Solved Internet explorer running ads in background with no window open

+ "ICCS" "Intel(R) Integrated Clock Controller Service - Intel(R) ICCS" "Intel Corporation" "c:\program files (x86)\intel\intel(r) integrated clock controller service\iccproxy.exe" "25/04/2012 6:46 AM" ""
+ "Intel(R) Capability Licensing Service Interface" "Version: 1.31.8.1" "Intel(R) Corporation" "c:\program files\intel\icls client\heciserver.exe" "27/08/2013 10:32 PM" ""
+ "Intel(R) Capability Licensing Service TCP IP Interface" "Version: 1.31.8.1" "Intel(R) Corporation" "c:\program files\intel\icls client\socketheciserver.exe" "27/08/2013 10:32 PM" ""
+ "Intel(R) PROSet Monitoring Service" "The Intel(R) PROSet Monitoring Service actively monitors changes to the system and updates affected network devices to keep them running in optimal condition. Stopping this service may negatively affect the performance of the network devices on the system." "Intel Corporation" "c:\windows\system32\iprosetmonitor.exe" "10/11/2011 11:37 AM" ""
+ "iPod Service" "iPod hardware management services" "Apple Inc." "c:\program files\ipod\bin\ipodservice.exe" "27/01/2015 7:36 PM" ""
+ "jhi_service" "Intel(R) Dynamic Application Loader Host Interface Service - Allows applications to access the local Intel (R) DAL" "Intel Corporation" "c:\program files (x86)\intel\intel(r) management engine components\dal\jhi_service.exe" "17/07/2013 12:50 PM" ""
+ "LkCitadelServer" "Historical data logging database service used for Lookout prior to ver. 6 and LabVIEW DSC prior to ver. 7. If this service is stopped or disabled, you will be unable to load databases logged in the Citadel 4 format used by those products." "National Instruments, Inc." "c:\windows\syswow64\lkcitdl.exe" "26/08/2005 1:25 AM" ""
+ "lkClassAds" "Locates servers at the request of network variable clients and other proprietary NI network protocols. If this service is stopped or disabled, network variables and network streams will stop working." "National Instruments Corporation" "c:\windows\syswow64\lkads.exe" "13/06/2013 12:57 AM" ""
+ "lkTimeSync" "Allows this machine to keep its time synchronized with a master time server, or to act as a time server for other machines. This feature is configured with the Shared Variable Engine settings in LabVIEW. If this service is stopped or disabled, this form of time synchronization will not be available." "National Instruments Corporation" "c:\windows\syswow64\lktsrv.exe" "13/06/2013 1:07 AM" ""
+ "LMS" "Intel(R) Management and Security Application Local Management Service - Provides OS-related Intel(R) ME functionality." "Intel Corporation" "c:\program files (x86)\intel\intel(r) management engine components\lms\lms.exe" "27/06/2013 8:39 AM" ""
+ "lxdn_device" "Printer Communication System" " " "c:\windows\system32\lxdncoms.exe" "29/11/2007 1:51 AM" ""
+ "MozillaMaintenance" "The Mozilla Maintenance Service ensures that you have the latest and most secure version of Mozilla Firefox on your computer. Keeping Firefox up to date is very important for your online security, and Mozilla strongly recommends that you keep this service enabled." "Mozilla Foundation" "c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe" "23/02/2015 7:32 PM" ""
+ "mxssvr" "Manages National Instruments configuration data. If this service is stopped, some NI programs and hardware will not function properly." "National Instruments Corporation" "c:\program files (x86)\national instruments\max\nimxs.exe" "11/06/2013 7:24 AM" ""
+ "NIApplicationWebServer" "The NI Application Web Server loads Web service applications which are deployed using National Instruments LabVIEW. Stopping this service will may cause deployed Web service applications to become unavailable." "National Instruments Corporation" "c:\program files (x86)\national instruments\shared\ni webserver\applicationwebserver.exe" "8/06/2013 9:44 PM" ""
+ "NIDomainService" "Provides a domain server for NI Shared Variable security. If this service is stopped or disabled, this machine will be unable to act as a domain when configuring shared variable security." "National Instruments Corporation" "c:\program files (x86)\national instruments\shared\security\nidmsrv.exe" "13/06/2013 1:16 AM" ""
+ "NILM License Manager" "Controls the National Instruments License Server to track volume software licenses. If this service is stopped or disabled, the volume license server will stop working, and users will not be able to check out software." "Macrovision Corporation" "c:\program files (x86)\national instruments\shared\license manager\bin\lmgrd.exe" "28/11/2007 6:40 AM" ""
+ "nimDNSResponder" "Advertises and discovers Zeroconf devices and services. If this service is stopped, advertisement and discovery of devices and services will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start." "National Instruments Corporation" "c:\program files (x86)\national instruments\shared\mdns responder\nimdnsresponder.exe" "12/05/2013 1:48 AM" ""
+ "NiSvcLoc" "The National Instruments service locator" "National Instruments Corporation" "c:\program files (x86)\national instruments\shared\nisvcloc\nisvcloc.exe" "8/06/2013 9:45 AM" ""
+ "NISystemWebServer" "The NI System Web Server provides National Instruments Web services and Web-based configuration and Monitoring utility. Stopping this service may cause some NI software to not function properly." "National Instruments Corporation" "c:\program files (x86)\national instruments\shared\ni webserver\systemwebserver.exe" "8/06/2013 9:45 PM" ""
+ "NITaggerService" "Hosts network published shared variables and I/O servers. If this service is stopped or disabled, shared variables and I/O servers will not function." "National Instruments Corporation" "c:\program files (x86)\national instruments\shared\tagger\tagsrv.exe" "16/06/2013 7:14 AM" ""
+ "O2FLASH" "O2 Flash Memory Service" "O2Micro International" "c:\windows\system32\o2flash.exe" "16/11/2011 1:47 PM" ""
+ "OpcEnum" "OPC Server Enumerator 1.10" "OPC Foundation" "c:\windows\syswow64\opcenum.exe" "18/01/2011 1:41 PM" ""
+ "ose" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports." "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\source engine\ose.exe" "10/01/2010 2:16 PM" ""
+ "osppsvc" "Office Software Protection Platform Service (unlocalized description)" "Microsoft Corporation" "c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppsvc.exe" "12/08/2009 12:00 PM" ""
+ "PDF Architect Helper Service" "PDF Architect Helper Service" "pdfforge GbR" "c:\program files (x86)\pdf architect\helperservice.exe" "10/01/2013 12:29 AM" ""
+ "PDF Architect Service" "PDF Architect Conversion Service" "pdfforge GbR" "c:\program files (x86)\pdf architect\conversionservice.exe" "10/01/2013 12:29 AM" ""
+ "SecureStorageService" "Wave Secure Storage Service" "Wave Systems Corp." "c:\program files\dell\dell data protection\access\advanced\wave\secure storage manager\securestorageservice.exe" "12/11/2011 8:41 AM" ""
+ "SkypeUpdate" "Enables the detection, download and installation of updates for Skype." "Skype Technologies" "c:\program files (x86)\skype\updater\updater.exe" "11/12/2014 8:20 PM" ""
+ "Sony PC Companion" "Provides support for Sony PC Companion Core and Services." "Avanquest Software" "c:\program files (x86)\sony\sony pc companion\pccservice.exe" "12/01/2012 2:34 AM" ""
