Solved CPU usage 100% multiple explorer.exe

Jeremie · 2014/03/09

[Solved] CPU usage 100% multiple explorer.exe

Just recently Cpu usage has been constantly at 100%. When removed from the network (no internet) there's no issue. As soon as the Ethernet cable is plugged in same issue. Logs attached. No recent changes to the pc.

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 8/20/2011 1:05:33 PM
System Uptime: 3/9/2014 2:47:30 PM (1 hours ago)
.
Motherboard: Dell Inc | | 0UW457
Processor: AMD Athlon(tm) 64 Processor 3200+ | Socket M2 | 2000/1000mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 74 GiB total, 13.741 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP203: 3/6/2014 9:00:03 PM - Installed Java 7 Update 51
RP204: 3/9/2014 12:09:26 PM - Removed iTunes
RP205: 3/9/2014 12:13:46 PM - Removed JavaFX 2.1.1
RP206: 3/9/2014 12:15:08 PM - Removed QuickTime
RP207: 3/9/2014 12:18:21 PM - Removed LogMeIn
RP208: 3/9/2014 12:20:38 PM - Removed Novacomd
RP210: 3/9/2014 3:15:15 PM - avast! antivirus system restore point
.
==== Image File Execution Options =============
.
.
==== Installed Programs ======================
.
.
==== End Of File ===========================
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.03.09.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.16518
Nicole :: LAW11 [administrator]

3/9/2014 3:20:59 PM
mbam-log-2014-03-09 (15-20-59).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 474407
Time elapsed: 27 minute(s), 26 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

broni · 2014/03/09

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

============================

I still need DDS.txt log.

Jeremie · 2014/03/09

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 8/20/2011 1:05:33 PM
System Uptime: 3/9/2014 2:47:30 PM (1 hours ago)
.
Motherboard: Dell Inc | | 0UW457
Processor: AMD Athlon(tm) 64 Processor 3200+ | Socket M2 | 2000/1000mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 74 GiB total, 13.741 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP203: 3/6/2014 9:00:03 PM - Installed Java 7 Update 51
RP204: 3/9/2014 12:09:26 PM - Removed iTunes
RP205: 3/9/2014 12:13:46 PM - Removed JavaFX 2.1.1
RP206: 3/9/2014 12:15:08 PM - Removed QuickTime
RP207: 3/9/2014 12:18:21 PM - Removed LogMeIn
RP208: 3/9/2014 12:20:38 PM - Removed Novacomd
RP210: 3/9/2014 3:15:15 PM - avast! antivirus system restore point
.
==== Image File Execution Options =============
.
.
==== Installed Programs ======================
.
.
==== End Of File ===========================

If youd like me to send as attachment let me know.

broni · 2014/03/09

DDS produces two logs, DDS.txt and Attach.txt.
You posted the latter one twice.
I still need first DDS log.

