Inactive-A Multipe iexplorer.exe *32 files/High cpu usage

Status
Not open for further replies.
After MBAR got rid of those files, mainly the INPROC one, roguekiller was able to finish running. Here is the log

RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : JoshLaptop [Admin rights]
Mode : Scan -- Date : 05/11/2014 14:28:26
| ARK || FAK || MBR |

¤¤¤ Bad processes : 2 ¤¤¤
[SUSP PATH][DLL] regsvr32.exe -- C:\Users\JoshLaptop\AppData\Local\Etrrtion\dcv.dll [-] -> regsvr32.exe KILLED [TermProc]
[SUSP PATH][DLL] regsvr32.exe -- C:\Users\JoshLaptop\AppData\Local\Etrrtion\dcv.dll [-] -> regsvr32.exe KILLED [TermProc]

¤¤¤ Registry Entries : 18 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : Etrrtion (regsvr32.exe C:\Users\JoshLaptop\AppData\Local\Etrrtion\dcv.dll [7][-]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-3423861454-1642602433-99786177-1001\[...]\Run : Etrrtion (regsvr32.exe C:\Users\JoshLaptop\AppData\Local\Etrrtion\dcv.dll [7][-]) -> FOUND
[PROXY IE][PUM] HKCU\[...]\Internet Settings : ProxyEnable (1) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorUser (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorUser (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> FOUND
[HJ][PUM] HKLM\[...]\Wow6432Node\[...]\SystemRestore : DisableSR (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
[Address] EAT @firefox.exe (BeginBufferedAnimation) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72ADDF38)
[Address] EAT @firefox.exe (BeginBufferedPaint) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72ADB741)
[Address] EAT @firefox.exe (BeginPanningFeedback) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72AF76AF)
[Address] EAT @firefox.exe (BufferedPaintClear) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72ADBBDB)
[Address] EAT @firefox.exe (BufferedPaintInit) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72ADB8D4)
[Address] EAT @firefox.exe (BufferedPaintRenderAnimation) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72ADDE83)
[Address] EAT @firefox.exe (BufferedPaintSetAlpha) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72AFCE19)
[Address] EAT @firefox.exe (BufferedPaintStopAllAnimations) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72ADE428)
[Address] EAT @firefox.exe (BufferedPaintUnInit) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72AE7525)
[Address] EAT @firefox.exe (CloseThemeData) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72AD1FA1)
[Address] EAT @firefox.exe (DrawThemeBackground) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72ADD464)
[Address] EAT @firefox.exe (DrawThemeBackgroundEx) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72AE436D)
[Address] EAT @firefox.exe (DrawThemeEdge) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72AFC01C)
[Address] EAT @firefox.exe (DrawThemeIcon) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72AFD123)
[Address] EAT @firefox.exe (DrawThemeParentBackground) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72ADE776)
[Address] EAT @firefox.exe (DrawThemeParentBackgroundEx) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72ADE5C5)
[Address] EAT @firefox.exe (DrawThemeText) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72ADDB21)
[Address] EAT @firefox.exe (DrawThemeTextEx) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72ADA70C)
[Address] EAT @firefox.exe (EnableThemeDialogTexture) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72AE786D)
[Address] EAT @firefox.exe (EnableTheming) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72AFC9FF)
[Address] EAT @firefox.exe (EndBufferedAnimation) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72ADACE8)
[Address] EAT @firefox.exe (EndBufferedPaint) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72ADACE8)
[Address] EAT @firefox.exe (EndPanningFeedback) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72AF762C)
[Address] EAT @firefox.exe (GetBufferedPaintBits) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72ADCF26)
[Address] EAT @firefox.exe (GetBufferedPaintDC) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72AFCDCF)
[Address] EAT @firefox.exe (GetBufferedPaintTargetDC) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72AFCD86)
[Address] EAT @firefox.exe (GetBufferedPaintTargetRect) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72AFC893)
[Address] EAT @firefox.exe (GetCurrentThemeName) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72AE63AE)
[Address] EAT @firefox.exe (GetThemeAppProperties) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72ADEBD6)
[Address] EAT @firefox.exe (GetThemeBackgroundContentRect) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72ADDA9E)
[Address] EAT @firefox.exe (GetThemeBackgroundExtent) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72AE7155)
