Persistant problem :(

[Juliet]

Clear Internet Explorer Cache and Cookies

Open Internet Explorer. Click the Settings gear icon in the top right corner.
Click Safety, followed by Delete Browsing History.
Check the following boxes:
Temporary Internet Files
Cookies
History
Download History
Form Data
Uncheck Preserve Favorites.
Click Delete, and wait until complete.
Close Internet Explorer.

~~~~~~~~~~~~~~

Try to reset IE settings to default => http://support.microsoft.com/kb/923737
Also does this problem still occur if you run IE without add-ons? In the Start menu search box, type in the following command iexplore.exe -extoff and hit Enter. This should run IE without add-ons.


~~~~~~~~~~~~~~~~~~~~~

What we can do now is run an online scan with Eset, for the time being it is our most trusted scanner.
Most reliable and thorough.
The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find.
This scanner can take quite a bit of time to run, depending of course how full your computer is.


Go here to run an online scannner from ESET. Windows Vista/Windows 7/Windows 8 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

• Note:
  For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
• Turn off the real time scanner of any existing antivirus program while performing the online scan. Here's how.
• Click the blue Run ESET Online Scanner button
• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the program to install the "OnlineScanner.cab" activex control by clicking the Install button
• Once the activex control is installed, on the next screen click on Enable detection of potentially unwanted applications
• Click on Advanced Settings
• Make sure that the option Remove found threats is unticked.
• Ensure these options are ticked
  
  • Scan archives
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  
  
• Click Start
• Wait for the scan to finish
• When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
• Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
• Close the ESET online scan.

*************************************

[Vince]

F:\hack folders\c++ programming\Directx Chams + wallhack full source-.zip a variant of Generik.FBXZBPI potentially unwanted application
F:\hack folders\xbox\jungleflasher\JungleFlasher.0.1.62.Beta.rar a variant of MSIL/TrojanDropper.Agent.EH trojan
F:\hack folders\xbox\jungleflasher\JungleFlasher.0.1.64.Beta.rar a variant of MSIL/TrojanDropper.Agent.EH trojan
F:\hack folders\xbox\jungleflasher\JungleFlasher.0.1.62.Beta\JungleFlasher v0.1.62 Beta\PortIO32.exe a variant of MSIL/TrojanDropper.Agent.EH trojan
F:\hack folders\xbox\jungleflasher\JungleFlasher.0.1.62.Beta\JungleFlasher v0.1.62 Beta\What.NET.exe a variant of MSIL/TrojanDropper.Agent.EH trojan
F:\hack folders\xbox\jungleflasher\JungleFlasher.0.1.64.Beta\JungleFlasher v0.1.64 Beta\PortIO32.exe a variant of MSIL/TrojanDropper.Agent.EH trojan
F:\hack folders\xbox\jungleflasher\JungleFlasher.0.1.64.Beta\JungleFlasher v0.1.64 Beta\What.NET.exe a variant of MSIL/TrojanDropper.Agent.EH trojan
F:\miniAdmin3\miniAdmin3\keyhook.dll a variant of Win32/Turkojan trojan
F:\old desktop files\film\KeyFinderInstaller.exe Win32/OpenCandy potentially unsafe application
F:\old desktop files\film\mCheat.rar a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application
F:\old desktop files\hack folders\c++ programming\Directx Chams + wallhack full source-.zip a variant of Generik.FBXZBPI potentially unwanted application
F:\old desktop files\hack folders\xbox\jungleflasher\JungleFlasher.0.1.62.Beta.rar a variant of MSIL/TrojanDropper.Agent.EH trojan
F:\old desktop files\hack folders\xbox\jungleflasher\JungleFlasher.0.1.64.Beta.rar a variant of MSIL/TrojanDropper.Agent.EH trojan
F:\old desktop files\hack folders\xbox\jungleflasher\JungleFlasher.0.1.62.Beta\JungleFlasher v0.1.62 Beta\PortIO32.exe a variant of MSIL/TrojanDropper.Agent.EH trojan
F:\old desktop files\hack folders\xbox\jungleflasher\JungleFlasher.0.1.62.Beta\JungleFlasher v0.1.62 Beta\What.NET.exe a variant of MSIL/TrojanDropper.Agent.EH trojan
F:\old desktop files\hack folders\xbox\jungleflasher\JungleFlasher.0.1.64.Beta\JungleFlasher v0.1.64 Beta\PortIO32.exe a variant of MSIL/TrojanDropper.Agent.EH trojan
F:\old desktop files\hack folders\xbox\jungleflasher\JungleFlasher.0.1.64.Beta\JungleFlasher v0.1.64 Beta\What.NET.exe a variant of MSIL/TrojanDropper.Agent.EH trojan
F:\old desktop files\miniAdmin3\miniAdmin3\keyhook.dll a variant of Win32/Turkojan trojan
G:\Games\cod4\Call_Of_Duty_4_Crackfix_And_Keygen-Razor1911\rzr-cod4\keygen\rzr-cod4.exe Win32/Keygen.DK potentially unsafe application
G:\utilities\SetupImgBurn_2.5.8.0.exe Win32/OpenCandy potentially unsafe application
Z:\Program Files (x86)\miniAdmin3\keyhook.dll a variant of Win32/Turkojan Trojan

