Jump to content

Computer issues. Sometimes my computer seems almost crippled


gaboyde88
 Share

Recommended Posts

I also want to say that it seems like something might be wrong with the hard drive. It seems like my drive keeps running low on disk space, but no matter how much stuff I take off my computer the hard drive space keeps draining. I took over 100 gigs worth pictures off about two weeks ago and now my hard drive space is back down to 39 gigs. Do you suppose a virus could be doing that?

Of course could be or it's a drive starting to fail.

 

Let me talk about what was found in the online scan.

Items that were downloaded were probably legit tools but, from the web sites it was downloaded and by not doing a custom install, adware/spyware was installed with it.

 

We need to remove those.

 

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.

Paste this into the open notepad. save it to the Desktop as fixlist.txt

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

 

start

C:\ProgramData\IObit\ASCDownloader\Advanced SystemCare.exe

C:\Users\All Users\IObit\ASCDownloader\Advanced SystemCare.exe

C:\Users\rhonda\Documents\ArcadeFrontierGames (1).exe

C:\Users\rhonda\Documents\ArcadeFrontierGames.exe

C:\Users\rhonda\Documents\rcpsetup5_dcomnew_util_300_dcomnew_util_300.exe

C:\Users\rhonda\Documents\rcpsetup9_dcomnew_util_300_dcomnew_util_300 (1).exe

C:\Users\rhonda\Documents\rcpsetup9_dcomnew_util_300_dcomnew_util_300.exe

C:\Users\rhonda\Documents\rcpsetup_dcnew_300_new (1).exe

C:\Users\rhonda\Documents\rcpsetup_dcnew_300_new.exe

C:\Users\rhonda\Downloads\advanced-systemcare-setup.exe

C:\Users\rhonda\Downloads\asc-setup.exe

C:\Users\rhonda\Downloads\chromeinstall-6u31.exe

C:\Users\rhonda\Downloads\CNET_TechTracker_2_0_4_Setup.exe

C:\Users\rhonda\Downloads\gtk2144-setup (1).exe

C:\Users\rhonda\Downloads\gtk2144-setup.exe

C:\Users\rhonda\Downloads\PhotoScape_V3.6.5.exe

C:\Users\rhonda\Downloads\rcpsetup2_dcomnew_sec_300_dcomnew_sec_300 (1).exe

C:\Users\rhonda\Downloads\rcpsetup2_dcomnew_sec_300_dcomnew_sec_300 (2).exe

C:\Users\rhonda\Downloads\rcpsetup2_dcomnew_sec_300_dcomnew_sec_300.exe

C:\Users\rhonda\Downloads\rcpsetup_dcomnew_sec_300_pd_dcomnew_sec_300_pd.exe

C:\Users\rhonda\Downloads\speedupmypc(1).exe

C:\Users\rhonda\Downloads\speedupmypc.exe

C:\Users\rhonda\Downloads\speedupmypc_lax1CKS06Zvtu4e3EBACGMTb06OsqcnTQyINNTAuMTUwLjM5LjIxMigB_ (1).exe

C:\Users\rhonda\Downloads\speedupmypc_lax1CKS06Zvtu4e3EBACGMTb06OsqcnTQyINNTAuMTUwLjM5LjIxMigB_.exe

C:\Users\rhonda\Downloads\trojen killer.exe

C:\Users\rhonda\Downloads\winzip155.exe

C:\Users\rhonda\Downloads\WinZip175.exe

C:\Users\rhonda\Downloads\WinZipSystemUtilitiesSuite (1).exe

C:\Users\rhonda\Downloads\WinZipSystemUtilitiesSuite.exe

C:\Users\rhonda\Pictures\2013-11-10\asc-setup.exe

C:\Users\rhonda\Pictures\2013-11-10\avg_avct_stb_all_2014_4116_cm10.exe

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[1].7z

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[2].7z

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[3].7z

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[1].7z

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[2].7z

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[3].7z

CMD: ipconfig /flushdns

Reboot:

