Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Core dumps, problems loading web page, & media player issues

Started by CZ2761 , Oct 16 2014 11:56 AM

  • This topic is locked This topic is locked

#16
emeraldnzl
Posted 24 October 2014 - 06:32 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

Hmm... let's do this:

 

Please download ComboFix from this location:

Link

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.

  • Double click on ComboFix.exe & follow the prompts.
  • If you have an older Operating System you may be asked whether you want to install the Recovery Console. Click yes and follow any prompts.
  • Your desktop may go blank. This is normal.
  • ComboFix may appear to be doing nothing for quite long periods, this is normal, just leave it to do it's job.
  • ComboFix may reboot your machine. This is normal too.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

When finished, it will produce a log for you.  Please include the C:\ComboFix.txt in your next reply.


  • 0

Advertisements

#17
CZ2761
Posted 24 October 2014 - 06:51 PM

CZ2761

    Member

  • Topic Starter
  • Member
  • PipPip
  • 95 posts
ComboFix 14-10-24.01 - Zlatoper 10/24/2014  20:40:24.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4044.2200 [GMT -4:00]
Running from: c:\users\Zlatoper\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2014-09-25 to 2014-10-25  )))))))))))))))))))))))))))))))
.
.
2014-10-25 00:46 . 2014-10-25 00:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-10-24 21:14 . 2014-10-24 21:14 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-10-24 21:11 . 2014-10-24 21:11 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2014-10-24 10:18 . 2014-10-14 19:59 11627712 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{42BDB68E-5550-4BCC-BC2E-6C4CA95A5D62}\mpengine.dll
2014-10-23 23:42 . 2014-10-23 23:42 -------- d-----w- c:\windows\ERUNT
2014-10-23 21:47 . 2014-10-23 23:36 -------- d-----w- C:\AdwCleaner
2014-10-22 01:03 . 2014-10-24 20:39 -------- d-----w- C:\FRST
2014-10-15 11:45 . 2014-09-29 00:58 3198976 ----a-w- c:\windows\system32\win32k.sys
2014-10-15 11:45 . 2014-06-18 22:23 73880 ----a-w- c:\windows\system32\mscories.dll
2014-10-15 11:45 . 2014-06-18 22:23 1943696 ----a-w- c:\windows\system32\dfshim.dll
2014-10-15 11:45 . 2014-06-18 22:23 156312 ----a-w- c:\windows\system32\mscorier.dll
2014-10-15 11:45 . 2014-06-18 22:23 81560 ----a-w- c:\windows\SysWow64\mscories.dll
2014-10-15 11:45 . 2014-06-18 22:23 156824 ----a-w- c:\windows\SysWow64\mscorier.dll
2014-10-15 11:45 . 2014-06-18 22:23 1131664 ----a-w- c:\windows\SysWow64\dfshim.dll
2014-10-15 11:45 . 2014-07-07 02:06 842240 ----a-w- c:\windows\system32\blackbox.dll
2014-10-15 11:45 . 2014-07-07 02:06 1202176 ----a-w- c:\windows\system32\drmv2clt.dll
2014-10-15 11:45 . 2014-07-07 01:40 744960 ----a-w- c:\windows\SysWow64\blackbox.dll
2014-10-15 11:43 . 2014-10-07 02:54 810680 ----a-w- c:\program files\Internet Explorer\iexplore.exe
2014-10-15 11:42 . 2014-09-13 01:58 77312 ----a-w- c:\windows\system32\packager.dll
2014-10-15 11:42 . 2014-09-13 01:40 67072 ----a-w- c:\windows\SysWow64\packager.dll
2014-10-02 01:02 . 2014-09-25 02:08 371712 ----a-w- c:\windows\system32\qdvd.dll
2014-10-02 01:02 . 2014-09-25 01:40 519680 ----a-w- c:\windows\SysWow64\qdvd.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-24 21:13 . 2014-05-20 13:53 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-10-16 01:24 . 2014-08-28 23:24 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-10-02 19:53 . 2010-11-21 03:27 278152 ------w- c:\windows\system32\MpSigStub.exe
2014-09-24 00:12 . 2012-09-01 01:38 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-09-24 00:12 . 2011-11-09 17:33 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-09 22:11 . 2014-09-24 09:46 2048 ----a-w- c:\windows\system32\tzres.dll
2014-09-09 21:47 . 2014-09-24 09:46 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-08-28 23:36 . 2011-03-29 02:36 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-23 02:07 . 2014-08-28 10:18 404480 ----a-w- c:\windows\system32\gdi32.dll
2014-08-23 01:45 . 2014-08-28 10:18 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2014-08-01 11:53 . 2014-09-10 14:24 1031168 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-08-01 11:35 . 2014-09-10 14:24 793600 ----a-w- c:\windows\SysWow64\TSWorkspace.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2014-09-26 6482200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]
