Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple iexplore.exe *32 processes running


  • This topic is locked This topic is locked
2 replies to this topic

#1 Accessory

Accessory

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:45 AM

Posted 19 March 2015 - 12:16 AM

Hi, I have a customers computer that I've been struggling with for the last 2 days.  The computer was pretty much unusable when it came in, now it works pretty well but there are 2 to 4 "iexplore.exe *32" running in the process section.  TDSS Killer removes some sort of unknown item, but it keeps respawning.  I've run Malwarebytes, adwcleaner, Avast, and more.

 

Here's the problem.  I read in the sticky that it'll take on the average of 5 days for help in this forum.  My customer is a business customer and needs it back asap - I don't have 5 days (especially since I already have had it for 2 days).

 

What is the current time for help - by chance is the forum caught up so I can get help today?  If not I understand, but if I can't resolve this quickly I'll have to recommend to the customer to wipe out the hard drive and reload - he already expressed he didn't want to do that though.

 

Really hope i can get this resolved quickly for him...

 

Accessory

 

Ran Farbar and attached the FRST.txt and Addition.txt

 

Here is the reports

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by User (administrator) on USER-PC on 19-03-2015 00:24:26
Running from C:\Users\User\Desktop\AC Tools
Loaded Profiles: User (Available profiles: User)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpsp.exe
(Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Launcher\DLQLU.EXE
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
() C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
(Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(Intuit Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2011\QBW32.EXE
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpwdnt.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_16_0_0_305_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8306208 2009-10-20] (Realtek Semiconductor)
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [DLPSP] => C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE [944104 2013-02-25] (Dell Inc.)
HKLM\...\Run: [DLQLU] => C:\Program Files\Dell Printers\Additional Color Laser Software\Launcher\DLQLU.EXE [1244136 2013-02-25] (Dell Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [Desktop Disc Tool] => c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [498160 2009-10-15] ()
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3761464 2013-09-30] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-03-12] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [288088 2009-11-11] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5511352 2015-03-18] (Avast Software s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-03-07] (Oracle Corporation)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1772549707-2034872288-1711029183-1000\...\Run: [AXworks] => regsvr32.exe C:\Users\User\AppData\Local\AXworks\New.dll <===== ATTENTION
HKU\S-1-5-21-1772549707-2034872288-1711029183-1000\...\Run: [Emtion] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\User\AppData\Local\Ujmedia\New.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2011\QBW32.EXE (Intuit Inc.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (Avast Software s.r.o.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1772549707-2034872288-1711029183-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1772549707-2034872288-1711029183-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1772549707-2034872288-1711029183-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
SearchScopes: HKLM -> {8799D9BF-DE33-4B14-A7FC-F857941D4841} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {678BE11C-DE5A-49F2-B782-04D666869917} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-03-17] (Avast Software s.r.o.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-04] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-02-10] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-02-10] (Microsoft Corporation)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-01-14] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-18] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-03-17] (Avast Software s.r.o.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-04] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-02-10] (Microsoft Corporation)
