Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help Please


  • Please log in to reply
17 replies to this topic

#1 Permanentrain

Permanentrain

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:07 PM

Posted 12 September 2014 - 07:20 PM

I recently reset my Lenovo computer to factory settings running Windows 8, after doing so I found that I have a virus (before doing so nothing was wrong), I keep getting an error saying Internet Explorer has stopped working, it comes up 5-10 pop ups at a time saying this and randomly it will open Google chrome to a website. 

 

I have run 4 different anti virus programs, McAfee found 7 viruses that i quarantined / removed, AVG found nothing, IObits Malware Fighter found nothing and Malwarebytes found and quarantined 8 (i don't have the first log) and 12 (log posted below), after doing this i am still getting

these errors repetitively spammed and malwarebytes keeps popping up saying it has blocked a website, it cycles through a few

different blocked messages all with different IP address attached (3-4 different ones total), one example is as follows:

 

Domain: FFF5ee.com

IP: 31.184.192.90

Type: Outbound

process: C:\Windows\SysWOW64\dlllhost.exe

 

the processes vary from each blocked website but all in the sysWOW64, I looked around on google for similar problems, finding your site here in the process, I read through a few posts and ran a few of the recommended programs but unfortunalty after running these it never told me how to solve the issue so what should I do now to fix my problem?

 

what did I run?

- 1) Malwarebytes

- 2) Security Check 

- 3) Farbar Security Scanner

- 4) MiniTool Box

- 5) Malwarebytes Anti-root kit

- 6) Rkill

 

I ran all of those after running my 4 anti viruses (re-ran malwarebytes) and the problems still persisting and I have the logs here as follows:

 


1) Malwarebytes -
             
             Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 9/12/2014
Scan Time: 2:35:14 PM
Logfile: malwarescan.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.09.12.08
Rootkit Database: v2014.09.12.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 8
CPU: x64
File System: NTFS
User: Tyler
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 311957
Time Elapsed: 14 min, 15 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 1
PUP.Optional.SearchProtection.A, C:\Users\Tyler\AppData\Roaming\Search Protection\SearchProtection.exe, 4484, Delete-on-Reboot, [378d28c47506a096655c56da32d135cb]
 
Modules: 5
Trojan.Dropper.ED, C:\Program Files (x86)\Google\Chrome\Application\version.dll, Delete-on-Reboot, [6361a7455c1f2016d3f9624f33cec33d], 
Trojan.Dropper.ED, C:\Program Files (x86)\Google\Chrome\Application\version.dll, Delete-on-Reboot, [6361a7455c1f2016d3f9624f33cec33d], 
Trojan.Dropper.ED, C:\Program Files (x86)\Google\Chrome\Application\version.dll, Delete-on-Reboot, [6361a7455c1f2016d3f9624f33cec33d], 
Trojan.Dropper.ED, C:\Program Files (x86)\Google\Chrome\Application\version.dll, Delete-on-Reboot, [6361a7455c1f2016d3f9624f33cec33d], 
Trojan.Dropper.ED, C:\Program Files (x86)\Google\Chrome\Application\version.dll, Delete-on-Reboot, [6361a7455c1f2016d3f9624f33cec33d], 
 
Registry Keys: 1
PUP.Optional.Spigot, HKU\S-1-5-21-3595214846-1151500736-612567096-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Search Protection, Quarantined, [4480bd2fbfbc38fe2aa0229746bb5fa1], 
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 1
PUP.Optional.AmazonBrowserBar.A, C:\Program Files (x86)\Amazon\ABB, Quarantined, [7054f5f7afccf3433e5e15d046bcfa06], 
 
