Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple explorer.exe, One uses all system memory


  • Please log in to reply
9 replies to this topic

#1 Megacraig

Megacraig

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:39 PM

Posted 25 November 2014 - 02:23 PM

Hi, I have to start by saying i work at a small business and our IT is the guy down the street that "knows computers" so if its possible downloading as few programs as possible the better. I am fairly certain there is a trojan on the computer, right now it will start explorer and run with almost all my computers memory which has now caused it too crash a few times. I have checked the registry for the common places keys have been for the same problem and made sure that explorer.exe path is only in the windows root folder. I used Tsdkiller, Malwarebytes, Avast, and AVG to scan and they all found no threats. The explorer.exe process that starts and uses all the memory has the same image path as the real one the command line is different slightly with capitalization though. Right now I just constantly watch process explorer on one screen to kill explorer when it pops up. Is there any way to find out what is starting and using explorer.exe? Please help me out, thanks.

 

 

EDIT: I don't know if it means anything but after I restarted I opened up process explorer before the explorer and when explorer came up it had ctfmon.exe in its file tree below it.


Edited by Megacraig, 25 November 2014 - 03:22 PM.


BC AdBot (Login to Remove)

 


#2 Megacraig

Megacraig
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:39 PM

Posted 26 November 2014 - 01:07 PM

I added a block to windows firewall and that limits the new explorer process to 11,000 K so at least now it doesn't crash and have ran about every scan that I have found on this site all of them coming up clean



#3 Guest_LighthouseParty_*

Guest_LighthouseParty_*

  • Guests
  • OFFLINE
  •  

Posted 02 December 2014 - 11:41 AM

Hello there    :welcome:

 

I'm LighthouseParty and I'll be assisting you with your concern today. Let's run a couple of scans to see what could be causing this.
 

:step1: Download MiniToolBox

  1. Click here to download MiniToolBox to your desktop.
  2. Double click MiniToolBox.
  3. Select the following and then press go.
  4. Post the log in your next reply.

Flush DNS

Reset IE Proxy Settings

Reset FF Proxy Settings

List Installed Programs

List Restore Points

 

:step2: Install and run a scan with Malwarebytes Anti-Malware
  1. Click here to download Malwarebytes to your desktop.
  2. Double click mbam-setup-x.x.x.xxxx and follow the on-screen instructions.
  3. On the dashboard, click update now.
  4. After that, click scan now - the scan will now begin.
  5. When the scan's completed, select apply actions - make sure the action is quarantine.
  6. Restart your computer.

How to get the log.

  1. On the dashboard, select the history tab and click application logs.
  2. Select the log which has the time and date of when you did the scan.
  3. Click copy to clipboard and paste it into your reply.

:step3: Download Security Check

  1. Click here to download Security Check to your desktop.
  2. Double click SecurityCheck and follow the on-screen instructions.
  3. A log should open, called checkup.txt.
  4. Please post the contents of it in your next reply.

Thanks and good luck!



#4 Megacraig

Megacraig
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 03 December 2014 - 01:00 PM

Hey, thanks for the reply here they are.

 

MiniToolBox

 

MiniToolBox by Farbar  Version: 30-11-2014
Ran by Engineering (administrator) on 03-12-2014 at 09:38:11
Running from "C:\Users\Engineering\Desktop\New folder (2)"
Microsoft Windows 7 Professional  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

 