[Address] EAT @firefox.exe (GetThemeBackgroundRegion) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72AE0190)
[Address] EAT @firefox.exe (GetThemeBitmap) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72AD4B9C)
[Address] EAT @firefox.exe (GetThemeBool) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72AD6651)
[Address] EAT @firefox.exe (GetThemeColor) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72AD27C0)
[Address] EAT @firefox.exe (GetThemeDocumentationProperty) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72AFC346)
[Address] EAT @firefox.exe (GetThemeEnumValue) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72AD27C0)
[Address] EAT @firefox.exe (GetThemeFilename) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72AFB997)
[Address] EAT @firefox.exe (GetThemeFont) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72AE76A2)
[Address] EAT @firefox.exe (GetThemeInt) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72AD27C0)
[Address] EAT @firefox.exe (GetThemeIntList) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72AFB86E)
[Address] EAT @firefox.exe (GetThemeMargins) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72AD2F97)
[Address] EAT @firefox.exe (GetThemeMetric) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72AE55B4)
[Address] EAT @firefox.exe (GetThemePartSize) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72AD289F)
[Address] EAT @firefox.exe (GetThemePosition) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72AFB80D)
[Address] EAT @firefox.exe (GetThemePropertyOrigin) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72AE0923)
[Address] EAT @firefox.exe (GetThemeRect) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72AFB936)
[Address] EAT @firefox.exe (GetThemeStream) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72AFB8CF)
[Address] EAT @firefox.exe (GetThemeString) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72AFB7A1)
[Address] EAT @firefox.exe (GetThemeSysBool) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72AFCB86)
[Address] EAT @firefox.exe (GetThemeSysColor) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72AE5530)
[Address] EAT @firefox.exe (GetThemeSysColorBrush) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72AFCA32)
[Address] EAT @firefox.exe (GetThemeSysFont) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72AFC3D8)
[Address] EAT @firefox.exe (GetThemeSysInt) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72AFC5E7)
[Address] EAT @firefox.exe (GetThemeSysSize) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72AFCC61)
[Address] EAT @firefox.exe (GetThemeSysString) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72AFC553)
[Address] EAT @firefox.exe (GetThemeTextExtent) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72AD89FE)
[Address] EAT @firefox.exe (GetThemeTextMetrics) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72AE778C)
[Address] EAT @firefox.exe (GetThemeTransitionDuration) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72ADE1A1)
[Address] EAT @firefox.exe (GetWindowTheme) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72AE535B)
[Address] EAT @firefox.exe (HitTestThemeBackground) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72AE2DC1)
[Address] EAT @firefox.exe (IsAppThemed) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72AE7009)
[Address] EAT @firefox.exe (IsCompositionActive) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72AD65DF)
[Address] EAT @firefox.exe (IsThemeActive) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72AE6F36)
[Address] EAT @firefox.exe (IsThemeBackgroundPartiallyTransparent) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72AD281C)
[Address] EAT @firefox.exe (IsThemeDialogTextureEnabled) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72AFCB3F)
[Address] EAT @firefox.exe (IsThemePartDefined) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72AD30CF)
[Address] EAT @firefox.exe (OpenThemeData) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72AD5F29)
[Address] EAT @firefox.exe (OpenThemeDataEx) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72AE06FE)
[Address] EAT @firefox.exe (SetThemeAppProperties) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72AFCCEC)
[Address] EAT @firefox.exe (SetWindowTheme) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72AE7AFC)
[Address] EAT @firefox.exe (SetWindowThemeAttribute) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72AD9E39)
[Address] EAT @firefox.exe (ThemeInitApiHook) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72AD4571)
[Address] EAT @firefox.exe (UpdatePanningFeedback) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72AF75ED)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


