[Inactive] Am I infected with something

Printable View

Show 40 post(s) from this thread on one page

June 21st, 2014, 07:38 PM
imadreamer2

[Inactive] Am I infected with something

I have been getting a pop up that says my computer is not operating properly. It seems ok but I ran a speed test and I am not running as fast as normal so I emptied the recyle bin, ran TFC, and JRT. I also ran Malwarebytes, and AdwCleaner. Here are the various logs.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Imadreamer 2 on Sat 06/21/2014 at 18:09:58.95
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~ FireFox

Emptied folder: C:\Users\Imadreamer 2\AppData\Roaming\mozilla\firefox\profiles\pwee8bu0.default-1401830623662\minidumps [3 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 06/21/2014 at 18:16:04.43
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 6/21/2014
Scan Time: 6:02:25 PM
Logfile: malwarebytesscanlog.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.06.21.10
Rootkit Database: v2014.06.20.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Imadreamer 2

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 260606
Time Elapsed: 6 min, 45 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

# AdwCleaner v3.212 - Report created 21/06/2014 at 18:19:32
# Updated 05/06/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Imadreamer 2 - IMADREAMER2-PC
# Running from : C:\Users\Imadreamer 2\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17126

-\\ Mozilla Firefox v30.0 (en-US)

[ File : C:\Users\Imadreamer 2\AppData\Roaming\Mozilla\Firefox\Profiles\pwee8bu0.default-1401830623662\prefs.js ]

Line Deleted : user_pref("browser.startup.homepage", "hxxps://mail.google.com/mail/u/0/#inbox");

-\\ Google Chrome v

[ File : C:\Users\Imadreamer 2\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R10].txt - [2045 octets] - [09/06/2014 21:52:42]
AdwCleaner[R11].txt - [2171 octets] - [21/06/2014 18:18:41]
AdwCleaner[R1].txt - [1560 octets] - [06/03/2014 21:36:01]
AdwCleaner[R2].txt - [4240 octets] - [10/03/2014 14:14:07]
AdwCleaner[R3].txt - [1194 octets] - [05/04/2014 09:19:06]
AdwCleaner[R4].txt - [1321 octets] - [07/04/2014 21:26:14]
AdwCleaner[R5].txt - [2052 octets] - [26/05/2014 14:48:07]
AdwCleaner[R6].txt - [1677 octets] - [02/06/2014 04:09:01]
AdwCleaner[R7].txt - [1737 octets] - [02/06/2014 04:09:27]
AdwCleaner[R8].txt - [1876 octets] - [07/06/2014 17:15:06]
AdwCleaner[R9].txt - [1895 octets] - [07/06/2014 17:22:00]
AdwCleaner[S0].txt - [1860 octets] - [18/02/2014 07:22:02]
AdwCleaner[S1].txt - [1522 octets] - [06/03/2014 21:36:50]
AdwCleaner[S2].txt - [4037 octets] - [10/03/2014 14:14:50]
AdwCleaner[S3].txt - [1258 octets] - [05/04/2014 09:19:36]
AdwCleaner[S4].txt - [1385 octets] - [07/04/2014 21:26:46]
AdwCleaner[S5].txt - [2072 octets] - [26/05/2014 14:48:41]
AdwCleaner[S6].txt - [1800 octets] - [02/06/2014 04:09:46]
AdwCleaner[S7].txt - [1939 octets] - [07/06/2014 17:15:47]
AdwCleaner[S8].txt - [2108 octets] - [09/06/2014 21:53:15]
AdwCleaner[S9].txt - [2094 octets] - [21/06/2014 18:19:32]