=========================== Installed Programs ============================
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
AMD APP SDK Runtime (Version: 2.4.595.9 - Advanced Micro Devices Inc.) Hidden
AMD Drag and Drop Transcoding (Version: 2.00.0000 - ATI Technologies Inc.) Hidden
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.10.0.0 - Asmedia Technology)
ATI AVIVO64 Codecs (Version: 11.6.0.10520 - ATI Technologies Inc.) Hidden
ATI Catalyst Install Manager (HKLM\...\{8039910D-9786-AB3D-8FD4-EDD2B6EE6B79}) (Version: 3.0.816.0 - ATI Technologies, Inc.)
AutoCAD 2013 - English (HKLM\...\AutoCAD 2013 - English) (Version: 19.0.55.0 - Autodesk)
AutoCAD 2013 - English (Version: 19.0.55.0 - Autodesk) Hidden
AutoCAD 2013 Language Pack - English (Version: 19.0.55.0 - Autodesk) Hidden
Autodesk Content Service (HKLM-x32\...\Autodesk Content Service) (Version: 3.0.84.0 - Autodesk)
Autodesk Content Service (x32 Version: 3.0.84.0 - Autodesk) Hidden
Autodesk Content Service Language Pack (x32 Version: 3.0.84.0 - Autodesk) Hidden
Autodesk Inventor 2013 (Version: 17.0.13800.0000 - Autodesk) Hidden
Autodesk Inventor 2013 English (HKLM\...\Autodesk Inventor 2013) (Version: 17.0.13800.0000 - Autodesk)
Autodesk Inventor 2013 English Language Pack (Version: 17.0.13800.0000 - Autodesk) Hidden
Autodesk Inventor 2013 Quick Uninstaller (HKLM\...\{D25FF5C1-1764-469A-9794-69309387C193}) (Version: 17.0.13800.0000 - Autodesk)
Autodesk Inventor Content Center Libraries 2013 (Desktop Content) (HKLM\...\{B46DECD1-1764-4EF1-0000-22D71E81877C}) (Version: 17.0.13800.0000 - Autodesk)
Autodesk Inventor Fusion 2013 (HKLM\...\Autodesk Inventor Fusion 2013) (Version: 2.0.0.206 - Autodesk, Inc.)
Autodesk Inventor Fusion 2013 (Version: 2.0.0.206 - Autodesk, Inc.) Hidden
Autodesk Inventor Fusion for Inventor 2013 Add-in (HKLM\...\{08BCFE15-8AA1-4A58-B018-4FEF486BA922}) (Version: 1.0.0.111 - Autodesk)
Autodesk Inventor Fusion plug-in for AutoCAD 2013 (HKLM\...\Autodesk Inventor Fusion plug-in for AutoCAD 2013) (Version: 0.2.0.230 - Autodesk)
Autodesk Inventor Fusion plug-in for AutoCAD 2013 (Version: 0.2.0.230 - Autodesk) Hidden
Autodesk Inventor Fusion plug-in language pack for AutoCAD 2013 (Version: 0.2.0.230 - Autodesk) Hidden
Autodesk Material Library 2013 (HKLM-x32\...\{117EBEEB-5DB0-43C8-9FD6-DD583DB152DD}) (Version: 3.0.13 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2013 (HKLM-x32\...\{606E12B9-641F-4644-A22A-FF38AE980AFD}) (Version: 3.0.13 - Autodesk)
Autodesk Material Library Low Resolution Image Library 2013 (HKLM-x32\...\{27C6C0A2-2EC9-4FEA-BE2B-659EAAC2C68C}) (Version: 3.0.13 - Autodesk)
Autodesk Sync (HKLM\...\{EE5F74BC-5CD5-4EF2-86BA-81E6CF46A18F}) (Version: 3.5.24.0 - Autodesk, Inc.)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5577 - AVG Technologies)
AVG 2015 (Version: 15.0.4235 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5577 - AVG Technologies) Hidden
Brother MFL-Pro Suite MFC-J6710DW (HKLM-x32\...\{17795164-3BC1-4D4F-8ADA-65C895EBFC9A}) (Version: 2.0.0.0 - Brother Industries, Ltd.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center (x32 Version: 2011.0520.1542.26324 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0321.2249.39096 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0520.1542.26324 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.0321.2249.39096 - ATI Technologies, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.0520.1534.26032 - ATI Technologies, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.0520.1542.26324 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.0321.2249.39096 - ATI) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.0520.1542.26324 - ATI) Hidden
Catalyst Control Center Profiles Desktop (x32 Version: 2011.0520.1542.26324 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2011.0321.2248.39096 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2011.0520.1541.26324 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.0321.2248.39096 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.0520.1541.26324 - ATI) Hidden
