slow computer with pop ups

jraes71 · November 11, 2013

ComboFix 13-11-11.01 - jelli 11/11/2013 10:40:29.1.4 - x64
Running from: c:\users\jelli\Downloads\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\ScorpionSaver\IECOre.dll
c:\users\jelli\AppData\Local\ArcadeCandy\caNDyex.dll
c:\users\jelli\AppData\Local\assembly\tmp
c:\users\jelli\AppData\Local\dealcabby
c:\users\jelli\AppData\Local\dealcabby\license.txt
c:\users\jelli\AppData\Local\dealcabby\sqlite3.exe
c:\users\jelli\AppData\Local\dealcabby\uninst.exe
c:\users\jelli\AppData\Local\Temp\{16AA8FB8-4A98-4757-B7A5-0FF22C0A6E33}_1101_1\dbdata11.dll
c:\users\jelli\AppData\Local\Z@!-b2975c04-1b51-45a6-8bb8-5f64501e1da7.tmp
c:\users\jelli\AppData\Local\Z@!-c26e9682-ae9c-44a7-acf0-6b9b4648677e.tmp
c:\users\jelli\AppData\Local\Z@S!-bc5d25d5-a115-45a1-b2d6-f7a9ef84be93.tmp
c:\users\jelli\Documents\~WRL3801.tmp
c:\windows\SysWow64\DEBUG.log
c:\windows\SysWow64\FlashPlayerApp.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Level Quality Watcher
.
.
(((((((((((((((((((((((((   Files Created from 2013-10-11 to 2013-11-11 )))))))))))))))))))))))))))))))
.
.
2013-11-11 17:55 . 2013-11-11 17:55   --------   d-----w-   c:\users\Default\AppData\Local\temp
2013-11-11 17:18 . 2013-10-16 07:20   10280728   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3356123C-A572-40F2-B8FB-1D065A80FB62}\mpengine.dll
2013-11-11 15:56 . 2013-11-11 15:56   --------   d-----w-   C:\_OTL
2013-11-11 02:00 . 2013-11-11 02:00   --------   d-----w-   c:\users\jelli\AppData\Roaming\Registry Mechanic
2013-11-11 01:45 . 2013-11-11 01:51   --------   d-----w-   C:\AdwCleaner
2013-11-10 16:50 . 2013-10-16 07:20   10280728   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-11-06 20:23 . 2013-10-17 17:14   965000   ------w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-11-06 20:23 . 2013-10-17 17:14   965000   ------w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F7DB17B6-7C5F-4EA0-A607-83B97C7DCABD}\gapaengine.dll
2013-10-25 01:15 . 2013-11-11 17:50   --------   d-----w-   c:\users\jelli\AppData\Local\assembly
2013-10-24 14:42 . 2013-10-25 09:02   --------   d-----w-   c:\program files (x86)\Microsoft Security Client
2013-10-24 14:41 . 2013-10-25 09:02   --------   d-----w-   c:\program files\Microsoft Security Client
2013-10-24 14:39 . 2012-08-24 18:13   154480   ----a-w-   c:\windows\system32\drivers\ksecpkg.sys
2013-10-24 14:39 . 2012-08-24 18:09   458712   ----a-w-   c:\windows\system32\drivers\cng.sys
2013-10-24 14:39 . 2012-08-24 18:05   340992   ----a-w-   c:\windows\system32\schannel.dll
2013-10-24 14:39 . 2012-08-24 18:03   1448448   ----a-w-   c:\windows\system32\lsasrv.dll
2013-10-24 14:39 . 2012-08-24 16:57   247808   ----a-w-   c:\windows\SysWow64\schannel.dll
2013-10-24 14:39 . 2012-08-24 16:57   22016   ----a-w-   c:\windows\SysWow64\secur32.dll
2013-10-24 14:39 . 2012-08-24 16:53   96768   ----a-w-   c:\windows\SysWow64\sspicli.dll
2013-10-22 19:14 . 2013-11-11 03:11   --------   d-----w-   c:\programdata\Updater
2013-10-22 19:14 . 2013-11-11 03:11   --------   d-----w-   c:\programdata\RHelpers
2013-10-22 19:04 . 2013-10-22 21:32   --------   d-----w-   c:\users\jelli\AppData\Local\SySaver
2013-10-22 19:01 . 2013-11-11 17:50   --------   d-----w-   c:\program files (x86)\ScorpionSaver
2013-10-22 19:01 . 2013-10-22 19:01   --------   d-----w-   C:\temp
2013-10-22 18:56 . 2013-10-22 18:56   --------   d-----w-   c:\program files (x86)\Flash Player Pro
2013-10-19 21:32 . 2013-10-19 21:32   --------   d-----w-   c:\program files\McAfee Security Scan
2013-10-19 17:32 . 2013-10-19 17:32   --------   d-----w-   c:\users\jelli\AppData\Roaming\Roxio Log Files
2013-10-18 21:23 . 2013-10-18 21:23   --------   d-----w-   c:\users\jelli\AppData\Local\WordOv
2013-10-18 21:23 . 2013-10-25 01:15   --------   d-----w-   c:\users\jelli\AppData\Local\VisualBeeClient
2013-10-18 18:16 . 2013-09-04 01:37   343040   ----a-w-   c:\windows\system32\drivers\usbhub.sys
2013-10-18 18:16 . 2013-09-04 01:37   99840   ----a-w-   c:\windows\system32\drivers\usbccgp.sys
2013-10-18 18:16 . 2013-09-04 01:37   325120   ----a-w-   c:\windows\system32\drivers\usbport.sys
2013-10-18 18:16 . 2013-09-04 01:37   52736   ----a-w-   c:\windows\system32\drivers\usbehci.sys
2013-10-18 18:16 . 2013-09-04 01:37   30720   ----a-w-   c:\windows\system32\drivers\usbuhci.sys
