Jump to content

Change Mode

sons computer is running slow


Recommended Posts

  • Replies 58
  • Created
  • Last Reply

Top Posters In This Topic

On Firefox

1.Click the menu button and choose Add-ons. The Add-ons Manager tab will open.
2.In the Add-ons Manager tab, select the Extensions panel.
3.Make sure to remove all extensions you do not know or need.
4.Click Disable or Remove button of oziris.zerohorizon.net.
5.Click Restart now if it pops up.

Link to post
Share on other sites

Egads!! :hammer: This is also related to Utrack.pw bundled with installing third-party toolbars, free PDF software, free Video editors, other free software products or downloading e-mail attachments etc..

 

Please uninstall Zemana Antimalware.

Delete the old copy of Combofix you have... then:

 

Download Combofix from any of the links below, and save it to your desktop.<--Important

Link 1
Link 2
Link 3

Click on this link Here to see a list of programs that should be disabled.
The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
Next: Disconnect from the internet. If you are on Cable or DSL, unplug your computer from the modem.
Next: Please disable all onboard security programs (all running with back ground protection) as it may hinder the scanner from working.
This includes Antivirus, Firewall, and any Spyware scanners that run in the background.

  • Double click combofix.exe and follow the prompts.
  • When finished, it will produce a log for you. Post that log.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Please be patient while the scan runs, at times it may appear to stall.

Link to post
Share on other sites

ComboFix 15-11-17.01 - mike 11/18/2015 16:06:32.3.2 - x64

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4095.2641 [GMT -6:00]

Running from: c:\users\mike\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}

SP: Microsoft Security Essentials *Disabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2015-10-18 to 2015-11-18 )))))))))))))))))))))))))))))))

.

.

2015-11-18 22:17 . 2015-11-18 22:17 -------- d-----w- c:\users\TEMP\AppData\Local\temp

2015-11-18 22:17 . 2015-11-18 22:17 -------- d-----w- c:\users\Lorelai\AppData\Local\temp

2015-11-18 22:17 . 2015-11-18 22:17 -------- d-----w- c:\users\HomeGroupUser$\AppData\Local\temp

2015-11-18 22:17 . 2015-11-18 22:17 -------- d-----w- c:\users\Guest\AppData\Local\temp

2015-11-18 22:17 . 2015-11-18 22:17 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp

2015-11-18 22:17 . 2015-11-18 22:17 -------- d-----w- c:\users\Default\AppData\Local\temp

2015-11-18 22:17 . 2015-11-18 22:17 -------- d-----w- c:\users\david martin\AppData\Local\temp

2015-11-18 22:17 . 2015-11-18 22:17 -------- d-----w- c:\users\ASPNET\AppData\Local\temp

2015-11-18 22:17 . 2015-11-18 22:17 -------- d-----w- c:\users\Administrator\AppData\Local\temp

2015-11-18 22:01 . 2015-11-18 22:02 -------- d-----w- C:\32788R22FWJFW

2015-11-18 18:24 . 2015-11-18 18:34 -------- d-----w- C:\5d28ed06ae50dfaafaa716d1a6a2

2015-11-18 14:23 . 2015-07-16 19:12 6131200 ----a-w- c:\windows\SysWow64\mstscax.dll

2015-11-18 14:23 . 2015-07-16 19:11 7077376 ----a-w- c:\windows\system32\mstscax.dll

2015-11-18 14:23 . 2015-07-11 13:15 429568 ----a-w- c:\windows\system32\wksprt.exe

2015-11-18 14:23 . 2015-07-16 19:12 856064 ----a-w- c:\windows\SysWow64\rdvidcrl.dll

2015-11-18 14:23 . 2015-07-16 19:12 53248 ----a-w- c:\windows\SysWow64\tsgqec.dll

2015-11-18 14:23 . 2015-07-16 19:11 62976 ----a-w- c:\windows\system32\tsgqec.dll

2015-11-18 14:23 . 2015-07-16 19:11 1057792 ----a-w- c:\windows\system32\rdvidcrl.dll

2015-11-18 14:23 . 2015-06-09 18:03 3180544 ----a-w- c:\windows\system32\rdpcorets.dll

2015-11-18 14:23 . 2015-06-09 18:03 16384 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll

2015-11-18 14:23 . 2015-06-03 20:17 243200 ----a-w- c:\windows\system32\rdpudd.dll

2015-11-18 14:23 . 2014-12-11 17:47 87040 ----a-w- c:\windows\system32\TSWbPrxy.exe

2015-11-18 14:05 . 2015-11-18 14:23 -------- d-----w- C:\6d370d1ef2ed09f34e1a69d0546c

2015-11-18 03:04 . 2015-10-29 09:28 11138400 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1C337606-966F-45F9-89DC-D8ACAAE2DB1A}\mpengine.dll

2015-11-17 15:36 . 2013-10-02 01:10 44544 ----a-w- c:\windows\system32\TsUsbGDCoInstaller.dll

2015-11-17 15:36 . 2013-10-02 04:38 3072 ----a-w- c:\windows\system32\drivers\en-US\tsusbflt.sys.mui

2015-11-17 15:36 . 2013-10-02 02:22 56832 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys

2015-11-17 15:36 . 2013-10-02 02:11 13824 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe

2015-11-17 15:36 . 2013-10-02 02:08 12800 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll

2015-11-17 15:36 . 2013-10-02 01:48 56832 ----a-w- c:\windows\system32\MsRdpWebAccess.dll

2015-11-17 15:36 . 2013-10-02 01:48 18944 ----a-w- c:\windows\system32\wksprtPS.dll

2015-11-17 15:36 . 2013-10-02 00:14 50176 ----a-w- c:\windows\SysWow64\MsRdpWebAccess.dll

2015-11-17 15:36 . 2013-10-02 00:14 17920 ----a-w- c:\windows\SysWow64\wksprtPS.dll

2015-11-17 15:36 . 2013-10-01 23:31 1147392 ----a-w- c:\windows\system32\mstsc.exe

2015-11-17 15:36 . 2013-10-01 22:34 1068544 ----a-w- c:\windows\SysWow64\mstsc.exe

2015-11-17 15:35 . 2012-08-23 14:10 19456 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys

2015-11-17 15:35 . 2012-08-23 11:12 192000 ----a-w- c:\windows\SysWow64\rdpendp_winip.dll

2015-11-17 15:35 . 2012-08-23 10:51 228864 ----a-w- c:\windows\system32\rdpendp_winip.dll

2015-11-17 15:33 . 2015-08-05 17:56 22528 ----a-w- c:\windows\system32\icaapi.dll

2015-11-17 15:33 . 2015-08-05 17:06 39936 ----a-w- c:\windows\system32\drivers\tssecsrv.sys

2015-11-17 04:30 . 2015-11-17 04:30 -------- d-----w- c:\program files (x86)\Windows Resource Kits

2015-11-17 03:27 . 2014-06-27 02:08 2777088 ----a-w- c:\windows\system32\msmpeg2vdec.dll

2015-11-17 03:27 . 2014-06-27 01:45 2285056 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll

2015-11-17 03:05 . 2013-11-26 08:16 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll

2015-11-17 03:05 . 2013-11-22 22:48 3928064 ----a-w- c:\windows\system32\d2d1.dll

2015-11-17 01:58 . 2015-10-13 09:47 11140960 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2015-11-17 01:19 . 2015-02-04 03:16 465920 ----a-w- c:\windows\system32\WMPhoto.dll

2015-11-17 01:19 . 2015-02-04 02:54 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll

2015-11-17 00:46 . 2015-07-30 17:57 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll

2015-11-17 00:46 . 2015-07-30 18:06 2565120 ----a-w- c:\windows\system32\d3d10warp.dll

2015-11-17 00:46 . 2015-07-30 18:06 1648128 ----a-w- c:\windows\system32\DWrite.dll

2015-11-17 00:46 . 2015-07-30 18:06 1180160 ----a-w- c:\windows\system32\FntCache.dll

2015-11-17 00:46 . 2015-07-30 17:57 1251328 ----a-w- c:\windows\SysWow64\DWrite.dll

2015-11-17 00:46 . 2015-02-03 03:31 1424896 ----a-w- c:\windows\system32\WindowsCodecs.dll

2015-11-17 00:46 . 2015-02-03 03:12 1230848 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll

2015-11-17 00:06 . 2015-11-17 00:06 -------- d-----w- c:\users\mike\AppData\Local\GWX

2015-11-16 23:55 . 2013-10-15 00:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE

2015-11-16 23:45 . 2015-11-16 23:45 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll

2015-11-12 20:53 . 2015-11-03 17:55 3211264 ----a-w- c:\windows\system32\win32k.sys

2015-11-11 04:25 . 2015-10-20 01:12 5570496 ----a-w- c:\windows\system32\ntoskrnl.exe

2015-11-11 04:24 . 2015-10-29 17:50 342016 ----a-w- c:\windows\system32\apphelp.dll

2015-11-09 02:09 . 2015-11-09 02:09 -------- d-----w- c:\programdata\GridinSoft

2015-11-08 21:16 . 2015-11-08 21:51 -------- d-----w- c:\users\mike\AppData\Roaming\albumart

2015-11-08 21:08 . 2015-11-08 21:08 -------- d-----w- c:\program files\Common Files\Wondershare

2015-11-08 21:08 . 2015-11-08 21:08 -------- d-----w- c:\programdata\Wondershare

2015-11-08 21:08 . 2015-11-08 21:08 -------- d-----w- c:\program files (x86)\Wondershare

2015-11-08 13:52 . 2015-11-08 13:52 -------- d-----w- C:\SUPERDelete

2015-11-08 13:49 . 2015-11-08 13:49 -------- d-----w- c:\program files\SUPERAntiSpyware

2015-11-08 00:13 . 2015-11-08 00:16 -------- d-----w- C:\EEK

2015-11-07 22:41 . 2015-11-07 22:41 -------- d-----w- c:\users\mike\AppData\Local\Zemana

2015-11-07 22:19 . 2015-11-07 22:19 -------- d-----w- c:\users\mike\AppData\Local\VS Revo Group

2015-11-07 22:19 . 2015-11-07 22:19 -------- d-----w- c:\programdata\VS Revo Group