Jeremie · 2014/03/11

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.16518 BrowserJavaVersion: 10.51.2
Run by Nicole at 15:27:59 on 2014-03-11
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3006.1682 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\PMGSoftware\Esd\PM.Deployment.EsdService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\PMGSoftware\Esd\PM.Deployment.EsdServiceMonitor.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_12_0_0_70_ActiveX.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\msiexec.exe
C:\Users\Nicole.LATRONICA\AppData\Local\Citrix\GoToAssist Corporate\1019\GoToAssist_Corporate_Customer.exe
C:\Users\NICOLE~1.LAT\AppData\Local\Temp\Citrix\GoToAssist Corporate\1019\g2a8AED.tmp\G2AInstaller.exe
C:\Users\NICOLE~1.LAT\AppData\Local\Temp\Citrix\GoToAssist Corporate\1019\g2a8AED.tmp\g2aservice.exe
C:\Users\NICOLE~1.LAT\AppData\Local\Temp\Citrix\GoToAssist Corporate\1019\g2a8AED.tmp\g2acomm.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\NICOLE~1.LAT\AppData\Local\Temp\Citrix\GoToAssist Corporate\1019\g2a8AED.tmp\g2alaunchercustomer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\NICOLE~1.LAT\AppData\Local\Temp\Citrix\GoToAssist Corporate\1019\g2a8AED.tmp\g2auicustomer.exe
C:\Users\NICOLE~1.LAT\AppData\Local\Temp\Citrix\GoToAssist Corporate\1019\g2a8AED.tmp\g2asessioncontrol.exe
C:\Users\NICOLE~1.LAT\AppData\Local\Temp\Citrix\GoToAssist Corporate\1019\g2a8AED.tmp\g2achat.exe
C:\Users\NICOLE~1.LAT\AppData\Local\Temp\Citrix\GoToAssist Corporate\1019\g2a8AED.tmp\g2aremotediagnostics.exe
C:\Users\NICOLE~1.LAT\AppData\Local\Temp\Citrix\GoToAssist Corporate\1019\g2a8AED.tmp\g2ahostnoui.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - c:\program files\avast software\avast\aswWebRepIE.dll
uRunOnce: [*GoToAssist] c:\users\nicole~1.lat\appdata\local\temp\G2AAFF9.tmp.bat
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe "
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe "
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\google~1.lnk - c:\program files\google\google calendar sync\GoogleCalendarSync.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {00140000-B1BA-11CE-ABC6-F5B2E79D9E3F} - file:///D:/Scripts/LTOCX14N.cab
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxp://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {53D40FAA-4E21-459F-AA87-E4D97FC3245A} - hxxp://win08srvr/PMGSoftware/PMSetup/webfiles/setup.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {9D28AF62-62C1-4553-ACB9-9A148E3C35AF} - hxxp://win08srvr/PMGSoftware/PMSetup/webfiles/PmReqChecker.CAB
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: Interfaces\{9E65F3AF-FB3A-4375-B763-0C190A2F287D} : DHCPNameServer = 10.177.0.34 10.164.103.44
TCP: Interfaces\{C4F17985-9FA1-4056-A8CB-8F019BF79CBF} : NameServer = 167.206.7.4,192.168.1.4
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\33.0.1750.146\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2014-3-9 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2014-3-9 180248]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-3-9 775952]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-3-9 410784]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-3-9 67824]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2014-3-9 50344]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2014-3-9 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2014-3-9 701512]
R2 Update Agent;Practice Manager Update Agent;c:\program files\common files\pmgsoftware\esd\PM.Deployment.EsdService.exe [2007-11-23 61440]
R3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2014-3-9 64168]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-3-9 22856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-2-12 108032]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2011-5-10 18432]
S3 netr73;Belkin Wireless G Plus MIMO USB Network Adapter Driver for Vista;c:\windows\system32\drivers\netr73.sys [2007-11-12 468480]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-11-6 14848]
S3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-20 77184]
S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2012-11-6 24064]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-11-6 49664]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-11-6 27136]
S3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
S3 WatAdminSvc;WatAdminSvc;c:\windows\system32\wat\WatAdminSvc.exe [2011-8-20 1343400]
.
=============== Created Last 30 ================
.
2014-03-09 21:15:49 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-03-09 21:15:20 -------- d-----w- c:\users\nicole.latronica\appdata\local\Citrix
2014-03-09 19:18:49 -------- d-----w- c:\users\nicole.latronica\appdata\roaming\Malwarebytes
2014-03-09 19:18:41 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-03-09 19:18:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2014-03-09 19:16:41 -------- d-----w- c:\users\nicole.latronica\appdata\roaming\AVAST Software
2014-03-09 19:16:15 64168 ----a-w- c:\windows\system32\drivers\aswStm.sys
2014-03-09 19:16:14 180248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-03-09 19:16:13 775952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-03-09 19:16:10 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-03-09 19:16:09 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-03-09 19:16:08 79720 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-03-09 19:15:56 43152 ----a-w- c:\windows\avastSS.scr
2014-03-09 19:15:27 -------- d-----w- c:\program files\AVAST Software
2014-03-09 19:12:47 -------- d-----w- c:\programdata\AVAST Software
2014-03-09 18:14:39 -------- d-----w- c:\program files\DLLSuite
2014-03-09 17:03:44 -------- d-----w- c:\users\nicole.latronica\appdata\local\Programs
2014-03-07 01:46:59 -------- d-----w- c:\users\nicole.latronica\appdata\local\Google
2014-03-07 00:27:08 7760024 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{e04302c2-0c6e-48c5-a035-9342302a3012}\mpengine.dll
2014-02-12 13:37:11 454656 ----a-w- c:\windows\system32\vbscript.dll
2014-02-12 09:35:14 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-02-12 09:35:14 1237504 ----a-w- c:\windows\system32\msxml3.dll
2014-02-12 09:34:05 1987584 ----a-w- c:\windows\system32\d3d10warp.dll
2014-02-12 09:34:04 3419136 ----a-w- c:\windows\system32\d2d1.dll
2014-02-12 09:33:26 594944 ----a-w- c:\windows\system32\RMActivate_isv.exe
2014-02-12 09:33:26 572416 ----a-w- c:\windows\system32\RMActivate.exe
2014-02-12 09:33:26 510976 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2014-02-12 09:33:26 508928 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2014-02-12 09:33:25 87040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2014-02-12 09:33:25 87040 ----a-w- c:\windows\system32\secproc_ssp.dll
2014-02-12 09:33:25 428032 ----a-w- c:\windows\system32\secproc.dll
2014-02-12 09:33:25 423936 ----a-w- c:\windows\system32\secproc_isv.dll
2014-02-12 09:33:25 390144 ----a-w- c:\windows\system32\msdrm.dll
.
==================== Find3M ====================
.
2014-03-09 16:56:04 409088 ----a-w- c:\windows\system32\systemcpl.dll
2014-02-20 22:47:08 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-20 22:47:08 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-06 10:20:26 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-02-06 10:19:55 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-02-06 10:01:36 61952 ----a-w- c:\windows\system32\iesetup.dll
2014-02-06 10:00:46 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-02-06 09:47:22 112128 ----a-w- c:\windows\system32\ieUnatt.exe
2014-02-06 09:47:18 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-02-06 09:46:27 553472 ----a-w- c:\windows\system32\jscript9diag.dll
2014-02-06 09:25:36 4244480 ----a-w- c:\windows\system32\jscript9.dll
2014-02-06 09:09:30 1964032 ----a-w- c:\windows\system32\inetcpl.cpl
2014-02-06 08:41:35 1820160 ----a-w- c:\windows\system32\wininet.dll
2013-12-18 11:13:56 231584 ----a-w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 15:28:43.08 ===============

