Tech Support Forum banner
Status
Not open for further replies.

Computer barraged by a large number of softwares

2K views 3 replies 2 participants last post by  chemist 
#1 ·
My friend decided to download something without double checking, and via installation a huge number of unwanted software were installed on his computer. Immediately after installation, both Chrome and Internet Explorer were modified. After restarting the laptop once, the following things happened

1. The screen brightness was changed, and power option could not be accessed to revert the change
2. The "start" taskbar was changed from blue to white, which usually indicated something was changed in the power and/or graphics setting as far as I know.
3. Internet access was removed, and windows could not detect any hardware to connect to the internet. The laptop's model number was Asus X555L and it ran on Wireless before.

I ran both DDS and GMer, as well as taking 4 screenshots. Here are the files and what they are

hxxps://www.dropbox.com/s/9abhdzdymc6hb3z/screenshot%201.png?dl=0
hxxps://www.dropbox.com/s/1yxc87h0obbtld5/screenshot%202.png?dl=0

Screenshot 1 and 2: list of apps in the add/remove program that were installed that day. Everything installed on 4/25 were not desired to the best of my knowledge

hxxps://www.dropbox.com/s/6nq9tamvc0ukqgv/screenshot%203.png?dl=0
hxxps://www.dropbox.com/s/7311p9hwdspqn7r/screenshot%204.png?dl=0

Screenshot 3 and 4: Processes that were running after a fresh reboot of the computer.

In all screenshots, the program "super optimizer" were not shown but is also installed and run on every startup.

I have the infected laptop with me so I will try to provide as much relevant information as requested. Thank you in advance
 

