MalwareBytes/Disk Check freeze

[Falneth]

I am working on my brother-in-law's laptop. It is a Toshiba Satellite C655D-S5200 with Windows 7 Home Premium 64-bit. When he brought it to me, it was because he was unable to uninstall AVG 2012 Linkscanner, could not do a MalwareBytes scan, and could not get the MS Security Essentials that his local PC repair shop put on it to run.

 

The AVG Linkscanner would continue to show up in the Add/Remove Programs list as well as in the taskbar when the computer was rebooted after doing the uninstall. I ended up having to download an AVG 2012 remover and when I ran it, it actually fully removed the Linkscanner. When the Linkscanner was removed, Security Essentials appeared in the taskbar.

 

I have tried to run MalwareBytes in normal mode and safe mode with just a quick scan but it freezes every time. It gets about 2-3 minutes into the file system and then just stops responding. When MalwareBytes locks up, I cannot open the Start Menu, open Task Manager, or anything. Ctrl + Alt + Del does nothing either. I am forced to hold the power button to shut it down. MalwareBytes has between 31-36 things found when it locks up, so it has at least that many issues.

 

I have tried running CheckDisk as well. I scheduled it to run and then rebooted the computer. It got to stage 4 - file data verification - and completely froze at 11%. It sat doing nothing for 2 hours on the same file. The laptop does not have a hard drive activity light and I did not hear any activity.

 

The DDS logs follow:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 1.6.0_20
Run by Ju at 8:25:33 on 2013-12-18
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2663.1596 [GMT -6:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\atieclxx.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\taskhost.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\rundll32.exe
C:\windows\system32\rundll32.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\windows\system32\TODDSrv.exe
C:\windows\SysWOW64\rundll32.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\windows\system32\sppsvc.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\System32\osk.exe
\\?\C:\windows\system32\wbem\WMIADAP.EXE
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.

uProxyOverride = <local>

BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} -
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Toolbar BHO: {a235e1e3-6296-4710-af39-104a7faa6c7c} -
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Search Assistant BHO: {f236ca79-3123-4afb-9f74-e98117ad5625} -
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
mRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} -
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
Trusted Zone: $talisma_url$




TCP: NameServer = 8.8.4.4 8.8.8.8
TCP: Interfaces\{749089D1-B01B-490D-8B55-B00EF602A4A3} : DHCPNameServer = 8.8.4.4 8.8.8.8
TCP: Interfaces\{749089D1-B01B-490D-8B55-B00EF602A4A3}\25966756273796465602E4F6274786 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{749089D1-B01B-490D-8B55-B00EF602A4A3}\27564627F6F66613 : DHCPNameServer = 4.2.2.1 4.2.2.2
TCP: Interfaces\{749089D1-B01B-490D-8B55-B00EF602A4A3}\27564627F6F66633 : DHCPNameServer = 4.2.2.1 4.2.2.2
TCP: Interfaces\{749089D1-B01B-490D-8B55-B00EF602A4A3}\27564627F6F666F514 : DHCPNameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{749089D1-B01B-490D-8B55-B00EF602A4A3}\46C696E6B6 : DHCPNameServer = 206.246.0.5 206.246.0.6
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} -
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [smartFaceVWatcher] C:\Program Files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [smoothView] C:\Program Files (x86)\Toshiba\SmoothView\SmoothView.exe
x64-Run: [00TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [FromDocToPDF Home Page Guard 64 bit] "C:\PROGRA~2\FROMDO~2\bar\1.bin\AppIntegrator64.exe"
x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} -
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Ju\AppData\Roaming\Mozilla\Firefox\Profiles\9yrkf0io.default\

FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
FF - plugin: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll
FF - plugin: C:\windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
FF - plugin: C:\windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-12-15 17:40; {4ED1F68A-5463-4931-9384-8FFF5ED91D92}; C:\Program Files (x86)\McAfee\SiteAdvisor
FF - ExtSQL: 2013-12-15 17:42; feca4b87-3be4-43da-a1b1-137c24220968@jetpack; C:\Users\Ju\AppData\Roaming\Mozilla\Firefox\Profiles\9yrkf0io.default\extensions\feca4b87-3be4-43da-a1b1-137c24220968@jetpack.xpi
FF - ExtSQL: 2013-12-15 17:43; jid0-XZn6pYCdV3ANrfYigxlyyGDrxAM@jetpack; C:\Users\Ju\AppData\Roaming\Mozilla\Firefox\Profiles\9yrkf0io.default\extensions\jid0-XZn6pYCdV3ANrfYigxlyyGDrxAM@jetpack.xpi
FF - ExtSQL: 2013-12-15 17:45; {c9d31470-81c6-4e3e-9a37-46eb9237ed3a}; C:\Users\Ju\AppData\Roaming\Mozilla\Firefox\Profiles\9yrkf0io.default\extensions\{c9d31470-81c6-4e3e-9a37-46eb9237ed3a}
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\windows\System32\drivers\amd_sata.sys [2011-6-1 75904]
R0 amd_xata;amd_xata;C:\windows\System32\drivers\amd_xata.sys [2011-6-1 38016]
R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\System32\drivers\MpFilter.sys [2013-9-27 248240]
R1 lsnfd;lsnfd;C:\windows\System32\drivers\lsnfd.sys [2013-10-2 58192]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2011-6-1 203776]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-12-16 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-12-16 701512]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [2013-12-15 121616]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe [2011-6-1 126392]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-4-16 39056]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-8-23 1153368]
R3 FwLnk;FwLnk Driver;C:\windows\System32\drivers\FwLnk.sys [2011-6-1 9216]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2011-4-20 169584]
R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2013-12-16 25928]
R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2011-6-1 38096]
R3 RTWlanE;Realtek Wireless LAN 802.11n PCI-E Network Adapter;C:\windows\System32\drivers\rtwlane.sys [2013-5-2 1514568]
R3 SRS_AE_Service;SRS Audio;C:\windows\System32\drivers\SRS_AE_amd64.sys [2012-6-21 549704]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2011-6-1 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
S2 0026191387150821mcinstcleanup;McAfee Application Installer Cleanup (0026191387150821);C:\windows\TEMP\002619~1.EXE -cleanup -nolog --> C:\windows\TEMP\002619~1.EXE -cleanup -nolog [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 McciServiceHost;McciServiceHost;"C:\Program Files (x86)\Common Files\Motive\McciServiceHost.exe" --> C:\Program Files (x86)\Common Files\Motive\McciServiceHost.exe [?]
S3 ETD;ELAN PS/2 Port Input Device;C:\windows\System32\drivers\ETD.sys [2010-11-11 137512]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2013-12-12 111616]
S3 mbamchameleon;mbamchameleon;C:\windows\System32\drivers\mbamchameleon.sys [2013-12-16 36680]
S3 McAfee ScanAndRepair Svc;McAfee ScanAndRepair Svc;"C:\Program Files (x86)\McAfeeScanAndRepair\McAfeeScanRepairSvc.exe" --> C:\Program Files (x86)\McAfeeScanAndRepair\McAfeeScanRepairSvc.exe [?]
S3 NisDrv;Microsoft Network Inspection System;C:\windows\System32\drivers\NisDrvWFP.sys [2012-3-20 134944]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2013-12-15 19456]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2011-6-1 243712]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\drivers\rtl8192ce.sys [2011-6-1 1109096]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2013-12-15 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2013-12-15 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2011-11-23 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-12-17 02:42:01    10315576    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{58D5ABAB-8992-4AD5-AA9B-A7D05A577A8B}\mpengine.dll
