cyclopean

April 2, 2014

Hey Kevin,

I think I'm good now - everything is just flying along like before - thanks a million man - I really appreciate your help - left a donation.

Richard.

April 1, 2014

Hello Kevin,

I'm happy to report that so far my system is just flying! Here at the logs:

System Variables

--------------------------------------------------------------------------------

OS: Windows 7 Ultimate N

OS Architecture: 64-bit

OS Version: 6.1.7601

OS Service Pack: Service Pack 1

Computer Name: RICHARD-PC

Windows Drive: C:\

Windows Path: C:\Windows

Current Profile: C:\Users\Richard

Current Profile SID: S-1-5-21-2902050937-303955776-554964296-1000

Current Profile Classes: S-1-5-21-2902050937-303955776-554964296-1000_Classes

Profiles Location: C:\Users

Profiles Location 2: C:\Windows\ServiceProfiles

Local Settings AppData: C:\Users\Richard\AppData\Local

--------------------------------------------------------------------------------

System Information

--------------------------------------------------------------------------------

System Up Time: 0 Days 10:14:15

Process Count: 64

Commit Total: 3.10 GB

Commit Limit: 15.91 GB

Commit Peak: 11.11 GB

Handle Count: 26169

Kernel Total: 422.66 MB

Kernel Paged: 326.77 MB

Kernel Non Paged: 95.89 MB

System Cache: 2.31 GB

Thread Count: 904

--------------------------------------------------------------------------------

Memory Before Cleaning with CleanMem

--------------------------------------------------------------------------------

Memory Total: 7.96 GB

Memory Used: 2.49 GB(31.2496%)

Memory Avail.: 5.47 GB

--------------------------------------------------------------------------------

Cleaning Memory Before Starting Repairs...

Memory After Cleaning with CleanMem

--------------------------------------------------------------------------------

Memory Total: 7.96 GB

Memory Used: 2.03 GB(25.5611%)

Memory Avail.: 5.92 GB

--------------------------------------------------------------------------------

Starting Repairs...

Start (3/31/2014 10:39:06 AM)

01 - Reset Registry Permissions 01/03

HKEY_CURRENT_USER & Sub Keys

Start (3/31/2014 10:39:06 AM)

Running Repair Under Current User Account

Done (3/31/2014 10:39:08 AM)

01 - Reset Registry Permissions 02/03

HKEY_LOCAL_MACHINE & Sub Keys

Start (3/31/2014 10:39:08 AM)

Running Repair Under System Account

Done (3/31/2014 10:39:41 AM)

01 - Reset Registry Permissions 03/03

HKEY_CLASSES_ROOT & Sub Keys

Start (3/31/2014 10:39:41 AM)

Running Repair Under System Account

Done (3/31/2014 10:40:04 AM)

03 - Register System Files

Start (3/31/2014 10:40:04 AM)

Running Repair Under Current User Account

Running Repair Under System Account

Done (3/31/2014 10:40:27 AM)

04 - Repair WMI

Start (3/31/2014 10:40:27 AM)

Running Repair Under Current User Account

Done (3/31/2014 10:45:31 AM)

05 - Repair Windows Firewall

Start (3/31/2014 10:45:31 AM)

Running Repair Under Current User Account

Running Repair Under System Account

Done (3/31/2014 10:46:02 AM)

06 - Repair Internet Explorer

Start (3/31/2014 10:46:02 AM)

Running Repair Under Current User Account

Running Repair Under System Account

Done (3/31/2014 10:46:36 AM)

07 - Repair MDAC/MS Jet

Start (3/31/2014 10:46:36 AM)

Running Repair Under Current User Account

Running Repair Under System Account

Done (3/31/2014 10:46:49 AM)

08 - Repair Hosts File

Start (3/31/2014 10:46:49 AM)

Running Repair Under System Account

Done (3/31/2014 10:46:51 AM)