end

Run FRST/FRST64 and press the Fix button just once and wait.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

~~~~~~~~~~~~~~~~~~~~~

 

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

 

How to use ComboFix

 

Download ComboFix from here:

Link 1

Link 2

Link 3

 

Place ComboFix.exe on your Desktop <--Important

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.

    You can get help on disabling your protection programs here

  • Double click on ComboFix.exe & follow the prompts.
  • You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. Combofix may need to reboot your computer more than once to do its job this is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

     

    Note:

    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

     

    Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

     

    ---------------------------------------------------------------------------------------------

  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

     

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.

    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

    ---------------------------------------------------------------------------------------------

  • If there are Internet issues after running ComboFix:

    Internet Explorer:

    Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" and check to "Automatically detect settings". Also clear any proxy address and port. ok, apply (only if applicable), ok.

    Firefox:

    Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection. "No Proxy" should be selected, unless you have one set up yourself.

    Chrome:

    Select -> Tools menu -> then "Options", then go to "Change Proxy Settings", then "LAN Settings" , then take out the check mark for "Use a proxy server for your LAN" if set, unless you set this up yourself.

    Safari

    Launch Safari

    Go to general settings menu

    Then in Preferences/ Advanced

    Then on line click Proxies change settings ...

    Click Internet Options, then click the Connections tab, click Network Settings.

    Disable option (uncheck) for the use of proxy server ...

     

Please post:

Fixlog.txt

ComboFix.txt

Link to comment
Share on other sites

fixlog:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-03-2014
Ran by rhonda at 2014-03-17 19:55:22 Run:2
Running from C:\Users\rhonda\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
C:\ProgramData\IObit\ASCDownloader\Advanced SystemCare.exe
C:\Users\All Users\IObit\ASCDownloader\Advanced SystemCare.exe
C:\Users\rhonda\Documents\ArcadeFrontierGames (1).exe
C:\Users\rhonda\Documents\ArcadeFrontierGames.exe
C:\Users\rhonda\Documents\rcpsetup5_dcomnew_util_300_dcomnew_util_300.exe
C:\Users\rhonda\Documents\rcpsetup9_dcomnew_util_300_dcomnew_util_300 (1).exe
C:\Users\rhonda\Documents\rcpsetup9_dcomnew_util_300_dcomnew_util_300.exe
C:\Users\rhonda\Documents\rcpsetup_dcnew_300_new (1).exe
C:\Users\rhonda\Documents\rcpsetup_dcnew_300_new.exe
C:\Users\rhonda\Downloads\advanced-systemcare-setup.exe
C:\Users\rhonda\Downloads\asc-setup.exe
C:\Users\rhonda\Downloads\chromeinstall-6u31.exe
C:\Users\rhonda\Downloads\CNET_TechTracker_2_0_4_Setup.exe
C:\Users\rhonda\Downloads\gtk2144-setup (1).exe
C:\Users\rhonda\Downloads\gtk2144-setup.exe
C:\Users\rhonda\Downloads\PhotoScape_V3.6.5.exe
C:\Users\rhonda\Downloads\rcpsetup2_dcomnew_sec_300_dcomnew_sec_300 (1).exe
C:\Users\rhonda\Downloads\rcpsetup2_dcomnew_sec_300_dcomnew_sec_300 (2).exe
C:\Users\rhonda\Downloads\rcpsetup2_dcomnew_sec_300_dcomnew_sec_300.exe
C:\Users\rhonda\Downloads\rcpsetup_dcomnew_sec_300_pd_dcomnew_sec_300_pd.exe
C:\Users\rhonda\Downloads\speedupmypc(1).exe
C:\Users\rhonda\Downloads\speedupmypc.exe
C:\Users\rhonda\Downloads\speedupmypc_lax1CKS06Zvtu4e3EBACGMTb06OsqcnTQyINNTAuMTUwLjM5LjIxMigB_ (1).exe
C:\Users\rhonda\Downloads\speedupmypc_lax1CKS06Zvtu4e3EBACGMTb06OsqcnTQyINNTAuMTUwLjM5LjIxMigB_.exe
C:\Users\rhonda\Downloads\trojen killer.exe
C:\Users\rhonda\Downloads\winzip155.exe
C:\Users\rhonda\Downloads\WinZip175.exe
C:\Users\rhonda\Downloads\WinZipSystemUtilitiesSuite (1).exe
C:\Users\rhonda\Downloads\WinZipSystemUtilitiesSuite.exe
C:\Users\rhonda\Pictures\2013-11-10\asc-setup.exe
C:\Users\rhonda\Pictures\2013-11-10\avg_avct_stb_all_2014_4116_cm10.exe
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[1].7z
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[2].7z
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[3].7z
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[1].7z
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[2].7z
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[3].7z
CMD: ipconfig /flushdns
Reboot:
end
*****************

C:\ProgramData\IObit\ASCDownloader\Advanced SystemCare.exe => Moved successfully.
"C:\Users\All Users\IObit\ASCDownloader\Advanced SystemCare.exe" => File/Directory not found.
C:\Users\rhonda\Documents\ArcadeFrontierGames (1).exe => Moved successfully.
C:\Users\rhonda\Documents\ArcadeFrontierGames.exe => Moved successfully.
C:\Users\rhonda\Documents\rcpsetup5_dcomnew_util_300_dcomnew_util_300.exe => Moved successfully.
C:\Users\rhonda\Documents\rcpsetup9_dcomnew_util_300_dcomnew_util_300 (1).exe => Moved successfully.
C:\Users\rhonda\Documents\rcpsetup9_dcomnew_util_300_dcomnew_util_300.exe => Moved successfully.
C:\Users\rhonda\Documents\rcpsetup_dcnew_300_new (1).exe => Moved successfully.
C:\Users\rhonda\Documents\rcpsetup_dcnew_300_new.exe => Moved successfully.
C:\Users\rhonda\Downloads\advanced-systemcare-setup.exe => Moved successfully.
C:\Users\rhonda\Downloads\asc-setup.exe => Moved successfully.
C:\Users\rhonda\Downloads\chromeinstall-6u31.exe => Moved successfully.
C:\Users\rhonda\Downloads\CNET_TechTracker_2_0_4_Setup.exe => Moved successfully.
C:\Users\rhonda\Downloads\gtk2144-setup (1).exe => Moved successfully.
C:\Users\rhonda\Downloads\gtk2144-setup.exe => Moved successfully.
C:\Users\rhonda\Downloads\PhotoScape_V3.6.5.exe => Moved successfully.
C:\Users\rhonda\Downloads\rcpsetup2_dcomnew_sec_300_dcomnew_sec_300 (1).exe => Moved successfully.
C:\Users\rhonda\Downloads\rcpsetup2_dcomnew_sec_300_dcomnew_sec_300 (2).exe => Moved successfully.
C:\Users\rhonda\Downloads\rcpsetup2_dcomnew_sec_300_dcomnew_sec_300.exe => Moved successfully.
C:\Users\rhonda\Downloads\rcpsetup_dcomnew_sec_300_pd_dcomnew_sec_300_pd.exe => Moved successfully.
C:\Users\rhonda\Downloads\speedupmypc(1).exe => Moved successfully.
C:\Users\rhonda\Downloads\speedupmypc.exe => Moved successfully.
C:\Users\rhonda\Downloads\speedupmypc_lax1CKS06Zvtu4e3EBACGMTb06OsqcnTQyINNTAuMTUwLjM5LjIxMigB_ (1).exe => Moved successfully.
C:\Users\rhonda\Downloads\speedupmypc_lax1CKS06Zvtu4e3EBACGMTb06OsqcnTQyINNTAuMTUwLjM5LjIxMigB_.exe => Moved successfully.
C:\Users\rhonda\Downloads\trojen killer.exe => Moved successfully.
C:\Users\rhonda\Downloads\winzip155.exe => Moved successfully.
C:\Users\rhonda\Downloads\WinZip175.exe => Moved successfully.
C:\Users\rhonda\Downloads\WinZipSystemUtilitiesSuite (1).exe => Moved successfully.
C:\Users\rhonda\Downloads\WinZipSystemUtilitiesSuite.exe => Moved successfully.
C:\Users\rhonda\Pictures\2013-11-10\asc-setup.exe => Moved successfully.
C:\Users\rhonda\Pictures\2013-11-10\avg_avct_stb_all_2014_4116_cm10.exe => Moved successfully.
"C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[1].7z" => File/Directory not found.
"C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[2].7z" => File/Directory not found.
"C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[3].7z" => File/Directory not found.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[1].7z => Moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[2].7z => Moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[3].7z => Moved successfully.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========