Jeremie · 2014/03/11

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 8/20/2011 1:05:33 PM
System Uptime: 3/10/2014 2:42:47 PM (25 hours ago)
.
Motherboard: Dell Inc | | 0UW457
Processor: AMD Athlon(tm) 64 Processor 3200+ | Socket M2 | 2000/1000mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 74 GiB total, 12.786 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP210: 3/9/2014 3:15:15 PM - avast! antivirus system restore point
RP212: 3/9/2014 4:19:18 PM - Removed Microsoft Office Professional Plus 2007
RP214: 3/9/2014 4:27:10 PM - Configured Microsoft Office Professional Plus 2007
RP215: 3/9/2014 5:14:33 PM - Installed Java 7 Update 51
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
32 Bit HP CIO Components Installer
Adobe Flash Player 12 ActiveX
Adobe Flash Player 12 Plugin
Adobe Reader X (10.1.9)
avast! Free Antivirus
CCleaner
Citrix Online Launcher
DLL Suite 2013
FreeOCR 3.0
Google Calendar Sync
Google Chrome
Google Earth
Google Update Helper
Java 7 Update 51
Java Auto Updater
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft IntelliPoint 8.2
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
NVIDIA Control Panel 307.83
NVIDIA Display Control Panel
NVIDIA Graphics Driver 307.83
NVIDIA Install Application
NVIDIA Update 1.10.8
NVIDIA Update Components
OpenOffice.org 3.3
Practice Manager 10 Workstation
Practice Manager n-tier Framework Client
Practice Manager PM Purger Client Adapter
Practice Manager Update Agent
PVSonyDll
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2837615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office Outlook 2007 (KB2825644) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2837617) 32-Bit Edition
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Windows Driver Package - Palm (WinUSB) Palm Devices (10/09/2009 1.0.1)
WinRAR 4.20 (32-bit)
.
==== Event Viewer Messages From Past Week ========
.
3/9/2014 12:06:01 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1005] - Unable to produce a minidump file from the full dump file.
3/9/2014 12:06:01 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007f (0x00000008, 0x801b1000, 0x00000000, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: .
3/9/2014 12:05:51 PM, Error: Microsoft-Windows-GroupPolicy [1053] - The processing of Group Policy failed. Windows could not resolve the user name. This could be caused by one of more of the following: a) Name Resolution failure on the current domain controller. b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
3/9/2014 1:34:41 PM, Error: Microsoft-Windows-GroupPolicy [1058] - The processing of Group Policy failed. Windows attempted to read the file \\Latronica.com\sysvol\Latronica.com\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following: a) Name Resolution/Network Connectivity to the current domain controller. b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller). c) The Distributed File System (DFS) client has been disabled.
3/9/2014 1:29:16 PM, Error: Service Control Manager [7023] - The SPP Notification Service service terminated with the following error: Access is denied.
3/9/2014 1:23:39 PM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107.
3/9/2014 1:23:39 PM, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
3/7/2014 2:24:28 AM, Error: Microsoft-Windows-GroupPolicy [1054] - The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
3/6/2014 8:59:03 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Volume Shadow Copy service to connect.
3/6/2014 8:59:03 PM, Error: Service Control Manager [7000] - The Volume Shadow Copy service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/6/2014 8:59:03 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service VSS with arguments " " in order to run the server: {0B5A2C52-3EB9-470A-96E2-6C6D4570E40F}
3/6/2014 8:46:42 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
3/6/2014 8:46:42 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/6/2014 8:46:13 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
3/6/2014 8:46:13 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
3/6/2014 8:42:43 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
3/6/2014 8:26:45 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments " " in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
3/6/2014 8:26:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments " " in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
3/6/2014 8:26:42 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/6/2014 8:26:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments " " in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
3/6/2014 8:26:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments " " in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
3/6/2014 8:26:18 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache spldr Wanarpv6
3/6/2014 7:06:36 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
3/6/2014 7:05:15 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanServer service.
3/4/2014 11:06:30 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Modules Installer service to connect.
3/4/2014 11:06:30 AM, Error: Service Control Manager [7000] - The Windows Modules Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/4/2014 11:06:30 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service TrustedInstaller with arguments " " in order to run the server: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
3/11/2014 4:40:21 AM, Error: Microsoft-Windows-GroupPolicy [1129] - The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
3/10/2014 6:44:46 PM, Error: NETLOGON [5719] - This computer was not able to set up a secure session with a domain controller in domain LATRONICA due to the following: There are currently no logon servers available to service the logon request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.
3/10/2014 2:49:53 PM, Error: Microsoft-Windows-TerminalServices-RemoteConnectionManager [1067] - The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted. .
3/10/2014 2:45:35 PM, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
3/10/2014 2:45:35 PM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.
3/10/2014 2:43:33 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: vdorctrl
3/10/2014 2:43:22 PM, Error: Microsoft-Windows-GroupPolicy [1055] - The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following: a) Name Resolution failure on the current domain controller. b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
.
==== End Of File ===========================

broni · 2014/03/11

Good

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1

Link 2

Close all the running programs

Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator

Otherwise just double-click on RogueKiller.exe

Pre-scan will start. Let it finish.

Click on SCAN button.

Wait until the Status box shows Scan Finished

Click on Delete.

Wait until the Status box shows Deleting Finished.

Click on Report and copy/paste the content of the Notepad into your next reply.

RKreport.txt could also be found on your desktop.

If more than one log is produced post all logs.

If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Create new restore point before proceeding with the next step....
How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

Download Malwarebytes Anti-Rootkit (MBAR) from HERE

Unzip downloaded file.

Open the folder where the contents were unzipped and run mbar.exe

Follow the instructions in the wizard to update and allow the program to scan your computer for threats.

Click on the Cleanup button to remove any threats and reboot if prompted to do so.

Wait while the system shuts down and the cleanup process is performed.

Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.

When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt

Jeremie · 2014/03/12

RogueKiller V8.8.10 [Feb 28 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Nicole [Admin rights]
Mode : Remove -- Date : 03/12/2014 10:56:18
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 6 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\RunOnce : *GoToAssist (C:\Users\NICOLE~1.LAT\AppData\Local\Temp\G2A1CE2.tmp.bat [-]) -> DELETED
[RUN][SUSP PATH] HKUS\S-1-5-21-790384558-2054425275-2914615486-1161\[...]\RunOnce : *GoToAssist (C:\Users\NICOLE~1.LAT\AppData\Local\Temp\G2A1CE2.tmp.bat [-]) -> [0x2] The system cannot find the file specified.
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ SCSI) SAMSUNG HD080HJ/P SCSI Disk Device +++++
--- User ---
[MBR] ecc145b026c948f6ec5e3acb176587d4
[BSP] 8040a018270f6aaa0a6cde984297be7b : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 76191 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x1] Incorrect function. )

Finished : << RKreport[0]_D_03122014_105618.txt >>
RKreport[0]_S_03122014_105509.txt

Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org

Database version: v2014.03.12.08

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.16518
Nicole :: LAW11 [administrator]

3/12/2014 11:00:59 AM
mbar-log-2014-03-12 (11-00-59).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 465722
Time elapsed: 15 minute(s), 50 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

broni · 2014/03/12

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Never rename Combofix unless instructed.

