Sign in to follow this  
ironmask

Need help removing Heur.HTML.MalFrame (v)

Recommended Posts

Hi, I found Heur.HTML.MalFrame (v) Trojan on my computer after running Ad-Aware and have it under Quarantine but it seems to come back every few days or so. I have found the "trace" when i double clicked on the trojan file in Quarantine and this is what it said:

 

C:\Program Files (x86)\Ad-Aware Antivirus\Definitions\BOOT\SBS_VE_REMD_20140101155958.172_ 6

C:\Program Files (x86)\Ad-Aware Antivirus\Definitions\BOOT\SBS_VE_REMD_20140101160047.281_ 8

 

 

Here is the DDS log of it. I would appreciate it if you could help me with this problem.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428 BrowserJavaVersion: 10.51.2
Run by Stephen at 12:29:18 on 2014-02-10
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4095.1770 [GMT -5:00]
.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Lavasoft Ad-Aware *Enabled/Updated* {445B48C3-0FA4-6B16-8F07-6506F305D800}
SP: Lavasoft Ad-Aware *Enabled/Updated* {FF3AA927-299E-6498-B5B7-5E74888292BD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: Lavasoft Ad-Aware *Disabled* {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2014\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\system32\HPSIsvc.exe
C:\Users\Stephen\AppData\Roaming\Mikogo 4\M4-Service.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Online Games Manager\ogmservice.exe
C:\Users\Stephen\AppData\Roaming\Mikogo 4\M4-Capture.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\BlueStacks\HD-Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
C:\Program Files (x86)\BlueStacks\HD-Network.exe
C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe
C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\CORE-STATIC\CCC.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\PROGRA~2\AD-AWA~1\AdAware.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - <orphaned>
uURLSearchHooks: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
mURLSearchHooks: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - <orphaned>
mWinlogon: Userinit = C:\Windows\SysWOW64\userinit.exe,
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - LocalServer32 - <no file>
BHO: {6C8DB2EC-499B-4897-A784-0E3186C97E9D} - <orphaned>
BHO: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [Google Update] "C:\Users\Stephen\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
dRun: [Exetender] "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - D:\MICROS~1\Office12\EXCEL.EXE/3000
IE: ??????? - <no file>
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{40EEAB49-059D-4316-8AF0-2DDEE6EBC009} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{40EEAB49-059D-4316-8AF0-2DDEE6EBC009}\357484D294734373D40293937333 : DHCPNameServer = 192.168.43.1
TCP: Interfaces\{40EEAB49-059D-4316-8AF0-2DDEE6EBC009}\4505D2C494E4B4F5445344238303 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{40EEAB49-059D-4316-8AF0-2DDEE6EBC009}\54D6562716C64644F6C6078696E6D27657563747 : DHCPNameServer = 192.168.33.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
IFEO: taskmgr.exe - ""
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - LocalServer32 - <no file>
x64-BHO: {6C8DB2EC-499B-4897-A784-0E3186C97E9D} - <orphaned>
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-IFEO: taskmgr.exe - ""
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Stephen\AppData\Roaming\Mozilla\Firefox\Profiles\3d8boyh5.default\
FF - prefs.js: browser.search.selectedEngine - VisualBee V.1 Customized Web Search
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Users\Stephen\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Users\Stephen\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-10-24 194872]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-10-31 294712]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-10-1 123704]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-9-10 31544]
R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2013-11-5 150808]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-11-4 240920]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-10-31 212280]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-8-1 251192]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2011-9-6 270912]
R1 SBRE;SBRE;C:\Windows\System32\drivers\sbredrv.sys [2011-8-8 57976]
R2 Ad-Aware Service;Ad-Aware Service;C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-9-20 1236368]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-11-9 204288]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-11-9 361984]
R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2011-6-24 55424]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2013-11-11 3478544]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2013-9-24 348008]
R2 BstHdAndroidSvc;BlueStacks Android Service;C:\Program Files (x86)\BlueStacks\HD-Service.exe [2013-8-7 393032]
R2 BstHdDrv;BlueStacks Hypervisor;C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2013-8-7 70984]
R2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [2013-8-7 384840]
R2 cpuz135;cpuz135;C:\Windows\System32\drivers\cpuz135_x64.sys [2011-8-13 21992]
R2 HP LaserJet Service;HP LaserJet Service;C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [2009-6-24 136704]
R2 HPSIService;HP SI Service;C:\Windows\System32\HPSIsvc.exe [2011-5-10 126520]
R2 M4-Service;M4-Service;C:\Users\Stephen\AppData\Roaming\Mikogo 4\M4-Service.exe [2011-8-4 1003888]
R2 ogmservice;Online Games Manager;C:\Program Files (x86)\Online Games Manager\ogmservice.exe [2013-8-8 559552]
R2 postgresql-8.4;postgresql-8.4 - PostgreSQL Server 8.4;C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N "postgresql-8.4" -D "C:/Program Files (x86)/PostgreSQL/8.4/data" -w --> C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 [?]
R2 SBAMSvc;Ad-Aware;C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2011-12-19 3289032]
R2 sbapifs;sbapifs;C:\Windows\System32\drivers\sbapifs.sys [2011-11-29 74872]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-10-9 3275136]
R2 X5XSEx_Pr143;X5XSEx_Pr143;C:\Program Files (x86)\Free Ride Games\X5XSEx_Pr143.sys [2013-6-10 56136]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2011-8-8 46136]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-10-17 93712]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 QQPMSRV;QQ Phone Manager Service;C:\Program Files (x86)\Tencent\QQPhoneManager\QQPMSRV.exe --> C:\Program Files (x86)\Tencent\QQPhoneManager\QQPMSRV.exe [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-10 111616]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2011-8-12 20992]
S3 sbhips;sbhips;C:\Windows\System32\drivers\sbhips.sys [2012-9-1 60536]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-8-12 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-8-9 1255736]
.
=============== Created Last 30 ================
.
2014-02-09 18:53:25 -------- d-----w- C:\Users\Stephen\AppData\Local\AcePatrol2
2014-02-09 05:50:08 -------- d-----w- C:\Users\Stephen\AppData\Local\AcePatrol
2014-02-09 05:50:05 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
2014-02-09 05:50:05 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2014-02-09 05:50:05 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
2014-02-09 05:50:05 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2014-02-09 05:50:05 -------- d-----w- C:\Program Files (x86)\OpenAL
2014-02-06 18:09:32 -------- d-----w- C:\Windows\C0E8FE43C35B451DB35FD4BD056D70E7.TMP
2014-01-28 19:38:29 -------- d-----w- C:\Users\Stephen\PARTYPOKERPokerDir
2014-01-18 19:32:18 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-01-16 05:54:02 -------- d-----w- C:\Users\Stephen\AppData\Roaming\Bitcoin
2014-01-15 16:47:19 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2014-01-15 16:47:19 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2014-01-15 16:47:18 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2014-01-15 16:47:17 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2014-01-15 16:47:17 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2014-01-15 16:47:17 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2014-01-15 16:47:16 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2014-01-15 16:47:13 3156480 ----a-w- C:\Windows\System32\win32k.sys
2014-01-15 16:47:11 376768 ----a-w- C:\Windows\System32\drivers\netio.sys
2014-01-13 02:19:03 -------- d-----w- C:\Users\Stephen\AppData\Local\WarThunder
2014-01-13 02:19:03 -------- d-----w- C:\ProgramData\WarThunder
.
==================== Find3M ====================
.
2014-02-05 03:04:29 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-05 03:04:29 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-12-25 05:56:10 290776 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2013-12-25 05:56:10 290776 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2013-12-25 05:38:43 281288 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2013-12-25 05:34:31 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2013-12-08 08:04:59 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2013-12-08 08:04:59 48128 ----a-w- C:\Windows\System32\imgutil.dll
2013-11-26 10:19:07 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2013-11-26 10:18:23 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07 66048 ----a-w- C:\Windows\System32\iesetup.dll
2013-11-26 09:46:25 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-11-26 09:18:09 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2013-11-26 09:16:57 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2013-11-26 08:35:02 5769216 ----a-w- C:\Windows\System32\jscript9.dll
2013-11-26 08:28:16 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12 4243968 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-11-26 08:02:16 1995264 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-11-26 07:32:06 1928192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57 2334208 ----a-w- C:\Windows\System32\wininet.dll
2013-11-26 06:33:33 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
.
============= FINISH: 12:30:52.10 ===============