The system needed a reboot.

==== End of Fixlog ====

 

 

combofix log:

 

ComboFix 14-03-16.01 - rhonda 03/17/2014 20:12:44.4.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5943.4128 [GMT -4:00]
Running from: c:\users\rhonda\Desktop\ComboFix.exe
AV: ThreatTrack Security VIPRE *Disabled/Updated* {FFE93D16-FD09-0282-C7D3-8B1731B6A051}
FW: ThreatTrack Security VIPRE *Disabled* {C7D2BC33-B766-03DA-EC8C-2222CF65E72A}
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: ThreatTrack Security VIPRE *Disabled/Updated* {4488DCF2-DB33-0D0C-FD63-B0654A31EAEC}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\6426\AddOnDownloaded\51fdf16e-ecb9-4fa4-8469-76fc9a22293b.dll
c:\programdata\PCDr\6426\AddOnDownloaded\57d7325c-8462-4866-a9ca-3f9228775fed.dll
c:\programdata\PCDr\6426\AddOnDownloaded\9a23b885-84bf-4844-bc8c-e1f4c568d95a.dll
c:\programdata\PCDr\6426\AddOnDownloaded\b7527ad4-1a04-4fbc-82f1-59c1cfcafceb.dll
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Files Created from 2014-02-18 to 2014-03-18 )))))))))))))))))))))))))))))))
.
.
2014-03-18 00:18 . 2014-03-18 00:18 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-03-18 00:18 . 2014-03-18 00:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-03-15 05:51 . 2014-03-15 05:52 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2014-03-15 05:51 . 2013-04-04 18:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-03-12 14:47 . 2014-02-04 02:32 624128 ----a-w- c:\windows\system32\qedit.dll
2014-03-12 14:47 . 2014-02-04 02:04 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2014-03-12 14:47 . 2014-02-04 02:32 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-03-12 14:47 . 2014-02-04 02:04 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-03-12 01:14 . 2014-03-12 01:14 -------- d-----w- c:\windows\ERUNT
2014-03-12 00:44 . 2014-03-12 00:50 -------- d-----w- C:\AdwCleaner
2014-03-08 04:10 . 2014-03-17 23:55 -------- d-----w- C:\FRST
2014-03-05 22:14 . 2014-03-05 22:14 388096 ----a-r- c:\users\rhonda\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2014-02-17 15:40 . 2014-02-17 15:40 -------- d-----w- c:\users\Default\AppData\Local\WinZip
2014-02-17 15:40 . 2014-02-17 15:40 -------- d-----w- c:\programdata\WinZip
2014-02-17 15:40 . 2014-02-17 15:40 -------- d-----w- c:\program files\WinZip
2014-02-17 15:07 . 2014-02-17 15:14 -------- d-----w- C:\9481374f8c049f51497b20cbb3
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-12 11:59 . 2012-04-19 21:24 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-12 11:59 . 2011-09-21 00:08 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-17 15:07 . 2011-09-20 05:02 88567024 ----a-w- c:\windows\system32\MRT.exe
2014-01-23 22:40 . 2013-08-27 00:17 268968 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-01-18 05:47 . 2014-01-18 05:47 90112 ----a-w- c:\windows\system32\igfxCoIn_v2993.dll
2014-01-18 05:47 . 2014-01-18 05:47 378368 ----a-w- c:\windows\system32\igfxTMM.dll
2014-01-18 05:47 . 2014-01-18 05:47 168944 ----a-w- c:\windows\system32\igfxtray.exe
2014-01-18 05:47 . 2014-01-18 05:47 510960 ----a-w- c:\windows\system32\igfxsrvc.exe
2014-01-18 05:47 . 2014-01-18 05:47 286720 ----a-w- c:\windows\system32\igfxrsky.lrc
2014-01-18 05:47 . 2014-01-18 05:47 286720 ----a-w- c:\windows\system32\igfxrrus.lrc
2014-01-18 05:47 . 2014-01-18 05:47 286720 ----a-w- c:\windows\system32\igfxrrom.lrc
2014-01-18 05:47 . 2014-01-18 05:47 286208 ----a-w- c:\windows\system32\igfxrtrk.lrc
2014-01-18 05:47 . 2014-01-18 05:47 286208 ----a-w- c:\windows\system32\igfxrsve.lrc
2014-01-18 05:47 . 2014-01-18 05:47 286208 ----a-w- c:\windows\system32\igfxrslv.lrc
2014-01-18 05:47 . 2014-01-18 05:47 285696 ----a-w- c:\windows\system32\igfxrtha.lrc
2014-01-18 05:47 . 2014-01-18 05:47 286720 ----a-w- c:\windows\system32\igfxrptg.lrc
2014-01-18 05:47 . 2011-02-12 01:46 62464 ----a-w- c:\windows\system32\igfxsrvc.dll
2014-01-18 05:47 . 2014-01-18 05:47 286720 ----a-w- c:\windows\system32\igfxrplk.lrc
2014-01-18 05:47 . 2014-01-18 05:47 286720 ----a-w- c:\windows\system32\igfxrnld.lrc
2014-01-18 05:47 . 2014-01-18 05:47 286720 ----a-w- c:\windows\system32\igfxrita.lrc
2014-01-18 05:47 . 2014-01-18 05:47 286208 ----a-w- c:\windows\system32\igfxrptb.lrc
2014-01-18 05:47 . 2014-01-18 05:47 286208 ----a-w- c:\windows\system32\igfxrnor.lrc
2014-01-18 05:47 . 2014-01-18 05:47 283648 ----a-w- c:\windows\system32\igfxrjpn.lrc
2014-01-18 05:47 . 2014-01-18 05:47 283136 ----a-w- c:\windows\system32\igfxrkor.lrc
2014-01-18 05:47 . 2014-01-18 05:47 286208 ----a-w- c:\windows\system32\igfxrhun.lrc
2014-01-18 05:47 . 2014-01-18 05:47 287232 ----a-w- c:\windows\system32\igfxrfra.lrc
2014-01-18 05:47 . 2014-01-18 05:47 286720 ----a-w- c:\windows\system32\igfxrhrv.lrc
2014-01-18 05:47 . 2014-01-18 05:47 286208 ----a-w- c:\windows\system32\igfxrfin.lrc
2014-01-18 05:47 . 2014-01-18 05:47 285184 ----a-w- c:\windows\system32\igfxrheb.lrc
2014-01-18 05:47 . 2014-01-18 05:47 9014784 ----a-w- c:\windows\system32\igfxress.dll
2014-01-18 05:47 . 2014-01-18 05:47 287232 ----a-w- c:\windows\system32\igfxresn.lrc
2014-01-18 05:47 . 2014-01-18 05:47 287232 ----a-w- c:\windows\system32\igfxrell.lrc
2014-01-18 05:47 . 2014-01-18 05:47 286720 ----a-w- c:\windows\system32\igfxrdeu.lrc
2014-01-18 05:47 . 2014-01-18 05:47 285696 ----a-w- c:\windows\system32\igfxrenu.lrc
2014-01-18 05:47 . 2014-01-18 05:47 285696 ----a-w- c:\windows\system32\igfxrdan.lrc
2014-01-18 05:47 . 2014-01-18 05:47 286720 ----a-w- c:\windows\system32\igfxrcsy.lrc
2014-01-18 05:47 . 2014-01-18 05:47 285184 ----a-w- c:\windows\system32\igfxrara.lrc
2014-01-18 05:47 . 2014-01-18 05:47 282624 ----a-w- c:\windows\system32\igfxrcht.lrc
2014-01-18 05:47 . 2014-01-18 05:47 282624 ----a-w- c:\windows\system32\igfxrchs.lrc
2014-01-18 05:47 . 2014-01-18 05:47 376320 ----a-w- c:\windows\system32\igfxpph.dll
2014-01-18 05:47 . 2014-01-18 05:47 418800 ----a-w- c:\windows\system32\igfxpers.exe
2014-01-18 05:47 . 2014-01-18 05:47 28672 ----a-w- c:\windows\system32\igfxexps.dll
2014-01-18 05:47 . 2014-01-18 05:47 24576 ----a-w- c:\windows\SysWow64\igfxexps32.dll
2014-01-18 05:47 . 2014-01-18 05:47 241136 ----a-w- c:\windows\system32\igfxext.exe
2014-01-18 05:47 . 2014-01-18 05:47 293888 ----a-w- c:\windows\SysWow64\igfxdv32.dll
2014-01-18 05:47 . 2014-01-18 05:47 4096 ----a-w- c:\windows\system32\IGFXDEVLib.dll
2014-01-18 05:47 . 2014-01-18 05:47 390144 ----a-w- c:\windows\system32\igfxdev.dll
2014-01-18 05:47 . 2014-01-18 05:47 142336 ----a-w- c:\windows\system32\igfxdo.dll
2014-01-18 05:47 . 2014-01-18 05:47 126976 ----a-w- c:\windows\system32\igfxcpl.cpl
2014-01-18 05:47 . 2014-01-18 05:47 246784 ----a-w- c:\windows\SysWow64\igfxcmrt32.dll
2014-01-18 05:47 . 2014-01-18 05:47 219136 ----a-w- c:\windows\system32\igfxcmrt64.dll
2014-01-18 05:47 . 2014-01-18 05:47 2780160 ----a-w- c:\windows\system32\igfxcmjit64.dll
2014-01-18 05:47 . 2014-01-18 05:47 2191872 ----a-w- c:\windows\SysWow64\igfxcmjit32.dll
2014-01-18 05:47 . 2014-01-18 05:47 8314368 ----a-w- c:\windows\system32\igdumd64.dll
2014-01-18 05:47 . 2011-02-12 02:09 581120 ----a-w- c:\windows\SysWow64\igdumdx32.dll
2014-01-18 05:47 . 2011-02-12 02:12 6324224 ----a-w- c:\windows\SysWow64\igdumd32.dll
2014-01-18 05:47 . 2014-01-18 05:46 12312928 ----a-w- c:\windows\system32\drivers\igdkmd64.sys
2014-01-18 05:46 . 2011-02-12 02:07 9528832 ----a-w- c:\windows\system32\igd10umd64.dll
2014-01-18 05:46 . 2012-01-11 02:55 7988224 ----a-w- c:\windows\SysWow64\igd10umd32.dll
2014-01-18 05:46 . 2014-01-18 05:46 18664960 ----a-w- c:\windows\system32\ig4icd64.dll