+ "STacSV" "Manages audio jack configurations." "IDT, Inc." "c:\program files\idt\wdm\stacsv64.exe" "16/08/2013 8:38 PM" ""
+ "tcsd_win32.exe" "TCS service for accessing the TPM" "" "c:\program files (x86)\ntru cryptosystems\ntru tcg software stack\bin\tcsd_win32.exe" "9/10/2011 12:48 PM" ""
+ "TdmService" "Manages self-encrypting drives." "Wave Systems Corp." "c:\program files\dell\dell data protection\access\advanced\wave\trusted drive manager\tdmservice.exe" "9/12/2011 4:42 AM" ""
+ "vpnagent" "Cisco AnyConnect Secure Mobility Agent for Windows" "Cisco Systems, Inc." "c:\program files (x86)\cisco\cisco anyconnect secure mobility client\vpnagent.exe" "13/12/2013 8:32 AM" ""
+ "Wave Authentication Manager Service" "Manages secure authentication mechanisms" "Wave Systems Corp." "c:\program files\dell\dell data protection\access\advanced\wave\authentication manager\waveamservice.exe" "6/01/2012 9:02 AM" ""
+ "WinDefend" "Protection against spyware and potentially unwanted software" "Microsoft Corporation" "c:\program files\windows defender\mpsvc.dll" "27/05/2013 3:51 PM" ""
+ "wlidsvc" "Enables Windows Live ID authentication." "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidsvc.exe" "22/09/2010 7:46 AM" ""
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe" "20/11/2010 9:18 PM" ""
+ "WvPCR" "Wave PCR Collection Service" "Wave Systems Corp." "c:\program files\dell\dell data protection\access\advanced\wave\common\wvpcr.exe" "17/01/2012 9:29 AM" ""
"HKLM\System\CurrentControlSet\Services" "" "" "" "26/02/2015 5:20 PM" ""
+ "acsock" "Cisco AnyConnect Kernel Driver Framework Socket Layer Interceptor" "Cisco Systems, Inc." "c:\windows\system32\drivers\acsock64.sys" "5/09/2013 1:50 AM" ""
+ "adp94xx" "Adaptec Windows SAS/SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adp94xx.sys" "6/12/2008 9:54 AM" ""
+ "adpahci" "Adaptec Windows SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adpahci.sys" "2/05/2007 3:30 AM" ""
+ "adpu320" "Adaptec StorPort Ultra320 SCSI Driver (X64)" "Adaptec, Inc." "c:\windows\system32\drivers\adpu320.sys" "28/02/2007 10:04 AM" ""
+ "aliide" "ALi mini IDE Driver" "Acer Laboratories Inc." "c:\windows\system32\drivers\aliide.sys" "14/07/2009 9:19 AM" ""
+ "amdsata" "AHCI 1.2 Device Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdsata.sys" "19/03/2010 10:45 AM" ""
+ "amdsbs" "AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform" "AMD Technologies Inc." "c:\windows\system32\drivers\amdsbs.sys" "21/03/2009 4:36 AM" ""
+ "amdxata" "Storage Filter Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdxata.sys" "20/03/2010 2:18 AM" ""
+ "ApfiltrService" "Alps Touch Pad Driver" "Alps Electric Co., Ltd." "c:\windows\system32\drivers\apfiltr.sys" "21/05/2013 4:04 PM" ""
+ "arc" "Adaptec RAID Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arc.sys" "25/05/2007 7:27 AM" ""
+ "arcsas" "Adaptec SAS RAID WS03 Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arcsas.sys" "15/01/2009 5:27 AM" ""
+ "b06bdrv" "Broadcom NetXtreme II GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\bxvbda.sys" "14/02/2009 8:18 AM" ""
+ "b57nd60a" "Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver." "Broadcom Corporation" "c:\windows\system32\drivers\b57nd60a.sys" "26/04/2009 9:14 PM" ""
+ "bcbtums" "Broadcom Bluetooth Firmware Download Filter" "Broadcom Corporation." "c:\windows\system32\drivers\bcbtums.sys" "25/08/2012 7:21 AM" ""
+ "BrFiltLo" "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltlo.sys" "7/08/2006 11:51 AM" ""
+ "BrFiltUp" "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltup.sys" "7/08/2006 11:51 AM" ""
+ "Brserid" "Brotehr Serial I/F Driver (WDM)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserid.sys" "7/08/2006 11:51 AM" ""
+ "BrSerWdm" "Brother Serial driver (WDM version)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserwdm.sys" "7/08/2006 11:51 AM" ""
+ "BrUsbMdm" "Brother USB MDM Driver " "Brother Industries Ltd." "c:\windows\system32\drivers\brusbmdm.sys" "7/08/2006 11:51 AM" ""
+ "BrUsbSer" "Brother USB Serial Driver" "Brother Industries Ltd." "c:\windows\system32\drivers\brusbser.sys" "9/08/2006 10:11 PM" ""
+ "btwampfl" "Broadcom Bluetooth USB AMP Filter for Windows Vista" "Broadcom Corporation." "c:\windows\system32\drivers\btwampfl.sys" "2/12/2012 7:50 AM" ""
+ "btwaudio" "Bluetooth Audio Device" "Broadcom Corporation." "c:\windows\system32\drivers\btwaudio.sys" "28/04/2012 6:54 AM" ""
+ "btwavdt" "Broadcom Bluetooth AVDT Service" "Broadcom Corporation." "c:\windows\system32\drivers\btwavdt.sys" "2/03/2012 7:45 AM" ""
+ "btwl2cap" "Broadcom Bluetooth L2CAP Service" "Broadcom Corporation." "c:\windows\system32\drivers\btwl2cap.sys" "28/08/2011 8:58 AM" ""
+ "btwrchid" "Bluetooth Remote Control HID Minidriver" "Broadcom Corporation." "c:\windows\system32\drivers\btwrchid.sys" "2/03/2012 7:46 AM" ""
+ "CAXHWAZL" "HSF_HWAZL WDM driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\caxhwazl.sys" "14/02/2009 7:20 AM" ""
+ "cmdide" "CMD PCI IDE Bus Driver" "CMD Technology, Inc." "c:\windows\system32\drivers\cmdide.sys" "14/07/2009 9:19 AM" ""
+ "CtClsFlt" "Video Class Upper Filter Driver (64-bit)" "Creative Technology Ltd." "c:\windows\system32\drivers\ctclsflt.sys" "10/09/2010 7:22 PM" ""
+ "e1cexpress" "Intel(R) Gigabit Adapter NDIS 6.x driver" "Intel Corporation" "c:\windows\system32\drivers\e1c62x64.sys" "1/12/2011 9:09 AM" ""
+ "ebdrv" "Broadcom NetXtreme II 10 GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\evbda.sys" "1/01/2009 2:29 AM" ""
+ "elxstor" "Storport Miniport Driver for LightPulse HBAs" "Emulex" "c:\windows\system32\drivers\elxstor.sys" "4/02/2009 8:52 AM" ""
+ "GEARAspiWDM" "CD DVD Filter" "GEAR Software Inc." "c:\windows\system32\drivers\gearaspiwdm.sys" "4/05/2012 5:56 AM" ""
+ "ggflt" "SOMC USB Flash Driver Filter" "Sony Mobile Communications" "c:\windows\system32\drivers\ggflt.sys" "25/03/2014 1:06 AM" ""
+ "ggsemc" "SEMC USB Flash Driver" "Sony Ericsson Mobile Communications" "c:\windows\system32\drivers\ggsemc.sys" "25/11/2011 10:51 PM" ""
+ "ggsomc" "SOMC USB Flash Driver" "Sony Mobile Communications" "c:\windows\system32\drivers\ggsomc.sys" "25/03/2014 1:06 AM" ""
+ "hcw85cir" "Hauppauge WinTV 885 Consumer IR Driver for eHome" "Hauppauge Computer Works, Inc." "c:\windows\system32\drivers\hcw85cir.sys" "11/05/2009 6:26 PM" ""
+ "HpSAMD" "Smart Array SAS/SATA Controller Media Driver" "Hewlett-Packard Company" "c:\windows\system32\drivers\hpsamd.sys" "21/04/2010 4:32 AM" ""
+ "HSF_DPV" "HSF_DP driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\cax_dpv.sys" "14/02/2009 7:24 AM" ""
+ "iaStor" "Intel Rapid Storage Technology driver - x64" "Intel Corporation" "c:\windows\system32\drivers\iastor.sys" "31/05/2012 6:40 AM" ""
+ "iaStorV" "Intel Matrix Storage Manager driver - x64" "Intel Corporation" "c:\windows\system32\drivers\iastorv.sys" "11/06/2010 10:46 AM" ""
+ "igfx" "Intel Graphics Kernel Mode Driver" "Intel Corporation" "c:\windows\system32\drivers\igdkmd64.sys" "21/03/2014 1:40 AM" ""
+ "iirsp" "Intel/ICP Raid Storport Driver" "Intel Corp./ICP vortex GmbH" "c:\windows\system32\drivers\iirsp.sys" "14/12/2005 7:47 AM" ""
+ "intaud_WaveExtensible" "Intel® WiDi Solution" "Intel Corporation" "c:\windows\system32\drivers\intelaud.sys" "15/04/2012 7:16 AM" ""
+ "IntcDAud" "Intel(R) Display Audio Driver" "Intel(R) Corporation" "c:\windows\system32\drivers\intcdaud.sys" "20/06/2012 12:40 AM" ""