Now I feel I should explain some of these.... The folder called hack folder contains a number of applications that could be used to reflash an Xbox 360, and the old desktop files folder is a back up of that.
Yes I do use miniadmin... I think not in the future.

[Juliet]

what you downloaded came in with bundled little goodies.
What surprises me is that none of this had been flagged in the past?

Ones labeled "Potentially unwanted application" I most often suggest people uninstall or delete

Ones labeled "a variant of" show infections, you can't leave this on your computer.

I know you know I'm going to ask this be deleted.

I can't leave a computer I'm trying to clean and fix errors knowing this on the computer in question.

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)

start
CloseProcesses:
F:\hack folders\c++ programming\Directx Chams + wallhack full source-.zip
F:\hack folders\xbox\jungleflasher\JungleFlasher.0.1.62.Beta.rar
F:\hack folders\xbox\jungleflasher\JungleFlasher.0.1.64.Beta.rar
F:\hack folders\xbox\jungleflasher\JungleFlasher.0.1.62.Beta\JungleFlasher v0.1.62 Beta\PortIO32.exe
F:\hack folders\xbox\jungleflasher\JungleFlasher.0.1.62.Beta\JungleFlasher v0.1.62 Beta\What.NET.exe
F:\hack folders\xbox\jungleflasher\JungleFlasher.0.1.64.Beta\JungleFlasher v0.1.64 Beta\PortIO32.exe
F:\hack folders\xbox\jungleflasher\JungleFlasher.0.1.64.Beta\JungleFlasher v0.1.64 Beta\What.NET.exe
F:\miniAdmin3\miniAdmin3\keyhook.dll
F:\old desktop files\film\KeyFinderInstaller.exe
F:\old desktop files\film\mCheat.rar
F:\old desktop files\hack folders\c++ programming\Directx Chams + wallhack full source-.zip
F:\old desktop files\hack folders\xbox\jungleflasher\JungleFlasher.0.1.62.Beta.rar
F:\old desktop files\hack folders\xbox\jungleflasher\JungleFlasher.0.1.64.Beta.rar
F:\old desktop files\hack folders\xbox\jungleflasher\JungleFlasher.0.1.62.Beta\JungleFlasher v0.1.62 Beta\PortIO32.exe
F:\old desktop files\hack folders\xbox\jungleflasher\JungleFlasher.0.1.62.Beta\JungleFlasher v0.1.62 Beta\What.NET.exe
F:\old desktop files\hack folders\xbox\jungleflasher\JungleFlasher.0.1.64.Beta\JungleFlasher v0.1.64 Beta\PortIO32.exe
F:\old desktop files\hack folders\xbox\jungleflasher\JungleFlasher.0.1.64.Beta\JungleFlasher v0.1.64 Beta\What.NET.exe
F:\old desktop files\miniAdmin3\miniAdmin3\keyhook.dll a variant of Win32/Turkojan trojan
G:\Games\cod4\Call_Of_Duty_4_Crackfix_And_Keygen-Razor1911\rzr-cod4\keygen\rzr-cod4.exe Win32/Keygen.DK
G:\utilities\SetupImgBurn_2.5.8.0.exe Win32/OpenCandy
Z:\Program Files (x86)\miniAdmin3\keyhook.dll
EmptyTemp:
End

Open FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

[Vince]

I totally understand an have run as requested.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-12-2014
Ran by Vince and Mel at 2014-12-20 19:06:13 Run:1
Running from C:\Users\Vince and Mel\Desktop
Loaded Profile: Vince and Mel (Available profiles: Vince and Mel)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CloseProcesses:
F:\hack folders\c++ programming\Directx Chams + wallhack full source-.zip
F:\hack folders\xbox\jungleflasher\JungleFlasher.0.1.62.Beta.rar
F:\hack folders\xbox\jungleflasher\JungleFlasher.0.1.64.Beta.rar
F:\hack folders\xbox\jungleflasher\JungleFlasher.0.1.62.Beta\JungleFlasher v0.1.62 Beta\PortIO32.exe
F:\hack folders\xbox\jungleflasher\JungleFlasher.0.1.62.Beta\JungleFlasher v0.1.62 Beta\What.NET.exe
F:\hack folders\xbox\jungleflasher\JungleFlasher.0.1.64.Beta\JungleFlasher v0.1.64 Beta\PortIO32.exe
F:\hack folders\xbox\jungleflasher\JungleFlasher.0.1.64.Beta\JungleFlasher v0.1.64 Beta\What.NET.exe
F:\miniAdmin3\miniAdmin3\keyhook.dll
F:\old desktop files\film\KeyFinderInstaller.exe
F:\old desktop files\film\mCheat.rar
F:\old desktop files\hack folders\c++ programming\Directx Chams + wallhack full source-.zip
F:\old desktop files\hack folders\xbox\jungleflasher\JungleFlasher.0.1.62.Beta.rar
F:\old desktop files\hack folders\xbox\jungleflasher\JungleFlasher.0.1.64.Beta.rar
F:\old desktop files\hack folders\xbox\jungleflasher\JungleFlasher.0.1.62.Beta\JungleFlasher v0.1.62 Beta\PortIO32.exe
F:\old desktop files\hack folders\xbox\jungleflasher\JungleFlasher.0.1.62.Beta\JungleFlasher v0.1.62 Beta\What.NET.exe
F:\old desktop files\hack folders\xbox\jungleflasher\JungleFlasher.0.1.64.Beta\JungleFlasher v0.1.64 Beta\PortIO32.exe
F:\old desktop files\hack folders\xbox\jungleflasher\JungleFlasher.0.1.64.Beta\JungleFlasher v0.1.64 Beta\What.NET.exe
F:\old desktop files\miniAdmin3\miniAdmin3\keyhook.dll a variant of Win32/Turkojan trojan
G:\Games\cod4\Call_Of_Duty_4_Crackfix_And_Keygen-Razor1911\rzr-cod4\keygen\rzr-cod4.exe Win32/Keygen.DK
G:\utilities\SetupImgBurn_2.5.8.0.exe Win32/OpenCandy
Z:\Program Files (x86)\miniAdmin3\keyhook.dll
EmptyTemp:
End
*****************

Processes closed successfully.
F:\hack folders\c++ programming\Directx Chams + wallhack full source-.zip => Moved successfully.
F:\hack folders\xbox\jungleflasher\JungleFlasher.0.1.62.Beta.rar => Moved successfully.
F:\hack folders\xbox\jungleflasher\JungleFlasher.0.1.64.Beta.rar => Moved successfully.
F:\hack folders\xbox\jungleflasher\JungleFlasher.0.1.62.Beta\JungleFlasher v0.1.62 Beta\PortIO32.exe => Moved successfully.
F:\hack folders\xbox\jungleflasher\JungleFlasher.0.1.62.Beta\JungleFlasher v0.1.62 Beta\What.NET.exe => Moved successfully.
F:\hack folders\xbox\jungleflasher\JungleFlasher.0.1.64.Beta\JungleFlasher v0.1.64 Beta\PortIO32.exe => Moved successfully.
F:\hack folders\xbox\jungleflasher\JungleFlasher.0.1.64.Beta\JungleFlasher v0.1.64 Beta\What.NET.exe => Moved successfully.
F:\miniAdmin3\miniAdmin3\keyhook.dll => Moved successfully.
F:\old desktop files\film\KeyFinderInstaller.exe => Moved successfully.
F:\old desktop files\film\mCheat.rar => Moved successfully.
F:\old desktop files\hack folders\c++ programming\Directx Chams + wallhack full source-.zip => Moved successfully.
F:\old desktop files\hack folders\xbox\jungleflasher\JungleFlasher.0.1.62.Beta.rar => Moved successfully.
F:\old desktop files\hack folders\xbox\jungleflasher\JungleFlasher.0.1.64.Beta.rar => Moved successfully.
F:\old desktop files\hack folders\xbox\jungleflasher\JungleFlasher.0.1.62.Beta\JungleFlasher v0.1.62 Beta\PortIO32.exe => Moved successfully.
F:\old desktop files\hack folders\xbox\jungleflasher\JungleFlasher.0.1.62.Beta\JungleFlasher v0.1.62 Beta\What.NET.exe => Moved successfully.
F:\old desktop files\hack folders\xbox\jungleflasher\JungleFlasher.0.1.64.Beta\JungleFlasher v0.1.64 Beta\PortIO32.exe => Moved successfully.
F:\old desktop files\hack folders\xbox\jungleflasher\JungleFlasher.0.1.64.Beta\JungleFlasher v0.1.64 Beta\What.NET.exe => Moved successfully.
"F:\old desktop files\miniAdmin3\miniAdmin3\keyhook.dll a variant of Win32/Turkojan trojan" => File/Directory not found.
"G:\Games\cod4\Call_Of_Duty_4_Crackfix_And_Keygen-Razor1911\rzr-cod4\keygen\rzr-cod4.exe Win32/Keygen.DK" => File/Directory not found.
"G:\utilities\SetupImgBurn_2.5.8.0.exe Win32/OpenCandy" => File/Directory not found.
Z:\Program Files (x86)\miniAdmin3\keyhook.dll => Moved successfully.
EmptyTemp: => Removed 756.5 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====

[Juliet]

Now, since a reboot, whats the computer doing now?

[Vince]

Hmm... I wish I could be more positive, but im not sure exactly how the iexplorer.exe *32 should behave...

I think the size has stopped increasing.... but takes up a large amount of space.

With 3 tabs open im up at 403,000k - 404,000k
Reduced back to 1 tab its 308,000k
tskmgr.jpg

If I close all tabs an reopen its 50,000k
tskmgr2.jpg

but after opening a few tabs and closing them im back at 169,000k
tskmgr3.jpg

[Juliet]

Read over the below and let's see if it can help.

Troubleshooting and Internet Explorer’s (No Add-ons) Mode
http://blogs.msdn.com/b/ie/archive/2...25/678113.aspx


If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.
Emergency Backup Procedure - Tech Support Forum

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

How to use ComboFix

Download ComboFix from here:
Link 1
Link 2
Link 3

Place ComboFix.exe on your Desktop <--Important

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
  * Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
  
  
  You can get help on disabling your protection programs here
• Double click on ComboFix.exe & follow the prompts.
• You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)
• Your desktop may go blank. This is normal. It will return when ComboFix is done. Combofix may need to reboot your computer more than once to do its job this is normal.
• When finished, it shall produce a log for you. Post that log in your next reply
  
  Note:
  Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  
  Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer
  
  ---------------------------------------------------------------------------------------------
• Ensure your AntiVirus and AntiSpyware applications are re-enabled.
  
  Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
  Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.
  ---------------------------------------------------------------------------------------------
• If there are Internet issues after running ComboFix:
  Internet Explorer:
  Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" and check to "Automatically detect settings". Also clear any proxy address and port. ok, apply (only if applicable), ok.
  Firefox:
  Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection. "No Proxy" should be selected, unless you have one set up yourself.
  Chrome:
  Select -> Tools menu -> then "Options", then go to "Change Proxy Settings", then "LAN Settings" , then take out the check mark for "Use a proxy server for your LAN" if set, unless you set this up yourself.
  Safari
  Launch Safari
  Go to general settings menu
  Then in Preferences/ Advanced
  Then on line click Proxies change settings ...
  Click Internet Options, then click the Connections tab, click Network Settings.
  Disable option (uncheck) for the use of proxy server ...
  

[Vince]

ComboFix 14-12-14.01 - Vince and Mel 21/12/2014 19:35:57.1.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.16269.12143 [GMT 0:00]
Running from: c:\users\Vince and Mel\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Vince and Mel\AppData\Roaming\inst.exe
c:\users\Vince and Mel\AppData\Roaming\vso_ts_preview.xml
Z:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2014-11-21 to 2014-12-21 )))))))))))))))))))))))))))))))
.
.
2014-12-21 20:02 . 2014-12-21 20:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-12-21 05:53 . 2014-12-21 05:53 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8D2E7239-938B-41D9-A274-565372408774}\offreg.dll
2014-12-20 19:16 . 2014-12-02 10:26 11870360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8D2E7239-938B-41D9-A274-565372408774}\mpengine.dll
2014-12-20 19:06 . 2014-12-20 19:06 -------- d-----w- C:\FRST
2014-12-20 13:16 . 2014-12-20 13:16 -------- d-----w- c:\program files (x86)\ESET
2014-12-18 23:56 . 2014-12-18 23:57 -------- d-----w- c:\windows\system32\catroot2
2014-12-18 23:49 . 2014-12-18 23:49 -------- d-----w- c:\windows\SysWow64\wbem\Performance
2014-12-18 22:52 . 2014-12-18 22:52 -------- d-----w- c:\program files (x86)\Tweaking.com
2014-12-18 18:27 . 2014-12-18 18:27 -------- d-----w- c:\users\Vince and Mel\AppData\Local\pangu
2014-12-17 18:08 . 2014-12-13 05:09 144384 ----a-w- c:\windows\system32\ieUnatt.exe
2014-12-17 18:08 . 2014-12-13 03:33 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2014-12-15 18:16 . 2014-12-15 18:16 -------- dc----w- c:\windows\system32\DRVSTORE
2014-12-15 18:16 . 2012-10-03 16:14 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2014-12-15 18:15 . 2014-12-15 18:15 -------- d-----w- c:\program files\iPod
2014-12-15 18:15 . 2014-12-15 18:16 -------- d-----w- c:\programdata\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-12-15 18:15 . 2014-12-15 18:16 -------- d-----w- c:\program files\iTunes
2014-12-15 18:15 . 2014-12-15 18:15 -------- d-----w- c:\program files\Common Files\Apple
2014-12-15 18:14 . 2014-12-15 18:14 -------- d-----w- c:\program files\Bonjour
2014-12-15 18:14 . 2014-12-15 18:14 -------- d-----w- c:\program files (x86)\Bonjour
2014-12-15 18:14 . 2014-12-15 18:15 -------- d-----w- c:\program files (x86)\Common Files\Apple
2014-12-14 10:39 . 2014-12-14 10:39 -------- d-----w- c:\program files\Microsoft Silverlight
2014-12-14 10:39 . 2014-12-14 10:39 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2014-12-11 03:01 . 2014-10-18 02:05 4121600 ----a-w- c:\windows\system32\mf.dll
2014-12-11 03:01 . 2014-10-18 01:33 3209728 ----a-w- c:\windows\SysWow64\mf.dll
2014-12-10 07:55 . 2014-11-22 03:13 950784 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2014-12-02 17:15 . 2014-11-12 20:46 615624 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2014-12-02 17:13 . 2014-12-02 17:13 -------- d-----w- C:\NVIDIA
2014-12-02 17:10 . 2014-12-02 17:10 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-12-02 17:09 . 2014-12-02 17:09 111016 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2014-11-30 16:42 . 2014-12-16 16:05 -------- d-----w- c:\windows\ERUNT
2014-11-29 00:37 . 2014-11-29 00:37 -------- d-----w- C:\RegBackup
2014-11-28 21:05 . 2014-12-02 00:01 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-11-27 20:11 . 2014-11-27 20:11 -------- d-----w- c:\windows\SysWow64\vbox
2014-11-27 20:11 . 2014-11-27 20:11 -------- d-----w- c:\windows\system32\vbox
2014-11-27 19:09 . 2014-11-27 19:09 364512 ----a-w- c:\windows\system32\aswBoot.exe
2014-11-27 19:09 . 2014-11-27 19:09 43152 ----a-w- c:\windows\avastSS.scr
2014-11-25 15:21 . 2014-11-25 15:21 3618488 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE15\1033\MSOINTL.DLL
2014-11-25 15:20 . 2014-11-25 15:20 81234104 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE15\MSORES.DLL
2014-11-25 15:20 . 2014-11-25 15:20 550072 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOSQM.EXE
2014-11-25 15:20 . 2014-11-25 15:20 26373816 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE15\MSO.DLL
2014-11-25 13:59 . 2014-11-25 13:59 18638520 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\MSO.DLL
2014-11-24 20:56 . 2014-11-28 22:03 -------- d-----w- c:\users\Vince and Mel\AppData\Roaming\Audacity
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-12-20 19:08 . 2013-11-17 03:55 25640 ----a-w- c:\windows\gdrv.sys
2014-12-18 18:11 . 2014-06-14 01:12 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-12-11 03:02 . 2013-12-17 00:06 112710672 ----a-w- c:\windows\system32\MRT.exe
2014-12-10 12:40 . 2014-03-06 17:48 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-12-10 12:40 . 2014-03-06 17:48 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-11-27 19:09 . 2013-11-17 10:55 1050432 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-11-27 19:09 . 2014-07-09 16:14 116728 ----a-w- c:\windows\system32\drivers\aswStm.sys
2014-11-27 19:09 . 2014-07-09 16:14 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-11-27 19:09 . 2013-11-17 10:55 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-11-27 19:09 . 2013-11-17 10:55 83280 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-11-27 19:09 . 2013-11-17 10:55 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-11-27 19:09 . 2013-11-17 10:55 436624 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-11-27 19:09 . 2013-11-17 10:55 267632 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-11-24 14:04 . 2010-11-21 03:27 275080 ------w- c:\windows\system32\MpSigStub.exe
2014-11-21 06:14 . 2014-06-14 01:11 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-11-21 06:14 . 2014-06-14 01:11 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-11-21 06:14 . 2013-11-25 10:39 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-11-18 20:47 . 2014-11-18 20:47 1247904 ----a-w- c:\windows\SysWow64\FM20.DLL
2014-11-17 20:02 . 2014-09-19 11:19 1291280 ----a-w- c:\windows\SysWow64\nvspbridge.dll
2014-11-17 20:02 . 2014-04-21 15:58 2197680 ----a-w- c:\windows\SysWow64\nvspcap.dll
2014-11-17 20:02 . 2014-09-19 11:19 1715224 ----a-w- c:\windows\system32\nvspbridge64.dll
2014-11-17 20:02 . 2014-04-21 15:58 2800296 ----a-w- c:\windows\system32\nvspcap64.dll
2014-11-13 00:20 . 2014-11-07 16:37 989056 ----a-w- c:\windows\system32\nvumdshimx.dll
2014-11-13 00:20 . 2014-11-07 16:37 3262784 ----a-w- c:\windows\system32\nvapi64.dll
2014-11-13 00:20 . 2014-11-07 16:37 31893136 ----a-w- c:\windows\system32\nvoglv64.dll
2014-11-13 00:20 . 2014-11-07 16:37 2874456 ----a-w- c:\windows\SysWow64\nvapi.dll
2014-11-13 00:20 . 2014-11-07 16:37 20986592 ----a-w- c:\windows\system32\nvwgf2umx.dll
2014-11-13 00:20 . 2014-11-07 16:37 19966344 ----a-w- c:\windows\system32\nvd3dumx.dll
2014-11-13 00:20 . 2014-11-07 16:37 174856 ----a-w- c:\windows\system32\nvinitx.dll
2014-11-13 00:20 . 2014-11-07 16:37 156840 ----a-w- c:\windows\SysWow64\nvinit.dll
2014-11-12 21:56 . 2014-11-07 16:38 6897352 ----a-w- c:\windows\system32\nvcpl.dll
2014-11-12 21:56 . 2014-11-07 16:38 3534152 ----a-w- c:\windows\system32\nvsvc64.dll
2014-11-12 21:56 . 2014-11-07 16:38 934032 ----a-w- c:\windows\system32\nvvsvc.exe
2014-11-12 21:56 . 2014-11-07 16:38 62608 ----a-w- c:\windows\system32\nvshext.dll
2014-11-12 21:56 . 2014-11-07 16:38 386368 ----a-w- c:\windows\system32\nvmctray.dll
2014-11-12 21:56 . 2014-04-02 21:13 2559808 ----a-w- c:\windows\system32\nvsvcr.dll
2014-11-11 10:29 . 2014-11-07 16:38 4100776 ----a-w- c:\windows\system32\nvcoproc.bin
2014-11-11 03:08 . 2014-11-18 18:34 241152 ----a-w- c:\windows\system32\pku2u.dll
2014-11-11 03:08 . 2014-11-18 18:34 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-11-11 02:44 . 2014-11-18 18:34 186880 ----a-w- c:\windows\SysWow64\pku2u.dll
2014-11-11 02:44 . 2014-11-18 18:34 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-11-05 21:54 . 2014-11-05 21:54 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-10-30 08:56 . 2014-11-07 16:37 31520 ----a-w- c:\windows\system32\nvhdap64.dll
2014-10-30 08:56 . 2014-11-07 16:37 197408 ----a-w- c:\windows\system32\drivers\nvhda64v.sys
2014-10-30 08:56 . 2014-11-07 16:37 1538880 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
2014-10-30 04:53 . 2014-11-07 16:37 1876296 ----a-w- c:\windows\system32\nvdispco6434460.dll
2014-10-30 04:53 . 2014-11-07 16:37 1539272 ----a-w- c:\windows\system32\nvdispgenco6434460.dll
2014-10-25 01:57 . 2014-11-12 06:00 77824 ----a-w- c:\windows\system32\packager.dll
2014-10-25 01:32 . 2014-11-12 06:00 67584 ----a-w- c:\windows\SysWow64\packager.dll
2014-10-18 02:05 . 2014-11-12 06:00 861696 ----a-w- c:\windows\system32\oleaut32.dll
2014-10-18 01:33 . 2014-11-12 06:00 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2014-10-14 02:16 . 2014-11-12 06:00 155064 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-10-14 02:13 . 2014-11-12 06:00 683520 ----a-w- c:\windows\system32\termsrv.dll
2014-10-14 02:13 . 2014-11-12 06:00 3241984 ----a-w- c:\windows\system32\msi.dll
2014-10-14 02:12 . 2014-11-12 06:00 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-10-14 02:09 . 2014-11-12 06:00 146432 ----a-w- c:\windows\system32\msaudite.dll
2014-10-14 02:07 . 2014-11-12 06:00 681984 ----a-w- c:\windows\system32\adtschema.dll
2014-10-14 01:50 . 2014-11-12 06:00 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-10-14 01:50 . 2014-11-12 06:00 2363904 ----a-w- c:\windows\SysWow64\msi.dll
2014-10-14 01:49 . 2014-11-12 06:00 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-10-14 01:47 . 2014-11-12 06:00 146432 ----a-w- c:\windows\SysWow64\msaudite.dll
2014-10-14 01:46 . 2014-11-12 06:00 681984 ----a-w- c:\windows\SysWow64\adtschema.dll
2014-10-10 00:57 . 2014-11-12 06:00 3198976 ----a-w- c:\windows\system32\win32k.sys
2014-10-03 19:23 . 2014-04-21 15:58 35144 ----a-w- c:\windows\system32\nvaudcap64v.dll
2014-10-03 02:12 . 2014-11-12 06:00 500224 ----a-w- c:\windows\system32\AUDIOKSE.dll
2014-10-03 02:11 . 2014-11-12 06:00 284672 ----a-w- c:\windows\system32\EncDump.dll
2014-10-03 02:11 . 2014-11-12 06:00 680960 ----a-w- c:\windows\system32\audiosrv.dll
2014-10-03 02:11 . 2014-11-12 06:00 440832 ----a-w- c:\windows\system32\AudioEng.dll
2014-10-03 02:11 . 2014-11-12 06:00 296448 ----a-w- c:\windows\system32\AudioSes.dll
2014-10-03 01:44 . 2014-11-12 06:00 442880 ----a-w- c:\windows\SysWow64\AUDIOKSE.dll
2014-10-03 01:44 . 2014-11-12 06:00 374784 ----a-w- c:\windows\SysWow64\AudioEng.dll
2014-10-03 01:44 . 2014-11-12 06:00 195584 ----a-w- c:\windows\SysWow64\AudioSes.dll
2014-09-25 02:08 . 2014-10-01 00:10 371712 ----a-w- c:\windows\system32\qdvd.dll
2014-09-25 01:40 . 2014-10-01 00:10 519680 ----a-w- c:\windows\SysWow64\qdvd.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Vince and Mel\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Vince and Mel\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Vince and Mel\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-12-12 5227112]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2013-04-26 292848]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-10-07 507776]
"MobileBroadband"="c:\program files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe" [2012-07-31 69632]
"LWS"="z:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2012-09-12 204136]
"iTunesHelper"="z:\program files (x86)\iTunes\iTunesHelper.exe" [2014-10-15 157480]
"Adobe Photo Downloader"="z:\program files (x86)\Adobe\Photoshop Elements 4.0\apdproxy.exe" [2005-09-09 57344]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-11-20 1021128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"PreRun"="c:\program files (x86)\GIGABYTE\AppCenter\PreRun.exe" [2013-04-29 8192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
"EnableSecureUIAPath"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
R1 UsbCharger;UsbCharger;c:\windows\system32\DRIVERS\UsbCharger.sys;c:\windows\SYSNATIVE\DRIVERS\UsbCharger.sys [x]
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 etdrv;etdrv;c:\windows\etdrv.sys;c:\windows\etdrv.sys [x]
R3 etocdrv;etocdrv;c:\windows\etocdrv.sys;c:\windows\etocdrv.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ew_usbenumfilter.sys [x]
R3 GPU-Z;GPU-Z;c:\users\VINCEA~1\AppData\Local\Temp\GPU-Z.sys;c:\users\VINCEA~1\AppData\Local\Temp\GPU-Z.sys [x]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juextctrl.sys [x]
R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juwwanecm.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 ptun0901;TAP Adapter V9 for Private Tunnel;c:\windows\system32\DRIVERS\ptun0901.sys;c:\windows\SYSNATIVE\DRIVERS\ptun0901.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 ssudobex;SAMSUNG Mobile USB OBEX Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudobex.sys;c:\windows\SYSNATIVE\DRIVERS\ssudobex.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 usbrndis6;USB RNDIS6 Adapter;c:\windows\system32\DRIVERS\usb80236.sys;c:\windows\SYSNATIVE\DRIVERS\usb80236.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 AllShare Framework DMS;AllShare Framework DMS;c:\program files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe;c:\program files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 gadjservice;GIGABYTE Adjust;c:\program files (x86)\Gigabyte\AppCenter\AdjustService.exe;c:\program files (x86)\Gigabyte\AppCenter\AdjustService.exe [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Samsung Link Service;Samsung Link Service;z:\program files\samsung\Samsung Link\Samsung Link.exe;z:\program files\samsung\Samsung Link\Samsung Link.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TomTomHOMEService;TomTomHOMEService;z:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe;z:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [x]