216.239.32.20 google.com
216.239.32.20 google.com www.google.ad
216.239.32.20 google.com www.google.ae
216.239.32.20 google.com www.google.com.af
216.239.32.20 google.com www.google.com.ag
216.239.32.20 google.com www.google.com.ai
216.239.32.20 google.com www.google.al
216.239.32.20 google.com www.google.am
216.239.32.20 google.com www.google.co.ao
216.239.32.20 google.com www.google.com.ar
216.239.32.20 google.com www.google.as
216.239.32.20 google.com www.google.at
216.239.32.20 google.com www.google.com.au
216.239.32.20 google.com www.google.az
216.239.32.20 google.com www.google.ba
216.239.32.20 google.com www.google.com.bd
216.239.32.20 google.com www.google.be
216.239.32.20 google.com www.google.bf
216.239.32.20 google.com www.google.bg
216.239.32.20 google.com www.google.com.bh
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST950032 5AS SATA Disk Device +++++
--- User ---
[MBR] bc35a71c3e60249bdb6ac98e0b58cdee
[BSP] 6338d21e8a1a9328c9b47ff9dcdc24f6 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 MB
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 458001 MB
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 938395648 | Size: 14675 MB
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 968450048 | Size: 4063 MB
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] 1c20261a063776662804a9043401cf2f
[BSP] 8c3ecf6bb0e987b22d72e64f7c275917 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 77823 MB
1 - [ACTIVE] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 159791104 | Size: 400 MB

Finished : << RKreport[0]_S_05112014_142826.txt >>
 
Log #2

RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : JoshLaptop [Admin rights]
Mode : Remove -- Date : 05/11/2014 14:28:32
| ARK || FAK || MBR |

¤¤¤ Bad processes : 2 ¤¤¤
[SUSP PATH][DLL] regsvr32.exe -- C:\Users\JoshLaptop\AppData\Local\Etrrtion\dcv.dll [-] -> regsvr32.exe KILLED [TermProc]
[SUSP PATH][DLL] regsvr32.exe -- C:\Users\JoshLaptop\AppData\Local\Etrrtion\dcv.dll [-] -> regsvr32.exe KILLED [TermProc]