2013-10-18 18:16 . 2013-09-04 01:37   7808   ----a-w-   c:\windows\system32\drivers\usbd.sys
2013-10-18 18:16 . 2013-09-04 01:37   25600   ----a-w-   c:\windows\system32\drivers\usbohci.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-07 16:01 . 2011-11-23 20:31   736952   ----a-w-   c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2013-11-07 16:00 . 2011-11-29 20:38   2876528   ----a-w-   c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2013-11-07 16:00 . 2011-11-29 20:26   42776   ----a-w-   c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2013-11-07 16:00 . 2011-11-23 20:31   539984   ----a-w-   c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-11-06 14:56 . 2011-11-29 20:59   736952   ----a-w-   c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2013-10-24 01:40 . 2013-10-23 01:12   75888   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{FCB8D2B1-48C0-4037-AFA9-BD18B3EB0BA5}\offreg.dll
2013-10-14 07:12 . 2013-10-22 18:28   10280728   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{FCB8D2B1-48C0-4037-AFA9-BD18B3EB0BA5}\mpengine.dll
2013-10-10 21:19 . 2013-10-10 21:22   45856   ----a-w-   c:\windows\system32\drivers\avgtpx64.sys
2013-10-10 14:53 . 2011-08-11 19:55   71048   ------w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-10 02:45 . 2011-08-24 11:33   80541720   ----a-w-   c:\windows\system32\MRT.exe
2013-09-22 23:28 . 2013-10-10 02:57   1767936   ----a-w-   c:\windows\SysWow64\wininet.dll
2013-09-22 23:27 . 2013-10-10 02:57   2876928   ----a-w-   c:\windows\SysWow64\jscript9.dll
2013-09-22 23:27 . 2013-10-10 02:57   61440   ----a-w-   c:\windows\SysWow64\iesetup.dll
2013-09-22 23:27 . 2013-10-10 02:57   109056   ----a-w-   c:\windows\SysWow64\iesysprep.dll
2013-09-22 22:55 . 2013-10-10 02:57   51712   ----a-w-   c:\windows\system32\ie4uinit.exe
2013-09-22 22:55 . 2013-10-10 02:57   2241024   ----a-w-   c:\windows\system32\wininet.dll
2013-09-22 22:55 . 2013-10-10 02:57   1365504   ----a-w-   c:\windows\system32\urlmon.dll
2013-09-22 22:54 . 2013-10-10 02:57   603136   ----a-w-   c:\windows\system32\msfeeds.dll
2013-09-22 22:54 . 2013-10-10 02:56   19252224   ----a-w-   c:\windows\system32\mshtml.dll
2013-09-22 22:54 . 2013-10-10 02:57   855552   ----a-w-   c:\windows\system32\jscript.dll
2013-09-22 22:54 . 2013-10-10 02:57   3959296   ----a-w-   c:\windows\system32\jscript9.dll
2013-09-22 22:54 . 2013-10-10 02:57   53248   ----a-w-   c:\windows\system32\jsproxy.dll
2013-09-22 22:54 . 2013-10-10 02:57   526336   ----a-w-   c:\windows\system32\ieui.dll
2013-09-22 22:54 . 2013-10-10 02:57   67072   ----a-w-   c:\windows\system32\iesetup.dll
2013-09-22 22:54 . 2013-10-10 02:57   39936   ----a-w-   c:\windows\system32\iernonce.dll
2013-09-22 22:54 . 2013-10-10 02:57   136704   ----a-w-   c:\windows\system32\iesysprep.dll
2013-09-22 22:54 . 2013-10-10 02:57   2647552   ----a-w-   c:\windows\system32\iertutil.dll
2013-09-22 22:54 . 2013-10-10 02:56   15404544   ----a-w-   c:\windows\system32\ieframe.dll
2013-09-21 03:38 . 2013-10-10 02:57   2706432   ----a-w-   c:\windows\system32\mshtml.tlb
2013-09-21 03:30 . 2013-10-10 02:57   2706432   ----a-w-   c:\windows\SysWow64\mshtml.tlb
2013-09-21 02:48 . 2013-10-10 02:57   89600   ----a-w-   c:\windows\system32\RegisterIEPKEYs.exe
2013-09-21 02:39 . 2013-10-10 02:57   71680   ----a-w-   c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-09-20 15:40 . 2011-11-23 20:31   2876528   ----a-w-   c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2013-09-20 15:40 . 2011-11-23 20:31   42776   ----a-w-   c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2013-09-20 15:40 . 2011-11-29 20:26   539984   ----a-w-   c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2013-09-14 01:10 . 2013-10-09 20:56   497152   ----a-w-   c:\windows\system32\drivers\afd.sys
2013-09-08 02:30 . 2013-10-09 20:56   1903552   ----a-w-   c:\windows\system32\drivers\tcpip.sys
2013-09-08 02:27 . 2013-10-09 20:56   327168   ----a-w-   c:\windows\system32\mswsock.dll
2013-09-08 02:03 . 2013-10-09 20:56   231424   ----a-w-   c:\windows\SysWow64\mswsock.dll
2013-08-29 02:17 . 2013-10-09 20:55   5549504   ----a-w-   c:\windows\system32\ntoskrnl.exe
2013-08-29 02:16 . 2013-10-09 20:55   1732032   ----a-w-   c:\windows\system32\ntdll.dll
2013-08-29 02:16 . 2013-10-09 20:55   243712   ----a-w-   c:\windows\system32\wow64.dll
