Infected with "iexplorer.exe" virus

[Ricky_]

Hi, I'm not very computer savvy but I am fairly certain that my computer has a virus. I've used numerous virus scanners that all come up empty, but I've done some research and found out about a common virus that runs as a process called iexplorer.exe. I have this virus, while I don't have any internet explorer browsers open, one or even multiple iexplorer.exe processes are open in task manager. They use huge amounts of memory that gradually increase eventually crashing my computer. It also automatically starts up when my computer is started and pops back up after closing the process in task manager. I really need help removing this! Again I'm not very computer savvy so I apologize for any difficulties that it might cause.

[kevinf80]

Hello and

 

P2P/Piracy Warning:

 

 

 

   

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

 

•  

   

• Double-click to run it. When the tool opens click Yes to disclaimer.

   

   

• Press Scan button.

   

   

• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.

   

   

• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

   

   

 

 

Kevin....

[Ricky_]

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-05-2014

Ran by Ricky (administrator) on RICKY-HP on 20-05-2014 19:53:30

Running from C:\Users\Ricky\Documents\Downloads

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 11

Boot Mode: Normal

 

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

() C:\Windows\SysWOW64\PnkBstrA.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe

(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe

(Microsoft Corporation) C:\Windows\System32\LogonUI.exe

(Microsoft Corporation) C:\Windows\System32\taskmgr.exe

(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(Google Inc.) C:\Users\Ricky\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Ricky\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Ricky\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Ricky\AppData\Local\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

 

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-04-22] (Hewlett-Packard)

HKLM\...\Winlogon: [shell]  [0 ] () <=== ATTENTION

HKU\.DEFAULT\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_117_ActiveX.exe [829832 2013-11-02] (Adobe Systems Incorporated)

HKU\S-1-5-21-3064066554-2124213315-746902752-1000\...\Run: [AdobeBridge] => [X]

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://youtube.com/

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1

URLSearchHook: HKLM-x32 - ytbyclick SP Toolbar - {79f99051-6343-439f-ad2f-a98382212a36} - C:\Users\Ricky\AppData\LocalLow\ytbyclick_SP\prxtbytb0.dll (ClientConnect Ltd.)

URLSearchHook: HKCU - (No Name) - {ef0682e9-597e-414f-a6ea-e5af4a32b0b3} - No File

URLSearchHook: HKCU - ytbyclick SP Toolbar - {79f99051-6343-439f-ad2f-a98382212a36} - C:\Users\Ricky\AppData\LocalLow\ytbyclick_SP\prxtbytb0.dll (ClientConnect Ltd.)

SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF

SearchScopes: HKLM - {4D3626BB-4EA3-4656-9F65-C2DE2613AC6E} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF

SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}

SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}

SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF

SearchScopes: HKLM-x32 - {4D3626BB-4EA3-4656-9F65-C2DE2613AC6E} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF

SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}

SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}

SearchScopes: HKCU - DefaultScope {9BE59B1B-5619-499B-998C-86617C782FE7} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}

SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = 

SearchScopes: HKCU - {4D3626BB-4EA3-4656-9F65-C2DE2613AC6E} URL = 

SearchScopes: HKCU - {9BE59B1B-5619-499B-998C-86617C782FE7} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}

SearchScopes: HKCU - {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = 

SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = 

SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = 

SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = 

SearchScopes: HKCU - {E5DD75B6-EBBC-443C-9151-FD6B96E3ABDC} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3321831&CUI=UN67177176011417293&UM=4

BHO-x32: ytbyclick SP Toolbar - {79f99051-6343-439f-ad2f-a98382212a36} - C:\Users\Ricky\AppData\LocalLow\ytbyclick_SP\prxtbytb0.dll (ClientConnect Ltd.)

Toolbar: HKLM-x32 - ytbyclick SP Toolbar - {79f99051-6343-439f-ad2f-a98382212a36} - C:\Users\Ricky\AppData\LocalLow\ytbyclick_SP\prxtbytb0.dll (ClientConnect Ltd.)

Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File

Toolbar: HKCU - No Name - {EF0682E9-597E-414F-A6EA-E5AF4A32B0B3} -  No File

Toolbar: HKCU - No Name - {79F99051-6343-439F-AD2F-A98382212A36} -  No File

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)

Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)

Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)

Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

 

FireFox:

========

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll ()

FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @microsoft.com/GENUINE - disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: adobe.com/AdobeAAMDetect_x86_64 - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()

FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)

FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)

FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin-x32: @microsoft.com/GENUINE - disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)

FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Ricky\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Ricky\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)

FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\Ricky\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()

FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Ricky\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Ricky\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()

FF Plugin ProgramFiles/Appdata: C:\Users\Ricky\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)

FF Plugin ProgramFiles/Appdata: C:\Users\Ricky\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll ()

FF Plugin ProgramFiles/Appdata: C:\Users\Ricky\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)

FF HKCU\...\FireFox\Extensions: [soundFrost@helper.com] - C:\Program Files (x86)\SoundFrost\SoundFrost.xpi

FF Extension: SoundFrost - C:\Program Files (x86)\SoundFrost\SoundFrost.xpi [2013-05-05]

 

Chrome: 

=======

CHR RestoreOnStartup: "hxxp://www.youtube.com/"

CHR Extension: (Google Cast) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-02-16]

CHR Extension: (Google Wallet) - C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-29]

CHR Extension: (DigiCioupon) - C:\ProgramData\fhmemokpmeklangckipakakajpmfjcag [2013-12-29]

CHR HKCU\...\Chrome\Extension: [agnbjebjgekfjalmephmcmalklmjinmk] - C:\Users\Ricky\AppData\Local\CRE\agnbjebjgekfjalmephmcmalklmjinmk.crx [2013-10-31]

CHR HKCU\...\Chrome\Extension: [ejpbbhjlbipncjklfjjaedaieimbmdda] - C:\Users\Ricky\AppData\Local\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx [2013-10-31]

CHR HKCU\...\Chrome\Extension: [gaiilaahiahdejapggenmdmafpmbipje] - C:\Program Files (x86)\DealPly\DealPly.crx [2013-10-31]

CHR HKCU\...\Chrome\Extension: [hfpghkmipjbamgnlilimjdmgkalpmcjn] - C:\Users\Ricky\AppData\Local\CRE\hfpghkmipjbamgnlilimjdmgkalpmcjn.crx [2013-10-31]

CHR HKLM-x32\...\Chrome\Extension: [agnbjebjgekfjalmephmcmalklmjinmk] - C:\Users\Ricky\AppData\Local\CRE\agnbjebjgekfjalmephmcmalklmjinmk.crx [2013-10-31]