+ "iusb3hcs" "Intel(R) USB 3.0 Host Controller Switch Driver" "Intel Corporation" "c:\windows\system32\drivers\iusb3hcs.sys" "22/02/2013 10:36 PM" ""
+ "iusb3hub" "Intel(R) USB 3.0 Hub Driver" "Intel Corporation" "c:\windows\system32\drivers\iusb3hub.sys" "22/02/2013 10:33 PM" ""
+ "iusb3xhc" "Intel(R) USB 3.0 eXtensible Host Controller Driver" "Intel Corporation" "c:\windows\system32\drivers\iusb3xhc.sys" "22/02/2013 10:33 PM" ""
+ "iwdbus" "Intel® WiDi Solution" "Intel Corporation" "c:\windows\system32\drivers\iwdbus.sys" "15/04/2012 7:16 AM" ""
+ "kl1" "Kaspersky Unified Driver" "Kaspersky Lab ZAO" "c:\windows\system32\drivers\kl1.sys" "18/10/2013 7:18 PM" ""
+ "KLIF" "Kaspersky Lab Interceptor and Filter" "Kaspersky Lab ZAO" "c:\windows\system32\drivers\klif.sys" "7/03/2014 2:39 AM" ""
+ "KLIM6" "Kaspersky Anti-Virus NDIS 6 Filter" "Kaspersky Lab ZAO" "c:\windows\system32\drivers\klim6.sys" "11/07/2013 5:54 PM" ""
+ "klkbdflt" "Kaspersky Lab Keyboard Class Filter" "Kaspersky Lab ZAO" "c:\windows\system32\drivers\klkbdflt.sys" "27/12/2013 11:36 PM" ""
+ "klmouflt" "Kaspersky Lab Mouse Class Filter" "Kaspersky Lab ZAO" "c:\windows\system32\drivers\klmouflt.sys" "8/08/2013 11:10 PM" ""
+ "klpd" "KLPD [fre_wnet_x64]" "Kaspersky Lab ZAO" "c:\windows\system32\drivers\klpd.sys" "12/04/2013 9:34 PM" ""
+ "kltdi" "Network filtering component" "Kaspersky Lab ZAO" "c:\windows\system32\drivers\kltdi.sys" "14/05/2013 11:34 PM" ""
+ "kneps" "KNEPS Power [fre_wnet_amd64]" "Kaspersky Lab ZAO" "c:\windows\system32\drivers\kneps.sys" "31/10/2013 11:45 PM" ""
+ "LSI_FC" "LSI Fusion-MPT FC Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_fc.sys" "10/12/2008 8:46 AM" ""
+ "LSI_SAS" "LSI Fusion-MPT SAS Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas.sys" "19/05/2009 10:20 AM" ""
+ "LSI_SAS2" "LSI SAS Gen2 Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas2.sys" "19/05/2009 10:31 AM" ""
+ "LSI_SCSI" "LSI Fusion-MPT SCSI Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_scsi.sys" "17/04/2009 8:13 AM" ""
+ "mdmxsdk" "Diagnostic Interface x64 Driver" "Conexant" "c:\windows\system32\drivers\mdmxsdk.sys" "20/06/2006 7:27 AM" ""
+ "megasas" "MEGASAS RAID Controller Driver for Windows 7\Server 2008 R2 for x64" "LSI Corporation" "c:\windows\system32\drivers\megasas.sys" "19/05/2009 11:09 AM" ""
+ "MegaSR" "LSI MegaRAID Software RAID Driver" "LSI Corporation, Inc." "c:\windows\system32\drivers\megasr.sys" "19/05/2009 11:25 AM" ""
+ "MEIx64" "Intel(R) Management Engine Interface" "Intel Corporation" "c:\windows\system32\drivers\teedriverx64.sys" "6/09/2013 4:02 AM" ""
+ "NETwNs64" "Intel® Wireless WiFi Link Driver" "Intel Corporation" "c:\windows\system32\drivers\netwsw00.sys" "29/05/2013 11:10 PM" ""
+ "networx" "NetFilter SDK TDI Hook Driver (WPP)" "NetFilterSDK.com" "c:\windows\system32\drivers\networx.sys" "23/07/2014 11:03 PM" ""
+ "nfrd960" "IBM ServeRAID Controller Driver" "IBM Corporation" "c:\windows\system32\drivers\nfrd960.sys" "7/06/2006 7:11 AM" ""
+ "nvraid" "NVIDIA® nForce(TM) RAID Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvraid.sys" "20/03/2010 6:59 AM" ""
+ "nvstor" "NVIDIA® nForce(TM) Sata Performance Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvstor.sys" "20/03/2010 6:45 AM" ""
+ "O2MDFRDR" "O2Micro Media Reader Driver (AMD64)" "O2Micro " "c:\windows\system32\drivers\o2mdfw7x64.sys" "3/01/2011 1:53 PM" ""
+ "O2MDRRDR" "O2Micro Media Reader Driver (AMD64)" "O2Micro " "c:\windows\system32\drivers\o2mdrw7x64.sys" "3/01/2011 4:14 PM" ""
+ "O2SDJRDR" "O2Micro SD Reader Driver (AMD64)" "O2Micro " "c:\windows\system32\drivers\o2sdjw7x64.sys" "11/10/2011 5:13 AM" ""
+ "PBADRV" "PBADRV" "Dell Inc" "c:\windows\system32\drivers\pbadrv.sys" "8/01/2008 5:12 AM" ""
+ "ql2300" "QLogic Fibre Channel Stor Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql2300.sys" "23/01/2009 9:05 AM" ""
+ "ql40xx" "QLogic iSCSI Storport Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql40xx.sys" "19/05/2009 11:18 AM" ""
+ "secdrv" "Macrovision SECURITY Driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys" "13/09/2006 11:18 PM" ""
+ "SiSRaid2" "SiS RAID Stor Miniport Driver" "Silicon Integrated Systems Corp." "c:\windows\system32\drivers\sisraid2.sys" "25/09/2008 4:28 AM" ""
+ "SiSRaid4" "SiS AHCI Stor-Miniport Driver" "Silicon Integrated Systems" "c:\windows\system32\drivers\sisraid4.sys" "2/10/2008 7:56 AM" ""
+ "SIUSBXP" "SiUSBXp.sys" "Silicon Laboratories" "c:\windows\system32\drivers\siusbxp.sys" "4/11/2009 8:16 AM" ""
+ "ST_ACCEL" "STM Accelerometer Device Driver" "STMicroelectronics" "c:\windows\system32\drivers\st_accel.sys" "28/03/2013 8:59 AM" ""
+ "stdcfltn" "Disk Class Filter Driver for Accelerometer" "ST Microelectronics" "c:\windows\system32\drivers\stdcfltn.sys" "16/07/2011 2:31 PM" ""
+ "stexstor" "Promise SuperTrak EX Series Driver for Windows " "Promise Technology" "c:\windows\system32\drivers\stexstor.sys" "18/02/2009 9:03 AM" ""
+ "STHDA" "IDT PC Audio" "IDT, Inc." "c:\windows\system32\drivers\stwrt64.sys" "16/08/2013 8:26 PM" ""
+ "TrueSight" "" "" "c:\windows\system32\drivers\truesight.sys" "4/12/2014 9:36 PM" ""
+ "usb3Hub" "usb3hub.sys" "Windows (R) Win 7 DDK provider" "c:\windows\system32\drivers\usb3hub.sys" "26/09/2012 9:04 PM" ""
+ "USBAAPL64" "Apple Mobile Device USB Driver" "Apple, Inc." "c:\windows\system32\drivers\usbaapl64.sys" "16/07/2014 3:30 AM" ""
+ "VBoxDrv" "VirtualBox Support Driver" "Oracle Corporation" "c:\windows\system32\drivers\vboxdrv.sys" "16/05/2014 10:04 PM" ""
+ "VBoxNetAdp" "VirtualBox Host-Only Network Adapter Driver" "Oracle Corporation" "c:\windows\system32\drivers\vboxnetadp.sys" "16/05/2014 10:01 PM" ""
+ "VBoxNetFlt" "VirtualBox Bridged Networking Driver" "Oracle Corporation" "c:\windows\system32\drivers\vboxnetflt.sys" "16/05/2014 10:01 PM" ""
+ "VBoxUSBMon" "VirtualBox USB Monitor Driver" "Oracle Corporation" "c:\windows\system32\drivers\vboxusbmon.sys" "16/05/2014 10:01 PM" ""
+ "viaide" "VIA Generic PCI IDE Bus Driver" "VIA Technologies, Inc." "c:\windows\system32\drivers\viaide.sys" "14/07/2009 9:19 AM" ""
+ "vpnva" "Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows" "Cisco Systems, Inc." "c:\windows\system32\drivers\vpnva64-6.sys" "30/08/2013 9:06 PM" ""
+ "vsmraid" "VIA RAID DRIVER FOR AMD-X86-64" "VIA Technologies Inc.,Ltd" "c:\windows\system32\drivers\vsmraid.sys" "31/01/2009 11:18 AM" ""
+ "winachsf" "HSF_CNXT driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\cax_cnxt.sys" "14/02/2009 7:19 AM" ""
+ "XAudio" "Modem Audio Device Driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\xaudio64.sys" "30/04/2009 4:21 AM" ""
+ "XHCIPort" "xHCIport.sys" "Windows (R) Win 7 DDK provider" "c:\windows\system32\drivers\xhciport.sys" "26/09/2012 9:04 PM" ""
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" "" "30/10/2014 11:15 AM" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm" "14/07/2009 11:28 AM" ""
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" "" "25/02/2015 12:51 PM" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\syswow64\l3codeca.acm" "14/07/2009 11:06 AM" ""
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\syswow64\iccvid.dll" "20/11/2010 9:59 PM" ""
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" "" "16/12/2013 9:37 PM" ""
+ "DS Video Buffer Filter" "WiDiAgent.dll COM object." "Intel Corporation" "c:\program files\intel corporation\intel widi\dsbuffer_video.ax" "30/11/2012 9:23 AM" ""
