 5.1.0.12010)
VAIO Hardware Diagnostics (Version: 3.9.1)
VAIO Help and Support (Version: 10.00.1029)
VAIO Media plus (Version: 2.0.1.10160)
VAIO Media plus Opening Movie (Version: 2.0.0.07030)
VAIO Movie Story Template Data (Version: 2.0.00.09240)
VAIO Original Function Settings (Version: 2.0.0.07010)
VAIO Personalization Manager (Version: 2.0.0.06220)
VAIO Power Management (Version: 5.0.0.11300)
VAIO Quick Web Access (Version: 1.2.2.3)
VAIO Survey (Version: 6.00.1028)
VAIO Transfer Support (Version: 1.1.2.06030)
VAIO Update (Version: 6.1.1.10250)
VAIO Wallpaper Contents (Version: 2.0.0.06010)
VD64Inst (Version: 1.00.0000)
Visual C++ 8.0 Runtime Setup Package (x64) (Version: 9.0.0.623)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
VU5x64 (Version: 1.1.0)
VU5x86 (Version: 1.0.0)
VU5x86 (Version: 1.1.0)
WIDCOMM Bluetooth Software (Version: 6.2.1.500)
Windows Driver Package - Broadcom Bluetooth  (09/09/2009 6.2.0.9405) (Version: 09/09/2009 6.2.0.9405)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (Version: 07/28/2009 6.2.0.9800)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Movie Maker (Version: 14.0.8117.0416)
Windows Live Photo Gallery (Version: 14.0.8117.416)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live Upload Tool (Version: 14.0.8014.1029)

========================= Devices: ================================

========================= Memory info: ===================================

Percentage of memory in use: 52%
Total physical RAM: 3758.1 MB
Available physical RAM: 1800.18 MB
Total Pagefile: 7514.38 MB
Available Pagefile: 4991.64 MB
Total Virtual: 4095.88 MB
Available Virtual: 3969.96 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:455.63 GB) (Free:365.78 GB) NTFS

========================= Users: ========================================

User accounts for ***** \\

Administrator                              Guest                   

**** End of log ****


 



#4 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:20 AM

Posted 03 May 2014 - 12:52 PM

Please download AdwCleaner by Xplode HERE onto your desktop.

    Close all open programs and internet browsers.
    Double click on AdwCleaner.exe to run the tool.
    Click on Scan.
    After the scan is complete click on "Clean"
    Confirm each time with Ok.
    Your computer will be rebooted automatically. A text file will open after the restart.
    Please post the content of that logfile with your next answer.
    You can find the logfile at C:\AdwCleaner[S1].txt as well.

 

Also post Malwarebytes log tha last one,which is here - C:\Users\<USERNAME>\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs

 

AVG has a firewall so disable Windows one.
 


Edited by Alex&Vanko, 03 May 2014 - 12:55 PM.


#5 Lemon8

Lemon8
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:20 PM

Posted 03 May 2014 - 01:44 PM

Hi Alex&Vanko
Here are the requested logs. Thanks again!!
 

# AdwCleaner v3.205 - Report created 03/05/2014 at 14:37:01
# Updated 28/04/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : *****
# Running from : C:\Users\*****\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\Software\DeviceVM
Key Deleted : [x64] HKLM\SOFTWARE\DeviceVM

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041

-\\ Google Chrome v34.0.1847.131

[ File : C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [1327 octets] - [03/05/2014 14:29:15]
AdwCleaner[S0].txt - [1254 octets] - [03/05/2014 14:37:01]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1314 octets] ##########

 

Malware Antibytes (2 Logs)
 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 02/05/2014
Scan Time: 11:21:16 AM
Logfile: Malwarebytes Log.txt
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.05.02.08
Rootkit Database: v2014.03.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: *****

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 268601
Time Elapsed: 37 min, 8 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)


AND

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 30/04/2014
Scan Time: 7:04:30 PM
Logfile: Malwarebytes Log2.txt
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.04.30.11
Rootkit Database: v2014.03.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: *****

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 268063
Time Elapsed: 26 min, 28 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 3
Trojan.Agent.ED, C:\Users\*****\AppData\Local\Temp\cnxldjghns.exe, Quarantined, [b4cf75bbc4b788ae9a73acb9b34ee21e],
Trojan.Dropper, C:\Users\*****\AppData\Local\Temp\1file_saw.exe, Quarantined, [72116fc14a3130068dcc106a0df30df3],
Exploit.Drop.GS, C:\Users\*****\AppData\Local\Temp\2file_saw.exe, Quarantined, [a5deee423f3c69cdf81b1197da28a060],

Physical Sectors: 0
(No malicious items detected)

(end)





 



#6 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:20 AM

Posted 03 May 2014 - 02:24 PM

Please download Kaspersky TDSSKiller exe HERE onto your desktop
Double-click on tdsskiller.exe to open this utility, then click on Change Parameters.

tdsskiller-change-parameters.jpg

In the new open window,we will need to enable Detect TDLFS file system, then click on OK.KSN is by default enabled.
tdsskiller-detect-tdfls.jpg

Next,we will need to start a scan with Kaspersky, so you’ll need to press the Start Scan button.

tdsskiller-start-scan.jpg

Kaspersky TDSSKiller will now scan your computer
tdsskiller-scan.jpg

When the scan has finished it will display a result screen stating whether or not the infection was found on your computer. If it was found it will display a screen similar to the one below.

