# a lot of problems with computer



## hachikolala (May 19, 2014)

Hello. I can't help myself with all the problems that my computer started to making me. In one month i have a lot of exams to do, and i can't use my computer normaly. I will elenc some of them: my computer doesn't recognize the usb device, i cant use the windows indexing, my windows features list is blank, i can't update important uptdates like microsoft security essentials and others. Can somebody help me please? Tnx and sorry for my english.


----------



## johnb35 (May 19, 2014)

You most likely are infected.  Can you browse the internet and download programs? If so, then do the following.

1.

Please download* AdwCleaner* by Xplode onto your Desktop.



•Please close all open programs and internet browsers.
•Double click on adwcleaner.exe to run the tool.
•Click on Scan.
•After the scan you will need to click on clean for it to delete the adware.
•Your computer will be rebooted automatically. A text file will open after the restart.
•Please post the content of that logfile in your reply.
•You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

2.

Please download *Junkware Removal Tool *to your desktop.

•Shutdown your antivirus to avoid any conflicts.
•Very important that you run the tool in this manner:
Right-mouse click JRT.exe and select Run as administrator
Do NOT just double-click it.
•The tool will open and start scanning your system.
•Please be patient as this can take a while to complete.
•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
•Post the contents of JRT.txt in your next message.

3.

Please download *Malwarebytes' Anti-Malware * and save it to your desktop.

Double-click *mbam-setup.exe* and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to
*Update Malwarebytes' Anti-Malware*
and *Launch Malwarebytes' Anti-Malware*
 
then click *Finish*.
If an update is found, it will download and install the latest version.  *Please keep updating until it says you have the latest version.*
Once the program has loaded, select *Perform quick scan*, then click *Scan*.
When the scan is complete, click *OK*, then *Show Results* to view the results.
Be sure that everything is checked, and click *Remove Selected*.
A log will be saved automatically which you can access by clicking on the *Logs* tab within Malwarebytes' Anti-Malware

If for some reason Malwarebytes will not install or run please download and run *Rkill.scr*,  *Rkill.exe*, or *Rkill.com*.  If you are still having issues running rkill then try downloading these renamed versions of the same program.

*EXPLORER.EXE*
*IEXPLORE.EXE*
*USERINIT.EXE*
*WINLOGON.EXE*

But *DO NOT *reboot the system and then try installing or running Malwarebytes.  If Rkill (which is a black box) appears and then disappears right away or you get a message saying rkill is infected, keep trying to run rkill until it over powers the infection and temporarily kills it.  Once a log appears on the screen, you can try running malwarebytes or downloading other programs.

Please post the log that Malwarebytes displays on your screen.

4.

Download *OTL* to your Desktop


•Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
•Click on Minimal Output at the top
•Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
◦When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.  Just post the OTL.txt file in your reply.

post the logs from the following 4 programs.

1.  Adwcleaner
2.  Junkware removal tool
3.  Malwarebytes
4.  OTL


----------



## hachikolala (May 19, 2014)

ok, and thank you for helping me


----------



## S.T.A.R.S. (May 20, 2014)

Malware scan says it found 0 items in all areas.
Why didn't you use the FULL SCAN type instead of THREAT SCAN?
It takes a little longer,but it's more thorough.


----------



## hachikolala (May 20, 2014)

and the otl file. im sorry, i will do it now!


----------



## voyagerfan99 (May 20, 2014)

Next time please just post the log in your reply instead of attaching it.


----------



## hachikolala (May 20, 2014)

OTL logfile created on: 20.5.2014 12:54:35  - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Karin\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000424 | Country: Slovenija | Language: SLV | Date Format: d.M.yyyy

5,78 Gb Total Physical Memory | 3,34 Gb Available Physical Memory | 57,82% Memory free
11,57 Gb Paging File | 9,07 Gb Available in Paging File | 78,44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 224,61 Gb Total Space | 166,33 Gb Free Space | 74,05% Space Free | Partition Type: NTFS
Drive D: | 241,05 Gb Total Space | 131,91 Gb Free Space | 54,72% Space Free | Partition Type: NTFS

Computer Name: KARIN-PC | User Name: Karin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014.05.20 00:54:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Karin\Downloads\OTL.exe
PRC - [2014.04.03 09:49:12 | 001,809,720 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014.04.03 09:49:12 | 000,857,912 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014.04.03 09:49:06 | 006,963,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
PRC - [2014.03.15 02:50:42 | 000,859,976 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014.02.11 17:08:58 | 002,288,928 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe
PRC - [2014.01.14 14:50:06 | 000,881,952 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe
PRC - [2013.12.21 08:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.09.12 12:06:22 | 001,337,752 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
PRC - [2012.05.30 21:55:26 | 001,112,968 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe
PRC - [2012.05.02 09:03:44 | 002,279,304 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe
PRC - [2012.04.25 14:18:10 | 000,784,264 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
PRC - [2012.02.21 20:55:24 | 001,104,208 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
PRC - [2012.02.21 20:55:18 | 001,014,096 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2012.02.13 16:02:24 | 000,031,624 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe
PRC - [2012.02.07 19:03:36 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2012.02.07 19:03:34 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2012.02.07 19:03:28 | 000,128,280 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
PRC - [2012.02.07 19:03:16 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
PRC - [2012.01.31 16:56:48 | 001,640,328 | ---- | M] (Samsung Electronics) -- C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe
PRC - [2011.11.25 14:41:36 | 000,645,896 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe
PRC - [2011.04.19 17:12:22 | 000,009,216 | ---- | M] (Vodafone) -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
PRC - [2011.04.19 17:12:18 | 000,408,576 | ---- | M] (Vodafone) -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe


========== Modules (No Company Name) ==========

MOD - [2014.05.16 05:13:03 | 010,580,992 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\3626154d624fe5bb38ddb0cf7c107dc9\System.Design.ni.dll
MOD - [2014.05.16 05:12:42 | 000,774,144 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\98c91b8d3f1d54c41ada5f37e0935303\System.Runtime.Remoting.ni.dll
MOD - [2014.05.16 05:12:41 | 000,627,200 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\4f66c3dc2cd6583df3fcc393edcb48a7\System.Transactions.ni.dll
MOD - [2014.05.16 05:12:39 | 006,611,456 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\dbc236ca6655e4e3839ee4f802eb3f99\System.Data.ni.dll
MOD - [2014.03.15 02:50:40 | 000,394,568 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppgooglenaclpluginchrome.dll
MOD - [2014.03.15 02:50:38 | 004,061,000 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll
MOD - [2014.03.15 02:50:35 | 000,716,616 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libglesv2.dll
MOD - [2014.03.15 02:50:34 | 000,100,168 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libegl.dll
MOD - [2014.03.15 02:50:32 | 001,647,432 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll
MOD - [2014.03.15 02:50:30 | 000,051,016 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll
MOD - [2014.03.04 07:57:21 | 000,261,632 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2014.02.12 14:34:35 | 002,297,856 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\868ad9d8acc0bf80a973c0e4e9cae4fa\System.Core.ni.dll
MOD - [2014.02.12 14:34:15 | 001,051,136 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\4412bbbb473c356b5ea3e1ea13b25f52\System.Management.ni.dll
MOD - [2014.02.12 12:43:40 | 000,212,992 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\b34b348a9935338b1282fd0c9309eb1f\System.ServiceProcess.ni.dll
MOD - [2014.02.12 12:42:51 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll
MOD - [2014.02.12 12:42:44 | 001,593,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll
MOD - [2014.02.12 12:42:41 | 000,688,640 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\f6db4a5f721a164ce945d0a28f2ca7bd\System.Security.ni.dll
MOD - [2014.02.12 12:42:41 | 000,025,600 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\4f5069e6497e5e6a381ab6aadf05d6a5\Accessibility.ni.dll
MOD - [2014.02.12 12:42:38 | 005,464,064 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll
MOD - [2014.02.12 12:42:33 | 000,978,432 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5b6ddf934128d538cd5cd77bf4209b93\System.Configuration.ni.dll
MOD - [2014.02.12 12:42:31 | 012,238,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\660ac5d6da77df8e86fb26f05c6a9816\PresentationCore.ni.dll
MOD - [2014.02.12 12:42:15 | 003,348,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1d696b2d3de530f7ee971070263667ff\WindowsBase.ni.dll
MOD - [2014.02.12 12:42:12 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll
MOD - [2014.02.12 12:42:06 | 011,499,520 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
MOD - [2013.09.05 01:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2013.01.15 18:47:56 | 000,893,248 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\webres.dll
MOD - [2011.11.25 14:42:50 | 000,499,976 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\plugin\PServerPlugin.dll
MOD - [2011.11.25 14:29:32 | 000,015,872 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\featureController.dll
MOD - [2011.11.25 14:28:26 | 000,484,352 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\DeviceProfile.dll
MOD - [2011.11.25 14:26:14 | 000,013,824 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\eventsSender.dll
MOD - [2011.08.17 17:48:24 | 000,322,048 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\log4cplus.dll
MOD - [2011.08.17 17:48:22 | 000,195,584 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\libgsoap.dll
MOD - [2011.08.17 17:41:36 | 000,400,384 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\sqlite3.dll
MOD - [2011.08.15 21:15:44 | 000,382,464 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtXml4.dll
MOD - [2011.08.15 21:12:04 | 002,603,520 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtCore4.dll
MOD - [2011.08.15 21:12:04 | 001,006,592 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtNetwork4.dll
MOD - [2011.08.15 20:23:00 | 000,062,464 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\zlib1.dll
MOD - [2011.04.19 17:12:12 | 000,308,736 | ---- | M] () -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\Vodafone.View.Taskbar.dll
MOD - [2011.02.17 02:03:20 | 000,203,776 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Settings\WinCRT.dll
MOD - [2010.11.21 05:24:08 | 002,927,616 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010.10.20 16:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2009.07.14 03:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll
MOD - [2006.08.12 13:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Settings\HookDllPS2.dll


