how do I remove a virus/spyware

[smootr9]

here is the eset scan log. I will also send you another log of what my av software found , quarantined but will not let me delete.

eset

C:\Documents and Settings\Rathe\Local Settings\Temporary Internet Files\Content.IE5\2VQNYT67\107ab7a72f6e8abaaac9416e63eb72aa0bab3015511[2].js   JS/Fraud.NAB trojan   cleaned by deleting - quarantined
C:\Documents and Settings\Rathe\Local Settings\Temporary Internet Files\Content.IE5\4713YEZX\www1.my-protection11[1].htm   HTML/TrojanDownloader.FraudLoad.NAC.Gen trojan   cleaned by deleting - quarantined
C:\Program Files\Max Spyware Detector\LiveUpdate.exe   a variant of Win32/MaxPCsecure application   cleaned by deleting - quarantined
C:\System Volume Information\_restore{6F62C496-5DBE-4FAD-817D-8EC78C190904}\RP9\A0005700.exe   a variant of Win32/MaxPCsecure application   cleaned by deleting - quarantined
C:\temp\spywaredetector.exe   a variant of Win32/MaxPCsecure application   deleted - quarantined

symantec log.

C:\Documents and Settings\Rathe\Local Settings\Temporary Internet Files\Content.IE5\2VQNYT67\107ab7a72f6e8abaaac9416e63eb72aa0bab3015511[2].js   JS/Fraud.NAB trojan   cleaned by deleting - quarantined
C:\Documents and Settings\Rathe\Local Settings\Temporary Internet Files\Content.IE5\4713YEZX\www1.my-protection11[1].htm   HTML/TrojanDownloader.FraudLoad.NAC.Gen trojan   cleaned by deleting - quarantined
C:\Program Files\Max Spyware Detector\LiveUpdate.exe   a variant of Win32/MaxPCsecure application   cleaned by deleting - quarantined
C:\System Volume Information\_restore{6F62C496-5DBE-4FAD-817D-8EC78C190904}\RP9\A0005700.exe   a variant of Win32/MaxPCsecure application   cleaned by deleting - quarantined
C:\temp\spywaredetector.exe   a variant of Win32/MaxPCsecure application   deleted - quarantined


Thanks again. Look forward to hearing any more suggestions.

[SuperDave]

Everything looks good. If there are no further issues, it's time for some cleanup.

* Click START then RUN - Vista users press the Windows Key and the R keys for the Run box.
* Now type commy /uninstall in the runbox
* Make sure there's a space between commy and /Uninstall
* Then hit Enter

* The above procedure will:
* Delete the following:
* ComboFix and its associated files and folders.
* Reset the clock settings.
* Hide file extensions, if required.
* Hide System/Hidden files, if required.
* Set a new, clean Restore Point.

*********************************
Download OTC by OldTimer and save it to your desktop.

1. Double-click OTC to run it.
2. Click the CleanUp! button.
3. Select Yes when the "Begin cleanup Process?" prompt appears.
4. If you are prompted to Reboot during the cleanup, select Yes
5. OTC should delete itself once it finishes, if not delete it yourself.

************************************
Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.

****************************************
Looking over your log it seems you don't have any evidence of a third party firewall.

Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors.

Remember only install ONE firewall

1) Comodo Personal Firewall (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one)
2) Online Armor
3) Agnitum Outpost
4) PC Tools Firewall Plus

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.
*************************************
Use the Secunia Software Inspector to check for out of date software.

•Click Start Now

•Check the box next to Enable thorough system inspection.

•Click Start

•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

[smootr9]

Dave,

Thanks for everything so far. I think everything is working better now. I do still have 1 problem and that is the system still won't allow me to install adobe reader. This is the error message.

Error 1402 could not open key.
hkey_local_machine\software\microsoft\windows\currentversion\run\optionalcomponents\imail.
verify that you have sufficient access to that key.

Please help.

Thanks again

[SuperDave]

Do you have Spyware Doctor or Spysweeper installed on your computer?

[smootr9]

yes both. Do I need to disable them?

[SuperDave]

Could you please disable both of them and try updating Adobe?

