Tv. Time ads and unable to load a virus protection or malware protection

Posted 3/10/2015 7:50 PM
#98300
User avatar

Pjohn2001 Member

Date Joined Nov 2016
Total Posts: 4
hi all

my computer is really sick I seemed to have gotten a virus that was strong enough to delete my virus protection and on top of that I have had tv time ads pop up every where when im on the internet. I am unable to load my virus protection nor will it let me download malware bits protection. The worst part is my computer is making a lot of noise from nothing to screaming loud plus it gets really hot. I really don't want to have to take my computer in but I have a feeling that I might have no choice.
Posted 3/10/2015 11:00 PM
#98301
User avatar

Robert Mateescu Advanced member

Date Joined Nov 2016
Total Posts: 422
Hi Pjohn2001,

Restart your computer in Safe Mode with Networking as shown here.
Download Combofix from this link and run it.
Do not run any programs or open files during the scan, as the tool may delete or damage them. Once the log is shown on your desktop, restart the machine in Normal mode.
Download AdwCleaner from here and run it.

Attach both logs to your next reply.

Best wishes!
Robert Mateescu
Senior Support Technician EN
[url]support@bullguard.com[/url]
www.bullguard.com

Download the Free Trial version of BullGuard Internet Security

You have a BullGuard related problem? Contact our Support team directly via Live Chat for immediate assistance: https://www.bullguard.com/support.aspx!
Posted 3/11/2015 1:01 AM
#98302
User avatar