========== Services (SafeList) ==========

SRV:*64bit:* - [2014.03.11 12:34:10 | 000,347,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:*64bit:* - [2014.03.11 12:34:10 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:*64bit:* - [2014.03.06 10:29:14 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:*64bit:* - [2013.09.15 08:42:17 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:*64bit:* - [2013.09.12 12:06:22 | 001,337,752 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)
SRV:*64bit:* - [2012.03.30 13:54:10 | 000,079,664 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe -- (ExpressCache)
SRV:*64bit:* - [2012.02.02 23:29:52 | 000,628,448 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV:*64bit:* - [2011.12.08 11:44:04 | 000,594,704 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)
SRV:*64bit:* - [2011.12.08 11:43:56 | 000,273,168 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:*64bit:* - [2011.12.08 11:43:48 | 000,618,256 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:*64bit:* - [2011.12.08 11:43:44 | 000,148,752 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:*64bit:* - [2011.12.05 10:30:50 | 000,659,968 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:*64bit:* - [2011.12.05 09:55:36 | 000,135,952 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV:*64bit:* - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014.04.03 09:49:12 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014.04.03 09:49:12 | 000,857,912 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014.03.03 20:30:45 | 000,279,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2014.01.14 14:50:06 | 000,881,952 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe -- (AdvancedSystemCareService7)
SRV - [2013.12.21 08:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.10.15 14:06:10 | 000,520,416 | ---- | M] (Futuremark) [On_Demand | Stopped] -- C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2013.09.11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013.09.05 11:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.04.24 15:37:56 | 000,169,752 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)
SRV - [2012.02.21 20:55:24 | 001,104,208 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2012.02.21 20:55:22 | 001,304,912 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
SRV - [2012.02.21 20:55:18 | 001,014,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2012.02.13 16:02:24 | 000,031,624 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe -- (SamsungDeviceConfigurationWinService)
SRV - [2012.02.07 19:03:36 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012.02.07 19:03:34 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012.02.07 19:03:28 | 000,128,280 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R)
SRV - [2012.02.07 19:03:16 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2011.04.19 17:12:22 | 000,009,216 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe -- (VmbService)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:*64bit:* - [2014.05.20 00:47:38 | 000,119,512 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:*64bit:* - [2014.05.05 20:19:07 | 000,100,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TeeDriverx64.sys -- (MEIx64)
DRV:*64bit:* - [2014.05.05 19:21:21 | 011,527,888 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwsw00.sys -- (NETwNs64)
DRV:*64bit:* - [2014.04.19 16:58:55 | 000,901,848 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:*64bit:* - [2014.04.19 16:53:29 | 008,873,688 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtsuvc.sys -- (rtsuvc)
DRV:*64bit:* - [2014.04.03 09:51:16 | 000,063,192 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:*64bit:* - [2014.04.03 09:50:58 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:*64bit:* - [2014.03.11 09:52:30 | 000,133,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:*64bit:* - [2014.03.03 20:30:29 | 005,363,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:*64bit:* - [2013.11.14 18:28:02 | 000,283,064 | ---- | M] (Disc Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:*64bit:* - [2013.10.02 04:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:*64bit:* - [2013.09.17 15:17:38 | 000,239,320 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:*64bit:* - [2013.09.17 15:17:38 | 000,220,232 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw)
DRV:*64bit:* - [2013.09.17 15:17:38 | 000,168,256 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:*64bit:* - [2013.09.17 15:17:38 | 000,062,136 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp)
DRV:*64bit:* - [2013.09.17 15:17:38 | 000,044,120 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\EpfwLWF.sys -- (EpfwLWF)
DRV:*64bit:* - [2013.09.15 08:51:32 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:*64bit:* - [2013.09.15 08:51:32 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:*64bit:* - [2013.09.15 07:55:17 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:*64bit:* - [2013.09.15 07:47:59 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:*64bit:* - [2013.09.15 07:47:58 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:*64bit:* - [2013.09.15 07:47:58 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:*64bit:* - [2013.07.01 14:51:36 | 000,342,528 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:*64bit:* - [2012.12.21 07:44:10 | 000,366,216 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:*64bit:* - [2012.11.08 13:41:34 | 000,418,632 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:*64bit:* - [2012.11.08 13:41:34 | 000,139,592 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:*64bit:* - [2012.07.24 21:58:00 | 000,088,832 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI)
DRV:*64bit:* - [2012.07.24 21:58:00 | 000,065,152 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3)
DRV:*64bit:* - [2012.07.24 21:58:00 | 000,032,512 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\EtronSTOR.sys -- (EtronSTOR)
DRV:*64bit:* - [2012.06.07 16:01:16 | 000,293,712 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:*64bit:* - [2012.03.30 13:54:16 | 000,095,024 | ---- | M] (Diskeeper Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\excsd.sys -- (excsd)
DRV:*64bit:* - [2012.03.30 13:54:16 | 000,023,344 | ---- | M] (Diskeeper Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\excfs.sys -- (excfs)
DRV:*64bit:* - [2012.03.26 06:24:02 | 003,341,904 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:*64bit:* - [2012.03.08 11:09:30 | 000,088,104 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxdiaga.sys -- (b06diag)
DRV:*64bit:* - [2012.02.22 18:33:36 | 000,539,176 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxois.sys -- (bxois)
DRV:*64bit:* - [2012.02.22 18:06:00 | 000,178,216 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxfcoe.sys -- (bxfcoe)
DRV:*64bit:* - [2012.02.22 16:27:02 | 000,157,288 | ---- | M] (Bigfoot Networks, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Xeno7x64.sys -- (BFN7x64)
DRV:*64bit:* - [2012.02.14 13:38:56 | 000,060,928 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (ibtfltcoex)
DRV:*64bit:* - [2012.01.24 17:44:00 | 000,529,448 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:*64bit:* - [2012.01.05 04:58:50 | 000,786,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:*64bit:* - [2011.12.05 10:22:58 | 000,195,584 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)
DRV:*64bit:* - [2011.12.05 10:22:58 | 000,195,584 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:*64bit:* - [2011.11.30 12:19:48 | 000,747,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)
DRV:*64bit:* - [2011.11.30 12:19:46 | 000,094,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)
DRV:*64bit:* - [2011.11.29 20:40:32 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:*64bit:* - [2011.10.25 19:57:38 | 000,213,504 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:*64bit:* - [2011.10.25 19:57:38 | 000,096,768 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:*64bit:* - [2011.09.22 15:39:44 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI)
DRV:*64bit:* - [2011.04.18 16:43:26 | 000,094,208 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV:*64bit:* - [2011.04.18 16:43:26 | 000,085,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV:*64bit:* - [2011.04.18 16:43:26 | 000,028,672 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_juextctrl.sys -- (huawei_ext_ctrl)
DRV:*64bit:* - [2011.04.18 16:43:24 | 000,413,696 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)
DRV:*64bit:* - [2011.04.18 16:43:24 | 000,219,008 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:*64bit:* - [2011.04.18 16:43:24 | 000,196,608 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_juwwanecm.sys -- (huawei_wwanecm)
DRV:*64bit:* - [2011.04.18 16:43:24 | 000,013,952 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter)
DRV:*64bit:* - [2011.04.18 16:43:22 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV:*64bit:* - [2010.11.21 05:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:*64bit:* - [2010.11.21 05:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:*64bit:* - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:*64bit:* - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:*64bit:* - [2009.11.16 16:45:24 | 000,042,192 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qd262x64.sys -- (ioatdma2)
DRV:*64bit:* - [2009.11.16 16:45:21 | 000,040,144 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qd162x64.sys -- (ioatdma1)
DRV:*64bit:* - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:*64bit:* - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:*64bit:* - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:*64bit:* - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:*64bit:* - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:*64bit:* - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:*64bit:* - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