[smootr9]

tried that. I also tried the fix that adobe had listed on their site. Neither one of them worked. I am also getting a message that is telling me that flash player is not updated, although the install for that was successful and shows that it is running version 10x. I think there may still be some sort of virus or spyware messing things up. Nothing is showing up on any of the virus or anti spyware programs. Is it possible that they messed up the registry keys and they need to be fixed? I obviously don't know what to do here.

Thanks again for your help.

[SuperDave]

Ok. The first thing we will try is to remove all traces of Adobe from your computer and download and install a new version. Please let me know how it goes.

[smootr9]

still not working. I uninstalled everything from adobe I had on my cpu. I still get the same error message. Flash player reinstalled correctly but that was it.

Any other things I can try would be helpful.  I will be away until monday so take your time please.

Thanks again

[SuperDave]

Ok. Let's try this. Warning. Please do only what the instructions say. Do not delete or change anything.

1) Open the registry editor by selecting "Run" from the start menu and then typing in "regedit".

2) Browse through the registry for hkey_local_machine\software\microsoft\windows\currentversion\run\optionalcomponents\imail.

3) Right-Click on imail and choose "Permissions..." and tell me what the Security group or user names say.

[smootr9]

it says that everyone has full access.

I went through that from adobes site fixes.

anything else?

[SuperDave]

I will have to check with someone on this. Please be patient.

[evilfantasy]

Scan Suspicious File(s)

Please go to VirusTotal.com
(If more than one file needs scanned they must be done separately and logs posted for each one)

1. Copy the file path in the below Code box:

Code: [Select]

c:\winnt\system32\CheckDll.dll
2. At the upload site, click once inside the window next to Browse.
3. Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
4. Next click Send File
Your file will possibly be entered into a queue which normally takes less than a minute to clear.
This will perform a scan across multiple different virus scanning engines.
Important: Wait for all of the scanning engines to complete.
5. Copy and then Paste the link to the results in the next reply.

Important! If you get a page that says 'File has already been analysed' in the results then you will need to click the 'Show last report' button to get new scan results.

[smootr9]

here is the scan result.

File name: checkdll.dll
Submission date: 2010-09-17 12:22:46 (UTC)
Current status: finished
Result: 0 /43 (0.0%)
 VT Community

not reviewed
 Safety score: - 

Compact Print results
Antivirus Version Last Update Result
AhnLab-V3 2010.09.17.02 2010.09.17 -
AntiVir 8.2.4.52 2010.09.17 -
Antiy-AVL 2.0.3.7 2010.09.17 -
Authentium 5.2.0.5 2010.09.17 -
Avast 4.8.1351.0 2010.09.17 -
Avast5 5.0.594.0 2010.09.17 -
AVG 9.0.0.851 2010.09.17 -
BitDefender 7.2 2010.09.17 -
CAT-QuickHeal 11.00 2010.09.17 -
ClamAV 0.96.2.0-git 2010.09.17 -
Comodo 6109 2010.09.17 -
DrWeb 5.0.2.03300 2010.09.17 -
Emsisoft 5.0.0.37 2010.09.17 -
eSafe 7.0.17.0 2010.09.17 -
eTrust-Vet 36.1.7861 2010.09.17 -
F-Prot 4.6.1.107 2010.09.16 -
F-Secure 9.0.15370.0 2010.09.17 -
Fortinet 4.1.143.0 2010.09.17 -
GData 21 2010.09.17 -
Ikarus T3.1.1.88.0 2010.09.17 -
Jiangmin 13.0.900 2010.09.17 -
K7AntiVirus 9.63.2533 2010.09.16 -
Kaspersky 7.0.0.125 2010.09.17 -
McAfee 5.400.0.1158 2010.09.17 -
McAfee-GW-Edition 2010.1C 2010.09.17 -
Microsoft 1.6201 2010.09.17 -
NOD32 5457 2010.09.17 -
Norman 6.06.06 2010.09.17 -
nProtect 2010-09-17.01 2010.09.17 -
Panda 10.0.2.7 2010.09.17 -
PCTools 7.0.3.5 2010.09.17 -
Prevx 3.0 2010.09.17 -
Rising 22.65.04.01 2010.09.17 -
Sophos 4.57.0 2010.09.17 -
Sunbelt 6887 2010.09.17 -
SUPERAntiSpyware 4.40.0.1006 2010.09.17 -
Symantec 20101.1.1.7 2010.09.17 -
TheHacker 6.7.0.0.020 2010.09.17 -
TrendMicro 9.120.0.1004 2010.09.17 -
TrendMicro-HouseCall 9.120.0.1004 2010.09.17 -
VBA32 3.12.14.0 2010.09.17 -
ViRobot 2010.8.25.4006 2010.09.17 -
VirusBuster 12.65.10.0 2010.09.16 -
Additional informationShow all 
MD5   : 368a4d2c82d64f5db71246492881e843
SHA1  : 3f30ef2dde88644b82184a4e13fa383ee0f7fa9 0
SHA256: 67fa8e2a819960ed7d70fa1248bf6353609c64a b1e14c9707433be0c1ac61041
ssdeep: 24576:+0TjlA5ETBywpAm1RXKzmH/yI/nucBX4wHN/zsa:+0jlA5ENyYAyXKzmHJnu7A/z
File size : 1102336 bytes
First seen: 2010-09-17 12:22:46
Last seen : 2010-09-17 12:22:46
Magic: PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
TrID:
Windows OCX File (46.2%)
Win64 Executable Generic (32.0%)
Win32 Executable MS Visual C++ (generic) (14.1%)
Win32 Executable Generic (3.1%)
Win32 Dynamic Link Library (generic) (2.8%)
sigcheck:
publisher....: Max Secure Software
copyright....: (c) Max Secure Software 2009. All rights reserved.
product......: Max Secure Software
description..: Max Secure Software Check Dll
original name: CheckDll.Dll
internal name: CheckDll.Dll
file version.: 4, 0, 0, 10
comments.....: Component of Max Secure Software
signers......: -
signing date.: -
verified.....: Unsigned
 