BHO-x32: Bing Bar BHO -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll [2010-04-27] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-18] (Oracle Corporation)
BHO-x32: Windows Live Toolbar Helper -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -> C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [2009-02-06] (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-04] (Google Inc.)
Toolbar: HKLM-x32 - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [2009-02-06] (Microsoft Corporation)
Toolbar: HKLM-x32 - @C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll [2010-04-27] (Microsoft Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-04] (Google Inc.)
Handler-x32: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll [2009-07-23] (Cozi Group, Inc.)
Handler-x32: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files (x86)\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll [2014-02-04] (Intuit, Inc.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll [2010-11-04] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-18] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-18] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\3.0.40818.0\npctrl.dll [2009-08-17] ( Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpWinExt,version=5.0 -> C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll [2010-04-27] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-03-04] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-11] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [msntoolbar@msn.com] - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\Firefox
FF Extension: Bing Bar - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\Firefox [2012-10-20]
FF HKLM-x32\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension
FF Extension: Search Helper Extension - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension [2012-10-20]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-10-18]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 6 U37) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Bing Bar) - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 6.0.370.6) - C:\Windows\SysWOW64\npdeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation)
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-16]
CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-01]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-17]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-03-17] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4030800 2015-03-17] (Avast Software)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2714800 2015-02-10] (Microsoft Corporation)
R2 DLPWD; C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE [155496 2012-09-27] (Dell Inc.)
R2 DLSDB; C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE [343400 2012-09-27] (Dell Inc.)
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2014-02-04] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2009-07-23] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2013-11-27] (Intuit Inc.) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-03-17] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [88408 2015-03-17] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-03-17] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-03-17] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-03-17] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [441728 2015-03-17] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [136752 2015-03-17] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [268640 2015-03-17] ()
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-03-18] ()
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-03-17] (Avast Software)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-19 00:23 - 2015-03-19 00:24 - 00000000 ____D () C:\FRST
2015-03-18 23:21 - 2015-03-19 00:18 - 00000000 ____D () C:\AdwCleaner
2015-03-18 22:51 - 2015-03-18 22:51 - 00019921 _____ () C:\ComboFix.txt
2015-03-18 18:18 - 2015-03-18 18:18 - 00008706 _____ () C:\Users\User\Downloads\HELP_DECRYPT.HTML
2015-03-18 18:18 - 2015-03-18 18:18 - 00004296 _____ () C:\Users\User\Downloads\HELP_DECRYPT.TXT
2015-03-18 18:18 - 2015-03-18 18:18 - 00000304 _____ () C:\Users\User\Downloads\HELP_DECRYPT.URL
2015-03-18 18:17 - 2015-03-18 18:17 - 00008706 _____ () C:\Users\User\Documents\HELP_DECRYPT.HTML
2015-03-18 18:17 - 2015-03-18 18:17 - 00004296 _____ () C:\Users\User\Documents\HELP_DECRYPT.TXT
2015-03-18 18:17 - 2015-03-18 18:17 - 00000304 _____ () C:\Users\User\Documents\HELP_DECRYPT.URL
2015-03-18 17:52 - 2015-03-18 23:38 - 00000000 ____D () C:\Users\User\AppData\Local\CrashDumps