+ "Intel® AAC encoder" "" "" "c:\program files\intel corporation\intel widi\intelaac.dll" "30/11/2012 9:22 AM" ""
+ "Intel® Mux Renderer" "Intel(R) TS Mux / Network Renderer" "Intel Corporation" "c:\program files\intel corporation\intel widi\intelmux.dll" "30/11/2012 9:23 AM" ""
+ "Intel®WiDi H264 encoder" "" "" "c:\program files\intel corporation\intel widi\h264hwenc.dll" "30/11/2012 9:22 AM" ""
+ "WD Audio Filter" "WiDi Audio Source Filter." "Intel Corporation" "c:\program files\intel corporation\intel widi\wdaudiofilter.dll" "30/11/2012 9:23 AM" ""
+ "WD Secure Source Filter" "Intel® WiDi Secure Video Source Filter." "Intel Corporation" "c:\program files\intel corporation\intel widi\wdsecuresourcefilter.dll" "30/11/2012 9:23 AM" ""
+ "WD Silence Filter" "" "" "c:\program files\intel corporation\intel widi\wdsilencefilter.dll" "30/11/2012 9:21 AM" ""
+ "WDSource Filter" "WiDi Video Source Filter." "Intel Corporation" "c:\program files\intel corporation\intel widi\wdsourcefilter.dll" "30/11/2012 9:23 AM" ""
"HKLM\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" "" "28/06/2014 6:18 PM" ""
+ "Capture File Writer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll" "10/11/2010 8:21 PM" ""
+ "Creative MJPEG Decoder 2" "Decoder" "Creative Technology Ltd." "c:\program files (x86)\creative\shared files\ctmjpgdec2.ax" "1/12/2008 7:44 PM" ""
+ "Creative Video Processing Filter" "Creative Video Processing Filter" "Creative Technology Ltd." "c:\program files (x86)\creative\shared files\vidprocu.ax" "6/01/2009 1:42 PM" ""
+ "CuttlefishClosedCaption Filter" "Sony MP4 SMF Subtitle Stream Parser" "Sony Corporation" "c:\program files (x86)\common files\sony shared\media go video playback engine\2.12.104.06300\cuttlefishsubtitleparser.ax" "1/07/2014 2:01 PM" ""
+ "CuttlefishSubtitleParser Filter" "Sony MP4 SMF Subtitle Stream Parser" "Sony Corporation" "c:\program files (x86)\common files\sony shared\media go video playback engine\2.12.104.06300\cuttlefishsubtitleparser.ax" "1/07/2014 2:01 PM" ""
+ "Record Queue" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll" "10/11/2010 8:21 PM" ""
+ "Sony CF AAC decoder" "Sony FhG AAC Decoder" "Sony Corporation" "c:\program files (x86)\common files\sony shared\media go video playback engine\2.12.104.06300\cfaac.ax" "1/07/2014 2:01 PM" ""
+ "Sony CF AVC Decoder" "Sony AVC Decoder Filter" "Sony Corporation" "c:\program files (x86)\common files\sony shared\media go video playback engine\2.12.104.06300\sjvtdfcf.ax" "1/07/2014 2:02 PM" ""
+ "Sony CF AVC Decoder (Intel VA)" "Sony AVC Decoder Filter" "Sony Corporation" "c:\program files (x86)\common files\sony shared\media go video playback engine\2.12.104.06300\sjvtdfcf.ax" "1/07/2014 2:02 PM" ""
+ "Sony CF DXVA AVC Decoder" "Sony AVC Decoder Filter" "Sony Corporation" "c:\program files (x86)\common files\sony shared\media go video playback engine\2.12.104.06300\sjvtdfcf.ax" "1/07/2014 2:02 PM" ""
+ "Sony MP4 File Source" "Sony MP4 File Source Filter" "Sony Corporation" "c:\program files (x86)\common files\sony shared\media go video playback engine\2.12.104.06300\mp4filesource.ax" "1/07/2014 2:02 PM" ""
+ "WM VIH2 Fix" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll" "10/11/2010 8:21 PM" ""
+ "WMT DV Extract Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll" "10/11/2010 8:21 PM" ""
+ "WMT Sample Info Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll" "10/11/2010 8:21 PM" ""
+ "WMT Switch Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll" "10/11/2010 8:21 PM" ""
+ "WMT Virtual Renderer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll" "10/11/2010 8:21 PM" ""
+ "WMT Virtual Source" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll" "10/11/2010 8:21 PM" ""
"HKLM\SOFTWARE\Classes\Htmlfile\Shell\Open\Command\(Default)" "" "" "" "11/05/2013 12:07 PM" ""
+ "C:\Program Files\Internet Explorer\iexplore.exe" "Internet Explorer" "Microsoft Corporation" "c:\program files\internet explorer\iexplore.exe" "12/01/2015 10:57 AM" ""
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers" "" "" "" "10/12/2013 8:37 AM" ""
+ "BtwCredentialProvider" "BtwCP DLL" "Broadcom Corporation." "c:\program files\widcomm\bluetooth software\btwcp.dll" "20/02/2013 6:50 AM" ""
+ "BtwProximityCredentialProvider" "BtwProximityCP DLL" "Broadcom Corporation." "c:\program files\widcomm\bluetooth software\btwproximitycp.dll" "20/02/2013 6:56 AM" ""
+ "Provider Object" "Windows Vista and Windows 7 Credential Provider" "UPEK Inc." "c:\program files\common files\spba\provider.dll" "15/09/2010 7:14 PM" ""
+ "WLIDCredentialProvider" "Microsoft® Windows Live ID Credential Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidcredprov.dll" "22/09/2010 7:47 AM" ""
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Provider Filters" "" "" "" "22/01/2013 5:51 PM" ""
+ "Provider Filter Object" "Windows Vista and Windows 7 Credential Provider" "UPEK Inc." "c:\program files\common files\spba\provider.dll" "15/09/2010 7:14 PM" ""
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" "" "24/02/2015 12:16 PM" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files (x86)\bonjour\mdnsnsp.dll" "31/08/2011 3:44 PM" ""
+ "nimdnsNSP" "National Instruments Zeroconf Namespace Service Provider" "National Instruments Corporation" "c:\program files (x86)\national instruments\shared\mdns responder\nimdnsnsp.dll" "12/05/2013 1:46 AM" ""
+ "WindowsLive Local NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll" "22/09/2010 7:00 AM" ""
+ "WindowsLive NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll" "22/09/2010 7:00 AM" ""
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64" "" "" "" "24/02/2015 12:16 PM" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files\bonjour\mdnsnsp.dll" "31/08/2011 3:53 PM" ""
+ "nimdnsNSP" "National Instruments Zeroconf Namespace Service Provider" "National Instruments Corporation" "c:\program files\national instruments\shared\mdns responder\nimdnsnsp.dll" "12/05/2013 1:46 AM" ""
+ "WindowsLive Local NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidnsp.dll" "22/09/2010 7:45 AM" ""
+ "WindowsLive NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidnsp.dll" "22/09/2010 7:45 AM" ""
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" "" "22/12/2013 12:50 PM" ""
+ "2600 Series Port" "Printer Communication System" " " "c:\windows\system32\lxdnlmpm.dll" "29/11/2007 1:52 AM" ""
+ "pdfcmon" "pdfcmon" "pdfforge GmbH" "c:\windows\system32\pdfcmon.dll" "17/12/2014 3:49 AM" ""
+ "ricaz0lm" "RICOH BIDI Language Monitor" "RICOH CO.,Ltd." "c:\windows\system32\ricaz0lm.dll" "7/12/2010 11:24 AM" ""
+ "SST3C Langmon" "Language Monitor for Status Monitor" "" "c:\windows\system32\sst3cl6.dll" "3/03/2011 12:56 PM" ""
"HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Notification Packages" "" "" "" "27/02/2015 9:07 AM" ""
+ "C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll" "BtwProximityCP DLL" "Broadcom Corporation." "c:\program files\widcomm\bluetooth software\btwproximitycp.dll" "20/02/2013 6:56 AM" ""
"HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order" "" "" "" "22/01/2013 5:55 PM" ""
+ "TdmNetworkProvider" "TDM Network Provider" "Wave Systems Corp." "c:\windows\system32\tdmnetworkprovider.dll" "9/12/2011 4:45 AM" ""
"WMI Database Entries" "" "" "" "" ""
+ "BVTConsumer" "" "" "File not found: KernCap.vbs" "" ""
 