Attachments

See less See more
#2 ·
Here is the DDS.txt file.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17728
Run by user at 7:01:09 on 2015-04-25
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRa4jz1rZ_3Znl2XUOVqPCRz79n1INVT5unlwpD9V0gqUJB0Q3YFIIWXNKedj66OLdmdGGIaU7WqI17SoZhbZTUuDwEnWMZe_siPcRif1_6XtUgpzoSJDLZeUhIIyCSMEhwZBhOrU51etBQcrJ-NDQbyqIxx_9r3tRtFYIuJiHdUIdRw,
uSearch Bar = hxxp://feed.sonic-search.com/?p=mKO_AwFzXIpYRa4jz1rZ_3Znl2XUOVqPCRz79n1INVT5unlwpD9V0gqUJB0Q3YFIIWXNKedj66OLdmdGGIaU7WqI17SoZhbZTUuDwEnWMZe_siPcShy0soz96e2wKHvVFX5bhaB7VP1bH8jj2MfbQb_MB4hf6wqhJihOTGB2koxTNY0USdJoZLFaXOA,&q={searchTerms}
uSearch Page = hxxp://feed.sonic-search.com/?p=mKO_AwFzXIpYRa4jz1rZ_3Znl2XUOVqPCRz79n1INVT5unlwpD9V0gqUJB0Q3YFIIWXNKedj66OLdmdGGIaU7WqI17SoZhbZTUuDwEnWMZe_siPcShy0soz96e2wKHvVFX5bhaB7VP1bH8jj2MfbQb_MB4hf6wqhJihOTGB2koxTNY0USdJoZLFaXOA,&q={searchTerms}
uSearchAssistant = hxxp://feed.sonic-search.com/?p=mKO_AwFzXIpYRa4jz1rZ_3Znl2XUOVqPCRz79n1INVT5unlwpD9V0gqUJB0Q3YFIIWXNKedj66OLdmdGGIaU7WqI17SoZhbZTUuDwEnWMZe_siPcShy0soz96e2wKHvVFX5bhaB7VP1bH8jj2MfbQb_MB4hf6wqhJihOTGB2koxTNY0USdJoZLFaXOA,&q={searchTerms}
mWinlogon: Userinit = userinit.exe
BHO: Skype for Business Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
BHO: shopperz: {5081D2D4-1637-404c-B74F-50526718257D} -
BHO: Shopper Pro: {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} - C:\ProgramData\ShopperPro\ShopperPro.dll
BHO: SpeedChecker: {AC15D9FF-4602-8665-410A-3BD47A5407D6} - C:\Program Files (x86)\version76SpeedChecker\192.dll
BHO: Consumer Input DCA BHO: {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files (x86)\Consumer Input\InternetExplorer\dca-bho.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll
BHO: Shop Easy 1.0.0.7: {e98690a2-60a7-4487-a0ed-3abcb9f861c9} - C:\Program Files (x86)\Shop Easy\ShopEasybho.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
uRun: [GoogleChromeAutoLaunch_E826445BA2FC518B061DA6F1420274CD] "C:\Users\user\AppData\Local\Binkiland\Application\binkiland.exe" --no-startup-window --auto-launch-at-startup --profile-directory="Default"
uRun: [HP Officejet Pro 8600 (NET)] "C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" -deviceID "CN2ARBWHZF05KD:NW" -scfn "HP Officejet Pro 8600 (NET)" -AutoStart 1
uRun: [Super Optimizer] C:\Program Files (x86)\Super Optimizer\SupOptLauncher.exe
uRun: [Bubble Dock] "C:\Users\user\AppData\Roaming\Nosibay\Bubble Dock\LBubble Dock.exe" /winstartup
uRun: [WindApp] "C:\Users\user\AppData\Roaming\Store\WindApp\WindApp.exe" /winstartup
uRun: [Selection Tools] "C:\Users\user\AppData\Roaming\WTools\Selection Tools\Selection Tools.exe" /winstartup
uRun: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro 3.84\OptProLauncher.exe
uRun: [GoogleChromeAutoLaunch_100535F106431A9BDA15E8895BE69FFB] "C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe" --no-startup-window
uRun: [YTDownloader] "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
uRun: [SPDriver] C:\Program Files (x86)\ShopperPro\JSDriver\1.42.0.1791\jsdrv.exe
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRunOnce: [Wse_binkiland] C:\Windows\SysWOW64\wscript.exe /E:vbscript /B "C:\Users\user\AppData\Roaming\Wse_binkiland\UpdateProc\bkup.dat"
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [ospd_us_1034] "C:\Program Files (x86)\ospd_us_1034\ospd_us_1034.exe"
mRun: [StormWatch] "C:\Program Files (x86)\StormWatch\StormWatchApp.exe"
mRun: [YTDownloader] "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
mRun: [SPDriver] C:\Program Files (x86)\ShopperPro\JSDriver\1.42.0.1791\jsdrv.exe
mRunOnce: [Wse_binkiland] C:\Windows\SysWOW64\wscript.exe /E:vbscript /B "C:\Users\user\AppData\Roaming\Wse_binkiland\UpdateProc\bkup.dat"
mRunOnce: [Noganop] C:\Windows\SysWOW64\wscript.exe /E:vbscript /B "C:\Users\user\AppData\Local\1E8EBB~1\Sopogal.dat"