2013-12-17 02:26:49    --------    d-----w-    C:\windows\ERUNT
2013-12-17 02:18:16    --------    d-----w-    C:\AdwCleaner
2013-12-17 00:11:49    --------    d-sh--w-    C:\$RECYCLE.BIN
2013-12-16 23:14:30    98816    ----a-w-    C:\windows\sed.exe
2013-12-16 23:14:30    256000    ----a-w-    C:\windows\PEV.exe
2013-12-16 23:14:30    208896    ----a-w-    C:\windows\MBR.exe
2013-12-16 22:40:11    36680    ----a-w-    C:\windows\System32\drivers\mbamchameleon.sys
2013-12-16 22:37:11    --------    d-----w-    C:\Users\Ju\AppData\Roaming\Malwarebytes
2013-12-16 22:36:13    --------    d-----w-    C:\ProgramData\Malwarebytes
2013-12-16 22:36:09    25928    ----a-w-    C:\windows\System32\drivers\mbam.sys
2013-12-16 22:36:08    --------    d-----w-    C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-15 23:42:31    --------    d-----w-    C:\Users\Ju\AppData\Local\Macromedia
2013-12-15 23:40:01    --------    d-----w-    C:\Users\Ju\AppData\Local\Mozilla
2013-12-15 23:35:37    --------    d-----w-    C:\Program Files (x86)\Common Files\McAfee
2013-12-15 23:35:23    --------    d-----w-    C:\Program Files (x86)\McAfee
2013-12-15 23:05:40    10285968    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-12-15 20:01:59    5773824    ----a-w-    C:\windows\System32\mstscax.dll
2013-12-15 20:01:30    --------    d-----w-    C:\history
2013-12-15 19:57:13    --------    d-----w-    C:\Program Files\Synaptics
2013-12-15 19:51:05    514560    ----a-w-    C:\windows\SysWow64\qdvd.dll
2013-12-15 19:51:05    366592    ----a-w-    C:\windows\System32\qdvd.dll
2013-12-15 19:12:46    --------    d-----w-    C:\windows\Migration
2013-12-12 09:06:02    167424    ----a-w-    C:\Program Files\Windows Media Player\wmplayer.exe
2013-12-12 09:06:02    164864    ----a-w-    C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2013-12-12 09:06:00    12625920    ----a-w-    C:\windows\System32\wmploc.DLL
2013-12-12 09:05:58    12625408    ----a-w-    C:\windows\SysWow64\wmploc.DLL
2013-12-12 09:01:59    4243968    ----a-w-    C:\windows\SysWow64\jscript9.dll
2013-12-12 09:01:58    5769216    ----a-w-    C:\windows\System32\jscript9.dll
2013-12-12 05:51:10    335360    ----a-w-    C:\windows\System32\msieftp.dll
2013-12-12 05:51:10    301568    ----a-w-    C:\windows\SysWow64\msieftp.dll
2013-12-12 05:51:09    3155968    ----a-w-    C:\windows\System32\win32k.sys
2013-12-12 05:51:07    465920    ----a-w-    C:\windows\System32\WMPhoto.dll
2013-12-12 05:51:07    417792    ----a-w-    C:\windows\SysWow64\WMPhoto.dll
2013-12-12 05:51:05    81408    ----a-w-    C:\windows\System32\imagehlp.dll
2013-12-12 05:51:05    159232    ----a-w-    C:\windows\SysWow64\imagehlp.dll
2013-12-12 05:50:57    2048    ----a-w-    C:\windows\SysWow64\tzres.dll
2013-12-12 05:50:57    2048    ----a-w-    C:\windows\System32\tzres.dll
2013-12-12 05:50:46    230400    ----a-w-    C:\windows\System32\drivers\portcls.sys
2013-12-12 05:50:46    116736    ----a-w-    C:\windows\System32\drivers\drmk.sys
2013-12-12 05:50:45    202752    ----a-w-    C:\windows\System32\scrrun.dll
2013-12-12 05:50:45    156160    ----a-w-    C:\windows\System32\cscript.exe
2013-12-12 05:50:45    150016    ----a-w-    C:\windows\System32\wshom.ocx
2013-12-12 05:50:45    121856    ----a-w-    C:\windows\SysWow64\wshom.ocx
2013-12-12 05:50:44    168960    ----a-w-    C:\windows\System32\wscript.exe
2013-12-12 05:50:44    163840    ----a-w-    C:\windows\SysWow64\scrrun.dll
2013-12-12 05:50:44    141824    ----a-w-    C:\windows\SysWow64\wscript.exe
2013-12-12 05:50:44    126976    ----a-w-    C:\windows\SysWow64\cscript.exe
2013-12-06 09:44:05    965000    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{30F31551-F3B8-431E-BE5C-FFF844E253C7}\gapaengine.dll
2013-11-23 00:08:11    --------    d-----w-    C:\Users\Ju\AppData\Local\Downloaded Installations
.