2015-11-07 22:19 . 2015-11-07 22:19 -------- d-----w- c:\program files\VS Revo Group

2015-11-05 13:47 . 2015-11-05 13:47 186880 ----a-w- c:\windows\system32\rsrcs.dll

2015-11-02 20:35 . 2015-07-03 02:34 1190000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4F35EFE6-C938-45C7-AC8D-914BB766E268}\gapaengine.dll

2015-10-20 01:37 . 2015-10-20 01:37 -------- d-----w- c:\users\Lorelai\.oracle_jre_usage

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2015-11-11 02:28 . 2012-10-07 17:00 780488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2015-11-11 02:28 . 2011-12-23 14:41 142536 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2015-11-10 15:16 . 2015-05-27 03:00 30616 ----a-w- c:\windows\SysWow64\drivers\hitmanpro37.sys

2015-10-29 17:50 . 2015-11-11 04:24 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2015-10-29 17:50 . 2015-11-11 04:24 309248 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll

2015-10-29 17:50 . 2015-11-11 04:24 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2015-10-29 17:50 . 2015-11-11 04:24 103424 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll

2015-10-29 17:49 . 2015-11-11 04:24 562176 ----a-w- c:\windows\apppatch\AcLayers.dll

2015-10-29 17:49 . 2015-11-11 04:24 470528 ----a-w- c:\windows\apppatch\AcSpecfc.dll

2015-10-29 17:49 . 2015-11-11 04:24 2178560 ----a-w- c:\windows\apppatch\AcGenral.dll

2015-10-29 17:49 . 2015-11-11 04:24 211968 ----a-w- c:\windows\apppatch\AcXtrnal.dll

2015-10-29 17:39 . 2015-11-11 04:24 2560 ----a-w- c:\windows\apppatch\AcRes.dll

2015-10-28 00:43 . 2011-01-10 04:14 145617392 ----a-w- c:\windows\system32\MRT.exe

2015-10-20 00:45 . 2015-11-11 04:25 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2015-10-15 17:29 . 2014-12-06 17:30 97888 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2015-10-01 18:06 . 2015-10-13 17:44 692672 ----a-w- c:\windows\system32\winload.efi

2015-10-01 18:04 . 2015-10-13 17:44 616360 ----a-w- c:\windows\system32\winresume.efi

2015-10-01 18:00 . 2015-10-13 17:44 63488 ----a-w- c:\windows\system32\setbcdlocale.dll

2015-10-01 18:00 . 2015-10-13 17:44 59392 ----a-w- c:\windows\system32\appidapi.dll

2015-10-01 18:00 . 2015-10-13 17:44 32768 ----a-w- c:\windows\system32\appidsvc.dll

2015-10-01 18:00 . 2015-10-13 17:44 147456 ----a-w- c:\windows\system32\appidpolicyconverter.exe

2015-10-01 18:00 . 2015-10-13 17:44 17920 ----a-w- c:\windows\system32\appidcertstorecheck.exe

2015-10-01 17:50 . 2015-10-13 17:44 50688 ----a-w- c:\windows\SysWow64\appidapi.dll

2015-10-01 17:00 . 2015-10-13 17:44 61440 ----a-w- c:\windows\system32\drivers\appid.sys

2015-09-18 19:22 . 2015-10-15 10:00 25432 ----a-w- c:\windows\system32\CompatTelRunner.exe

2015-09-18 19:19 . 2015-10-15 10:00 700416 ----a-w- c:\windows\system32\invagent.dll

2015-09-18 19:19 . 2015-10-15 10:00 766464 ----a-w- c:\windows\system32\generaltel.dll

2015-09-18 19:19 . 2015-10-15 10:00 503808 ----a-w- c:\windows\system32\devinv.dll

2015-09-18 19:19 . 2015-10-15 10:00 73216 ----a-w- c:\windows\system32\acmigration.dll

2015-09-18 19:19 . 2015-10-15 10:00 1291264 ----a-w- c:\windows\system32\appraiser.dll

2015-09-18 19:09 . 2015-10-15 10:00 1163776 ----a-w- c:\windows\system32\aeinv.dll

2015-09-02 03:04 . 2015-09-09 10:36 41984 ----a-w- c:\windows\system32\lpk.dll

2015-09-02 03:04 . 2015-09-09 10:36 100864 ----a-w- c:\windows\system32\fontsub.dll

2015-09-02 03:04 . 2015-09-09 10:36 14336 ----a-w- c:\windows\system32\dciman32.dll

2015-09-02 03:04 . 2015-09-09 10:36 46080 ----a-w- c:\windows\system32\atmlib.dll

2015-09-02 02:48 . 2015-09-09 10:36 70656 ----a-w- c:\windows\SysWow64\fontsub.dll

2015-09-02 02:48 . 2015-09-09 10:36 10240 ----a-w- c:\windows\SysWow64\dciman32.dll

2015-09-02 02:48 . 2015-09-09 10:36 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

2015-09-02 02:47 . 2015-09-09 10:36 25600 ----a-w- c:\windows\SysWow64\lpk.dll

2015-09-02 01:47 . 2015-09-09 10:36 372736 ----a-w- c:\windows\system32\atmfd.dll