Pjohn2001 Member

Date Joined Nov 2016
Total Posts: 4
ComboFix 15-03-09.01 - Owner 03/10/2015 20:50:24.2.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4030.1956 [GMT -4:00]
Running from: c:\users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9G86RBL0\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.pol
.
.
((((((((((((((((((((((((( Files Created from 2015-02-11 to 2015-03-11 )))))))))))))))))))))))))))))))
.
.
2015-03-11 00:56 . 2015-03-11 00:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-03-11 00:25 . 2015-01-30 03:55 67408 ----a-w- C:\kbfilter.sys
2015-03-11 00:25 . 2015-01-30 03:55 98 ----a-w- C:\install.bat
2015-03-11 00:25 . 2015-01-30 03:55 81 ----a-w- C:\uninstall.bat
2015-03-11 00:17 . 2015-03-11 00:28 236080 ----a-w- c:\windows\RegBootClean64.exe
2015-03-11 00:16 . 2015-03-11 00:43 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-03-11 00:15 . 2014-11-21 10:14 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-03-11 00:15 . 2014-11-21 10:14 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-03-11 00:15 . 2014-11-21 10:14 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-03-11 00:15 . 2015-03-11 00:15 -------- d-----w- C:\Program Files am
2015-03-11 00:13 . 2015-03-11 00:13 -------- d-----w- c:\users\Owner\AppData\Roaming\Trend Micro
2015-03-11 00:11 . 2015-01-30 03:55 67408 ----a-w- c:\windows\system32\drivers\kbfilter.sys
2015-03-11 00:07 . 2015-03-11 00:39 -------- d-----w- c:\programdata\Trend Micro
2015-03-11 00:07 . 2015-03-11 00:41 -------- d-----w- c:\program files\Trend Micro
2015-03-11 00:00 . 2015-03-11 00:00 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AD01C70E-61CD-4F0A-A508-458995033849}\offreg.dll
2015-03-11 00:00 . 2015-03-11 00:00 -------- d-----w- c:\programdata\Anvisoft
2015-03-11 00:00 . 2015-03-11 00:00 -------- d-----w- c:\program files (x86)\Common Files\Anvisoft
2015-03-10 23:54 . 2015-03-10 23:54 -------- d-----w- c:\users\Owner\AppData\Local\Trend Micro
2015-03-10 23:52 . 2015-03-11 00:42 -------- d-----w- C:\Program File Booster
2015-03-10 23:50 . 2015-03-11 00:12 -------- d-----w- c:\programdata\Trend Micro Installer
2015-03-10 23:50 . 2015-03-10 23:50 -------- d-----w- c:\program files (x86)\Anvisoft
2015-03-10 20:59 . 2015-01-29 09:07 11910896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AD01C70E-61CD-4F0A-A508-458995033849}\mpengine.dll
2015-03-10 20:37 . 2015-03-11 00:23 -------- d-----w- c:\program files (x86)\Common Files\McAfee
2015-03-10 20:37 . 2015-03-11 00:23 -------- d-----w- c:\program files\Common Files\McAfee
2015-03-10 20:37 . 2015-03-11 00:37 -------- d-----w- c:\programdata\McAfee
2015-03-10 20:35 . 2015-03-10 20:35 -------- d-----w- c:\program files (x86)\_x_CInstB+TEST_x_3
2015-03-10 20:32 . 2015-03-10 20:32 -------- d-----w- c:\program files (x86)\McAfee
2015-03-10 20:30 . 2015-03-11 00:42 -------- d-----w- c:\windows\system32\wbem\repository
2015-03-10 20:27 . 2015-03-10 20:27 -------- d-----w- C:\mfe
2015-03-10 20:25 . 2015-03-10 20:25 -------- d-----w- c:\program files (x86)\_x_CInstB+TEST_x_2
2015-03-10 20:20 . 2015-03-10 20:20 -------- d-----w- c:\program files (x86)\_x_CInstB+TEST_x_1
2015-03-10 20:17 . 2015-03-10 20:17 -------- d-s---w- c:\windows\SysWow64\Microsoft
2015-03-10 20:13 . 2015-03-10 20:13 -------- d-----w- c:\programdata\Citrix
2015-03-10 20:11 . 2015-03-10 20:11 -------- d-----w- c:\program files (x86)\_x_CInstB+TEST_x_0
2015-03-10 19:11 . 2015-03-10 19:11 -------- d-----w- c:\users\Owner\AppData\Roaming\Virus Scan
2015-02-12 15:46 . 2015-01-23 04:41 6041600 ----a-w- c:\windows\system32\jscript9.dll
2015-02-12 15:46 . 2015-01-23 03:43 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2015-02-12 15:46 . 2015-01-23 03:17 4300800 ----a-w- c:\windows\SysWow64\jscript9.dll
2015-02-12 15:46 . 2015-01-23 04:42 814080 ----a-w- c:\windows\system32\jscript9diag.dll
2015-02-11 02:43 . 2015-01-13 03:10 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2015-02-11 02:42 . 2014-12-08 03:09 406528 ----a-w- c:\windows\system32\scesrv.dll
2015-02-11 02:42 . 2014-12-08 02:46 308224 ----a-w- c:\windows\SysWow64\scesrv.dll
2015-02-11 02:42 . 2015-01-14 06:09 5554112 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-02-11 02:42 . 2015-01-14 05:44 3972544 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2015-02-11 02:42 . 2015-01-14 05:44 3917760 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2015-02-11 02:42 . 2015-01-14 06:05 503808 ----a-w- c:\windows\system32\srcore.dll
2015-02-11 02:42 . 2015-01-14 06:05 50176 ----a-w- c:\windows\system32\srclient.dll
2015-02-11 02:42 . 2015-01-14 06:04 296960 ----a-w- c:\windows\system32\rstrui.exe
2015-02-11 02:42 . 2015-01-14 05:41 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2015-02-11 02:42 . 2015-01-09 02:03 3201536 ----a-w- c:\windows\system32\win32k.sys
2015-02-10 18:28 . 2015-01-09 03:14 91136 ----a-w- c:\windows\system32\wdi.dll
2015-02-10 18:28 . 2015-01-09 03:14 950272 ----a-w- c:\windows\system32\perftrack.dll
2015-02-10 18:28 . 2015-01-09 03:14 29696 ----a-w- c:\windows\system32\powertracker.dll
2015-02-10 18:28 . 2015-01-09 02:48 76800 ----a-w- c:\windows\SysWow64\wdi.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-24 08:17 . 2012-05-25 18:57 295552 ------w- c:\windows\system32\MpSigStub.exe
2015-02-11 15:36 . 2012-05-25 19:26 116773704 ----a-w- c:\windows\system32\MRT.exe
2015-02-05 04:22 . 2014-12-20 03:26 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-02-05 04:22 . 2014-12-20 03:26 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-12-19 03:06 . 2015-01-13 20:01 210432 ----a-w- c:\windows\system32\profsvc.dll
2014-12-19 01:46 . 2015-01-13 20:01 141312 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2014-12-11 17:47 . 2015-01-13 20:01 52736 ----a-w- c:\windows\system32\TSWbPrxy.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-11-20 59720]