----------



## hachikolala (May 20, 2014)

========== FireFox ==========

FF:*64bit:* - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:*64bit:* - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF:*64bit:* - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET SMART SECURITY\MOZILLA THUNDERBIRD [2014.05.19 13:00:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2014.05.19 13:00:52 | 000,000,000 | ---D | M]


========== Chrome  ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{googlemniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{googleageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: 
CHR - plugin: Widevine Content Decryption Module (Enabled) = C:\Users\Karin\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.2.464\_platform_specific\win_x86\widevinecdmadapter.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll
CHR - plugin: NPAdbExternal Plugin (Enabled) = C:\Users\Karin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fopdddcinljmpmioaklghcalngfhbaen\1.0.0_0\dll/NPAdbExternal.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
CHR - plugin: IntelÂ® Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: IntelÂ® Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: Java Deployment Toolkit 7.0.510.13 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll
CHR - plugin: Java(TM) Platform SE 7 U51 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll
CHR - Extension: Google Docs = C:\Users\Karin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\
CHR - Extension: Google Drive = C:\Users\Karin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Karin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Karin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Avira Browser Safety = C:\Users\Karin\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.1.13_0\
CHR - Extension: AdBlock = C:\Users\Karin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.34_0\
CHR - Extension: Save Sense (Edge) = C:\Users\Karin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlfekbihalclhgcbbdggcnjagkgflgkd\6.2.1.0_0\
CHR - Extension: Google Wallet = C:\Users\Karin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Booking.com = C:\Users\Karin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pficdecjkdlnacnnbkociacmdbpmhdoc\1.0.0.7_0\
CHR - Extension: Gmail = C:\Users\Karin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2014.05.19 19:19:43 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:*64bit:* - BHO: (ExplorerWnd Helper) - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Advanced SystemCare Browser Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:*64bit:* - HKLM\..\Toolbar: (no name) - {97ab88ef-346b-4179-a0b1-7445896547a5} - No CLSID value found.
O3:*64bit:* - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {97ab88ef-346b-4179-a0b1-7445896547a5} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:*64bit:* - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4:*64bit:* - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:*64bit:* - HKLM..\Run: [IgfxTray] C:\windows\SysNative\igfxtray.exe (Intel Corporation)
O4:*64bit:* - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MobileBroadband] C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe (Vodafone)
O4 - HKCU..\Run: [Advanced SystemCare 7] C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe (IObit)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
O9:*64bit:* - Extra Button: Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - Reg Error: Key error. File not found
O9:*64bit:* - Extra 'Tools' menuitem : Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - Reg Error: Key error. File not found
O9 - Extra Button: Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - Reg Error: Key error. File not found
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{31F598CF-6B9D-488D-8237-8C4EBE7ABF8B}: NameServer = 83.224.70.77 83.224.70.54
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{75477118-1E60-4D86-9E1B-211978A52E4B}: NameServer = 83.224.70.94 83.224.66.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7D0DB5DF-2E43-4F41-851F-C0328FD04764}: NameServer = 83.224.70.94 83.224.66.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A41E6B4E-E70E-41D6-9F5C-F48E2A193078}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DB15A7C3-9346-4712-8FE4-FC4C5DFC78D8}: NameServer = 83.224.70.93 83.224.66.134
O18:*64bit:* - Protocol\Handler\ms-help - No CLSID value found
O18:*64bit:* - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:*64bit:* - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:*64bit:* - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:*64bit:* - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:*64bit:* - HKLM\..comfile [open] -- "%1" %*
O35:*64bit:* - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37:*64bit:* - HKLM\...com [@ = ComFile] -- "%1" %*
O37:*64bit:* - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014.05.19 19:19:45 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2014.05.19 19:15:23 | 000,000,000 | ---D | C] -- C:\windows\temp
[2014.05.19 17:40:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2014.05.19 13:04:16 | 000,000,000 | ---D | C] -- C:\Users\Karin\AppData\Roaming\ESET
[2014.05.19 13:04:16 | 000,000,000 | ---D | C] -- C:\Users\Karin\AppData\Local\ESET
[2014.05.19 13:00:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
[2014.05.19 13:00:51 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2014.05.19 13:00:51 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2014.05.19 12:32:47 | 000,119,512 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\MBAMSwissArmy.sys
[2014.05.19 12:32:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014.05.19 12:32:30 | 000,088,280 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbamchameleon.sys
[2014.05.19 12:32:30 | 000,063,192 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mwac.sys
[2014.05.19 12:32:30 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2014.05.19 12:32:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014.05.19 01:03:11 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2014.05.19 00:44:07 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\windows\SysWow64\sqlite3.dll
[2014.05.16 23:01:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Browser Tab Search by Ask
[2014.05.16 18:07:33 | 000,000,000 | ---D | C] -- C:\d131813e5dd56b58a8b3
[2014.05.16 04:46:38 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2014.05.16 04:46:38 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2014.05.15 00:03:30 | 001,460,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\lsasrv.dll
[2014.05.15 00:03:29 | 003,969,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe
[2014.05.15 00:03:28 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe
[2014.05.15 00:03:28 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winlogon.exe
[2014.05.15 00:03:27 | 005,550,016 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
[2014.05.15 00:03:27 | 000,722,944 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\objsel.dll
[2014.05.15 00:03:26 | 000,538,112 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\objsel.dll
[2014.05.15 00:03:25 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KernelBase.dll
[2014.05.15 00:03:24 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cngprovider.dll
[2014.05.15 00:03:24 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\adprovider.dll
[2014.05.15 00:03:24 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\capiprovider.dll
[2014.05.15 00:03:24 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dpapiprovider.dll
[2014.05.15 00:03:24 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\cngprovider.dll
[2014.05.15 00:03:24 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\adprovider.dll
[2014.05.15 00:03:24 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\capiprovider.dll
[2014.05.15 00:03:24 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dpapiprovider.dll
[2014.05.15 00:03:24 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dimsroam.dll
[2014.05.15 00:03:24 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dimsroam.dll
[2014.05.15 00:03:23 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sspicli.dll
[2014.05.15 00:03:23 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wincredprovider.dll
[2014.05.15 00:03:22 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wincredprovider.dll
[2014.05.15 00:03:22 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sspisrv.dll
[2014.05.15 00:03:22 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\secur32.dll
[2014.05.08 03:00:31 | 000,000,000 | ---D | C] -- C:\671c667d9c08140e67b3d9c080cc92e2
[2014.05.06 18:35:28 | 000,000,000 | ---D | C] -- C:\b8d2f302cf194b9d99
[2014.05.05 23:42:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2014.05.05 23:42:16 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2014.05.05 23:42:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2014.05.05 23:03:36 | 000,000,000 | ---D | C] -- C:\Users\Karin\AppData\Local\Mozilla
[2014.05.05 23:03:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2014.05.05 20:39:24 | 000,000,000 | -HSD | C] -- C:\Users\Karin\AppData\Local\EmieUserList
[2014.05.05 20:39:24 | 000,000,000 | -HSD | C] -- C:\Users\Karin\AppData\Local\EmieSiteList
[2014.05.05 20:19:07 | 000,100,312 | ---- | C] (Intel Corporation) -- C:\windows\SysNative\drivers\TeeDriverx64.sys
[2014.05.05 19:21:21 | 011,527,888 | ---- | C] (Intel Corporation) -- C:\windows\SysNative\drivers\NETwsw00.sys
[2014.04.27 10:25:43 | 000,000,000 | ---D | C] -- C:\found.002
[2014.04.25 13:29:21 | 000,000,000 | --SD | C] -- C:\windows\SysNative\CompatTel
[2014.04.25 13:29:17 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\aepdu.dll
[2014.04.25 13:29:17 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\aeinv.dll
[2014.04.21 18:47:13 | 000,000,000 | ---D | C] -- C:\found.001
[2014.02.24 21:29:31 | 010,395,072 | ---- | C] (Webroot Software, Inc.) -- C:\Program Files (x86)\Common Files\wruninstall.exe
[8 C:\windows\SysNative\*.tmp files -> C:\windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014.05.20 00:54:17 | 000,026,768 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014.05.20 00:54:17 | 000,026,768 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014.05.20 00:51:23 | 000,781,790 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2014.05.20 00:51:23 | 000,654,140 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2014.05.20 00:51:23 | 000,122,012 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2014.05.20 00:47:38 | 000,119,512 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\MBAMSwissArmy.sys
[2014.05.20 00:47:05 | 000,000,828 | ---- | M] () -- C:\windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
[2014.05.20 00:46:43 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2014.05.20 00:46:40 | 363,491,327 | -HS- | M] () -- C:\hiberfil.sys
[2014.05.20 00:01:20 | 000,342,472 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2014.05.19 19:57:06 | 000,002,106 | ---- | M] () -- C:\windows\epplauncher.mif
[2014.05.19 19:19:43 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2014.05.19 19:16:04 | 000,000,000 | ---- | M] () -- C:\asc_rdflag
[2014.05.19 17:40:20 | 000,001,072 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2014.05.19 16:26:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
[2014.05.19 14:43:15 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat
[2014.05.19 13:00:54 | 000,002,011 | ---- | M] () -- C:\Users\Karin\Desktop\ESET Smart Security.lnk
[2014.05.19 12:32:34 | 000,001,108 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014.05.13 15:14:51 | 000,002,139 | ---- | M] () -- C:\Users\Public\Desktop\Advanced SystemCare 7.lnk
[2014.05.06 05:00:47 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2014.05.06 04:10:52 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2014.05.05 20:19:07 | 000,100,312 | ---- | M] (Intel Corporation) -- C:\windows\SysNative\drivers\TeeDriverx64.sys
[2014.05.05 19:21:21 | 011,527,888 | ---- | M] (Intel Corporation) -- C:\windows\SysNative\drivers\NETwsw00.sys
[2014.05.04 18:34:14 | 000,000,513 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts.ics
[2014.04.25 13:29:18 | 000,465,408 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\aepdu.dll
[2014.04.25 13:29:17 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\aeinv.dll
[8 C:\windows\SysNative\*.tmp files -> C:\windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014.05.19 19:16:04 | 000,000,000 | ---- | C] () -- C:\asc_rdflag
[2014.05.19 17:40:20 | 000,001,072 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2014.05.19 14:43:15 | 000,003,288 | ---- | C] () -- C:\bootsqm.dat
[2014.05.19 13:00:54 | 000,002,011 | ---- | C] () -- C:\Users\Karin\Desktop\ESET Smart Security.lnk
[2014.05.19 12:32:34 | 000,001,108 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014.04.19 16:53:27 | 003,907,288 | ---- | C] () -- C:\windows\SysWow64\RsDecode.dll
[2014.03.03 21:01:14 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2014.03.03 20:30:27 | 000,077,312 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2013.11.16 02:24:32 | 000,007,630 | ---- | C] () -- C:\Users\Karin\AppData\Local\Resmon.ResmonCfg
[2013.11.14 18:54:07 | 000,000,015 | ---- | C] () -- C:\Program Files\plugin.ini
[2013.11.14 16:53:51 | 000,000,022 | ---- | C] () -- C:\windows\GPU-Z.INI
[2013.11.14 16:39:41 | 000,766,100 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2013.11.14 12:02:26 | 000,217,176 | ---- | C] () -- C:\windows\SysWow64\unrar.dll
[2013.06.27 08:56:12 | 000,963,452 | ---- | C] () -- C:\windows\SysWow64\igcodeckrng600.bin
[2013.06.27 08:56:12 | 000,272,928 | ---- | C] () -- C:\windows\SysWow64\igvpkrng600.bin
[2011.04.18 16:39:56 | 000,226,364 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4

