Laflurla adware not yielding to Spybot

[Brucezibung]

The txt file is listed below:
swMBR version 1.0.1.2201 Copyright(c) 2014 AVAST Software
Run date: 2014-11-12 22:37:00
-----------------------------
22:37:00.997 OS Version: Windows x64 6.1.7601 Service Pack 1
22:37:00.997 Number of processors: 4 586 0x2505
22:37:00.997 ComputerName: DEBORAH-PC UserName: Bruce
22:37:02.447 Initialize success
22:37:02.744 VM: initialized successfully
22:37:02.744 VM: Intel CPU supported
22:37:16.120 VM: not used
22:37:42.345 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:37:42.361 Disk 0 Vendor: TOSHIBA_ GH01 Size: 305245MB BusType: 3
22:37:42.501 Disk 0 MBR read successfully
22:37:42.501 Disk 0 MBR scan
22:37:42.501 Disk 0 Windows VISTA default MBR code
22:37:42.517 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
22:37:42.517 Disk 0 default boot code
22:37:42.548 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 294480 MB offset 3074048
22:37:42.564 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 9264 MB offset 606169088
22:37:42.704 Disk 0 scanning C:\windows\system32\drivers
22:37:50.395 Service scanning
22:37:54.389 Service BHDrvx64 C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.1.3\Definitions\BASHDefs\20141107.001_cbf\BHDrvx64.sys **LOCKED** 5
22:37:55.715 Service ccSet_NIS C:\windows\system32\drivers\NISx64\1506000.020\ccSetx64.sys **LOCKED** 5
22:38:03.484 Service IDSVia64 C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.1.3\Definitions\IPSDefs\20141112.001\IDSvia64.sys **LOCKED** 5
22:38:09.802 Service NAVENG C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.1.3\Definitions\VirusDefs\20141112.002\ENG64.SYS **LOCKED** 5
22:38:10.004 Service NAVEX15 C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.1.3\Definitions\VirusDefs\20141112.002\EX64.SYS **LOCKED** 5
22:38:19.583 Service SRTSPX C:\windows\system32\drivers\NISx64\1506000.020\SRTSPX64.SYS **LOCKED** 5
22:38:20.690 Service SymDS C:\windows\system32\drivers\NISx64\1506000.020\SYMDS64.SYS **LOCKED** 5
22:38:20.987 Service SymEvent C:\windows\system32\Drivers\SYMEVENT64x86.SYS **LOCKED** 5
22:38:21.143 Service SymIRON C:\windows\system32\drivers\NISx64\1506000.020\Ironx64.SYS **LOCKED** 5
22:38:21.299 Service SymNetS C:\windows\System32\Drivers\NISx64\1506000.020\SYMNETS.SYS **LOCKED** 5
22:38:30.175 Modules scanning
22:38:30.191 Disk 0 trace - called modules:
22:38:30.284 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
22:38:30.300 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80033bf060]
22:38:30.300 3 CLASSPNP.SYS[fffff8800119543f] -> nt!IofCallDriver -> [0xfffffa800313b310]
22:38:30.316 5 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8003141050]
22:38:30.331 Disk 0 statistics 90788/0/0 @ 5.96 MB/s
22:38:30.331 Scan finished successfully
22:39:22.966 Disk 0 MBR has been saved successfully to "C:\Users\Bruce\Documents\computer repair\MBR.dat"
22:39:22.966 The log file has been saved successfully to "C:\Users\Bruce\Documents\computer repair\aswMBR.txt"

Additionally, Farbar is being blocked by Norton Internet Security

[Dakeyras]

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post the appropriate logs in the Malware Removal forum and wait for help.

Hi and welcome to Safer Networking.