CCC Help Czech (x32 Version: 2011.0321.2248.39096 - ATI) Hidden
CCC Help Czech (x32 Version: 2011.0520.1541.26324 - ATI) Hidden
CCC Help Danish (x32 Version: 2011.0321.2248.39096 - ATI) Hidden
CCC Help Danish (x32 Version: 2011.0520.1541.26324 - ATI) Hidden
CCC Help Dutch (x32 Version: 2011.0321.2248.39096 - ATI) Hidden
CCC Help Dutch (x32 Version: 2011.0520.1541.26324 - ATI) Hidden
CCC Help English (x32 Version: 2011.0321.2248.39096 - ATI) Hidden
CCC Help English (x32 Version: 2011.0520.1541.26324 - ATI) Hidden
CCC Help Finnish (x32 Version: 2011.0321.2248.39096 - ATI) Hidden
CCC Help Finnish (x32 Version: 2011.0520.1541.26324 - ATI) Hidden
CCC Help French (x32 Version: 2011.0321.2248.39096 - ATI) Hidden
CCC Help French (x32 Version: 2011.0520.1541.26324 - ATI) Hidden
CCC Help German (x32 Version: 2011.0321.2248.39096 - ATI) Hidden
CCC Help German (x32 Version: 2011.0520.1541.26324 - ATI) Hidden
CCC Help Greek (x32 Version: 2011.0321.2248.39096 - ATI) Hidden
CCC Help Greek (x32 Version: 2011.0520.1541.26324 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2011.0321.2248.39096 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2011.0520.1541.26324 - ATI) Hidden
CCC Help Italian (x32 Version: 2011.0321.2248.39096 - ATI) Hidden
CCC Help Italian (x32 Version: 2011.0520.1541.26324 - ATI) Hidden
CCC Help Japanese (x32 Version: 2011.0321.2248.39096 - ATI) Hidden
CCC Help Japanese (x32 Version: 2011.0520.1541.26324 - ATI) Hidden
CCC Help Korean (x32 Version: 2011.0321.2248.39096 - ATI) Hidden
CCC Help Korean (x32 Version: 2011.0520.1541.26324 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2011.0321.2248.39096 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2011.0520.1541.26324 - ATI) Hidden
CCC Help Polish (x32 Version: 2011.0321.2248.39096 - ATI) Hidden
CCC Help Polish (x32 Version: 2011.0520.1541.26324 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2011.0321.2248.39096 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2011.0520.1541.26324 - ATI) Hidden
CCC Help Russian (x32 Version: 2011.0321.2248.39096 - ATI) Hidden
CCC Help Russian (x32 Version: 2011.0520.1541.26324 - ATI) Hidden
CCC Help Spanish (x32 Version: 2011.0321.2248.39096 - ATI) Hidden
CCC Help Spanish (x32 Version: 2011.0520.1541.26324 - ATI) Hidden
CCC Help Swedish (x32 Version: 2011.0321.2248.39096 - ATI) Hidden
CCC Help Swedish (x32 Version: 2011.0520.1541.26324 - ATI) Hidden
CCC Help Thai (x32 Version: 2011.0321.2248.39096 - ATI) Hidden
CCC Help Thai (x32 Version: 2011.0520.1541.26324 - ATI) Hidden
CCC Help Turkish (x32 Version: 2011.0321.2248.39096 - ATI) Hidden
CCC Help Turkish (x32 Version: 2011.0520.1541.26324 - ATI) Hidden
ccc-utility64 (Version: 2011.0321.2249.39096 - ATI) Hidden
ccc-utility64 (Version: 2011.0520.1542.26324 - ATI) Hidden
DWG TrueView 2013 (HKLM\...\DWG TrueView 2013) (Version: 19.0.55.0 - Autodesk)
DWG TrueView 2013 (Version: 19.0.55.0 - Autodesk) Hidden
Eco Materials Adviser for Autodesk Inventor 2013 (HKLM\...\{792A9A32-718A-40D1-9867-A903F76AE2F8}) (Version: 3.9.12.0 - Granta Design Limited)
FARO LS 1.1.406.58 (HKLM-x32\...\{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}) (Version: 4.6.58.2 - FARO Scanner Production)
HydraVision (x32 Version: 4.2.188.0 - ATI Technologies Inc.) Hidden
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217065FF}) (Version: 7.0.650 - Oracle)
Java Auto Updater (x32 Version: 2.1.65.20 - Oracle, Inc.) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (Version: 2.3.188.0 - Microsoft Corporation) Hidden
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{91110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.45.516.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6251 - Realtek Semiconductor Corp.)
VBA (2627.01) (x32 Version: 6.03.00.9402 - Microsoft Corporation) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
========================= Restore Points ==================================