2015-03-18 17:48 - 2015-03-18 17:48 - 289931536 ____H () C:\Users\User\Desktop\MOA.wmv.zh5
2015-03-18 17:46 - 2015-03-18 17:46 - 00008706 _____ () C:\Users\User\AppData\Roaming\HELP_DECRYPT.HTML
2015-03-18 17:46 - 2015-03-18 17:46 - 00008706 _____ () C:\Users\User\AppData\Local\HELP_DECRYPT.HTML
2015-03-18 17:46 - 2015-03-18 17:46 - 00008706 _____ () C:\Users\User\AppData\HELP_DECRYPT.HTML
2015-03-18 17:46 - 2015-03-18 17:46 - 00004296 _____ () C:\Users\User\AppData\Roaming\HELP_DECRYPT.TXT
2015-03-18 17:46 - 2015-03-18 17:46 - 00004296 _____ () C:\Users\User\AppData\Local\HELP_DECRYPT.TXT
2015-03-18 17:46 - 2015-03-18 17:46 - 00004296 _____ () C:\Users\User\AppData\HELP_DECRYPT.TXT
2015-03-18 17:46 - 2015-03-18 17:46 - 00000304 _____ () C:\Users\User\AppData\Roaming\HELP_DECRYPT.URL
2015-03-18 17:46 - 2015-03-18 17:46 - 00000304 _____ () C:\Users\User\AppData\Local\HELP_DECRYPT.URL
2015-03-18 17:46 - 2015-03-18 17:46 - 00000304 _____ () C:\Users\User\AppData\HELP_DECRYPT.URL
2015-03-18 17:43 - 2015-03-18 17:43 - 00008706 _____ () C:\Users\Public\HELP_DECRYPT.HTML
2015-03-18 17:43 - 2015-03-18 17:43 - 00008706 _____ () C:\Users\Public\Documents\HELP_DECRYPT.HTML
2015-03-18 17:43 - 2015-03-18 17:43 - 00008706 _____ () C:\ProgramData\HELP_DECRYPT.HTML
2015-03-18 17:43 - 2015-03-18 17:43 - 00004296 _____ () C:\Users\Public\HELP_DECRYPT.TXT
2015-03-18 17:43 - 2015-03-18 17:43 - 00004296 _____ () C:\Users\Public\Documents\HELP_DECRYPT.TXT
2015-03-18 17:43 - 2015-03-18 17:43 - 00004296 _____ () C:\ProgramData\HELP_DECRYPT.TXT
2015-03-18 17:43 - 2015-03-18 17:43 - 00000304 _____ () C:\Users\Public\HELP_DECRYPT.URL
2015-03-18 17:43 - 2015-03-18 17:43 - 00000304 _____ () C:\Users\Public\Documents\HELP_DECRYPT.URL
2015-03-18 17:43 - 2015-03-18 17:43 - 00000304 _____ () C:\ProgramData\HELP_DECRYPT.URL
2015-03-18 17:41 - 2015-03-18 21:11 - 00000000 ____D () C:\e3ed880e
2015-03-18 17:27 - 2015-03-18 17:46 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-03-18 17:25 - 2015-03-18 17:48 - 00000000 ____D () C:\Users\User\Desktop\mbar
2015-03-18 15:37 - 2015-03-18 17:10 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-03-18 15:37 - 2015-03-18 15:37 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-03-18 15:08 - 2015-03-18 15:08 - 00000000 _____ () C:\Windows\system32\REN9177.tmp
2015-03-18 15:08 - 2015-03-18 15:08 - 00000000 _____ () C:\Windows\system32\REN9167.tmp
2015-03-18 15:08 - 2015-03-18 15:08 - 00000000 _____ () C:\Windows\system32\REN9166.tmp
2015-03-18 15:08 - 2015-03-18 15:07 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-03-18 13:49 - 2015-03-18 15:07 - 00000000 ____D () C:\ProgramData\Oracle
2015-03-18 13:04 - 2015-03-18 15:07 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-03-18 13:04 - 2015-03-18 15:07 - 00000000 ____D () C:\Program Files (x86)\Java
2015-03-18 13:04 - 2015-03-18 13:04 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2015-03-18 13:04 - 2015-03-18 13:04 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2015-03-18 13:04 - 2015-03-18 13:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-03-17 15:34 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-03-17 15:34 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-03-17 15:34 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-03-17 15:34 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-03-17 15:34 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-03-17 15:34 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2015-03-17 15:34 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2015-03-17 15:34 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2015-03-17 15:33 - 2015-03-18 22:51 - 00000000 ____D () C:\Qoobox
2015-03-17 15:33 - 2015-03-17 15:42 - 00000000 ____D () C:\Windows\erdnt
2015-03-17 13:42 - 2015-03-18 18:23 - 00000000 ____D () C:\TDSSKiller_Quarantine
2015-03-17 13:37 - 2015-03-18 23:40 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-17 13:37 - 2015-03-18 17:25 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-17 13:37 - 2015-03-17 13:37 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-17 13:37 - 2015-03-17 13:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-17 13:37 - 2015-03-17 13:37 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-17 13:37 - 2015-03-17 13:37 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-17 13:37 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-17 13:37 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-17 13:35 - 2015-03-19 00:24 - 00000000 ____D () C:\Users\User\Desktop\AC Tools