========== ZeroAccess Check ==========

[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014.03.25 04:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014.03.25 04:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >


----------



## johnb35 (May 20, 2014)

According to your logs, you have advanced system care, eset smart security installed.  Why would have Microsoft Security Essentials installed as well?  That means you have 3 antivirus programs installed.  Please do the following so I can see whats going on. 

*Download and Run ComboFix*
*If you already have Combofix, please delete this copy and download it again as it's being updated regularly.*

*Download this file* here :

*Combofix*


When the page loads click on the blue combofix download link next to the BleepingComputer Mirror.
Save the file to your windows desktop.  The combofix icon will look like this when it has downloaded to your desktop.





We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:


Close all open Windows including this one. 

Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found *here*.
Once these two steps have been completed, double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all. The scan could take a while, so please be patient.

Please click on I agree on the disclaimer window.
ComboFix will now install itself on to your computer. When it is done, a blue screen will appear as shown below.





ComboFix is now preparing to run. When it has finished ComboFix will automatically attempt to create a System Restore point so that if any problems occur while using the program you can restore back to your previous configuration. When ComboFix has finished creating the restore point, it will then backup your Windows Registry as shown in the image below.





Once the Windows Registry has finished being backed up, ComboFix will attempt to detect if you have the Windows Recovery Console installed. If you already have it installed, you can skip to this section and continue reading. Otherwise you will see the following message as shown below:





At the above message box, please click on the Yes button in order for ComboFix to continue. Please follow the steps and instructions given by ComboFix in order to finish the installation of the Recovery Console.

Please click on yes in the next window to continue scanning for malware.

ComboFix will now disconnect your computer from the Internet, so do not be surprised or concerned if you receive any warnings stating that you are no longer on the Internet. When ComboFix has finished it will automatically restore your Internet connection.

ComboFix will now start scanning your computer for known infections. This procedure can take some time, so please be patient.

While the program is scanning your computer, it will change your clock format, so do not be concerned when you see this happen. When ComboFix is finished it will restore your clock settings to their previous settings. You will also see the text in the ComboFix window being updated as it goes through the various stages of its scan. An example of this can be seen below.





When ComboFix has finished running, you will see a screen stating that it is preparing the log report.

This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.

When ComboFix has finished, it will automatically close the program and change your clock back to its original format. It will then display the log file automatically for you.  

Now you just click on the edit menu and click on select all, then click on the edit menu again and click on copy.  Then come to the forum in your reply and right click on your mouse and click on paste.  


If for some reason, if you try to run a program or open a file and you get an error message saying "illegal operation attempted on a registry key that has been marked for deletion", please just reboot your pc and you'll be fine. 


In your next reply please post:

The ComboFix log
An update on how your computer is running


I also need to see a log that combofix produces but doesn't show you.  Please navigate to C:\Qoobox and in that folder will be a file named add-remove programs.txt.  Open that file and copy and paste the contents back here.








Also need you to find this adwcleaner log and post it.