I'm Dakeyras and I am going to try to assist you with your problem. Please take note of the below:

• I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
• The fixes are specific to your problem and should only be used for this issue on this machine!
• The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
• If you don't know, stop and ask! Don't keep going on.
• Please reply to this thread. Do not start a new topic.
• Refrain from running self fixes as this will hinder the malware removal process.
• It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
• Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

Before we start:

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Next:

I have read all of your prior posts and from this time forward anything I advise to be downloaded please actually save it to the desktop rather than this location you have been using:-

computer repair

In the Documents folder. Reason being it is prudent to run specific tools from the desktop and when the time I give the all clear I employ a methodology to remove all used during the course of a malware removal process and if not on the desktop will have to be manually removed etc.

Now with regard to this you mentioned:

Farbar is being blocked by Norton Internet Security

This is merely the security software being somewhat over zealous and what is known as a false positive detection. So disable the aforementioned for the time being, how to do so can be read here.

Then after completion of the below re-enable etc.

Next:

For some reason your machine appears to have a Vista master boot record rather than a Windows 7 one. Possibly you updated the Operating System and or the manufacturer shipped it with such, however to err on the side of caution I would like to check this out.

There is a copy of the mbr located here:-

C:\Users\Bruce\Documents\computer repair\MBR.dat

Send this to a Zip file, if not sure how to do so instructions can be viewed here. Then attach the aforementioned Zip file in your next reply please.

Scan with Farbar Recovery Scan Tool:

Please download and save Farbar Recovery Scan Tool 64-Bit to your Desktop.

• Right-click on FRST.exe and select Run as Administrator to start FRST.
• Under Optional Scan ensure both Drivers MD5 and Addition.txt are selected.
• Now click on the Scan button/radio tab >> at the Scan completed prompt click on OK
• At the next prompt denoting Addition.txt is saved in the same location FRST tool is run >> click on OK
• There will now be two logs on your desktop, Addition.txt and FRST.txt. Post the contents of both in your next reply.

Next:

When completed the above, please post back the following in the order asked for:

• How is your computer performing now, any further symptoms and or problems encountered ?
• MBR Zip File.
• Both FRST logs. <-- Post them individually please, IE: one Log per post/reply.

[Brucezibung]

there seems to be no interference from the adware at this time.
When running the FRST.exe I receive an error message that states as follows:

Line 10220(File"C:Users\Bruce\Desktop\FRST.exe")
Error: Variable being used without being declared
Thank you for your help thus far
BRZ

[Dakeyras]

Hi.

When running the FRST.exe I receive an error message that states as follows:

Is this actually occurring when Norton Internet Security is disabled ?

[Brucezibung]

the MBR zip file is attached
thanks

[Brucezibung]

[One of the FRST zip files is attached

[Brucezibung]

Hi.


Is this actually occurring when Norton Internet Security is disabled ?

Yes- Itried again with Norton smart firewall and antivirus auto protect disabled and I receive the same error message

[Dakeyras]

Hi.

Yes- Itried again with Norton smart firewall and antivirus auto protect disabled and I receive the same error message

Acknowledged, I'll ask the developer about this. In the meantime carry out the below for myself please as follows...

Scan with OTL:

Please download OTL and save it to your Desktop.

Alternate downloads are here and here.

• Right-click on OTL.exe and select Run as Administrator to start OTL.
• Ensure Include 64bit Scans is selected.
• Under Output, ensure that Standard Output is selected.
• Under Extra Registry section, select Use SafeList.
• Click the Scan All Users checkbox.
• Under the Custom Scan/Fixes box cut & paste this in:-

netsvcs
baseservices
%systemdrive%\*.exe
C:\program files (x86)\Google\Desktop
C:\program files\Google\Desktop
dir "%systemdrive%\*" /S /A:L /C
CreateRestorePoint

• Now click on Run Scan at the top left hand corner.
• When done, two Notepad files will open.
  
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
• Please post the contents of these two Notepad files in your next reply.

[Dakeyras]

Hi.

Please ignore my prior post and run a scan again with the Scan with Farbar Recovery Scan Tool per post #2. Farbar Recovery Scan Tool should auto update itself when you launch it before the actual scan commences etc.

[Brucezibung]

I have attached the zip files as requested. I also attached the OTL zip in the event that it might be useful as well.
Thank you for your continued assistance.
BRZ