I don't see anything obvious there...

Go Start>Run (Start Search in Vista/7), type in:
msconfig
Click OK (hit Enter in Vista/7).
Windows 8/8.1 users. Press Windows logo key
aa922834-ed43-40f1-8830-d5507badb56c_91.jpg
and start typing the following:
msconfig
Press Enter.

Click on Startup tab.
Click Disable all
IMPORTANT! In case of laptop, make sure, you do NOT disable any keyboard, or touchpad entries.

Click Services tab.
Put checkmark in Hide all Microsoft services
Click Disable all.

Click OK.
Restart computer in Normal Mode.

NOTE. If you use different firewall, than Windows firewall, turn Windows firewall on, just for this test, since your regular firewall won't be running.
If you use Windows firewall, you're fine.

Same problem?
 
Yes. It doesn't start straight away but eventually IE opens in task manager.

I am going away for the weekend so won't be able to post any log until Monday.
 
Go back to "msconfig" and reverse all changes.
That was for testing purposes only.

Re-run Combofix and post fresh log.
 
My computer crashed this morning and restarted before I ran Combofix. I got a blue screen with text but did not have time to read it all. This happened also a few times before I used MBAM (before I posted here). Here's the new combofix log.


ComboFix 15-03-01.01 - Reungoat 02/03/2015 9:07.2.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.61.1033.18.8097.5023 [GMT 10:00]
Running from: c:\users\Reungoat\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *Disabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}
SP: Kaspersky Anti-Virus *Disabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.pol
c:\users\Reungoat\AppData\Local\Temp\_MEI55402\_ctypes.pyd
c:\users\Reungoat\AppData\Local\Temp\_MEI55402\_elementtree.pyd
c:\users\Reungoat\AppData\Local\Temp\_MEI55402\_hashlib.pyd
c:\users\Reungoat\AppData\Local\Temp\_MEI55402\_multiprocessing.pyd
c:\users\Reungoat\AppData\Local\Temp\_MEI55402\_socket.pyd
c:\users\Reungoat\AppData\Local\Temp\_MEI55402\_ssl.pyd
c:\users\Reungoat\AppData\Local\Temp\_MEI55402\hashobjs_ext.pyd
c:\users\Reungoat\AppData\Local\Temp\_MEI55402\pyexpat.pyd
c:\users\Reungoat\AppData\Local\Temp\_MEI55402\pysqlite2._sqlite.pyd
c:\users\Reungoat\AppData\Local\Temp\_MEI55402\python27.dll
c:\users\Reungoat\AppData\Local\Temp\_MEI55402\pythoncom27.dll
c:\users\Reungoat\AppData\Local\Temp\_MEI55402\PyWinTypes27.dll
c:\users\Reungoat\AppData\Local\Temp\_MEI55402\select.pyd
c:\users\Reungoat\AppData\Local\Temp\_MEI55402\unicodedata.pyd
c:\users\Reungoat\AppData\Local\Temp\_MEI55402\win32api.pyd
c:\users\Reungoat\AppData\Local\Temp\_MEI55402\win32com.shell.shell.pyd
c:\users\Reungoat\AppData\Local\Temp\_MEI55402\win32crypt.pyd
c:\users\Reungoat\AppData\Local\Temp\_MEI55402\win32event.pyd
c:\users\Reungoat\AppData\Local\Temp\_MEI55402\win32file.pyd
c:\users\Reungoat\AppData\Local\Temp\_MEI55402\win32gui.pyd
c:\users\Reungoat\AppData\Local\Temp\_MEI55402\win32inet.pyd
c:\users\Reungoat\AppData\Local\Temp\_MEI55402\win32pdh.pyd
c:\users\Reungoat\AppData\Local\Temp\_MEI55402\win32pipe.pyd
c:\users\Reungoat\AppData\Local\Temp\_MEI55402\win32process.pyd
c:\users\Reungoat\AppData\Local\Temp\_MEI55402\win32profile.pyd
c:\users\Reungoat\AppData\Local\Temp\_MEI55402\win32security.pyd
c:\users\Reungoat\AppData\Local\Temp\_MEI55402\win32ts.pyd
c:\users\Reungoat\AppData\Local\Temp\_MEI55402\windows._lib_cacheinvalidation.pyd
c:\users\Reungoat\AppData\Local\Temp\_MEI55402\wx._animate.pyd
c:\users\Reungoat\AppData\Local\Temp\_MEI55402\wx._controls_.pyd
c:\users\Reungoat\AppData\Local\Temp\_MEI55402\wx._core_.pyd
c:\users\Reungoat\AppData\Local\Temp\_MEI55402\wx._gdi_.pyd
c:\users\Reungoat\AppData\Local\Temp\_MEI55402\wx._html2.pyd
c:\users\Reungoat\AppData\Local\Temp\_MEI55402\wx._misc_.pyd
c:\users\Reungoat\AppData\Local\Temp\_MEI55402\wx._windows_.pyd
c:\users\Reungoat\AppData\Local\Temp\_MEI55402\wx._wizard.pyd
c:\users\Reungoat\AppData\Local\Temp\_MEI55402\wxbase294u_net_vc90.dll
c:\users\Reungoat\AppData\Local\Temp\_MEI55402\wxbase294u_vc90.dll
c:\users\Reungoat\AppData\Local\Temp\_MEI55402\wxmsw294u_adv_vc90.dll
c:\users\Reungoat\AppData\Local\Temp\_MEI55402\wxmsw294u_core_vc90.dll
c:\users\Reungoat\AppData\Local\Temp\_MEI55402\wxmsw294u_html_vc90.dll
c:\users\Reungoat\AppData\Local\Temp\_MEI55402\wxmsw294u_webview_vc90.dll
.
.
((((((((((((((((((((((((( Files Created from 2015-02-01 to 2015-03-01 )))))))))))))))))))))))))))))))
.
.
2015-03-01 23:17 . 2015-03-01 23:17 -------- d-----w- c:\users\Guest\AppData\Local\temp
2015-03-01 23:17 . 2015-03-01 23:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-02-26 04:33 . 2015-02-26 04:33 -------- d-----w- c:\programdata\Sophos
2015-02-26 04:33 . 2015-02-26 04:33 -------- d-----w- c:\program files (x86)\Sophos
2015-02-26 04:11 . 2015-02-26 04:12 -------- d-----w- c:\program files (x86)\PermaCare - Global - RO12_6
2015-02-26 03:47 . 2015-02-26 03:47 -------- d-----w- c:\users\Reungoat\AppData\Local\CrashDumps
2015-02-25 23:09 . 2015-01-09 03:14 950272 ----a-w- c:\windows\system32\perftrack.dll
2015-02-25 23:09 . 2015-01-09 03:14 29696 ----a-w- c:\windows\system32\powertracker.dll
2015-02-25 23:09 . 2015-01-09 03:14 91136 ----a-w- c:\windows\system32\wdi.dll
2015-02-25 23:09 . 2015-01-09 02:48 76800 ----a-w- c:\windows\SysWow64\wdi.dll
2015-02-25 05:06 . 2015-02-27 01:09 -------- d-----w- C:\FRST
2015-02-25 04:47 . 2015-02-25 04:54 -------- d-----w- C:\AdwCleaner
2015-02-25 00:38 . 2015-02-25 00:41 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-02-25 00:38 . 2015-02-25 00:38 -------- d-----w- c:\programdata\RogueKiller
2015-02-24 02:17 . 2015-02-24 02:17 -------- d-----w- c:\program files (x86)\Common Files\OPC Foundation
2015-02-24 02:16 . 2015-02-24 02:17 -------- d-----w- c:\program files (x86)\Common Files\Merge Modules
2015-02-24 02:15 . 2015-02-24 02:16 -------- d-----w- c:\program files\National Instruments
2015-02-24 02:13 . 2015-02-24 02:13 -------- d-----w- C:\National Instruments Downloads
2015-02-24 00:23 . 2015-02-25 01:09 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-02-23 00:37 . 2015-01-05 07:55 60408 ----a-w- c:\windows\system32\drivers\networx.sys
2015-02-23 00:37 . 2015-02-23 00:37 -------- d-----w- c:\program files\NetWorx
2015-02-23 00:37 . 2015-02-23 00:37 -------- d-----w- c:\programdata\SoftPerfect
2015-02-22 09:27 . 2015-02-22 09:27 -------- d-----w- c:\program files\Microsoft Network Monitor 3
2015-02-21 06:59 . 2015-02-21 06:59 -------- d-----w- c:\programdata\SeriousBit
2015-02-21 06:57 . 2015-02-21 06:57 -------- d-----w- c:\users\Reungoat\AppData\Local\Rainmaker_Software_Group_
2015-02-21 06:57 . 2015-02-21 06:57 -------- d-----w- c:\users\Reungoat\AppData\Roaming\Rainmaker Software Group LLC.?
2015-02-18 23:06 . 2015-02-18 23:06 -------- d-----w- c:\users\Default\AppData\Roaming\Garmin
2015-02-15 05:15 . 2015-02-15 05:15 -------- d-----w- c:\users\Reungoat\AppData\Roaming\ggcenzvn
2015-02-15 00:11 . 2015-02-15 00:11 -------- d-----w- c:\program files (x86)\Common Files\Java
2015-02-11 23:01 . 2015-01-23 04:41 6041600 ----a-w- c:\windows\system32\jscript9.dll
2015-02-11 23:01 . 2015-01-23 03:43 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2015-02-11 23:01 . 2015-01-23 03:17 4300800 ----a-w- c:\windows\SysWow64\jscript9.dll
2015-02-11 23:01 . 2015-01-23 04:42 814080 ----a-w- c:\windows\system32\jscript9diag.dll
2015-02-11 04:56 . 2015-02-11 04:56 -------- d-----w- c:\users\Reungoat\.imagej
2015-02-11 02:32 . 2015-02-11 04:25 -------- d-----w- c:\program files (x86)\ImageJ
2015-02-10 22:55 . 2015-01-15 08:14 155072 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2015-02-10 22:54 . 2015-01-09 02:03 3201536 ----a-w- c:\windows\system32\win32k.sys
2015-02-10 00:56 . 2015-02-10 00:56 -------- d-----w- c:\users\Reungoat\AppData\Local\PDFCreator
2015-02-09 00:08 . 2015-02-25 00:51 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-02-09 00:08 . 2015-02-25 00:51 107736 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-02-09 00:08 . 2015-02-09 00:08 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-02-09 00:08 . 2015-02-09 00:08 -------- d-----w- c:\programdata\Malwarebytes
2015-02-09 00:08 . 2014-11-20 20:14 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-02-09 00:08 . 2014-11-20 20:14 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-02-08 23:34 . 2015-01-22 06:14 114872 ----a-w- c:\windows\system32\pdfcmon.dll
2015-02-08 23:34 . 2015-02-15 08:53 -------- d-----w- c:\program files\PDFCreator
2015-01-31 04:15 . 2015-01-31 04:15 -------- d-----w- c:\program files (x86)\iTunes
2015-01-31 04:15 . 2015-01-31 04:15 -------- d-----w- c:\program files\iPod
2015-01-31 04:15 . 2015-01-31 04:15 -------- d-----w- c:\programdata\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-01-31 04:15 . 2015-01-31 04:15 -------- d-----w- c:\program files\iTunes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-15 00:10 . 2014-11-03 22:39 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-02-11 11:59 . 2013-02-01 04:04 116773704 ----a-w- c:\windows\system32\MRT.exe
2015-02-09 00:04 . 2013-01-22 07:29 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-02-09 00:04 . 2013-01-22 07:29 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-01-11 11:22 . 2015-01-11 11:22 493168 ----a-r- c:\users\Reungoat\AppData\Roaming\Microsoft\Installer\{84676CB3-965C-496F-AB81-EB148406E9D7}\BOINCManagerShortc_6E797A1C8FF24C29BF4BAD5AE09E4AB3.exe
2015-01-11 11:22 . 2015-01-11 11:22 493168 ----a-r- c:\users\Reungoat\AppData\Roaming\Microsoft\Installer\{84676CB3-965C-496F-AB81-EB148406E9D7}\ARPPRODUCTICON.exe
2014-12-19 03:06 . 2015-01-13 23:06 210432 ----a-w- c:\windows\system32\profsvc.dll
2014-12-19 01:46 . 2015-01-13 23:06 141312 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2014-12-11 17:47 . 2015-01-13 23:06 52736 ----a-w- c:\windows\system32\TSWbPrxy.exe
2014-12-11 08:12 . 2014-12-11 08:12 1120752 ----a-w- c:\windows\boinc.scr
2014-12-06 04:17 . 2015-01-13 23:06 303616 ----a-w- c:\windows\system32\nlasvc.dll
2014-12-06 03:50 . 2015-01-13 23:06 52224 ----a-w- c:\windows\SysWow64\nlaapi.dll
2014-12-06 03:50 . 2015-01-13 23:06 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\Reungoat\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\Reungoat\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\Reungoat\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\users\Reungoat\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2015-01-27 1676344]
"Simple Sticky Notes"="c:\program files (x86)\Simnet\Simple Sticky Notes\ssn.exe" [2014-10-24 662384]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2015-01-15 23308256]
"GarminExpressTrayApp"="c:\program files (x86)\Garmin\Express Tray\ExpressTray.exe" [2014-12-31 688984]
"boincmgr"="c:\program files\BOINC\boincmgr.exe" [2014-12-11 9639920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2013-02-23 292088]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-10-02 421888]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2012-06-07 56128]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-12-16 462974]
"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2013-12-12 707472]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2015-01-20 60712]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"GarminExpressTrayApp"="c:\program files (x86)\Garmin\Express Tray\ExpressTray.exe" [2014-12-31 688984]
.
c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Smart Settings.lnk - c:\program files\Dell\Feature Enhancement Pack\SmartSettings.exe [2012-8-16 507448]
.
c:\users\Reungoat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Reungoat\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2015-2-11 42555824]
Smart Settings.lnk - c:\program files\Dell\Feature Enhancement Pack\SmartSettings.exe [2012-8-16 507448]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2013-2-19 1393880]
Digital Line Detect.lnk - c:\program files (x86)\Digital Line Detect\DLG.exe [2013-1-22 50688]
NI Error Reporting.lnk - c:\program files (x86)\National Instruments\Shared\NI Error Reporting\nierserver.exe [2013-6-7 663896]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Smart Settings.lnk - c:\program files\Dell\Feature Enhancement Pack\SmartSettings.exe [2012-8-16 507448]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys;c:\windows\SYSNATIVE\DRIVERS\acsock64.sys [x]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x]
R3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 ggflt;SOMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys;c:\windows\SYSNATIVE\DRIVERS\ggflt.sys [x]
R3 ggsomc;SOMC USB Flash Driver;c:\windows\system32\DRIVERS\ggsomc.sys;c:\windows\SYSNATIVE\DRIVERS\ggsomc.sys [x]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys;c:\windows\SYSNATIVE\DRIVERS\netvsc60.sys [x]
R3 O2MDFRDR;O2MDFRDR;c:\windows\system32\drivers\O2MDFw7x64.sys;c:\windows\SYSNATIVE\drivers\O2MDFw7x64.sys [x]
R3 O2MDRRDR;O2MDRRDR;c:\windows\system32\drivers\O2MDRw7x64.sys;c:\windows\SYSNATIVE\drivers\O2MDRw7x64.sys [x]
R3 SIUSBXP;SIUSBXP;c:\windows\system32\drivers\SiUSBXp.sys;c:\windows\SYSNATIVE\drivers\SiUSBXp.sys [x]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [x]
R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys;c:\windows\SYSNATIVE\DRIVERS\VMBusVideoM.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
R3 WvPCR;WvPCR;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe [x]
R4 klflt;klflt;c:\windows\system32\DRIVERS\klflt.sys;c:\windows\SYSNATIVE\DRIVERS\klflt.sys [x]
R4 NIApplicationWebServer64;NI Application Web Server (64-bit);c:\program files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe;c:\program files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys;c:\windows\SYSNATIVE\DRIVERS\stdcfltn.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S1 klpd;klpd;c:\windows\system32\DRIVERS\klpd.sys;c:\windows\SYSNATIVE\DRIVERS\klpd.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
S1 networx;networx;c:\windows\system32\drivers\networx.sys;c:\windows\SYSNATIVE\drivers\networx.sys [x]
S1 nm3;Microsoft Network Monitor 3 Driver;c:\windows\system32\DRIVERS\nm3.sys;c:\windows\SYSNATIVE\DRIVERS\nm3.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 DFEPService;Dell Feature Enhancement Pack Service;c:\program files\Dell\Feature Enhancement Pack\DFEPService.exe;c:\program files\Dell\Feature Enhancement Pack\DFEPService.exe [x]
S2 EmbassyService;EmbassyService;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe [x]
S2 Garmin Core Update Service;Garmin Core Update Service;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [x]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe;c:\windows\SYSNATIVE\lxdncoms.exe [x]
S2 NIApplicationWebServer;NI Application Web Server;c:\program files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe;c:\program files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [x]
S2 nimDNSResponder;NI mDNS Responder Service;c:\program files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe;c:\program files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [x]
S2 NISystemWebServer;NI System Web Server;c:\program files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe;c:\program files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe [x]
S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files (x86)\PDF Architect\HelperService.exe;c:\program files (x86)\PDF Architect\HelperService.exe [x]
S2 PDF Architect Service;PDF Architect Service;c:\program files (x86)\PDF Architect\ConversionService.exe;c:\program files (x86)\PDF Architect\ConversionService.exe [x]
S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [x]
S2 Wave Authentication Manager Service;Wave Authentication Manager Service;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [x]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys;c:\windows\SYSNATIVE\DRIVERS\CAXHWAZL.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
S3 O2SDJRDR;O2SDJRDR;c:\windows\system32\DRIVERS\o2sdjw7x64.sys;c:\windows\SYSNATIVE\DRIVERS\o2sdjw7x64.sys [x]
S3 ST_ACCEL;STMicroelectronics Accelerometer Service;c:\windows\system32\DRIVERS\ST_ACCEL.sys;c:\windows\SYSNATIVE\DRIVERS\ST_ACCEL.sys [x]
S3 usb3Hub;USB-IF USB 3.0 Hub;c:\windows\system32\DRIVERS\usb3Hub.sys;c:\windows\SYSNATIVE\DRIVERS\usb3Hub.sys [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
S3 XHCIPort;USB-IF xHCI USB Host Controller;c:\windows\system32\DRIVERS\XHCIPort.sys;c:\windows\SYSNATIVE\DRIVERS\XHCIPort.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2015-02-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-22 00:04]
.
2015-03-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-05-28 00:27]
.
2015-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-05-28 00:27]
.
2015-02-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2935964518-2361115088-2651154713-1000Core.job
- c:\users\Reungoat\AppData\Local\Google\Update\GoogleUpdate.exe [2014-06-28 08:26]
.
2015-03-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2935964518-2361115088-2651154713-1000UA.job
- c:\users\Reungoat\AppData\Local\Google\Update\GoogleUpdate.exe [2014-06-28 08:26]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\Reungoat\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\Reungoat\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\Reungoat\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\Reungoat\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2011-12-08 16:45 139128 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2015-01-15 06:59 776520 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2015-01-15 06:59 776520 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2015-01-15 06:59 776520 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2015-01-15 06:59 776520 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2015-01-15 06:59 776520 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2011-12-08 16:45 139128 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"TdmNotify"="c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe" [2011-12-08 381296]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2013-08-16 1703424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2014-06-03 442352]
"NetWorx"="c:\program files\NetWorx\networx.exe" [2015-02-04 6638800]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2015-01-26 169768]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2014-06-03 172016]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2014-06-03 399856]
"DFEPApplication"="c:\program files\Dell\Feature Enhancement Pack\DFEPApplication.exe" [2012-08-15 7077432]
"DBRMTray"="c:\dell\DBRM\Reminder\DbrmTrayIcon.exe" [2011-03-08 227328]
"boinctray"="c:\program files\BOINC\boinctray.exe" [2014-12-11 67056]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2013-07-08 708952]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: samsungsetup.com\www
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Reungoat\AppData\Roaming\Mozilla\Firefox\Profiles\7r4gvv1o.default-1423976232471\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.16"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe
c:\windows\SysWOW64\lkads.exe
c:\program files (x86)\National Instruments\MAX\nimxs.exe
c:\program files (x86)\National Instruments\Shared\Security\nidmsrv.exe
c:\program files (x86)\National Instruments\Shared\niSvcLoc\nisvcloc.exe
c:\program files (x86)\National Instruments\Shared\Tagger\tagsrv.exe
c:\windows\system32\o2flash.exe
c:\windows\SysWOW64\lkcitdl.exe
c:\windows\SysWOW64\lktsrv.exe
c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avpui.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2015-03-02 09:21:14 - machine was rebooted
ComboFix-quarantined-files.txt 2015-03-01 23:21
.
Pre-Run: 169,268,396,032 bytes free
Post-Run: 168,436,695,040 bytes free
.
- - End Of File - - CED164DCFE5B4EC57ACAB03D345D8E83
 
redtarget.gif
Download BlueScreenView
Unzip downloaded file.
Double click on BlueScreenView.exe file to run the program.
When scanning is done, go Edit>Select All.
Go File>Save Selected Items, and save the report as BSOD.txt.
Open BSOD.txt in Notepad, copy all content, and paste it into your next reply.

redtarget.gif
Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


redtarget.gif
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

redtarget.gif
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.

redtarget.gif
Download Sophos Free Virus Removal Tool and save it to your desktop.
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
 
BlueScreenView did not find anything. Sophos scan is clean.

Results of screen317's Security Check version 0.99.97
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Kaspersky Anti-Virus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java 8 Update 31
Java version 32-bit out of Date!
Java 64-bit 8 Update 31
Adobe Flash Player 16.0.0.305
Adobe Reader XI
Mozilla Firefox (36.0)
````````Process Check: objlist.exe by Laurent````````
Kaspersky Lab Kaspersky Anti-Virus 14.0.0 avp.exe
Kaspersky Lab Kaspersky Anti-Virus 14.0.0 avpui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````


Farbar Service Scanner Version: 17-01-2015
Ran by Reungoat (administrator) on 02-03-2015 at 09:43:50
Running from "C:\Users\Reungoat\Desktop"
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****
 
Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download
51a5ce45263de-delfix.png
DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:
  • Activate UAC (optional; some users prefer to keep it off)
  • Remove disinfection tools
  • Create registry backup
  • Purge System Restore
  • Reset system settings
Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

11. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

12. Please, let me know, how your computer is doing.
 
Thanks but IE opened again in the taskbar while I was doing those checks. If it's not a virus/malware do you have an idea what it could be? Is there another way to get rid of it? I guess formating and reinstalling would be the last resort option.
I haven't deleted the tools yet.
 
Must be some Microsoft service/startup causing it.
It may be hard to investigate since we don't want to disable any Microsoft services/startups to test the issue.

One other option would be to create new admin account and see if it happens there.
 
It doesn't seem to happen in new admin account. If I transfer my profile to this new account and delete the current one, will it solve the problem or is it likley to transfer it?
 
I wanted to run DelFix before transfering my account but my AV deleted it. It was identified as a malware. Should I disable my AV before running it?
 
I've tried the diagnostic startup that uses only basic drivers and services only and diables microsoft services in the system configuation. There was no problem. I can now try to selectivily turn on the microsoft services in system configuration to find the trouble child. It will take while given the number of services. Please don't close the post until I let you know what I found. Thanks.
 
This might be interesting. Yesterday night I restarted my computer in clean boot mode (disabling startup and non microsoft services) and left the computer on without any program open. This morning there was no IE open in task manager. I launched Firefox and IE opened almost immidiately. Does that help? Any suggestion?
 
You have to do same investigation as you already proposed.
Start to re-enabling all disabled items but only one by one restarting computer each time until you find iexplore.exe trigger.
 
Yes. I ended up creating a new profile and transfering all my data last week-end because there was more than a hundred microsoft services to go check and the IE issue seem to happen a bit randomly. That was a pain as not everything transfered smoothly and I had to fix a few issues but it seemsto be OK now. Not problem with IE since.
 
Back