67776163.jpg



#7 Lemon8

Lemon8
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:20 PM

Posted 03 May 2014 - 02:39 PM

Ok great, Kaspersky showed no threats found.



#8 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:20 AM

Posted 03 May 2014 - 02:52 PM

Download HitmanPro 64bit from HERE on your desktop.

Double-click on the file named HitmanPro.exe

Ashampoo_Snap_2014.05.03_22h36m45s_001_.

Click on the Next button.May need to accept agreement.

Ashampoo_Snap_2014.05.03_22h47m59s_002_.

Press next and it will start scan.

Ashampoo_Snap_2014.05.03_22h48m41s_003_.



#9 Lemon8

Lemon8
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:20 PM

Posted 03 May 2014 - 03:08 PM

Here is the log
 

HitmanPro 3.7.9.216
www.hitmanpro.com
   Computer name . . . . : *****
   Windows . . . . . . . : 6.1.1.7601.X64/4
   User name . . . . . . : *****
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free
   Scan date . . . . . . : 2014-05-03 15:59:14
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 5m 48s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No
   Threats . . . . . . . : 3
   Traces  . . . . . . . : 12
   Objects scanned . . . : 1,688,484
   Files scanned . . . . : 84,106
   Remnants scanned  . . : 474,718 files / 1,129,660 keys
Malware _____________________________________________________________________
   C:\Users\*****\AppData\Local\Temp\hhhiiio.exe
      Size . . . . . . . : 182,272 bytes
      Age  . . . . . . . : 2.9 days (2014-04-30 18:36:33)
      Entropy  . . . . . : 6.8
      SHA-256  . . . . . : 7150E62232484C7B7E9B64313C38E04F34F8444D2F4E4A3B2BAD39E605096A67
    > Bitdefender  . . . : Gen:Variant.Symmi.41503
      Fuzzy  . . . . . . : 108.0
      Forensic Cluster
         -3.5s C:\Users\*****\AppData\Local\Temp\jar_cache3467619726497799195.tmp
          0.0s C:\Users\*****\AppData\Local\Temp\hhhiiio.exe
   C:\Users\*****\AppData\Local\Temp\jar_cache3467619726497799195.tmp
      Size . . . . . . . : 26,036 bytes
      Age  . . . . . . . : 2.9 days (2014-04-30 18:36:30)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : 77A0FF567AD208ABCC3027B33023226C4786CBB7B5E4CC7FDD0CAAD84ECBCDA9
    > Kaspersky  . . . . : HEUR:Exploit.Java.Generic
      Fuzzy  . . . . . . : 102.0
      Forensic Cluster
          0.0s C:\Users\*****\AppData\Local\Temp\jar_cache3467619726497799195.tmp
          3.5s C:\Users\*****\AppData\Local\Temp\hhhiiio.exe
   C:\Users\*****\AppData\Local\Temp\jar_cache6487197172016627295.tmp
      Size . . . . . . . : 19,810 bytes
      Age  . . . . . . . : 4.3 days (2014-04-29 09:13:41)
      Entropy  . . . . . : 7.9
      SHA-256  . . . . . : 288599D27B4F5638394AAD93B747E73CF73196562D9484CFA6DFA35B0CA0B8DA
    > Kaspersky  . . . . : HEUR:Exploit.Java.Generic
      Fuzzy  . . . . . . : 102.0
      Forensic Cluster
          0.0s C:\Users\*****\AppData\Local\Temp\jar_cache6487197172016627295.tmp
          2.2s C:\Users\*****\AppData\Local\Temp\setup.dat

Cookies _____________________________________________________________________
   C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Cookies:2o7.net
   C:\Users\\*****AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.yahoo.com
   C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtechus.com
   C:\Users\\*****AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com
   C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
   C:\Users\\*****\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com
   C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net
   C:\Users\*****\AppData\Roaming\Microsoft\Windows\Cookies\MQBHJWE1.txt


 



#10 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:20 AM

Posted 03 May 2014 - 03:29 PM

So remove the threads.You may need to activate trial version.

Did you install manually NetFramework 4.5.1?



#11 Lemon8

Lemon8
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:20 PM

Posted 03 May 2014 - 03:33 PM

Ok, just removed them.  It let me activate using a free license.



#12 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:20 AM

Posted 03 May 2014 - 03:43 PM

AVG has 2014 version.

Download and install latest Adobe Air - https://get.adobe.com/air/

Download and install latest Adobe flash - http://labs.adobe.com/downloads/flashplayer.html

Under flash player 14 beta installers active-x for windows for internet explorer 16.2MB

and for all other browsers 16.8MB

Download and install latest Adobe Reader,uncheck the promo offer - https://get.adobe.com/reader/

Download and install latest Java - https://www.java.com/en/download/

Uninstall Net.Framework 4.5.1 from Programs and Features.

Download and install version 4 - http://www.microsoft.com/en-us/download/details.aspx?id=17851

Download and install version 4.5 - http://www.microsoft.com/en-us/download/details.aspx?id=30653

Download and install version 4.5.1 - http://www.microsoft.com/en-us/download/details.aspx?id=40779



#13 Lemon8

Lemon8
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:20 PM

Posted 03 May 2014 - 06:06 PM

Ok, all done :) Thanks very much for all your help!



#14 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:20 AM

Posted 03 May 2014 - 06:13 PM

No problem, for nothing.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users