19-11-2014 23:59:45 Windows Update
21-11-2014 18:01:19 Restore Operation
24-11-2014 17:03:04 Windows Update
24-11-2014 19:33:13 Windows Update
24-11-2014 19:44:57 avast! antivirus system restore point
24-11-2014 21:53:30 avast! antivirus system restore point
26-11-2014 16:59:18 Removed AVG 2015
26-11-2014 17:00:41 Removed AVG 2015
26-11-2014 18:42:13 Installed AVG 2015
26-11-2014 18:42:30 Installed AVG 2015

**** End of log ****

 

 

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

 

 

Scan Date: 12/3/2014
Scan Time: 9:40:41 AM
Logfile: 12-3-2014.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2014.12.03.09
Rootkit Database: v2014.12.02.02
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Engineering

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 370892
Time Elapsed: 7 min, 21 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Warn

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

 

 

Security Check

 

 

 Results of screen317's Security Check version 0.99.91 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
AVG AntiVirus Free Edition 2015  
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 65 
 Java version 32-bit out of Date!
 Adobe Reader XI 
 Mozilla Firefox 31.0 Firefox out of Date! 
````````Process Check: objlist.exe by Laurent```````` 
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbam.exe 
 AVG avgwdsvc.exe
 Malwarebytes Anti-Malware mbamscheduler.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 



#5 Guest_LighthouseParty_*

Guest_LighthouseParty_*

  • Guests
  • OFFLINE
  •  

Posted 03 December 2014 - 04:11 PM

Hello there,

 

:step1: Please download JavaRa from here and once opened it, select 'remove JRE'. Your version of Firefox is currently outdated, click here for instructions on how to update it. 

 

:step2: Download and run AdwCleaner

  1. Click here to download AdwCleaner to your desktop.
  2. Double click adwcleaner_x.xxx.exe. If prompted, click I agree.
  3. Click scan. When it's finished, select clean.
  4. Allow AdwCleaner to restart your computer.
  5. Once you've restarted, a log should appear. Please post this in your next reply.

:step3: Download Junkware Removal Tool

  1. Click here to download Junkware Removal Tool to your desktop.
  2. Double click JRT.exe. (Win 7 and Vista users, right-click and select run as admin)
  3. Press any key and the scan will begin.
  4. At the end, a log will open. Please post this in your next reply.

Edited by LighthouseParty, 03 December 2014 - 04:12 PM.


#6 Megacraig

Megacraig
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:39 PM

Posted 03 December 2014 - 04:58 PM

Don't know if you wanted to see the JavaRa report but here it is just incase.

 

JavaRA

 

Exception encountered in module [JavaRa]
Message: Object reference not set to an instance of an object.
   at JavaRa.routines_registry.get_jre_uninstallers()

User initialised redundant data purge.
......................

Removed registry subkey: java.exe
Removed registry subkey: javaw.exe
Removed registry subkey tree: Java Update
Removed registry subkey: F60730A4A66673047777F5728467D401
Removed registry subkey tree: F60730A4A66673047777F5728467D401
Removed registry subkey: 6C5ADB75C34456D42B338232391207FF
Removed registry subkey: A5CCAAC40F5B69B47777ACF82566467C
Removed registry subkey tree: {5852F5EC-8BF4-11D4-A245-0080C6F74284}
Removed registry subkey: application/java-deployment-toolkit
Removed registry subkey: application/x-java-applet
Removed registry subkey: application/x-java-jnlp-file
Removed registry subkey tree: {5852F5E0-8BF4-11D4-A245-0080C6F74284}
Removed registry subkey: .jar
Removed registry subkey: .jnlp
Removed registry subkey tree: jarfile
Removed registry subkey tree: JavaWebStart.isInstalled
Removed registry subkey tree: JavaWebStart.isInstalled.1.7.0.0
Removed registry subkey tree: JNLPFile
Removed registry subkey: javaws.exe
Removed registry subkey: Browser Helper Objects
Removed registry subkey: 6C5ADB75C34456D42B338232391207FF
Removed registry subkey: A5CCAAC40F5B69B47777ACF82566467C
Removed registry subkey: 225FA5D4CDB0C57489E7F511C11D0182
Removed registry subkey: 225FC5D4ADB0C57489E7F511C11D0182
Removed registry subkey: 225FC5D4BDB0C57489E7F511C11D0182