Files: 6
Trojan.Dropper.ED, C:\Program Files (x86)\Google\Chrome\Application\version.dll, Delete-on-Reboot, [6361a7455c1f2016d3f9624f33cec33d], 
PUP.Optional.Spigot, C:\Users\Tyler\AppData\Roaming\Search Protection\Uninstall.exe, Quarantined, [4480bd2fbfbc38fe2aa0229746bb5fa1], 
Trojan.Dropper.ED, C:\Program Files (x86)\Internet Explorer\version.dll, Quarantined, [2b9941abec8f68ce35972c85ca37b14f], 
PUP.Optional.Spigot, C:\Users\Tyler\AppData\Local\Temp\~sp5BA2.tmp, Quarantined, [309432baa8d35fd7c307a514649d43bd], 
PUP.Optional.SearchProtection.A, C:\Users\Tyler\AppData\Roaming\Search Protection\SearchProtection.exe, Delete-on-Reboot, [378d28c47506a096655c56da32d135cb], 
PUP.Optional.AmazonBrowserBar.A, C:\Program Files (x86)\Amazon\ABB\abb-bundler-uninstall.exe, Quarantined, [7054f5f7afccf3433e5e15d046bcfa06], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

2) Security Check -
 
            Results of screen317's Security Check version 0.99.87  
   x64 (UAC is enabled)  
 Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
McAfee Anti-Virus and Anti-Spyware   
Windows Defender                     
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Adobe Reader 10.1.3 Adobe Reader out of Date!
 Google Chrome 37.0.2062.120  
 Google Chrome version1.dll..  
````````Process Check: objlist.exe by Laurent````````
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````
 
 
 
3) Farbar Security Scanner - 
 
           Farbar Service Scanner Version: 21-07-2014
Ran by Tyler (administrator) on 12-09-2014 at 15:44:20
Running from "C:\Users\Tyler\Downloads"
Microsoft Windows 8  (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Action Center:
============
 
 
Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Demand. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.
 
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
 
 
Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
 
 
**** End of log ****

4) MiniBoxTool - 
 
        MiniToolBox by Farbar  Version: 21-07-2014
Ran by Tyler (administrator) on 12-09-2014 at 15:45:52
Running from "C:\Users\Tyler\Downloads"
Microsoft Windows 8  (X64)
Boot Mode: Normal
***************************************************************************
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
========================= Hosts content: =================================
 
 
 
========================= IP Configuration: ================================
 
Realtek RTL8188E Wireless LAN 802.11n PCI-E NIC = Wi-Fi (Connected)
Realtek PCIe GBE Family Controller = Ethernet (Media disconnected)
Linksys RangePlus Wireless USB Network Adapter = Wi-Fi 2 (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
set interface interface="Local Area Connection* 9" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 11" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 12" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : idea-PC
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : PK5001Z
 
Wireless LAN adapter Local Area Connection* 12:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter #2
   Physical Address. . . . . . . . . : 00-25-9C-EF-B0-60
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wi-Fi 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : PK5001Z
   Description . . . . . . . . . . . : Linksys RangePlus Wireless USB Network Adapter
   Physical Address. . . . . . . . . : 00-25-9C-EF-B0-66
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wi-Fi:
 
   Connection-specific DNS Suffix  . : PK5001Z
   Description . . . . . . . . . . . : Realtek RTL8188E Wireless LAN 802.11n PCI-E NIC
   Physical Address. . . . . . . . . : 24-FD-52-1C-42-08
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::c16b:f8a:3ba:ecf7%15(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.0.122(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Friday, September 12, 2014 2:51:34 PM
   Lease Expires . . . . . . . . . . : Saturday, September 13, 2014 2:51:42 PM
   Default Gateway . . . . . . . . . : 192.168.0.1
   DHCP Server . . . . . . . . . . . : 192.168.0.1
   DHCPv6 IAID . . . . . . . . . . . : 354745682
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-1A-81-4A-D4-3D-7E-A6-3B-62
   DNS Servers . . . . . . . . . . . : 192.168.0.1
                                       205.171.2.226
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Ethernet adapter Ethernet:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : D4-3D-7E-A6-3B-62
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.PK5001Z:
 
   Connection-specific DNS Suffix  . : PK5001Z
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::5efe:192.168.0.122%13(Preferred) 
   Default Gateway . . . . . . . . . : 
   DNS Servers . . . . . . . . . . . : 192.168.0.1