2013-08-29 02:16 . 2013-10-09 20:55   859648   ----a-w-   c:\windows\system32\tdh.dll
2013-08-29 02:13 . 2013-10-09 20:55   878080   ----a-w-   c:\windows\system32\advapi32.dll
2013-08-29 01:51 . 2013-10-09 20:55   3969472   ----a-w-   c:\windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51 . 2013-10-09 20:55   3914176   ----a-w-   c:\windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50 . 2013-10-09 20:55   5120   ----a-w-   c:\windows\SysWow64\wow32.dll
2013-08-29 01:50 . 2013-10-09 20:55   1292192   ----a-w-   c:\windows\SysWow64\ntdll.dll
2013-08-29 01:50 . 2013-10-09 20:55   619520   ----a-w-   c:\windows\SysWow64\tdh.dll
2013-08-29 01:48 . 2013-10-09 20:55   640512   ----a-w-   c:\windows\SysWow64\advapi32.dll
2013-08-29 01:48 . 2013-10-09 20:55   44032   ----a-w-   c:\windows\apppatch\acwow64.dll
2013-08-29 00:49 . 2013-10-09 20:55   25600   ----a-w-   c:\windows\SysWow64\setup16.exe
2013-08-29 00:49 . 2013-10-09 20:55   7680   ----a-w-   c:\windows\SysWow64\instnm.exe
2013-08-29 00:49 . 2013-10-09 20:55   14336   ----a-w-   c:\windows\SysWow64\ntvdm64.dll
2013-08-29 00:49 . 2013-10-09 20:55   2048   ----a-w-   c:\windows\SysWow64\user.exe
2013-08-28 01:21 . 2013-10-09 20:55   3155968   ----a-w-   c:\windows\system32\win32k.sys
2013-08-28 01:12 . 2013-10-09 20:55   461312   ----a-w-   c:\windows\system32\scavengeui.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09   131248   ----a-w-   c:\users\jelli\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09   131248   ----a-w-   c:\users\jelli\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09   131248   ----a-w-   c:\users\jelli\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\jelli\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]
"Jing"="c:\program files (x86)\TechSmith\Jing\Jing.exe" [2013-01-07 2909640]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-10-02 20472992]
"DW7"="c:\program files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe" [2013-08-14 13103104]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-08-22 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-02-14 495746]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-01-13 283160]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"SSDMonitor"="c:\program files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2012-01-05 103896]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2012-02-01 968048]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"Realtime Audio Engine"="mmrtkrnl.exe" [2011-02-26 46592]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"ReminderApp"="c:\program files (x86)\Nova Development\Greeting Card Factory Deluxe 7.0\ReminderApp.exe" [2007-08-25 185664]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-31 152392]
"EKStatusMonitor"="c:\program files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe" [2013-01-15 2750840]
"Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2013-05-23 2786104]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2012-01-26 1058400]
"FUFAXRCV"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe" [2012-02-29 502912]
"FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2012-02-29 863360]
"LTCM Client"="c:\program files (x86)\LTCM Client\ltcmClient.exe" [2009-08-05 1596096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-04 559616]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"KodakHomeCenter"="c:\program files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" [2013-03-15 2236792]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files (x86)\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files (x86)\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe;c:\program files (x86)\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 vToolbarUpdater17.1.0;vToolbarUpdater17.1.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.0\ToolbarUpdater.exe [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys;c:\windows\SYSNATIVE\Drivers\ssadadb.sys [x]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [x]
S2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [x]
S2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe;c:\program files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 NSL;Norton Safe Web Lite;c:\program files (x86)\Norton Safe Web Lite\Engine\1.2.0.7\ccSvcHst.exe;c:\program files (x86)\Norton Safe Web Lite\Engine\1.2.0.7\ccSvcHst.exe [x]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [x]