Removed registry subkey: 225FC5D4CDB0C57489E7F511C11D0182
Removed registry subkey: 52AAFD69654C07446983ADA1256FC7A9
Removed registry subkey: AD9BB15F1AC776D49B768EDF5A02B896
Removed registry subkey: E1215CC4312C58A4A8F9D630115FB457
Removed registry subkey tree: F60730A4A66673047777F5728467D401
Exception encountered in module [JavaRa]
Message: Cannot delete a subkey tree because the subkey does not exist.
   at Microsoft.Win32.RegistryKey.DeleteSubKeyTreeInternal(String subkey)
   at Microsoft.Win32.RegistryKey.DeleteSubKeyTree(String subkey)
   at JavaRa.routines_registry.delete_key(String key)

Removed registry subkey: Oracle_JavaAccessBridge
Removal routine completed successfully. 31 items have been deleted.
User initialised redundant data purge.
......................

Exception encountered in module [JavaRa]
Message: Cannot delete a subkey tree because the subkey does not exist.
   at Microsoft.Win32.RegistryKey.DeleteSubKeyTreeInternal(String subkey)
   at Microsoft.Win32.RegistryKey.DeleteSubKeyTree(String subkey)
   at JavaRa.routines_registry.delete_key(String key)

Removed registry subkey: JavaSoft
Removal routine completed successfully. 32 items have been deleted.
User initialised redundant data purge.
......................

Exception encountered in module [JavaRa]
Message: Cannot delete a subkey tree because the subkey does not exist.
   at Microsoft.Win32.RegistryKey.DeleteSubKeyTreeInternal(String subkey)
   at Microsoft.Win32.RegistryKey.DeleteSubKeyTree(String subkey)
   at JavaRa.routines_registry.delete_key(String key)

Removal routine completed successfully. 32 items have been deleted.
User initialised redundant data purge.
......................

Exception encountered in module [JavaRa]
Message: Cannot delete a subkey tree because the subkey does not exist.
   at Microsoft.Win32.RegistryKey.DeleteSubKeyTreeInternal(String subkey)
   at Microsoft.Win32.RegistryKey.DeleteSubKeyTree(String subkey)
   at JavaRa.routines_registry.delete_key(String key)

Removal routine completed successfully. 32 items have been deleted.
User initialised redundant data purge.
......................

Exception encountered in module [JavaRa]
Message: Cannot delete a subkey tree because the subkey does not exist.
   at Microsoft.Win32.RegistryKey.DeleteSubKeyTreeInternal(String subkey)
   at Microsoft.Win32.RegistryKey.DeleteSubKeyTree(String subkey)
   at JavaRa.routines_registry.delete_key(String key)

Removal routine completed successfully. 32 items have been deleted.
Exception encountered in module [JavaRa]
Message: Object reference not set to an instance of an object.
   at JavaRa.routines_registry.get_jre_uninstallers()

User initialised redundant data purge.
......................

Exception encountered in module [JavaRa]
Message: Cannot delete a subkey tree because the subkey does not exist.
   at Microsoft.Win32.RegistryKey.DeleteSubKeyTreeInternal(String subkey)
   at Microsoft.Win32.RegistryKey.DeleteSubKeyTree(String subkey)
   at JavaRa.routines_registry.delete_key(String key)

Removal routine completed successfully. 0 items have been deleted.
Exception encountered in module [JavaRa]
Message: Object reference not set to an instance of an object.
   at JavaRa.routines_registry.get_jre_uninstallers()

 

 

AdwCleaner

 

# AdwCleaner v4.103 - Report created 03/12/2014 at 13:43:40
# Updated 01/12/2014 by Xplode
# Database : 2014-12-03.1 [Live]
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Engineering - CAD2-PC
# Running from : C:\Users\Engineering\Desktop\adwcleaner_4.103.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17420

-\\ Mozilla Firefox v32.0.3 (x86 en-US)

*************************

AdwCleaner[R2].txt - [789 octets] - [03/12/2014 13:37:54]
AdwCleaner[R3].txt - [690 octets] - [03/12/2014 13:43:40]
AdwCleaner[S1].txt - [849 octets] - [03/12/2014 13:40:11]

########## EOF - C:\AdwCleaner\AdwCleaner[R3].txt - [808 octets] ##########

 

 

Junkware Removal Tool

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 7 Professional x64
Ran by Engineering on Wed 12/03/2014 at 13:49:32.36
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

Successfully deleted: [File] C:\Windows\prefetch\TOOLBARUPDATER.EXE-678CD7F9.pf

 