AdwCleaner[S2].txt


----------



## hachikolala (May 20, 2014)

.01 - Karin 20.05.2014  21:11:22.3.4 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1250.386.1033.18.5924.2853 [GMT 2:00]
Running from: c:\users\Karin\Downloads\ComboFix.exe
AV: ESET Smart Security 7.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
FW: Osebni požarni zid ESET *Enabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
SP: ESET Smart Security 7.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Infected copy of c:\windows\System32\cmd.exe was found and disinfected 
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-commandprompt_31bf3856ad364e35_6.1.7601.17514_none_e932cc2c30fc13b0\cmd.exe 
.
.
(((((((((((((((((((((((((   Files Created from 2014-04-20 to 2014-05-20  )))))))))))))))))))))))))))))))
.
.
2014-05-20 19:18 . 2014-05-20 19:18	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-05-19 22:12 . 2014-05-19 22:12	75888	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{DA3C8CF2-6BEF-42E7-886F-97616256143A}\offreg.dll
2014-05-19 11:04 . 2014-05-19 11:04	--------	d-----w-	c:\users\Karin\AppData\Local\ESET
2014-05-19 11:00 . 2014-05-19 11:00	--------	d-----w-	c:\program files\ESET
2014-05-19 10:32 . 2014-05-20 19:24	119512	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-19 10:32 . 2014-05-19 10:32	--------	d-----w-	c:\program files (x86)\Malwarebytes Anti-Malware
2014-05-19 10:32 . 2014-04-03 07:51	63192	----a-w-	c:\windows\system32\drivers\mwac.sys
2014-05-19 10:32 . 2014-04-03 07:51	88280	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2014-05-19 10:32 . 2014-04-03 07:50	25816	----a-w-	c:\windows\system32\drivers\mbam.sys
2014-05-19 09:12 . 2014-04-17 03:31	10651704	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{DA3C8CF2-6BEF-42E7-886F-97616256143A}\mpengine.dll
2014-05-19 01:24 . 2014-04-16 01:22	10651704	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{89616471-51E4-4064-9D52-3B54337EA55E}\mpengine.dll
2014-05-18 22:44 . 2010-08-30 06:34	536576	----a-w-	c:\windows\SysWow64\sqlite3.dll
2014-05-18 01:13 . 2014-04-16 01:22	10651704	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-05-16 21:01 . 2014-05-16 21:01	--------	d-----w-	c:\program files (x86)\Browser Tab Search by Ask
2014-05-16 20:52 . 2014-05-05 14:59	1031560	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7061C443-117D-4953-B004-D1BCC497EE32}\gapaengine.dll
2014-05-16 16:07 . 2014-05-16 16:07	--------	d-----w-	C:\d131813e5dd56b58a8b3
2014-05-16 02:46 . 2014-05-06 04:40	23544320	----a-w-	c:\windows\system32\mshtml.dll
2014-05-16 02:46 . 2014-05-06 03:00	84992	----a-w-	c:\windows\system32\mshtmled.dll
2014-05-16 02:46 . 2014-05-06 04:17	2724864	----a-w-	c:\windows\system32\mshtml.tlb
2014-05-16 02:46 . 2014-05-06 03:07	2724864	----a-w-	c:\windows\SysWow64\mshtml.tlb
2014-05-14 22:04 . 2014-03-25 02:43	14175744	----a-w-	c:\windows\system32\shell32.dll
2014-05-08 01:00 . 2014-05-08 01:01	--------	d-----w-	C:\671c667d9c08140e67b3d9c080cc92e2
2014-05-06 16:35 . 2014-05-06 16:36	--------	d-----w-	C:\b8d2f302cf194b9d99
2014-05-05 21:42 . 2014-05-05 21:42	--------	d-----w-	c:\program files\Microsoft Silverlight
2014-05-05 21:42 . 2014-05-05 21:42	--------	d-----w-	c:\program files (x86)\Microsoft Silverlight
2014-05-05 21:03 . 2014-05-05 21:03	--------	d-----w-	c:\users\Karin\AppData\Local\Mozilla
2014-05-05 18:39 . 2014-05-05 18:39	--------	d-sh--w-	c:\users\Karin\AppData\Local\EmieUserList
2014-05-05 18:39 . 2014-05-05 18:39	--------	d-sh--w-	c:\users\Karin\AppData\Local\EmieSiteList
2014-05-05 18:19 . 2014-05-05 18:19	100312	----a-w-	c:\windows\system32\drivers\TeeDriverx64.sys
2014-05-05 17:21 . 2014-05-05 17:21	11527888	----a-w-	c:\windows\system32\drivers\NETwsw00.sys
2014-04-27 08:25 . 2014-05-19 15:41	--------	d-----w-	C:\found.002
2014-04-25 11:29 . 2014-04-25 11:29	--------	d-s---w-	c:\windows\system32\CompatTel
2014-04-25 11:29 . 2014-04-25 11:29	465408	----a-w-	c:\windows\system32\aepdu.dll
2014-04-25 11:29 . 2014-04-25 11:29	424448	----a-w-	c:\windows\system32\aeinv.dll
2014-04-21 16:47 . 2014-04-21 16:47	--------	d-----w-	C:\found.001
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-19 19:28 . 2013-09-15 06:15	1389568	----a-w-	c:\windows\SysWow64\msxml6.dll
2014-05-19 13:31 . 2013-11-13 18:06	93223848	----a-w-	c:\windows\system32\MRT.exe
2014-05-05 14:59 . 2013-12-07 01:42	1031560	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-04-19 14:58 . 2014-04-19 14:58	901848	----a-w-	c:\windows\system32\drivers\Rt64win7.sys
2014-04-19 14:58 . 2014-04-19 14:58	73800	----a-w-	c:\windows\system32\RtNicProp64.dll
2014-04-19 14:58 . 2013-03-14 13:42	107552	----a-w-	c:\windows\system32\RTNUninst64.dll
2014-04-19 14:56 . 2014-04-19 14:56	2101848	----a-w-	c:\windows\system32\WavesGUILib64.dll
2014-04-19 14:56 . 2014-04-19 14:56	2825432	----a-w-	c:\windows\system32\RtPgEx64.dll
2014-04-19 14:56 . 2014-04-19 14:56	3872984	----a-w-	c:\windows\system32\drivers\RTKVHD64.sys
2014-04-19 14:56 . 2014-04-19 14:56	2792152	----a-w-	c:\windows\system32\RtkAPO64.dll
2014-04-19 14:56 . 2014-04-19 14:56	1024216	----a-w-	c:\windows\system32\RtkApi64.dll
2014-04-19 14:56 . 2014-04-19 14:56	624344	----a-w-	c:\windows\system32\RtDataProc64.dll
2014-04-19 14:56 . 2014-04-19 14:56	1286872	----a-w-	c:\windows\system32\RTCOM64.dll
2014-04-19 14:56 . 2014-04-19 14:56	56270848	----a-w-	c:\windows\system32\RCoRes64.dat
2014-04-19 14:56 . 2014-04-19 14:56	946392	----a-w-	c:\windows\system32\RCoInstII64.dll
2014-04-19 14:56 . 2014-04-19 14:56	14737496	----a-w-	c:\windows\system32\MaxxAudioRealtek64.dll
2014-04-19 14:56 . 2014-04-19 14:56	2037336	----a-w-	c:\windows\system32\MaxxAudioEQ64.dll
2014-04-19 14:56 . 2014-04-19 14:56	1033304	----a-w-	c:\windows\system32\MaxxAudioAPOShell64.dll
2014-04-19 14:56 . 2014-04-19 14:56	2770976	----a-w-	c:\windows\system32\FMAPO64.dll
2014-04-19 14:53 . 2014-04-19 14:53	8873688	----a-w-	c:\windows\system32\drivers\rtsuvc.sys
2014-04-19 14:53 . 2014-04-19 14:53	474328	----a-w-	c:\windows\system32\RtCamX64.dll
2014-04-19 14:53 . 2014-04-19 14:53	421592	----a-w-	c:\windows\SysWow64\RtCamX.dll
2014-04-19 14:53 . 2014-04-19 14:53	147160	----a-w-	c:\windows\RtsCM64.exe
2014-04-19 14:53 . 2014-04-19 14:53	2628312	----a-w-	c:\windows\RtCamU64.exe
2014-04-19 14:53 . 2014-04-19 14:53	3907288	----a-w-	c:\windows\SysWow64\RsDecode.dll
2014-03-31 07:35 . 2010-11-21 03:27	270496	------w-	c:\windows\system32\MpSigStub.exe
2014-03-27 19:32 . 2014-02-24 19:29	10395072	----a-w-	c:\program files (x86)\Common Files\wruninstall.exe
2014-03-11 07:52 . 2013-09-27 08:53	133928	----a-w-	c:\windows\system32\drivers\NisDrvWFP.sys
2014-03-10 16:17 . 2014-03-05 21:51	128288	----a-w-	c:\windows\system32\IObitSmartDefragExtension.dll
2014-03-06 09:31 . 2014-04-10 19:23	4096	----a-w-	c:\windows\system32\ieetwcollectorres.dll
2014-03-06 08:59 . 2014-04-10 19:23	66048	----a-w-	c:\windows\system32\iesetup.dll
2014-03-06 08:57 . 2014-04-10 19:23	548352	----a-w-	c:\windows\system32\vbscript.dll
2014-03-06 08:57 . 2014-04-10 19:23	48640	----a-w-	c:\windows\system32\ieetwproxystub.dll
2014-03-06 08:53 . 2014-04-10 19:23	2767360	----a-w-	c:\windows\system32\iertutil.dll
2014-03-06 08:40 . 2014-04-10 19:23	51200	----a-w-	c:\windows\system32\jsproxy.dll
2014-03-06 08:39 . 2014-04-10 19:23	33792	----a-w-	c:\windows\system32\iernonce.dll
2014-03-06 08:32 . 2014-04-10 19:23	574976	----a-w-	c:\windows\system32\ieui.dll
2014-03-06 08:29 . 2014-04-10 19:23	139264	----a-w-	c:\windows\system32\ieUnatt.exe
2014-03-06 08:29 . 2014-04-10 19:23	111616	----a-w-	c:\windows\system32\ieetwcollector.exe
2014-03-06 08:28 . 2014-04-10 19:23	752640	----a-w-	c:\windows\system32\jscript9diag.dll
2014-03-06 08:15 . 2014-04-10 19:23	940032	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2014-03-06 08:11 . 2014-04-10 19:23	5784064	----a-w-	c:\windows\system32\jscript9.dll
2014-03-06 08:09 . 2014-04-10 19:23	453120	----a-w-	c:\windows\system32\dxtmsft.dll
2014-03-06 08:03 . 2014-04-10 19:23	586240	----a-w-	c:\windows\system32\ie4uinit.exe
2014-03-06 08:02 . 2014-04-10 19:23	61952	----a-w-	c:\windows\SysWow64\iesetup.dll
2014-03-06 08:02 . 2014-04-10 19:23	455168	----a-w-	c:\windows\SysWow64\vbscript.dll
2014-03-06 08:01 . 2014-04-10 19:23	51200	----a-w-	c:\windows\SysWow64\ieetwproxystub.dll
2014-03-06 07:56 . 2014-04-10 19:23	38400	----a-w-	c:\windows\system32\JavaScriptCollectionAgent.dll
2014-03-06 07:48 . 2014-04-10 19:23	195584	----a-w-	c:\windows\system32\msrating.dll
2014-03-06 07:46 . 2014-04-10 19:23	4254720	----a-w-	c:\windows\SysWow64\jscript9.dll
2014-03-06 07:42 . 2014-04-10 19:23	296960	----a-w-	c:\windows\system32\dxtrans.dll
2014-03-06 07:38 . 2014-04-10 19:23	112128	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2014-03-06 07:36 . 2014-04-10 19:23	592896	----a-w-	c:\windows\SysWow64\jscript9diag.dll
2014-03-06 07:21 . 2014-04-10 19:23	628736	----a-w-	c:\windows\system32\msfeeds.dll
2014-03-06 07:13 . 2014-04-10 19:23	32256	----a-w-	c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-03-06 07:11 . 2014-04-10 19:23	2043904	----a-w-	c:\windows\system32\inetcpl.cpl
2014-03-06 06:53 . 2014-04-10 19:23	13551104	----a-w-	c:\windows\system32\ieframe.dll
2014-03-06 06:40 . 2014-04-10 19:23	1967104	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2014-03-06 06:22 . 2014-04-10 19:23	2260480	----a-w-	c:\windows\system32\wininet.dll
2014-03-06 05:58 . 2014-04-10 19:23	1400832	----a-w-	c:\windows\system32\urlmon.dll
2014-03-06 05:50 . 2014-04-10 19:23	846336	----a-w-	c:\windows\system32\ieapfltr.dll
2014-03-06 05:41 . 2014-04-10 19:23	1789440	----a-w-	c:\windows\SysWow64\wininet.dll
2014-03-04 09:44 . 2014-04-09 16:38	362496	----a-w-	c:\windows\system32\wow64win.dll