StartupFolder: C:\Users\user\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\CROSSB~1.LNK - C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe
StartupFolder: C:\Users\user\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\HQGHUM~1.LNK - C:\ProgramData\{1bdb1023-c41c-eb0b-1bdb-b1023c41408f}\hqghumeaylnlf.exe
StartupFolder: C:\Users\user\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\STORMW~1.LNK - C:\Program Files (x86)\StormWatch\StormWatch.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: ??? OneNote(&N) - <no file>
IE: ??? Microsoft Excel(&X) - <no file>
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
TCP: NameServer = 66.205.160.99 129.74.250.99
TCP: Interfaces\{0404B620-CA5D-4BA6-B943-15E8C4CD58A8} : DHCPNameServer = 192.168.1.1 168.126.63.2
TCP: Interfaces\{C065D192-AD63-4496-97B2-3A4D9775FE80} : DHCPNameServer = 66.205.160.99 129.74.250.99
TCP: Interfaces\{C065D192-AD63-4496-97B2-3A4D9775FE80}\E444D27657563747 : DHCPNameServer = 66.205.160.99 129.74.250.99
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
AppInit_DLLs= C:\Users\user\AppData\Local\AppText\qrxlzdut\dbohogs.dll
SSODL: WebCheck - <orphaned>
LSA: Notification Packages = scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Skype for Business Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-BHO: shopperz: {5081D2D4-1637-404c-B74F-50526718257D} - C:\Program Files\shopperz\mseff64.dll
x64-BHO: Shopper Pro: {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} - C:\ProgramData\ShopperPro\ShopperPro64.dll
x64-BHO: Consumer Input DCA BHO: {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files (x86)\Consumer Input\InternetExplorer\x64\dca-bho.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
x64-Run: [DptfPolicyLpmServiceHelper] C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [smrt] C:\Program Files (x86)\ProductUI\Startup.exe
x64-Run: [shopperz] C:\Program Files\shopperz\wrex.exe
x64-Run: [shopperz64] C:\Program Files\shopperz\wrex64.exe
x64-Run: [3D BubbleSound] "C:\Program Files\BubbleSound\3D BubbleSound.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2015-04-24 22:52:51 -------- d-----w- C:\Users\user\AppData\Local\Diagnostics
2015-04-24 22:29:10 -------- d-----w- C:\Users\user\AppData\Local\BrowserHelper
2015-04-24 22:27:53 21976 ----a-w- C:\Windows\System32\drivers\SPPD.sys
2015-04-24 22:03:13 136408 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2015-04-24 22:02:57 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2015-04-24 22:02:57 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2015-04-24 22:02:57 107736 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2015-04-24 22:02:57 -------- d-----w- C:\ProgramData\Malwarebytes
2015-04-24 22:02:57 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-24 22:00:52 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8CD7A958-6DC9-4195-A6AC-6698666B3C03}\offreg.dll
2015-04-24 21:59:58 -------- d-----w- C:\Users\user\AppData\Local\ZombieNews
2015-04-24 21:57:57 -------- d-----w- C:\Program Files (x86)\predm
2015-04-24 21:56:18 -------- d-----w- C:\Users\user\AppData\Local\avaavaevy
2015-04-24 21:56:14 -------- d-----w- C:\Users\user\AppData\Local\SearchProtect
2015-04-24 21:56:12 -------- d-----w- C:\Program Files (x86)\SearchProtect
2015-04-24 21:56:10 -------- d-----w- C:\ProgramData\PastaLeadsAgent
2015-04-24 21:56:08 -------- d-----w- C:\Program Files\Common Files\PastaLeads
2015-04-24 21:56:07 -------- d-----w- C:\Program Files (x86)\ORBTR
2015-04-24 21:55:15 -------- d-----w- C:\Users\user\AppData\Local\Skype
2015-04-24 21:55:03 -------- d-----r- C:\Program Files (x86)\Skype
2015-04-24 19:16:44 -------- d-----w- C:\Windows\SysWow64\Flash
2015-04-24 19:15:30 628688 ----a-w- C:\Users\user\AppData\Local\nsu9043.tmp
2015-04-24 19:15:30 -------- d-----w- C:\Program Files (x86)\AnyProtectEx
2015-04-24 19:15:29 -------- d-sh--w- C:\Users\user\AppData\Roaming\AnyProtectEx
2015-04-24 19:06:10 -------- d-----w- C:\Windows\System32\appmgmt