S2 QBVSS;QBIDPService;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;c:\program files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [x]
S2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;c:\program files (x86)\Dell Wireless\Ath_WlanAgent.exe;c:\program files (x86)\Dell Wireless\Ath_WlanAgent.exe [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt   REG_MULTI_SZ     hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 14:53]
.
2013-11-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-920890388-3952254803-1851345295-1001Core.job
- c:\users\jelli\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-27 13:37]
.
2013-11-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-920890388-3952254803-1851345295-1001UA.job
- c:\users\jelli\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-27 13:37]
.
2013-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-22 23:11]
.
2013-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-22 23:11]
.
2013-11-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-920890388-3952254803-1851345295-1001Core.job
- c:\users\jelli\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-13 12:25]
.
2013-11-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-920890388-3952254803-1851345295-1001UA.job
- c:\users\jelli\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-13 12:25]
.
2013-06-26 c:\windows\Tasks\PowerInbox Updater.job
- c:\program files (x86)\PowerInbox\PowerInbox\UpdateClient.exe [2013-06-14 01:44]
.
2013-11-11 c:\windows\Tasks\PrintProjects Communicator.job
- c:\programdata\PrintProjects\Communicator.exe [2013-05-19 20:50]
.
2013-11-11 c:\windows\Tasks\RMSchedule.job
- c:\program files (x86)\PC Tools Registry Mechanic\RegMech.exe [2012-01-22 05:24]
.
2013-11-11 c:\windows\Tasks\SpeedyPC Registration3.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09   164016   ----a-w-   c:\users\jelli\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09   164016   ----a-w-   c:\users\jelli\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09   164016   ----a-w-   c:\users\jelli\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09   164016   ----a-w-   c:\users\jelli\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-03-29 608112]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-05-27 1128448]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-30 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-30 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-30 418840]
"AtherosBtStack"="c:\program files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe" [2012-03-09 1021056]
"AthBtTray"="c:\program files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe" [2012-03-09 800896]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-08-12 1356240]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\jelli\AppData\Roaming\Mozilla\Firefox\Profiles\w0my9bij.default-1382630008201\
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{10AD2C61-0898-4348-8600-14A342F22AC3} - c:\program files (x86)\ScorpionSaver\IECore.dll
BHO-{AB6BD08C-DB6B-4F02-8A22-4BD343E990FF} - c:\users\jelli\AppData\Local\ArcadeCandy\candyEX.dll
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-DealCabby - c:\users\jelli\AppData\Local\dealcabby\uninst.exe
AddRemove-Driver Performer_is1 - c:\program files (x86)\Driver-Soft\DriverPerformer\unins000.exe
AddRemove-IECT3298580 - c:\programdata\Conduit\IE\CT3298580\UninstallerUI.exe
AddRemove-WT089446 - c:\program files (x86)\WildTangent\Dell Games\Wedding Dash - Ready
AddRemove-UpdaterEX - c:\users\jelli\AppData\Roaming\UpdaterEX\UpdateProc\UpdateTask.exe
AddRemove-VisualBee for Microsoft PowerPoint - c:\users\jelli\AppData\Local\VisualBeeExe\uninst.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NSL]
"ImagePath"="\"c:\program files (x86)\Norton Safe Web Lite\Engine\1.2.0.7\ccSvcHst.exe\" /s \"NSL\" /m \"c:\program files (x86)\Norton Safe Web Lite\Engine\1.2.0.7\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2013-11-11 11:11:19 - machine was rebooted
ComboFix-quarantined-files.txt 2013-11-11 18:11
.
Pre-Run: 481,385,504,768 bytes free
Post-Run: 480,159,645,696 bytes free
.
- - End Of File - - 5187CE56F92DF37B2841357D1BD31FF6