Close any open browsers.

Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

Close any open browsers.

WARNING: Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
If the connection is not there use restore point you created prior to running Combofix.

Double click on combofix.exe & follow the prompts.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

Double-click on the Rkill desktop icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

Jeremie · 2014/03/13

The computer has lost internet connection and it has not be restored after a reboot. Should I still use system restore or should I troubleshoot?

broni · 2014/03/13

Use restore point you created prior to running MBAR.

Jeremie · 2014/03/14

ComboFix 14-03-13.01 - Nicole 03/14/2014 17:22:53.1.1 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3006.1957 [GMT -4:00]
Running from: c:\users\Nicole.LATRONICA\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\Mikhail\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix
c:\users\Mikhail\GoToAssistDownloadHelper.exe
c:\users\ralph\GoToAssistDownloadHelper.exe
c:\windows\system32\drivers\etc\hosts.ics
.
.
((((((((((((((((((((((((( Files Created from 2014-02-14 to 2014-03-14 )))))))))))))))))))))))))))))))
.
.
2014-03-14 21:34 . 2014-03-14 21:34 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-03-14 21:34 . 2014-03-14 21:34 -------- d-----w- c:\users\ralph\AppData\Local\temp
2014-03-14 21:34 . 2014-03-14 21:34 -------- d-----w- c:\users\Mikhail\AppData\Local\temp
2014-03-14 21:34 . 2014-03-14 21:34 -------- d-----w- c:\users\LL3\AppData\Local\temp
2014-03-14 21:34 . 2014-03-14 21:34 -------- d-----w- c:\users\Jeremie\AppData\Local\temp
2014-03-14 21:34 . 2014-03-14 21:34 -------- d-----w- c:\users\Jeremie.LAW11\AppData\Local\temp
2014-03-14 21:34 . 2014-03-14 21:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-03-14 21:34 . 2014-03-14 21:34 -------- d-----w- c:\users\Chris\AppData\Local\temp
2014-03-14 21:34 . 2014-03-14 21:34 -------- d-----w- c:\users\bob\AppData\Local\temp
2014-03-14 21:34 . 2014-03-14 21:34 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2014-03-14 21:24 . 2014-03-14 21:24 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E04302C2-0C6E-48C5-A035-9342302A3012}\offreg.dll
2014-03-12 15:00 . 2014-03-12 16:05 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-03-12 15:00 . 2014-03-12 15:00 107224 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-03-12 14:59 . 2014-03-12 14:59 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-03-09 21:15 . 2014-03-09 21:15 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-03-09 19:18 . 2014-03-11 20:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2014-03-09 19:18 . 2013-04-04 18:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-03-09 19:16 . 2014-03-09 19:15 64168 ----a-w- c:\windows\system32\drivers\aswStm.sys
2014-03-09 19:16 . 2014-03-09 19:15 180248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-03-09 19:16 . 2014-03-09 19:15 775952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-03-09 19:16 . 2014-03-09 19:15 410784 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-03-09 19:16 . 2014-03-09 19:15 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-03-09 19:16 . 2014-03-09 19:15 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-03-09 19:16 . 2014-03-09 19:15 79720 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-03-09 19:16 . 2014-03-09 19:15 270240 ----a-w- c:\windows\system32\aswBoot.exe
2014-03-09 19:15 . 2014-03-09 19:15 43152 ----a-w- c:\windows\avastSS.scr
2014-03-09 19:15 . 2014-03-09 19:15 -------- d-----w- c:\program files\AVAST Software
2014-03-09 19:12 . 2014-03-09 19:12 -------- d-----w- c:\programdata\AVAST Software
2014-03-09 18:14 . 2014-03-09 18:14 -------- d-----w- c:\program files\DLLSuite
2014-03-07 01:44 . 2014-03-14 21:11 -------- d-----w- c:\users\Nicole.LATRONICA
2014-03-07 00:45 . 2014-03-07 00:45 -------- d-----w- c:\users\Jeremie\AppData\Roaming\Malwarebytes
2014-03-07 00:27 . 2013-12-04 02:57 7760024 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E04302C2-0C6E-48C5-A035-9342302A3012}\mpengine.dll
2014-03-04 21:18 . 2014-03-07 00:26 -------- d-----w- c:\users\nicole
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-11 20:47 . 2012-03-29 15:39 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-03-11 20:47 . 2011-08-22 13:39 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-09 16:56 . 2010-11-20 21:29 409088 ----a-w- c:\windows\system32\systemcpl.dll
2014-02-06 10:20 . 2014-02-12 13:42 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-02-06 10:19 . 2014-02-12 13:42 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-02-06 10:01 . 2014-02-12 13:42 61952 ----a-w- c:\windows\system32\iesetup.dll