2015-04-24 18:23:38 -------- d-----w- C:\Program Files\Common Files\ShopperPro
2015-04-24 18:23:29 -------- d-----w- C:\ProgramData\ShopperPro
2015-04-24 18:23:25 -------- d-----w- C:\Program Files (x86)\ShopperPro
2015-04-24 18:22:17 -------- d-----w- C:\Program Files (x86)\globalUpdate
2015-04-24 18:22:16 -------- d-----w- C:\Users\user\AppData\Local\globalUpdate
2015-04-24 18:22:16 -------- d-----w- C:\Program Files (x86)\a9f5f23b-b590-44c3-91be-7f1989c9957a
2015-04-24 18:22:11 -------- d-----w- C:\Program Files (x86)\Ge-Force
2015-04-24 18:20:13 -------- d-----w- C:\Users\user\AppData\Roaming\Optimizer Pro
2015-04-24 18:17:09 -------- d-----w- C:\Program Files\BubbleSound
2015-04-24 18:16:09 -------- d-----w- C:\Program Files (x86)\YTDownloader
2015-04-24 18:15:48 60376 ----a-w- C:\Windows\System32\drivers\cherimoya.sys
2015-04-24 18:15:48 -------- d-----w- C:\Program Files\shopperz
2015-04-24 18:15:44 -------- d-----w- C:\ProgramData\SearchModule
2015-04-24 18:15:39 -------- d-----w- C:\Program Files\Common Files\Goobzo
2015-04-24 18:15:26 -------- d-----w- C:\Users\user\AppData\Local\Installer
2015-04-24 18:15:26 -------- d-----w- C:\Users\user\AppData\Local\CrashRpt
2015-04-24 18:15:00 -------- d-----w- C:\Users\user\AppData\Local\Crossbrowse
2015-04-24 18:14:50 -------- d-----w- C:\Program Files (x86)\Optimizer Pro 3.84
2015-04-24 18:14:48 -------- d-----w- C:\Program Files (x86)\Crossbrowse
2015-04-24 18:14:40 -------- d-----w- C:\ProgramData\{1bdb1023-c41c-eb0b-1bdb-b1023c41408f}
2015-04-24 18:13:21 -------- d-----w- C:\Users\user\AppData\Roaming\Super Optimizer
2015-04-24 18:12:46 -------- d-----w- C:\ProgramData\NetEngine
2015-04-24 18:10:00 -------- d-----w- C:\Users\user\AppData\Local\Weather_Protector_LLC
2015-04-24 18:09:46 -------- d-----w- C:\Users\user\AppData\Local\StormWatch
2015-04-24 18:09:44 -------- d-----w- C:\Program Files (x86)\StormWatch
2015-04-24 18:09:24 -------- d-----w- C:\Users\user\AppData\Roaming\WTools
2015-04-24 18:09:17 -------- d-----w- C:\Users\user\AppData\Roaming\Store
2015-04-24 18:09:06 -------- d-----w- C:\Users\user\AppData\Roaming\Nosibay
2015-04-24 18:08:17 -------- d-----w- C:\Users\user\AppData\Local\ospd_us_1034
2015-04-24 18:08:16 -------- d-----w- C:\Program Files (x86)\ospd_us_1034
2015-04-24 18:08:13 -------- d-----w- C:\ProgramData\OriginLab
2015-04-24 18:07:42 -------- d-----w- C:\ProgramData\cUPRFr
2015-04-24 18:07:38 -------- d-----w- C:\ProgramData\ZombieNews
2015-04-24 18:07:35 -------- d-----w- C:\Program Files (x86)\Super Optimizer
2015-04-24 18:07:13 -------- d-----w- C:\ProgramData\{e3e51f5b-5afd-766d-e3e5-51f5b5af7d6d}
2015-04-24 18:07:05 48776 ----a-w- C:\Windows\System32\drivers\{1875f6fa-13ed-41a9-bab4-8196252b2bed}Gw64.sys
2015-04-24 18:06:39 -------- d-----w- C:\Users\user\AppData\Local\68E92580-1429927599-81E4-317E-382C4A2B61BC
2015-04-24 18:06:31 -------- d-----w- C:\Users\user\AppData\Local\Consumer Input
2015-04-24 18:06:30 -------- d-----w- C:\Program Files (x86)\Consumer Input
2015-04-24 18:06:15 -------- d-----w- C:\ProgramData\COMODO
2015-04-24 18:05:55 -------- d-----w- C:\Users\user\AppData\Roaming\VOPackage
2015-04-24 18:05:55 -------- d-----w- C:\Users\user\AppData\Roaming\68E92580-1429898755-81E4-317E-382C4A2B61BC
2015-04-24 18:04:38 -------- d-----w- C:\Program Files (x86)\Shop Easy
2015-04-24 18:04:04 -------- d-----w- C:\ProgramData\Packerc431176a-cb7f-41dc-870e-69ac907ee2d2
2015-04-24 18:03:45 -------- d-----w- C:\Users\user\AppData\Local\Protectium
2015-04-24 18:03:17 -------- d-----w- C:\Program Files (x86)\ProductUI
2015-04-24 18:03:08 -------- d-----w- C:\Users\user\AppData\Local\AppText
2015-04-24 18:01:43 -------- d-----w- C:\ceea5e16-4b3b-491b-98c9-652ca9903a3f
2015-04-24 16:06:11 12032440 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8CD7A958-6DC9-4195-A6AC-6698666B3C03}\mpengine.dll
2015-04-21 21:03:08 57344 ----a-w- C:\Windows\SysWow64\GamryChartEng.dll