2015-03-17 10:05 - 2015-03-17 10:05 - 00000000 ____D () C:\Windows\SysWOW64\vbox
2015-03-17 10:05 - 2015-03-17 10:05 - 00000000 ____D () C:\Windows\system32\vbox
2015-03-17 10:03 - 2015-03-18 17:46 - 00000000 ____D () C:\Users\User\AppData\Roaming\AVAST Software
2015-03-17 09:59 - 2015-03-17 15:31 - 00002081 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-03-17 09:58 - 2015-03-17 09:58 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-03-17 09:58 - 2015-03-17 09:58 - 00136752 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
2015-03-17 09:58 - 2015-03-17 09:58 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-03-17 09:58 - 2015-03-17 09:58 - 00029168 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-03-17 09:48 - 2015-03-17 09:58 - 00268640 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-03-17 09:48 - 2015-03-17 09:58 - 00065736 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-03-17 09:15 - 2015-03-17 13:42 - 00000000 ____D () C:\Users\User\AppData\Local\Ujmedia
2015-03-17 09:15 - 2015-03-17 09:15 - 00000000 ____D () C:\Users\User\AppData\Local\AXworks
2015-03-16 11:18 - 2015-03-16 11:18 - 00001755 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-03-16 11:18 - 2015-03-16 11:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-03-16 11:17 - 2015-03-16 11:17 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-03-16 11:17 - 2015-03-16 11:17 - 00000000 ____D () C:\Program Files\iTunes
2015-03-16 11:17 - 2015-03-16 11:17 - 00000000 ____D () C:\Program Files\iPod
2015-03-16 11:17 - 2015-03-16 11:17 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-03-16 09:54 - 2015-03-18 18:05 - 00000000 ____D () C:\Users\User\Documents\Larry
2015-03-16 09:16 - 2015-03-16 09:16 - 00003001 _____ () C:\Users\User\Downloads\CP Training for My Dentco & Dentco Verified.ics
2015-03-12 09:05 - 2015-03-16 11:48 - 00014080 _____ () C:\Users\User\Desktop\2015 Customer & Commercial Agreements.xlsx
2015-03-10 15:24 - 2015-03-18 18:16 - 00000000 ____D () C:\Users\User\Documents\My Docs - Copy
2015-03-10 15:24 - 2015-03-18 18:05 - 00000000 ____D () C:\Users\User\Documents\Intuit
2015-03-10 15:24 - 2015-03-10 15:24 - 00000000 ____D () C:\Users\User\Documents\Fax - Copy
2015-03-10 15:24 - 2015-03-10 15:24 - 00000000 ____D () C:\Users\User\Documents\Adobe - Copy
2015-03-10 15:22 - 2015-03-18 18:04 - 00000000 ____D () C:\Users\User\Documents\2015 Nick & Sarah Docs
2015-03-10 09:50 - 2015-03-10 09:50 - 00047360 _____ () C:\Users\User\Downloads\Payroll_Detail (5).xls
2015-03-10 09:50 - 2015-03-10 09:50 - 00047360 _____ () C:\Users\User\Downloads\Payroll_Detail (4).xls
2015-03-10 09:50 - 2015-03-10 09:50 - 00047360 _____ () C:\Users\User\Downloads\Payroll_Detail (3).xls
2015-03-06 08:56 - 2015-03-06 08:56 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2015-03-04 15:39 - 2015-03-04 15:39 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2015-03-04 15:28 - 2015-03-04 15:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-03-04 15:12 - 2015-03-17 16:18 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-03-04 15:11 - 2015-03-04 15:11 - 01062064 _____ (Microsoft Corporation) C:\Users\User\Downloads\Setup.X86.en-US_OutlookRetail_9f17a2ea-a986-4e5e-8efd-df576427327e_TX_PR_.exe
2015-03-04 13:38 - 2015-03-04 13:38 - 00001696 _____ () C:\Users\User\Desktop\Payroll Import File 02-27-2015.iif
2015-03-04 13:31 - 2015-03-04 13:36 - 00001920 _____ () C:\Users\User\Desktop\Payroll Import File 02-13-2015.iif
2015-03-04 09:31 - 2015-03-12 11:55 - 00010784 _____ () C:\Users\User\Desktop\LarryTimesheet.xlsx
2015-03-02 16:33 - 2015-03-02 16:33 - 00001312 _____ () C:\Users\User\Desktop\Payroll Import File 01-02-2-2015 (2).iif
2015-03-02 16:20 - 2015-03-02 16:20 - 00001696 _____ () C:\Users\User\Downloads\Payroll Import File 03-02-2015 (1).iif
2015-03-02 16:19 - 2015-03-02 16:19 - 00001920 _____ () C:\Users\User\Downloads\Payroll Import File 03-02-2015.iif
2015-03-02 16:18 - 2015-03-02 16:18 - 00025990 _____ () C:\Users\User\Desktop\Payroll Import File 02-13-2015.iif.lnk
2015-03-02 16:18 - 2015-03-02 16:18 - 00001440 _____ () C:\Users\User\Desktop\Payroll Import File 01-30-2015.iif
2015-03-02 16:12 - 2015-03-02 16:12 - 00001456 _____ () C:\Users\User\Desktop\Payroll Import File 01-02-2015 (2).iif
2015-03-02 16:10 - 2015-03-02 16:10 - 00000848 _____ () C:\Users\User\Desktop\Payroll Import File 01-02-2015 (1).iif
2015-02-26 10:13 - 2015-02-26 10:14 - 00553568 _____ () C:\Users\User\Downloads\Attachments_2015226.zip
2015-02-23 12:54 - 2015-02-23 12:54 - 00044640 _____ () C:\Users\User\Downloads\Payroll_Detail (2).xls