2015-09-02 01:33 . 2015-09-09 10:36 299520 ----a-w- c:\windows\SysWow64\atmfd.dll

2015-08-27 18:18 . 2015-09-09 10:37 2004480 ----a-w- c:\windows\system32\msxml6.dll

2015-08-27 18:18 . 2015-09-09 10:37 1887232 ----a-w- c:\windows\system32\msxml3.dll

2015-08-27 18:13 . 2015-09-09 10:37 2048 ----a-w- c:\windows\system32\msxml6r.dll

2015-08-27 18:13 . 2015-09-09 10:37 2048 ----a-w- c:\windows\system32\msxml3r.dll

2015-08-27 17:58 . 2015-09-09 10:37 1391104 ----a-w- c:\windows\SysWow64\msxml6.dll

2015-08-27 17:58 . 2015-09-09 10:37 1241088 ----a-w- c:\windows\SysWow64\msxml3.dll

2015-08-27 17:51 . 2015-09-09 10:37 2048 ----a-w- c:\windows\SysWow64\msxml6r.dll

2015-08-27 17:51 . 2015-09-09 10:37 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll

2013-02-17 03:27 . 2013-02-17 03:27 2174976 ----a-w- c:\program files (x86)\Common Files\atimpenc.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"wermgr"="c:\programdata\Microsoft\Windows\WER\wermgr.exe" [2015-01-09 6786560]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2015-08-04 597552]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-11 61440]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2013-04-04 532040]

"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"ConsentPromptBehaviorAdmin"= 5 (0x5)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\igfxcui]

[bU]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\prwntdrv]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]

@="FSFilter System Recovery"

.

R1 akhooiqi;akhooiqi;c:\windows\system32\drivers\akhooiqi.sys;c:\windows\SYSNATIVE\drivers\akhooiqi.sys [x]

R1 cbdvaeqm;cbdvaeqm;c:\windows\system32\drivers\cbdvaeqm.sys;c:\windows\SYSNATIVE\drivers\cbdvaeqm.sys [x]

R1 cllsgdvi;cllsgdvi;c:\windows\system32\drivers\cllsgdvi.sys;c:\windows\SYSNATIVE\drivers\cllsgdvi.sys [x]

R1 djjjcxvu;djjjcxvu;c:\windows\system32\drivers\djjjcxvu.sys;c:\windows\SYSNATIVE\drivers\djjjcxvu.sys [x]

R1 dmgmtnms;dmgmtnms;c:\windows\system32\drivers\dmgmtnms.sys;c:\windows\SYSNATIVE\drivers\dmgmtnms.sys [x]

R1 dmkpvuyz;dmkpvuyz;c:\windows\system32\drivers\dmkpvuyz.sys;c:\windows\SYSNATIVE\drivers\dmkpvuyz.sys [x]

R1 gsiuylod;gsiuylod;c:\windows\system32\drivers\gsiuylod.sys;c:\windows\SYSNATIVE\drivers\gsiuylod.sys [x]

R1 gzgnstjx;gzgnstjx;c:\windows\system32\drivers\gzgnstjx.sys;c:\windows\SYSNATIVE\drivers\gzgnstjx.sys [x]

R1 hrvbrxpw;hrvbrxpw;c:\windows\system32\drivers\hrvbrxpw.sys;c:\windows\SYSNATIVE\drivers\hrvbrxpw.sys [x]

R1 jkoejsda;jkoejsda;c:\windows\system32\drivers\jkoejsda.sys;c:\windows\SYSNATIVE\drivers\jkoejsda.sys [x]

R1 jysmvthj;jysmvthj;c:\windows\system32\drivers\jysmvthj.sys;c:\windows\SYSNATIVE\drivers\jysmvthj.sys [x]

R1 kphuubhw;kphuubhw;c:\windows\system32\drivers\kphuubhw.sys;c:\windows\SYSNATIVE\drivers\kphuubhw.sys [x]

R1 kwgzdrjw;kwgzdrjw;c:\windows\system32\drivers\kwgzdrjw.sys;c:\windows\SYSNATIVE\drivers\kwgzdrjw.sys [x]

R1 lorvmjsc;lorvmjsc;c:\windows\system32\drivers\lorvmjsc.sys;c:\windows\SYSNATIVE\drivers\lorvmjsc.sys [x]

R1 ojwhzknr;ojwhzknr;c:\windows\system32\drivers\ojwhzknr.sys;c:\windows\SYSNATIVE\drivers\ojwhzknr.sys [x]

R1 poeziqaw;poeziqaw;c:\windows\system32\drivers\poeziqaw.sys;c:\windows\SYSNATIVE\drivers\poeziqaw.sys [x]

R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys;c:\windows\SYSNATIVE\drivers\SBREdrv.sys [x]

R1 tnjasajl;tnjasajl;c:\windows\system32\drivers\tnjasajl.sys;c:\windows\SYSNATIVE\drivers\tnjasajl.sys [x]

R1 vcyjxvwh;vcyjxvwh;c:\windows\system32\drivers\vcyjxvwh.sys;c:\windows\SYSNATIVE\drivers\vcyjxvwh.sys [x]

