This topic is lockedHi Brian,
Sorry for the late reply. I have done the step above but will wait couple of hours before commenting on system performance.
Also, this morning; the pop up appeared again after so many days.
#62
Posted 07 June 2015 - 01:53 AM
micalparkz
- Topic Starter
-
- Member
-
- 128 posts
Member
Hi Brian,
I am back to normal startup as under Diagnostic start up my internet wouldn't connect and microsoft excel stopped working too.
#63
Posted 07 June 2015 - 07:01 AM
BrianDrab
-
- Malware Removal
-
- 3,591 posts
Trusted Helper
Please do the following.
Step#1 - Combofix
1. Download ComboFix from one of the following locations and save it to your Desktop Link 1 or Link 2
**Note: It is important that it is saved directly to your desktop**
2. Close any open browsers.
* IMPORTANT - Disable your AntiVirus and any AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
If you have difficulty properly disabling your protective programs, refer to this link here.
3. Double click combofix.exe and follow the prompts.
4. Accept the disclaimer and allow to update if it asks
5. When finished, it shall produce a log for you.
6. Please include the C:\Combofix.txt in your next reply.
Notes:
*Do not mouseclick combofix's window while its running. That may cause it to stall.
*Do not "re-run" Combofix If you have a problem, reply back for further instructions.
* If you recieve an error "Illegal operation attempted on a registry key that has been marked for deletion". Please restart the computer. That will cure it.
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running Combofix on your own.
This tool is not a toy and not for everyday use. Combofix Should Not be used unless requested by a forum helper
#64
Posted 08 June 2015 - 02:12 AM
micalparkz
- Topic Starter
-
- Member
-
- 128 posts
Member
ComboFix 15-05-31.01 - Muneeb Khan Lodhi 08/06/2015 17:27:41.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3561.2171 [GMT 10:00]
Running from: c:\users\Muneeb Khan Lodhi\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Muneeb Khan Lodhi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchU3.exe.lnk
c:\windows\iun6002.exe
c:\windows\SysWow64\logs
c:\windows\SysWow64\logs\Log.txt
.
.
((((((((((((((((((((((((( Files Created from 2015-05-08 to 2015-06-08 )))))))))))))))))))))))))))))))
.
.
2015-06-06 00:24 . 2015-06-06 00:28 -------- d-----w- c:\users\Muneeb Khan Lodhi\AppData\Roaming\dvdcss
2015-06-05 23:57 . 2015-06-08 02:03 -------- d-----w- c:\users\Muneeb Khan Lodhi\AppData\Roaming\vlc
2015-06-05 23:55 . 2015-06-05 23:55 -------- d-----w- c:\program files (x86)\VideoLAN
2015-06-05 23:47 . 2015-06-06 00:07 -------- d-----w- C:\KMPlayer
2015-05-24 09:57 . 2015-05-24 09:57 -------- d-sh--w- c:\users\Muneeb Khan Lodhi\AppData\Local\EmieUserList
2015-05-24 09:57 . 2015-05-24 09:57 -------- d-sh--w- c:\users\Muneeb Khan Lodhi\AppData\Local\EmieSiteList
2015-05-24 09:57 . 2015-05-24 09:57 -------- d-sh--w- c:\users\Muneeb Khan Lodhi\AppData\Local\EmieBrowserModeList
2015-05-24 05:14 . 2013-10-14 08:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
2015-05-21 13:06 . 2015-05-22 09:15 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-05-21 13:05 . 2015-04-13 23:37 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-05-21 13:05 . 2015-04-13 23:37 107736 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-05-21 13:05 . 2015-04-13 23:37 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-05-21 13:05 . 2015-05-21 13:06 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-05-20 12:35 . 2015-05-20 12:35 -------- d-----w- C:\RegBackup
2015-05-20 11:43 . 2015-05-20 12:25 -------- d-----w- C:\AdwCleaner
2015-05-18 10:36 . 2015-05-26 11:47 -------- d-----w- C:\FRST
2015-05-17 04:39 . 2015-05-17 04:40 -------- d--h--w- c:\windows\AxInstSV
2015-05-09 09:01 . 2015-05-09 09:02 -------- d-----w- c:\program files\CCleaner
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-05-17 04:42 . 2013-01-25 23:05 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-05-17 04:42 . 2011-10-15 06:07 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-05-03 09:33 . 2015-05-03 09:33 43720 ----a-w- c:\windows\system32\drivers\amd_xata.sys
2015-05-03 09:33 . 2015-05-03 09:33 83656 ----a-w- c:\windows\system32\drivers\amd_sata.sys
2015-05-03 09:29 . 2015-05-03 09:29 94720 ----a-w- c:\windows\system32\drivers\AtihdW76.sys
2015-05-03 09:29 . 2015-05-03 09:29 110080 ----a-w- c:\windows\system32\DelayAPO.dll
2015-05-03 09:20 . 2015-05-03 09:20 26528 ----a-w- c:\windows\SysWow64\drivers\HWiNFO64A.SYS