CHR HKLM-x32\...\Chrome\Extension: [bcjagnifjocnddgeknajocbkkhlgibem] - C:\Program Files (x86)\Chrome\surfcanyon.crx [2012-06-27]

CHR HKLM-x32\...\Chrome\Extension: [ejpbbhjlbipncjklfjjaedaieimbmdda] - C:\Users\Ricky\AppData\Local\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx [2012-06-27]

CHR HKLM-x32\...\Chrome\Extension: [gaiilaahiahdejapggenmdmafpmbipje] - C:\Program Files (x86)\DealPly\DealPly.crx [2012-06-27]

CHR HKLM-x32\...\Chrome\Extension: [hfpghkmipjbamgnlilimjdmgkalpmcjn] - C:\Users\Ricky\AppData\Local\CRE\hfpghkmipjbamgnlilimjdmgkalpmcjn.crx [2012-06-27]

CHR StartMenuInternet: Google Chrome - C:\Users\Ricky\AppData\Local\Google\Chrome\Application\chrome.exe

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

 

==================== Services (Whitelisted) =================

 

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)

S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)

S4 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-08-12] (PDF Complete Inc)

R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-12-24] ()

S4 RoxMediaDBGame1X; C:\Program Files (x86)\Common Files\Roxio Shared\Game1X\SharedCOM\RoxMediaDBGame1X.exe [1099248 2011-02-17] (Sonic Solutions)

S4 TBSrv; C:\Program Files (x86)\Tbccint\ToolbarService\ToolbarService.exe [350528 2014-03-31] (ClientConnect Ltd.)

S3 MozillaMaintenance; "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe" [X]

 

==================== Drivers (Whitelisted) ====================

 

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-05-20] (Malwarebytes Corporation)

S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)

R0 SMR410; C:\Windows\System32\drivers\SMR410.SYS [96856 2014-05-20] (Symantec Corporation)

S2 NEWDRIVER; \??\C:\Windows\SysWow64\WinVDEdrv6.sys [X]

S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [X]

S3 XFDriver64; \??\C:\Program Files (x86)\Xfire2\XFDriver64.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2014-05-20 19:47 - 2014-05-20 19:53 - 00000000 ____D () C:\FRST

2014-05-20 19:47 - 2014-05-20 19:46 - 02067456 _____ (Farbar) C:\Users\Ricky\Desktop\FRST64.exe

2014-05-20 17:17 - 2014-05-20 17:17 - 00000000 ____D () C:\NPE

2014-05-20 17:16 - 2014-05-20 17:16 - 00000000 ____D () C:\ProgramData\SMR410

2014-05-20 17:15 - 2014-05-20 17:21 - 00000000 ____D () C:\Users\Ricky\AppData\Local\NPE

2014-05-20 17:15 - 2014-05-20 17:15 - 00096856 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SMR410.SYS

2014-05-12 07:07 - 2014-05-12 07:07 - 00012435 _____ () C:\Users\Ricky\Documents\Untitled 1.odt

2014-05-12 07:05 - 2014-05-12 07:05 - 00000000 ____D () C:\Users\Public\Documents\sun

2014-05-12 07:04 - 2014-05-20 16:52 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.1

2014-05-12 07:04 - 2014-05-12 07:04 - 00000000 ____D () C:\Users\Ricky\AppData\Roaming\1H1Q

2014-05-11 22:18 - 2014-05-11 22:18 - 00000000 ____D () C:\Users\Ricky\Desktop\New folder

2014-05-09 18:54 - 2014-05-09 18:54 - 00000000 ____D () C:\ProgramData\regid.1995-08.com.techsmith

2014-05-09 18:54 - 2014-05-09 18:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith

2014-05-09 18:54 - 2014-05-09 18:54 - 00000000 ____D () C:\Program Files (x86)\QuickTime

2014-05-09 06:54 - 2014-05-09 06:56 - 00000000 ____D () C:\cygwin64

2014-05-06 15:57 - 2014-05-11 22:18 - 00001285 _____ () C:\Windows\system32\mintty.exe.stackdump

2014-05-06 06:46 - 2014-05-20 19:33 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-05-06 06:46 - 2014-05-06 06:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-05-06 06:46 - 2014-05-06 06:46 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-05-06 06:46 - 2014-05-06 06:46 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-05-06 06:46 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-05-06 06:46 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-05-06 06:46 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-05-05 19:22 - 2014-05-05 19:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cygwin

2014-05-04 20:27 - 2014-05-20 17:34 - 00000000 ____D () C:\Windows\Minidump

2014-05-02 21:38 - 2012-09-06 09:23 - 00000000 ____D () C:\Users\Ricky\Documents\media-militia-lens-flares

2014-05-02 21:22 - 2014-05-02 21:22 - 00003502 _____ () C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-Ricky-HP-Ricky

2014-05-02 06:25 - 2014-05-02 06:25 - 00000028 _____ () C:\Windows\SysWOW64\u

2014-05-01 19:01 - 2014-05-20 19:44 - 00000069 _____ () C:\Windows\system32\nbjm.vdf

2014-05-01 18:51 - 2014-05-01 18:51 - 00000064 _____ () C:\Windows\system32\itdw.vbo

2014-05-01 18:51 - 2014-05-01 18:51 - 00000000 _____ () C:\Windows\system32\zpbitsz.wax

2014-05-01 18:35 - 2014-05-01 18:35 - 13625856 _____ (Advanced Micro Devices Inc.) C:\Users\Ricky\AppData\Roaming\ndjfgfd.dll

2014-05-01 18:35 - 2014-05-01 18:35 - 00239175 ____S () C:\Windows\system32\qsigbd.igq

2014-05-01 17:51 - 2014-05-01 17:51 - 00001070 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC (64 Bit).lnk

2014-05-01 17:50 - 2014-05-01 17:50 - 00001162 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC.lnk

2014-05-01 17:38 - 2014-05-01 17:38 - 00001271 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk

2014-05-01 17:37 - 2014-05-01 17:38 - 00000000 ____D () C:\ProgramData\Package Cache

2014-04-30 20:43 - 2014-05-20 16:51 - 00000000 ____D () C:\Program Files (x86)\Audacity

2014-04-30 20:43 - 2014-04-30 20:43 - 00000981 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk

2014-04-30 20:37 - 2014-04-30 20:39 - 00003362 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3064066554-2124213315-746902752-1000