R1 wlkhwyvt;wlkhwyvt;c:\windows\system32\drivers\wlkhwyvt.sys;c:\windows\SYSNATIVE\drivers\wlkhwyvt.sys [x]

R1 ZAM;ZAM Helper Driver;c:\windows\System32\drivers\zam64.sys;c:\windows\SYSNATIVE\drivers\zam64.sys [x]

R1 ZAM_Guard;ZAM Guard Driver;c:\windows\System32\drivers\zamguard64.sys;c:\windows\SYSNATIVE\drivers\zamguard64.sys [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]

R2 ZAMSvc;ZAM Controller Service;c:\program files (x86)\Zemana AntiMalware\ZAM.exe;c:\program files (x86)\Zemana AntiMalware\ZAM.exe [x]

R3 DrmRAudio;DrmRAudio;c:\windows\system32\drivers\DrmRAudio.sys;c:\windows\SYSNATIVE\drivers\DrmRAudio.sys [x]

R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys;c:\windows\SYSNATIVE\epmntdrv.sys [x]

R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys;c:\windows\SYSNATIVE\EuGdiDrv.sys [x]

R3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys;c:\windows\SYSNATIVE\drivers\gfiark.sys [x]

R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys;c:\windows\SYSNATIVE\drivers\hitmanpro37.sys [x]

R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]

R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]

R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys;c:\windows\SYSNATIVE\drivers\libusb0.sys [x]

R3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe;c:\program files\Microsoft Fix it Center\Matsvc.exe [x]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]

R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys;c:\windows\SYSNATIVE\DRIVERS\MijXfilt.sys [x]

R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]

R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys;c:\program files\PeerBlock\pbfilter.sys [x]

R3 pnetmdm;PdaNet Modem;c:\windows\system32\DRIVERS\pnetmdm64.sys;c:\windows\SYSNATIVE\DRIVERS\pnetmdm64.sys [x]

R3 PSKMAD;PSKMAD;c:\windows\system32\DRIVERS\PSKMAD.sys;c:\windows\SYSNATIVE\DRIVERS\PSKMAD.sys [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

R3 SMServer;SMServer;c:\windows\SysWOW64\snmvtsvc.exe;c:\windows\SysWOW64\snmvtsvc.exe [x]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

R3 WsAudio_Device;WsAudio_Device;c:\windows\system32\drivers\VirtualAudio.sys;c:\windows\SYSNATIVE\drivers\VirtualAudio.sys [x]

R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys;c:\windows\SYSNATIVE\drivers\WsAudio_DeviceS(1).sys [x]

R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys;c:\windows\SYSNATIVE\drivers\WsAudio_DeviceS(2).sys [x]

R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys;c:\windows\SYSNATIVE\drivers\WsAudio_DeviceS(3).sys [x]

R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys;c:\windows\SYSNATIVE\drivers\WsAudio_DeviceS(4).sys [x]

R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys;c:\windows\SYSNATIVE\drivers\WsAudio_DeviceS(5).sys [x]

R4 LavasoftTcpService;LavasoftTcpService;c:\program files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.2\LavasoftTcpService.exe;c:\program files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.2\LavasoftTcpService.exe [x]

S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys;c:\windows\SYSNATIVE\drivers\gfibto.sys [x]

S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys;c:\windows\SYSNATIVE\Drivers\SmartDefragDriver.sys [x]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]

S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]

S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]

S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x]

S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [x]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]

S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]

S3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys;c:\windows\SYSNATIVE\drivers\SndTAudio.sys [x]

S3 WsAudio_Device(1);WsAudio_Device(1);c:\windows\system32\drivers\VirtualAudio1.sys;c:\windows\SYSNATIVE\drivers\VirtualAudio1.sys [x]

S3 WsAudio_Device(2);WsAudio_Device(2);c:\windows\system32\drivers\VirtualAudio2.sys;c:\windows\SYSNATIVE\drivers\VirtualAudio2.sys [x]

S3 WsAudio_Device(3);WsAudio_Device(3);c:\windows\system32\drivers\VirtualAudio3.sys;c:\windows\SYSNATIVE\drivers\VirtualAudio3.sys [x]

S3 WsAudio_Device(4);WsAudio_Device(4);c:\windows\system32\drivers\VirtualAudio4.sys;c:\windows\SYSNATIVE\drivers\VirtualAudio4.sys [x]

S3 WsAudio_Device(5);WsAudio_Device(5);c:\windows\system32\drivers\VirtualAudio5.sys;c:\windows\SYSNATIVE\drivers\VirtualAudio5.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

iissvcs REG_MULTI_SZ w3svc was

apphost REG_MULTI_SZ apphostsvc

.

Contents of the 'Scheduled Tasks' folder

.

2015-11-18 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-07 02:28]

.