¤¤¤ Registry Entries : 17 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : Etrrtion (regsvr32.exe C:\Users\JoshLaptop\AppData\Local\Etrrtion\dcv.dll [7][-]) -> DELETED
[RUN][SUSP PATH] HKUS\S-1-5-21-3423861454-1642602433-99786177-1001\[...]\Run : Etrrtion (regsvr32.exe C:\Users\JoshLaptop\AppData\Local\Etrrtion\dcv.dll [7][-]) -> [0x2] The system cannot find the file specified.
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ POL][PUM] HKLM\[...]\System : DisableTaskMgr (0) -> DELETED
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorUser (0) -> REPLACED (1)
[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableTaskMgr (0) -> [0x2] The system cannot find the file specified.
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> [0x2] The system cannot find the file specified.
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorUser (0) -> REPLACED (1)
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ][PUM] HKLM\[...]\Wow6432Node\[...]\SystemRestore : DisableSR (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
[Address] EAT @firefox.exe (BeginBufferedAnimation) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72ADDF38)
[Address] EAT @firefox.exe (BeginBufferedPaint) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72ADB741)
[Address] EAT @firefox.exe (BeginPanningFeedback) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72AF76AF)
[Address] EAT @firefox.exe (BufferedPaintClear) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72ADBBDB)
[Address] EAT @firefox.exe (BufferedPaintInit) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72ADB8D4)
[Address] EAT @firefox.exe (BufferedPaintRenderAnimation) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72ADDE83)
[Address] EAT @firefox.exe (BufferedPaintSetAlpha) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72AFCE19)
[Address] EAT @firefox.exe (BufferedPaintStopAllAnimations) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72ADE428)
[Address] EAT @firefox.exe (BufferedPaintUnInit) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72AE7525)
[Address] EAT @firefox.exe (CloseThemeData) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72AD1FA1)
[Address] EAT @firefox.exe (DrawThemeBackground) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72ADD464)
[Address] EAT @firefox.exe (DrawThemeBackgroundEx) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72AE436D)
[Address] EAT @firefox.exe (DrawThemeEdge) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72AFC01C)
[Address] EAT @firefox.exe (DrawThemeIcon) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72AFD123)
[Address] EAT @firefox.exe (DrawThemeParentBackground) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72ADE776)
[Address] EAT @firefox.exe (DrawThemeParentBackgroundEx) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72ADE5C5)
[Address] EAT @firefox.exe (DrawThemeText) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72ADDB21)
[Address] EAT @firefox.exe (DrawThemeTextEx) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72ADA70C)
[Address] EAT @firefox.exe (EnableThemeDialogTexture) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72AE786D)
[Address] EAT @firefox.exe (EnableTheming) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72AFC9FF)
[Address] EAT @firefox.exe (EndBufferedAnimation) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72ADACE8)
[Address] EAT @firefox.exe (EndBufferedPaint) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72ADACE8)
[Address] EAT @firefox.exe (EndPanningFeedback) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72AF762C)
[Address] EAT @firefox.exe (GetBufferedPaintBits) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72ADCF26)
[Address] EAT @firefox.exe (GetBufferedPaintDC) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72AFCDCF)
[Address] EAT @firefox.exe (GetBufferedPaintTargetDC) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72AFCD86)
[Address] EAT @firefox.exe (GetBufferedPaintTargetRect) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72AFC893)
[Address] EAT @firefox.exe (GetCurrentThemeName) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72AE63AE)
[Address] EAT @firefox.exe (GetThemeAppProperties) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72ADEBD6)
[Address] EAT @firefox.exe (GetThemeBackgroundContentRect) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72ADDA9E)
[Address] EAT @firefox.exe (GetThemeBackgroundExtent) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72AE7155)
[Address] EAT @firefox.exe (GetThemeBackgroundRegion) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72AE0190)
[Address] EAT @firefox.exe (GetThemeBitmap) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72AD4B9C)
[Address] EAT @firefox.exe (GetThemeBool) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72AD6651)
[Address] EAT @firefox.exe (GetThemeColor) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72AD27C0)
[Address] EAT @firefox.exe (GetThemeDocumentationProperty) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72AFC346)
[Address] EAT @firefox.exe (GetThemeEnumValue) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72AD27C0)
[Address] EAT @firefox.exe (GetThemeFilename) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72AFB997)
[Address] EAT @firefox.exe (GetThemeFont) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72AE76A2)
[Address] EAT @firefox.exe (GetThemeInt) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72AD27C0)
[Address] EAT @firefox.exe (GetThemeIntList) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72AFB86E)
[Address] EAT @firefox.exe (GetThemeMargins) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72AD2F97)
[Address] EAT @firefox.exe (GetThemeMetric) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72AE55B4)
[Address] EAT @firefox.exe (GetThemePartSize) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72AD289F)
[Address] EAT @firefox.exe (GetThemePosition) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72AFB80D)
[Address] EAT @firefox.exe (GetThemePropertyOrigin) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72AE0923)
[Address] EAT @firefox.exe (GetThemeRect) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72AFB936)
[Address] EAT @firefox.exe (GetThemeStream) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72AFB8CF)
[Address] EAT @firefox.exe (GetThemeString) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72AFB7A1)
[Address] EAT @firefox.exe (GetThemeSysBool) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72AFCB86)
[Address] EAT @firefox.exe (GetThemeSysColor) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72AE5530)
[Address] EAT @firefox.exe (GetThemeSysColorBrush) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72AFCA32)
[Address] EAT @firefox.exe (GetThemeSysFont) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72AFC3D8)
[Address] EAT @firefox.exe (GetThemeSysInt) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72AFC5E7)
[Address] EAT @firefox.exe (GetThemeSysSize) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72AFCC61)
[Address] EAT @firefox.exe (GetThemeSysString) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72AFC553)
[Address] EAT @firefox.exe (GetThemeTextExtent) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72AD89FE)
[Address] EAT @firefox.exe (GetThemeTextMetrics) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72AE778C)
[Address] EAT @firefox.exe (GetThemeTransitionDuration) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72ADE1A1)
[Address] EAT @firefox.exe (GetWindowTheme) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72AE535B)
[Address] EAT @firefox.exe (HitTestThemeBackground) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72AE2DC1)
[Address] EAT @firefox.exe (IsAppThemed) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72AE7009)
[Address] EAT @firefox.exe (IsCompositionActive) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72AD65DF)
[Address] EAT @firefox.exe (IsThemeActive) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72AE6F36)
[Address] EAT @firefox.exe (IsThemeBackgroundPartiallyTransparent) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72AD281C)
[Address] EAT @firefox.exe (IsThemeDialogTextureEnabled) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72AFCB3F)
[Address] EAT @firefox.exe (IsThemePartDefined) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72AD30CF)
[Address] EAT @firefox.exe (OpenThemeData) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72AD5F29)
[Address] EAT @firefox.exe (OpenThemeDataEx) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72AE06FE)
[Address] EAT @firefox.exe (SetThemeAppProperties) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72AFCCEC)
[Address] EAT @firefox.exe (SetWindowTheme) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72AE7AFC)
[Address] EAT @firefox.exe (SetWindowThemeAttribute) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72AD9E39)
[Address] EAT @firefox.exe (ThemeInitApiHook) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72AD4571)
[Address] EAT @firefox.exe (UpdatePanningFeedback) : profapi.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x72AF75ED)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