==================== Find3M  ====================
.
2013-12-12 22:58:18    71048    ----a-w-    C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-12 22:58:18    692616    ----a-w-    C:\windows\SysWow64\FlashPlayerApp.exe
2013-11-26 10:19:07    2724864    ----a-w-    C:\windows\System32\mshtml.tlb
2013-11-26 10:18:23    4096    ----a-w-    C:\windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07    66048    ----a-w-    C:\windows\System32\iesetup.dll
2013-11-26 09:46:25    48640    ----a-w-    C:\windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02    2724864    ----a-w-    C:\windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39    139264    ----a-w-    C:\windows\System32\ieUnatt.exe
2013-11-26 09:18:09    111616    ----a-w-    C:\windows\System32\ieetwcollector.exe
2013-11-26 09:16:57    708608    ----a-w-    C:\windows\System32\jscript9diag.dll
2013-11-26 08:28:16    553472    ----a-w-    C:\windows\SysWow64\jscript9diag.dll
2013-11-26 08:02:16    1995264    ----a-w-    C:\windows\System32\inetcpl.cpl
2013-11-26 07:32:06    1928192    ----a-w-    C:\windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57    2334208    ----a-w-    C:\windows\System32\wininet.dll
2013-11-26 06:33:33    1820160    ----a-w-    C:\windows\SysWow64\wininet.dll
2013-11-19 10:21:41    267936    ------w-    C:\windows\System32\MpSigStub.exe
2013-10-12 02:30:42    830464    ----a-w-    C:\windows\System32\nshwfp.dll
2013-10-12 02:29:21    859648    ----a-w-    C:\windows\System32\IKEEXT.DLL
2013-10-12 02:29:08    324096    ----a-w-    C:\windows\System32\FWPUCLNT.DLL
2013-10-12 02:03:08    656896    ----a-w-    C:\windows\SysWow64\nshwfp.dll
2013-10-12 02:01:25    216576    ----a-w-    C:\windows\SysWow64\FWPUCLNT.DLL
2013-10-05 20:25:35    1474048    ----a-w-    C:\windows\System32\crypt32.dll
2013-10-05 19:57:25    1168384    ----a-w-    C:\windows\SysWow64\crypt32.dll
2013-10-04 02:28:31    190464    ----a-w-    C:\windows\System32\SmartcardCredentialProvider.dll
2013-10-04 02:25:17    197120    ----a-w-    C:\windows\System32\credui.dll
2013-10-04 02:24:49    1930752    ----a-w-    C:\windows\System32\authui.dll
2013-10-04 01:58:50    152576    ----a-w-    C:\windows\SysWow64\SmartcardCredentialProvider.dll
2013-10-04 01:56:25    168960    ----a-w-    C:\windows\SysWow64\credui.dll
2013-10-04 01:56:00    1796096    ----a-w-    C:\windows\SysWow64\authui.dll
2013-10-03 02:23:48    404480    ----a-w-    C:\windows\System32\gdi32.dll
2013-10-03 02:00:44    311808    ----a-w-    C:\windows\SysWow64\gdi32.dll
2013-10-02 21:14:52    58192    ----a-w-    C:\windows\System32\drivers\lsnfd.sys
2013-09-28 01:09:10    497152    ----a-w-    C:\windows\System32\drivers\afd.sys
2013-09-27 15:53:06    248240    ----a-w-    C:\windows\System32\drivers\MpFilter.sys
2013-09-27 15:53:06    134944    ----a-w-    C:\windows\System32\drivers\NisDrvWFP.sys
2013-09-25 02:26:40    95680    ----a-w-    C:\windows\System32\drivers\ksecdd.sys
2013-09-25 02:26:40    154560    ----a-w-    C:\windows\System32\drivers\ksecpkg.sys
2013-09-25 02:23:33    28672    ----a-w-    C:\windows\System32\sspisrv.dll
2013-09-25 02:23:33    135680    ----a-w-    C:\windows\System32\sspicli.dll
2013-09-25 02:23:01    28160    ----a-w-    C:\windows\System32\secur32.dll
2013-09-25 02:22:59    340992    ----a-w-    C:\windows\System32\schannel.dll
2013-09-25 02:21:50    307200    ----a-w-    C:\windows\System32\ncrypt.dll
2013-09-25 02:21:07    1447936    ----a-w-    C:\windows\System32\lsasrv.dll
2013-09-25 01:58:17    96768    ----a-w-    C:\windows\SysWow64\sspicli.dll
2013-09-25 01:57:26    22016    ----a-w-    C:\windows\SysWow64\secur32.dll
2013-09-25 01:57:24    247808    ----a-w-    C:\windows\SysWow64\schannel.dll
2013-09-25 01:56:42    220160    ----a-w-    C:\windows\SysWow64\ncrypt.dll
2013-09-25 01:03:24    30720    ----a-w-    C:\windows\System32\lsass.exe
.
============= FINISH:  8:27:22.08 ===============
 