2015-11-08 c:\windows\Tasks\HPCeeScheduleFormike.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 10:53]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2014-03-16 13667032]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-05-07 413208]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-04-30 1337000]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-05-07 161304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-05-07 386584]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = about:blank

uDefault_Search_URL = hxxp://go.microsoft.com

mDefault_Search_URL = hxxp://go.microsoft.com

mLocal Page = c:\windows\system32\blank.htm

mSearch Page = hxxp://go.microsoft.com

IE: Free YouTube Download - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm

IE: Free YouTube to MP3 Converter - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm

TCP: DhcpNameServer = 192.168.1.254

FF - ProfilePath - c:\users\mike\AppData\Roaming\Mozilla\Firefox\Profiles\l06oe161.default-1408982550710\

FF - prefs.js: browser.startup.homepage - hxxp://www.finheaven.com/

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{10921475-03CE-4E04-90CE-E2E7EF20C814} - (no file)

BHO-{EC9BB9E8-C697-054C-9ABB-3B0B1A6701E2} - (no file)

Toolbar-10 - (no file)

Toolbar-Locked - (no file)

Wow6432Node-HKLM-Run-iSkysoft Helper Compact.exe - c:\program files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe

Notify-avldr - (no file)

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

BHO-{72351B45-9636-4F99-820B-7C552D27897D}} - (no file)

WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)

AddRemove-Firefox Preloader_is1 - c:\program files (x86)\FirefoxPreloader\unins000.exe

AddRemove-Free Merge MP3_is1 - c:\program files (x86)\Free Merge MP3\unins000.exe

AddRemove-MagicDisc 2.7.106 - c:\progra~2\MAGICD~1\UNWISE.EXE

AddRemove-Media Player - Codec Pack - c:\windows\SysWOW64\C2MP\Uninst.exe

AddRemove-WBFS Manager 3.0 - n:\wbfs manager 3.0\uninstall.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet002\services\pdfcDispatcher]

"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:51,5f,8f,a6,6d,41,cf,01

.

[HKEY_USERS\S-1-5-21-2368672887-3863149176-669151158-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*R*õ¦,]

@Class="Shell"

.

[HKEY_USERS\S-1-5-21-2368672887-3863149176-669151158-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*R*õ¦,\OpenWithList]

@Class="Shell"

"a"="vlc.exe"

"MRUList"="a"

.

[HKEY_USERS\S-1-5-21-2368672887-3863149176-669151158-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*R*öo0+]

@Class="Shell"

.

[HKEY_USERS\S-1-5-21-2368672887-3863149176-669151158-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*R*öo0+\OpenWithList]

@Class="Shell"

"a"="vlc.exe"

"MRUList"="a"

.

[HKEY_USERS\S-1-5-21-2368672887-3863149176-669151158-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*R*½‘T,]

@Class="Shell"

.

[HKEY_USERS\S-1-5-21-2368672887-3863149176-669151158-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*R*½‘T,\OpenWithList]

@Class="Shell"

"a"="vlc.exe"

"MRUList"="a"

.

[HKEY_USERS\S-1-5-21-2368672887-3863149176-669151158-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

@Allowed: (Read) (RestrictedCode)

.

[HKEY_USERS\S-1-5-21-2368672887-3863149176-669151158-1000\Software\SecuROM\License information*]

"datasecu"=hex:f3,17,f8,a4,18,f9,50,c1,3d,8c,2b,b7,6c,de,dd,49,17,3e,46,4a,e8,

c9,f3,99,ed,a0,80,bf,b2,b4,b8,98,85,c7,cb,bc,de,b9,f9,c8,7b,1b,cb,8a,34,38,\

"rkeysecu"=hex:8f,86,3b,fd,05,34,43,f3,40,71,07,75,85,7a,a0,d2

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_19_0_0_245_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_19_0_0_245_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]

@Denied: (A 2) (Everyone)

@="IFlashBroker6"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_19_0_0_245_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_19_0_0_245_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_245.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.19"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_245.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_245.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_245.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]

@Denied: (A 2) (Everyone)

@="IFlashBroker6"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

Completion time: 2015-11-18 16:22:04

ComboFix-quarantined-files.txt 2015-11-18 22:22

.

Pre-Run: 565,305,651,200 bytes free

Post-Run: 567,989,993,472 bytes free

.

- - End Of File - - D254591837EBF41D0F309C0EEA69F6B8

AF00FC1920E1CF861B39B90A4375EDF3

Link to post
Share on other sites

Complete scanning result of "SUPERDelete.exe", processed in VirusTotal at 11/20/2015 04:58:06 (CET)

 

[ file data ]

* name..: SUPERDelete.exe

* size..: 59160

* md5...: 35da92670c06c15cf6f5c10708788554

* sha1..: 1fb77420811528d76794b9ca5410f4d7c7583d5d

 

[ scan result ]