"CloudSystemBooster"="c:\program file booster\CloudSystemBooster.exe" [2014-08-20 527544]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-10-11 60712]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2011-02-03 19:09 75360 ----a-w- c:\windows\System32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 hpHotkeyMonitor;hpHotkeyMonitor;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [x]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [x]
R2 mfemms;McAfee Service Controller;c:\program files\Common Files\McAfee\SystemCore\\mfemms.exe;c:\program files\Common Files\McAfee\SystemCore\\mfemms.exe [x]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
R2 Update NetCrawl;Update NetCrawl;c:\program files (x86)\NetCrawl\updateNetCrawl.exe;c:\program files (x86)\NetCrawl\updateNetCrawl.exe [x]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv64.sys;c:\windows\SYSNATIVE\DRIVERS\DAMDrv64.sys [x]
R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\SysWOW64\flcdlock.exe;c:\windows\SysWOW64\flcdlock.exe [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 HP ProtectTools Service;HP ProtectTools Service;c:\program files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe;c:\program files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 kbfilter;kbfilter;c:\windows\system32\DRIVERS\kbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\kbfilter.sys [x]
R3 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]
R3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys;c:\windows\SYSNATIVE\Drivers\mvusbews.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
S0 mfeaack;McAfee Inc. mfeaack;c:\windows\\SystemRoot\system32\drivers\mfeaack.sys;c:\windows\\SystemRoot\system32\drivers\mfeaack.sys [x]
S0 MfeEpePc;MfeEpePc; [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 AnviCsbSvc;Anvi Cloud System Booster Speed Service;c:\program file booster\CSBSvc.exe;c:\program file booster\CSBSvc.exe [x]
S2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [x]
S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe;c:\program files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [x]
S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe;c:\windows\SYSNATIVE\HPSIsvc.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files am\mbamscheduler.exe;c:\program files am\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files am\mbamservice.exe;c:\program files am\mbamservice.exe [x]
S2 McAfee Endpoint Encryption Agent;McAfee Endpoint Encryption Agent;c:\program files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe;c:\program files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [x]
S2 PdiService;Portrait Displays SDK Service;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [x]
S2 uArcCapture;ArcCapture;c:\windows\SysWow64\ArcVCapRender\uArcCapture.exe;c:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [x]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe;c:\windows\SYSNATIVE\vcsFPService.exe [x]
S3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver;c:\windows\system32\DRIVERS\ArcSoftVCapture.sys;c:\windows\SYSNATIVE\DRIVERS\ArcSoftVCapture.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x]
S3 SPUVCbv;SPUVCb Driver Service;c:\windows\system32\Drivers\SPUVCbv_x64.sys;c:\windows\SYSNATIVE\Drivers\SPUVCbv_x64.sys [x]
S4 mfedisk;McAfee AAC Disk Filter Driver;c:\windows\system32\DRIVERS\mfedisk.sys;c:\windows\SYSNATIVE\DRIVERS\mfedisk.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
.
Contents of the 'Scheduled Tasks' folder
.
2015-03-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-20 04:22]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"HPPowerAssistant"="c:\program files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe" [2011-01-26 13880]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.com/
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.0.1
DPF: {FB54FA27-96CF-4C62-80DC-DA7616EBD326} - hxxp://downloads.bullguard.com/VirusScan/bgvax.cab
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
BHO-{E42F7AE2-7337-9526-7502-B139C6836B3C} - (no file)
Toolbar-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
WebBrowser-{063AB0B1-D102-4640-8E2D-A4D37C6141BB} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\System32\Macromed\SHOCKW~1\UNWISE.EXE
AddRemove-InstallShield_{ADC70B7A-530B-46E3-8384-48D22681A41E} - c:\program files (x86)\InstallShield Installation Information\{ADC70B7A-530B-46E3-8384-48D22681A41E}\setup.exe
AddRemove-Shockwave - c:\windows\System32\Macromed\SHOCKW~2\UNWISE.EXE
AddRemove-Sunplus SPUVCb - c:\program files (x86)\HP HD Webcam [Fixed]\uninstall.exe
AddRemove-{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F} - c:\program files (x86)\InstallShield Installation Information\{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}\setup.exe
AddRemove-{5F189DF5-2D05-472B-9091-84D9848AE48B}{64af91bf} - c:\progra~3\FASTAN~1\FASTAN~1.DLL
AddRemove-{9D3D8C60-A55F-4123-B2B9-173F09590E16} - c:\program files (x86)\InstallShield Installation Information\{9D3D8C60-A55F-4123-B2B9-173F09590E16}\Install.exe
AddRemove-{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001} - c:\program files (x86)\InstallShield Installation Information\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}\setup.exe
AddRemove-{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F} - c:\program files (x86)\InstallShield Installation Information\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="BrowserHTM"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="BrowserHTM"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="BrowserHTM"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="BrowserHTM"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="BrowserHTM"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.16"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\06\06\10\01\1a\12?"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-03-10 20:58:51
ComboFix-quarantined-files.txt 2015-03-11 00:58
ComboFix2.txt 2015-03-10 18:36
.
Pre-Run: 130,653,036,544 bytes free
Post-Run: 130,432,040,960 bytes free
.
- - End Of File - - 2A48A2AE13A34E4620C2CEEEF0EF0D09
Posted 3/12/2015 4:56 PM
#98305
User avatar