216.239.32.20 google.com
216.239.32.20 google.com www.google.ad
216.239.32.20 google.com www.google.ae
216.239.32.20 google.com www.google.com.af
216.239.32.20 google.com www.google.com.ag
216.239.32.20 google.com www.google.com.ai
216.239.32.20 google.com www.google.al
216.239.32.20 google.com www.google.am
216.239.32.20 google.com www.google.co.ao
216.239.32.20 google.com www.google.com.ar
216.239.32.20 google.com www.google.as
216.239.32.20 google.com www.google.at
216.239.32.20 google.com www.google.com.au
216.239.32.20 google.com www.google.az
216.239.32.20 google.com www.google.ba
216.239.32.20 google.com www.google.com.bd
216.239.32.20 google.com www.google.be
216.239.32.20 google.com www.google.bf
216.239.32.20 google.com www.google.bg
216.239.32.20 google.com www.google.com.bh
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST950032 5AS SATA Disk Device +++++
--- User ---
[MBR] bc35a71c3e60249bdb6ac98e0b58cdee
[BSP] 6338d21e8a1a9328c9b47ff9dcdc24f6 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 MB
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 458001 MB
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 938395648 | Size: 14675 MB
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 968450048 | Size: 4063 MB
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] 1c20261a063776662804a9043401cf2f
[BSP] 8c3ecf6bb0e987b22d72e64f7c275917 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 77823 MB
1 - [ACTIVE] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 159791104 | Size: 400 MB

Finished : << RKreport[0]_D_05112014_142832.txt >>
RKreport[0]_S_05112014_142826.txt
 
Reran MRAB, nothing found. Thanks so much good sir.

Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org

Database version: v2014.05.12.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
JoshLaptop :: JOSHLAPTOP-HP [administrator]

5/12/2014 1:41:54 PM
mbar-log-2014-05-12 (13-41-54).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 283419
Time elapsed: 47 minute(s), 52 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
 
Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If the connection is not there use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
Still with you, sorry I got sent out of town on orders. I will run it when I get back and post here upon results. I'm doing some military training and am out of the loop and away from technology for a bit
 
p22003888.gif
 
This topic is marked as abandoned and closed due to inactivity.

This member will NOT be eligible to receive any more help in malware removal forum.
 
Status
Not open for further replies.

Similar threads

Shawn Knight
Microsoft Edge achieves record high desktop browser market share
2
Replies
25
Views
837
bitwarden
B
A
Mozilla calls on Apple, Google, and Microsoft to create a more level playing field in...
Replies
11
Views
386
lazer
lazer
C
Facebook stubbornly refuses to load pictures
Replies
0
Views
1K
catc01
C

Latest posts

Back