2014-04-30 20:37 - 2014-04-30 20:39 - 00003228 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3064066554-2124213315-746902752-1000

2014-04-30 20:36 - 2014-04-30 20:40 - 00000000 ____D () C:\Users\Ricky\AppData\Roaming\Real

2014-04-30 20:36 - 2014-04-30 20:40 - 00000000 ____D () C:\ProgramData\Real

2014-04-30 20:36 - 2014-04-30 20:40 - 00000000 ____D () C:\Program Files (x86)\Real

2014-04-24 21:36 - 2008-11-23 07:14 - 12407828 _____ () C:\Users\Ricky\Documents\FractalWings.abr

2014-04-22 16:18 - 2014-04-22 15:54 - 08781915 ____N () C:\Users\Ricky\Desktop\20140422_155407.mp4

2014-04-22 16:18 - 2014-04-22 15:50 - 25823189 ____N () C:\Users\Ricky\Desktop\20140422_155022.mp4

2014-04-21 16:26 - 2014-04-21 16:26 - 00000000 ____D () C:\Users\Ricky\Documents\tex

2014-04-21 14:38 - 2014-04-21 14:38 - 00000000 ____D () C:\Users\Ricky\Documents\C4D R14

 

==================== One Month Modified Files and Folders =======

 

2014-05-20 19:53 - 2014-05-20 19:47 - 00000000 ____D () C:\FRST

2014-05-20 19:52 - 2014-04-10 19:06 - 00000000 ____D () C:\Users\Ricky\AppData\Roaming\uTorrent

2014-05-20 19:51 - 2013-08-01 01:36 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-05-20 19:51 - 2013-08-01 01:36 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-05-20 19:46 - 2014-05-20 19:47 - 02067456 _____ (Farbar) C:\Users\Ricky\Desktop\FRST64.exe

2014-05-20 19:44 - 2014-05-01 19:01 - 00000069 _____ () C:\Windows\system32\nbjm.vdf

2014-05-20 19:33 - 2014-05-06 06:46 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-05-20 19:13 - 2012-11-12 00:12 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForRicky

2014-05-20 19:13 - 2012-11-12 00:12 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForRicky.job

2014-05-20 19:10 - 2012-07-14 12:50 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3064066554-2124213315-746902752-1000UA.job

2014-05-20 19:06 - 2012-07-14 14:12 - 00000000 ____D () C:\Users\Ricky\AppData\Roaming\Skype

2014-05-20 18:42 - 2012-07-14 11:15 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{26B16544-5DB5-4DE6-A6EE-80DB4BFCE6B4}

2014-05-20 18:16 - 2014-04-13 10:08 - 00000000 ____D () C:\Users\Ricky\AppData\Roaming\.minecraft

2014-05-20 18:10 - 2012-07-14 13:24 - 00000000 ____D () C:\Users\Ricky\AppData\Local\CrashDumps

2014-05-20 17:41 - 2009-07-14 00:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-05-20 17:41 - 2009-07-14 00:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-05-20 17:38 - 2009-07-14 01:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-05-20 17:37 - 2012-07-14 11:10 - 01353025 _____ () C:\Windows\WindowsUpdate.log

2014-05-20 17:34 - 2014-05-04 20:27 - 00000000 ____D () C:\Windows\Minidump

2014-05-20 17:34 - 2012-07-14 11:10 - 00000000 ____D () C:\Users\Ricky

2014-05-20 17:34 - 2012-05-04 01:25 - 00336614 ____N () C:\Windows\Minidump\052014-28719-01.dmp

2014-05-20 17:34 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-05-20 17:34 - 2009-07-14 00:51 - 00210141 _____ () C:\Windows\setupact.log

2014-05-20 17:21 - 2014-05-20 17:15 - 00000000 ____D () C:\Users\Ricky\AppData\Local\NPE

2014-05-20 17:17 - 2014-05-20 17:17 - 00000000 ____D () C:\NPE

2014-05-20 17:16 - 2014-05-20 17:16 - 00000000 ____D () C:\ProgramData\SMR410

2014-05-20 17:15 - 2014-05-20 17:15 - 00096856 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SMR410.SYS

2014-05-20 17:15 - 2012-05-04 01:00 - 00000000 ____D () C:\ProgramData\Norton

2014-05-20 17:07 - 2012-05-04 01:25 - 00336614 ____N () C:\Windows\Minidump\052014-32619-01.dmp

2014-05-20 17:03 - 2012-07-14 13:45 - 00000000 ____D () C:\Users\Ricky\AppData\Local\Adobe

2014-05-20 16:52 - 2014-05-12 07:04 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.1

2014-05-20 16:52 - 2013-12-21 15:24 - 00000000 ____D () C:\Program Files (x86)\Origin Games

2014-05-20 16:52 - 2013-12-18 20:47 - 00000000 ____D () C:\Windows\SysWOW64\Adobe

2014-05-20 16:52 - 2013-12-14 19:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth

2014-05-20 16:52 - 2013-11-07 16:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities

2014-05-20 16:52 - 2013-11-07 16:10 - 00000000 ____D () C:\Program Files\Canon

2014-05-20 16:52 - 2013-08-01 11:59 - 00000000 ___RD () C:\Users\Ricky\Desktop\Server

2014-05-20 16:52 - 2013-08-01 01:36 - 00000000 ____D () C:\Program Files (x86)\Google

2014-05-20 16:52 - 2012-05-04 00:39 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP TouchSmart

2014-05-20 16:52 - 2012-05-04 00:39 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support

2014-05-20 16:52 - 2012-05-04 00:39 - 00000000 ____D () C:\Program Files\Hewlett-Packard

2014-05-20 16:52 - 2009-07-14 01:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games

2014-05-20 16:52 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\AppCompat

2014-05-20 16:51 - 2014-04-30 20:43 - 00000000 ____D () C:\Program Files (x86)\Audacity

2014-05-20 16:51 - 2013-11-07 16:08 - 00000000 ____D () C:\Program Files (x86)\Canon

2014-05-20 16:49 - 2012-05-04 00:53 - 00000000 ____D () C:\Windows\SysWOW64\Macromed

2014-05-20 16:49 - 2012-05-04 00:39 - 00000000 ____D () C:\ProgramData\Hewlett-Packard

2014-05-20 16:49 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration

2014-05-20 09:02 - 2013-11-07 16:22 - 00000000 ____D () C:\Users\Ricky\AppData\Roaming\canon

2014-05-20 08:38 - 2013-01-30 19:26 - 01296896 ___SH () C:\Users\Ricky\Desktop\Thumbs.db