########## EOF - C:\AdwCleaner\AdwCleaner[S9].txt - [2154 octets] ##########

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17126
Run by Imadreamer 2 at 18:28:38 on 2014-06-21
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5330.3392 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\StikyNot.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
mWinlogon: Userinit = userinit.exe,
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Google Update] "C:\Users\Imadreamer 2\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
TCP: NameServer = 97.64.183.164 97.64.209.37 192.168.1.1
TCP: Interfaces\{F05EB2CB-9A36-4D5A-8E89-BE8EFBD0165F} : DHCPNameServer = 97.64.183.164 97.64.209.37 192.168.1.1
SSODL: WebCheck - <orphaned>
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Imadreamer 2\AppData\Roaming\Mozilla\Firefox\Profiles\pwee8bu0.default-1401830623662\
FF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/u/0/?pli=1#inbox
FF - plugin: C:\Users\Imadreamer 2\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: C:\Users\Imadreamer 2\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Imadreamer 2\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2014-2-8 82048]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2014-2-8 42624]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-1-25 268512]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-5-4 235520]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-5-4 361984]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-6-21 1809720]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-6-21 860472]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-9-27 133928]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2014-2-8 46136]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2014-2-8 95760]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-3-14 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-6-21 122584]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-6-21 63704]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2014-2-8 849992]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2014-2-8 56448]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-6-10 111616]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-2-8 1255736]
.
=============== File Associations ===============
.
FileExt: .js: JSFile="C:\Program Files (x86)\Macromedia\Dreamweaver 4\Dreamweaver.exe" "%1"
.
=============== Created Last 30 ================
.
2014-06-21 23:02:00 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-06-21 23:01:23 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-06-21 23:01:23 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-06-21 23:01:23 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-21 10:30:01 10779000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{85868BDB-3DB0-456A-A678-7B5BD6C376FF}\mpengine.dll
2014-06-20 10:29:39 10779000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-06-14 03:12:31 1031560 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{44F66860-7EB2-416E-87A3-C4B390D999FC}\gapaengine.dll
2014-06-10 18:30:42 801280 ----a-w- C:\Windows\System32\usp10.dll
2014-06-10 18:29:50 506368 ----a-w- C:\Windows\System32\aepdu.dll
2014-06-10 18:29:49 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-06-08 03:50:08 -------- d-----w- C:\Dean
2014-06-07 22:11:32 -------- d-----w- C:\Users\Imadreamer 2\AppData\Roaming\LavasoftStatistics
2014-06-07 22:10:59 -------- d-----w- C:\Program Files\Common Files\Lavasoft
2014-06-07 21:51:40 -------- d-----w- C:\Windows\ERUNT
2014-05-26 19:48:21 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll
.
==================== Find3M ====================
.
2014-05-30 10:02:37 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-05-30 10:02:09 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-05-30 09:39:43 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-05-30 09:39:23 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-05-30 09:38:29 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-05-30 09:21:23 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-05-30 09:21:05 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-05-30 09:20:36 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-05-30 09:11:24 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-05-30 09:08:22 5782528 ----a-w- C:\Windows\System32\jscript9.dll
2014-05-30 09:02:39 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-05-30 08:55:36 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-05-30 08:44:28 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-05-30 08:43:06 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-05-30 08:42:16 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-05-30 08:28:33 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-05-30 08:27:56 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-05-30 08:24:19 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-05-30 08:23:22 2040832 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-05-30 08:10:46 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-05-30 07:56:56 2266112 ----a-w- C:\Windows\System32\wininet.dll
2014-05-30 07:56:50 4244992 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-05-30 07:50:09 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-05-30 07:49:38 1964544 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-05-30 07:21:10 1790976 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-05-15 17:17:18 70832 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-15 17:17:18 692400 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-05-12 12:25:56 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-04-25 02:06:17 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
2014-04-12 02:22:05 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2014-04-12 02:22:05 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-04-12 02:19:38 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2014-04-12 02:19:38 136192 ----a-w- C:\Windows\System32\sspicli.dll
2014-04-12 02:19:37 28160 ----a-w- C:\Windows\System32\secur32.dll
2014-04-12 02:19:32 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-04-12 02:19:05 31232 ----a-w- C:\Windows\System32\lsass.exe
2014-04-12 02:12:06 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-04-12 02:10:56 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-04-05 02:47:20 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2014-04-05 02:47:09 288192 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2014-03-26 14:44:48 2002432 ----a-w- C:\Windows\System32\msxml6.dll
2014-03-26 14:44:48 1882112 ----a-w- C:\Windows\System32\msxml3.dll
2014-03-26 14:41:39 2048 ----a-w- C:\Windows\System32\msxml6r.dll
2014-03-26 14:41:39 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2014-03-26 14:27:50 1389056 ----a-w- C:\Windows\SysWow64\msxml6.dll
2014-03-26 14:27:50 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
2014-03-26 14:25:14 2048 ----a-w- C:\Windows\SysWow64\msxml6r.dll
2014-03-26 14:25:14 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
.
============= FINISH: 18:29:04.33 ===============
June 21st, 2014, 09:36 PM
Broni
Please, observe following rules:
- Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
- If you're stuck, or you're not sure about certain step, always ask before doing anything else.
- Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
- Never run more than one scan at a time.
- Keep updating me regarding your computer behavior, good, or bad.
- The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
- If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
- I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
=================================