"HPQuickWebProxy"="c:\program files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2011-10-08 169528]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
"HP CoolSense"="c:\program files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe" [2012-11-05 1343904]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-03-05 578944]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-02-06 152392]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-09-12 959176]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Billminder.lnk - c:\program files (x86)\Quicken\billmind.exe -startup [2002-7-30 36864]
Quicken Scheduled Updates.lnk - c:\program files (x86)\Quicken\bagent.exe [2002-7-30 53248]
Quicken Startup.lnk - c:\program files (x86)\Quicken\QWDLLS.EXE [2002-7-30 36864]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 mrtRate;mrtRate; [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2012\TrueSuiteService.exe;c:\program files (x86)\HP SimplePass 2012\TrueSuiteService.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-10-22 00:38 1089352 ----a-w- c:\program files (x86)\Google\Chrome\Application\38.0.2125.104\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-10-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-01 00:12]
.
2014-10-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-12-24 18:53]
.
2014-10-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-12-24 18:53]
.
2014-10-24 c:\windows\Tasks\HPCeeScheduleForZlatoper.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 12:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-16 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-16 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-16 416024]
"SetDefault"="c:\program files\Hewlett-Packard\HP LaunchBox\SetDefault.exe" [2011-09-30 43320]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-12-11 1425408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCPluginUpdater"="c:\program files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" [2014-10-22 21720]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <-loopback>;*.local
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{1A0007E2-C4AD-4D63-91BE-076B18151F73}: NameServer = 75.126.206.18,184.173.169.186
TCP: Interfaces\{27056DB1-52BF-4DC6-8372-1EBB099843C7}: NameServer = 75.126.206.18,184.173.169.186
TCP: Interfaces\{27056DB1-52BF-4DC6-8372-1EBB099843C7}\C416155796E64716F575962756C6563737: NameServer = 75.126.206.18,184.173.169.186
TCP: Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 75.126.206.18,184.173.169.186
FF - ProfilePath - c:\users\Zlatoper\AppData\Roaming\Mozilla\Firefox\Profiles\xw4jsq8x.default\
FF - prefs.js: browser.startup.homepage - www.hotmail.com
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM_Wow6432Node-ActiveSetup-{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE} - c:\program files (x86)\InstallShield Installation Information\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.5\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.5\my.ini\" MySQL"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-425876873-3771999699-2460655575-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.**ˆ]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-425876873-3771999699-2460655575-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.**ˆ\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-10-24  20:48:24
ComboFix-quarantined-files.txt  2014-10-25 00:48
.
Pre-Run: 412,034,920,448 bytes free
Post-Run: 411,635,789,824 bytes free
.
- - End Of File - - D426A5F5EB1A792EA7C275532ADA82C8

  • 0

#18
emeraldnzl
Posted 24 October 2014 - 08:00 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

 

I still cannot get to Walmart or Target websites.   Another issue:  On the Lowes.com website when I search for an item and click on "go to next page", I get an "error has occurred" message and the site freezes.

 

Tell me, does this happen in all your browsers?

 

Try these actions too:

 

Run Firefox in Safe Mode.

 

How to start Firefox in Safe Mode
 

  • Go to the Open Menu (square bars top right) and click
  • Click on the question mark at the bottom of the drop down that appears
  • Click on Restart with Add-ons disabled

Try you browser and see if there is any change.

For earlier versions:

How to start Firefox in Safe Mode

Go to Firefox > Help > Restart with Add-ons Disabled.

Firefox will start with the Firefox Safe Mode dialog.