2014-05-18 19:00 - 2012-07-22 19:39 - 00000000 ____D () C:\Users\Ricky\AppData\Roaming\HP Support Assistant

2014-05-18 19:00 - 2012-07-15 11:47 - 00000000 ____D () C:\Users\Ricky\AppData\Roaming\HpUpdate

2014-05-17 20:58 - 2013-08-31 14:35 - 00000000 ____D () C:\Users\Ricky\AppData\Roaming\TS3Client

2014-05-14 21:10 - 2012-07-14 12:50 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3064066554-2124213315-746902752-1000Core.job

2014-05-14 17:45 - 2012-10-08 10:56 - 00008704 _____ () C:\Users\Ricky\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2014-05-14 07:10 - 2013-08-15 02:07 - 00000000 ____D () C:\Windows\system32\MRT

2014-05-14 07:09 - 2012-09-14 15:27 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-05-13 18:23 - 2010-11-20 23:47 - 00623914 _____ () C:\Windows\PFRO.log

2014-05-13 06:53 - 2012-07-14 11:17 - 00086168 _____ () C:\Users\Ricky\AppData\Local\GDIPFONTCACHEV1.DAT

2014-05-12 18:21 - 2009-07-14 00:45 - 05051832 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-05-12 07:07 - 2014-05-12 07:07 - 00012435 _____ () C:\Users\Ricky\Documents\Untitled 1.odt

2014-05-12 07:05 - 2014-05-12 07:05 - 00000000 ____D () C:\Users\Public\Documents\sun

2014-05-12 07:04 - 2014-05-12 07:04 - 00000000 ____D () C:\Users\Ricky\AppData\Roaming\1H1Q

2014-05-12 07:03 - 2013-09-29 19:42 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4

2014-05-11 22:18 - 2014-05-11 22:18 - 00000000 ____D () C:\Users\Ricky\Desktop\New folder

2014-05-11 22:18 - 2014-05-06 15:57 - 00001285 _____ () C:\Windows\system32\mintty.exe.stackdump

2014-05-09 19:17 - 2012-10-14 19:43 - 00000000 ____D () C:\Users\Ricky\AppData\Roaming\Audacity

2014-05-09 18:54 - 2014-05-09 18:54 - 00000000 ____D () C:\ProgramData\regid.1995-08.com.techsmith

2014-05-09 18:54 - 2014-05-09 18:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith

2014-05-09 18:54 - 2014-05-09 18:54 - 00000000 ____D () C:\Program Files (x86)\QuickTime

2014-05-09 18:54 - 2012-10-08 10:49 - 00000000 ____D () C:\ProgramData\TechSmith

2014-05-09 06:56 - 2014-05-09 06:54 - 00000000 ____D () C:\cygwin64

2014-05-08 17:26 - 2014-03-24 21:39 - 00000000 ____D () C:\Program Files (x86)\ytbyclick_SP

2014-05-07 06:53 - 2012-05-04 01:25 - 00336614 ____N () C:\Windows\Minidump\050714-32432-01.dmp

2014-05-07 06:32 - 2012-05-04 01:25 - 00336614 ____N () C:\Windows\Minidump\050714-28953-01.dmp

2014-05-06 07:03 - 2013-12-29 23:49 - 00000000 ____D () C:\Program Files\Level Quality Watcher

2014-05-06 07:03 - 2013-11-03 17:15 - 00000000 ____D () C:\ProgramData\Conduit

2014-05-06 07:03 - 2013-10-13 10:26 - 00000000 ____D () C:\Users\Ricky\AppData\Local\SwvUpdater

2014-05-06 06:46 - 2014-05-06 06:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-05-06 06:46 - 2014-05-06 06:46 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-05-06 06:46 - 2014-05-06 06:46 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-05-06 06:45 - 2013-05-05 15:01 - 00000000 ____D () C:\Program Files (x86)\SoundFrost

2014-05-06 06:41 - 2013-01-23 20:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mumble

2014-05-06 06:41 - 2013-01-23 20:27 - 00000000 ____D () C:\Program Files (x86)\Mumble

2014-05-05 19:22 - 2014-05-05 19:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cygwin

2014-05-04 20:27 - 2009-07-14 01:08 - 00032574 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2014-05-04 20:27 - 2009-07-14 01:08 - 00032574 _____ () C:\Windows\Tasks\SCHEDLGU(27).TXT

2014-05-04 20:26 - 2012-05-04 01:25 - 00336614 ____N () C:\Windows\Minidump\050414-38953-01.dmp

2014-05-03 18:07 - 2013-12-01 18:23 - 00000132 _____ () C:\Users\Ricky\AppData\Roaming\Adobe PNG Format CC Prefs

2014-05-02 21:22 - 2014-05-02 21:22 - 00003502 _____ () C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-Ricky-HP-Ricky

2014-05-02 18:22 - 2012-05-04 00:56 - 00000000 ____D () C:\ProgramData\PDFC

2014-05-02 06:25 - 2014-05-02 06:25 - 00000028 _____ () C:\Windows\SysWOW64\u

2014-05-01 18:51 - 2014-05-01 18:51 - 00000064 _____ () C:\Windows\system32\itdw.vbo

2014-05-01 18:51 - 2014-05-01 18:51 - 00000000 _____ () C:\Windows\system32\zpbitsz.wax

2014-05-01 18:35 - 2014-05-01 18:35 - 13625856 _____ (Advanced Micro Devices Inc.) C:\Users\Ricky\AppData\Roaming\ndjfgfd.dll

2014-05-01 18:35 - 2014-05-01 18:35 - 00239175 ____S () C:\Windows\system32\qsigbd.igq

2014-05-01 17:55 - 2012-09-22 19:54 - 00000000 ____D () C:\Program Files\Adobe

2014-05-01 17:55 - 2012-05-04 00:55 - 00000000 ____D () C:\Program Files (x86)\Adobe

2014-05-01 17:53 - 2012-09-22 19:54 - 00000000 ____D () C:\Program Files\Common Files\Adobe

2014-05-01 17:51 - 2014-05-01 17:51 - 00001070 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC (64 Bit).lnk

2014-05-01 17:50 - 2014-05-01 17:50 - 00001162 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC.lnk

2014-05-01 17:48 - 2012-07-14 13:47 - 00000000 ____D () C:\ProgramData\Adobe

2014-05-01 17:39 - 2012-07-14 11:38 - 00000000 ____D () C:\Users\Ricky\AppData\Roaming\Adobe

2014-05-01 17:38 - 2014-05-01 17:38 - 00001271 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk

2014-05-01 17:38 - 2014-05-01 17:37 - 00000000 ____D () C:\ProgramData\Package Cache

2014-04-30 20:43 - 2014-04-30 20:43 - 00000981 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk

2014-04-30 20:40 - 2014-04-30 20:36 - 00000000 ____D () C:\Users\Ricky\AppData\Roaming\Real

2014-04-30 20:40 - 2014-04-30 20:36 - 00000000 ____D () C:\ProgramData\Real

2014-04-30 20:40 - 2014-04-30 20:36 - 00000000 ____D () C:\Program Files (x86)\Real

2014-04-30 20:40 - 2009-07-13 23:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

2014-04-30 20:39 - 2014-04-30 20:37 - 00003362 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3064066554-2124213315-746902752-1000

2014-04-30 20:39 - 2014-04-30 20:37 - 00003228 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3064066554-2124213315-746902752-1000

2014-04-30 16:16 - 2013-12-23 20:51 - 00000000 ____D () C:\Program Files (x86)\Steam

2014-04-27 19:32 - 2012-07-29 19:07 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt

2014-04-27 19:32 - 2012-07-15 19:57 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log

2014-04-24 21:55 - 2012-09-21 18:53 - 00000000 ____D () C:\Users\Ricky\AppData\Roaming\MAXON

2014-04-24 21:50 - 2013-03-03 19:26 - 00000000 ____D () C:\Users\Ricky\Documents\Games

2014-04-22 15:54 - 2014-04-22 16:18 - 08781915 ____N () C:\Users\Ricky\Desktop\20140422_155407.mp4

2014-04-22 15:50 - 2014-04-22 16:18 - 25823189 ____N () C:\Users\Ricky\Desktop\20140422_155022.mp4

2014-04-21 16:26 - 2014-04-21 16:26 - 00000000 ____D () C:\Users\Ricky\Documents\tex

2014-04-21 14:38 - 2014-04-21 14:38 - 00000000 ____D () C:\Users\Ricky\Documents\C4D R14

 

Some content of TEMP:

====================

C:\Users\Ricky\AppData\Local\Temp\air6557.exe

C:\Users\Ricky\AppData\Local\Temp\ammemb.dll

C:\Users\Ricky\AppData\Local\Temp\ammemb64.dll

C:\Users\Ricky\AppData\Local\Temp\avg_12.1.0.20.exe

C:\Users\Ricky\AppData\Local\Temp\conduitinstaller.exe

C:\Users\Ricky\AppData\Local\Temp\Creative Cloud Helper.exe

C:\Users\Ricky\AppData\Local\Temp\fp_pl_pfs_installer-1.exe

C:\Users\Ricky\AppData\Local\Temp\fp_pl_pfs_installer.exe

C:\Users\Ricky\AppData\Local\Temp\j3dcore-ogl.dll

C:\Users\Ricky\AppData\Local\Temp\jansi-32-git-Bukkit-1.2.5-R4.0-b2222jnks.dll

C:\Users\Ricky\AppData\Local\Temp\jansi-32-git-Bukkit-1.3.2-R0.1-4-gd08e620-b2359jnks.dll

C:\Users\Ricky\AppData\Local\Temp\jansi-32-git-Bukkit-1.3.2-R2.0-b2396jnks.dll

C:\Users\Ricky\AppData\Local\Temp\jansi-32-git-Bukkit-1.4.7-R1.0-b2624jnks.dll

C:\Users\Ricky\AppData\Local\Temp\jansi-64-git-Bukkit-1.3.1-R2.0-b2340jnks.dll

C:\Users\Ricky\AppData\Local\Temp\jansi-64-git-Bukkit-1.4.5-R1.0-b2543jnks.dll

C:\Users\Ricky\AppData\Local\Temp\jansi-64-git-Bukkit-1.4.7-R0.1-b2602jnks.dll

C:\Users\Ricky\AppData\Local\Temp\jansi-64-git-Bukkit-1.4.7-R1.0-23-g80d8c9a-b2655jnks.dll

C:\Users\Ricky\AppData\Local\Temp\jansi-64-git-Bukkit-1.4.7-R1.0-56-gfbfbc31-b2697jnks.dll

C:\Users\Ricky\AppData\Local\Temp\jansi-64-git-Bukkit-1.4.7-R1.0-66-g543fc73-b2706jnks.dll

C:\Users\Ricky\AppData\Local\Temp\jansi-64-git-Bukkit-1.4.7-R1.0-75-g7f25632-b2717jnks.dll

C:\Users\Ricky\AppData\Local\Temp\jansi-64-git-Bukkit-1.4.7-R1.0-83-gb08af02-b2723jnks.dll

C:\Users\Ricky\AppData\Local\Temp\jansi-64-git-Bukkit-1.4.7-R1.0-b2624jnks.dll

C:\Users\Ricky\AppData\Local\Temp\jansi-64-git-Bukkit-1.5.1-R0.1-21-g49b0699-b2754jnks.dll

C:\Users\Ricky\AppData\Local\Temp\jansi-64-git-Bukkit-1.5.1-R0.1-7-ge80e64d-b2744jnks.dll

C:\Users\Ricky\AppData\Local\Temp\jansi-64-git-Bukkit-1.5.1-R0.2-5-g7fd3e34-b2759jnks.dll

C:\Users\Ricky\AppData\Local\Temp\jansi-64-git-Bukkit-1.5.2-R0.1-1-g53734d2-b2777jnks.dll

C:\Users\Ricky\AppData\Local\Temp\jansi-64-git-Bukkit-1.5.2-R0.1-b2771jnks.dll

C:\Users\Ricky\AppData\Local\Temp\jansi-64-git-Bukkit-1.5.2-R1.0-25-g2a13a5a-b2812jnks.dll

C:\Users\Ricky\AppData\Local\Temp\jansi-64-git-Bukkit-1.5.2-R1.0-35-g4176258-b2824jnks.dll

C:\Users\Ricky\AppData\Local\Temp\jansi-64-git-Bukkit-1.6.2-R1.0-6-g7d680d3.dll

C:\Users\Ricky\AppData\Local\Temp\jansi-64-git-Bukkit-1.6.4-R1.0.dll

C:\Users\Ricky\AppData\Local\Temp\jansi-64-git-Bukkit-1.6.4-R2.0-2-g7e1ac0a-b2922jnks.dll

C:\Users\Ricky\AppData\Local\Temp\jansi-64-git-Bukkit-1.6.4-R2.0-20-gca624b3-b2937jnks.dll

C:\Users\Ricky\AppData\Local\Temp\jansi-64-git-Bukkit-1.6.4-R2.0-26-g31d7c5f-b2943jnks.dll

C:\Users\Ricky\AppData\Local\Temp\jansi-64-git-Bukkit-1.6.4-R2.0-b2918jnks.dll

C:\Users\Ricky\AppData\Local\Temp\jansi-64-git-Bukkit-1.7.2-R0.1-b2969jnks.dll

C:\Users\Ricky\AppData\Local\Temp\jansi-64-git-Bukkit-1.7.2-R0.2-15-g2f3dbd3-b2992jnks.dll

C:\Users\Ricky\AppData\Local\Temp\jansi-64-git-Bukkit-1.7.2-R0.2-3-g530fcb7-b2978jnks.dll

C:\Users\Ricky\AppData\Local\Temp\jansi-64-git-Bukkit-1.7.2-R0.2-b2974jnks.dll

C:\Users\Ricky\AppData\Local\Temp\jansi-64-git-Bukkit-1.7.2-R0.3-2-g85f5776-b3023jnks.dll

C:\Users\Ricky\AppData\Local\Temp\jansi-64-git-Bukkit-1.7.2-R0.3-b3020jnks.dll

C:\Users\Ricky\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe

C:\Users\Ricky\AppData\Local\Temp\launcher.exe

C:\Users\Ricky\AppData\Local\Temp\lowproc.exe

C:\Users\Ricky\AppData\Local\Temp\MSETUP4.EXE

C:\Users\Ricky\AppData\Local\Temp\npp.6.5.1.Installer.exe

C:\Users\Ricky\AppData\Local\Temp\npp.6.5.2.Installer.exe

C:\Users\Ricky\AppData\Local\Temp\npp.6.5.Installer.exe

C:\Users\Ricky\AppData\Local\Temp\skypemoticons_new.exe

C:\Users\Ricky\AppData\Local\Temp\SkypeSetup.exe

C:\Users\Ricky\AppData\Local\Temp\SoundFrost_updater.exe

C:\Users\Ricky\AppData\Local\Temp\sp58915.exe

C:\Users\Ricky\AppData\Local\Temp\SpOrder.dll

C:\Users\Ricky\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll

C:\Users\Ricky\AppData\Local\Temp\stubhelper.dll

C:\Users\Ricky\AppData\Local\Temp\swt-win32-3740.dll

C:\Users\Ricky\AppData\Local\Temp\tbedrs.dll

C:\Users\Ricky\AppData\Local\Temp\tbuTor.dll

C:\Users\Ricky\AppData\Local\Temp\tbytby.dll

C:\Users\Ricky\AppData\Local\Temp\TubeToolbox_Setup.EXE

C:\Users\Ricky\AppData\Local\Temp\Uninstaller-5020.exe

C:\Users\Ricky\AppData\Local\Temp\UninstallHPSA.exe

C:\Users\Ricky\AppData\Local\Temp\uttC50A.tmp.exe

C:\Users\Ricky\AppData\Local\Temp\xmlUpdater.exe

C:\Users\Ricky\AppData\Local\Temp\YontooSetup-S.exe

 

 

==================== Bamital & volsnap Check =================

 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll

[2010-11-20 23:24] - [2010-11-20 23:24] - 0520192 ____A (Microsoft Corporation) 6AE916E67D215A5FB6BD0C2D8734BD99

 

 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

 

LastRegBack: 2014-05-19 18:14

 

==================== End Of Log ============================

 

Addition.txt

[kevinf80]

Run FRST one more time:

 

Type the following in the edit box after "Search:".

 

rpcss.dll

 

Click Search button and post the log (Search.txt) it makes to your reply.

[Ricky_]

Sorry that it took me so long but the virus crashed my computer twice during the search.

 

Farbar Recovery Scan Tool (x64) Version: 17-05-2014

Ran by Ricky at 2014-05-20 20:45:11

Running from C:\Users\Ricky\Documents\Downloads

Boot Mode: Normal

 

================== Search Files: "rpcss.dll" =============

 

C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll

[2010-11-20 23:24] - [2010-11-20 23:24] - 0512000 ____A (Microsoft Corporation) 5C627D1B1138676C0A7AB2C2C190D123

 

C:\Windows\System32\rpcss.dll

[2010-11-20 23:24] - [2010-11-20 23:24] - 0520192 ____A (Microsoft Corporation) 6AE916E67D215A5FB6BD0C2D8734BD99

 

====== End Of Search ======

[kevinf80]

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

Open Malwarebytes 2.0, run a Threat Scan

 

• 
  

On the Dashboard, click the 'Update Now >>' link
After the update completes, click the 'Scan Now >>' button.
Or, on the Dashboard, click the Scan Now >> button.
If an update is available, click the Update Now button.
A Threat Scan will begin.
When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
In most cases, a restart will be required.
Wait for the prompt to restart the computer to appear, then click on Yes.

 

Post log:

 

• 
  

After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click 'Copy to Clipboard'
Paste the contents of the clipboard into your reply.

 

Next,

 

Download AdwCleaner by Xplode onto your Desktop.

• 
  

Double click on Adwcleaner.exe to run the tool.
Click on Scan
Once the scan is done, click on the Clean button.
You will get a prompt asking to close all programs. Click OK.
Click OK again to reboot your computer.
A text file will open after the restart. Please post the content of that logfile in your reply.
You can also find the logfile at C:\AdwCleaner[sn].txt.

 

Next,

 

Please download Junkware Removal Tool to your desktop.

• 
  

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

 

Let me see those logs, also give an update on any remaining issues or concerns..

 

Kevin

 

 

fixlist.txt

[Ricky_]

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 5/21/2014

Scan Time: 8:02:34 AM

Logfile: 

Administrator: Yes

 

Version: 2.00.1.1004

Malware Database: v2014.05.21.04

Rootkit Database: v2014.03.27.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Chameleon: Disabled

 

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: Ricky

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 280042

Time Elapsed: 35 min, 4 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Shuriken: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 1

PUP.Optional.PriceGong.A, HKU\S-1-5-21-3064066554-2124213315-746902752-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\PriceGong, Quarantined, [fd0b76ded1aabe78f9e9c1d9eb176f91], 

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

I have tried the JRT multiple times but it never seems to work, I've let it sit for over an hour and nothing happens, no log is generated. Everything else worked fine.