2014-02-06 10:00 . 2014-02-12 13:42 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-02-06 09:47 . 2014-02-12 13:42 112128 ----a-w- c:\windows\system32\ieUnatt.exe
2014-02-06 09:47 . 2014-02-12 13:42 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-02-06 09:46 . 2014-02-12 13:42 553472 ----a-w- c:\windows\system32\jscript9diag.dll
2014-02-06 09:25 . 2014-02-12 13:42 4244480 ----a-w- c:\windows\system32\jscript9.dll
2014-02-06 09:09 . 2014-02-12 13:42 1964032 ----a-w- c:\windows\system32\inetcpl.cpl
2014-02-06 08:41 . 2014-02-12 13:42 1820160 ----a-w- c:\windows\system32\wininet.dll
2013-12-24 23:09 . 2014-02-12 09:34 1987584 ----a-w- c:\windows\system32\d3d10warp.dll
2013-12-21 08:56 . 2014-02-12 13:37 454656 ----a-w- c:\windows\system32\vbscript.dll
2013-12-18 11:13 . 2011-08-21 15:32 231584 ----a-w- c:\windows\system32\MpSigStub.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2011-08-20 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7601.17514] . . c:\windows\System32\user32.dll
[7] 2010-11-20 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@= "{472083B0-C522-11CF-8763-00608CC02F24} "
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-03-09 19:15 259464 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint "= "c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"AvastUI.exe "= "c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-03-09 3767096]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Google Calendar Sync.lnk - c:\program files\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser "= 3 (0x3)
"EnableUIADesktopToggle "= 0 (0x0)
"PromptOnSecureDesktop "= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sdnclean.exe
.
[HKLM\~\startupfolder\C:^Users^Mikhail^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]
path=c:\users\Mikhail\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-11-21 16:57 959904 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
R0 vdorctrl;vdorctrl;c:\windows\system32\DRIVERS\vdorctrl.sys [x]
R3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2014-03-09 64168]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-02-06 108032]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2011-05-10 18432]
R3 netr73;Belkin Wireless G Plus MIMO USB Network Adapter Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2007-11-12 468480]
R3 radpms;Driver for RADPMS Device;c:\windows\system32\DRIVERS\radpms.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-20 77184]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2012-08-23 24064]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 27136]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;WatAdminSvc;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-20 1343400]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-03-09 775952]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-03-09 410784]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-03-09 67824]
S2 chromoting;Chrome Remote Desktop Service;c:\program files\Google\Chrome Remote Desktop\33.0.1750.125\remoting_host.exe [2014-02-19 50504]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S2 Update Agent;Practice Manager Update Agent;c:\program files\Common Files\PMGSoftware\Esd\PM.Deployment.EsdService.exe [2007-11-23 61440]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-09 17:18 1150280 ----a-w- c:\program files\Google\Chrome\Application\33.0.1750.146\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 20:47]
.
2014-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-26 16:23]
.
2014-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-26 16:23]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: Interfaces\{C4F17985-9FA1-4056-A8CB-8F019BF79CBF}: NameServer = 167.206.7.4,192.168.1.4
DPF: {00140000-B1BA-11CE-ABC6-F5B2E79D9E3F} - file:///D:/Scripts/LTOCX14N.cab
DPF: {53D40FAA-4E21-459F-AA87-E4D97FC3245A} - hxxp://win08srvr/PMGSoftware/PMSetup/webfiles/setup.exe
DPF: {9D28AF62-62C1-4553-ACB9-9A148E3C35AF} - hxxp://win08srvr/PMGSoftware/PMSetup/webfiles/PmReqChecker.CAB
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-APSDaemon - c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
MSConfigStartUp-LogMeIn GUI - c:\program files\LogMeIn\x86\LogMeInSystray.exe
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\QTTask.exe
MSConfigStartUp-RIMBBLaunchAgent - c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\system32\conhost.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\program files\Common Files\PMGSoftware\Esd\PM.Deployment.EsdServiceMonitor.exe
.
**************************************************************************
.
Completion time: 2014-03-14 18:10:23 - machine was rebooted
ComboFix-quarantined-files.txt 2014-03-14 22:10
.
Pre-Run: 12,830,035,968 bytes free
Post-Run: 16,609,402,880 bytes free
.
- - End Of File - - 95E7698189E8974AF75DDF800764C02F
A36C5E4F47E84449FF07ED3517B43A31