I still need Attach.txt log from DDS.

What are the numbers from SpeedTest site and what numbers do you expect?
June 21st, 2014, 09:48 PM
imadreamer2

22.83 mbps but they have been as high as 64.34 and most of the time 41 or 42 mbps.

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume4
Install Date: 2/8/2014 7:13:21 AM
System Uptime: 6/21/2014 6:20:06 PM (0 hours ago)
.
Motherboard: MSI | | FM2-A55M-E33 (MS-7721)
Processor: AMD A4-5300 APU with Radeon(tm) HD Graphics | P0 | 3400/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 912 GiB total, 808.72 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 140 GiB total, 57.967 GiB free.
F: is FIXED (NTFS) - 140 GiB total, 40.378 GiB free.
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP50: 5/25/2014 1:43:25 AM - Windows Update
RP51: 5/28/2014 3:00:26 PM - Windows Update
RP52: 6/1/2014 1:35:52 AM - Windows Update
RP53: 6/4/2014 4:21:00 AM - Windows Update
RP54: 6/7/2014 5:10:14 PM - AA11
RP55: 6/8/2014 1:40:09 AM - Windows Update
RP56: 6/11/2014 10:11:29 PM - Windows Update
RP57: 6/15/2014 2:27:49 AM - Windows Update
RP58: 6/15/2014 5:00:11 AM - Windows Update
RP59: 6/18/2014 5:29:49 AM - Windows Update
.
==== Installed Programs ======================
.
Adobe Flash Player 13 ActiveX
Adobe Flash Player 13 Plugin
Aff Packages
Amazon Kindle
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Fuel
AMD VISION Engine Control Center
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
FastStone Image Viewer 3.9
Foxit Reader
Free M4a to MP3 Converter 8.1
Google Talk Plugin
Macromedia Dreamweaver 4
Macromedia Extension Manager
Malwarebytes' Anti-Malware
Malwarebytes Anti-Malware version 2.0.2.1012
Microsoft .NET Framework 4.5.1
Microsoft Office 2000 Premium
Microsoft Security Client
Microsoft Security Essentials
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Mozilla Firefox 30.0 (x86 en-US)
Mozilla Maintenance Service
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
.
==== Event Viewer Messages From Past Week ========
.
6/21/2014 6:16:50 PM, Error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s).
.
==== End Of File ===========================
June 21st, 2014, 09:54 PM
Broni

If you're paying for more than 20Mbps I'd start with calling your ISP.
June 21st, 2014, 10:03 PM
imadreamer2

I did call them and they said it could be the weather, rainy and cloudy , but more than likely they said I was probably infected with something and wanted me to run their secuirty package which I don't trust. So I came to who I do trust you.
June 21st, 2014, 10:20 PM
Broni

So far your scans don't show much.
What type of service do you have which depends on weather?
June 22nd, 2014, 01:08 AM
imadreamer2