                                       205.171.2.226
   NetBIOS over Tcpip. . . . . . . . : Disabled
 
Tunnel adapter Local Area Connection* 13:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft 6to4 Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:90d7:1c4e:3e94:752d:2b45(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::1c4e:3e94:752d:2b45%18(Preferred) 
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  PK5001Z.PK5001Z
Address:  192.168.0.1
 
Name:    google.com
Addresses:  2607:f8b0:4000:801::1005
 74.125.227.128
 74.125.227.134
 74.125.227.129
 74.125.227.135
 74.125.227.142
 74.125.227.132
 74.125.227.130
 74.125.227.133
 74.125.227.137
 74.125.227.131
 74.125.227.136
 
 
Pinging google.com [74.125.227.134] with 32 bytes of data:
Reply from 74.125.227.134: bytes=32 time=19ms TTL=56
Reply from 74.125.227.134: bytes=32 time=19ms TTL=56
 
Ping statistics for 74.125.227.134:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 19ms, Maximum = 19ms, Average = 19ms
Server:  PK5001Z.PK5001Z
Address:  192.168.0.1
 
Name:    yahoo.com
Addresses:  98.138.253.109
 98.139.183.24
 206.190.36.45
 
 
Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=64ms TTL=50
Reply from 98.139.183.24: bytes=32 time=65ms TTL=50
 
Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 64ms, Maximum = 65ms, Average = 64ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 20...00 25 9c ef b0 60 ......Microsoft Wi-Fi Direct Virtual Adapter #2
 17...00 25 9c ef b0 66 ......Linksys RangePlus Wireless USB Network Adapter
 15...24 fd 52 1c 42 08 ......Realtek RTL8188E Wireless LAN 802.11n PCI-E NIC
 12...d4 3d 7e a6 3b 62 ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
 13...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 14...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
 18...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1    192.168.0.122     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.0.0    255.255.255.0         On-link     192.168.0.122    281
    192.168.0.122  255.255.255.255         On-link     192.168.0.122    281
    192.168.0.255  255.255.255.255         On-link     192.168.0.122    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.0.122    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.0.122    281
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 18    306 ::/0                     On-link
  1    306 ::1/128                  On-link
 18    306 2001::/32                On-link
 18    306 2001:0:9d38:90d7:1c4e:3e94:752d:2b45/128
                                    On-link
 15    281 fe80::/64                On-link
 18    306 fe80::/64                On-link
 13    281 fe80::5efe:192.168.0.122/128
                                    On-link
 18    306 fe80::1c4e:3e94:752d:2b45/128
                                    On-link
 15    281 fe80::c16b:f8a:3ba:ecf7/128
                                    On-link
  1    306 ff00::/8                 On-link
 18    306 ff00::/8                 On-link
 15    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\windows\SysWOW64\pnrpnsp.dll [67584] (Microsoft Corporation)
Catalog5 03 C:\windows\SysWOW64\pnrpnsp.dll [67584] (Microsoft Corporation)
Catalog5 04 C:\windows\SysWOW64\NLAapi.dll [55296] (Microsoft Corporation)
Catalog5 05 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog5 06 C:\windows\SysWOW64\winrnr.dll [21504] (Microsoft Corporation)
Catalog9 01 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 02 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 03 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 04 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 05 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 06 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 07 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 08 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 09 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 10 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [66560] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [85504] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [85504] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [72192] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [53760] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
 
 
=========================== Installed Programs ============================
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.4.0.2710 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.4.0.2710 - Adobe Systems Incorporated) Hidden
Adobe Reader X (10.1.3) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.3 - Adobe Systems Incorporated)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Driver & Application Installation (HKLM-x32\...\{BFECCF2A-F094-4066-8BFA-29CCBB7F6602}) (Version: 6.12.0911 - Lenovo)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.120 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.0.1083 - Intel Corporation)