2014-01-18 05:46 . 2014-01-18 05:46 13913600 ----a-w- c:\windows\SysWow64\ig4icd32.dll
2014-01-18 05:46 . 2014-01-18 05:46 394224 ----a-w- c:\windows\system32\hkcmd.exe
2014-01-18 05:46 . 2014-01-18 05:46 4380144 ----a-w- c:\windows\system32\GfxUI.exe
2014-01-18 05:46 . 2011-02-12 01:45 110080 ----a-w- c:\windows\system32\hccutils.dll
2014-01-18 05:46 . 2014-01-18 05:46 146432 ----a-w- c:\windows\system32\gfxSrvc.dll
2014-01-18 05:46 . 2014-01-18 05:46 185840 ----a-w- c:\windows\system32\difx64.exe
2014-01-18 05:42 . 2014-01-18 05:42 2103040 ----a-w- c:\windows\system32\WavesGUILib64.dll
2014-01-18 05:42 . 2014-01-18 05:42 155888 ----a-w- c:\windows\system32\SRSWOW64.dll
2014-01-18 05:42 . 2014-01-18 05:42 518896 ----a-w- c:\windows\system32\SRSTSX64.dll
2014-01-18 05:42 . 2014-01-18 05:42 211184 ----a-w- c:\windows\system32\SRSTSH64.dll
2014-01-18 05:42 . 2014-01-18 05:42 198896 ----a-w- c:\windows\system32\SRSHP64.dll
2014-01-18 05:41 . 2014-01-18 05:41 1662024 ----a-w- c:\windows\system32\RTSnMg64.cpl
2014-01-18 05:41 . 2014-01-18 05:41 2810072 ----a-w- c:\windows\system32\RtPgEx64.dll
2014-01-18 05:41 . 2014-01-18 05:41 331880 ----a-w- c:\windows\system32\RtlCPAPI64.dll
2014-01-18 05:41 . 2014-01-18 05:41 3760344 ----a-w- c:\windows\system32\drivers\RTKVHD64.sys
2014-01-18 05:41 . 2014-01-18 05:41 14952 ----a-w- c:\windows\system32\RtkCoLDR64.dll
2014-01-18 05:41 . 2014-01-18 05:41 149608 ----a-w- c:\windows\system32\RtkCfg64.dll
2014-01-18 05:41 . 2014-01-18 05:41 2588888 ----a-w- c:\windows\system32\RtkAPO64.dll
2014-01-18 05:41 . 2014-01-18 05:41 1021656 ----a-w- c:\windows\system32\RtkApi64.dll
2014-01-18 05:41 . 2014-01-18 05:41 78680 ----a-w- c:\windows\system32\RTEEG64A.dll
2014-01-18 05:41 . 2014-01-18 05:41 618200 ----a-w- c:\windows\system32\RtDataProc64.dll
2014-01-18 05:41 . 2014-01-18 05:41 375128 ----a-w- c:\windows\system32\RTEEP64A.dll
2014-01-18 05:41 . 2014-01-18 05:41 204120 ----a-w- c:\windows\system32\RTEED64A.dll
2014-01-18 05:41 . 2014-01-18 05:41 101208 ----a-w- c:\windows\system32\RTEEL64A.dll
2014-01-18 05:41 . 2014-01-18 05:41 1286872 ----a-w- c:\windows\system32\RTCOM64.dll
2014-01-18 05:41 . 2014-01-18 05:41 310104 ----a-w- c:\windows\system32\RP3DHT64.dll
2014-01-18 05:41 . 2014-01-18 05:41 310104 ----a-w- c:\windows\system32\RP3DAA64.dll
2014-01-18 05:41 . 2014-01-18 05:41 154840 ----a-w- c:\windows\system32\RCoInstII64.dll
2014-01-18 05:40 . 2014-01-18 05:40 397080 ----a-w- c:\windows\system32\MBWrp64.dll
2014-01-18 05:40 . 2014-01-18 05:40 628504 ----a-w- c:\windows\system32\MBTHX64.dll
2014-01-18 05:40 . 2014-01-18 05:40 563992 ----a-w- c:\windows\SysWow64\MBTHX32.dll
2014-01-18 05:40 . 2014-01-18 05:40 897152 ----a-w- c:\windows\system32\MBAPO64.dll
2014-01-18 05:40 . 2014-01-18 05:40 753280 ----a-w- c:\windows\SysWow64\MBAPO32.dll
2014-01-18 05:40 . 2014-01-18 05:40 1998104 ----a-w- c:\windows\system32\MBAPO264.dll
2014-01-18 05:40 . 2014-01-18 05:40 1727256 ----a-w- c:\windows\SysWow64\MBAPO232.dll
2014-01-18 05:39 . 2014-01-18 05:39 2036992 ----a-w- c:\windows\system32\MaxxAudioEQ64.dll
2014-01-18 05:39 . 2014-01-18 05:39 1013504 ----a-w- c:\windows\system32\MaxxAudioAPOShell64.dll
2014-01-18 05:39 . 2014-01-18 05:39 318808 ----a-w- c:\windows\system32\MaxxAudioAPO20.dll
2014-01-18 05:38 . 2014-01-18 05:38 2743328 ----a-w- c:\windows\system32\FMAPO64.dll
2014-01-18 05:38 . 2014-01-18 05:38 113576 ----a-w- c:\windows\system32\CONEQMSAPOGUILibrary.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F}]
2014-02-25 15:32 464720 ----a-w- c:\program files (x86)\IObit\IObit Malware Fighter\adsremoval\IE\Adblock.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1AMPCBOK]
@="{04cd1f3e-81d5-4904-a3ab-e0f99a7d769d}"
[HKEY_CLASSES_ROOT\CLSID\{04cd1f3e-81d5-4904-a3ab-e0f99a7d769d}]
2010-11-05 01:58 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2014-01-16 6563608]
"ClickfreeMonitor"="c:\programdata\Clickfree\cfagent.exe" [2013-11-29 354632]
"Kooboodle"="c:\programdata\Clickfree\kooboodle\Kooboodle.exe" [2013-07-19 1030472]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IMSS"="c:\program files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2009-10-01 111640]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-12-21 959904]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2012-01-26 1058400]
"FUFAXRCV"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe" [2012-02-29 502912]
"FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2012-02-29 863360]
"SBAMTray"="c:\program files (x86)\VIPRE\SBAMTray.exe" [2013-08-30 3216272]
"CanonQuickMenu"="c:\program files (x86)\Canon\Quick Menu\CNQMMAIN.EXE" [2013-05-03 1282120]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc]
@="Service"
.
R1 AntiLog32;AntiLog32;c:\windows\system32\drivers\AntiLog64.sys;c:\windows\SYSNATIVE\drivers\AntiLog64.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc64.exe;c:\windows\SYSNATIVE\EscSvc64.exe [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]
R2 SecureUpdateSvc;SecureUpdate;c:\program files (x86)\Secure Speed Dial\IE\SecureUpdate.exe;c:\program files (x86)\Secure Speed Dial\IE\SecureUpdate.exe [x]
R3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys;c:\windows\SYSNATIVE\drivers\gfiark.sys [x]
R3 gfiutil;gfiutil;c:\windows\system32\drivers\gfiutil.sys;c:\windows\SYSNATIVE\drivers\gfiutil.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 massfilter_hs;HS HandSet Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys;c:\windows\SYSNATIVE\drivers\massfilter_hs.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys;c:\windows\SYSNATIVE\DRIVERS\sbfwim.sys [x]
R3 SbHips;SbHips;c:\windows\system32\drivers\sbhips.sys;c:\windows\SYSNATIVE\drivers\sbhips.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 zghsdiag;ZTE General Handset Diagnostic Port;c:\windows\system32\DRIVERS\zghsdiag.sys;c:\windows\SYSNATIVE\DRIVERS\zghsdiag.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys;c:\windows\SYSNATIVE\Drivers\SmartDefragDriver.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys;c:\windows\SYSNATIVE\drivers\SbFw.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [x]
S2 CFUACProxy_hddv2usb3;CFUACProxy_hddv2usb3;c:\programdata\Clickfree\HDDV2USB3\UACProxy.exe;c:\programdata\Clickfree\HDDV2USB3\UACProxy.exe [x]
S2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [x]
S2 gfi_lanss11_attservice;GFI LanGuard 11 Attendant Service;c:\program files (x86)\GFI\LanGuard 11 Agent\lnssatt.exe;c:\program files (x86)\GFI\LanGuard 11 Agent\lnssatt.exe [x]
S2 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]
S2 SBAMSvc;VIPRE Internet Security;c:\program files (x86)\VIPRE\SBAMSvc.exe;c:\program files (x86)\VIPRE\SBAMSvc.exe [x]
S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys;c:\windows\SYSNATIVE\DRIVERS\sbapifs.sys [x]
S2 SBPIMSvc;SB Recovery Service;c:\program files (x86)\VIPRE\SBPIMSvc.exe;c:\program files (x86)\VIPRE\SBPIMSvc.exe [x]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys;c:\windows\SYSNATIVE\DRIVERS\SBFWIM.sys [x]
S3 sbwtis;sbwtis;c:\windows\system32\DRIVERS\sbwtis.sys;c:\windows\SYSNATIVE\DRIVERS\sbwtis.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-15 12:55 1150280 ----a-w- c:\program files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-19 11:59]
.
2014-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-22 19:30]
.
2014-03-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-22 19:30]
.
2014-03-17 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 3534355d-0df4-4e5e-9608-bd04a11b3060.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-05-23 20:21]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1AMPCBOK]
@="{04cd1f3e-81d5-4904-a3ab-e0f99a7d769d}"