Note: You can also start Firefox in Safe Mode by clicking Start, selecting Run (or use the Start Search box in Windows 7 and Vista) and then entering the following in the text field: firefox -safe-mode

 

 

Also

 

Try IE without Add-ons by clicking:

Start > All programs > Accessories > System tools > Internet Explorer [no add-ons]

Come back and tell me if those actions make a difference.

 

 


  • 0

#19
CZ2761
Posted 25 October 2014 - 11:58 AM

CZ2761

    Member

  • Topic Starter
  • Member
  • PipPip
  • 95 posts

The behavior of Walmart, Target, & Lowes is the same regardless of the browser I use.  My browser preference is Chrome.  Running FF & IE in safe mode made no difference when attempting to load any of these pages.  Thanks.


  • 0

#20
emeraldnzl
Posted 25 October 2014 - 02:38 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

We will try another approach and see if that helps. :)

 

Please download zoek.exe and save it to your desktop (Firefox users right click and Save Link As...).
 

  • Close any open browsers.
  • Temporarily disable your AntiVirus program. (If necessary)
  •     Double click zoek.zip
  •     Double click on zoek.exe to run.
  •     Please wait while the tool starts. It will appear to be doing nothing and may take a few seconds to come up.
  •     Copy the text below and paste it into the large window in the zoek tool:

FFDefaults;
CHRDefaults;
emptyclsid;
EmptyAllTemp;
AutoClean;

  •     Click on Run script button
  •     Please wait patiently (it may take a few minutes) until a log report will open (this may be after reboot, if required)
  •     Copy (Ctrl +C) and paste (Ctrl +V) the contents of the opened entire report back here.

Note: It will also create a log in the C:\ directory named "zoek-results.log"

 


  • 0

#21
CZ2761
Posted 26 October 2014 - 05:54 AM

CZ2761

    Member

  • Topic Starter
  • Member
  • PipPip
  • 95 posts
Good morning:  Here's the Zoek log:
 
 
 
Zoek.exe v5.0.0.0 Updated 24-10-2014
Tool run by Zlatoper on Sun 10/26/2014 at  7:38:37.01.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Zlatoper\Downloads\zoek.exe [Scan all users] [Script inserted] 
 
==== System Restore Info ======================
 
10/26/2014 7:40:24 AM Zoek.exe System Restore Point Created Succesfully.
 
==== Deleting CLSID Registry Keys ======================
 
 
==== Deleting CLSID Registry Values ======================
 
HKEY_USERS\S-1-5-21-425876873-3771999699-2460655575-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully
 
==== Deleting Services ======================
 
 
==== FireFox Fix ======================
 
Deleted from C:\Users\Zlatoper\AppData\Roaming\Mozilla\Firefox\Profiles\xw4jsq8x.default\prefs.js:
user_pref("browser.startup.homepage", "www.hotmail.com");
 
Added to C:\Users\Zlatoper\AppData\Roaming\Mozilla\Firefox\Profiles\xw4jsq8x.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.co...le Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.co...le Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
 
ProfilePath: C:\Users\Zlatoper\AppData\Roaming\Mozilla\Firefox\Profiles\xw4jsq8x.default
 
user.js not found
---- Lines browser.startup.page removed from prefs.js ----
user_pref("browser.startup.page", 3);
---- FireFox user.js and prefs.js backups ---- 
 