jraes71 · November 11, 2013

Rkill 2.6.2 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 11/11/2013 08:42:21 AM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Windows\SysWOW64\mmrtkrnl.exe (PID: 4352) [WD-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

* Explorer Policy Removed: NoActiveDesktopChanges [HKLM]

Backup Registry file created at:
C:\Users\jelli\Desktop\rkill\rkill-11-11-2013-08-42-28.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 11/11/2013 08:44:36 AM
Execution time: 0 hours(s), 2 minute(s), and 15 seconds(s)

flashh4 · November 11, 2013

Jraes, ok combofix was nice to us.

Now we are gonna remove it !!

Time for some housekeeping
[*] Click START then RUN [*] Now type Combofix /Uninstall in the runbox and click OK( please note the space between Combofix and the /, it is needed.)

The above procedure will reset your System Restore and clear out the backups and quarantines created during the course of this fix.

Once you have typed this in, press Enter on your keyboard. A Open File security warning will appear asking if you are sure you want to run ComboFix.
Please click on the Run button to start the program.

ComboFix will now uninstall itself from your computer and remove any backups and quarantined files.
When it has finished you will be greeted by a dialog box stating that ComboFix has been uninstalled.
You can now delete the ComboFix.exe program from your computer.
ComboFix has now been uninstalled from your Windows Vista or Windows 7 computer.

