Persistant problem :(

[Juliet]

Clear Internet Explorer Cache and Cookies

Open Internet Explorer. Click the Settings gear icon in the top right corner.
Click Safety, followed by Delete Browsing History.
Check the following boxes:
Temporary Internet Files
Cookies
History
Download History
Form Data
Uncheck Preserve Favorites.
Click Delete, and wait until complete.
Close Internet Explorer.

~~~~~~~~~~~~~~

Try to reset IE settings to default => http://support.microsoft.com/kb/923737
Also does this problem still occur if you run IE without add-ons? In the Start menu search box, type in the following command iexplore.exe -extoff and hit Enter. This should run IE without add-ons.


~~~~~~~~~~~~~~~~~~~~~

What we can do now is run an online scan with Eset, for the time being it is our most trusted scanner.
Most reliable and thorough.
The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find.
This scanner can take quite a bit of time to run, depending of course how full your computer is.


Go here to run an online scannner from ESET. Windows Vista/Windows 7/Windows 8 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

• Note:
  For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
• Turn off the real time scanner of any existing antivirus program while performing the online scan. Here's how.
• Click the blue Run ESET Online Scanner button
• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the program to install the "OnlineScanner.cab" activex control by clicking the Install button
• Once the activex control is installed, on the next screen click on Enable detection of potentially unwanted applications
• Click on Advanced Settings
• Make sure that the option Remove found threats is unticked.
• Ensure these options are ticked
  • Scan archives
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
• Click Start
• Wait for the scan to finish
• When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
• Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
• Close the ESET online scan.

*************************************

 

[Vince]

F:\hack folders\c++ programming\Directx Chams + wallhack full source-.zip a variant of Generik.FBXZBPI potentially unwanted application
F:\hack folders\xbox\jungleflasher\JungleFlasher.0.1.62.Beta.rar a variant of MSIL/TrojanDropper.Agent.EH trojan
F:\hack folders\xbox\jungleflasher\JungleFlasher.0.1.64.Beta.rar a variant of MSIL/TrojanDropper.Agent.EH trojan
F:\hack folders\xbox\jungleflasher\JungleFlasher.0.1.62.Beta\JungleFlasher v0.1.62 Beta\PortIO32.exe a variant of MSIL/TrojanDropper.Agent.EH trojan
F:\hack folders\xbox\jungleflasher\JungleFlasher.0.1.62.Beta\JungleFlasher v0.1.62 Beta\What.NET.exe a variant of MSIL/TrojanDropper.Agent.EH trojan
F:\hack folders\xbox\jungleflasher\JungleFlasher.0.1.64.Beta\JungleFlasher v0.1.64 Beta\PortIO32.exe a variant of MSIL/TrojanDropper.Agent.EH trojan
F:\hack folders\xbox\jungleflasher\JungleFlasher.0.1.64.Beta\JungleFlasher v0.1.64 Beta\What.NET.exe a variant of MSIL/TrojanDropper.Agent.EH trojan
F:\miniAdmin3\miniAdmin3\keyhook.dll a variant of Win32/Turkojan trojan
F:\old desktop files\film\KeyFinderInstaller.exe Win32/OpenCandy potentially unsafe application
F:\old desktop files\film\mCheat.rar a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application
F:\old desktop files\hack folders\c++ programming\Directx Chams + wallhack full source-.zip a variant of Generik.FBXZBPI potentially unwanted application
F:\old desktop files\hack folders\xbox\jungleflasher\JungleFlasher.0.1.62.Beta.rar a variant of MSIL/TrojanDropper.Agent.EH trojan
F:\old desktop files\hack folders\xbox\jungleflasher\JungleFlasher.0.1.64.Beta.rar a variant of MSIL/TrojanDropper.Agent.EH trojan
F:\old desktop files\hack folders\xbox\jungleflasher\JungleFlasher.0.1.62.Beta\JungleFlasher v0.1.62 Beta\PortIO32.exe a variant of MSIL/TrojanDropper.Agent.EH trojan
F:\old desktop files\hack folders\xbox\jungleflasher\JungleFlasher.0.1.62.Beta\JungleFlasher v0.1.62 Beta\What.NET.exe a variant of MSIL/TrojanDropper.Agent.EH trojan
F:\old desktop files\hack folders\xbox\jungleflasher\JungleFlasher.0.1.64.Beta\JungleFlasher v0.1.64 Beta\PortIO32.exe a variant of MSIL/TrojanDropper.Agent.EH trojan
F:\old desktop files\hack folders\xbox\jungleflasher\JungleFlasher.0.1.64.Beta\JungleFlasher v0.1.64 Beta\What.NET.exe a variant of MSIL/TrojanDropper.Agent.EH trojan
F:\old desktop files\miniAdmin3\miniAdmin3\keyhook.dll a variant of Win32/Turkojan trojan
G:\Games\cod4\Call_Of_Duty_4_Crackfix_And_Keygen-Razor1911\rzr-cod4\keygen\rzr-cod4.exe Win32/Keygen.DK potentially unsafe application
G:\utilities\SetupImgBurn_2.5.8.0.exe Win32/OpenCandy potentially unsafe application
Z:\Program Files (x86)\miniAdmin3\keyhook.dll a variant of Win32/Turkojan Trojan

Now I feel I should explain some of these.... The folder called hack folder contains a number of applications that could be used to reflash an Xbox 360, and the old desktop files folder is a back up of that.
Yes I do use miniadmin... I think not in the future.