PEiD: -
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x85EB0
timedatestamp....: 0x4C7CFB25 (Tue Aug 31 12:52:53 2010)
machinetype......: 0x14C (Intel I386)

[[ 5 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0xBBC2C, 0xBBE00, 6.51, 23c67c3fa3f210516a8b622a91f22d60
.rdata, 0xBD000, 0x2EFDA, 0x2F000, 4.87, d7c346a08dafb36a348ebb1cc2884785
.data, 0xEC000, 0x9248, 0x5000, 4.95, 3d83f93a0cadb9c452b8046d98e042ed
.rsrc, 0xF6000, 0x11258, 0x11400, 5.85, fbbf4b9c44c9ee75903525c5f49c3e10
.reloc, 0x108000, 0xBBE8, 0xBC00, 6.62, 607826c47dc10df0f484470b744248d8

[[ 14 import(s) ]]
advapi32.dll: LockServiceDatabase, ChangeServiceConfig2W, UnlockServiceDatabase, RegisterServiceCtrlHandlerW, SetServiceStatus, EqualSid, QueryServiceConfigW, DeleteService, QueryServiceStatus, StartServiceCtrlDispatcherW, IsValidSid, GetSidIdentifierAuthority, GetSidSubAuthorityCount, GetSidSubAuthority, GetTokenInformation, LookupAccountSidW, ImpersonateLoggedOnUser, CreateProcessAsUserW, RevertToSelf, RegEnumKeyW, RegGetKeySecurity, InitializeSecurityDescriptor, SetSecurityDescriptorDacl, RegSetKeySecurity, RegUnLoadKeyW, RegLoadKeyW, RegRestoreKeyW, RegSaveKeyW, RegOpenKeyW, RegEnumValueW, RegDeleteValueW, RegEnumKeyExW, RegCreateKeyW, RegQueryInfoKeyW, RegOpenKeyExW, RegQueryValueExW, LookupPrivilegeValueW, AdjustTokenPrivileges, OpenProcessToken, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, GetCurrentHwProfileW, StartServiceW, CreateServiceW, RegDeleteKeyW, RegCreateKeyExW, RegSetValueExW, RegCloseKey, OpenSCManagerW, OpenServiceW, ControlService, CloseServiceHandle, RegSetValueW, RegQueryValueW
comctl32.dll: _TrackMouseEvent
comdlg32.dll: GetFileTitleW
gdi32.dll: GetBkColor, StretchDIBits, CreateFontW, GetCharWidthW, GetTextMetricsW, GetTextExtentPoint32W, DPtoLP, PatBlt, GetMapMode, SetRectRgn, CreateRectRgnIndirect, CreateHatchBrush, ExtCreatePen, CreatePen, PlayMetaFile, EnumMetaFile, GetObjectType, SelectPalette, CreatePatternBrush, CreateDIBPatternBrushPt, ExtSelectClipRgn, PolyBezierTo, PolylineTo, PolyDraw, ArcTo, GetCurrentPositionEx, ScaleWindowExtEx, SetWindowExtEx, OffsetWindowOrgEx, SetWindowOrgEx, ScaleViewportExtEx, SetViewportExtEx, OffsetViewportOrgEx, SetViewportOrgEx, Escape, ExtTextOutW, TextOutW, RectVisible, PtVisible, StartDocW, GetWindowExtEx, GetViewportExtEx, SelectClipPath, GetClipRgn, SetColorAdjustment, SetArcDirection, SetMapperFlags, SetTextCharacterExtra, SetTextJustification, SetTextAlign, MoveToEx, LineTo, OffsetClipRgn, IntersectClipRect, ExcludeClipRect, SetMapMode, ModifyWorldTransform, SetWorldTransform, SetGraphicsMode, SetStretchBltMode, SetROP2, SetPolyFillMode, SetBkMode, RestoreDC, SaveDC, CreateBitmap, SetBkColor, SetTextColor, GetClipBox, GetDCOrgEx, CreateDCW, CopyMetaFileW, GetPixel, CreateRectRgn, CombineRgn, SelectClipRgn, StretchBlt, CreateCompatibleDC, CreateCompatibleBitmap, GetDeviceCaps, BitBlt, SelectObject, DeleteDC, DeleteObject, GetObjectW, CreateFontIndirectW, CreateRoundRectRgn, GetStockObject, CreateSolidBrush, PlayMetaFileRecord