It is cable and it usually doesn't depend on weather unless of course I get struck by lightning like I did a year ago. But they like to use that excuse a lot and that it is the computer. I still keep getting the Mozilla popup that says My PC performance is poor and has a button to push that says fix now. I refuse to click it but the popup still drives me crazy. Even though it does say Microsoft Certified.
June 22nd, 2014, 02:51 AM
imadreamer2

I copied the address in the address bar of the popup and this is it http://www.systweak.com/registryclea...jczKAEwkNyZnQU. I guess I won't worry about it. Just close the message out.
June 22nd, 2014, 11:47 AM
Broni
Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
- Never rename Combofix unless instructed.
- Close any open browsers.
- Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  If the connection is not there use restore point you created prior to running Combofix.
- Double click on combofix.exe & follow the prompts.
- NOTE1. If Combofix asks you to install Recovery Console, please allow it.
  NOTE 2. If Combofix asks you to update the program, always do so.
- When finished, it will produce a report for you.
- Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode
- Double-click on the Rkill desktop icon to run the tool.
- If using Vista or Windows 7 right-click on it and choose Run As Administrator.
- A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
- If not, delete the file, then download and use the one provided in Link 2.
- Do not reboot until instructed.
- If the tool does not run from any of the links provided, please let me know.
When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
June 22nd, 2014, 02:33 PM
imadreamer2

ComboFix 14-06-21.02 - Imadreamer 2 06/22/2014 13:22:30.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5330.3740 [GMT -5:00]
Running from: c:\users\Imadreamer 2\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2014-05-22 to 2014-06-22 )))))))))))))))))))))))))))))))
.
.
2014-06-22 18:25 . 2014-06-22 18:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-06-22 07:16 . 2014-06-22 07:16 75888 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0B856A27-EB75-42D0-B9CE-826B6A98D1A7}\offreg.dll
2014-06-22 07:12 . 2014-06-05 10:54 10779000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0B856A27-EB75-42D0-B9CE-826B6A98D1A7}\mpengine.dll
2014-06-21 23:02 . 2014-06-22 12:24 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-06-21 23:01 . 2014-06-21 23:01 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-06-21 23:01 . 2014-05-12 12:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-06-21 23:01 . 2014-05-12 12:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-06-21 10:30 . 2014-06-05 10:54 10779000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-06-14 03:12 . 2014-05-02 01:43 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{44F66860-7EB2-416E-87A3-C4B390D999FC}\gapaengine.dll
2014-06-10 18:29 . 2014-06-08 09:13 506368 ----a-w- c:\windows\system32\aepdu.dll
2014-06-10 18:29 . 2014-06-08 09:08 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-06-08 03:50 . 2014-06-19 17:28 -------- d-----w- C:\Dean
2014-06-07 22:11 . 2014-06-07 22:11 -------- d-----w- c:\users\Imadreamer 2\AppData\Roaming\LavasoftStatistics
2014-06-07 22:10 . 2014-06-07 22:10 -------- d-----w- c:\program files\Common Files\Lavasoft
2014-06-07 22:10 . 2014-06-07 22:10 -------- d-----w- c:\programdata\Lavasoft
2014-06-07 21:51 . 2014-06-07 21:51 -------- d-----w- c:\windows\ERUNT
2014-05-26 19:48 . 2010-08-30 13:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-15 10:02 . 2014-02-08 05:19 95414520 ----a-w- c:\windows\system32\MRT.exe
2014-05-15 17:17 . 2014-02-08 07:26 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-15 17:17 . 2014-02-08 07:26 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-05-12 12:25 . 2014-03-14 16:03 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-05-02 01:43 . 2014-02-19 12:35 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-04-12 02:22 . 2014-05-14 21:34 155072 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-04-12 02:22 . 2014-05-14 21:34 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2014-04-12 02:19 . 2014-05-14 21:34 136192 ----a-w- c:\windows\system32\sspicli.dll
2014-04-12 02:19 . 2014-05-14 21:34 29184 ----a-w- c:\windows\system32\sspisrv.dll
2014-04-12 02:19 . 2014-05-14 21:34 28160 ----a-w- c:\windows\system32\secur32.dll
2014-04-12 02:19 . 2014-05-14 21:34 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-04-12 02:19 . 2014-05-14 21:34 31232 ----a-w- c:\windows\system32\lsass.exe
2014-04-12 02:12 . 2014-05-14 21:34 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-04-12 02:10 . 2014-05-14 21:34 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-03-25 02:43 . 2014-05-14 21:34 14175744 ----a-w- c:\windows\system32\shell32.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-05-04 630912]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office\OSA9.EXE -b -l [1999-2-17 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MSICDSetup;MSICDSetup;d:\cdriver64.sys;d:\CDriver64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 NTIOLib_1_0_C;NTIOLib_1_0_C;d:\ntiolib_x64.sys;d:\NTIOLib_X64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
.
Contents of the 'Scheduled Tasks' folder
.
2014-06-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-08 17:17]
.
2014-06-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-478529873-2400661344-62306198-1000Core.job
- c:\users\Imadreamer 2\AppData\Local\Google\Update\GoogleUpdate.exe [2014-02-25 15:00]
.
2014-06-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-478529873-2400661344-62306198-1000UA.job
- c:\users\Imadreamer 2\AppData\Local\Google\Update\GoogleUpdate.exe [2014-02-25 15:00]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2013-06-27 7191768]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 97.64.183.164 97.64.209.37 192.168.1.1
FF - ProfilePath - c:\users\Imadreamer 2\AppData\Roaming\Mozilla\Firefox\Profiles\pwee8bu0.default-1401830623662\
FF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/u/0/?pli=1#inbox
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-Aff Packages - c:\users\Imadreamer 2\AppData\Roaming\1H1Q\Aff Packages\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.13"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-06-22 13:27:16
ComboFix-quarantined-files.txt 2014-06-22 18:27
.
Pre-Run: 867,877,384,192 bytes free
Post-Run: 867,719,016,448 bytes free
.
- - End Of File - - 82EA0A3352577B7444332574F6ABED76
8F558EB6672622401DA993E1E865C861
June 22nd, 2014, 03:57 PM
Broni