broni · 2014/03/14

1. Please open Notepad (Start>All Programs>Accessories>Notepad).

2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:
FCopy::
c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll | c:\windows\System32\user32.dll

Driver::
vdorctrl

ClearJavaCache::
3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

Jeremie · 2014/03/14

ComboFix 14-03-13.01 - Nicole 03/14/2014 19:19:03.2.1 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3006.2104 [GMT -4:00]
Running from: C:\Users\Nicole.LATRONICA\Desktop\ComboFix.exe
Command switches used :: C:\Users\Nicole.LATRONICA\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

broni · 2014/03/14

Incomplete log.
Please redo.

Jeremie · 2014/03/15

ComboFix 14-03-13.01 - Nicole 03/14/2014 19:19:03.2.1 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3006.2104 [GMT -4:00]
Running from: c:\users\Nicole.LATRONICA\Desktop\ComboFix.exe
Command switches used :: c:\users\Nicole.LATRONICA\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
--------------- FCopy ---------------
.
c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll --> c:\windows\System32\user32.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_VDORCTRL
-------\Service_vdorctrl
.
.
((((((((((((((((((((((((( Files Created from 2014-02-16 to 2014-03-16 )))))))))))))))))))))))))))))))
.
.
2014-03-14 23:28 . 2014-03-14 23:28 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-03-14 23:28 . 2014-03-14 23:28 -------- d-----w- c:\users\ralph\AppData\Local\temp
2014-03-14 23:28 . 2014-03-14 23:28 -------- d-----w- c:\users\Mikhail\AppData\Local\temp
2014-03-14 23:28 . 2014-03-14 23:28 -------- d-----w- c:\users\LL3\AppData\Local\temp
2014-03-14 23:28 . 2014-03-14 23:28 -------- d-----w- c:\users\Jeremie\AppData\Local\temp
2014-03-14 23:28 . 2014-03-14 23:28 -------- d-----w- c:\users\Jeremie.LAW11\AppData\Local\temp
2014-03-14 23:28 . 2014-03-14 23:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-03-14 23:28 . 2014-03-14 23:28 -------- d-----w- c:\users\Chris\AppData\Local\temp
2014-03-14 23:28 . 2014-03-14 23:28 -------- d-----w- c:\users\bob\AppData\Local\temp
2014-03-14 23:28 . 2014-03-14 23:28 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2014-03-14 21:24 . 2014-03-14 21:24 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E04302C2-0C6E-48C5-A035-9342302A3012}\offreg.dll
2014-03-12 15:00 . 2014-03-12 16:05 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-03-12 15:00 . 2014-03-12 15:00 107224 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-03-12 14:59 . 2014-03-12 14:59 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-03-09 21:15 . 2014-03-09 21:15 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-03-09 19:18 . 2014-03-11 20:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2014-03-09 19:18 . 2013-04-04 18:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-03-09 19:16 . 2014-03-09 19:15 64168 ----a-w- c:\windows\system32\drivers\aswStm.sys
2014-03-09 19:16 . 2014-03-09 19:15 180248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-03-09 19:16 . 2014-03-09 19:15 775952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-03-09 19:16 . 2014-03-09 19:15 410784 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-03-09 19:16 . 2014-03-09 19:15 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-03-09 19:16 . 2014-03-09 19:15 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-03-09 19:16 . 2014-03-09 19:15 79720 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-03-09 19:16 . 2014-03-09 19:15 270240 ----a-w- c:\windows\system32\aswBoot.exe
2014-03-09 19:15 . 2014-03-09 19:15 43152 ----a-w- c:\windows\avastSS.scr
2014-03-09 19:15 . 2014-03-09 19:15 -------- d-----w- c:\program files\AVAST Software
2014-03-09 19:12 . 2014-03-09 19:12 -------- d-----w- c:\programdata\AVAST Software
2014-03-09 18:14 . 2014-03-09 18:14 -------- d-----w- c:\program files\DLLSuite
2014-03-07 01:44 . 2014-03-14 21:11 -------- d-----w- c:\users\Nicole.LATRONICA
2014-03-07 00:45 . 2014-03-07 00:45 -------- d-----w- c:\users\Jeremie\AppData\Roaming\Malwarebytes
2014-03-07 00:27 . 2013-12-04 02:57 7760024 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E04302C2-0C6E-48C5-A035-9342302A3012}\mpengine.dll
2014-03-04 21:18 . 2014-03-07 00:26 -------- d-----w- c:\users\nicole
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-11 20:47 . 2012-03-29 15:39 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-03-11 20:47 . 2011-08-22 13:39 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-09 16:56 . 2010-11-20 21:29 409088 ----a-w- c:\windows\system32\systemcpl.dll
2014-02-06 10:20 . 2014-02-12 13:42 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-02-06 10:19 . 2014-02-12 13:42 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-02-06 10:01 . 2014-02-12 13:42 61952 ----a-w- c:\windows\system32\iesetup.dll
2014-02-06 10:00 . 2014-02-12 13:42 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-02-06 09:47 . 2014-02-12 13:42 112128 ----a-w- c:\windows\system32\ieUnatt.exe
2014-02-06 09:47 . 2014-02-12 13:42 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-02-06 09:46 . 2014-02-12 13:42 553472 ----a-w- c:\windows\system32\jscript9diag.dll
2014-02-06 09:25 . 2014-02-12 13:42 4244480 ----a-w- c:\windows\system32\jscript9.dll
2014-02-06 09:09 . 2014-02-12 13:42 1964032 ----a-w- c:\windows\system32\inetcpl.cpl
2014-02-06 08:41 . 2014-02-12 13:42 1820160 ----a-w- c:\windows\system32\wininet.dll
2013-12-24 23:09 . 2014-02-12 09:34 1987584 ----a-w- c:\windows\system32\d3d10warp.dll
2013-12-21 08:56 . 2014-02-12 13:37 454656 ----a-w- c:\windows\system32\vbscript.dll
2013-12-18 11:13 . 2011-08-21 15:32 231584 ----a-w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@= "{472083B0-C522-11CF-8763-00608CC02F24} "
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-03-09 19:15 259464 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint "= "c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"AvastUI.exe "= "c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-03-09 3767096]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Google Calendar Sync.lnk - c:\program files\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser "= 3 (0x3)
"EnableUIADesktopToggle "= 0 (0x0)
"PromptOnSecureDesktop "= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sdnclean.exe
.
[HKLM\~\startupfolder\C:^Users^Mikhail^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]
path=c:\users\Mikhail\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-11-21 16:57 959904 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
R3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2014-03-09 64168]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-02-06 108032]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2011-05-10 18432]
R3 netr73;Belkin Wireless G Plus MIMO USB Network Adapter Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2007-11-12 468480]
R3 radpms;Driver for RADPMS Device;c:\windows\system32\DRIVERS\radpms.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-20 77184]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2012-08-23 24064]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 27136]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;WatAdminSvc;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-20 1343400]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-03-09 775952]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-03-09 410784]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-03-09 67824]
S2 chromoting;Chrome Remote Desktop Service;c:\program files\Google\Chrome Remote Desktop\33.0.1750.125\remoting_host.exe [2014-02-19 50504]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S2 Update Agent;Practice Manager Update Agent;c:\program files\Common Files\PMGSoftware\Esd\PM.Deployment.EsdService.exe [2007-11-23 61440]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-09 17:18 1150280 ----a-w- c:\program files\Google\Chrome\Application\33.0.1750.146\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 20:47]
.
2014-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-26 16:23]
.
2014-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-26 16:23]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: Interfaces\{C4F17985-9FA1-4056-A8CB-8F019BF79CBF}: NameServer = 167.206.7.4,192.168.1.4
DPF: {00140000-B1BA-11CE-ABC6-F5B2E79D9E3F} - file:///D:/Scripts/LTOCX14N.cab
DPF: {53D40FAA-4E21-459F-AA87-E4D97FC3245A} - hxxp://win08srvr/PMGSoftware/PMSetup/webfiles/setup.exe
DPF: {9D28AF62-62C1-4553-ACB9-9A148E3C35AF} - hxxp://win08srvr/PMGSoftware/PMSetup/webfiles/PmReqChecker.CAB
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\system32\conhost.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\program files\Common Files\PMGSoftware\Esd\PM.Deployment.EsdServiceMonitor.exe
c:\program files\AVAST Software\Avast\setup\instup.exe
.
**************************************************************************
.
Completion time: 2014-03-15 21:15:07 - machine was rebooted
ComboFix-quarantined-files.txt 2014-03-16 01:15
ComboFix2.txt 2014-03-14 22:10
.
Pre-Run: 16,684,855,296 bytes free
Post-Run: 16,360,439,808 bytes free
.
- - End Of File - - 12900C64F250BF7D45155FA825761E6A
A36C5E4F47E84449FF07ED3517B43A31