 

[Juliet]

what you downloaded came in with bundled little goodies.
What surprises me is that none of this had been flagged in the past?

Ones labeled "Potentially unwanted application" I most often suggest people uninstall or delete

Ones labeled "a variant of" show infections, you can't leave this on your computer.

I know you know I'm going to ask this be deleted.

I can't leave a computer I'm trying to clean and fix errors knowing this on the computer in question.

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)

start
CloseProcesses:
F:\hack folders\c++ programming\Directx Chams + wallhack full source-.zip
F:\hack folders\xbox\jungleflasher\JungleFlasher.0.1.62.Beta.rar
F:\hack folders\xbox\jungleflasher\JungleFlasher.0.1.64.Beta.rar
F:\hack folders\xbox\jungleflasher\JungleFlasher.0.1.62.Beta\JungleFlasher v0.1.62 Beta\PortIO32.exe
F:\hack folders\xbox\jungleflasher\JungleFlasher.0.1.62.Beta\JungleFlasher v0.1.62 Beta\What.NET.exe
F:\hack folders\xbox\jungleflasher\JungleFlasher.0.1.64.Beta\JungleFlasher v0.1.64 Beta\PortIO32.exe
F:\hack folders\xbox\jungleflasher\JungleFlasher.0.1.64.Beta\JungleFlasher v0.1.64 Beta\What.NET.exe
F:\miniAdmin3\miniAdmin3\keyhook.dll
F:\old desktop files\film\KeyFinderInstaller.exe
F:\old desktop files\film\mCheat.rar
F:\old desktop files\hack folders\c++ programming\Directx Chams + wallhack full source-.zip
F:\old desktop files\hack folders\xbox\jungleflasher\JungleFlasher.0.1.62.Beta.rar
F:\old desktop files\hack folders\xbox\jungleflasher\JungleFlasher.0.1.64.Beta.rar
F:\old desktop files\hack folders\xbox\jungleflasher\JungleFlasher.0.1.62.Beta\JungleFlasher v0.1.62 Beta\PortIO32.exe
F:\old desktop files\hack folders\xbox\jungleflasher\JungleFlasher.0.1.62.Beta\JungleFlasher v0.1.62 Beta\What.NET.exe
F:\old desktop files\hack folders\xbox\jungleflasher\JungleFlasher.0.1.64.Beta\JungleFlasher v0.1.64 Beta\PortIO32.exe
F:\old desktop files\hack folders\xbox\jungleflasher\JungleFlasher.0.1.64.Beta\JungleFlasher v0.1.64 Beta\What.NET.exe
F:\old desktop files\miniAdmin3\miniAdmin3\keyhook.dll a variant of Win32/Turkojan trojan
G:\Games\cod4\Call_Of_Duty_4_Crackfix_And_Keygen-Razor1911\rzr-cod4\keygen\rzr-cod4.exe Win32/Keygen.DK
G:\utilities\SetupImgBurn_2.5.8.0.exe Win32/OpenCandy
Z:\Program Files (x86)\miniAdmin3\keyhook.dll
EmptyTemp:
End

Open FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

[Vince]

I totally understand an have run as requested.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-12-2014
Ran by Vince and Mel at 2014-12-20 19:06:13 Run:1
Running from C:\Users\Vince and Mel\Desktop
Loaded Profile: Vince and Mel (Available profiles: Vince and Mel)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CloseProcesses:
F:\hack folders\c++ programming\Directx Chams + wallhack full source-.zip
F:\hack folders\xbox\jungleflasher\JungleFlasher.0.1.62.Beta.rar
F:\hack folders\xbox\jungleflasher\JungleFlasher.0.1.64.Beta.rar
F:\hack folders\xbox\jungleflasher\JungleFlasher.0.1.62.Beta\JungleFlasher v0.1.62 Beta\PortIO32.exe
F:\hack folders\xbox\jungleflasher\JungleFlasher.0.1.62.Beta\JungleFlasher v0.1.62 Beta\What.NET.exe
F:\hack folders\xbox\jungleflasher\JungleFlasher.0.1.64.Beta\JungleFlasher v0.1.64 Beta\PortIO32.exe
F:\hack folders\xbox\jungleflasher\JungleFlasher.0.1.64.Beta\JungleFlasher v0.1.64 Beta\What.NET.exe
F:\miniAdmin3\miniAdmin3\keyhook.dll
F:\old desktop files\film\KeyFinderInstaller.exe
F:\old desktop files\film\mCheat.rar
F:\old desktop files\hack folders\c++ programming\Directx Chams + wallhack full source-.zip
F:\old desktop files\hack folders\xbox\jungleflasher\JungleFlasher.0.1.62.Beta.rar
F:\old desktop files\hack folders\xbox\jungleflasher\JungleFlasher.0.1.64.Beta.rar
F:\old desktop files\hack folders\xbox\jungleflasher\JungleFlasher.0.1.62.Beta\JungleFlasher v0.1.62 Beta\PortIO32.exe
F:\old desktop files\hack folders\xbox\jungleflasher\JungleFlasher.0.1.62.Beta\JungleFlasher v0.1.62 Beta\What.NET.exe
F:\old desktop files\hack folders\xbox\jungleflasher\JungleFlasher.0.1.64.Beta\JungleFlasher v0.1.64 Beta\PortIO32.exe
F:\old desktop files\hack folders\xbox\jungleflasher\JungleFlasher.0.1.64.Beta\JungleFlasher v0.1.64 Beta\What.NET.exe
F:\old desktop files\miniAdmin3\miniAdmin3\keyhook.dll a variant of Win32/Turkojan trojan
G:\Games\cod4\Call_Of_Duty_4_Crackfix_And_Keygen-Razor1911\rzr-cod4\keygen\rzr-cod4.exe Win32/Keygen.DK
G:\utilities\SetupImgBurn_2.5.8.0.exe Win32/OpenCandy
Z:\Program Files (x86)\miniAdmin3\keyhook.dll
EmptyTemp:
End
*****************