Intel® Rapid Storage Technology (Version: 12.0.0.1083 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (Version: 1.27.757.1 - Intel Corporation) Hidden
Lenovo Blacksilk USB Keyboard Driver (HKLM-x32\...\{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: V1.4.11.0608 - Lenovo)
Lenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 4.0.0.0822 - CyberLink Corp.)
Lenovo Rescue System (Version: 4.0.0.0822 - CyberLink Corp.) Hidden
Lenovo Solution Center (HKLM\...\{79AB31DF-83A6-4D49-A70E-C4CA114B0605}) (Version: 2.0.013.00 - Lenovo Group Limited)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
McAfee Internet Security (HKLM-x32\...\MSC) (Version: 12.8.988 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Nitro Pro 8 (HKLM\...\{34BE77EE-B563-49D7-A8A0-FFD76D29BBD3}) (Version: 8.0.10.7 - Nitro)
NVIDIA Control Panel 310.90 (Version: 310.90 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 310.90 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 310.90 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.95.599 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.1031 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.7.1025.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6743 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.2.8400.30137 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0208 - REALTEK Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.61.90905 - SugarSync, Inc.)
WinRAR 5.11 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
 
========================= Devices: ================================
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 41%
Total physical RAM: 8109.15 MB
Available physical RAM: 4749.43 MB
Total Pagefile: 12717.15 MB
Available Pagefile: 9046.59 MB
Total Virtual: 4095.88 MB
Available Virtual: 3979.45 MB
 
========================= Partitions: =====================================
 
1 Drive c: (Windows8_OS) (Fixed) (Total:905.25 GB) (Free:850.32 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\IDEA-PC
 
Administrator            Guest                    Tyler                    
 
========================= Restore Points ==================================
 
11-09-2014 03:35:42 Removed Amazon Browser App
12-09-2014 10:00:21 Windows Modules Installer
 
**** End of log ****

5) Malwarebytes Anti-Root - 
 
Mbar-log-xxxxx.txt
alwarebytes Anti-Rootkit BETA 1.07.0.1012
www.malwarebytes.org
 
Database version: v2014.09.12.08
 
Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16466
Tyler :: IDEA-PC [administrator]
 
9/12/2014 3:52:52 PM
mbar-log-2014-09-12 (15-52-52).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 312566
Time elapsed: 12 minute(s), 55 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
 
System-log.txt
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1012
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.2.9200 Windows 8 x64
 
Account is Administrative
 
Internet Explorer version: 10.0.9200.16466
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.993000 GHz
Memory total: 8503058432, free: 4847042560
 
Downloaded database version: v2014.09.12.08
Downloaded database version: v2014.09.12.01
Initializing...
======================
Done!
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 8BB773F9
 
GPT Protective MBR Partition information:
 
    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1  Numsec = 4294967295
 
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
GPT Partition information:
 
    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 1368235070
    GPT Header CurrentLba = 1 BackupLba 1953525167
    GPT Header FirstUsableLba 34  LastUsableLba 1953525134
    GPT Header Guid 5692a2a4-6b7a-4a4e-a07d-deca1032a1e5
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128
 
    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 1368235070
    Backup GPT header CurrentLba = 1953525167 BackupLba 1
    Backup GPT header FirstUsableLba 34  LastUsableLba 1953525134
    Backup GPT header Guid 5692a2a4-6b7a-4a4e-a07d-deca1032a1e5
    Backup GPT header Contains 128 partition entries starting at LBA 1953525135
    Backup GPT header Partition entry size = 128
 
    Partition 0 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID 2831f265-8405-48fe-9885-c35b7548b59a
    FirstLBA 2048  Last LBA 2050047
    Attributes 1
    Partition Name                                     
 
    Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
    Partition ID 2c4f7d6-dc32-409a-af55-498e21641017
    FirstLBA 2050048  Last LBA 2582527
    Attributes 0
    Partition Name                 EFI system partition
 