[HKEY_CLASSES_ROOT\CLSID\{04cd1f3e-81d5-4904-a3ab-e0f99a7d769d}]
2010-11-05 01:57 444752 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-01-30 20:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-01-30 20:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-01-30 20:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-01-30 20:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-01-30 20:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2014-01-18 13662936]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2014-01-18 168944]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2014-01-18 394224]
"Persistence"="c:\windows\system32\igfxpers.exe" [2014-01-18 418800]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.yahoo.com/?type=198484&fr=spigot-yhp-ie
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
Handler: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - c:\program files (x86)\VIPRE\VSGN.dll
FF - ProfilePath - c:\users\rhonda\AppData\Roaming\Mozilla\Firefox\Profiles\08awarrn.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo!
FF - prefs.js: browser.startup.homepage - hxxp://search.yahoo.com/?type=198484&fr=spigot-yhp-ff
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=198484&p=
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2014-01-17 19:52; {58d2a791-6199-482f-a9aa-9b725ec61362}; c:\users\rhonda\AppData\Roaming\Mozilla\Firefox\Profiles\08awarrn.default\extensions\{58d2a791-6199-482f-a9aa-9b725ec61362}
FF - ExtSQL: 2014-02-28 15:57; searchads@instair.net; c:\users\rhonda\AppData\Roaming\Mozilla\Firefox\Profiles\08awarrn.default\extensions\searchads@instair.net
FF - ExtSQL: 2014-03-05 08:14; speeddial@instair.net; c:\users\rhonda\AppData\Roaming\Mozilla\Firefox\Profiles\08awarrn.default\extensions\speeddial@instair.net
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{4d87b7a7-23f1-470c-aa45-96b25b9bd138} - (no file)
Wow6432Node-HKU-Default-Run-Advanced SystemCare 7 - c:\program files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
ShellIconOverlayIdentifiers-{4d87b7a7-23f1-470c-aa45-96b25b9bd138} - (no file)
AddRemove-AccelerateTab_is1 - c:\program files (x86)\Secure Speed Dial\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b1,c4,c6,3f,94,70,e2,46,a7,e3,2f,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b1,c4,c6,3f,94,70,e2,46,a7,e3,2f,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\GFI\LanGuard 11 Agent\Mantle.exe
c:\program files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe
c:\program files (x86)\TeamViewer\Version9\TeamViewer.exe
c:\program files (x86)\TeamViewer\Version9\tv_w32.exe
.
**************************************************************************
.
Completion time: 2014-03-17 20:40:40 - machine was rebooted
ComboFix-quarantined-files.txt 2014-03-18 00:40
.
Pre-Run: 38,188,892,160 bytes free
Post-Run: 38,452,199,424 bytes free
.
- - End Of File - - 961048AEBEE5758C97FD282FE406EC18
A36C5E4F47E84449FF07ED3517B43A31

Link to comment
Share on other sites

Next: Disconnect from the internet. If you are on Cable or DSL unplug your computer from the modem.

Next: Please disable all onboard security programs (all running with back ground protection) as it may hinder the scanner from working.

This includes Antivirus, Firewall, and any Spyware scanners that run in the background.

 

Click on this link Here to see a list of programs that should be disabled.

The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

 

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:

Save this as "CFScript.txt" including quotes and change the "Save as type" to "All Files" and place it on your desktop.

 

 

File::

c:\program files (x86)\IObit\IObit Malware Fighter\adsremoval\IE\Adblock.dll

Registry::

[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F}]

ClearJavaCache::

Save this as "CFScript.txt" including quotes and change the "Save as type" to "All Files" and place it on your desktop.

 

CFScriptB-4.gif

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe. ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.

When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

 

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

 

 

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

 

If there are internet issues afterward:

 

*In IE: Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

 

In Firefox in Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection and uncheck the proxyserver, set it to No Proxy.

 

 

Chrome:

Select -> Tools menu -> then "Options", then go to "Change Proxy Settings", then "LAN Settings" , then take out the check mark for "Use a proxy server for your LAN" if set, unless you set this up yourself.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~``

 

Please give me an update on how the computer is now.

Link to comment
Share on other sites

ComboFix 14-03-16.01 - rhonda 03/18/2014 1:49.5.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5943.4241 [GMT -4:00]
Running from: c:\users\rhonda\Desktop\ComboFix.exe
Command switches used :: c:\users\rhonda\Desktop\CFScript.txt
AV: ThreatTrack Security VIPRE *Disabled/Updated* {FFE93D16-FD09-0282-C7D3-8B1731B6A051}
FW: ThreatTrack Security VIPRE *Disabled* {C7D2BC33-B766-03DA-EC8C-2222CF65E72A}
SP: ThreatTrack Security VIPRE *Disabled/Updated* {4488DCF2-DB33-0D0C-FD63-B0654A31EAEC}
.
FILE ::
"c:\program files (x86)\IObit\IObit Malware Fighter\adsremoval\IE\Adblock.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\IObit\IObit Malware Fighter\adsremoval\IE\Adblock.dll
.
.
((((((((((((((((((((((((( Files Created from 2014-02-18 to 2014-03-18 )))))))))))))))))))))))))))))))
.
.
2014-03-18 05:54 . 2014-03-18 05:54 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-03-18 05:54 . 2014-03-18 05:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-03-15 05:51 . 2014-03-15 05:52 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2014-03-15 05:51 . 2013-04-04 18:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-03-12 14:47 . 2014-02-04 02:32 624128 ----a-w- c:\windows\system32\qedit.dll
2014-03-12 14:47 . 2014-02-04 02:04 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2014-03-12 14:47 . 2014-02-04 02:32 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-03-12 14:47 . 2014-02-04 02:04 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-03-12 01:14 . 2014-03-12 01:14 -------- d-----w- c:\windows\ERUNT
2014-03-12 00:44 . 2014-03-12 00:50 -------- d-----w- C:\AdwCleaner
2014-03-08 04:10 . 2014-03-17 23:55 -------- d-----w- C:\FRST
2014-03-05 22:14 . 2014-03-05 22:14 388096 ----a-r- c:\users\rhonda\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2014-02-17 15:40 . 2014-02-17 15:40 -------- d-----w- c:\users\Default\AppData\Local\WinZip
2014-02-17 15:40 . 2014-02-17 15:40 -------- d-----w- c:\programdata\WinZip
2014-02-17 15:40 . 2014-02-17 15:40 -------- d-----w- c:\program files\WinZip
2014-02-17 15:07 . 2014-02-17 15:14 -------- d-----w- C:\9481374f8c049f51497b20cbb3
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-12 11:59 . 2012-04-19 21:24 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-12 11:59 . 2011-09-21 00:08 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-17 15:07 . 2011-09-20 05:02 88567024 ----a-w- c:\windows\system32\MRT.exe
2014-01-23 22:40 . 2013-08-27 00:17 268968 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-01-18 05:47 . 2014-01-18 05:47 90112 ----a-w- c:\windows\system32\igfxCoIn_v2993.dll
2014-01-18 05:47 . 2014-01-18 05:47 378368 ----a-w- c:\windows\system32\igfxTMM.dll
2014-01-18 05:47 . 2014-01-18 05:47 168944 ----a-w- c:\windows\system32\igfxtray.exe
2014-01-18 05:47 . 2014-01-18 05:47 510960 ----a-w- c:\windows\system32\igfxsrvc.exe