Folders: 0

(No malicious items detected)

 

Files: 1

PUP.Optional.SuperCool, C:\$RECYCLE.BIN\S-1-5-21-3064066554-2124213315-746902752-1000\$RAOIVUY.exe, Quarantined, [d830163e700bc86e5040cbb23bc6dc24], 

 

Physical Sectors: 0

(No malicious items detected)

 

 

 

 

(end)

 

# AdwCleaner v3.210 - Report created 21/05/2014 at 08:09:15

# Updated 19/05/2014 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : Ricky - RICKY-HP

# Running from : C:\Users\Ricky\Documents\Downloads\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

[#] Service Deleted : TBSrv

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\ProgramData\Babylon

Folder Deleted : C:\ProgramData\Conduit

Folder Deleted : C:\ProgramData\StarApp

Folder Deleted : C:\ProgramData\Tarma Installer

Folder Deleted : C:\ProgramData\WeCareReminder

Folder Deleted : C:\ProgramData\AullCHeappPrrice

Folder Deleted : C:\ProgramData\DigiCioupon

Folder Deleted : C:\ProgramData\VauDixe

Folder Deleted : C:\Program Files (x86)\Conduit

Folder Deleted : C:\Program Files (x86)\Tbccint

Folder Deleted : C:\Program Files (x86)\Vaudix

Folder Deleted : C:\Program Files (x86)\AullCHeappPrrice

Folder Deleted : C:\Program Files (x86)\DigiCioupon

Folder Deleted : C:\Program Files (x86)\ytbyclick_SP

Folder Deleted : C:\Program Files (x86)\Common Files\Spigot

Folder Deleted : C:\Program Files\Level Quality Watcher

Folder Deleted : C:\Users\Ricky\AppData\Local\Conduit

Folder Deleted : C:\Users\Ricky\AppData\Local\NativeMessaging

Folder Deleted : C:\Users\Ricky\AppData\Local\SwvUpdater

Folder Deleted : C:\Users\Ricky\AppData\Local\Temp\AirInstaller

Folder Deleted : C:\Users\Ricky\AppData\Local\Temp\mt_ffx

Folder Deleted : C:\Users\Ricky\AppData\Local\Temp\NativeMessaging

Folder Deleted : C:\Users\Ricky\AppData\Local\Temp\ytbyclick_SP

Folder Deleted : C:\Users\Ricky\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\Ricky\AppData\LocalLow\PriceGong

Folder Deleted : C:\Users\Ricky\AppData\LocalLow\ytbyclick_SP

Folder Deleted : C:\Users\Ricky\AppData\Roaming\1H1Q

Folder Deleted : C:\Users\Ricky\AppData\Roaming\SearchProtect

File Deleted : C:\END

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bcjagnifjocnddgeknajocbkkhlgibem

Key Deleted : HKCU\Software\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda

Key Deleted : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\conduit.com

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE

Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd

Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1

Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore

Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1

Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr

Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1

Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane

Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1

Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS

Key Deleted : HKLM\SOFTWARE\Classes\DigICCoupion.DigICCoupion

Key Deleted : HKLM\SOFTWARE\Classes\DigICCoupion.DigICCoupion.5.3

Key Deleted : HKLM\SOFTWARE\Classes\AllCheapPricei.AllCheapPricei

Key Deleted : HKLM\SOFTWARE\Classes\AllCheapPricei.AllCheapPricei.5.2

Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3220468

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3247992

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3283792

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3321831

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_audio-recorder-for-free_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_audio-recorder-for-free_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_cinema-4d (1)_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_cinema-4d (1)_RASMANCS

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{13352EEC-8C24-45FF-8571-29FA9377D755}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2C99B148-E8D5-447C-898B-9E4ABEDD9377}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{63D436CD-636B-4815-8A65-9EF7069B85B0}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8CE5F275-2F5E-4CE5-9213-C8BF49D7E4F9}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9DCE5372-BD23-2066-011A-C1EAB7FE3EB4}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A0994774-C162-4795-8AEB-52C776216264}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C07474D6-CAE5-474D-9583-E147ACFFFAEA}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C5AA6C60-2955-4948-AFB2-5AEFEB431C13}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CDF1FAFC-29FA-427D-A21D-F78218460ECF}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E17D179F-E095-408C-8F4E-2CBF87395547}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EACF3F45-6E3A-45FF-9F0B-4829DE87F37A}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EE3468D9-5CE2-63A6-1709-670A7389A8D1}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F343045E-E20A-46E1-82D8-9962C43EFC9E}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{79F99051-6343-439F-AD2F-A98382212A36}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DDCE201E-5E89-44EF-A63E-D82FBB32CAB9}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{79F99051-6343-439F-AD2F-A98382212A36}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{79F99051-6343-439F-AD2F-A98382212A36}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DDCE201E-5E89-44EF-A63E-D82FBB32CAB9}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{79F99051-6343-439F-AD2F-A98382212A36}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9DCE5372-BD23-2066-011A-C1EAB7FE3EB4}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EE3468D9-5CE2-63A6-1709-670A7389A8D1}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DDCE201E-5E89-44EF-A63E-D82FBB32CAB9}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DF17175C-2DB0-4278-8992-33F4F6749C19}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6641E04D-E1DD-4DEA-9903-9EBC797A8569}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{79F99051-6343-439F-AD2F-A98382212A36}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{79F99051-6343-439F-AD2F-A98382212A36}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{79F99051-6343-439F-AD2F-A98382212A36}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{79F99051-6343-439F-AD2F-A98382212A36}]

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{9DCE5372-BD23-2066-011A-C1EAB7FE3EB4}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE3468D9-5CE2-63A6-1709-670A7389A8D1}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\InstalledThirdPartyPrograms

Key Deleted : HKCU\Software\Softonic

Key Deleted : HKCU\Software\Tbccint_HKLM

Key Deleted : HKCU\Software\AppDataLow\Toolbar

Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainer

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit

Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes

Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings

Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar

Key Deleted : HKCU\Software\AppDataLow\Software\ytbyclick_SP

Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}

Key Deleted : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B}

Key Deleted : HKLM\Software\{77D46E27-0E41-4478-87A6-AABE6FBCF252}

Key Deleted : HKLM\Software\Babylon

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\Software\DealPly

Key Deleted : HKLM\Software\Freeze.com

Key Deleted : HKLM\Software\SP Global

Key Deleted : HKLM\Software\SProtector

Key Deleted : HKLM\Software\ytbyclick_SP

Key Deleted : [x64] HKLM\SOFTWARE\InstalledThirdPartyPrograms

Key Deleted : [x64] HKLM\SOFTWARE\LevelQualityWatcher

Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v11.0.9600.17041

 