Processes closed successfully.
F:\hack folders\c++ programming\Directx Chams + wallhack full source-.zip => Moved successfully.
F:\hack folders\xbox\jungleflasher\JungleFlasher.0.1.62.Beta.rar => Moved successfully.
F:\hack folders\xbox\jungleflasher\JungleFlasher.0.1.64.Beta.rar => Moved successfully.
F:\hack folders\xbox\jungleflasher\JungleFlasher.0.1.62.Beta\JungleFlasher v0.1.62 Beta\PortIO32.exe => Moved successfully.
F:\hack folders\xbox\jungleflasher\JungleFlasher.0.1.62.Beta\JungleFlasher v0.1.62 Beta\What.NET.exe => Moved successfully.
F:\hack folders\xbox\jungleflasher\JungleFlasher.0.1.64.Beta\JungleFlasher v0.1.64 Beta\PortIO32.exe => Moved successfully.
F:\hack folders\xbox\jungleflasher\JungleFlasher.0.1.64.Beta\JungleFlasher v0.1.64 Beta\What.NET.exe => Moved successfully.
F:\miniAdmin3\miniAdmin3\keyhook.dll => Moved successfully.
F:\old desktop files\film\KeyFinderInstaller.exe => Moved successfully.
F:\old desktop files\film\mCheat.rar => Moved successfully.
F:\old desktop files\hack folders\c++ programming\Directx Chams + wallhack full source-.zip => Moved successfully.
F:\old desktop files\hack folders\xbox\jungleflasher\JungleFlasher.0.1.62.Beta.rar => Moved successfully.
F:\old desktop files\hack folders\xbox\jungleflasher\JungleFlasher.0.1.64.Beta.rar => Moved successfully.
F:\old desktop files\hack folders\xbox\jungleflasher\JungleFlasher.0.1.62.Beta\JungleFlasher v0.1.62 Beta\PortIO32.exe => Moved successfully.
F:\old desktop files\hack folders\xbox\jungleflasher\JungleFlasher.0.1.62.Beta\JungleFlasher v0.1.62 Beta\What.NET.exe => Moved successfully.
F:\old desktop files\hack folders\xbox\jungleflasher\JungleFlasher.0.1.64.Beta\JungleFlasher v0.1.64 Beta\PortIO32.exe => Moved successfully.
F:\old desktop files\hack folders\xbox\jungleflasher\JungleFlasher.0.1.64.Beta\JungleFlasher v0.1.64 Beta\What.NET.exe => Moved successfully.
"F:\old desktop files\miniAdmin3\miniAdmin3\keyhook.dll a variant of Win32/Turkojan trojan" => File/Directory not found.
"G:\Games\cod4\Call_Of_Duty_4_Crackfix_And_Keygen-Razor1911\rzr-cod4\keygen\rzr-cod4.exe Win32/Keygen.DK" => File/Directory not found.
"G:\utilities\SetupImgBurn_2.5.8.0.exe Win32/OpenCandy" => File/Directory not found.
Z:\Program Files (x86)\miniAdmin3\keyhook.dll => Moved successfully.
EmptyTemp: => Removed 756.5 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====

 

[Juliet]

Now, since a reboot, whats the computer doing now?

 

[Vince]

Hmm... I wish I could be more positive, but im not sure exactly how the iexplorer.exe *32 should behave...

I think the size has stopped increasing.... but takes up a large amount of space.

With 3 tabs open im up at 403,000k - 404,000k
Reduced back to 1 tab its 308,000k


If I close all tabs an reopen its 50,000k


but after opening a few tabs and closing them im back at 169,000k

 

[Juliet]

Read over the below and let's see if it can help.

Troubleshooting and Internet Explorer’s (No Add-ons) Mode
http://blogs.msdn.com/b/ie/archive/2006/07/25/678113.aspx


If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.
Emergency Backup Procedure - Tech Support Forum

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

How to use ComboFix

Download ComboFix from here:
Link 1
Link 2
Link 3

Place ComboFix.exe on your Desktop <--Important

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
  * Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
  
  
  You can get help on disabling your protection programs here
• Double click on ComboFix.exe & follow the prompts.
• You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)
• Your desktop may go blank. This is normal. It will return when ComboFix is done. Combofix may need to reboot your computer more than once to do its job this is normal.
• When finished, it shall produce a log for you. Post that log in your next reply
  
  Note:
  Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  
  Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer
  
  ---------------------------------------------------------------------------------------------
• Ensure your AntiVirus and AntiSpyware applications are re-enabled.
  
  Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
  Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.
  ---------------------------------------------------------------------------------------------
• If there are Internet issues after running ComboFix:
  Internet Explorer:
  Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" and check to "Automatically detect settings". Also clear any proxy address and port. ok, apply (only if applicable), ok.
  Firefox:
  Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection. "No Proxy" should be selected, unless you have one set up yourself.
  Chrome:
  Select -> Tools menu -> then "Options", then go to "Change Proxy Settings", then "LAN Settings" , then take out the check mark for "Use a proxy server for your LAN" if set, unless you set this up yourself.
  Safari
  Launch Safari
  Go to general settings menu
  Then in Preferences/ Advanced
  Then on line click Proxies change settings ...
  Click Internet Options, then click the Connections tab, click Network Settings.
  Disable option (uncheck) for the use of proxy server ...
  

 

[Vince]

ComboFix 14-12-14.01 - Vince and Mel 21/12/2014 19:35:57.1.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.16269.12143 [GMT 0:00]
Running from: c:\users\Vince and Mel\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Vince and Mel\AppData\Roaming\inst.exe
c:\users\Vince and Mel\AppData\Roaming\vso_ts_preview.xml
Z:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2014-11-21 to 2014-12-21 )))))))))))))))))))))))))))))))
.
.
2014-12-21 20:02 . 2014-12-21 20:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-12-21 05:53 . 2014-12-21 05:53 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8D2E7239-938B-41D9-A274-565372408774}\offreg.dll
2014-12-20 19:16 . 2014-12-02 10:26 11870360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8D2E7239-938B-41D9-A274-565372408774}\mpengine.dll
2014-12-20 19:06 . 2014-12-20 19:06 -------- d-----w- C:\FRST
2014-12-20 13:16 . 2014-12-20 13:16 -------- d-----w- c:\program files (x86)\ESET
2014-12-18 23:56 . 2014-12-18 23:57 -------- d-----w- c:\windows\system32\catroot2
2014-12-18 23:49 . 2014-12-18 23:49 -------- d-----w- c:\windows\SysWow64\wbem\Performance
2014-12-18 22:52 . 2014-12-18 22:52 -------- d-----w- c:\program files (x86)\Tweaking.com
2014-12-18 18:27 . 2014-12-18 18:27 -------- d-----w- c:\users\Vince and Mel\AppData\Local\pangu
2014-12-17 18:08 . 2014-12-13 05:09 144384 ----a-w- c:\windows\system32\ieUnatt.exe
2014-12-17 18:08 . 2014-12-13 03:33 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2014-12-15 18:16 . 2014-12-15 18:16 -------- dc----w- c:\windows\system32\DRVSTORE
2014-12-15 18:16 . 2012-10-03 16:14 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2014-12-15 18:15 . 2014-12-15 18:15 -------- d-----w- c:\program files\iPod
2014-12-15 18:15 . 2014-12-15 18:16 -------- d-----w- c:\programdata\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-12-15 18:15 . 2014-12-15 18:16 -------- d-----w- c:\program files\iTunes
2014-12-15 18:15 . 2014-12-15 18:15 -------- d-----w- c:\program files\Common Files\Apple
2014-12-15 18:14 . 2014-12-15 18:14 -------- d-----w- c:\program files\Bonjour
2014-12-15 18:14 . 2014-12-15 18:14 -------- d-----w- c:\program files (x86)\Bonjour
2014-12-15 18:14 . 2014-12-15 18:15 -------- d-----w- c:\program files (x86)\Common Files\Apple
2014-12-14 10:39 . 2014-12-14 10:39 -------- d-----w- c:\program files\Microsoft Silverlight
2014-12-14 10:39 . 2014-12-14 10:39 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2014-12-11 03:01 . 2014-10-18 02:05 4121600 ----a-w- c:\windows\system32\mf.dll
2014-12-11 03:01 . 2014-10-18 01:33 3209728 ----a-w- c:\windows\SysWow64\mf.dll
2014-12-10 07:55 . 2014-11-22 03:13 950784 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2014-12-02 17:15 . 2014-11-12 20:46 615624 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2014-12-02 17:13 . 2014-12-02 17:13 -------- d-----w- C:\NVIDIA
2014-12-02 17:10 . 2014-12-02 17:10 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-12-02 17:09 . 2014-12-02 17:09 111016 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2014-11-30 16:42 . 2014-12-16 16:05 -------- d-----w- c:\windows\ERUNT
2014-11-29 00:37 . 2014-11-29 00:37 -------- d-----w- C:\RegBackup
2014-11-28 21:05 . 2014-12-02 00:01 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-11-27 20:11 . 2014-11-27 20:11 -------- d-----w- c:\windows\SysWow64\vbox
2014-11-27 20:11 . 2014-11-27 20:11 -------- d-----w- c:\windows\system32\vbox
2014-11-27 19:09 . 2014-11-27 19:09 364512 ----a-w- c:\windows\system32\aswBoot.exe
2014-11-27 19:09 . 2014-11-27 19:09 43152 ----a-w- c:\windows\avastSS.scr
2014-11-25 15:21 . 2014-11-25 15:21 3618488 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE15\1033\MSOINTL.DLL
2014-11-25 15:20 . 2014-11-25 15:20 81234104 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE15\MSORES.DLL
2014-11-25 15:20 . 2014-11-25 15:20 550072 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOSQM.EXE
2014-11-25 15:20 . 2014-11-25 15:20 26373816 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE15\MSO.DLL
2014-11-25 13:59 . 2014-11-25 13:59 18638520 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\MSO.DLL
2014-11-24 20:56 . 2014-11-28 22:03 -------- d-----w- c:\users\Vince and Mel\AppData\Roaming\Audacity
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-12-20 19:08 . 2013-11-17 03:55 25640 ----a-w- c:\windows\gdrv.sys
2014-12-18 18:11 . 2014-06-14 01:12 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-12-11 03:02 . 2013-12-17 00:06 112710672 ----a-w- c:\windows\system32\MRT.exe
2014-12-10 12:40 . 2014-03-06 17:48 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-12-10 12:40 . 2014-03-06 17:48 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-11-27 19:09 . 2013-11-17 10:55 1050432 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-11-27 19:09 . 2014-07-09 16:14 116728 ----a-w- c:\windows\system32\drivers\aswStm.sys