Robert Mateescu Advanced member

Date Joined Nov 2016
Total Posts: 422
Hi Pjohn2001,


Can you also post the AdwCleaner log and provide me with an update regarding your issue?

Thanks!
Robert Mateescu
Senior Support Technician EN
[url]support@bullguard.com[/url]
www.bullguard.com

Download the Free Trial version of BullGuard Internet Security

You have a BullGuard related problem? Contact our Support team directly via Live Chat for immediate assistance: https://www.bullguard.com/support.aspx!
Posted 3/13/2015 6:28 PM
#98310
User avatar

Pjohn2001 Member

Date Joined Nov 2016
Total Posts: 4
# AdwCleaner v4.112 - Logfile created 13/03/2015 at 14:24:20
# Updated 09/03/2015 by Xplode
# Database : 2015-03-05.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : Owner - OWNER-PC
# Running from : C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NASCLWQ8\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\Browser
Folder Deleted : C:\ProgramData\eSafe
Folder Deleted : C:\ProgramData\Trusted Publisher
Folder Deleted : C:\ProgramData\coupOonpeeak
Folder Deleted : C:\ProgramData\couuPOnPieaki
Folder Deleted : C:\ProgramData\DEEalsFindderuPro
Folder Deleted : C:\ProgramData\PoroShopper
Folder Deleted : C:\ProgramData\saver box
Folder Deleted : C:\ProgramData\SaverPro
Folder Deleted : C:\ProgramData\WowwCoupona
Folder Deleted : C:\ProgramData\c68c55f2a9998880
[#] Folder Deleted : C:\Program Files (x86)\Optimizer Pro
[#] Folder Deleted : C:\Program Files (x86)\PC Speed Maximizer
[#] Folder Deleted : C:\Program Files (x86)\pc speed up
[#] Folder Deleted : C:\Program Files (x86)\SaveAs
[#] Folder Deleted : C:\Program Files (x86)\SiteLookup
[#] Folder Deleted : C:\Program Files (x86)\SmarterPower
[#] Folder Deleted : C:\Program Files (x86)\WebSearch
[#] Folder Deleted : C:\Program Files (x86)\RCP
[#] Folder Deleted : C:\Program Files (x86)\Search Extensions
[#] Folder Deleted : C:\Program Files (x86)\speed browser
[#] Folder Deleted : C:\Program Files (x86)\DeltaFix
[#] Folder Deleted : C:\Program Files (x86)\Desktop Dock
[#] Folder Deleted : C:\Program Files (x86)\coupOonpeeak
[#] Folder Deleted : C:\Program Files (x86)\couuPOnPieaki
[#] Folder Deleted : C:\Program Files (x86)\DEEalsFindderuPro
[#] Folder Deleted : C:\Program Files (x86)\PoroShopper
[#] Folder Deleted : C:\Program Files (x86)\saver box
[#] Folder Deleted : C:\Program Files (x86)\SaverPro
[#] Folder Deleted : C:\Program Files (x86)\WowwCoupona
[#] Folder Deleted : C:\Program Files (x86)\PPruoShoPper
[#] Folder Deleted : C:\Program Files (x86)\surfKKeeopiiT
Folder Deleted : C:\Program Files (x86)\Common Files\337
Folder Deleted : C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Systweak
Folder Deleted : C:\Program Files\003
Folder Deleted : C:\Program Files\004
Folder Deleted : C:\Program Files\Uninstaller
Folder Deleted : C:\Program Files\PPruoShoPper
Folder Deleted : C:\Program Files\surfKKeeopiiT
Folder Deleted : C:\Users\Owner\AppData\Local\Conduit
Folder Deleted : C:\Users\Owner\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\Owner\AppData\Local\speed browser
Folder Deleted : C:\Users\Owner\AppData\Roaming\Systweak
Folder Deleted : C:\Users\Owner\AppData\Roaming\YourFileDownloader
Folder Deleted : C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Desktop Dock
Folder Deleted : C:\Users\Owner\Documents\Optimizer Pro
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Users\Owner\AppData\Roaming\aps.uninstall.scan.results
File Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ovo39sgg.default-1404420513858\searchplugins\bingp.xml