    GPT Partition 1 is bootable
    Partition 2 Type bfbfafe7-a34f-448a-9a5b-6213eb736c22
    Partition ID 46d5cda2-6f1b-4d6c-a2c8-79144371faa
    FirstLBA 2582528  Last LBA 3606527
    Attributes 1
    Partition Name                                     
 
    Partition 3 Type e3c9e316-b5c-4db8-817d-f92df0215ae
    Partition ID a125d8aa-2025-4dfc-b35a-51d6d6eb3372
    FirstLBA 3606528  Last LBA 3868671
    Attributes 0
    Partition Name         Microsoft reserved partition
 
    Partition 4 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID dcbe4a94-6d2e-4929-a618-1d98172148c
    FirstLBA 3868672  Last LBA 1902323711
    Attributes 0
    Partition Name                 Basic data partition
 
    Partition 5 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID 9c9e37f0-4b55-4722-9c50-f7243e1e5646
    FirstLBA 1902323712  Last LBA 1953523711
    Attributes 1
    Partition Name                                     
 
Disk Size: 1000204886016 bytes
Sector size: 512 bytes
 
Done!
Scan finished
=======================================
 
 
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished

6) Last but not least Rkill - 
 
Rkill 2.6.8 by Lawrence Abrams (Grinler)
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 09/12/2014 04:17:22 PM in x64 mode.
Windows Version: Windows 8 
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * C:\Windows\jmesoft\Service.exe (PID: 1968) [WD-HEUR]
 * C:\Windows\jmesoft\hotkey.exe (PID: 4292) [WD-HEUR]
 * C:\Windows\jmesoft\JME_LOAD.exe (PID: 4360) [WD-HEUR]
 
3 proccesses terminated!
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Windows Defender Disabled
 
   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001
 
Checking Windows Service Integrity: 
 
 * No issues found.
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * No issues found.
 
Program finished at: 09/12/2014 04:17:51 PM
Execution time: 0 hours(s), 0 minute(s), and 28 seconds(s)
 
 
 
 
__________________________________________________________________________________
 
 
 
 
If someone could please tell me how to fix this so i can actually use my desktop computer again, that would be fantastic, thanks in advance!
 
- Tyler


BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:07 PM

Posted 12 September 2014 - 07:30 PM

p22002970.gif Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

p22002970.gif Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.


p22002970.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.


p22002970.gif Please run a free online scan with the ESET Online Scanner.

  • Disable your antivirus program
  • Internet Explorer users - Click on this link to open ESET OnlineScan.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on ESET Smart Installer to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Check "Enable detection of potentially unwanted applications".
  • Click Advanced settings and make sure all 4 boxes are checkmarked (two of them are already checkmarked by default).
    Do NOT checkmark "Use custom proxy settings"
  • Click the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 Permanentrain

Permanentrain
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:07 PM

Posted 12 September 2014 - 07:39 PM

Thank you Broni for replying so quickly! I think I multi posted because it wasn't showing on my computer that it had posted :( but anyways, let me run these and I'll get back with the result ASAP!

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:07 PM

Posted 12 September 2014 - 07:41 PM

p22003888.gif


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#5 Permanentrain

Permanentrain
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:07 PM

Posted 12 September 2014 - 09:18 PM

Hello again Broni, i have ran the first and second program, the log from the second one is here 

 

# AdwCleaner v3.310 - Report created 12/09/2014 at 19:14:20
# Updated 12/09/2014 by Xplode
# Operating System : Windows 8  (64 bits)
# Username : Tyler - IDEA-PC
# Running from : C:\Users\Tyler\Downloads\adwcleaner_3.310.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\Tyler\AppData\Roaming\Search Protection
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16453
 
 
-\\ Google Chrome v37.0.2062.120
 
[ File : C:\Users\Tyler\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [843 octets] - [12/09/2014 19:12:32]
AdwCleaner[S0].txt - [767 octets] - [12/09/2014 19:14:20]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [826 octets] ##########
 
 
 
Running the next one and i'll be back!


#6 Permanentrain

Permanentrain
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:07 PM

Posted 12 September 2014 - 09:27 PM

i have run the junkware removal and here is the log for it....