kernel32.dll: GlobalAddAtomW, GetModuleHandleA, lstrcmpA, lstrlenA, GetStringTypeExW, GetThreadLocale, lstrcmpiW, LockFile, UnlockFile, SetEndOfFile, DuplicateHandle, GetFullPathNameW, GetShortPathNameW, GetFileAttributesExW, LocalFileTimeToFileTime, SystemTimeToFileTime, SetFileTime, GetFileSizeEx, GetFileTime, LeaveCriticalSection, TlsGetValue, EnterCriticalSection, GlobalReAlloc, GlobalHandle, InitializeCriticalSection, TlsAlloc, TlsSetValue, LocalReAlloc, DeleteCriticalSection, TlsFree, SetThreadPriority, ResumeThread, SetEvent, SuspendThread, CreateEventW, GlobalGetAtomNameW, GetAtomNameW, InterlockedIncrement, GlobalFlags, InterlockedExchange, CompareStringA, EnumResourceLanguagesW, ConvertDefaultLocale, GetCurrentThread, GetCurrentDirectoryW, RtlUnwind, GetSystemTimeAsFileTime, RaiseException, UnhandledExceptionFilter, GlobalFindAtomW, GetCommandLineA, SetEnvironmentVariableW, SetCurrentDirectoryW, HeapReAlloc, ExitThread, CreateThread, HeapSize, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, LCMapStringW, GetConsoleCP, GetConsoleMode, FatalAppExitA, GetTimeZoneInformation, GetTimeFormatA, GetDateFormatA, HeapCreate, HeapDestroy, GetStdHandle, GetModuleFileNameA, SetHandleCount, GetFileType, GetStartupInfoA, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, QueryPerformanceCounter, GetCurrentDirectoryA, SetCurrentDirectoryA, GetDriveTypeA, GetFullPathNameA, SetConsoleCtrlHandler, InitializeCriticalSectionAndSpinCount, LCMapStringA, GetStringTypeA, GetStringTypeW, GetUserDefaultLCID, GetLocaleInfoA, EnumSystemLocalesA, IsValidLocale, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, SetStdHandle, CreateFileA, SetEnvironmentVariableA, GlobalDeleteAtom, CompareStringW, LoadLibraryA, lstrcmpW, GetVersionExA, FindFirstFileW, FileTimeToLocalFileTime, FileTimeToSystemTime, FindNextFileW, FindClose, GlobalSize, UnmapViewOfFile, CreateFileMappingW, MapViewOfFile, SetVolumeLabelW, GetDiskFreeSpaceW, WideCharToMultiByte, VirtualProtect, VirtualFree, VirtualAlloc, FlushFileBuffers, SetFilePointer, HeapFree, GetProcessHeap, HeapAlloc, WritePrivateProfileStringW, MulDiv, FreeResource, GlobalLock, GlobalUnlock, GetTickCount, RemoveDirectoryW, SetLastError, CreateProcessW, WaitForSingleObject, GetFileSize, ReadFile, WriteFile, MoveFileExW, GetTempFileNameW, GlobalAlloc, GlobalFree, GetLocalTime, GetCurrentThreadId, GetCurrentProcessId, SetErrorMode, SetUnhandledExceptionFilter, GetDiskFreeSpaceExW, WinExec, Process32FirstW, Process32NextW, CreateToolhelp32Snapshot, ExitProcess, CreateRemoteThread, GetLongPathNameW, OpenProcess, TerminateProcess, GetModuleFileNameW, CreateFileW, DeviceIoControl, CloseHandle, FormatMessageW, LocalAlloc, LocalFree, InterlockedDecrement, GetCurrentProcess, GetEnvironmentVariableW, GetTempPathW, GetSystemDirectoryW, GlobalMemoryStatus, GetSystemDefaultLCID, GetLocaleInfoW, OutputDebugStringA, GetWindowsDirectoryW, GetVolumeInformationW, GetComputerNameW, GetVersionExW, GetSystemInfo, GetPrivateProfileIntW, GetPrivateProfileStringW, LoadLibraryW, FreeLibrary, GetLogicalDrives, GetDriveTypeW, SetFileAttributesW, Sleep, CopyFileW, GetFileAttributesW, GetLastError, LoadResource, LockResource, SizeofResource, FindResourceW, MultiByteToWideChar, GetModuleHandleW, GetProcAddress, lstrlenW, OutputDebugStringW, CreateDirectoryW, MoveFileW, DeleteFileW, IsDebuggerPresent
ole32.dll: OleDuplicateData, CoTreatAsClass, StringFromCLSID, CoTaskMemAlloc, ReleaseStgMedium, StringFromGUID2, ReadClassStg, ReadFmtUserTypeStg, OleRegGetUserType, WriteClassStg, WriteFmtUserTypeStg, SetConvertStg, CoTaskMemFree, CreateStreamOnHGlobal, CoInitializeEx, CoInitializeSecurity, CoCreateInstance, CoSetProxyBlanket, CoUninitialize, CLSIDFromString, CoDisconnectObject, CreateBindCtx
oleaut32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -
shell32.dll: SHAppBarMessage, DragQueryFileW, ShellExecuteW, SHGetPathFromIDListW, SHGetSpecialFolderLocation, ShellExecuteExW, ExtractIconW, SHGetFileInfoW, DragFinish
shfolder.dll: SHGetFolderPathW
shlwapi.dll: PathRemoveExtensionW, PathRemoveFileSpecW, PathFileExistsW, StrStrIW, PathIsDirectoryW, PathStripToRootW, PathIsUNCW, PathFindFileNameW, PathFindExtensionW
user32.dll: SetCapture, EnableWindow, GetSystemMetrics, LockWindowUpdate, GetDCEx, UnionRect, SetParent, GetSystemMenu, IsRectEmpty, MapVirtualKeyW, GetKeyNameTextW, KillTimer, SetTimer, UnpackDDElParam, ReuseDDElParam, GetMenuBarInfo, LoadAcceleratorsW, InsertMenuItemW, CreatePopupMenu, BringWindowToTop, TranslateAcceleratorW, DeleteMenu, ShowOwnedPopups, SetCursor, SetRectEmpty, DestroyIcon, IsIconic, wsprintfW, FindWindowExW, GetParent, GetNextDlgGroupItem, PostMessageW, ReleaseCapture, LoadImageW, GetCapture, GetCursorPos, WindowFromPoint, DrawEdge, OffsetRect, DrawFocusRect, GetWindowLongW, LoadStringW, FindWindowW, SystemParametersInfoW, CopyRect, FillRect, GetDC, ReleaseDC, SetRect, InvalidateRect, GetSysColor, GetProcessWindowStation, OpenWindowStationW, SetProcessWindowStation, CloseWindowStation, OpenDesktopW, CloseDesktop, ExitWindowsEx, EndDeferWindowPos, LoadBitmapW, IsZoomed, BeginDeferWindowPos, DeferWindowPos, SendMessageW, GetClientRect, SetWindowRgn, GetWindowRect, GetDesktopWindow, ClientToScreen, LoadIconW, PostQuitMessage, DestroyMenu, GetMenuItemInfoW, GetDialogBaseUnits, LoadCursorW, GetSysColorBrush, UnregisterClassW, GetMessageW, OemToCharBuffA, CharToOemBuffA, RemoveMenu, GetSubMenu, GetMenuItemCount, InsertMenuW, GetMenuItemID, AppendMenuW, GetMenuStringW, GetMenuState, EndDialog, GetNextDlgTabItem, IsWindowEnabled, GetDlgItem, IsWindow, DestroyWindow, CreateDialogIndirectParamW, SetActiveWindow, GetActiveWindow, GetWindow, GetWindowPlacement, MessageBoxW, SystemParametersInfoA, IntersectRect, SetWindowPos, SetWindowLongW, GetMenu, PtInRect, CallWindowProcW, DefWindowProcW, GetDlgCtrlID, SetWindowPlacement, SetScrollInfo, GetScrollInfo, EqualRect, ScreenToClient, AdjustWindowRectEx, RegisterClassW, GetClassInfoW, GetClassInfoExW, CreateWindowExW, UpdateWindow, IsWindowVisible, ShowScrollBar, SetForegroundWindow, GetScrollPos, SetScrollPos, GetScrollRange, SetScrollRange, SetMenu, GetKeyState, TrackPopupMenu, TrackPopupMenuEx, ScrollWindow, MapWindowPoints, PeekMessageW, GetMessagePos, GetMessageTime, UnhookWindowsHookEx, GetTopWindow, DispatchMessageW, GetLastActivePopup, GetForegroundWindow, GetWindowTextW, GetWindowTextLengthW, SetFocus, GetFocus, RemovePropW, GetPropW, SetPropW, GetClassNameW, GetClassLongW, CallNextHookEx, SetWindowsHookExW, IsChild, WinHelpW, SendDlgItemMessageA, SendDlgItemMessageW, RegisterWindowMessageW, CheckMenuItem, EnableMenuItem, ModifyMenuW, GetMenuCheckMarkDimensions, SetMenuItemBitmaps, CheckDlgButton, CheckRadioButton, GetDlgItemInt, GetDlgItemTextW, SetDlgItemInt, SetDlgItemTextW, IsDlgButtonChecked, IsDialogMessageW, SetWindowTextW, MoveWindow, ShowWindow, ScrollWindowEx, TabbedTextOutW, DrawTextW, DrawTextExW, GrayStringW, GetWindowDC, BeginPaint, EndPaint, GetWindowThreadProcessId, LoadMenuW, InflateRect, CharUpperW, ValidateRect, TranslateMessage
winspool.drv: DocumentPropertiesW, OpenPrinterW, ClosePrinter
wintrust.dll: WinVerifyTrust
ws2_32.dll: -, -, -, -, -

[[ 20 export(s) ]]
CheckFor64OS, CloseAll, CopyAndCryptFileDB, CreateWow6432NodeKey, DLLCloseFunction, DLLFunction, DeleteOldSetupFiles, DeleteWow6432bitNodeKey, DisplayLiveUpdateMessage, EncryptDB, EncryptFullDB, InstallActMonDriver, InstallDriver, InstallService, RestartMachine, RestartMachineWithPopUp, ShellExecuteAppWithParam, StartDriver, StopService, UpdateFICDB
 
Symantec reputation:Suspicious.Insight

[SuperDave]

Re-run MBAM:

Code:
Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan. Remove selected, and post the log in your next reply..