***** [ Scheduled tasks ] *****

Task Deleted : Desk 365 RunAsStdUser
Task Deleted : YourFile DownloaderUpdate
Task Deleted : StormFall TW1
Task Deleted : StormFall TW2
Task Deleted : StormFall W2
Task Deleted : StormFall W1

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_156f8a5f
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_4e24eecb
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3294791
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{14F35FFC-522A-4DD1-A07E-6B8B65C6891E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{230332DF-D235-47EE-BC42-60860EF144CD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CC865B26-C31D-4D23-B17B-96548EEF03F6}
Key Deleted : HKCU\Software\AnyProtect
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Headlight
Key Deleted : HKCU\Software\InstalledThirdPartyPrograms
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\YourFileDownloader
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainer
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Desksvc
Key Deleted : HKLM\SOFTWARE\hdcode
Key Deleted : HKLM\SOFTWARE\SP Global
Key Deleted : HKLM\SOFTWARE\systweak
Key Deleted : HKLM\SOFTWARE\V9
Key Deleted : HKLM\SOFTWARE\YourFileDownloader
Key Deleted : HKLM\SOFTWARE\GS_Booster
Key Deleted : HKLM\SOFTWARE\SpeedBrowser
Key Deleted : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{779D1843-0043-65D2-D781-8614F17B6222}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C60D3D4E-3B20-5AB3-7F2C-9C946AD4080F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{594FD08C-0622-F9B8-CB02-7C1355D33CB8}
Key Deleted : [x64] HKLM\SOFTWARE\InstalledThirdPartyPrograms
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17689


-\\ Mozilla Firefox v30.0 (en-US)


-\\ Google Chrome v


*************************

AdwCleaner[R0].txt - [8636 bytes] - [13/03/2015 14:14:39]
AdwCleaner[R1].txt - [8695 bytes] - [13/03/2015 14:20:11]
AdwCleaner[S0].txt - [7500 bytes] - [13/03/2015 14:24:20]
Posted 3/13/2015 6:29 PM
#98311
User avatar

Pjohn2001 Member

Date Joined Nov 2016
Total Posts: 4
computer still makes a little bit of noise when loading up web pages but not too bad I feel it still has a virus on it somewhere
Posted 3/13/2015 11:06 PM
#98313
User avatar

Robert Mateescu Advanced member

Date Joined Nov 2016
Total Posts: 422
Hi Pjohn2001,


Try downloading MalwareBytes now and run a scan with it.
What browser(s) are you using?
Regarding the overheat, this can be caused by both dust and intense CPU usage. This also forces the machine coolers to run faster, thus generating noise.
You can use RealTemp to monitor system's temperature. If it is high even when the PC is idle, you need to remove the dust accumulated inside the machine.

Cheers!
Robert Mateescu
Senior Support Technician EN
[url]support@bullguard.com[/url]
www.bullguard.com

Download the Free Trial version of BullGuard Internet Security

You have a BullGuard related problem? Contact our Support team directly via Live Chat for immediate assistance: https://www.bullguard.com/support.aspx!
  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Thursday, September 24, 2020, 7:02 AM (GMT +2)
There are a total of 61,828 posts in 13,648 threads.
In the last 3 days there were 0 new threads and 0 reply posts.

Who's online

This forum has 38,580 registered members. Please welcome our newest member, CJT1963.
There are currently no users on-line.
×

Just a minute

Privacy has never been so important.

Nearly 50% of online users are now using a VPN to protect their privacy.

Find out why

…and if it grabs you bag yourself a VPN bargain.

We use cookies to ensure that we give you the best experience on our website. By continuing to browse, we are assuming that you have no objection in accepting cookies. You can change your cookie settings at any time.