09 - Remove Policies Set By Infections

Start (3/31/2014 10:46:51 AM)

Running Repair Under Current User Account

Running Repair Under System Account

Done (3/31/2014 10:46:56 AM)

11 - Repair Icons

Start (3/31/2014 10:46:56 AM)

Running Repair Under Current User Account

Done (3/31/2014 10:46:58 AM)

12 - Repair Winsock & DNS Cache

Start (3/31/2014 10:46:58 AM)

Running Repair Under Current User Account

Running Repair Under System Account

Done (3/31/2014 10:47:30 AM)

14 - Repair Proxy Settings

Start (3/31/2014 10:47:30 AM)

Running Repair Under Current User Account

Running Repair Under System Account

Done (3/31/2014 10:47:37 AM)

16 - Repair Windows Updates

Start (3/31/2014 10:47:37 AM)

Running Repair Under Current User Account

Running Repair Under System Account

Done (3/31/2014 10:48:35 AM)

17 - Repair CD/DVD Missing/Not Working

Start (3/31/2014 10:48:35 AM)

iTunes was found, adding UpperFilters for iTunes Reg Key

UpperFilters added?: True

Done (3/31/2014 10:48:35 AM)

18 - Repair Volume Shadow Copy Service

Start (3/31/2014 10:48:35 AM)

Running Repair Under Current User Account

Running Repair Under System Account

Done (3/31/2014 10:48:52 AM)

20 - Repair MSI (Windows Installer)

Start (3/31/2014 10:48:52 AM)

Running Repair Under Current User Account

Running Repair Under System Account

Done (3/31/2014 10:49:18 AM)

22.01 - Repair bat Association

Start (3/31/2014 10:49:18 AM)

Running Repair Under Current User Account

Running Repair Under System Account

Done (3/31/2014 10:49:27 AM)

22.02 - Repair cmd Association

Start (3/31/2014 10:49:27 AM)

Running Repair Under Current User Account

Running Repair Under System Account

Done (3/31/2014 10:49:34 AM)

22.03 - Repair com Association

Start (3/31/2014 10:49:34 AM)

Running Repair Under Current User Account

Running Repair Under System Account

Done (3/31/2014 10:49:43 AM)

22.04 - Repair Directory Association

Start (3/31/2014 10:49:43 AM)

Running Repair Under Current User Account

Running Repair Under System Account

Done (3/31/2014 10:49:48 AM)

22.05 - Repair Drive Association

Start (3/31/2014 10:49:48 AM)

Running Repair Under Current User Account

Running Repair Under System Account

Done (3/31/2014 10:49:55 AM)

22.06 - Repair exe Association

Start (3/31/2014 10:49:55 AM)

Running Repair Under Current User Account

Running Repair Under System Account

Done (3/31/2014 10:50:04 AM)

22.07 - Repair Folder Association

Start (3/31/2014 10:50:45 AM)

Running Repair Under Current User Account

Running Repair Under System Account

Done (3/31/2014 10:50:50 AM)

22.08 - Repair inf Association

Start (3/31/2014 10:50:50 AM)

Running Repair Under Current User Account

Running Repair Under System Account

Done (3/31/2014 10:50:58 AM)

22.09 - Repair lnk (Shortcuts) Association

Start (3/31/2014 10:50:58 AM)

Running Repair Under Current User Account

Running Repair Under System Account

Done (3/31/2014 10:51:07 AM)

22.10 - Repair msc Association

Start (3/31/2014 10:51:07 AM)

Running Repair Under Current User Account

Running Repair Under System Account

Done (3/31/2014 10:51:14 AM)

22.11 - Repair reg Association

Start (3/31/2014 10:51:14 AM)

Running Repair Under Current User Account

Running Repair Under System Account

Done (3/31/2014 10:51:21 AM)

22.12 - Repair scr Association

Start (3/31/2014 10:51:21 AM)

Running Repair Under Current User Account

Running Repair Under System Account

Done (3/31/2014 10:51:31 AM)