2015-04-21 21:03:08 40960 ----a-w- C:\Windows\SysWow64\SSubTmr6.dll
2015-04-21 21:03:08 299008 ----a-w- C:\Windows\SysWow64\sstabs2.ocx
2015-04-21 21:03:08 167936 ----a-w- C:\Windows\SysWow64\ccrpftv6.ocx
2015-04-21 21:03:08 118976 ----a-w- C:\Windows\SysWow64\MSADODC.OCX
2015-04-21 21:03:08 118784 ----a-w- C:\Windows\SysWow64\MSSTDFMT.DLL
2015-04-21 21:03:07 -------- d-----w- C:\Program Files (x86)\Common Files\Software FX Shared
2015-04-21 21:03:06 66984 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VBA\VBA6\1033\apc60itl.dll
2015-04-21 21:03:06 582648 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VBA\VBA6\apc65.dll
2015-04-21 21:03:06 -------- d-----w- C:\Program Files (x86)\Gamry Instruments
2015-04-21 21:03:06 -------- d-----w- C:\Program Files (x86)\Common Files\Data Dynamics
2015-04-21 21:02:30 -------- d-----w- C:\ProgramData\Gamry Instruments
2015-04-21 21:02:02 -------- d-----w- C:\Users\user\AppData\Local\CrashDumps
2015-04-15 20:56:19 -------- d-----w- C:\Program Files (x86)\Microsoft
2015-04-15 20:55:57 -------- d-----w- C:\Users\user\AppData\Roaming\HpUpdate
2015-04-15 20:55:51 741480 ------w- C:\Windows\System32\HPDiscoPM5912.dll
2015-04-15 20:55:34 -------- d-----w- C:\Program Files\HP
2015-04-15 20:53:21 -------- d-----w- C:\Users\user\AppData\Local\HP
2015-04-15 20:49:26 -------- d-----w- C:\Users\user\AppData\Local\Hewlett-Packard
2015-04-15 20:49:19 -------- d-----w- C:\Program Files (x86)\Hp
2015-04-14 19:42:59 686080 ----a-w- C:\Windows\SysWow64\adtschema.dll
2015-04-09 13:06:24 82432 ----a-w- C:\Users\user\AppData\Roaming\Microsoft\MSXML2\msxml4r.dll
2015-04-09 13:06:24 44544 ----a-w- C:\Users\user\AppData\Roaming\Microsoft\MSXML2\msxml4a.dll
2015-04-09 13:06:24 1275392 ----a-w- C:\Users\user\AppData\Roaming\Microsoft\MSXML2\msxml4.dll
2015-04-07 19:40:13 -------- d-sh--w- C:\Users\user\AppData\Local\EmieUserList
2015-04-07 19:40:13 -------- d-sh--w- C:\Users\user\AppData\Local\EmieSiteList
2015-04-07 19:40:13 -------- d-sh--w- C:\Users\user\AppData\Local\EmieBrowserModeList
2015-04-07 19:00:31 -------- d-s---w- C:\Windows\SysWow64\GWX
2015-04-07 19:00:31 -------- d-s---w- C:\Windows\System32\GWX
2015-04-02 17:37:24 -------- d--h--w- C:\Users\user\AppData\Local\1e8ebbd434473d26
2015-04-02 07:30:40 3008680 ----a-w- C:\Program Files\Common Files\Microsoft Shared\OFFICE15\1028\MSOINTL.DLL
2015-04-01 17:44:41 -------- d-----w- C:\Users\user\.imagej
2015-03-31 02:26:18 26825912 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSO.DLL
2015-03-31 02:26:18 112452792 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSORES.DLL
2015-03-31 02:23:14 34072 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
2015-03-31 02:23:00 654512 ----a-w- C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOSQM.EXE
2015-03-31 02:23:00 37408952 ----a-w- C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSO.DLL
2015-03-31 02:23:00 112452792 ----a-w- C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSORES.DLL
2015-03-30 16:16:58 -------- d-----w- C:\Program Files\ImageJ
2015-03-30 16:16:50 -------- d-----w- C:\Users\user\AppData\Local\Programs
.
==================== Find3M ====================
.
2015-04-24 22:29:01 2666 ----a-w- C:\Windows\patsearch.bin
2015-04-24 21:54:38 523264 ----a-w- C:\Windows\mgxv.exe
2015-04-24 21:54:33 531456 ----a-w- C:\Windows\gxv.exe
2015-04-24 18:02:04 0 ----a-w- C:\LIL71D2.tmp
2015-04-24 18:02:04 0 ----a-w- C:\LIL7165.tmp
2015-04-24 18:02:04 0 ----a-w- C:\LIL7136.tmp
2015-04-24 18:02:04 0 ----a-w- C:\LIL7128.tmp
2015-04-24 18:02:04 0 ----a-w- C:\LIL7127.tmp
2015-04-24 18:02:04 0 ----a-w- C:\LIL7108.tmp
2015-04-24 18:02:04 0 ----a-w- C:\LIL7107.tmp
2015-04-24 18:02:04 0 ----a-w- C:\LIL70F8.tmp
2015-04-24 18:02:04 0 ----a-w- C:\LIL70B9.tmp
2015-04-24 18:02:04 0 ----a-w- C:\LIL6FEF.tmp
2015-04-24 18:02:04 0 ----a-w- C:\LIL6FDF.tmp
2015-03-25 03:24:41 98304 ----a-w- C:\Windows\System32\wudriver.dll