2015-04-18 13:53 . 2015-04-18 14:07 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-04-04 06:25 . 2015-05-01 19:26 12032440 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0B0816B8-4854-4391-A2E5-34B00D518A06}\mpengine.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WordWeb"="c:\program files (x86)\WordWeb\wweb32.exe" [2013-05-16 77056]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2015-04-17 31276160]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2015-05-19 21969480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-08-08 3890208]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2013-05-30 96056]
"googletalk"="c:\program files (x86)\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2011-09-15 61112]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe" [2015-05-01 3498728]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 atillk64;atillk64;c:\program files (x86)\AMD\System Monitor\atillk64.sys;c:\program files (x86)\AMD\System Monitor\atillk64.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 Generalusbserialser20679;Legacy Serial Communication 20679;c:\windows\system32\DRIVERS\CT_U_USBSER.sys;c:\windows\SYSNATIVE\DRIVERS\CT_U_USBSER.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys;c:\windows\SYSNATIVE\DRIVERS\hssdrv6.sys [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe;c:\windows\SYSNATIVE\ezSharedSvcHost.exe [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
S2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;c:\program files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe;c:\program files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 SpotfluxUpdateService;Spotflux Update Service;c:\program files (x86)\Spotflux\services\SpotfluxUpdateService.exe;c:\program files (x86)\Spotflux\services\SpotfluxUpdateService.exe [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x]
S3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
S3 tapSF0901;Spotflux Virtual Network Device Driver;c:\windows\system32\DRIVERS\tapSF0901.sys;c:\windows\SYSNATIVE\DRIVERS\tapSF0901.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-05-26 12:46 986440 ----a-w- c:\program files (x86)\Google\Chrome\Application\43.0.2357.81\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-06-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-25 04:42]
.
2015-06-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-06 13:23]
.
2015-06-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-06 13:23]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-05-20 05:01 290888 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2015-05-19 05:22 774984 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2015-05-19 05:22 774984 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2015-05-19 05:22 774984 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2015-05-19 05:22 774984 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2015-05-19 05:22 774984 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-05-27 1128448]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2014-02-27 558496]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.quranexplorer.com/Quran/?Sura=37&FromVerse=51&ToVerse=182&Reciter=Mishari-Rashid&Translation=Urdu-Jalandhry-Audio&Zoom=6&TajweedRules=1
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
mDefault_Page_URL = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 211.29.132.12 198.142.0.51 198.142.235.14
TCP: Interfaces\{94A4D621-663F-45D3-8D5E-388172431E81}: NameServer = 4.2.2.1,4.2.2.2,44.105.12.1
TCP: Interfaces\{94A4D621-663F-45D3-8D5E-388172431E81}\3556A647F5548545: NameServer = 4.2.2.1,4.2.2.2,44.105.12.1
TCP: Interfaces\{94A4D621-663F-45D3-8D5E-388172431E81}\E45445745414257333: NameServer = 4.2.2.1,4.2.2.2,44.105.12.1
TCP: Interfaces\{C7049B33-2BB1-4367-9574-7E85289B4008}: NameServer = 8.8.8.8
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM_Wow6432Node-ActiveSetup-{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Age of Empires 2.0 - c:\d drive data\Games\Age Of Empires 2 & The Conquerors Expansion - Full Game\\UNINSTAL.EXE
AddRemove-Age of Empires II: The Conquerors Expansion 1.0 - c:\d drive data\Games\Age Of Empires 2 & The Conquerors Expansion - Full Game\\UNINSTALX.EXE
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_188_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_188_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_188_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_188_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_188.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.17"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_188.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_188.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_188.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\SysWOW64\ezSharedSvcHost.exe
c:\program files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
.
**************************************************************************
.
Completion time: 2015-06-08 17:52:06 - machine was rebooted
ComboFix-quarantined-files.txt 2015-06-08 07:52
.
Pre-Run: 186,448,748,544 bytes free
Post-Run: 185,912,729,600 bytes free
.