ALYac 1.0.1.5/20151120 found nothing

AVG 16.0.0.4460/20151120 found nothing

AVware 1.5.0.21/20151120 found nothing

Ad-Aware 12.0.163.0/20151120 found nothing

AegisLab 1.5/20151119 found nothing

Agnitum 5.5.1.3/20151118 found nothing

AhnLab-V3 2015.11.20.00/20151119 found nothing

Alibaba 1.0/20151120 found nothing

Antiy-AVL 1.0.0.1/20151120 found nothing

Arcabit 1.0.0.597/20151120 found nothing

Avast 8.0.1489.320/20151120 found nothing

Avira 8.3.2.4/20151120 found nothing

Baidu-International 3.5.1.41473/20151119 found nothing

BitDefender 7.2/20151120 found nothing

ByteHero 1.0.0.1/20151120 found nothing

CAT-QuickHeal 14.00/20151119 found nothing

CMC 1.1.0.977/20151118 found nothing

ClamAV 0.98.5.0/20151120 found nothing

Comodo 23622/20151120 found nothing

Cyren 5.4.16.7/20151120 found nothing

DrWeb 7.0.16.10090/20151120 found nothing

ESET-NOD32 12595/20151120 found nothing

Emsisoft 3.5.0.642/20151120 found nothing

F-Prot 4.7.1.166/20151120 found nothing

Fortinet 5.1.220.0/20151120 found nothing

GData 25/20151120 found nothing

Ikarus T3.1.9.5.0/20151120 found nothing

Jiangmin 16.0.100/20151119 found nothing

K7AntiVirus 9.212.17910/20151119 found nothing

K7GW 9.212.17910/20151119 found nothing

Kaspersky 15.0.1.10/20151120 found nothing

Malwarebytes 2.1.1.1115/20151119 found nothing

McAfee 6.0.6.653/20151120 found nothing

McAfee-GW-Edition v2015/20151120 found nothing

MicroWorld-eScan 12.0.250.0/20151120 found nothing

Microsoft 1.1.12300.0/20151120 found nothing

NANO-Antivirus 0.30.26.4751/20151120 found nothing

Panda 4.6.4.2/20151119 found nothing

Qihoo-360 1.0.0.1077/20151120 found nothing

Rising 25.0.0.18/20151117 found nothing

SUPERAntiSpyware 5.6.0.1032/20151120 found nothing

Sophos 4.98.0/20151120 found nothing

Symantec 20151.1.0.32/20151119 found nothing

Tencent 1.0.0.1/20151120 found nothing

TheHacker 6.8.0.5.729/20151119 found nothing

TotalDefense 37.1.62.1/20151119 found nothing

TrendMicro 9.740.0.1012/20151120 found nothing

TrendMicro-HouseCall 9.800.0.1009/20151120 found nothing

VBA32 3.12.26.4/20151119 found nothing

VIPRE 45304/20151119 found nothing

ViRobot 2014.3.20.0/20151119 found nothing

Zillya 2.0.0.2520/20151119 found nothing

Zoner 1.0/20151120 found nothing

nProtect 2015-11-19.01/20151119 found nothing

Link to post
Share on other sites

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
If this doesn't find anything and you're still getting pop-ups and being redirected ...

I would suggest that you completely uninstall Firefox. You can always install it again, but we need to see what's causing this problem.

Link to post
Share on other sites

Junkware Removal Tool (JRT) by Malwarebytes

Version: 8.0.0 (11.12.2015)

Operating System: Windows 7 Ultimate x64

Ran by mike (Administrator) on Fri 11/20/2015 at 18:01:22.46

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

File System: 3

 

Successfully deleted: C:\Users\mike\AppData\Local\plutotv (Folder)

Successfully deleted: C:\Users\mike\Start Menu\Programs\search.lnk (Shortcut)

Successfully deleted: C:\Windows\wininit.ini (File)

 

 

 

Registry: 4

 

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{88C7F2AA-F93F-432C-8F0E-B7D85967A527} (Registry Value)

Successfully deleted: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9AB797C0-EAFA-4A5D-A65B-2E286BDD1535} (Registry Key)

Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814} (Registry Key)

Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EC9BB9E8-C697-054C-9ABB-3B0B1A6701E2} (Registry Key)

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Fri 11/20/2015 at 18:07:08.39

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Link to post
Share on other sites

Internet Explorer will need to be reset to it's 'default' settings:

http://windows.microsoft.com/en-us/internet-explorer/reset-ie-settings#ie=ie-11-win-7

 

Make sure 'proxy' settings are disabled:

 

1) Under “Tools” in the browser tool bar select “Internet Options”.

2) In the “Internet Options” window that pops up, click the “Connections” tab at the top.

3) Click “LAN Settings” near the bottom of the “Connections” section.

4) If the “Proxy server” checkbox is marked with a check, click it to deselect/uncheck it.

5) Click “Ok” to close the “Local Area Network (LAN) Settings” window.

6) Click “Ok” to close the “Internet Options” window.

 

Reboot

 

Make sure "Proxy server" is still disabled under your LAN Settings.

 

Test whether internet connectivity is restored.

Link to post
Share on other sites

This is getting harsh stickyman.gif

 

Please download RogueKiller 32/64 bit http://www.bleepingcomputer.com/download/roguekiller/to your desktop

 

Quit all running programs.

 

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

 

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

 

Don't run any other options, they're not all bad!

 

Post back the report which should be located on your desktop.

Link to post
Share on other sites

RogueKiller V10.11.6.0 [Nov 16 2015] (Free) by Adlice Software

mail : http://www.adlice.com/contact/

Feedback : http://forum.adlice.com

Website : http://www.adlice.com/software/roguekiller/

Blog : http://www.adlice.com

 

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : mike [Administrator]

Started from : C:\Users\mike\Desktop\RogueKiller(1).exe

Mode : Scan -- Date : 11/21/2015 17:48:35

 

¤¤¤ Processes : 1 ¤¤¤

[suspicious.Path] wermgr.exe(4504) -- C:\ProgramData\Microsoft\Windows\WER\wermgr.exe[-] -> Killed [TermProc]

 

¤¤¤ Registry : 5 ¤¤¤

[suspicious.Path] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | wermgr : C:\ProgramData\Microsoft\Windows\WER\wermgr.exe [-] -> Found

[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-2368672887-3863149176-669151158-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Found

[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-2368672887-3863149176-669151158-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Found

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5228361B-9E7C-407B-83BF-28A546BBC0F9} | DhcpNameServer : 172.20.10.1 ([X]) -> Found

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{5228361B-9E7C-407B-83BF-28A546BBC0F9} | DhcpNameServer : 172.20.10.1 ([X]) -> Found

 

¤¤¤ Tasks : 0 ¤¤¤

 

¤¤¤ Files : 9 ¤¤¤

[PUP][Folder] C:\ProgramData\{0F47B255-CF9F-48C5-B558-B7DAF9345268} -> Found

[PUP][Folder] C:\ProgramData\{23D58E70-3B83-4B83-A227-68770F84F5EC} -> Found

[PUP][Folder] C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D} -> Found

[PUP][Folder] C:\ProgramData\{42E04EE4-AB57-407A-9691-3FFA8B8FEBBE} -> Found

[PUP][Folder] C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001} -> Found

[PUP][Folder] C:\ProgramData\{D76294E6-03B8-4971-AF2E-3F846161A690} -> Found

[PUP][Folder] C:\ProgramData\{E1ED556E-3EA0-4F44-8BE7-CC5FB0F4B424} -> Found

[PUP][Folder] C:\ProgramData\{E91883C8-8CDC-46A4-A45F-CB40EB82ED60} -> Found

[PUP][Folder] C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6} -> Found

 

¤¤¤ Hosts File : 36 ¤¤¤

[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost

[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly

[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 tracking.opencandy.com.s3.amazonaws.com

[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 media.opencandy.com

[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.opencandy.com

[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 tracking.opencandy.com

[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 api.opencandy.com

[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 api.recommendedsw.com

[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 installer.betterinstaller.com

[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 installer.filebulldog.com

[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net

[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 inno.bisrv.com

[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 nsis.bisrv.com

[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.file2desktop.com

[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.goateastcach.us

[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.guttastatdk.us

[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.inskinmedia.com

[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.insta.oibundles2.com

[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.insta.playbryte.com

[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.llogetfastcach.us

[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.montiera.com

[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.msdwnld.com

[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.mypcbackup.com

[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.ppdownload.com

[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.riceateastcach.us

[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.shyapotato.us

[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.solimba.com

[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.tuto4pc.com

[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.appround.biz

[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.bigspeedpro.com

[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.bispd.com

[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.bisrv.com

[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.cdndp.com

[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.download.sweetpacks.com

[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.dpdownload.com

[C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.visualbee.net

 

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ MBR Check : ¤¤¤

+++++ PhysicalDrive0: +++++

--- User ---

[MBR] d8d268d8047e1faa9b945dbdc98d2c25

[bSP] 837f63b937cbc3ae99160a903cd3e57e : Windows Vista/7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]

1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 941553 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]

2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1928507392 | Size: 12214 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]

User = LL1 ... OK

User = LL2 ... OK

 

+++++ PhysicalDrive1: +++++

--- User ---

[MBR] 7dbeb153604ba477657883006c233caa

[bSP] 7291ef5b4894c4288494038c0bd00195 : Compressed BootMgr MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1936269394 | Size: 896492 MB [Error reading VBR! ([17] Data error (cyclic redundancy check). )]

1 - [XXXXXX] UNKNOWN (0x73) [VISIBLE] Offset (sectors): 1917848077 | Size: 265838 MB

2 - [XXXXXX] SYLSTOR (0x2b) [VISIBLE] Offset (sectors): 1818575915 | Size: 265710 MB

3 - [XXXXXX] UNKNOWN (0x61) [VISIBLE] Offset (sectors): 2844524554 | Size: 26 MB

User != LL1 ... KO!

--- LL1 ---

[MBR] 7dbeb153604ba477657883006c233caa

[bSP] 7291ef5b4894c4288494038c0bd00195 : Compressed BootMgr MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1936269394 | Size: 896492 MB[invalid]

1 - [XXXXXX] UNKNOWN (0x73) [VISIBLE] Offset (sectors): 1917848077 | Size: 265838 MB

2 - [XXXXXX] SYLSTOR (0x2b) [VISIBLE] Offset (sectors): 1818575915 | Size: 265710 MB

3 - [XXXXXX] UNKNOWN (0x61) [VISIBLE] Offset (sectors): 2844524554 | Size: 26 MB

Error reading LL2 MBR! ([32] The request is not supported. )

 

+++++ PhysicalDrive2: +++++

--- User ---

[MBR] f0cbafcf8557128e2ac994c03804c1bf

[bSP] a83a24340e59ea8cbbf2d8eaa19e98b0 : Windows XP MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 15483 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]

User = LL1 ... OK

Error reading LL2 MBR! ([32] The request is not supported. )

Link to post
Share on other sites

×
×
  • Create New...