 

Share this post


Link to post
Share on other sites

Hi ironmask,

 

I can't see anything malicious in the DDS log.

 

I'll ask my contact person at Lavasoft for more information about Heur.HTML.MalFrame (v) Trojan and the trace locations:

C:\Program Files (x86)\Ad-Aware Antivirus\Definitions\BOOT\SBS_VE_REMD_20140101155958.172_ 6

C:\Program Files (x86)\Ad-Aware Antivirus\Definitions\BOOT\SBS_VE_REMD_20140101160047.281_ 8

Share this post


Link to post
Share on other sites

Hi again,

 

Lavasoft would like to investigate the quarantined files.

 

To see all files you have to select to show hidden files, see http://www.bleepingcomputer.com/tutorials/tutorial62.html for a description.

 

Find the folder C:\ProgramData\Lavasoft\AntiMalware.

Right-click the folder name and select Send to - Compressed folder.

A new zip file, called AntiMalware.zip, will be created.

 

 

Here in the forum, start to write a reply.

 

Click on the More Reply Options button.

 

Click on Browse.

Find the AntiMalware.zip file.

Click on Open.

Click on Attach This File.

 

Enter everything else you want to have in your answer.

 

Click on Add Reply.

Share this post


Link to post
Share on other sites

First i right clicked on folder name and selected "Send to - Compressed folder", but computer said it cannot create the compressed file in C drive but would i like to send to desktop. So i tried to create the compressed file on the desktop but it said it cannot compress the file because there were characters in the file in use that can't be used in a compressed file. It said i should rename the file or directory. Should i just rename the file then?

Share this post


Link to post
Share on other sites

Good idea to create the compressed folder on desktop :)

 

Not seen anyone with that error message before. I think it's probably some characters in the AntiMalware folder, and you can't change that. Try to create a compressed folder of C:\ProgramData\Lavasoft\AntiMalware\Quarantine instead. That should be the most important folder.

Share this post


Link to post
Share on other sites

I realized i accidentally tried to compress the entire Programdata file and not the C:\ProgramData\Lavasoft\AntiMalware file. I have attached the file as you requested. I also noticed that i had 5 G of space on my C drive yesterday but now i only have 1.19 GB of space. Could the trojan be adding new files in my C drive without me knowing?

AntiMalware.zip

Share this post


Link to post
Share on other sites

The detections are false positives and Lavasoft will change the definitions to not detect them.

 

The files aren't detected by Ad-Aware 11 and I suggest that you upgrade from version 10 to 11.

Share this post


Link to post
Share on other sites

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

 

If you're the topic starter, and need this topic reopened, please contact the staff member who was helping you with your issue.

 

Everyone else please begin a New Topic.

 

Thank you !

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this