2014-11-27 19:09 . 2014-07-09 16:14 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-11-27 19:09 . 2013-11-17 10:55 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-11-27 19:09 . 2013-11-17 10:55 83280 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-11-27 19:09 . 2013-11-17 10:55 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-11-27 19:09 . 2013-11-17 10:55 436624 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-11-27 19:09 . 2013-11-17 10:55 267632 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-11-24 14:04 . 2010-11-21 03:27 275080 ------w- c:\windows\system32\MpSigStub.exe
2014-11-21 06:14 . 2014-06-14 01:11 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-11-21 06:14 . 2014-06-14 01:11 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-11-21 06:14 . 2013-11-25 10:39 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-11-18 20:47 . 2014-11-18 20:47 1247904 ----a-w- c:\windows\SysWow64\FM20.DLL
2014-11-17 20:02 . 2014-09-19 11:19 1291280 ----a-w- c:\windows\SysWow64\nvspbridge.dll
2014-11-17 20:02 . 2014-04-21 15:58 2197680 ----a-w- c:\windows\SysWow64\nvspcap.dll
2014-11-17 20:02 . 2014-09-19 11:19 1715224 ----a-w- c:\windows\system32\nvspbridge64.dll
2014-11-17 20:02 . 2014-04-21 15:58 2800296 ----a-w- c:\windows\system32\nvspcap64.dll
2014-11-13 00:20 . 2014-11-07 16:37 989056 ----a-w- c:\windows\system32\nvumdshimx.dll
2014-11-13 00:20 . 2014-11-07 16:37 3262784 ----a-w- c:\windows\system32\nvapi64.dll
2014-11-13 00:20 . 2014-11-07 16:37 31893136 ----a-w- c:\windows\system32\nvoglv64.dll
2014-11-13 00:20 . 2014-11-07 16:37 2874456 ----a-w- c:\windows\SysWow64\nvapi.dll
2014-11-13 00:20 . 2014-11-07 16:37 20986592 ----a-w- c:\windows\system32\nvwgf2umx.dll
2014-11-13 00:20 . 2014-11-07 16:37 19966344 ----a-w- c:\windows\system32\nvd3dumx.dll
2014-11-13 00:20 . 2014-11-07 16:37 174856 ----a-w- c:\windows\system32\nvinitx.dll
2014-11-13 00:20 . 2014-11-07 16:37 156840 ----a-w- c:\windows\SysWow64\nvinit.dll
2014-11-12 21:56 . 2014-11-07 16:38 6897352 ----a-w- c:\windows\system32\nvcpl.dll
2014-11-12 21:56 . 2014-11-07 16:38 3534152 ----a-w- c:\windows\system32\nvsvc64.dll
2014-11-12 21:56 . 2014-11-07 16:38 934032 ----a-w- c:\windows\system32\nvvsvc.exe
2014-11-12 21:56 . 2014-11-07 16:38 62608 ----a-w- c:\windows\system32\nvshext.dll
2014-11-12 21:56 . 2014-11-07 16:38 386368 ----a-w- c:\windows\system32\nvmctray.dll
2014-11-12 21:56 . 2014-04-02 21:13 2559808 ----a-w- c:\windows\system32\nvsvcr.dll
2014-11-11 10:29 . 2014-11-07 16:38 4100776 ----a-w- c:\windows\system32\nvcoproc.bin
2014-11-11 03:08 . 2014-11-18 18:34 241152 ----a-w- c:\windows\system32\pku2u.dll
2014-11-11 03:08 . 2014-11-18 18:34 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-11-11 02:44 . 2014-11-18 18:34 186880 ----a-w- c:\windows\SysWow64\pku2u.dll
2014-11-11 02:44 . 2014-11-18 18:34 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-11-05 21:54 . 2014-11-05 21:54 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-10-30 08:56 . 2014-11-07 16:37 31520 ----a-w- c:\windows\system32\nvhdap64.dll
2014-10-30 08:56 . 2014-11-07 16:37 197408 ----a-w- c:\windows\system32\drivers\nvhda64v.sys
2014-10-30 08:56 . 2014-11-07 16:37 1538880 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
2014-10-30 04:53 . 2014-11-07 16:37 1876296 ----a-w- c:\windows\system32\nvdispco6434460.dll
2014-10-30 04:53 . 2014-11-07 16:37 1539272 ----a-w- c:\windows\system32\nvdispgenco6434460.dll
2014-10-25 01:57 . 2014-11-12 06:00 77824 ----a-w- c:\windows\system32\packager.dll
2014-10-25 01:32 . 2014-11-12 06:00 67584 ----a-w- c:\windows\SysWow64\packager.dll
2014-10-18 02:05 . 2014-11-12 06:00 861696 ----a-w- c:\windows\system32\oleaut32.dll
2014-10-18 01:33 . 2014-11-12 06:00 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2014-10-14 02:16 . 2014-11-12 06:00 155064 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-10-14 02:13 . 2014-11-12 06:00 683520 ----a-w- c:\windows\system32\termsrv.dll
2014-10-14 02:13 . 2014-11-12 06:00 3241984 ----a-w- c:\windows\system32\msi.dll
2014-10-14 02:12 . 2014-11-12 06:00 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-10-14 02:09 . 2014-11-12 06:00 146432 ----a-w- c:\windows\system32\msaudite.dll
2014-10-14 02:07 . 2014-11-12 06:00 681984 ----a-w- c:\windows\system32\adtschema.dll
2014-10-14 01:50 . 2014-11-12 06:00 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-10-14 01:50 . 2014-11-12 06:00 2363904 ----a-w- c:\windows\SysWow64\msi.dll
2014-10-14 01:49 . 2014-11-12 06:00 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-10-14 01:47 . 2014-11-12 06:00 146432 ----a-w- c:\windows\SysWow64\msaudite.dll
2014-10-14 01:46 . 2014-11-12 06:00 681984 ----a-w- c:\windows\SysWow64\adtschema.dll
2014-10-10 00:57 . 2014-11-12 06:00 3198976 ----a-w- c:\windows\system32\win32k.sys
2014-10-03 19:23 . 2014-04-21 15:58 35144 ----a-w- c:\windows\system32\nvaudcap64v.dll
2014-10-03 02:12 . 2014-11-12 06:00 500224 ----a-w- c:\windows\system32\AUDIOKSE.dll
2014-10-03 02:11 . 2014-11-12 06:00 284672 ----a-w- c:\windows\system32\EncDump.dll
2014-10-03 02:11 . 2014-11-12 06:00 680960 ----a-w- c:\windows\system32\audiosrv.dll
2014-10-03 02:11 . 2014-11-12 06:00 440832 ----a-w- c:\windows\system32\AudioEng.dll
2014-10-03 02:11 . 2014-11-12 06:00 296448 ----a-w- c:\windows\system32\AudioSes.dll
2014-10-03 01:44 . 2014-11-12 06:00 442880 ----a-w- c:\windows\SysWow64\AUDIOKSE.dll
2014-10-03 01:44 . 2014-11-12 06:00 374784 ----a-w- c:\windows\SysWow64\AudioEng.dll
2014-10-03 01:44 . 2014-11-12 06:00 195584 ----a-w- c:\windows\SysWow64\AudioSes.dll
2014-09-25 02:08 . 2014-10-01 00:10 371712 ----a-w- c:\windows\system32\qdvd.dll
2014-09-25 01:40 . 2014-10-01 00:10 519680 ----a-w- c:\windows\SysWow64\qdvd.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Vince and Mel\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Vince and Mel\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Vince and Mel\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-12-12 5227112]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2013-04-26 292848]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-10-07 507776]
"MobileBroadband"="c:\program files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe" [2012-07-31 69632]
"LWS"="z:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2012-09-12 204136]
"iTunesHelper"="z:\program files (x86)\iTunes\iTunesHelper.exe" [2014-10-15 157480]
"Adobe Photo Downloader"="z:\program files (x86)\Adobe\Photoshop Elements 4.0\apdproxy.exe" [2005-09-09 57344]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-11-20 1021128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"PreRun"="c:\program files (x86)\GIGABYTE\AppCenter\PreRun.exe" [2013-04-29 8192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
"EnableSecureUIAPath"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
R1 UsbCharger;UsbCharger;c:\windows\system32\DRIVERS\UsbCharger.sys;c:\windows\SYSNATIVE\DRIVERS\UsbCharger.sys [x]
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 etdrv;etdrv;c:\windows\etdrv.sys;c:\windows\etdrv.sys [x]
R3 etocdrv;etocdrv;c:\windows\etocdrv.sys;c:\windows\etocdrv.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ew_usbenumfilter.sys [x]
R3 GPU-Z;GPU-Z;c:\users\VINCEA~1\AppData\Local\Temp\GPU-Z.sys;c:\users\VINCEA~1\AppData\Local\Temp\GPU-Z.sys [x]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juextctrl.sys [x]
R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juwwanecm.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 ptun0901;TAP Adapter V9 for Private Tunnel;c:\windows\system32\DRIVERS\ptun0901.sys;c:\windows\SYSNATIVE\DRIVERS\ptun0901.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 ssudobex;SAMSUNG Mobile USB OBEX Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudobex.sys;c:\windows\SYSNATIVE\DRIVERS\ssudobex.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 usbrndis6;USB RNDIS6 Adapter;c:\windows\system32\DRIVERS\usb80236.sys;c:\windows\SYSNATIVE\DRIVERS\usb80236.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 AllShare Framework DMS;AllShare Framework DMS;c:\program files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe;c:\program files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 gadjservice;GIGABYTE Adjust;c:\program files (x86)\Gigabyte\AppCenter\AdjustService.exe;c:\program files (x86)\Gigabyte\AppCenter\AdjustService.exe [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Samsung Link Service;Samsung Link Service;z:\program files\samsung\Samsung Link\Samsung Link.exe;z:\program files\samsung\Samsung Link\Samsung Link.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TomTomHOMEService;TomTomHOMEService;z:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe;z:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [x]
S2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [x]
S2 VmbService;Vodafone Mobile Broadband Service;c:\program files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe;c:\program files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [x]
S3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys;c:\windows\SYSNATIVE\DRIVERS\LGSHidFilt.Sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech HD Pro Webcam C920(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys;c:\windows\SYSNATIVE\Drivers\pcouffin.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 VUSB3HUB;VIA USB 3 Root Hub Service;c:\windows\system32\DRIVERS\ViaHub3.sys;c:\windows\SYSNATIVE\DRIVERS\ViaHub3.sys [x]
S3 xhcdrv;VIA USB eXtensible Host Controller Service;c:\windows\system32\DRIVERS\xhcdrv.sys;c:\windows\SYSNATIVE\DRIVERS\xhcdrv.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-12-06 23:18 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-12-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-06 12:40]
.
2014-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-10-06 16:05]
.
2014-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-10-06 16:05]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-11-12 17:19 2334928 ----a-w- c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-11-12 17:19 2334928 ----a-w- c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-11-12 17:19 2334928 ----a-w- c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-11-27 19:09 860984 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Vince and Mel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Vince and Mel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Vince and Mel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Vince and Mel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-10-21 17:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-10-21 17:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-10-21 17:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-10-21 17:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-10-21 17:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VIAxHCUtl"="c:\program files\VIA XHCI UASP Utility\usb3Monitor" [X]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-11-17 2800296]
"Samsung Link"="z:\program files\samsung\Samsung Link\Samsung Link Tray Agent.exe" [2014-12-16 607584]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-02-26 13423688]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-05-24 444400]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-11-17 2465088]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2013-11-14 8292120]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-05-24 165872]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2013-04-30 36352]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-05-24 407536]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.co.uk/
mLocal Page = c:\windows\SYSTEM32\blank.htm
mDefault_Page_URL = hxxp://www.google.com
Trusted Zone: sharepoint.com\studentthanetac
Trusted Zone: sharepoint.com\studentthanetac-my
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{7796727F-F0FD-46AE-8DB4-48D883925147}: NameServer = 10.203.128.1 10.203.128.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Vince and Mel\AppData\Roaming\Mozilla\Firefox\Profiles\6a4e2qpg.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
.
.
.
Completion time: 2014-12-21 20:16:54
ComboFix-quarantined-files.txt 2014-12-21 20:16
.
Pre-Run: 24,900,399,104 bytes free
Post-Run: 24,701,034,496 bytes free
.
- - End Of File - - F1EB9730DEDD1026A9BD89B4C2FD6238
A36C5E4F47E84449FF07ED3517B43A31

 

[Vince]

This one tab is 136,000 after opening a few tabs, and closing them.

Is there anything left to throw at my pc?

 

[Juliet]

Is there anything left to throw at my pc?

Not really.

Theres really no malware showing now and hasn't for a while.

The only thing I can think of at this point is to do a system restore back before this started happening.

We've been working on this for a week, you stated it had been going on for 2 weeks, we're looking at, at least a month ago.

 

[Vince]

I think my restore points were purged

 

[Juliet]

yikes!

Let's try a clean boot.

Clean Boot

• Press the Windows Key
  
  + r on your keyboard at the same time. Type msconfig and click OK.
• If prompted for an administrator password or for confirmation, type the password, or provide confirmation.
• In the General tab, click Selective Startup.
• Remove the checkmark next to Load startup items.
• Click the Services tab.
• Place a checkmark next to Hide all Microsoft services.
• Click Disable all, followed by OK.
• When prompted, click Restart and boot normally into Windows.
• Check your computer startup performance.

~~~~~~~~~~~~~~~~
Test the machine for a bit then try the next

Troubleshooting in Clean Boot Environment

• Press the Windows Key
  
  + r on your keyboard at the same time. Type msconfig and click OK.
• Click the Services tab.
• Ensure there is a checkmark next to Hide all Microsoft services.
• Place a checkmark in half of the unchecked items and reboot your computer.
• If your symptoms reappear, uncheck an item, reboot your computer and see if your symptoms disappear. Repeat the process as necessary.
• If your symptoms do not reappear, check an additional item, reboot your computer and see if your symptoms reappear. Repeat the process as necessary.
• List the programm(es) causing issues in your next reply.
  

~~~~~~~~~~~~~

The above may or may not have any effect, we can also try Creating New User Profile to see if the issues are still there.

How to create a new user account in Windows 7

Testing New User Profile

• Press the Windows Key
  
  + r on your keyboard at the same time. Type cmd and click OK.
• Type the following at the command prompt, pressing the Enter key after each line.
  
  net user temp /add
  
  net localgroup administrators temp /add
  
  
• ~~~~Reboot~~~~ your computer, and log into the temp user account.
  

 

[Vince]

Thanks again for your patience, tolerance and for giving me a logical approach

Maybe my PC just needed restarting again? I went through the process of selecting services to start on boot, and was surprised when I had all the services selected and a reasonable iexplorer.exe *32 size.

I can open 5 tabs at different locations and then reduce back to this one and the size is 70,000k - 85,000k (higher for this reply page).



Is that a normal size?

 

[Vince]

NB with no services at all (other than MS ones) the same test was giving me a size of 60,000k - 61,000k

 

[Juliet]

Myself, I don't use IE so I can't tell or say what is and what isn't but, what I did see on the image was
100 processes and CPU was at 3%

One thing to note was seeing items loaded that are not needed. I am curious tho, seeing some that might could pull on IE if needed?

If you don't know some programs listed there or unsure if they are needed or not, leave them enabled, or use RubberDucky's StartUpLite

This will display all unnecessary startup entries - so actually, everything it displays there is not necessary to start up with Windows.
The choice is up to you whether you need some to start up with Windows (in that case, select "No action" for them) - but you can always start them manually via start > all programs.
(Do not choose the "Remove" checkboxes, because this will delete it from the Registry - only select the "Remove" checkboxes if you are sure you don't want to enable them again in the future)

Or we can run HJT

Download HijackThis .

• Save HijackThis.exe to your desktop.
• Doubleclick on the HijackThis.exe icon on your desktop.
• By default it will install to C:\Program Files\Trend Micro\HijackThis .
• Click on Install.
• It will create a HijackThis icon on the desktop.
• Once installed, it will launch Hijackthis.
• Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
• Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
• DO NOT use the AnalyseThis button, its findings are dangerous if misinterpreted.
• DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

 

[Vince]

Thanks

I ran RubberDucky's start up lite. It only identified the java updater. I have disabled that.

My HJT

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 09:44:11, on 23/12/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17496)

FIREFOX: 29.0.1 (en-GB)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\VIA XHCI UASP Utility\usb3Monitor.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
Z:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
Z:\Program Files (x86)\iTunes\iTunesHelper.exe
Z:\Program Files (x86)\Adobe\Photoshop Elements 4.0\apdproxy.exe
Z:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Xfire\Xfire.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~2\Brother\Ptedit51\Ptedit51.exe
C:\Users\Vince and Mel\Desktop\internet protection\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [MobileBroadband] C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe /silent
O4 - HKLM\..\Run: [LWS] Z:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
O4 - HKLM\..\Run: [iTunesHelper] "Z:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "Z:\Program Files (x86)\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\RunOnce: [PreRun] C:\Program Files (x86)\GIGABYTE\AppCenter\PreRun.exe
O4 - HKCU\..\RunOnce: [Adobe Speed Launcher] 1419286514
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7796727F-F0FD-46AE-8DB4-48D883925147}: NameServer = 10.203.128.1 10.203.128.1
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - Z:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - Z:\Program Files (x86)\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AllShare Framework DMS - Samsung - C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AppleChargerSrv - Unknown owner - C:\Windows\system32\AppleChargerSrv.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: AvastVBox COM Service (AvastVBoxSvc) - Avast Software - C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GIGABYTE Adjust (gadjservice) - Unknown owner - C:\Program Files (x86)\Gigabyte\AppCenter\AdjustService.exe
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Samsung Link Service - Copyright 2013 SAMSUNG - Z:\Program Files\samsung\Samsung Link\Samsung Link.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TomTomHOMEService - TomTom - Z:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Vodafone Mobile Broadband Service (VmbService) - Vodafone - C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10810 bytes

 

[Juliet]

These are valid programs but are not required to run on startup.

Open HijackThis, Click Do a system scan only, checkmark these. Then close all other windows and browsers except HijackThis and press fix checked.

O4 - HKLM\..\Run: [LWS] Z:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
O4 - HKLM\..\Run: [iTunesHelper] "Z:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "Z:\Program Files (x86)\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\RunOnce: [Adobe Speed Launcher] 1419286514

Now reboot the computer to set the registry.

If needed later every entry can be reset by using MSCONFIG and placing a check by the service,

 

[Vince]

Thanks again for the support... I will do this as soon as I return from the festivities in a few days.

I hope you all have a great Christmas.

Vince

 

[Juliet]

ahh Vince thank you.

Happy Holidays to you too!

 

[Juliet]

still need help?