2015-03-25 03:24:41 3298816 ----a-w- C:\Windows\System32\wucltux.dll
2015-03-25 03:24:41 191488 ----a-w- C:\Windows\System32\wuwebv.dll
2015-03-25 03:24:08 60416 ----a-w- C:\Windows\System32\WinSetupUI.dll
2015-03-25 03:23:58 12288 ----a-w- C:\Windows\System32\wu.upgrade.ps.dll
2015-03-25 03:23:55 36864 ----a-w- C:\Windows\System32\wuapp.exe
2015-03-25 03:00:57 92672 ----a-w- C:\Windows\SysWow64\wudriver.dll
2015-03-25 03:00:57 173056 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2015-03-25 03:00:15 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe
2015-03-23 03:25:15 726528 ----a-w- C:\Windows\System32\generaltel.dll
2015-03-23 03:25:01 769536 ----a-w- C:\Windows\System32\invagent.dll
2015-03-23 03:24:56 419840 ----a-w- C:\Windows\System32\devinv.dll
2015-03-23 03:24:54 957952 ----a-w- C:\Windows\System32\appraiser.dll
2015-03-23 03:24:53 30720 ----a-w- C:\Windows\System32\acmigration.dll
2015-03-23 03:24:53 227328 ----a-w- C:\Windows\System32\aepdu.dll
2015-03-23 03:24:53 192000 ----a-w- C:\Windows\System32\aepic.dll
2015-03-23 03:17:39 1111552 ----a-w- C:\Windows\System32\aeinv.dll
2015-03-17 05:22:37 5557696 ----a-w- C:\Windows\System32\ntoskrnl.exe
2015-03-17 05:22:35 95672 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2015-03-17 05:22:35 155576 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2015-03-17 05:19:37 1727904 ----a-w- C:\Windows\System32\ntdll.dll
2015-03-17 05:17:00 362496 ----a-w- C:\Windows\System32\wow64win.dll
2015-03-17 05:17:00 243712 ----a-w- C:\Windows\System32\wow64.dll
2015-03-17 05:17:00 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2015-03-17 05:15:55 31232 ----a-w- C:\Windows\System32\lsass.exe
2015-03-17 05:15:44 338432 ----a-w- C:\Windows\System32\conhost.exe
2015-03-17 05:15:40 64000 ----a-w- C:\Windows\System32\auditpol.exe
2015-03-17 05:13:29 60416 ----a-w- C:\Windows\System32\msobjs.dll
2015-03-17 05:13:17 146432 ----a-w- C:\Windows\System32\msaudite.dll
2015-03-17 05:01:09 3976632 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2015-03-17 05:01:09 3920824 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2015-03-17 04:59:26 1309696 ----a-w- C:\Windows\SysWow64\ntdll.dll
2015-03-17 04:57:25 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2015-03-17 04:57:21 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2015-03-17 04:57:20 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2015-03-17 04:57:17 248832 ----a-w- C:\Windows\SysWow64\schannel.dll
2015-03-17 04:57:17 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2015-03-17 04:57:13 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2015-03-17 04:57:12 221184 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2015-03-17 04:57:11 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2015-03-17 04:57:07 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2015-03-17 04:56:59 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2015-03-17 04:56:56 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2015-03-17 04:56:41 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2015-03-17 04:56:15 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2015-03-17 04:56:01 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2015-03-17 04:56:01 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2015-03-17 04:56:00 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2015-03-17 04:53:35 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll
2015-03-17 04:53:13 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2015-03-17 03:48:49 194048 ----a-w- C:\Windows\SysWow64\elshyph.dll
2015-03-17 03:45:24 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2015-03-17 03:45:23 2048 ----a-w- C:\Windows\SysWow64\user.exe