S2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [x]
S2 VmbService;Vodafone Mobile Broadband Service;c:\program files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe;c:\program files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [x]
S3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys;c:\windows\SYSNATIVE\DRIVERS\LGSHidFilt.Sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech HD Pro Webcam C920(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys;c:\windows\SYSNATIVE\Drivers\pcouffin.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 VUSB3HUB;VIA USB 3 Root Hub Service;c:\windows\system32\DRIVERS\ViaHub3.sys;c:\windows\SYSNATIVE\DRIVERS\ViaHub3.sys [x]
S3 xhcdrv;VIA USB eXtensible Host Controller Service;c:\windows\system32\DRIVERS\xhcdrv.sys;c:\windows\SYSNATIVE\DRIVERS\xhcdrv.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-12-06 23:18 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-12-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-06 12:40]
.
2014-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-10-06 16:05]
.
2014-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-10-06 16:05]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-11-12 17:19 2334928 ----a-w- c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-11-12 17:19 2334928 ----a-w- c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-11-12 17:19 2334928 ----a-w- c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-11-27 19:09 860984 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Vince and Mel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Vince and Mel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Vince and Mel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Vince and Mel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-10-21 17:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-10-21 17:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-10-21 17:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-10-21 17:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-10-21 17:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VIAxHCUtl"="c:\program files\VIA XHCI UASP Utility\usb3Monitor" [X]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-11-17 2800296]
"Samsung Link"="z:\program files\samsung\Samsung Link\Samsung Link Tray Agent.exe" [2014-12-16 607584]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-02-26 13423688]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-05-24 444400]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-11-17 2465088]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2013-11-14 8292120]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-05-24 165872]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2013-04-30 36352]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-05-24 407536]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.co.uk/
mLocal Page = c:\windows\SYSTEM32\blank.htm
mDefault_Page_URL = hxxp://www.google.com
Trusted Zone: sharepoint.com\studentthanetac
Trusted Zone: sharepoint.com\studentthanetac-my
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{7796727F-F0FD-46AE-8DB4-48D883925147}: NameServer = 10.203.128.1 10.203.128.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Vince and Mel\AppData\Roaming\Mozilla\Firefox\Profiles\6a4e2qpg.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
.
.
.
Completion time: 2014-12-21 20:16:54
ComboFix-quarantined-files.txt 2014-12-21 20:16
.
Pre-Run: 24,900,399,104 bytes free
Post-Run: 24,701,034,496 bytes free
.
- - End Of File - - F1EB9730DEDD1026A9BD89B4C2FD6238
A36C5E4F47E84449FF07ED3517B43A31

[Vince]

This one tab is 136,000 after opening a few tabs, and closing them.

Is there anything left to throw at my pc?

[Juliet]

Is there anything left to throw at my pc?

Not really.

Theres really no malware showing now and hasn't for a while.

The only thing I can think of at this point is to do a system restore back before this started happening.

We've been working on this for a week, you stated it had been going on for 2 weeks, we're looking at, at least a month ago.