~~~ Folders

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 12/03/2014 at 13:53:48.10
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#7 Guest_LighthouseParty_*

Guest_LighthouseParty_*

  • Guests
  • OFFLINE
  •  

Posted 04 December 2014 - 01:46 AM

How is the PC now?



#8 Megacraig

Megacraig
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 04 December 2014 - 11:21 AM

No change, second explorer still there and using memory



#9 Guest_LighthouseParty_*

Guest_LighthouseParty_*

  • Guests
  • OFFLINE
  •  

Posted 04 December 2014 - 11:33 AM

Let's check once more.

 

:step1: Download MiniToolBox

  1. Click here to download MiniToolBox to your desktop.
  2. Double click MiniToolBox.
  3. Select the following and then press go.
  4. Post the log in your next reply.

Flush DNS

Reset IE Proxy Settings

Reset FF Proxy Settings

List Installed Programs

List Restore Points

 

:step2: Install and run a scan with Malwarebytes Anti-Malware
  1. Click here to download Malwarebytes to your desktop.
  2. Double click mbam-setup-x.x.x.xxxx and follow the on-screen instructions.
  3. On the dashboard, click update now.
  4. After that, click scan now - the scan will now begin.
  5. When the scan's completed, select apply actions - make sure the action is quarantine.
  6. Restart your computer.

How to get the log.

  1. On the dashboard, select the history tab and click application logs.
  2. Select the log which has the time and date of when you did the scan.
  3. Click copy to clipboard and paste it into your reply.

:step3: Download Security Check

  1. Click here to download Security Check to your desktop.
  2. Double click SecurityCheck and follow the on-screen instructions.
  3. A log should open, called checkup.txt.
  4. Please post the contents of it in your next reply.


#10 sage19

sage19

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:39 PM

Posted 05 December 2014 - 11:32 PM

FYI in another topic we discovered that the cause of the second explorer.exe was a process running from c:\programdata\temp. From safe mode with command program delete this folder. command to delete the folder from command prompt would be

rmdir /s /q c:\programdata\temp






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users