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-19 00:24 - 2009-07-14 00:10 - 02026268 _____ () C:\Windows\WindowsUpdate.log
2015-03-19 00:22 - 2012-11-16 09:20 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-19 00:19 - 2012-11-16 09:20 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-19 00:19 - 2010-03-27 17:58 - 00000000 ____D () C:\dell
2015-03-19 00:19 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-19 00:19 - 2009-07-13 23:51 - 00055745 _____ () C:\Windows\setupact.log
2015-03-18 23:43 - 2009-07-14 00:13 - 00713888 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-18 23:43 - 2009-07-13 23:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-18 23:43 - 2009-07-13 23:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-18 23:40 - 2012-11-16 09:20 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-18 23:31 - 2010-03-27 17:09 - 01699664 _____ () C:\Windows\PFRO.log
2015-03-18 22:49 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini
2015-03-18 18:23 - 2012-10-19 13:20 - 00000000 ____D () C:\Users\User\Outdoor Perfection, Inc 4-25-2010 - Images
2015-03-18 18:17 - 2015-01-27 13:17 - 00000000 ____D () C:\Users\User\Downloads\C2665dnf_Application_ALL_Windows_ENG
2015-03-18 18:16 - 2012-10-19 13:20 - 00000000 ___RD () C:\Users\User\Documents\My Stationery
2015-03-18 18:15 - 2012-10-19 13:20 - 00000000 ____D () C:\Users\User\Documents\My Docs
2015-03-18 18:02 - 2014-10-01 10:07 - 00000000 ____D () C:\Users\User\Desktop\Payroll Import Files
2015-03-18 18:02 - 2013-11-03 17:10 - 00000000 ____D () C:\Users\User\Desktop\OP PIcs
2015-03-18 18:02 - 2012-10-25 14:04 - 00000000 ____D () C:\Users\User\Desktop\OpenOffice.org 3.4.1 (en-US) Installation Files
2015-03-18 17:48 - 2013-09-20 15:35 - 00000000 ____D () C:\Users\User\Desktop\Lawn Snow Photos
2015-03-18 17:46 - 2013-08-11 11:27 - 00000000 ____D () C:\Users\User\AppData\Local\SkyHawke
2015-03-18 17:46 - 2012-10-25 14:10 - 00000000 ____D () C:\Users\User\AppData\Roaming\OpenOffice.org
2015-03-18 17:46 - 2012-10-18 17:04 - 00000000 ____D () C:\Users\User\AppData\Roaming\Adobe
2015-03-18 17:46 - 2012-10-18 15:23 - 00000000 ____D () C:\Users\User\AppData\Local\SupportSoft
2015-03-18 17:44 - 2012-11-16 09:20 - 00000000 ____D () C:\Users\User\AppData\Local\Google
2015-03-18 17:44 - 2012-10-19 13:59 - 00000000 ____D () C:\Users\User\AppData\Local\Intuit
2015-03-18 17:43 - 2013-07-14 14:24 - 00000000 ____D () C:\Users\User\AppData\Local\Apple Computer
2015-03-18 17:43 - 2012-10-19 13:57 - 00000000 ____D () C:\Users\Public\Documents\Intuit
2015-03-18 17:43 - 2010-03-27 15:18 - 00000000 ____D () C:\ProgramData\WildTangent
2015-03-18 17:41 - 2012-10-19 13:57 - 00000000 ____D () C:\ProgramData\Intuit
2015-03-18 17:41 - 2010-03-27 15:26 - 00000000 ____D () C:\ProgramData\Sonic
2015-03-18 15:12 - 2012-10-18 17:12 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-03-18 15:07 - 2010-03-27 15:14 - 00319912 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2015-03-18 15:07 - 2010-03-27 15:14 - 00207272 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2015-03-18 15:07 - 2010-03-27 15:14 - 00206760 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2015-03-18 15:07 - 2010-03-27 15:14 - 00000000 ____D () C:\Program Files\Java
2015-03-18 14:56 - 2012-10-19 13:20 - 00000000 ____D () C:\Users\User\Quickbooks Data
2015-03-17 09:58 - 2012-10-18 17:12 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-03-17 09:58 - 2012-10-18 17:12 - 00441728 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-03-17 09:58 - 2012-10-18 17:12 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
2015-03-17 09:58 - 2012-10-18 17:12 - 00088408 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-03-17 09:48 - 2012-10-18 17:12 - 00000000 _____ () C:\Windows\SysWOW64\config.nt
2015-03-17 09:48 - 2012-10-18 17:11 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-03-16 12:19 - 2009-07-14 00:08 - 00032618 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-16 11:17 - 2013-07-14 14:23 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-03-14 08:50 - 2012-11-16 09:21 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-05 09:30 - 2009-07-13 23:45 - 00407000 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-04 16:23 - 2012-10-18 15:20 - 00091736 _____ () C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-04 15:39 - 2010-03-27 15:16 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2015-03-04 15:39 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-02-26 14:04 - 2012-10-19 14:12 - 00000000 ____D () C:\Users\User\AppData\Local\Microsoft Help
 