2014-01-18 05:47 . 2014-01-18 05:47 286720 ----a-w- c:\windows\system32\igfxrsky.lrc
2014-01-18 05:47 . 2014-01-18 05:47 286720 ----a-w- c:\windows\system32\igfxrrus.lrc
2014-01-18 05:47 . 2014-01-18 05:47 286720 ----a-w- c:\windows\system32\igfxrrom.lrc
2014-01-18 05:47 . 2014-01-18 05:47 286208 ----a-w- c:\windows\system32\igfxrtrk.lrc
2014-01-18 05:47 . 2014-01-18 05:47 286208 ----a-w- c:\windows\system32\igfxrsve.lrc
2014-01-18 05:47 . 2014-01-18 05:47 286208 ----a-w- c:\windows\system32\igfxrslv.lrc
2014-01-18 05:47 . 2014-01-18 05:47 285696 ----a-w- c:\windows\system32\igfxrtha.lrc
2014-01-18 05:47 . 2014-01-18 05:47 286720 ----a-w- c:\windows\system32\igfxrptg.lrc
2014-01-18 05:47 . 2011-02-12 01:46 62464 ----a-w- c:\windows\system32\igfxsrvc.dll
2014-01-18 05:47 . 2014-01-18 05:47 286720 ----a-w- c:\windows\system32\igfxrplk.lrc
2014-01-18 05:47 . 2014-01-18 05:47 286720 ----a-w- c:\windows\system32\igfxrnld.lrc
2014-01-18 05:47 . 2014-01-18 05:47 286720 ----a-w- c:\windows\system32\igfxrita.lrc
2014-01-18 05:47 . 2014-01-18 05:47 286208 ----a-w- c:\windows\system32\igfxrptb.lrc
2014-01-18 05:47 . 2014-01-18 05:47 286208 ----a-w- c:\windows\system32\igfxrnor.lrc
2014-01-18 05:47 . 2014-01-18 05:47 283648 ----a-w- c:\windows\system32\igfxrjpn.lrc
2014-01-18 05:47 . 2014-01-18 05:47 283136 ----a-w- c:\windows\system32\igfxrkor.lrc
2014-01-18 05:47 . 2014-01-18 05:47 286208 ----a-w- c:\windows\system32\igfxrhun.lrc
2014-01-18 05:47 . 2014-01-18 05:47 287232 ----a-w- c:\windows\system32\igfxrfra.lrc
2014-01-18 05:47 . 2014-01-18 05:47 286720 ----a-w- c:\windows\system32\igfxrhrv.lrc
2014-01-18 05:47 . 2014-01-18 05:47 286208 ----a-w- c:\windows\system32\igfxrfin.lrc
2014-01-18 05:47 . 2014-01-18 05:47 285184 ----a-w- c:\windows\system32\igfxrheb.lrc
2014-01-18 05:47 . 2014-01-18 05:47 9014784 ----a-w- c:\windows\system32\igfxress.dll
2014-01-18 05:47 . 2014-01-18 05:47 287232 ----a-w- c:\windows\system32\igfxresn.lrc
2014-01-18 05:47 . 2014-01-18 05:47 287232 ----a-w- c:\windows\system32\igfxrell.lrc
2014-01-18 05:47 . 2014-01-18 05:47 286720 ----a-w- c:\windows\system32\igfxrdeu.lrc
2014-01-18 05:47 . 2014-01-18 05:47 285696 ----a-w- c:\windows\system32\igfxrenu.lrc
2014-01-18 05:47 . 2014-01-18 05:47 285696 ----a-w- c:\windows\system32\igfxrdan.lrc
2014-01-18 05:47 . 2014-01-18 05:47 286720 ----a-w- c:\windows\system32\igfxrcsy.lrc
2014-01-18 05:47 . 2014-01-18 05:47 285184 ----a-w- c:\windows\system32\igfxrara.lrc
2014-01-18 05:47 . 2014-01-18 05:47 282624 ----a-w- c:\windows\system32\igfxrcht.lrc
2014-01-18 05:47 . 2014-01-18 05:47 282624 ----a-w- c:\windows\system32\igfxrchs.lrc
2014-01-18 05:47 . 2014-01-18 05:47 376320 ----a-w- c:\windows\system32\igfxpph.dll
2014-01-18 05:47 . 2014-01-18 05:47 418800 ----a-w- c:\windows\system32\igfxpers.exe
2014-01-18 05:47 . 2014-01-18 05:47 28672 ----a-w- c:\windows\system32\igfxexps.dll
2014-01-18 05:47 . 2014-01-18 05:47 24576 ----a-w- c:\windows\SysWow64\igfxexps32.dll
2014-01-18 05:47 . 2014-01-18 05:47 241136 ----a-w- c:\windows\system32\igfxext.exe
2014-01-18 05:47 . 2014-01-18 05:47 293888 ----a-w- c:\windows\SysWow64\igfxdv32.dll
2014-01-18 05:47 . 2014-01-18 05:47 4096 ----a-w- c:\windows\system32\IGFXDEVLib.dll
2014-01-18 05:47 . 2014-01-18 05:47 390144 ----a-w- c:\windows\system32\igfxdev.dll
2014-01-18 05:47 . 2014-01-18 05:47 142336 ----a-w- c:\windows\system32\igfxdo.dll
2014-01-18 05:47 . 2014-01-18 05:47 126976 ----a-w- c:\windows\system32\igfxcpl.cpl
2014-01-18 05:47 . 2014-01-18 05:47 246784 ----a-w- c:\windows\SysWow64\igfxcmrt32.dll
2014-01-18 05:47 . 2014-01-18 05:47 219136 ----a-w- c:\windows\system32\igfxcmrt64.dll
2014-01-18 05:47 . 2014-01-18 05:47 2780160 ----a-w- c:\windows\system32\igfxcmjit64.dll
2014-01-18 05:47 . 2014-01-18 05:47 2191872 ----a-w- c:\windows\SysWow64\igfxcmjit32.dll
2014-01-18 05:47 . 2014-01-18 05:47 8314368 ----a-w- c:\windows\system32\igdumd64.dll
2014-01-18 05:47 . 2011-02-12 02:09 581120 ----a-w- c:\windows\SysWow64\igdumdx32.dll
2014-01-18 05:47 . 2011-02-12 02:12 6324224 ----a-w- c:\windows\SysWow64\igdumd32.dll
2014-01-18 05:47 . 2014-01-18 05:46 12312928 ----a-w- c:\windows\system32\drivers\igdkmd64.sys
2014-01-18 05:46 . 2011-02-12 02:07 9528832 ----a-w- c:\windows\system32\igd10umd64.dll
2014-01-18 05:46 . 2012-01-11 02:55 7988224 ----a-w- c:\windows\SysWow64\igd10umd32.dll
2014-01-18 05:46 . 2014-01-18 05:46 18664960 ----a-w- c:\windows\system32\ig4icd64.dll
2014-01-18 05:46 . 2014-01-18 05:46 13913600 ----a-w- c:\windows\SysWow64\ig4icd32.dll
2014-01-18 05:46 . 2014-01-18 05:46 394224 ----a-w- c:\windows\system32\hkcmd.exe
2014-01-18 05:46 . 2014-01-18 05:46 4380144 ----a-w- c:\windows\system32\GfxUI.exe
2014-01-18 05:46 . 2011-02-12 01:45 110080 ----a-w- c:\windows\system32\hccutils.dll
2014-01-18 05:46 . 2014-01-18 05:46 146432 ----a-w- c:\windows\system32\gfxSrvc.dll
2014-01-18 05:46 . 2014-01-18 05:46 185840 ----a-w- c:\windows\system32\difx64.exe
2014-01-18 05:42 . 2014-01-18 05:42 2103040 ----a-w- c:\windows\system32\WavesGUILib64.dll
2014-01-18 05:42 . 2014-01-18 05:42 155888 ----a-w- c:\windows\system32\SRSWOW64.dll
2014-01-18 05:42 . 2014-01-18 05:42 518896 ----a-w- c:\windows\system32\SRSTSX64.dll
2014-01-18 05:42 . 2014-01-18 05:42 211184 ----a-w- c:\windows\system32\SRSTSH64.dll
2014-01-18 05:42 . 2014-01-18 05:42 198896 ----a-w- c:\windows\system32\SRSHP64.dll
2014-01-18 05:41 . 2014-01-18 05:41 1662024 ----a-w- c:\windows\system32\RTSnMg64.cpl
2014-01-18 05:41 . 2014-01-18 05:41 2810072 ----a-w- c:\windows\system32\RtPgEx64.dll
2014-01-18 05:41 . 2014-01-18 05:41 331880 ----a-w- c:\windows\system32\RtlCPAPI64.dll
2014-01-18 05:41 . 2014-01-18 05:41 3760344 ----a-w- c:\windows\system32\drivers\RTKVHD64.sys
2014-01-18 05:41 . 2014-01-18 05:41 14952 ----a-w- c:\windows\system32\RtkCoLDR64.dll
2014-01-18 05:41 . 2014-01-18 05:41 149608 ----a-w- c:\windows\system32\RtkCfg64.dll
2014-01-18 05:41 . 2014-01-18 05:41 2588888 ----a-w- c:\windows\system32\RtkAPO64.dll
2014-01-18 05:41 . 2014-01-18 05:41 1021656 ----a-w- c:\windows\system32\RtkApi64.dll
2014-01-18 05:41 . 2014-01-18 05:41 78680 ----a-w- c:\windows\system32\RTEEG64A.dll
2014-01-18 05:41 . 2014-01-18 05:41 618200 ----a-w- c:\windows\system32\RtDataProc64.dll
2014-01-18 05:41 . 2014-01-18 05:41 375128 ----a-w- c:\windows\system32\RTEEP64A.dll
2014-01-18 05:41 . 2014-01-18 05:41 204120 ----a-w- c:\windows\system32\RTEED64A.dll
2014-01-18 05:41 . 2014-01-18 05:41 101208 ----a-w- c:\windows\system32\RTEEL64A.dll
2014-01-18 05:41 . 2014-01-18 05:41 1286872 ----a-w- c:\windows\system32\RTCOM64.dll
2014-01-18 05:41 . 2014-01-18 05:41 310104 ----a-w- c:\windows\system32\RP3DHT64.dll
2014-01-18 05:41 . 2014-01-18 05:41 310104 ----a-w- c:\windows\system32\RP3DAA64.dll
2014-01-18 05:41 . 2014-01-18 05:41 154840 ----a-w- c:\windows\system32\RCoInstII64.dll
2014-01-18 05:40 . 2014-01-18 05:40 397080 ----a-w- c:\windows\system32\MBWrp64.dll
2014-01-18 05:40 . 2014-01-18 05:40 628504 ----a-w- c:\windows\system32\MBTHX64.dll
2014-01-18 05:40 . 2014-01-18 05:40 563992 ----a-w- c:\windows\SysWow64\MBTHX32.dll
2014-01-18 05:40 . 2014-01-18 05:40 897152 ----a-w- c:\windows\system32\MBAPO64.dll
2014-01-18 05:40 . 2014-01-18 05:40 753280 ----a-w- c:\windows\SysWow64\MBAPO32.dll
2014-01-18 05:40 . 2014-01-18 05:40 1998104 ----a-w- c:\windows\system32\MBAPO264.dll
2014-01-18 05:40 . 2014-01-18 05:40 1727256 ----a-w- c:\windows\SysWow64\MBAPO232.dll
2014-01-18 05:39 . 2014-01-18 05:39 2036992 ----a-w- c:\windows\system32\MaxxAudioEQ64.dll
2014-01-18 05:39 . 2014-01-18 05:39 1013504 ----a-w- c:\windows\system32\MaxxAudioAPOShell64.dll
2014-01-18 05:39 . 2014-01-18 05:39 318808 ----a-w- c:\windows\system32\MaxxAudioAPO20.dll