 

-\\ Google Chrome v

 

[ File : C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

Deleted [search Provider] : hxxp://en.softonic.com/s/{searchTerms}

Deleted [Extension] : bcjagnifjocnddgeknajocbkkhlgibem

Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl

Deleted [Extension] : dgbjdgnkkchgleommaaapafcigjjbnmg

Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb

Deleted [Extension] : gaiilaahiahdejapggenmdmafpmbipje

Deleted [Extension] : hbcennhacfaagdopikcegfcobcadeocj

Deleted [Extension] : icdlfehblmklkikfigmjhbmmpmkmpooj

Deleted [Extension] : mhkaekfpcppmmioggniknbnbdbcigpkk

Deleted [Extension] : pfndaklgolladniicklehhancnlgocpp

 

*************************

 

AdwCleaner[R0].txt - [14752 octets] - [21/05/2014 08:06:30]

AdwCleaner[s0].txt - [14095 octets] - [21/05/2014 08:09:15]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [14156 octets] ##########

[Ricky_]

I've tried the JRT program multiple times, leaving it sit for atleast an hour each time, and it never seems to do anything. I don't know if I am doing something wrong or simply am not waiting long enough but I have to be at my computer closing down the iexplorer.exe process every 15 seconds so it doesn't crash my computer.

[kevinf80]

After JRT is downloaded to your Desktop all security has to be turned off before running the tool. When JRT starts you should see a black cmd box, at the bottom is the nag "press any key to continue" after that it should be on auto...

 

Regarding the file you quote iexplorer.exe are you sure you have the name correct, there is no system file by that name?

 

iexplorer.exe  is unknown....

 

iexplore.exe  is Internet Explorer

 

explorer.exe  is Windows Explorer

 

What is the current status of your system, is it constantly crashing?

 

Kevin.

 

[Ricky_]

After JRT is downloaded to your Desktop all security has to be turned off before running the tool. When JRT starts you should see a black cmd box, at the bottom is the nag "press any key to continue" after that it should be on auto...

 

Regarding the file you quote iexplorer.exe are you sure you have the name correct, there is no system file by that name?

 

iexplorer.exe  is unknown....

 

iexplore.exe  is Internet Explorer

 

explorer.exe  is Windows Explorer

 

What is the current status of your system, is it constantly crashing?

 

Kevin.

Here is a video I recorded of it in action.

https://www.youtube.com/watch?v=TNr2hNtuHp4&feature=youtu.be

[Ricky_]

https://www.youtube.com/watch?v=TNr2hNtuHp4&feature=youtu.be

[Ricky_]

Whoops, sorry about the previous two posts, I had a link in them but it disappeared. https://www.youtube.com/watch?v=TNr2hNtuHp4&feature=youtu.be

[kevinf80]

Internet Explorer running normally:

 

The file you are closing is iexplore.exe not iexplorer.exe  That file you close is related to Internet Explorer. If you have Internet Explorer opened at the homepage and open Task manager you will see 2 entries for the file iexplore.exe if you open another Tab you would see 3 entries, another tab would produce a 4th entry named iexplore.exe and so on....

 

So you have Internet Explorer running, only one tab open at the home page. Open Task manager, stop one entry of iexplore.exe It will automatically open again, so you are back to two entries for iexplore.exe. Internet Explorer is supposed to do that so it does not close it down totally.

 

Can you open Internet explorer, then Task manager. Do nothing else, just leave internet explorer open at the homepage, monitor Task manager. What happens, is there only two entries of iexplore.exe or do you see more entries multiplying

[Ricky_]

Even when I first turn on my computer, before opening anything besides task manager there is a iexplorer.exe process running. When I started internet explorer, another two process came up.

[Ricky_]

I also don't understand why it exponentially increases in memory usage when I'm not even using internet explorer.

[kevinf80]

Maybe this is where the problem lies, Windows Explorer file name is explorer.exe Internet Explorer file name is iexplore.exe You say the problem file is iexplorer.exe

 

See if you can run the following;

 

Please download SystemLook from the following link below and save it to your Desktop. Use the correct version 32bit or 64bit.

 

http://jpshortstuff.247fixes.com/SystemLook_x64.exe      <<-   64 bit….

 

http://images.malwareremoval.com/jpshortstuff/SystemLook.exe  <<-  32 bit

 

• 
  

Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:
 

:filefindiexplorer.exe:regfindiexplorer.exe

 
Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

[Ricky_]

Well before seeing you post I had disabled internet explorer and when I restarted my computer the iexplorer.exe was gone... But now explore.exe is duplicating and causing crashes. Should I still do the search?

[kevinf80]

If the duplicating file is definitely explore.exe we have another mystery as there is no Windows service file with that name. Are you sure you have these names correct?

[Ricky_]

If the duplicating file is definitely explore.exe we have another mystery as there is no Windows service file with that name. Are you sure you have these names correct?

Its was acting very strange, it was definitely the explorer.exe process, but after it crashed the first time from it, I restarted it and nothing is wrong now, there are no duplicating processes or processes that should not be open that are. I guess that I will see how it goes for a while but as of now it looks like its back to normal. Thanks for the help!

[kevinf80]

In reply #6 I attach fixlist.txt and ask you to run a Fix with FRST, you never posted the log (fixlog.txt) from that run. Can you post that log, will be in this folder C:\FRST\Logs

 

Next,

 

We still need to run an online AV scan to ensure there are no remnants of any infection left on your system that may have been missed. This scan is very thorough and well worth running, it can take several hours please be patient and let it complete:

 

Run Eset Online Scanner

 

**Note** You will need to use Internet explorer for this scan - Vista and Windows 7/8 right click on IE shortcut and run as admin

 

Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET.

 

• 
  

Turn off the real time scanner of any existing antivirus program while performing the online scan
click on the Run ESET Online Scanner button
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the add/on to be installed
Click Start
Make sure that the option "Remove found threats"  is UNticked
Click on Advanced Settings, ensure the options
Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
Click Scan
wait for the virus definitions to be downloaded
Wait for the scan to finish

 

When the scan is complete

 

• 
  

If no threats were found
put a checkmark in "Uninstall application on close"
close program
report to me that nothing was found

 

If threats were found

 

• 
  

click on "list of threats found"
click on "export to text file" and save it as ESET SCAN and save to the desktop
Click on back
put a checkmark in "Uninstall application on close"
click on finish

 

close program

 

Copy and paste the report in next reply.

 

Also let me know if any remaining issues or concerns..

 

Thanks,

 

Kevin

[Maurice Naggar]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!