Jeremie · 2014/03/15

ComboFix 14-03-13.01 - Nicole 03/15/2014 21:22:51.3.1 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3006.2076 [GMT -4:00]
Running from: c:\users\Nicole.LATRONICA\Desktop\ComboFix.exe
Command switches used :: c:\users\Nicole.LATRONICA\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
--------------- FCopy ---------------
.
c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll --> c:\windows\System32\user32.dll
.
((((((((((((((((((((((((( Files Created from 2014-02-16 to 2014-03-16 )))))))))))))))))))))))))))))))
.
.
2014-03-16 01:33 . 2014-03-16 01:33 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-03-16 01:33 . 2014-03-16 01:33 -------- d-----w- c:\users\ralph\AppData\Local\temp
2014-03-16 01:33 . 2014-03-16 01:33 -------- d-----w- c:\users\Mikhail\AppData\Local\temp
2014-03-16 01:33 . 2014-03-16 01:33 -------- d-----w- c:\users\LL3\AppData\Local\temp
2014-03-16 01:33 . 2014-03-16 01:33 -------- d-----w- c:\users\Jeremie\AppData\Local\temp
2014-03-16 01:33 . 2014-03-16 01:33 -------- d-----w- c:\users\Jeremie.LAW11\AppData\Local\temp
2014-03-16 01:33 . 2014-03-16 01:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-03-16 01:33 . 2014-03-16 01:33 -------- d-----w- c:\users\Chris\AppData\Local\temp
2014-03-16 01:33 . 2014-03-16 01:33 -------- d-----w- c:\users\bob\AppData\Local\temp
2014-03-16 01:33 . 2014-03-16 01:33 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2014-03-14 21:24 . 2014-03-14 21:24 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E04302C2-0C6E-48C5-A035-9342302A3012}\offreg.dll
2014-03-12 15:00 . 2014-03-12 16:05 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-03-12 15:00 . 2014-03-12 15:00 107224 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-03-12 14:59 . 2014-03-12 14:59 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-03-09 21:15 . 2014-03-09 21:15 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-03-09 19:18 . 2014-03-11 20:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2014-03-09 19:18 . 2013-04-04 18:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-03-09 19:16 . 2014-03-09 19:15 64168 ----a-w- c:\windows\system32\drivers\aswStm.sys
2014-03-09 19:16 . 2014-03-09 19:15 180248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-03-09 19:16 . 2014-03-09 19:15 775952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-03-09 19:16 . 2014-03-09 19:15 410784 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-03-09 19:16 . 2014-03-09 19:15 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-03-09 19:16 . 2014-03-09 19:15 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-03-09 19:16 . 2014-03-09 19:15 79720 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-03-09 19:16 . 2014-03-09 19:15 270240 ----a-w- c:\windows\system32\aswBoot.exe
2014-03-09 19:15 . 2014-03-09 19:15 43152 ----a-w- c:\windows\avastSS.scr
2014-03-09 19:15 . 2014-03-09 19:15 -------- d-----w- c:\program files\AVAST Software
2014-03-09 19:12 . 2014-03-09 19:12 -------- d-----w- c:\programdata\AVAST Software
2014-03-09 18:14 . 2014-03-09 18:14 -------- d-----w- c:\program files\DLLSuite
2014-03-07 01:44 . 2014-03-14 21:11 -------- d-----w- c:\users\Nicole.LATRONICA
2014-03-07 00:45 . 2014-03-07 00:45 -------- d-----w- c:\users\Jeremie\AppData\Roaming\Malwarebytes
2014-03-07 00:27 . 2013-12-04 02:57 7760024 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E04302C2-0C6E-48C5-A035-9342302A3012}\mpengine.dll
2014-03-04 21:18 . 2014-03-07 00:26 -------- d-----w- c:\users\nicole
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-11 20:47 . 2012-03-29 15:39 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-03-11 20:47 . 2011-08-22 13:39 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-09 16:56 . 2010-11-20 21:29 409088 ----a-w- c:\windows\system32\systemcpl.dll
2014-02-06 10:20 . 2014-02-12 13:42 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-02-06 10:19 . 2014-02-12 13:42 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-02-06 10:01 . 2014-02-12 13:42 61952 ----a-w- c:\windows\system32\iesetup.dll
2014-02-06 10:00 . 2014-02-12 13:42 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-02-06 09:47 . 2014-02-12 13:42 112128 ----a-w- c:\windows\system32\ieUnatt.exe
2014-02-06 09:47 . 2014-02-12 13:42 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-02-06 09:46 . 2014-02-12 13:42 553472 ----a-w- c:\windows\system32\jscript9diag.dll
2014-02-06 09:25 . 2014-02-12 13:42 4244480 ----a-w- c:\windows\system32\jscript9.dll
2014-02-06 09:09 . 2014-02-12 13:42 1964032 ----a-w- c:\windows\system32\inetcpl.cpl
2014-02-06 08:41 . 2014-02-12 13:42 1820160 ----a-w- c:\windows\system32\wininet.dll
2013-12-24 23:09 . 2014-02-12 09:34 1987584 ----a-w- c:\windows\system32\d3d10warp.dll
2013-12-21 08:56 . 2014-02-12 13:37 454656 ----a-w- c:\windows\system32\vbscript.dll
2013-12-18 11:13 . 2011-08-21 15:32 231584 ----a-w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@= "{472083B0-C522-11CF-8763-00608CC02F24} "
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-03-09 19:15 259464 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint "= "c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"AvastUI.exe "= "c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-03-09 3767096]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Google Calendar Sync.lnk - c:\program files\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser "= 3 (0x3)
"EnableUIADesktopToggle "= 0 (0x0)
"PromptOnSecureDesktop "= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sdnclean.exe
.
[HKLM\~\startupfolder\C:^Users^Mikhail^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]
path=c:\users\Mikhail\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-11-21 16:57 959904 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
R3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2014-03-09 64168]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-02-06 108032]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2011-05-10 18432]
R3 netr73;Belkin Wireless G Plus MIMO USB Network Adapter Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2007-11-12 468480]
R3 radpms;Driver for RADPMS Device;c:\windows\system32\DRIVERS\radpms.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-20 77184]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2012-08-23 24064]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 27136]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;WatAdminSvc;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-20 1343400]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-03-09 775952]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-03-09 410784]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-03-09 67824]
S2 chromoting;Chrome Remote Desktop Service;c:\program files\Google\Chrome Remote Desktop\33.0.1750.125\remoting_host.exe [2014-02-19 50504]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S2 Update Agent;Practice Manager Update Agent;c:\program files\Common Files\PMGSoftware\Esd\PM.Deployment.EsdService.exe [2007-11-23 61440]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-09 17:18 1150280 ----a-w- c:\program files\Google\Chrome\Application\33.0.1750.146\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 20:47]
.
2014-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-26 16:23]
.
2014-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-26 16:23]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: Interfaces\{C4F17985-9FA1-4056-A8CB-8F019BF79CBF}: NameServer = 167.206.7.4,192.168.1.4
DPF: {00140000-B1BA-11CE-ABC6-F5B2E79D9E3F} - file:///D:/Scripts/LTOCX14N.cab
DPF: {53D40FAA-4E21-459F-AA87-E4D97FC3245A} - hxxp://win08srvr/PMGSoftware/PMSetup/webfiles/setup.exe
DPF: {9D28AF62-62C1-4553-ACB9-9A148E3C35AF} - hxxp://win08srvr/PMGSoftware/PMSetup/webfiles/PmReqChecker.CAB
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-03-15 21:34:39
ComboFix-quarantined-files.txt 2014-03-16 01:34
ComboFix2.txt 2014-03-16 01:15
ComboFix3.txt 2014-03-14 22:10
.
Pre-Run: 16,340,185,088 bytes free
Post-Run: 16,045,928,448 bytes free
.
- - End Of File - - 23F8E7177F05D52E0B22AABA25FBFC17
A36C5E4F47E84449FF07ED3517B43A31