2014-01-18 05:38 . 2014-01-18 05:38 2743328 ----a-w- c:\windows\system32\FMAPO64.dll
2014-01-18 05:38 . 2014-01-18 05:38 113576 ----a-w- c:\windows\system32\CONEQMSAPOGUILibrary.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1AMPCBOK]
@="{04cd1f3e-81d5-4904-a3ab-e0f99a7d769d}"
[HKEY_CLASSES_ROOT\CLSID\{04cd1f3e-81d5-4904-a3ab-e0f99a7d769d}]
2010-11-05 01:58 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2014-01-16 6563608]
"ClickfreeMonitor"="c:\programdata\Clickfree\cfagent.exe" [2013-11-29 354632]
"Kooboodle"="c:\programdata\Clickfree\kooboodle\Kooboodle.exe" [2013-07-19 1030472]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IMSS"="c:\program files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2009-10-01 111640]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-12-21 959904]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2012-01-26 1058400]
"FUFAXRCV"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe" [2012-02-29 502912]
"FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2012-02-29 863360]
"SBAMTray"="c:\program files (x86)\VIPRE\SBAMTray.exe" [2013-08-30 3216272]
"CanonQuickMenu"="c:\program files (x86)\Canon\Quick Menu\CNQMMAIN.EXE" [2013-05-03 1282120]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc]
@="Service"
.
R1 AntiLog32;AntiLog32;c:\windows\system32\drivers\AntiLog64.sys;c:\windows\SYSNATIVE\drivers\AntiLog64.sys [x]
R2 CFUACProxy_hddv2usb3;CFUACProxy_hddv2usb3;c:\programdata\Clickfree\HDDV2USB3\UACProxy.exe;c:\programdata\Clickfree\HDDV2USB3\UACProxy.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]
R2 SBAMSvc;VIPRE Internet Security;c:\program files (x86)\VIPRE\SBAMSvc.exe;c:\program files (x86)\VIPRE\SBAMSvc.exe [x]
R2 SecureUpdateSvc;SecureUpdate;c:\program files (x86)\Secure Speed Dial\IE\SecureUpdate.exe;c:\program files (x86)\Secure Speed Dial\IE\SecureUpdate.exe [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys;c:\windows\SYSNATIVE\drivers\gfiark.sys [x]
R3 gfiutil;gfiutil;c:\windows\system32\drivers\gfiutil.sys;c:\windows\SYSNATIVE\drivers\gfiutil.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 massfilter_hs;HS HandSet Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys;c:\windows\SYSNATIVE\drivers\massfilter_hs.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys;c:\windows\SYSNATIVE\DRIVERS\sbfwim.sys [x]
R3 SbHips;SbHips;c:\windows\system32\drivers\sbhips.sys;c:\windows\SYSNATIVE\drivers\sbhips.sys [x]
R3 sbwtis;sbwtis;c:\windows\system32\DRIVERS\sbwtis.sys;c:\windows\SYSNATIVE\DRIVERS\sbwtis.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 zghsdiag;ZTE General Handset Diagnostic Port;c:\windows\system32\DRIVERS\zghsdiag.sys;c:\windows\SYSNATIVE\DRIVERS\zghsdiag.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys;c:\windows\SYSNATIVE\Drivers\SmartDefragDriver.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys;c:\windows\SYSNATIVE\drivers\SbFw.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [x]
S2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [x]
S2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc64.exe;c:\windows\SYSNATIVE\EscSvc64.exe [x]
S2 gfi_lanss11_attservice;GFI LanGuard 11 Attendant Service;c:\program files (x86)\GFI\LanGuard 11 Agent\lnssatt.exe;c:\program files (x86)\GFI\LanGuard 11 Agent\lnssatt.exe [x]
S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys;c:\windows\SYSNATIVE\DRIVERS\sbapifs.sys [x]
S2 SBPIMSvc;SB Recovery Service;c:\program files (x86)\VIPRE\SBPIMSvc.exe;c:\program files (x86)\VIPRE\SBPIMSvc.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys;c:\windows\SYSNATIVE\DRIVERS\SBFWIM.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-15 12:55 1150280 ----a-w- c:\program files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-19 11:59]
.
2014-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-22 19:30]
.
2014-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-22 19:30]
.
2014-03-17 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 3534355d-0df4-4e5e-9608-bd04a11b3060.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-05-23 20:21]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1AMPCBOK]
@="{04cd1f3e-81d5-4904-a3ab-e0f99a7d769d}"
[HKEY_CLASSES_ROOT\CLSID\{04cd1f3e-81d5-4904-a3ab-e0f99a7d769d}]
2010-11-05 01:57 444752 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-01-30 20:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-01-30 20:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-01-30 20:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-01-30 20:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-01-30 20:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2014-01-18 13662936]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2014-01-18 168944]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2014-01-18 394224]
"Persistence"="c:\windows\system32\igfxpers.exe" [2014-01-18 418800]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.yahoo.com/?type=198484&fr=spigot-yhp-ie
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
Handler: vipresg - {47BE2E5B-703B-444F-ABD3-05717D2191C6} - c:\program files (x86)\VIPRE\VSGN.dll
FF - ProfilePath - c:\users\rhonda\AppData\Roaming\Mozilla\Firefox\Profiles\08awarrn.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo!
FF - prefs.js: browser.startup.homepage - hxxp://search.yahoo.com/?type=198484&fr=spigot-yhp-ff
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=198484&p=
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2014-02-28 15:57; searchads@instair.net; c:\users\rhonda\AppData\Roaming\Mozilla\Firefox\Profiles\08awarrn.default\extensions\searchads@instair.net
FF - ExtSQL: 2014-03-05 08:14; speeddial@instair.net; c:\users\rhonda\AppData\Roaming\Mozilla\Firefox\Profiles\08awarrn.default\extensions\speeddial@instair.net
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} - c:\program files (x86)\IObit\IObit Malware Fighter\adsremoval\IE\Adblock.dll
ShellIconOverlayIdentifiers-{4d87b7a7-23f1-470c-aa45-96b25b9bd138} - (no file)
AddRemove-AccelerateTab_is1 - c:\program files (x86)\Secure Speed Dial\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b1,c4,c6,3f,94,70,e2,46,a7,e3,2f,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b1,c4,c6,3f,94,70,e2,46,a7,e3,2f,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-03-18 01:59:18
ComboFix-quarantined-files.txt 2014-03-18 05:59
ComboFix2.txt 2014-03-18 00:40
.
Pre-Run: 35,956,408,320 bytes free
Post-Run: 35,885,629,440 bytes free
.
- - End Of File - - 74B2C06635B58F48DEE1262F61A41E90
A36C5E4F47E84449FF07ED3517B43A31

 

Computer seems to be running fine.

Link to comment
Share on other sites

Computer seems to be running fine.

Good deal.

 

Please delete this left over file

c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe

 

 

I see a couple of entries related to your homepage we need to remove.

 

I want you to reset firefox back to defaults, this will remove everything from Firefox

 

I will let you keep your bookmarks so to do that you can go here - Export BookMarks https://support.mozilla.org/en-US/kb/export-firefox-bookmarks-to-backup-or-transfer

Now to reset firefox do the following.

 

At the top of the Firefox window, click the "Firefox" button,

go over to the "Help" sub-menu

(on Windows XP, click the Help menu at the top of the Firefox window) and select "Troubleshooting Information".

Click the "Reset Firefox" button in the upper-right corner of the Troubleshooting Information page.

click "Reset Firefox" in the confirmation window that opens.

Firefox will close and be reset. When it's done. Click "Finish" and Firefox will open.

 

restart the computer and check firefox for me now to see if it's set to the correct homepage.

search.yahoo.com/?

 