prefs_20141026_0748_.backup
 
==== Deleting Files \ Folders ======================
 
C:\Users\Zlatoper\.android deleted
C:\PROGRA~2\Windows Portable Devices deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Zlatoper\AppData\Local\cache deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
"C:\PROGRA~2\Microsoft Application Virtualization Client\sftcomp.dll" deleted
"C:\PROGRA~2\Microsoft Application Virtualization Client\sftcore.dll" not deleted
"C:\PROGRA~2\Microsoft Application Virtualization Client\sftevent.dll" not deleted
"C:\PROGRA~2\Microsoft Application Virtualization Client\sftfsi_wow64.dll" deleted
"C:\PROGRA~2\Microsoft Application Virtualization Client\sftintf.dll" not deleted
"C:\PROGRA~2\Microsoft Application Virtualization Client\sftlist.exe" deleted
"C:\PROGRA~2\Microsoft Application Virtualization Client\sftpsr.dll" deleted
"C:\PROGRA~2\Microsoft Application Virtualization Client\sftsync.dll" deleted
"C:\PROGRA~2\Microsoft Application Virtualization Client\sftuser.dll" deleted
"C:\PROGRA~2\Microsoft Application Virtualization Client\sftvsa.exe" deleted
"C:\PROGRA~2\Microsoft Application Virtualization Client\sftcomp.dll" deleted
"C:\PROGRA~2\Microsoft Application Virtualization Client\sftcore.dll" not deleted
"C:\PROGRA~2\Microsoft Application Virtualization Client\sftevent.dll" not deleted
"C:\PROGRA~2\Microsoft Application Virtualization Client\sftfsi_wow64.dll" deleted
"C:\PROGRA~2\Microsoft Application Virtualization Client\sftintf.dll" not deleted
"C:\PROGRA~2\Microsoft Application Virtualization Client\sftlist.exe" deleted
"C:\PROGRA~2\Microsoft Application Virtualization Client\sftpsr.dll" deleted
"C:\PROGRA~2\Microsoft Application Virtualization Client\sftsync.dll" deleted
"C:\PROGRA~2\Microsoft Application Virtualization Client\sftuser.dll" deleted
"C:\PROGRA~2\Microsoft Application Virtualization Client\sftvsa.exe" deleted
"C:\PROGRA~2\Microsoft Application Virtualization Client" not deleted
"C:\PROGRA~2\Microsoft Application Virtualization Client" not deleted
 
==== Firefox Extensions ======================
 
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
==== Firefox Plugins ======================
 
Profilepath: C:\Users\Zlatoper\AppData\Roaming\Mozilla\Firefox\Profiles\xw4jsq8x.default
DFC9460CC37E5C414DC4680B10C19E7A - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll - Shockwave Flash
F556A64AB2DB1BD834E7C89CE211516B - C:\Windows\SysWoW64\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director
 
 
==== Chromium Look ======================
 
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
debkinhcgejcbfgjiaalomcmkedjmiaa - C:\Program Files (x86)\HP SimplePass 2012\tschrome.crx[08/25/2011 07:41 AM]
 
 
==== Set IE to Default ======================
 
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
 
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
 
==== All HKCU SearchScopes ======================
 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.co...={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/...ox&FORM=IESR02"
 
==== Reset Google Chrome ======================
 
C:\Users\Zlatoper\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Zlatoper\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
 
==== Empty IE Cache ======================
 
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Zlatoper\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Zlatoper\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
 
==== Empty FireFox Cache ======================
 
C:\Users\Zlatoper\AppData\Local\Mozilla\Firefox\Profiles\xw4jsq8x.default\cache2 emptied successfully
 
==== Empty Chrome Cache ======================
 
C:\Users\Zlatoper\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
 
==== Empty All Flash Cache ======================
 
Flash Cache Emptied Successfully
 
==== Empty All Java Cache ======================
 
Java Cache cleared successfully
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=60 folders=23 27377085 bytes)
 
==== Empty Temp Folders ======================
 
C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Users\Zlatoper\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
 
==== After Reboot ======================
 
==== Empty Temp Folders ======================
 
C:\Windows\Temp successfully emptied
C:\Users\Zlatoper\AppData\Local\Temp successfully emptied
 
==== Empty Recycle Bin ======================
 
C:\$RECYCLE.BIN successfully emptied
 
==== Deleting Files / Folders ======================
 
"C:\PROGRA~2\Microsoft Application Virtualization Client\sftcore.dll"  not found
"C:\PROGRA~2\Microsoft Application Virtualization Client\sftevent.dll"  not found
"C:\PROGRA~2\Microsoft Application Virtualization Client\sftintf.dll"  not found
"C:\PROGRA~2\Microsoft Application Virtualization Client\sftcore.dll"  not found
"C:\PROGRA~2\Microsoft Application Virtualization Client\sftevent.dll"  not found
"C:\PROGRA~2\Microsoft Application Virtualization Client\sftintf.dll"  not found
"C:\PROGRA~2\Microsoft Application Virtualization Client"  not found
"C:\PROGRA~2\Microsoft Application Virtualization Client"  not found
 
==== EOF on Sun 10/26/2014 at  7:53:11.24 ======================

  • 0

#22
emeraldnzl
Posted 26 October 2014 - 12:05 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

Any change now?