- - End Of File - - 209B50D5038BA792D6E169914F95DB50
A36C5E4F47E84449FF07ED3517B43A31
#65
Posted 08 June 2015 - 07:58 AM
BrianDrab
-
- Malware Removal
-
- 3,591 posts
Trusted Helper
Very good, thanks.
Please perform a Clean Boot of your system and let me know how your machine and browser act. I'm hoping at this point you don't get a pop-up and that it performs well under a Clean Boot.
Let me know. thanks.
#66
Posted 11 June 2015 - 04:14 AM
micalparkz
- Topic Starter
-
- Member
-
- 128 posts
Member
Hi Brian
Just replying to keep the thread open as per 4 days rule; just a lot busy in weekdays.
I will perform the cleanboot hopefully in next couple of days
Many Thanks
#67
Posted 11 June 2015 - 08:32 AM
BrianDrab
-
- Malware Removal
-
- 3,591 posts
Trusted Helper
Thanks for the update.
#68
Posted 13 June 2015 - 08:12 PM
micalparkz
- Topic Starter
-
- Member
-
- 128 posts
Member
Hi Brian, I can confirm improvement
Though still not ideal but streaming has improved a lot and the screen doesnt jitter much now. Certainly 10 times better than before.
Do I need to do anything further? Can I not run under normal startup? I usually keep skype and dictionary programme on at all time.
Many thanks for your kind support.
#69
Posted 14 June 2015 - 12:46 PM
BrianDrab
-
- Malware Removal
-
- 3,591 posts
Trusted Helper
Good to hear. That's what I suspected. Basically this means that a 3rd part program/service is causing your issues. Now we need to identify which one it is.
A Clean Boot disables any startup programs and non-Microsoft services. So now we need to narrow this down by disabling only half of the non-Microsoft services, etc. Let's start with the following.
Disable Startup Items only
1. Get back to a normal boot (not a Clean boot)
2. Then, this time go into msconfig and select Selective startup.
3. Uncheck Load startup items.
4. Don't do anything within the services tab.
5. Click OK and reboot. See if the symptoms re-appear
Let me know.
#70
Posted 14 June 2015 - 11:19 PM
micalparkz
- Topic Starter
-
- Member
-
- 128 posts
Member
Hi Brian,
When I uncheck load startup items and click apply, it again goes to check position. Even after un-checking and clicking ok, the computer does not give me a restart prompt.
When I went back to msconfig,load startup items was still checked even though I unchecked and closed.
#71
Posted 14 June 2015 - 11:24 PM
micalparkz
- Topic Starter
-
- Member
-
- 128 posts
Member
I restarted and load startup items is still checked.
#72
Posted 15 June 2015 - 07:04 AM
BrianDrab
-
- Malware Removal
-
- 3,591 posts
Trusted Helper
No, problem. Let's get in a normal startup. Let me know if that is successful first.
Normal Startup
1. Go into msconfig and select Normal startup.
2. Click OK and reboot when prompted.
If it's already set to Normal Startup just let me know. Thanks.
#73
Posted 17 June 2015 - 05:29 AM
micalparkz
- Topic Starter
-
- Member
-
- 128 posts
Member
thanks.
ill do over weekend.
replying to keep topic alive 
#74
Posted 20 June 2015 - 08:56 PM
micalparkz
- Topic Starter
-
- Member
-
- 128 posts
Member
Hi Brian
I have done the above and till now computer is relatively ok.
But I know from past experience that it gets worse after couple of hours, I will let you know if it does.
#75
Posted 21 June 2015 - 08:06 AM
BrianDrab
-
- Malware Removal
-
- 3,591 posts
Trusted Helper
I wouldn't expect it to work by going back to a normal boot. I just wanted to start there. If it does, great. If you have issues again please do the following.
Disable Startup Items only
1. Then, this time go into msconfig and select Selective startup.
2. Uncheck Load startup items.
3. Don't do anything within the services tab.
4. Click OK and reboot. See if the symptoms re-appear
Let me know.
Similar Topics
Also tagged with one or more of these keywords: chrome, infected, pop-up, processes, slow, streaming, browising
Answered
![Laptop hangs often [Solved] - last post by DR M](https://www.geekstogo.com/forum/uploads/profile/photo-418842.gif?_r=1578338641)
![Google Chrome keeps getting the default search set to Yahoo [Closed] - last post by Gary R](https://www.geekstogo.com/forum/uploads/profile/photo-thumb-296954.jpg?_r=0)
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