==================

Clean up with OTL

    Right-click OTL.exe and select " Run as administrator " to run it.
    This will remove all the tools we used to clean your pc.
    Close all other programs apart from OTL as this step will require a reboot
    On the OTL main screen, press the CleanUp! button
    Say Yes to the prompt and then allow the program to reboot your computer.

You can now delete any tools we used if they remain on your Desktop.

===================

Lets uninstall AVG:
AVG Removal Tool as parts of the program are still on your computer.

Download and save AVG Removal Tool to your desktop >>> http://www.avg.com/filedir/util/avg_arm_sup_____.dir/avgremover.exe

Run it to remove AVG. After this, please restart your computer.

===================

Uninstall Norton:
For removal all products of Norton >> http://www.majorgeeks.com/mg/get/norton_removal_tool,1.html

Download and save Norton Removal Tool to your desktop.

Run it to remove Norton. After this, please restart your computer.

Let me know how the uninstall of Norton & AVG goes !!!!

===================

Update Java Runtime

Make sure you uncheck any boxes that want you to install tool bars or anything other than Java

You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, and also remove the older more vulnerable versions from your system. The most current version of Sun Java is: Java Runtime Environment Version 6 Update 14.

Go to Java Site
Click to Download Java SE Runtime Environment (JRE) 6 Update 14
In Platform box choose Windows.
Check the box to Accept License Agreement and click Continue.
Click on Windows Offline Installation, click on the link under it which says "jre-6u14-windows-i586-p.exe" and save the downloaded file to your desktop.
Go to Start => Control Panel => Add or Remove Programs
Uninstall all old versions of Java (Java 3 Runtime Environment, JRE or JSE)
Install the new version by running the newly-downloaded file with the java icon which will be at your desktop, and follow the on-screen instructions.
Reboot your computer

Let me know if you installed the latest Java !!

====================

Also how it's running, any pop-ups or other problems ???

Thanks

Chuck

almost done just a little more !!

jraes71 · November 11, 2013

AVG would not uninstall, but Norton uninstalled and computer rebooted...moving on to next clean up

jraes71 · November 11, 2013

The new Java was installed...and it seems to be running a lot faster and I have not had any pop-ups, at least that I noticed and believe I notice.

flashh4 · November 11, 2013

Great thats what i wanted to hear !

I know you may have some of these installed, this is just my standard all clean speech !

Congratulation you are clean !!!

Any of the logs that you created for use in the forums or remaining tools that have not yet been removed can be deleted so they aren't cluttering up your desktop.

Here are some tips to reduce the potential for spyware infection in the future:

1. Make your Internet Explorer more secure - This can be done by following these simple instructions:

* From within Internet Explorer click on the Tools menu and then click on Options.
   * Click once on the Security tab
   * Click once on the Internet icon so it becomes highlighted.
   * Click once on the Custom Level button.
   * Change the Download signed ActiveX controls to Prompt
   * Change the Download unsigned ActiveX controls to Disable
   * Change the Initialize and script ActiveX controls not marked as safe to Disable
* Change the Installation of desktop items to Prompt
   * Change the Launching programs and files in an IFRAME to Prompt
   * Change the Navigate sub-frames across different domains to Prompt
   * When all these settings have been made, click on the OK button.
   * If it prompts you as to whether or not you want to save the settings, press the Yes button.
* Next press the Apply button and then the OK to exit the Internet Properties page.

2. Enable Protected Mode in Internet Explorer . This helps Windows Vista users stay more protected from attack by running Internet Explorer with restricted privileges as well as reducing the ability to write, alter or destroy data on your system or install malicious code. To make sure this is running follow these steps:

* Open Internet Explorer
* Click on Tools > Internet Options
* Press Security tab
   * Select Internet zone then place check next to Enable Protected Mode if not already done
* Do the same for Local Intranet, Trusted Sites and Restricted Sites and then press Apply
* Restart Internet Explorer and in the bottom right corner of your screen you will see Protected Mode: On showing you it is enabled.

NOTE: Fire Fox is a great browser also >>> http://www.mozilla.org/en-US/firefox/fx/
I use & like FireFox !!

3. Use and update an anti-virus software - I can not overemphasize the need for you to use and update your anti-virus application on a regular basis. With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.

4. Firewall Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a firewall in its default configuration can lower your risk greatly. A tutorial on firewalls can be found here. **There are firewalls listed in this tutorial that could be downloaded and used but I would personally only recommend using one of the following two below:

Online Armor Free Online Armor Free

Agnitum Outpost Firewall Free Agnitum Outpost Firewall

5. Make sure you keep your Windows OS current. Windows XP users can visit Windows update Windows update
regularly to download and install any critical updates and service packs. Windows Vista/7 users can open the Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane) to update these systems. Without these you are leaving the back door open.

6. Consider a custom hosts file such as MVPS HOSTS
This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial by WinHelp2002

Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.

7. WOT (Web of Trust) WOT As "Googling" is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites. WOT has an add-on available for Firefox, Internet Explorer as well as Google Chrome.

8.Finally, I strongly recommend that you read TonyKlein's good advice

A must is a great Antivirus, i recommend you using AVAST its free >>> http://www.avast.com/free-antivirus-download

You are behind on some updates, please visit the Secunia Software Inspector >>>http://secunia.com/vulnerability_scanning/online/
Update any vulnerable software you have. Many malware now use zero day exploits in outdated versions of browsers and third party programs like Flash Player,Java Runtime , Winzip, Acrobat Reader etc to allow them to install silently without your knowledge or detection by your antivirus protection.

To insure better safety, these are a must have:
Rule #1 ........ Good Antivirus
Rule #2 ........ Good Firewall
Rule #3 ........ Good Router is Great ! (optional but best)

Happy surfing and Stay Clean
Chuck

I will lock this after 5 days, if you need it re-opened please PM me or another Mod !

flashh4 · November 11, 2013

There is a link to AVAST in my all clean speech, it's a great free antivirus !! Make sure it is all they install !!

Instructions for setting up AVAST !!

1. Right-click the Avast icon located in the notification area of the Windows task bar. Select "Program Settings" to launch the Avast settings window.
2. Click "Common" in the left column to view common configuration needs. Place a check mark next to each option you want to enable.
3. Click "Appearance" in the left column to change how the Avast icon and user interface is displayed on your computer. You can choose to animate the Avast icon and select optional translucent effects for the user interface.
4. Select "Chest" from the left column. Configure the options for the Chest size. The Chest is where quarantined files are kept. Additionally, you can configure the maximum size of report files to be sent when a virus is found on your computer.
5. Click "Confirmations" to alter when Avast will question you about what to do with an infected file or before performing certain actions.
6. Choose the "Language" option located in the left column to install additional languages for Avast. By default, English is the only available language.
7. Use the "Sounds" selection to change Avast sounds or to disable Avast sounds completely.
8. Configure the Log file limit and the logging level by selecting "Logging" from the left column. Select "Exclusions" to add files for Avast to ignore when scanning your computer.
9. Click "Update" to configure update options. You can choose Avast to automatically update, ask when a new update is available, or only allow manual updates.
10. Select "Troubleshooting" to configure options that help when you are having problems with Avast. You can configure Avast to only display pop-ups if a full screen application is not running or to disable the rootkit scan Avast Antivirus performs as your system boots up.
11. Click "OK" to apply the new configuration and close the configuration options.

flashh4 · November 16, 2013

This problem seems fixed so i will lock this topic ! If it needs reopened please PM me or another Mod !!

Thanks

Chuck

Sign In

slow computer with pop ups

Recommended Posts

jraes71

Link to post

Share on other sites

jraes71

Link to post

Share on other sites

flashh4

Link to post

Share on other sites

jraes71

Link to post

Share on other sites

jraes71

Link to post

Share on other sites

flashh4

Link to post

Share on other sites

flashh4

Link to post

Share on other sites

flashh4

Link to post

Share on other sites

Browse

Activity