==================== Files in the root of some directories =======
 
2015-03-18 17:46 - 2015-03-18 17:46 - 0008706 _____ () C:\Users\User\AppData\Roaming\HELP_DECRYPT.HTML
2015-03-18 17:46 - 2015-03-18 17:46 - 0045716 _____ () C:\Users\User\AppData\Roaming\HELP_DECRYPT.PNG
2015-03-18 17:46 - 2015-03-18 17:46 - 0004296 _____ () C:\Users\User\AppData\Roaming\HELP_DECRYPT.TXT
2015-03-18 17:46 - 2015-03-18 17:46 - 0000304 _____ () C:\Users\User\AppData\Roaming\HELP_DECRYPT.URL
2015-03-18 17:46 - 2015-03-18 17:46 - 0008706 _____ () C:\Users\User\AppData\Local\HELP_DECRYPT.HTML
2015-03-18 17:46 - 2015-03-18 17:46 - 0045716 _____ () C:\Users\User\AppData\Local\HELP_DECRYPT.PNG
2015-03-18 17:46 - 2015-03-18 17:46 - 0004296 _____ () C:\Users\User\AppData\Local\HELP_DECRYPT.TXT
2015-03-18 17:46 - 2015-03-18 17:46 - 0000304 _____ () C:\Users\User\AppData\Local\HELP_DECRYPT.URL
2015-03-18 17:43 - 2015-03-18 17:43 - 0008706 _____ () C:\ProgramData\HELP_DECRYPT.HTML
2015-03-18 17:43 - 2015-03-18 17:43 - 0045716 _____ () C:\ProgramData\HELP_DECRYPT.PNG
2015-03-18 17:43 - 2015-03-18 17:43 - 0004296 _____ () C:\ProgramData\HELP_DECRYPT.TXT
2015-03-18 17:43 - 2015-03-18 17:43 - 0000304 _____ () C:\ProgramData\HELP_DECRYPT.URL
 
Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\Quarantine.exe
C:\Users\User\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-03-16 07:06
 
==================== End Of Log ============================
 
 
 

Attached Files


Edited by Accessory, 19 March 2015 - 12:39 AM.


BC AdBot (Login to Remove)

 


#2 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,015 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:45 AM

Posted 19 March 2015 - 10:53 AM

Hey,

Step 1: Adwarecleaner

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1
  • Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.
Note: The log can also be found in here: C:\AdwCleaner\

Step 2: Malwarebytes

Please download Malwarebytes Anti-Malware to your desktop Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings.JPG

Go back to the Dashboard and select Scan Now

MBAMScan.JPG

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot.JPG

MBAMLog.JPG

On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop
Attach/Post that log

Step 3: Junkware Removal Tool

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#3 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,015 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:45 AM

Posted 23 March 2015 - 05:54 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users