2015-03-17 03:43:04 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2015-03-17 03:43:04 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2015-03-17 03:43:04 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2015-03-17 03:43:03 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2015-03-13 04:25:14 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2015-03-13 04:25:01 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2015-03-13 04:09:12 66560 ----a-w- C:\Windows\System32\iesetup.dll
2015-03-13 04:08:33 584192 ----a-w- C:\Windows\System32\vbscript.dll
2015-03-13 04:08:27 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2015-03-13 04:08:17 417280 ----a-w- C:\Windows\System32\html.iec
2015-03-13 04:06:54 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2015-03-13 03:54:11 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2015-03-13 03:54:00 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2015-03-13 03:53:22 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2015-03-13 03:50:45 6025216 ----a-w- C:\Windows\System32\jscript9.dll
2015-03-13 03:44:48 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2015-03-13 03:42:18 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2015-03-13 03:32:48 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2015-03-13 03:28:48 503296 ----a-w- C:\Windows\SysWow64\vbscript.dll
2015-03-13 03:28:37 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2015-03-13 03:27:51 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2015-03-13 03:27:35 340992 ----a-w- C:\Windows\SysWow64\html.iec
2015-03-13 03:26:19 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2015-03-13 03:16:26 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2015-03-13 03:15:40 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2015-03-13 03:05:50 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2015-03-13 03:05:24 2125824 ----a-w- C:\Windows\System32\inetcpl.cpl
2015-03-13 03:01:16 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2015-03-13 02:49:21 4305408 ----a-w- C:\Windows\SysWow64\jscript9.dll
2015-03-13 02:45:57 2358784 ----a-w- C:\Windows\System32\wininet.dll
2015-03-13 02:43:41 2052608 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2015-03-13 02:42:47 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2015-03-13 02:20:28 1888256 ----a-w- C:\Windows\SysWow64\wininet.dll
.
============= FINISH: 7:01:53.30 ===============
 
#3 ·
Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.

Emergency Backup Procedure - Tech Support Forum

Also, if you haven't done so already, create a system repair disc. It's really easy and quick.

Create a system repair disc

You can also download recovery software if you don't have an installation DVD:

Microsoft Software Recovery

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.
  • Do NOT click the green 'Download' button(if visible).
  • Click the blue 'Download now @bleepingcomputer' button.
  • Run AdwCleaner and select Scan
  • Once the Scan is done, select Cleaning
  • Once done it will ask to reboot, please allow the reboot.
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[S#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software, i.e. Avast, now to avoid potential conflicts.
  • Run the tool by double-clicking JRT.exe. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-click JRT.exe and select 'Run as administrator'.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • When you close the log, the command window will disappear. Then close your 'My Documents' folder.
  • Post the contents of JRT.txt into your next message.
------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.
  • Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
  • Make sure the Addition.txt button is ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------
 
#4 ·
Due to lack of response, this topic will now be closed. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

IMPORTANT - Read This Before Posting For Malware Removal Help

------------------------------------------------------
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top