2014-03-04 09:44 . 2014-04-09 16:38	243712	----a-w-	c:\windows\system32\wow64.dll
2014-03-04 09:44 . 2014-04-09 16:38	13312	----a-w-	c:\windows\system32\wow64cpu.dll
2014-03-04 09:44 . 2014-04-09 16:38	16384	----a-w-	c:\windows\system32\ntvdm64.dll
2014-03-04 09:44 . 2014-04-09 16:38	1163264	----a-w-	c:\windows\system32\kernel32.dll
2014-03-04 09:17 . 2014-04-09 16:38	14336	----a-w-	c:\windows\SysWow64\ntvdm64.dll
2014-03-04 09:17 . 2014-04-09 16:38	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2014-03-04 09:16 . 2014-04-09 16:38	25600	----a-w-	c:\windows\SysWow64\setup16.exe
2014-03-04 09:16 . 2014-04-09 16:38	5120	----a-w-	c:\windows\SysWow64\wow32.dll
2014-03-04 08:09 . 2014-04-09 16:38	7680	----a-w-	c:\windows\SysWow64\instnm.exe
2014-03-04 08:09 . 2014-04-09 16:38	2048	----a-w-	c:\windows\SysWow64\user.exe
2014-03-03 19:32 . 2014-03-03 19:32	1795952	----a-w-	c:\windows\system32\WdfCoInstaller01011.dll
2014-03-03 18:56 . 2014-03-03 18:56	947760	----a-w-	c:\windows\system32\SFSS_APO.dll
2014-03-03 18:56 . 2014-03-03 18:56	1958616	----a-w-	c:\windows\system32\RTSnMg64.cpl
2014-03-03 18:56 . 2014-03-03 18:56	7164176	----a-w-	c:\windows\system32\R4EEP64A.dll
2014-03-03 18:56 . 2014-03-03 18:56	75024	----a-w-	c:\windows\system32\R4EEG64A.dll
2014-03-03 18:56 . 2014-03-03 18:56	434960	----a-w-	c:\windows\system32\R4EED64A.dll
2014-03-03 18:56 . 2014-03-03 18:56	141584	----a-w-	c:\windows\system32\R4EEL64A.dll
2014-03-03 18:56 . 2014-03-03 18:56	124176	----a-w-	c:\windows\system32\R4EEA64A.dll
2014-03-03 18:56 . 2014-03-03 18:56	662784	----a-w-	c:\windows\system32\MaxxVolumeSDAPO.dll
2014-03-03 18:56 . 2014-03-03 18:56	663296	----a-w-	c:\windows\system32\MaxxAudioAPO30.dll
2014-03-03 18:56 . 2014-03-03 18:56	6217904	----a-w-	c:\windows\system32\DDPP64A.dll
2014-03-03 18:56 . 2014-03-03 18:56	313520	----a-w-	c:\windows\system32\DDPO64A.dll
2014-03-03 18:56 . 2014-03-03 18:56	1938608	----a-w-	c:\windows\system32\DDPD64A.dll
2014-03-03 18:56 . 2014-03-03 18:56	260272	----a-w-	c:\windows\system32\DDPA64.dll
2014-03-03 18:56 . 2014-03-03 18:56	209096	----a-w-	c:\windows\system32\AERTAC64.dll
2014-03-03 18:56 . 2014-03-03 18:56	113576	----a-w-	c:\windows\system32\CONEQMSAPOGUILibrary.dll
2014-03-03 18:30 . 2014-03-03 18:30	279024	----a-w-	c:\windows\SysWow64\IntelCpHeciSvc.exe
2014-03-03 18:30 . 2014-03-03 18:30	116224	----a-w-	c:\windows\system32\igfxCoIn_v3347.dll
2014-03-03 18:30 . 2014-03-03 18:30	172016	----a-w-	c:\windows\system32\igfxtray.exe
2014-03-03 18:30 . 2014-03-03 18:30	410624	----a-w-	c:\windows\system32\igfxTMM.dll
2014-03-03 18:30 . 2014-03-03 18:30	515568	----a-w-	c:\windows\system32\igfxsrvc.exe
2014-03-03 18:30 . 2014-03-03 18:30	437760	----a-w-	c:\windows\system32\igfxrtrk.lrc
2014-03-03 18:30 . 2014-03-03 18:30	437760	----a-w-	c:\windows\system32\igfxrsve.lrc
2014-03-03 18:30 . 2014-03-03 18:30	437248	----a-w-	c:\windows\system32\igfxrtha.lrc
2014-03-03 18:30 . 2014-03-03 18:30	437760	----a-w-	c:\windows\system32\igfxrslv.lrc
2014-03-03 18:30 . 2012-03-26 16:39	64000	----a-w-	c:\windows\system32\igfxsrvc.dll
2014-03-03 18:30 . 2014-03-03 18:30	439296	----a-w-	c:\windows\system32\igfxrrus.lrc
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 7"="c:\program files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" [2014-02-11 2288928]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-11-14 20584608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"MobileBroadband"="c:\program files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe" [2011-04-19 408576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"DisableLocalMachineRun"= 0 (0x0)
"DisableLocalMachineRunOnce"= 0 (0x0)
"DisableCurrentUserRun"= 0 (0x0)
"DisableCurrentUserRunOnce"= 0 (0x0)
"NoFile"= 0 (0x0)
"HideClock"= 0 (0x0)
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 ALSysIO;ALSysIO; [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\drivers\asmthub3.sys;c:\windows\SYSNATIVE\drivers\asmthub3.sys [x]
R3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\drivers\asmtxhci.sys;c:\windows\SYSNATIVE\drivers\asmtxhci.sys [x]
R3 b06diag;Broadcom NetXtreme II Diag Driver;c:\windows\system32\drivers\bxdiaga.sys;c:\windows\SYSNATIVE\drivers\bxdiaga.sys [x]
R3 BFN7x64;Bigfoot Networks Killer Gaming Service;c:\windows\system32\drivers\Xeno7x64.sys;c:\windows\SYSNATIVE\drivers\Xeno7x64.sys [x]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
R3 bxfcoe;bxfcoe;c:\windows\system32\drivers\bxfcoe.sys;c:\windows\SYSNATIVE\drivers\bxfcoe.sys [x]
R3 bxois;bxois;c:\windows\system32\drivers\bxois.sys;c:\windows\SYSNATIVE\drivers\bxois.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\System32\Drivers\EtronHub3.sys;c:\windows\SYSNATIVE\Drivers\EtronHub3.sys [x]
R3 EtronSTOR;Etron Enhance USB BOT/UASP Mass Storage Driver;c:\windows\System32\Drivers\EtronSTOR.sys;c:\windows\SYSNATIVE\Drivers\EtronSTOR.sys [x]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\System32\Drivers\EtronXHCI.sys;c:\windows\SYSNATIVE\Drivers\EtronXHCI.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\SystemInfo\FMSISvc.exe;c:\program files (x86)\Futuremark\SystemInfo\FMSISvc.exe [x]
R3 GPUZ;GPUZ; [x]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juextctrl.sys [x]
R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juwwanecm.sys [x]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 ioatdma1;ioatdma1;c:\windows\System32\Drivers\qd162x64.sys;c:\windows\SYSNATIVE\Drivers\qd162x64.sys [x]
R3 ioatdma2;Intel(R) QuickData Technology device ver.2;c:\windows\System32\Drivers\qd262x64.sys;c:\windows\SYSNATIVE\Drivers\qd262x64.sys [x]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys;c:\windows\SYSNATIVE\drivers\nusb3hub.sys [x]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys;c:\windows\SYSNATIVE\drivers\nusb3xhc.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x]
S0 excsd;ExpressCache Storage Filter Driver;c:\windows\system32\DRIVERS\excsd.sys;c:\windows\SYSNATIVE\DRIVERS\excsd.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys;c:\windows\SYSNATIVE\DRIVERS\EpfwLWF.sys [x]
S1 excfs;ExpressCache File System Filter Driver;c:\windows\system32\DRIVERS\excfs.sys;c:\windows\SYSNATIVE\DRIVERS\excfs.sys [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys;c:\windows\SYSNATIVE\Drivers\SABI.sys [x]
S2 AdvancedSystemCareService7;Advanced SystemCare Service 7;c:\program files (x86)\IObit\Advanced SystemCare 7\ASCService.exe;c:\program files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [x]
S2 ExpressCache;ExpressCache;c:\program files\Diskeeper Corporation\ExpressCache\ExpressCache.exe;c:\program files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 SamsungDeviceConfigurationWinService;SamsungDeviceConfiguration;c:\program files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe;c:\program files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 VmbService;Storitev Vodafone Mobile Broadband ;c:\program files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe;c:\program files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [x]
S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
S3 ETD;Samsung PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ew_usbenumfilter.sys [x]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbnet.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 ibtfltcoex;ibtfltcoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 rtsuvc;Realtek USB2.0 PC Camera;c:\windows\system32\DRIVERS\rtsuvc.sys;c:\windows\SYSNATIVE\DRIVERS\rtsuvc.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - MBAMWEBACCESSCONTROL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-16 09:46	1150280	----a-w-	c:\program files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-04-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-13 17:24]
.
2014-04-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-13 17:24]
.
2014-05-20 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 12:41]
.
2014-05-19 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 12:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
2014-03-03 17:53	2471744	----a-w-	c:\program files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2014-03-03 172016]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2013-09-12 5618456]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: Interfaces\{31F598CF-6B9D-488D-8237-8C4EBE7ABF8B}: NameServer = 83.224.70.77 83.224.70.54
TCP: Interfaces\{75477118-1E60-4D86-9E1B-211978A52E4B}: NameServer = 83.224.70.94 83.224.66.138
TCP: Interfaces\{7D0DB5DF-2E43-4F41-851F-C0328FD04764}: NameServer = 83.224.70.78 83.224.70.62
TCP: Interfaces\{DB15A7C3-9346-4712-8FE4-FC4C5DFC78D8}: NameServer = 83.224.70.93 83.224.66.134
.
.
------- File Associations -------
.
inifile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
JSEFile="%SystemRoot%\System32\WScript.exe" "%1" %*
txtfile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
Toolbar-Locked - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Malwarebytes Anti-Malware\mbam.exe
c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe
c:\program files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe
c:\program files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
c:\program files (x86)\Samsung\Easy Settings\SmartSetting.exe
c:\program files (x86)\Samsung\Easy Settings\dmhkcore.exe
.
**************************************************************************
.
Completion time: 2014-05-20  21:28:17 - machine was rebooted
ComboFix-quarantined-files.txt  2014-05-20 19:28
.
Pre-Run: 178.923.065.344 bytes free
Post-Run: The system cannot find message text for message number 0x2379 in the message file for Application.
.
- - End Of File - - 15785066F571DE343ACA2E606AE19731