  • 0

#23
CZ2761
Posted 26 October 2014 - 03:01 PM

CZ2761

    Member

  • Topic Starter
  • Member
  • PipPip
  • 95 posts

No change on any browswer.   :no:


  • 0

#24
emeraldnzl
Posted 26 October 2014 - 05:46 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

There are some very cunning browser infections out there at the moment, one in particular attacks Chrome and isn't readily seen in our scans. I am not seeing any signs of it though and am beginning to think this might not be malware related.

There are a couple of things I would like you to try though before I send you off to the technical section.

Firstly

  • Click Start and then type CMD in the Search programs and files.
  • Right-click CMD.exe icon in Programs and choose Run as administrator.
  • When the User Account Control box pops up, click Yes.
  • At the command prompt, copy and paste (or type) the following command and then press ENTER:
netsh int ip reset c:\resetlog.txt
  • Note the gaps... they should be there.

Reboot the computer.

After that try the sites you are having problems with.

If you still have a problem try resetting your router/modem. Turn it off for say 30 seconds and restart it and see if that changes anything.

And, if you haven't already done so you could try trouble shooting the problem:

Go to Control Panel > Network and Internet > View network status and tasks > Troubleshoot problems and click on Internet Problems follow any prompts - with luck it will detect and repair.

If you still have a problem do the same but this time click on Network Adapter

If none of those work I think it will be time to clear away the tools we have been using and referring you to the technical section. :)


  • 0

#25
CZ2761
Posted 27 October 2014 - 04:33 AM

CZ2761

    Member

  • Topic Starter
  • Member
  • PipPip
  • 95 posts

Followed your suggestions but I am still having the same problem.  Thanks.


  • 0

Advertisements

#26
emeraldnzl
Posted 27 October 2014 - 01:24 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

Time to go for technical help.

I don't think this is a malware issue. I am not a techie, I think you will get better help in the Windows 7 OS forum here. Open a new topic there outlining your problem and telling them that you have been here first. :)

Now

We have a couple of last steps to perform and then you're all set.

Follow these steps to uninstall Combofix. This will also clean out and reset your Restore Points.

  • Press the Windows Key and R on your keyboard. This will bring up the Run window.
  • Now type Combofix /Uninstall in the runbox  and click OK.  Note the space between the X and the U, it needs to be there.

CF_Uninstall-1.jpg


  • Follow the prompts to uninstall Combofix.

Once done you will receive a message saying Combofix was uninstalled successfully.

Next

To clear away the tools we have been using download Delfix from here.

Put a check (tick) in the following boxes:
 

  • Activate UAC
  • Remove disinfection tools
  • Reset System Settings
  • Then click Run

The tool will run for a short time. When completed a notepad window will open with a log. Please copy and paste the log back here.

Any remaining tools may be deleted.

-------------------------------------------------------------------------------------------------------------------

A reminder:  Remember to (re-install if uninstalled during cleaning) update and turn back on any anti-malware programs you may have turned off during the cleaning process.
-------------------------------------------------------------------------------------------------------------------

Here are some things that I think are worth having a look at if you don't already know about them:

---------------------------------------------------------------------------------------------------------------------

It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article Strong passwords: How to create and use them.

----------------------------------------------------------------------------------------------------------------------

A while back over 100 million Adobe users e-mail and other information were hacked. Users were asked to change their passwords following the hack and you can go to the link below to check your e-mail to see whether you were one of the 150 million.

https://lastpass.com/adobe/

If you are on the list, all passwords should be changed including those used for banking, email, eBay, paypal and online forums.

------------------------------------------------------------------------------------------------------------------------

Java warning

Java is a popular point of entry to your computer for malicous programs. The United States Department of Homeland Security recommends that computer users disable Java, see here. Unless you need it to run an important software the safest approach is to completely uninstall Java. Where you do require it, then the next safest option is to disable it in your browsers until you need it, then enable it.