23 - Repair Windows Safe Mode

Start (3/31/2014 10:51:31 AM)

Running Repair Under Current User Account

Running Repair Under System Account

Done (3/31/2014 10:51:38 AM)

24 - Repair Print Spooler

Start (3/31/2014 10:51:38 AM)

Running Repair Under Current User Account

Running Repair Under System Account

Done (3/31/2014 10:52:29 AM)

25 - Restore Important Windows Services

Start (3/31/2014 10:52:29 AM)

Running Repair Under Current User Account

Running Repair Under System Account

Done (3/31/2014 10:53:48 AM)

26 - Set Windows Services To Default Startup

Start (3/31/2014 10:53:48 AM)

Running Repair Under Current User Account

Running Repair Under System Account

Done (3/31/2014 10:57:35 AM)

Cleaning up empty logs...

All Selected Repairs Done.

Done (3/31/2014 10:57:35 AM)

Total Repair Time: 00:18:31

...YOU MUST RESTART YOUR SYSTEM...

Running Repair Under Current User Account

March 31, 2014

Hello Kevin

I know why it didn't work - I unchecked all the options except the last two for windows 8......I didn't understand that you meant uncheck those two and leave all the rest checked. I'm running it again and it's repairing. I'll post the logs later when I get home ans I'll let you know how it's performing then.

Thanks!

March 31, 2014

When I came home it was flying - ran the repair anyway. Now....very much slower....

System Variables

--------------------------------------------------------------------------------

OS: Windows 7 Ultimate N

OS Architecture: 64-bit

OS Version: 6.1.7601

OS Service Pack: Service Pack 1

Computer Name: RICHARD-PC

Windows Drive: C:\

Windows Path: C:\Windows

Current Profile: C:\Users\Richard

Current Profile SID: S-1-5-21-2902050937-303955776-554964296-1000

Current Profile Classes: S-1-5-21-2902050937-303955776-554964296-1000_Classes

Profiles Location: C:\Users

Profiles Location 2: C:\Windows\ServiceProfiles

Local Settings AppData: C:\Users\Richard\AppData\Local

--------------------------------------------------------------------------------

System Information

--------------------------------------------------------------------------------

System Up Time: 0 Days 23:18:17

Process Count: 64

Commit Total: 2.69 GB

Commit Limit: 15.91 GB

Commit Peak: 13.95 GB

Handle Count: 26441

Kernel Total: 501.06 MB

Kernel Paged: 386.36 MB

Kernel Non Paged: 114.70 MB

System Cache: 3.20 GB

Thread Count: 891

--------------------------------------------------------------------------------

Memory Before Cleaning with CleanMem

--------------------------------------------------------------------------------

Memory Total: 7.96 GB

Memory Used: 1.94 GB(24.4057%)

Memory Avail.: 6.01 GB

--------------------------------------------------------------------------------

Cleaning Memory Before Starting Repairs...

Memory After Cleaning with CleanMem

--------------------------------------------------------------------------------

Memory Total: 7.96 GB

Memory Used: 1.40 GB(17.6051%)

Memory Avail.: 6.56 GB

--------------------------------------------------------------------------------

Starting Repairs...

Start (3/31/2014 12:22:59 AM)

Skipping Repair.

Repair is for Windows v6.2 (Windows 8 & Newer) or higher.

Current version: 6.1

Skipping Repair.

Repair is for Windows v6.2 (Windows 8 & Newer) or higher.

Current version: 6.1

Cleaning up empty logs...

All Selected Repairs Done.

Done (3/31/2014 12:22:59 AM)

Total Repair Time: 00:00:02

...YOU MUST RESTART YOUR SYSTEM...

Running Repair Under Current User Account

Hmmmm...doesn't look like it repaired anything....was I supposed to uncheck all the boxes except the 2 circled in red?

March 30, 2014

Here they are Kevin.

Thanks!

ComboFix 14-03-24.01 - Richard 03/29/2014 14:47:01.2.8 - x64

Microsoft Windows 7 Ultimate N 6.1.7601.1.1252.1.1033.18.8147.2552 [GMT -5:00]

Running from: c:\users\Richard\Downloads\ComboFix.exe

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((( Files Created from 2014-02-28 to 2014-03-29 )))))))))))))))))))))))))))))))

.

2014-03-29 19:52 . 2014-03-29 19:52 -------- d-----w- c:\users\Default\AppData\Local\temp

2014-03-29 18:21 . 2014-03-29 18:34 94656 ----a-w- c:\windows\system32\WPRO_41_2001woem.tmp

2014-03-29 15:06 . 2014-03-29 15:06 -------- d-----w- C:\_OTM

2014-03-29 00:02 . 2014-03-07 04:43 10521840 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6A8FCFE6-F798-44DC-A0E6-328A328EEE2A}\mpengine.dll

2014-03-25 15:39 . 2014-03-26 04:31 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2014-03-24 15:17 . 2014-03-25 02:35 -------- d-----w- C:\AdwCleaner

2014-03-24 03:58 . 2014-03-28 22:45 -------- d-----w- C:\FRST

2014-03-17 05:02 . 2014-03-17 05:02 -------- d-----w- c:\program files\iPod

2014-03-17 05:02 . 2014-03-17 05:02 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69

2014-03-17 05:02 . 2014-03-17 05:02 -------- d-----w- c:\program files\iTunes

2014-03-17 05:02 . 2014-03-17 05:02 -------- d-----w- c:\program files (x86)\iTunes

2014-03-17 05:00 . 2014-03-17 05:00 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll

2014-03-17 05:00 . 2014-03-17 05:00 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll

2014-03-17 05:00 . 2014-03-17 05:00 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll

2014-03-17 05:00 . 2014-03-17 05:00 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll

2014-03-17 05:00 . 2014-03-17 05:00 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll

2014-03-17 05:00 . 2014-03-17 05:00 -------- d-----w- c:\program files (x86)\QuickTime

2014-03-11 22:34 . 2014-02-04 02:32 624128 ----a-w- c:\windows\system32\qedit.dll

2014-03-11 22:34 . 2014-02-04 02:04 509440 ----a-w- c:\windows\SysWow64\qedit.dll

2014-03-11 22:34 . 2014-02-04 02:32 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll

2014-03-11 22:34 . 2014-02-04 02:04 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2014-03-29 18:34 . 2013-05-29 01:56 34752 ----a-w- c:\windows\system32\drivers\WPRO_41_2001.sys

2014-03-19 04:12 . 2013-06-01 18:19 833232 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe

2014-03-18 08:00 . 2013-05-29 03:59 90015360 ----a-w- c:\windows\system32\MRT.exe

2014-03-12 01:52 . 2013-05-29 02:49 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2014-03-12 01:52 . 2013-05-29 02:49 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2014-01-17 21:24 . 2014-01-17 21:24 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx

2014-01-17 21:24 . 2014-01-17 21:24 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]

@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"

[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]

2014-03-19 04:14 1728216 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]

@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"

[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]

2014-03-19 04:14 1728216 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]

@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"

[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]

2014-03-19 04:14 1728216 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2013-05-29 39408]

"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-11-20 59720]

"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-11-20 59720]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-26 291608]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]

"NBAgent"="c:\program files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" [2011-09-20 1493288]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-03-29 642656]

"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2013-09-13 295512]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-13 43848]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]

"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-08-24 206240]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-01-17 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-02-21 152392]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

"EnableLinkedConnections"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R3 AsrCDDrv;AsrCDDrv;c:\windows\SysWOW64\Drivers\AsrCDDrv.sys;c:\windows\SysWOW64\Drivers\AsrCDDrv.sys [x]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]

R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]

R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]

R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]

S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]

S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys;c:\windows\SYSNATIVE\DRIVERS\NBVol.sys [x]

S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys;c:\windows\SYSNATIVE\DRIVERS\NBVolUp.sys [x]

S1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DRIVERS\AsrAppCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AsrAppCharger.sys [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]

S2 ClickToRunSvc;Microsoft Office ClickToRun Service;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]

S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]

S2 Intel® ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [x]

S2 ISCTAgent;ISCT Always Updated Agent;c:\program files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe;c:\program files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [x]

S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]

S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]

S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]

S3 ikbevent;Intel Upper keyboard Class Filter Driver;c:\windows\system32\DRIVERS\ikbevent.sys;c:\windows\SYSNATIVE\DRIVERS\ikbevent.sys [x]

S3 imsevent;Intel Upper Mouse Class Filter Driver;c:\windows\system32\DRIVERS\imsevent.sys;c:\windows\SYSNATIVE\DRIVERS\imsevent.sys [x]

S3 ISCT;Intel® Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD64.sys;c:\windows\SYSNATIVE\DRIVERS\ISCTD64.sys [x]

S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]

S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]

S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

S3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001);c:\windows\system32\drivers\WPRO_41_2001.sys;c:\windows\SYSNATIVE\drivers\WPRO_41_2001.sys [x]

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2014-03-15 17:50 1150280 ----a-w- c:\program files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2014-03-29 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-29 01:52]

.

2014-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-29 02:49]

.

2014-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-29 02:49]

.

2014-03-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2902050937-303955776-554964296-1000Core.job

- c:\users\Richard\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-19 07:28]

.

2014-03-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2902050937-303955776-554964296-1000UA.job

- c:\users\Richard\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-19 07:28]

.

2014-03-29 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job

- c:\program files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 18:41]

.

2014-03-29 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job

- c:\program files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 18:41]

.

--------- X64 Entries -----------

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]

@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"

[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]

2014-03-19 04:14 2333400 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]

@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"

[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]

2014-03-19 04:14 2333400 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]

@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"

[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]

2014-03-19 04:14 2333400 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-10-17 13307496]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.1.254

.

- - - - ORPHANS REMOVED - - - -

.

AddRemove-MJC8Q300 - e:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\Uninstl-mjc8q3_2-2.005.exe

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.12"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2014-03-29 14:54:06

ComboFix-quarantined-files.txt 2014-03-29 19:54

ComboFix2.txt 2014-03-29 06:14

.

Pre-Run: 414,874,853,376 bytes free

Post-Run: 414,667,624,448 bytes free

.

- - End Of File - - 53627E45613EF00FC56D1B48B49A0103

A36C5E4F47E84449FF07ED3517B43A31

ComboFix 14-03-24.01 - Richard 03/29/2014 0:51.1.8 - x64

Microsoft Windows 7 Ultimate N 6.1.7601.1.1252.1.1033.18.8147.3160 [GMT -5:00]

Running from: c:\users\Richard\Downloads\ComboFix.exe

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\data

c:\data\default\us_sres.data

c:\windows\iun6002.exe

c:\windows\SysWow64\msnphoto.scr

.

((((((((((((((((((((((((( Files Created from 2014-02-28 to 2014-03-29 )))))))))))))))))))))))))))))))

.

2014-03-29 06:12 . 2014-03-29 06:12 -------- d-----w- c:\users\Default\AppData\Local\temp

2014-03-29 05:54 . 2014-03-29 05:55 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6A8FCFE6-F798-44DC-A0E6-328A328EEE2A}\offreg.dll

2014-03-29 00:02 . 2014-03-07 04:43 10521840 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6A8FCFE6-F798-44DC-A0E6-328A328EEE2A}\mpengine.dll

2014-03-28 04:22 . 2014-03-29 04:50 94656 ----a-w- c:\windows\system32\WPRO_41_2001woem.tmp