~~~~~~~~~~~~~~~~~~~

 

Looks like we're ready to remove quarantine folders and post a few preventive tips?

Link to comment
Share on other sites

 

Good deal.

 

Please delete this left over file

c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe

 

 

I see a couple of entries related to your homepage we need to remove.

 

I want you to reset firefox back to defaults, this will remove everything from Firefox

 

I will let you keep your bookmarks so to do that you can go here - Export BookMarks https://support.mozilla.org/en-US/kb/export-firefox-bookmarks-to-backup-or-transfer

Now to reset firefox do the following.

 

At the top of the Firefox window, click the "Firefox" button,

go over to the "Help" sub-menu

(on Windows XP, click the Help menu at the top of the Firefox window) and select "Troubleshooting Information".

Click the "Reset Firefox" button in the upper-right corner of the Troubleshooting Information page.

click "Reset Firefox" in the confirmation window that opens.

Firefox will close and be reset. When it's done. Click "Finish" and Firefox will open.

 

restart the computer and check firefox for me now to see if it's set to the correct homepage.

search.yahoo.com/?

 

~~~~~~~~~~~~~~~~~~~

 

Looks like we're ready to remove quarantine folders and post a few preventive tips?

 

It looks like we're ready to move on. =)

Link to comment
Share on other sites

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.

Paste this into the open notepad. save it to the Desktop as fixlist.txt

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

 

Run FRST/FRST64 and press the Fix button just once and wait.

no needed to post the log this time.

 

start

DeleteQuarantine:

end

~~~~~~~~~~~~~~~~~~~~~`

 

Don't miss or skip this next step, this will remove malicious files from quarantine and set a clean restore point.

 

Go to Start > Run > copy and paste the full text path in the run box

 

ComboFix /Uninstall

 

Note the space between the x and the /U, it needs to be there.

 

~~~~~~~~~~~~~~~~~~~~~~~~

  • Download Delfix from here
  • Ensure Remove disinfection tools is ticked

    Also tick:

    • Create registry backup
    • Purge system restore
    delfix.jpg
  • Click Run
**

Any other tools and files found can simply be deleted or uninstall via Add/Remove Programs in the Control Panel etc.

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~`

 

 

Your good to go, good job!

 

Please take the time to read over a few of my preventive tips.

 

Computer Security

http://malwareremoval.com/forum/viewtopic.php?p=557960#p557960

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Be prepared for CryptoLocker:

 

Cryptolocker Ransomware: What You Need To Know

 

CryptoLocker Ransomware Information Guide and FAQ

 

to help protect your computer in the future I recommend that you get the following free programmes:

 

CryptoPrevent install this programme to lock down and prevent crypto ransome ware

 

CryptoPrevent.JPG

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please navigate to Microsoft Windows Updates and download all the "Critical Updates" for Windows.

 

 

Firefox 3

The award-winning Web browser is now faster, more secure, and fully customizable to your online life. With Firefox 3, added powerful new features that make your online experience even better. It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.

*NoScript - Addon for Firefox that stops all scripts from running on websites. Stops malicious software from invading via flash, java, javascript, and many other entry points.

 

AdblockPlus

  • AdblockPlus, Surf the web without annoying ads!
  • Blocks banners, pop-ups and video ads - even on Facebook and YouTube
  • Protects your online privacy
  • Two-click installation, It's free!
  • click the icon that corresponds to your browser and download.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

WOT Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites - green to go, yellow for caution and red to stop, helping you avoid the dangerous sites. WOT has an addon available for both Firefox and IE.

Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

×
×
  • Create New...