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8 x64
Ran by Tyler on Fri 09/12/2014 at 19:19:33.75
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 09/12/2014 at 19:26:42.88
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#7 Permanentrain

Permanentrain
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:07 PM

Posted 13 September 2014 - 05:45 AM

ESET found 2 threats and removed only one. i am still reciving all of the same problems


Edited by Permanentrain, 13 September 2014 - 05:49 AM.


#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:07 PM

Posted 13 September 2014 - 01:17 PM

I'd like to see Eset log.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#9 P90_David

P90_David

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Fort Worth, TX
  • Local time:12:07 AM

Posted 13 September 2014 - 08:00 PM

I too have been infected with this problem. 

 

I have found that the infection is user profile specific.  So maybe if you create a new user on the computer and login as that new user account you will be able to better assess and remove the issue.  I know that my infected profile ran incredibly slow with multiple dllhost.exe files running simultaneously and using 100% of CPU and Memory.  Malwarebytes was blocking the site access by the program but I could not find anything conspicuous enough to remove but also could not "see" the infection.  Right now I am logged in with a different user and am not experiencing the problem.  I have currently installed Kaspersky and I am waiting for results after it finishes updating. 

 

The secondary account that I am using existed before the infection.  So if the virus infected the default user profile then any new accounts might be infected also. 

 

I believe that the vector of attack for me was through a java based advertisement.

 

Yet another good reason to use your computer logged in as a standard user and not as a local administrator. 

 

I will report more of my results later. 

 

- David



#10 Permanentrain

Permanentrain
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:07 PM

Posted 13 September 2014 - 09:24 PM

i apologize i have been at work all day, where do i find the ESET logs at?



#11 Permanentrain

Permanentrain
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:07 PM

Posted 13 September 2014 - 09:33 PM

Thanks David for your input, i currently only have 1 user profile unfortunately :\



#12 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:07 PM

Posted 13 September 2014 - 09:38 PM

It should be in \Programs Files (x86)\Eset\Eset Online Scanner


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#13 Permanentrain

Permanentrain
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:07 PM

Posted 13 September 2014 - 10:05 PM

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=47d1de61379fdf449cb25287ca83a703
# engine=20133
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-09-13 04:09:27
# local_time=2014-09-12 09:09:27 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=6.2.9200 NT 
# compatibility_mode_1='McAfee Anti-Virus and Anti-Spyware'
# compatibility_mode=5124 16777214 100 97 0 96881183 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 0 66389679 0 0
# scanned=315366
# found=2
# cleaned=1
# scan_time=5719
sh=05E252BCF3B07DDF9AE92207A8AAE85287A89DA2 ft=1 fh=fbcd7ebe840617b2 vn="a variant of MSIL/Injector.FGN trojan" ac=I fn="C:\Windows\SysWOW64\cqvaupz.dll"
sh=05E252BCF3B07DDF9AE92207A8AAE85287A89DA2 ft=1 fh=fbcd7ebe840617b2 vn="a variant of MSIL/Injector.FGN trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Windows\System32\cqvaupz.dll"
ESETSmartInstaller@High as downloader log:
Can not open internet


#14 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:07 PM

Posted 13 September 2014 - 10:17 PM

Ok, Eset found 1 item and it has been removed.

 

What are the current issues?


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#15 Permanentrain

Permanentrain
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:07 PM

Posted 14 September 2014 - 08:15 AM

I am receiving internet explore error spams saying that is has stopped working even though i have not opened it i get anywhere from 5-10+ at a time also malwarebytes is spamming 3-5 different messages saying that it has blocked websites, in addition my google chrome will randomly open to a website called besthorrorgames,com, i came home from work and it had 10 of these open, a new thing that hasnt happened before happened this morning where it wont connect to internet and then it restarted its self saying that windows has run into an error, upon restarting it is connected to the internet again and still getting the for mentioned spams






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users