broni · 2014/03/16

Good.

How is computer doing?

Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.

Double click on adwcleaner.exe to run the tool.

Click on Scan button.

When the scan has finished click on Clean button.

Your computer will be rebooted automatically. A text file will open after the restart.

Please post the contents of that logfile with your next reply.

You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.

Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator ".

The tool will open and start scanning your system.

Please be patient as this can take a while to complete depending on your system's specifications.

On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

Post the contents of JRT.txt into your next message.

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Click the Scan All Users checkbox.

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

Jeremie · 2014/03/18

Adware

# AdwCleaner v3.022 - Report created 16/03/2014 at 18:59:01
# Updated 13/03/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)
# Username : Nicole - LAW11
# Running from : C:\Users\Nicole.LATRONICA\Downloads\adwcleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Found C:\ProgramData\Tarma Installer

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKLM\Software\Freeze.com
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16518

-\\ Google Chrome v33.0.1750.154

*************************

AdwCleaner[R0].txt - [740 octets] - [16/03/2014 18:59:01]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [799 octets] ##########

Jeremie · 2014/03/18

# AdwCleaner v3.022 - Report created 16/03/2014 at 19:02:40
# Updated 13/03/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)
# Username : Nicole - LAW11
# Running from : C:\Users\Nicole.LATRONICA\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Tarma Installer

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\Software\Freeze.com

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16518

-\\ Google Chrome v33.0.1750.154

*************************

AdwCleaner[R0].txt - [878 octets] - [16/03/2014 18:59:01]
AdwCleaner[S0].txt - [810 octets] - [16/03/2014 19:02:40]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [869 octets] ##########

Log in or Sign up

Solved CPU usage 100% multiple explorer.exe

Jeremie Inactive Thread Starter

broni Moderator Malware Analyst

Jeremie Inactive Thread Starter

broni Moderator Malware Analyst

Jeremie Inactive Thread Starter

Jeremie Inactive Thread Starter

broni Moderator Malware Analyst

Jeremie Inactive Thread Starter

broni Moderator Malware Analyst

Jeremie Inactive Thread Starter

broni Moderator Malware Analyst

Jeremie Inactive Thread Starter

broni Moderator Malware Analyst

Jeremie Inactive Thread Starter

broni Moderator Malware Analyst

Jeremie Inactive Thread Starter

Jeremie Inactive Thread Starter

broni Moderator Malware Analyst

Jeremie Inactive Thread Starter

Jeremie Inactive Thread Starter

Share This Page

Log in or Sign up

Solved CPU usage 100% multiple explorer.exe

Jeremie Inactive Thread Starter

broni Moderator Malware Analyst

Jeremie Inactive Thread Starter

broni Moderator Malware Analyst

Jeremie Inactive Thread Starter

Jeremie Inactive Thread Starter

broni Moderator Malware Analyst

Jeremie Inactive Thread Starter

broni Moderator Malware Analyst

Jeremie Inactive Thread Starter

broni Moderator Malware Analyst

Jeremie Inactive Thread Starter

broni Moderator Malware Analyst

Jeremie Inactive Thread Starter

broni Moderator Malware Analyst

Jeremie Inactive Thread Starter

Jeremie Inactive Thread Starter

broni Moderator Malware Analyst

Jeremie Inactive Thread Starter

Jeremie Inactive Thread Starter

Share This Page

Useful Searches