----------



## hachikolala (May 20, 2014)

Adobe Reader XI (11.0.06) - Slovenian
Advanced SystemCare 7
DAEMON Tools Lite
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Driver Booster
Easy Settings
Futuremark SystemInfo
Google Chrome
Google Update Helper
Intel(R) Manageability Engine Firmware Recovery Agent
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) Rapid Storage Technology
IObit Uninstaller
Java 7 Update 55
Java Auto Updater
K-Lite Codec Pack 10.1.0 Full
Malwarebytes Anti-Malware version 2.0.1.1004
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
PCMark 8
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek PC Camera
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2878284) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2863926) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Skype™ 6.11
Surfing Protection
Tropico 4 1.00
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition
Update for Microsoft Visio 2010 (KB2553444) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
VLC media player 2.1.3
Vodafone Mobile Broadband Lite
WinZip 17.0


----------



## hachikolala (May 20, 2014)

# AdwCleaner v3.209 - Report created 19/05/2014 at 00:44:48
# Updated 18/05/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Karin - KARIN-PC
# Running from : C:\Users\Karin\Downloads\adwcleaner_3.209.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : F06DEFF2-5B9C-490D-910F-35D3A9119622
[#] Service Deleted : SafetyNutManager

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\SafetyNut
Folder Deleted : C:\Program Files (x86)\AnyProtectEx
File Deleted : C:\Users\Karin\daemonprocess.txt
File Deleted : C:\Users\Karin\AppData\Roaming\Mozilla\Firefox\Profiles\g360kd0r.default\user.js
File Deleted : C:\windows\System32\Tasks\Driver Booster Update

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Value Deleted : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x64]
Value Deleted : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x86]
Value Deleted : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x64]
Value Deleted : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x86]
Key Deleted : HKLM\Software\SafetyNut
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jumpflip
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchinstaller.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings64.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umbrella.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\volaro
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vonteera
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroids.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroidsservice.exe

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041


-\\ Mozilla Firefox v29.0 (sl)

[ File : C:\Users\Karin\AppData\Roaming\Mozilla\Firefox\Profiles\g360kd0r.default\prefs.js ]


-\\ Google Chrome v33.0.1750.154

[ File : C:\Users\Karin\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Extension] : fjbbjfdilbioabojmcplalojlmdngbjl
Deleted [Extension] : gkcefkcdkepgkpbgncjchhbjgoanleod

*************************

AdwCleaner[R0].txt - [2191 octets] - [25/01/2014 12:10:15]
AdwCleaner[R1].txt - [1039 octets] - [02/03/2014 21:31:48]
AdwCleaner[R2].txt - [5088 octets] - [19/05/2014 00:43:37]
AdwCleaner[S0].txt - [2209 octets] - [25/01/2014 12:13:57]
AdwCleaner[S1].txt - [1063 octets] - [02/03/2014 21:32:55]
AdwCleaner[S2].txt - [4484 octets] - [19/05/2014 00:44:48]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [4544 octets] ##########


----------



## hachikolala (May 20, 2014)

My computer isnt working ok, i have two times blue screen, i still cant use start search, if i do i have an error message windows explorer has stoped working and usb still is not recognized. so nothing changed.


----------



## johnb35 (May 20, 2014)

I don't have time right now to go through these logs but I did notice you have 2 files 

C:\found.001
C:\found.002

meaning you may have a failing hard drive on your hands.  Do you know what brand of hard drive you have?  You need to run a diagnostic on it.  

Please run the following and post the log as well.

Please download and run TDSSkiller

When the program opens, click on the start scan button.






TDSSKiller will now scan your computer for the TDSS infection. When the scan has finished it will display a result screen stating whether or not the infection was found on your computer. If it was found it will display a screen similar to the one below.






To remove the infections simply click on the Continue button and TDSSKiller will attempt to clean them or remove them.

After trying to clean them it will pop up with the results of the scan and its actions.






Please reboot the system if asked to do so. 

After running there will be a log that will be located at the root of your c:\ drive labeled tdsskiller with a series of numbers after it example,  C:\TDSSKiller.2.4.7_23.07.2010_15.31.43_log.txt  

Please open the log and copy and paste it back here.


----------



## hachikolala (May 20, 2014)

nothing found


----------



## johnb35 (May 20, 2014)

Ok, I have to leave here in like 10 minutes so let me know what brand of hard drive you have so we can run a diagnostic on it.  Also you will need to remove some files so I will give you the next step when I get back home in a few hours.


----------



## hachikolala (May 20, 2014)

can i ask you something, maybe is silly and does not mean anything but this capture my atention, a part of log from combofix:

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDevMgrUpdate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoSetTaskbar = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDeletePrinter = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDFSTab = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoChangeStartMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoEncryptOnMove = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoRunasInstallPrompt = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoResolveSearch = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoResolveTrack = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoHardwareTab = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoStartMenuSubFolders = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorAdmin = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDevMgrUpdate = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoSetTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDeletePrinter = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDFSTab = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoChangeStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoEncryptOnMove = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoRunasInstallPrompt = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoResolveSearch = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoResolveTrack = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoHardwareTab = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoStartMenuSubFolders = 0
O9:64bit: - Extra Button: Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - Reg Error: Key error. File not found
O9:64bit: - Extra 'Tools' menuitem : Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - Reg Error: Key error. File not found
O9 - Extra Button: Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - Reg Error: Key error. File not found
O13 - gopher Prefix: missing


is significant and explain my problem or no? dont know...


----------



## hachikolala (May 20, 2014)

System Information Report

General        
                Operating System        Microsoft Windows 7 Ultimate 
                Central Processor        Intel(R) Core(TM) i5-2537M CPU @ 1.40GHz
                User Name        Karin
Graphics        
                Video Adapter        Intel(R) HD Graphics 3000
                Video Memory        0 Byte
                Screen Resolution        1366 x 768
Storage        
                Total Memory        5,78 GB
                Free Memory        2,75 GB
                Total Hard disk        465,66 GB
                Free Hard disk        298,42 GB
I/O        
                Mouse        Samsung PS/2 Port Input Device
                Keyboard        Standard PS/2 Keyboard
Computer System        
                Computer Name        KARIN-PC
                User Name        Karin
                Organization        N/A
Operating System        
                OS Name        Microsoft Windows 7 Ultimate 
                OS Version        6.1.7601
                Service Pack        1.0
                Product ID        00426-OEM-8992662-00015
                System Up Time        20.5.2014 10:17:47 
                Internet Explorer Version        11.0.9600.17107
                Microsoft DirectX Version        DirectX 11
                OpenGL Version        6.1.7600.16385 (win7_rtm.090713-1255)
Registry        
                Maximum Size        2048 MB
                Current Size        111 MB
                Status        OK
Central Processor        
                CPU Name        Intel(R) Core(TM) i5-2537M CPU @ 1.40GHz
                Code Name        N/A
                Manufacturer        GenuineIntel
                Current Clock Speed        1401 Mhz
                Max Clock Speed        1401 Mhz
                Voltage        0,9V
                External Clock        100 Mhz
                Serial Number        BFEBFBFF000206A7
                CPU ID        Intel64 Family 6 Model 42 Stepping 7
                Socket Designation        CPU Socket - U3E1
                L1-Cache        32 KB
                L1-Cache        32 KB
                L2-Cache        256 KB
                L3-Cache        3072 KB
Motherboard        
                Model        SAMSUNG_NP1234567890
                Manufacturer        SAMSUNG ELECTRONICS CO., LTD.
                Serial Number        123490EN400015
                BIOS Name        Phoenix BIOS SC-T v2.2 P14AAJ
                BIOS Vendor        Phoenix Technologies Ltd.
                SMBIOS Version        P14AAJ
                BIOS Date        15.4.2013
BIOS Features        
                PCI is supported        Yes
                BIOS is Upgradable (Flash)        Yes
                BIOS shadowing is allowed        Yes
                Boot from CD is supported        Yes
                Selectable Boot is supported        Yes
                EDD (Enhanced Disk Drive) Specification is supported        Yes
                Int 5h, Print Screen Service is supported        Yes
                Int 9h, 8042 Keyboard services are supported        Yes
                Int 14h, Serial Services are supported        Yes
                Int 17h, printer services are supported        Yes
                Int 10h, CGA/Mono Video Services are supported        Yes
                NEC PC-98        Yes
                ACPI supported        Yes
                USB Legacy is supported        Yes
Memory Resource        
                Total Memory        5,78 GB
                Used Memory        3,04 GB
                Free Memory        2,75 GB
                Memory Usage        52%
Physical Memory        
                Memory Bank        BANK 0
                Description        Physical Memory 0
                Device Locator        ChannelA-DIMM0
                Capacity        4,00 GB
                Speed        1333 Mhz
                Manufacturer        Elpida
                Data Width        64 bit
                Memory Type        Unknown
                Form Factor        SODIMM
Physical Memory        
                Memory Bank        BANK 2
                Description        Physical Memory 2
                Device Locator        ChannelB-DIMM0
                Capacity        2,00 GB
                Speed        1333 Mhz
                Manufacturer        Samsung
                Data Width        64 bit
                Memory Type        Unknown
                Form Factor        SODIMM
Disk Drives        
                Name        HGST HTS545050A7E380
                Media Type        Fixed hard disk media
                Capability        465,76 GB
                Interface Type        IDE
                Partitions        3
                Total Cylinders        60801
                Total Heads        255
                Total Sectors        976768065
                Total Tracks        15504255
                Tracks Per Cylinder        255
                Bytes Per Sector        512
                Sectors Per Track        63
                S.M.A.R.T Support        Yes
                Current Temperature        0C (32F)
Disk Drives        
                Name        SanDisk SSD i100 24GB
                Media Type        Fixed hard disk media
                Capability        22,36 GB
                Interface Type        IDE
                Partitions        1
                Total Cylinders        2919
                Total Heads        255
                Total Sectors        46893735
                Total Tracks        744345
                Tracks Per Cylinder        255
                Bytes Per Sector        512
                Sectors Per Track        63
                S.M.A.R.T Support        Yes
                Current Temperature        0C (32F)
Disk Drives        
                Name        Vodafone Storage (Huawei) USB Device
                Media Type        NULL
                Capability        0 Byte
                Interface Type        USB
                Partitions        0
                Total Cylinders        NULL
                Total Heads        NULL
                Total Sectors        NULL
                Total Tracks        NULL
                Tracks Per Cylinder        NULL
                Bytes Per Sector        NULL
                Sectors Per Track        NULL
                S.M.A.R.T Support        Yes
                Current Temperature        0C (32F)
CD-ROM Drive        
                Name        DTSOFT Virtual CdRom Device
                Drive        E:
                Transfer Rate        -1
                Status        OK
CD-ROM Drive        
                Name        Vodafone CD ROM (Huawei) USB Device
                Drive        F:
                Transfer Rate        -1
                Status        OK
IDE Controller        
                Name        Intel(R) 7 Series Chipset Family SATA AHCI Controller
                Manufacturer        Intel
                Status        OK
Video Adapter        
                Name        Intel(R) HD Graphics 3000
                Video Processor        Intel(R) HD Graphics Family
                Manufacturer        Intel Corporation
                Video Architecture        VGA
                DAC Type        Internal
                Memory Size        0 Byte
                Memory Type        Unknown
                Video Mode        1366 x 768 x 4294967296 colors
                Current Refresh Rate        60 Hz
                Driver Version        9.17.10.3347
                Driver Date        31.10.2013
Monitor        
                Name        Generic PnP Monitor
                Screen Height        768
                Screen Width        1366
                Status        OK
Wireless Network Connection        
                Product Name        Intel(R) Centrino(R) Advanced-N 6235
                Service Name        NETwNs64
                Manufacturer        Intel Corporation
                MAC Address        C4:85:08:55:EE:57
Local Area Connection        
                Product Name        Realtek PCIe GBE Family Controller
                Service Name        RTL8167
                Manufacturer        Realtek
                MAC Address        E8:03:9AB:EA:88
Mobile Broadband Connection 4        
                Product Name        Vodafone Mobile Broadband Network Adapter (Huawei)
                Service Name        ewusbnet
                Manufacturer        HUAWEI Incorporated
                MAC Address        00:1E:10:1F:7F:B6
Sound Device        
                Name        Realtek High Definition Audio
                Manufacturer        Realtek
                Status        OK
Mouse        
                Name        Samsung PS/2 Port Input Device
                Manufacturer        ELAN
                Buttons        0
                Status        OK
Keyboard        
                Name        Standard PS/2 Keyboard
                Description        Enhanced (101- or 102-key)
                Function Keys        12
                Status        OK
USB Controller        
                Product Name        Vodafone Mobile Broadband Bus Enumerate Device(Huawei)
                Manufacturer        HUAWEI Technologies CO.,LTD
                Protocol Supported        Universal Serial Bus
                Status        OK
USB Controller        
                Product Name        Intel(R) 7 Series/C216 Chipset Family USB Enhanced Host Controller - 1E26
                Manufacturer        Intel
                Protocol Supported        Universal Serial Bus
                Status        OK
USB Controller        
                Product Name        Intel(R) 7 Series/C216 Chipset Family USB Enhanced Host Controller - 1E2D
                Manufacturer        Intel
                Protocol Supported        Universal Serial Bus
                Status        OK
USB Controller        
                Product Name        Intel(R) USB 3.0 eXtensible Host Controller
                Manufacturer        Intel(R) Corporation
                Protocol Supported        Universal Serial Bus
                Status        OK


----------



## voyagerfan99 (May 20, 2014)

That's a WD drive. Read here on how to make a bootable USB diagnostic tool.

http://www.hgst.com/support/downloads/legacy-downloads


----------



## johnb35 (May 21, 2014)

voyagerfan99 said:


> That's a* Hitachi* drive. Read here on how to make a bootable USB diagnostic tool.
> 
> http://www.hgst.com/support/downloads/legacy-downloads



Fixed lol


----------



## voyagerfan99 (May 21, 2014)

johnb35 said:


> Fixed lol



*Ahem* 



> HGST, Inc. is a wholly owned subsidiary of Western Digital that sells hard disk drives, solid-state drives, and external storage products and services.



It _used_ to be Hitatchi


----------



## johnb35 (May 21, 2014)

When did that happen?  

I still use drive fitness test on them.


----------



## voyagerfan99 (May 21, 2014)

johnb35 said:


> When did that happen?
> 
> I still use drive fitness test on them.



March of 2012.


----------