All looks clean to me.

In this forum, we make sure, your computer is free of malware and your computer is clean :)
Because the access to malware forum is very limited, your best option is to create new topic about your current issue, at Windows section.
You'll get more attention.
June 22nd, 2014, 05:10 PM
imadreamer2

Ok, as long as I have no malware I can live with the pop up by just closing it. I see it is more for a reg cleaner and I didn't think it was recommended to use Reg cleaners with win 7. And as far as the speed goes of d/l it still is plenty fast. And despite everything it fluctuates anyway. Thank you for your expertise. I run TFC, JRT, AdwCleaner, and Malwarebyts regularly anyway. I have even got a system image backup from when we first finished rebuilding it after the lightning strike using whatever in the Emachine was not damaged by the lightning. This is the first time I was able to do an image back up of the entire system. For some reason it never worked when I tried doing it with my xp computer which finally did completely die. It ran good with your help for over 10 years. I think you and Train are the only ones I really trust as far as my computer goes. Renevator at the old Lurkhere is good too. It is thundering a lightning off in the distance after a major rain storm so as the lightning gets closer I will probably shut down and unplug everything pulling the plugs as far from the wall outlet as possible. But right now it is quite a ways out. The strike that got me last summer looked like it hit right in the front yard and probably the flag pole drew it in. Anyway again thanks for your eyes and expertise.
June 22nd, 2014, 05:44 PM
Broni

In which browser you're getting that popup?
June 22nd, 2014, 06:21 PM
imadreamer2

Firefox
June 22nd, 2014, 07:00 PM
Broni

Reset Firefox: https://support.mozilla.org/en-US/kb...-most-problems

If that doesn't help...

Uninstall Firefox completely using this manual: http://kb.mozillazine.org/Uninstalling_Firefox
NOTE. Use MozBackup: http://mozbackup.jasnapaka.com/ to backup your bookmarks and passwords. Do NOT backup anything else.
Install fresh copy.

Show 40 post(s) from this thread on one page