How to disable Java in your web browser and How to unplug Java from the browser

If you do still need Java then regularly check that it is up to date. Older versions are the most vulnerable to malicious attack.
 

  • Download Java for Windows

    Reboot your computer.
    You also need to unininstall older versions of Java.

       
  • Click Start > Control Panel > Add or Remove Programs
       
  • Remove all Java updates except the latest one you have just installed.

--------------------------------------------------------------------------------------------------------------------

CryptoLocker Warning

There is a particularly nasty infection out there at the moment.

Go here for information about CryptoLocker Ransomeware

Download CryptoPrevent free for home use.

--------------------------------------------------------------------------------------------------------------------

To help protect your computer in the future:



If you do not already have automatic updates set then it is recommended that you do set Windows to check, download and install your updates automatically.

    * Click Start > Control Panel > System and Security > Windows Update
    * Under Windows Update click on Turn automatic updating on or off
    * Check items shown to ensure you receive updates automatically. Click OK.

Be aware of what emails you open and websites you visit.

Go here for some good advice about how to prevent infection.

A fun way to check your online safety literacy.

Quiz - getsafeonline

Have a safe and happy computing day!
 

 


  • 0

#27
CZ2761
Posted 27 October 2014 - 02:31 PM

CZ2761

    Member

  • Topic Starter
  • Member
  • PipPip
  • 95 posts
Thanks for your help.  I'll try the Win7 forum
 
# DelFix v10.8 - Logfile created 27/10/2014 at 16:29:37
# Updated 29/07/2014 by Xplode
# Username : Zlatoper - ZLATOPER-HP
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
 
~ Activating UAC ... OK
 
~ Removing disinfection tools ...
 
Deleted : C:\Combofix
Deleted : C:\FRST
Deleted : C:\zoek_backup
Deleted : C:\AdwCleaner
Deleted : C:\Users\Zlatoper\Downloads\FRST-OlderVersion
Deleted : C:\ComboFix.txt
Deleted : C:\zoek-results.log
Deleted : C:\Users\Zlatoper\Desktop\JRT.txt
Deleted : C:\Users\Zlatoper\Desktop\OTL.Txt
Deleted : C:\Users\Zlatoper\Desktop\Rkill.txt
Deleted : C:\Users\Zlatoper\Desktop\SecurityCheck.exe
Deleted : C:\Users\Zlatoper\Downloads\Addition.txt
Deleted : C:\Users\Zlatoper\Downloads\AdwCleaner.exe
Deleted : C:\Users\Zlatoper\Downloads\ComboFix.exe
Deleted : C:\Users\Zlatoper\Downloads\Extras.Txt
Deleted : C:\Users\Zlatoper\Downloads\Fixlog.txt
Deleted : C:\Users\Zlatoper\Downloads\FRST.txt
Deleted : C:\Users\Zlatoper\Downloads\FRST64.exe
Deleted : C:\Users\Zlatoper\Downloads\FSS.exe
Deleted : C:\Users\Zlatoper\Downloads\FSS.txt
Deleted : C:\Users\Zlatoper\Downloads\JRT (1).exe
Deleted : C:\Users\Zlatoper\Downloads\JRT.exe
Deleted : C:\Users\Zlatoper\Downloads\OTL.Txt
Deleted : C:\Users\Zlatoper\Downloads\OTL.exe
Deleted : C:\Users\Zlatoper\Downloads\rkill.com
Deleted : C:\Users\Zlatoper\Downloads\zoek.exe
Deleted : C:\Windows\grep.exe
Deleted : C:\Windows\PEV.exe
Deleted : C:\Windows\NIRCMD.exe
Deleted : C:\Windows\MBR.exe
Deleted : C:\Windows\SED.exe
Deleted : C:\Windows\SWREG.exe
Deleted : C:\Windows\SWSC.exe
Deleted : C:\Windows\SWXCACLS.exe
Deleted : C:\Windows\Zip.exe
Deleted : HKCU\console_combofixbackup
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\Swearware
Deleted : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart
Deleted : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys
Deleted : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart
Deleted : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys
 
~ Resetting system settings ... OK
 
########## - EOF - ##########

  • 0

#28
emeraldnzl
Posted 27 October 2014 - 02:32 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

Good luck. :)


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP