Laptop freezes for a few seconds every 30 seconds

[Sparks1014]

I have been noticing for about two weeks that there is something wrong with the way my laptop fuctions. The errors that I am seeing are:

 

1. My mouse seems to skip a beat every now and then.

 

2. When typing, I will look up at the screen and find a few words that have about 8 extra characters. I first thought it was a sticky key problem, but I have have ruled that out now.

 

I attepted to narrow down the problem by making sure all programs were closed and see if it persisted when just moving the mouse on notepad. It still did. I believe I have some type of virus or malware running in the background that is using up my memory.

 

Please help.

[Maniac]

Hello Sparks1014 and ! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

• If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
• I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
• Make sure you read all of the instructions and fixes thoroughly before continuing with them.
• Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
• Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
• Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

Please follow the instructions here and then post the log files in your next reply.

http://forums.malwarebytes.org/index.php?showtopic=9573

[Sparks1014]

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16635
Run by Shane at 16:29:01 on 2013-08-05
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3891.1827 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\Cincinnati Fan\FanQuote\CinFanUpdaterService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\ThpSrv.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\ThpSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
C:\Users\Shane\AppData\Local\Akamai\netsession_win.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Users\Shane\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\igfxext.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Common Files\AOL\1317692769\ee\aolsoftware.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe
C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
C:\Windows\system32\WUDFHost.exe
C:\windows\splwow64.exe
C:\Program Files (x86)\AOL Desktop 9.6\waol.exe
C:\Program Files (x86)\AOL Desktop 9.6\shellmon.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroDist.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank

uProxyOverride = <local>;127.0.0.1:9421;
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
EB: Adobe PDF: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
uRun: [Akamai NetSession Interface] "C:\Users\Shane\AppData\Local\Akamai\netsession_win.exe"
uRun: [AOL Fast Start] "C:\Program Files (x86)\AOL Desktop 9.6\AOL.EXE" -b
uRunOnce: [FlashPlayerUpdate] C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_224_Plugin.exe -update plugin
mRun: [iTSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
mRun: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
mRun: [sVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
mRun: [Memeo Instant Backup] C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_ui
mRun: [seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui
mRun: [HostManager] C:\Program Files (x86)\Common Files\AOL\1317692769\ee\AOLSoftware.exe
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll



TCP: NameServer = 192.168.1.254
TCP: Interfaces\{5308F913-F2F9-40B8-9051-C991977A777E} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{FC65754E-0583-4C4A-95D4-8967CB2C89E8} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{FC65754E-0583-4C4A-95D4-8967CB2C89E8}\3494E43494E4E4144594 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{FC65754E-0583-4C4A-95D4-8967CB2C89E8}\7786964756970287F6F6D6 : DHCPNameServer = 192.168.43.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [igfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3
x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [ThpSrv] C:\windows\System32\thpsrv /logon
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe
x64-Run: [smoothView] C:\Program Files (x86)\Toshiba\SmoothView\SmoothView.exe
x64-Run: [00TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r
x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
x64-Run: [HDMICtrlMan] C:\Program Files (x86)\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
x64-Run: [smartFaceVWatcher] C:\Program Files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Shane\AppData\Roaming\Mozilla\Firefox\Profiles\gdztmq7m.default\

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Shane\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
.
---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.brc - BRI/1
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\windows\System32\drivers\thpdrv.sys [2009-6-29 34880]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\windows\System32\drivers\Thpevm.sys [2009-6-29 14784]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2011-3-22 482384]
R2 Akamai;Akamai NetSession Interface;C:\windows\System32\svchost.exe -k Akamai [2009-7-13 27136]
R2 CinFanUpdater;Cincinnati Fan Application Updater;C:\Program Files (x86)\Cincinnati Fan\FanQuote\CinFanUpdaterService.exe [2011-6-13 15872]
R2 MemeoBackgroundService;MemeoBackgroundService;C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2010-12-10 25824]
R2 NisDrv;Microsoft Network Inspection System;C:\windows\System32\drivers\NisDrvWFP.sys [2010-10-24 130008]
R2 SeagateDashboardService;Seagate Dashboard Service;C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-4-13 14088]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2010-7-28 267192]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-3-22 2320920]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE [2012-2-10 240408]
R3 HECIx64;Intel® Management Engine Interface;C:\windows\System32\drivers\HECIx64.sys [2011-3-22 56344]
R3 Impcd;Impcd;C:\windows\System32\drivers\Impcd.sys [2010-2-27 158976]
R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2010-6-21 287232]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2011-3-22 35008]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2011-3-22 331880]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-3-22 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-7-22 822192]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE [2012-2-10 193816]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 acpials;ALS Sensor Filter;C:\windows\System32\drivers\acpials.sys [2009-7-14 9728]
S3 JMCR;JMCR;C:\windows\System32\drivers\jmcr.sys [2010-5-18 164464]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2011-7-18 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2011-5-22 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
FileExt: .scr: DWGTrueViewScriptFile=C:\windows\System32\notepad.exe "%1"
.
=============== Created Last 30 ================
.
2013-08-05 23:05:22    --------    d-----w-    C:\Users\Shane\AppData\Roaming\Malwarebytes
2013-08-05 23:05:05    --------    d-----w-    C:\ProgramData\Malwarebytes
2013-08-05 23:05:02    25928    ----a-w-    C:\windows\System32\drivers\mbam.sys
2013-08-05 23:05:01    --------    d-----w-    C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-05 23:04:35    --------    d-----w-    C:\Users\Shane\AppData\Local\Programs
2013-08-05 19:08:44    76232    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BD6DD2D2-BAD3-4472-B925-B45399D51D8D}\offreg.dll
2013-08-05 19:04:50    9460976    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BD6DD2D2-BAD3-4472-B925-B45399D51D8D}\mpengine.dll
2013-08-05 16:09:09    9460976    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-07-17 10:56:23    941720    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F37EE564-A11E-4B88-B7FF-ACDA30B8E42F}\gapaengine.dll
2013-07-11 10:10:59    136704    ----a-w-    C:\windows\System32\iesysprep.dll
2013-07-10 13:09:06    571904    ----a-w-    C:\Program Files\Windows Defender\MpClient.dll
2013-07-10 13:09:06    1011712    ----a-w-    C:\Program Files\Windows Defender\MpSvc.dll
2013-07-10 13:09:05    392704    ----a-w-    C:\Program Files (x86)\Windows Defender\MpClient.dll
2013-07-10 13:09:05    314880    ----a-w-    C:\Program Files\Windows Defender\MpCommu.dll
2013-07-10 13:09:04    9216    ----a-w-    C:\Program Files (x86)\Windows Defender\MpAsDesc.dll
2013-07-10 13:09:04    624128    ----a-w-    C:\windows\System32\qedit.dll
2013-07-10 13:09:04    54784    ----a-w-    C:\Program Files (x86)\Windows Defender\MpOAV.dll
2013-07-10 13:09:04    509440    ----a-w-    C:\windows\SysWow64\qedit.dll
2013-07-10 13:09:04    4608    ----a-w-    C:\Program Files (x86)\Windows Defender\MsMpLics.dll
2013-07-10 13:09:04    1887744    ----a-w-    C:\windows\System32\WMVDECOD.DLL
2013-07-10 13:09:03    1620480    ----a-w-    C:\windows\SysWow64\WMVDECOD.DLL
2013-07-10 13:08:52    3153920    ----a-w-    C:\windows\System32\win32k.sys
2013-07-10 13:08:51    1732608    ----a-w-    C:\Program Files\Windows Journal\NBDoc.DLL
2013-07-10 13:08:50    936448    ----a-w-    C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-07-10 13:08:50    1402880    ----a-w-    C:\Program Files\Windows Journal\JNWDRV.dll
2013-07-10 13:08:50    1393152    ----a-w-    C:\Program Files\Windows Journal\JNTFiltr.dll
2013-07-10 13:08:50    1367040    ----a-w-    C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-10 13:08:32    1643520    ----a-w-    C:\windows\System32\DWrite.dll
2013-07-10 13:08:31    1247744    ----a-w-    C:\windows\SysWow64\DWrite.dll
.
==================== Find3M  ====================
.
2013-06-28 16:04:41    71048    ----a-w-    C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-28 16:04:41    692104    ----a-w-    C:\windows\SysWow64\FlashPlayerApp.exe
2013-06-28 16:04:31    17018248    ----a-w-    C:\windows\SysWow64\FlashPlayerInstaller.exe
2013-06-25 10:07:01    1054720    ----a-w-    C:\windows\System32\MsSpellCheckingFacility.exe
2013-06-25 10:04:24    9728    ---ha-w-    C:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-11 23:43:37    1767936    ----a-w-    C:\windows\SysWow64\wininet.dll
2013-06-11 23:43:00    2877440    ----a-w-    C:\windows\SysWow64\jscript9.dll
2013-06-11 23:42:58    61440    ----a-w-    C:\windows\SysWow64\iesetup.dll
2013-06-11 23:42:58    109056    ----a-w-    C:\windows\SysWow64\iesysprep.dll
2013-06-11 23:26:20    2241024    ----a-w-    C:\windows\System32\wininet.dll
2013-06-11 23:25:16    3958784    ----a-w-    C:\windows\System32\jscript9.dll
2013-06-11 23:25:13    67072    ----a-w-    C:\windows\System32\iesetup.dll
2013-06-11 22:51:45    71680    ----a-w-    C:\windows\SysWow64\RegisterIEPKEYs.exe
2013-06-11 22:50:58    89600    ----a-w-    C:\windows\System32\RegisterIEPKEYs.exe
2013-06-07 03:22:18    2706432    ----a-w-    C:\windows\System32\mshtml.tlb
2013-06-07 02:37:52    2706432    ----a-w-    C:\windows\SysWow64\mshtml.tlb
2013-05-13 05:51:01    184320    ----a-w-    C:\windows\System32\cryptsvc.dll
2013-05-13 05:51:00    1464320    ----a-w-    C:\windows\System32\crypt32.dll
2013-05-13 05:51:00    139776    ----a-w-    C:\windows\System32\cryptnet.dll
2013-05-13 05:50:40    52224    ----a-w-    C:\windows\System32\certenc.dll
2013-05-13 04:45:55    140288    ----a-w-    C:\windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55    1160192    ----a-w-    C:\windows\SysWow64\crypt32.dll
2013-05-13 04:45:55    103936    ----a-w-    C:\windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55    1192448    ----a-w-    C:\windows\System32\certutil.exe
2013-05-13 03:08:10    903168    ----a-w-    C:\windows\SysWow64\certutil.exe
2013-05-13 03:08:06    43008    ----a-w-    C:\windows\SysWow64\certenc.dll
2013-05-08 06:39:01    1910632    ----a-w-    C:\windows\System32\drivers\tcpip.sys
.
============= FINISH: 16:30:31.73 ===============
 

[Sparks1014]

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 5/21/2011 8:57:16 AM
System Uptime: 7/30/2013 8:58:23 AM (152 hours ago)
.
Motherboard: TOSHIBA |  | NWQAA
Processor: Intel® Core i3 CPU       M 380  @ 2.53GHz | CPU | 1722/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 452 GiB total, 398.024 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP264: 7/12/2013 3:00:15 AM - Windows Update
RP265: 7/15/2013 3:55:42 AM - Windows Update
RP266: 7/18/2013 12:02:35 PM - Windows Update
RP267: 7/22/2013 3:55:41 AM - Windows Update
RP268: 7/25/2013 9:51:18 AM - Windows Update
RP269: 7/28/2013 12:01:21 PM - Windows Update
RP270: 8/1/2013 9:10:35 AM - Windows Update
RP271: 8/5/2013 9:07:54 AM - Windows Update
.
==== Installed Programs ======================
.
Adobe Acrobat 8 Professional
Adobe Acrobat 8.3.0 - CPSID_83708
Adobe Acrobat 8.3.0 Professional
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.3.4
Akamai NetSession Interface
Akamai NetSession Interface Service
AOL Uninstaller (Choose which Products to Remove)
Bing Bar
Bing Rewards Client Installer
Bluetooth Stack for Windows by Toshiba
Broadcom 802.11 Network Adapter
Cincinnati Fan Selector and Quote
Crystal Reports Basic Runtime for Visual Studio 2008
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DWG TrueView 2012
Google Chrome
Google Update Helper
HDMI Control Manager
HP Officejet Pro 8500 A910 Basic Device Software
HP Officejet Pro 8500 A910 Help
Intel® Graphics Media Accelerator Driver
Intel® Management Engine Components
Intel® Rapid Storage Technology
Java Auto Updater
Java 6 Update 20
JMicron Flash Media Controller Driver
Junk Mail filter update
Malwarebytes Anti-Malware version 1.75.0.1300
Marketsplash Shortcuts
Memeo Instant Backup
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2000 Professional
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 22.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
PlayReady PC Runtime amd64
PlayReady PC Runtime x86
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
SAP Crystal Reports runtime engine for .NET Framework 4 (32-bit)
Seagate Dashboard
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687276) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition
Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
Synaptics Pointing Device Driver
TOSHIBA Application Installer
TOSHIBA Bulletin Board
TOSHIBA Disc Creator
TOSHIBA eco Utility
TOSHIBA Face Recognition
TOSHIBA Flash Cards Support Utility
TOSHIBA Hardware Setup
TOSHIBA HDD Protection
TOSHIBA HDD/SSD Alert
TOSHIBA PC Health Monitor
TOSHIBA Quality Application
TOSHIBA Recovery Media Creator
TOSHIBA ReelTime
TOSHIBA Service Station
TOSHIBA Sleep Utility
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Utility Common Driver
Viewpoint Media Player
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Yahoo! BrowserPlus 2.9.8
.
==== Event Viewer Messages From Past Week ========
.
8/2/2013 10:51:16 AM, Error: volsnap [27]  - The shadow copies of volume F: were aborted during detection because a critical control file could not be opened.
8/2/2013 10:51:16 AM, Error: Ntfs [137]  - The default transaction resource manager on volume F: encountered a non-retryable error and could not start.  The data contains the error code.
7/30/2013 8:59:54 AM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {C97FCC79-E628-407D-AE68-A06AD6D8B4D1}  and APPID  {344ED43D-D086-4961-86A6-1106F4ACAD9B}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
7/29/2013 8:26:24 AM, Error: Microsoft-Windows-WMPNSS-Service [14332]  - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
.
==== End Of File ===========================
 

[Maniac]

Step 1

Please uninstall this application: Viewpoint Media Player

Step 2

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older versions of Java components and upgrade the application.

Upgrading Java :

Please download JavaRa to your desktop and unzip it to its own folder

• Run JavaRa.exe, then click Remove JRE.
• Run the built-in uninstallers for all copies of java listed
• Click the Next button
• Click the Next button again
• Click the Java Manual Download link
• A browser window will open with the Java download page
• Click the Windows Offline (32-bit) or Windows Offline (64-bit) link to download Java (based on your browser type)
• Run the installer
• Close JavaRa

Step 3

Please add Malwarebytes' Anti-Malware in Security Essentials exclusions.

http://forums.malwarebytes.org/index.php?showtopic=10138&page=1entry181018

Step 4

• Launch Malwarebytes' Anti-Malware
• Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
• Go to Scanner tab and select Perform Quick Scan, then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 5

• Download on the desktop RogueKiller
• Quit all programs
• Start RogueKiller.exe
• Wait until Prescan has finished ...
• Click on Scan. Click on Report and copy/paste the content of the notepad in your next reply.

In your next reply, post the following log files:

• JavaRa log
• Malwarebytes' Anti-Malware log
• RogueKiller log

[Sparks1014]

RogueKiller V8.6.5 [Aug  5 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Shane [Admin rights]
Mode : Scan -- Date : 08/06/2013 10:45:30
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 6 ¤¤¤
[HJ POL] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK5065GSXN +++++
--- User ---
[MBR] 24e1c723dcac8e0f47acdfb9ad09c433
[bSP] ef9434eeed417642f85faefa164177b4 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 463119 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 951541760 | Size: 12320 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: TOSHIBA MK5065GSXN +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[0]_S_08062013_104530.txt >>


Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.06.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
Shane :: SHANE-SATELLITE [administrator]

8/6/2013 10:21:42 AM
mbam-log-2013-08-06 (10-21-42).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 234965
Time elapsed: 11 minute(s), 9 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Installed JRE Versions:
========================
Java 7 Update 25 (64-bit) version: 7.0.250
Java 6 Update 20 version: 6.0.200
Java 7 Update 25 version: 7.0.250
 

[Maniac]

Any progress?

[Sparks1014]

Should I delete the items that RogueKiller found?

[Maniac]

No, you shouldn't.

[Sparks1014]

I am still experiencing the freezing problem. I am not sure if when you asked about progress if you were asking if the problem has been fixed or if you were asking if I been able to follow your instructions. I posted the requested logs a few minutes before your progress question. Please let me know what further steps I should take.

[Maniac]

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage and read the ComboFix User's Guide:

• Once you've read the article and are ready to use the program you can download it directly from the link below.
• Important! - Please make sure you save combofix to your desktop and do not run it from your browser
• Direct download link for: ComboFix.exe
• Please make sure you disable your security applications before running ComboFix.
• Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load.
• Please copy/paste the contents or attach that log file to your next reply.
• If needed the file can be located here: C:\combofix.txt
• NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.

[Sparks1014]

ComboFix 13-08-07.01 - Shane 08/07/2013  11:13:14.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3891.1829 [GMT -7:00]
Running from: c:\users\Shane\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Shane\AppData\Local\Microsoft\Windows\Temporary Internet Files\{36D33840-C30B-4F3F-B33E-B372B9E6A646}.xps
c:\users\Shane\AppData\Local\Microsoft\Windows\Temporary Internet Files\{7D00E9FA-605F-4089-9B28-7FC9CD5DDC75}.xps
c:\users\Shane\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E021D59F-2144-46D7-B70E-0BBBBE37D0E6}.xps
c:\windows\SysWow64\nsl5649.tmp
c:\windows\SysWow64\nsv55EA.tmp
.
.
(((((((((((((((((((((((((   Files Created from 2013-07-07 to 2013-08-07  )))))))))))))))))))))))))))))))
.
.
2013-08-07 18:19 . 2013-08-07 18:19    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-08-06 19:38 . 2013-08-06 19:38    76232    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0CA21AA6-8EB7-4969-ACE8-3EB5C5BCAF61}\offreg.dll
2013-08-06 18:32 . 2013-08-06 23:24    --------    d-----w-    c:\programdata\Viewpoint
2013-08-06 18:32 . 2013-08-06 18:32    --------    d-----w-    c:\program files\MetaStream
2013-08-06 17:55 . 2013-08-06 17:55    312232    ----a-w-    c:\windows\system32\javaws.exe
2013-08-06 17:55 . 2013-08-06 17:55    972712    ----a-w-    c:\windows\system32\deployJava1.dll
2013-08-06 17:55 . 2013-08-06 17:55    1093032    ----a-w-    c:\windows\system32\npDeployJava1.dll
2013-08-06 17:55 . 2013-08-06 17:55    108968    ----a-w-    c:\windows\system32\WindowsAccessBridge-64.dll
2013-08-06 17:55 . 2013-08-06 17:55    189352    ----a-w-    c:\windows\system32\javaw.exe
2013-08-06 17:55 . 2013-08-06 17:55    188840    ----a-w-    c:\windows\system32\java.exe
2013-08-06 17:55 . 2013-08-06 17:55    --------    d-----w-    c:\program files\Java
2013-08-06 16:55 . 2013-08-06 16:54    867240    ----a-w-    c:\windows\SysWow64\npDeployJava1.dll
2013-08-06 16:54 . 2013-08-06 16:54    96168    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-08-06 16:50 . 2013-08-06 16:50    --------    d-----w-    c:\programdata\McAfee
2013-08-06 14:44 . 2013-07-02 08:34    9460976    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0CA21AA6-8EB7-4969-ACE8-3EB5C5BCAF61}\mpengine.dll
2013-08-05 23:05 . 2013-08-05 23:05    --------    d-----w-    c:\users\Shane\AppData\Roaming\Malwarebytes
2013-08-05 23:05 . 2013-08-05 23:05    --------    d-----w-    c:\programdata\Malwarebytes
2013-08-05 23:05 . 2013-04-04 21:50    25928    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-08-05 23:05 . 2013-08-05 23:05    --------    d-----w-    c:\program files (x86)\Malwarebytes' Anti-Malware
2013-08-05 23:04 . 2013-08-05 23:04    --------    d-----w-    c:\users\Shane\AppData\Local\Programs
2013-08-05 19:04 . 2013-07-02 08:34    9460976    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-07-17 10:56 . 2013-07-17 10:56    941720    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F37EE564-A11E-4B88-B7FF-ACDA30B8E42F}\gapaengine.dll
2013-07-11 10:10 . 2013-06-11 23:25    136704    ----a-w-    c:\windows\system32\iesysprep.dll
2013-07-10 13:09 . 2013-05-27 05:50    1011712    ----a-w-    c:\program files\Windows Defender\MpSvc.dll
2013-07-10 13:09 . 2013-05-27 05:50    571904    ----a-w-    c:\program files\Windows Defender\MpClient.dll
2013-07-10 13:09 . 2013-05-27 05:50    314880    ----a-w-    c:\program files\Windows Defender\MpCommu.dll
2013-07-10 13:09 . 2013-05-27 04:57    392704    ----a-w-    c:\program files (x86)\Windows Defender\MpClient.dll
2013-07-10 13:09 . 2013-06-04 06:00    624128    ----a-w-    c:\windows\system32\qedit.dll
2013-07-10 13:09 . 2013-06-04 04:53    509440    ----a-w-    c:\windows\SysWow64\qedit.dll
2013-07-10 13:09 . 2013-05-27 04:57    4608    ----a-w-    c:\program files (x86)\Windows Defender\MsMpLics.dll
2013-07-10 13:09 . 2013-05-27 04:57    54784    ----a-w-    c:\program files (x86)\Windows Defender\MpOAV.dll
2013-07-10 13:09 . 2013-05-27 03:15    9216    ----a-w-    c:\program files (x86)\Windows Defender\MpAsDesc.dll
2013-07-10 13:09 . 2013-05-06 06:03    1887744    ----a-w-    c:\windows\system32\WMVDECOD.DLL
2013-07-10 13:09 . 2013-05-06 04:56    1620480    ----a-w-    c:\windows\SysWow64\WMVDECOD.DLL
2013-07-10 13:08 . 2013-06-05 03:34    3153920    ----a-w-    c:\windows\system32\win32k.sys
2013-07-10 13:08 . 2013-04-10 05:48    1732608    ----a-w-    c:\program files\Windows Journal\NBDoc.DLL
2013-07-10 13:08 . 2013-04-10 05:46    1402880    ----a-w-    c:\program files\Windows Journal\JNWDRV.dll
2013-07-10 13:08 . 2013-04-10 05:46    1393152    ----a-w-    c:\program files\Windows Journal\JNTFiltr.dll
2013-07-10 13:08 . 2013-04-10 05:46    1367040    ----a-w-    c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-10 13:08 . 2013-04-10 05:03    936448    ----a-w-    c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-07-10 13:08 . 2013-04-02 22:51    1643520    ----a-w-    c:\windows\system32\DWrite.dll
2013-07-10 13:08 . 2013-04-09 23:34    1247744    ----a-w-    c:\windows\SysWow64\DWrite.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-06 18:34 . 2013-06-28 15:30    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-06 18:34 . 2013-06-28 15:30    692104    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-08-06 16:54 . 2010-10-29 03:59    789416    ----a-w-    c:\windows\SysWow64\deployJava1.dll
2013-07-11 10:13 . 2011-05-22 14:52    78185248    ----a-w-    c:\windows\system32\MRT.exe
2013-06-28 16:04 . 2013-06-28 16:04    17018248    ----a-w-    c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-06-25 10:07 . 2013-06-25 10:07    1054720    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2013-06-25 10:06 . 2013-06-25 10:06    185344    ----a-w-    c:\windows\SysWow64\elshyph.dll
2013-06-25 10:06 . 2013-06-25 10:06    226304    ----a-w-    c:\windows\system32\elshyph.dll
2013-06-25 10:06 . 2013-06-25 10:06    719360    ----a-w-    c:\windows\SysWow64\mshtmlmedia.dll
2013-06-25 10:06 . 2013-06-25 10:06    158720    ----a-w-    c:\windows\SysWow64\msls31.dll
2013-06-25 10:06 . 2013-06-25 10:06    150528    ----a-w-    c:\windows\SysWow64\iexpress.exe
2013-06-25 10:06 . 2013-06-25 10:06    138752    ----a-w-    c:\windows\SysWow64\wextract.exe
2013-06-25 10:06 . 2013-06-25 10:06    523264    ----a-w-    c:\windows\SysWow64\vbscript.dll
2013-06-25 10:06 . 2013-06-25 10:06    38400    ----a-w-    c:\windows\SysWow64\imgutil.dll
2013-06-25 10:06 . 2013-06-25 10:06    137216    ----a-w-    c:\windows\SysWow64\ieUnatt.exe
2013-06-25 10:06 . 2013-06-25 10:06    12800    ----a-w-    c:\windows\SysWow64\mshta.exe
2013-06-25 10:06 . 2013-06-25 10:06    110592    ----a-w-    c:\windows\SysWow64\IEAdvpack.dll
2013-06-25 10:06 . 2013-06-25 10:06    73728    ----a-w-    c:\windows\SysWow64\SetIEInstalledDate.exe
2013-06-25 10:06 . 2013-06-25 10:06    61952    ----a-w-    c:\windows\SysWow64\tdc.ocx
2013-06-25 10:06 . 2013-06-25 10:06    48640    ----a-w-    c:\windows\SysWow64\mshtmler.dll
2013-06-25 10:06 . 2013-06-25 10:06    361984    ----a-w-    c:\windows\SysWow64\html.iec
2013-06-25 10:06 . 2013-06-25 10:06    23040    ----a-w-    c:\windows\SysWow64\licmgr10.dll
2013-06-25 10:06 . 2013-06-25 10:06    1441280    ----a-w-    c:\windows\SysWow64\inetcpl.cpl
2013-06-25 10:06 . 2013-06-25 10:06    905728    ----a-w-    c:\windows\system32\mshtmlmedia.dll
2013-06-25 10:06 . 2013-06-25 10:06    81408    ----a-w-    c:\windows\system32\icardie.dll
2013-06-25 10:06 . 2013-06-25 10:06    762368    ----a-w-    c:\windows\system32\ieapfltr.dll
2013-06-25 10:06 . 2013-06-25 10:06    452096    ----a-w-    c:\windows\system32\dxtmsft.dll
2013-06-25 10:06 . 2013-06-25 10:06    441856    ----a-w-    c:\windows\system32\html.iec
2013-06-25 10:06 . 2013-06-25 10:06    281600    ----a-w-    c:\windows\system32\dxtrans.dll
2013-06-25 10:06 . 2013-06-25 10:06    235008    ----a-w-    c:\windows\system32\url.dll
2013-06-25 10:06 . 2013-06-25 10:06    216064    ----a-w-    c:\windows\system32\msls31.dll
2013-06-25 10:06 . 2013-06-25 10:06    197120    ----a-w-    c:\windows\system32\msrating.dll
2013-06-25 10:06 . 2013-06-25 10:06    1400416    ----a-w-    c:\windows\system32\ieapfltr.dat
2013-06-25 10:06 . 2013-06-25 10:06    270848    ----a-w-    c:\windows\system32\iedkcs32.dll
2013-06-25 10:06 . 2013-06-25 10:06    27648    ----a-w-    c:\windows\system32\licmgr10.dll
2013-06-25 10:06 . 2013-06-25 10:06    247296    ----a-w-    c:\windows\system32\webcheck.dll
2013-06-25 10:06 . 2013-06-25 10:06    1509376    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-06-25 10:06 . 2013-06-25 10:06    97280    ----a-w-    c:\windows\system32\mshtmled.dll
2013-06-25 10:06 . 2013-06-25 10:06    599552    ----a-w-    c:\windows\system32\vbscript.dll
2013-06-25 10:06 . 2013-06-25 10:06    173568    ----a-w-    c:\windows\system32\ieUnatt.exe
2013-06-25 10:06 . 2013-06-25 10:06    167424    ----a-w-    c:\windows\system32\iexpress.exe
2013-06-25 10:06 . 2013-06-25 10:06    144896    ----a-w-    c:\windows\system32\wextract.exe
2013-06-25 10:06 . 2013-06-25 10:06    102912    ----a-w-    c:\windows\system32\inseng.dll
2013-06-25 10:06 . 2013-06-25 10:06    92160    ----a-w-    c:\windows\system32\SetIEInstalledDate.exe
2013-06-25 10:06 . 2013-06-25 10:06    77312    ----a-w-    c:\windows\system32\tdc.ocx
2013-06-25 10:06 . 2013-06-25 10:06    62976    ----a-w-    c:\windows\system32\pngfilt.dll
2013-06-25 10:06 . 2013-06-25 10:06    52224    ----a-w-    c:\windows\system32\msfeedsbs.dll
2013-06-25 10:06 . 2013-06-25 10:06    51200    ----a-w-    c:\windows\system32\imgutil.dll
2013-06-25 10:06 . 2013-06-25 10:06    48640    ----a-w-    c:\windows\system32\mshtmler.dll
2013-06-25 10:06 . 2013-06-25 10:06    149504    ----a-w-    c:\windows\system32\occache.dll
2013-06-25 10:06 . 2013-06-25 10:06    13824    ----a-w-    c:\windows\system32\mshta.exe
2013-06-25 10:06 . 2013-06-25 10:06    136192    ----a-w-    c:\windows\system32\iepeers.dll
2013-06-25 10:06 . 2013-06-25 10:06    135680    ----a-w-    c:\windows\system32\IEAdvpack.dll
2013-06-25 10:06 . 2013-06-25 10:06    12800    ----a-w-    c:\windows\system32\msfeedssync.exe
2013-06-25 10:04 . 2013-06-25 10:04    9728    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-25 10:04 . 2013-06-25 10:04    9728    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-25 10:04 . 2013-06-25 10:04    5632    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-25 10:04 . 2013-06-25 10:04    4096    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-25 10:04 . 2013-06-25 10:04    4096    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-25 10:04 . 2013-06-25 10:04    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-25 10:04 . 2013-06-25 10:04    3072    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-25 10:04 . 2013-06-25 10:04    3072    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-25 10:04 . 2013-06-25 10:04    5632    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-25 10:04 . 2013-06-25 10:04    5632    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-25 10:04 . 2013-06-25 10:04    5632    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-25 10:04 . 2013-06-25 10:04    3584    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-25 10:04 . 2013-06-25 10:04    3584    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-25 10:04 . 2013-06-25 10:04    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-25 10:04 . 2013-06-25 10:04    2560    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-25 10:04 . 2013-06-25 10:04    2560    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-25 10:04 . 2013-06-25 10:04    10752    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-06-25 10:04 . 2013-06-25 10:04    10752    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-06-25 10:04 . 2013-06-25 10:04    522752    ----a-w-    c:\windows\system32\XpsGdiConverter.dll
2013-06-25 10:04 . 2013-06-25 10:04    465920    ----a-w-    c:\windows\system32\WMPhoto.dll
2013-06-25 10:04 . 2013-06-25 10:04    417792    ----a-w-    c:\windows\SysWow64\WMPhoto.dll
2013-06-25 10:04 . 2013-06-25 10:04    3928064    ----a-w-    c:\windows\system32\d2d1.dll
2013-06-25 10:04 . 2013-06-25 10:04    364544    ----a-w-    c:\windows\SysWow64\XpsGdiConverter.dll
2013-06-25 10:04 . 2013-06-25 10:04    363008    ----a-w-    c:\windows\system32\dxgi.dll
2013-06-25 10:04 . 2013-06-25 10:04    2776576    ----a-w-    c:\windows\system32\msmpeg2vdec.dll
2013-06-25 10:04 . 2013-06-25 10:04    2565120    ----a-w-    c:\windows\system32\d3d10warp.dll
2013-06-25 10:04 . 2013-06-25 10:04    2284544    ----a-w-    c:\windows\SysWow64\msmpeg2vdec.dll
2013-06-25 10:04 . 2013-06-25 10:04    1682432    ----a-w-    c:\windows\system32\XpsPrint.dll
2013-06-25 10:04 . 2013-06-25 10:04    1158144    ----a-w-    c:\windows\SysWow64\XpsPrint.dll
2013-06-25 10:04 . 2013-06-25 10:04    1504768    ----a-w-    c:\windows\SysWow64\d3d11.dll
2013-06-25 10:04 . 2013-06-25 10:04    648192    ----a-w-    c:\windows\system32\d3d10level9.dll
2013-06-25 10:04 . 2013-06-25 10:04    604160    ----a-w-    c:\windows\SysWow64\d3d10level9.dll
2013-06-25 10:04 . 2013-06-25 10:04    3419136    ----a-w-    c:\windows\SysWow64\d2d1.dll
2013-06-25 10:04 . 2013-06-25 10:04    333312    ----a-w-    c:\windows\system32\d3d10_1core.dll
2013-06-25 10:04 . 2013-06-25 10:04    296960    ----a-w-    c:\windows\system32\d3d10core.dll
2013-06-25 10:04 . 2013-06-25 10:04    293376    ----a-w-    c:\windows\SysWow64\dxgi.dll
2013-06-25 10:04 . 2013-06-25 10:04    249856    ----a-w-    c:\windows\SysWow64\d3d10_1core.dll
2013-06-25 10:04 . 2013-06-25 10:04    245248    ----a-w-    c:\windows\system32\WindowsCodecsExt.dll
2013-06-25 10:04 . 2013-06-25 10:04    221184    ----a-w-    c:\windows\system32\UIAnimation.dll
2013-06-25 10:04 . 2013-06-25 10:04    220160    ----a-w-    c:\windows\SysWow64\d3d10core.dll
2013-06-25 10:04 . 2013-06-25 10:04    207872    ----a-w-    c:\windows\SysWow64\WindowsCodecsExt.dll
2013-06-25 10:04 . 2013-06-25 10:04    1988096    ----a-w-    c:\windows\SysWow64\d3d10warp.dll
2013-06-25 10:04 . 2013-06-25 10:04    194560    ----a-w-    c:\windows\system32\d3d10_1.dll
2013-06-25 10:04 . 2013-06-25 10:04    1887232    ----a-w-    c:\windows\system32\d3d11.dll
2013-06-25 10:04 . 2013-06-25 10:04    187392    ----a-w-    c:\windows\SysWow64\UIAnimation.dll
2013-06-25 10:04 . 2013-06-25 10:04    161792    ----a-w-    c:\windows\SysWow64\d3d10_1.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Shane\AppData\Local\Akamai\netsession_win.exe" [2013-06-05 4489472]
"AOL Fast Start"="c:\program files (x86)\AOL Desktop 9.6\AOL.EXE" [2011-04-25 42320]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ITSecMng"="c:\program files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2009-12-25 34160]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2010-03-04 423936]
"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-02-23 352256]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-05-01 2454840]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2011-05-27 624056]
"Memeo Instant Backup"="c:\program files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe" [2010-12-11 136416]
"Seagate Dashboard"="c:\program files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2011-04-13 79112]
"HostManager"="c:\program files (x86)\Common Files\AOL\1317692769\ee\AOLSoftware.exe" [2010-03-08 41800]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office\OSA9.EXE -b -l [1999-2-17 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R3 acpials;ALS Sensor Filter;c:\windows\system32\DRIVERS\acpials.sys;c:\windows\SYSNATIVE\DRIVERS\acpials.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys;c:\windows\SYSNATIVE\DRIVERS\thpdrv.sys [x]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS;c:\windows\SYSNATIVE\DRIVERS\Thpevm.SYS [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys;c:\windows\SYSNATIVE\DRIVERS\tos_sps64.sys [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 CinFanUpdater;Cincinnati Fan Application Updater;c:\program files (x86)\Cincinnati Fan\FanQuote\CinFanUpdaterService.exe;c:\program files (x86)\Cincinnati Fan\FanQuote\CinFanUpdaterService.exe [x]
S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [x]
S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [x]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai    REG_MULTI_SZ       Akamai
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-31 20:08    1173456    ----a-w-    c:\program files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-28 18:34]
.
2013-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-29 04:07]
.
2013-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-29 04:07]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-10 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-10 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-10 415256]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-22 10134560]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-03-22 896032]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;127.0.0.1:9421;
IE: Append to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Shane\AppData\Roaming\Mozilla\Firefox\Profiles\gdztmq7m.default\

FF - user.js: general.useragent.extra.brc - BRI/1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-TSleepSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-HDMICtrlMan - c:\program files (x86)\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-08-07  11:24:58
ComboFix-quarantined-files.txt  2013-08-07 18:24
.
Pre-Run: 425,198,620,672 bytes free
Post-Run: 426,547,564,544 bytes free
.
- - End Of File - - 5A99BED04485FA370A2709B68E9E29E3
D41D8CD98F00B204E9800998ECF8427E
 

[Maniac]

Please scan your machine with ESET OnlineScan

• Hold down Control and click on the following link to open ESET OnlineScan in a new window.

  ESET OnlineScan

• Click the button.
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.

    Save it to your Desktop.

  • Double click on the to download the ESET Smart Installer. icon on your Desktop.
• Check "YES, I accept the Terms of Use."
• Click the Start button.
• Accept any security warnings from your browser.
• Under Scan Settings, check "Scan Archives" and "Remove found threats"
• Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, click List Threats
• Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• Click the Back button.
• Click the Finish button.

[Sparks1014]

My scan just finished and I did not get these three steps.

 

• When the scan completes, click List Threats
• Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• Click the Back button.

It simply has a message that says NO THREATS FOUND, a box to check for uninstalling the program. It gives me information of a total of 166139 scanned files. 0 infected files. 0 cleaned files. total scan time 2:11:49. scan status finish. Then a button to click that says finish. Should I click it? whats next?

[Maniac]

Leave ESET Online Scanner.

Please download the Kaspersky Virus Removal Tool from here to your Desktop.

Double-click the Removal Tool.

Click the cog in the upper right corner:

Select down to and including your main drive.

Once done please select the Automatic Scan tab and press Start Scan.

Allow AVP to delete all infections found.

Once it has finished select the Report tab.

Select the Detected threats report from the left and press the Save button.

Save it to your Desktop and post the contents in your next reply.

[Sparks1014]

Dear Sir,

 

I actually ran this twice is because the first time I didn't get back to it for a couple of days. I just completed the second scan and it list no viruses or malware. Unfortunately while this program is running, my computer has been acting even funkier than normal. I am not sure why that is, I am only reporting an observation. The first scan took ten hours, but the second scan was completed in a little under 5.

 

Please advise where to go from here.

[Sparks1014]

Sorry for the 2nd post. I wanted to clarify with the first scan, when I came back to it there was no history or anything that I actually ran it. Not sure if a co-worker jumped on while I was gone. That is why I ran it the second time.

[Maniac]

How are things now?

[Sparks1014]

Computer is still acting the same as it did when we started.

[Maniac]

Your system is not infected. The problem comes from somewhere else. Try the following:

http://forums.malwarebytes.org/index.php?showtopic=81990

If you still have a problem, probably is hardware issue.

[AdvancedSetup]

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.