 

ATTACH.TXT LOG

..
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 11/19/2011 4:20:54 PM
System Uptime: 12/18/2013 8:20:56 AM (0 hours ago)
.
Motherboard: TOSHIBA |  | Portable PC
Processor: AMD C-50 Processor | Socket FT1 | 1000/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 285 GiB total, 247.417 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
Description: Synaptics PS/2 Port TouchPad
Device ID: ACPI\TOS0100\4&275518F1&0
Manufacturer: Synaptics
Name: Synaptics PS/2 Port TouchPad
PNP Device ID: ACPI\TOS0100\4&275518F1&0
Service: i8042prt
.
==== System Restore Points ===================
.
RP272: 12/15/2013 10:56:09 AM - Scheduled Checkpoint
RP273: 12/15/2013 1:09:35 PM - Windows Update
RP274: 12/15/2013 1:51:11 PM - Windows Update
RP275: 12/15/2013 4:46:24 PM - Windows Modules Installer
RP276: 12/15/2013 4:52:16 PM - Restore Operation
RP277: 12/16/2013 3:34:47 PM - Removed AVG 2012
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.05)
Adobe Shockwave Player 12.0
ATI Catalyst Install Manager
Bing Rewards Client Installer
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Conexant HD Audio
Coupon Printer for Windows
D3DX10
ETDWare PS/2-X64 8.0.8.0_R01
Google Update Helper
HP Deskjet 1000 J110 series Basic Device Software
HP Deskjet 1000 J110 series Help
HP Deskjet 1000 J110 series Product Improvement Study
HP Photo Creations
HP Update
Internet TV for Windows Media Center
Java 7 Update 17
Java Auto Updater
Java 6 Update 20
Junk Mail filter update
Label@Once 1.0
Linksicle
Malwarebytes Anti-Malware version 1.75.0.1300
McAfee SiteAdvisor
Media Player Classic - Home Cinema v1.5.2.3456
Mesh Runtime
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
Microsoft WSE 3.0 Runtime
Mozilla Firefox 25.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
Origin
Plants vs. Zombies
PlayReady PC Runtime amd64
PlayReady PC Runtime x86
Playtopus
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
Realtek USB 2.0 Card Reader
Realtek WLAN Driver
RealUpgrade 1.1
Spybot - Search & Destroy
swMSM
Synaptics Pointing Device Driver
The Weather Channel App
Toshiba App Place
TOSHIBA Application Installer
TOSHIBA Assist
Toshiba Book Place
TOSHIBA Bulletin Board
TOSHIBA Disc Creator
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
Toshiba Laptop Checkup
TOSHIBA Media Controller
Toshiba Online Backup
TOSHIBA Quality Application
TOSHIBA Recovery Media Creator
TOSHIBA ReelTime
TOSHIBA Service Station
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
ToshibaRegistration
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WMV9/VC-1 Video Playback
Yahoo! Software Update
.
==== Event Viewer Messages From Past Week ========
.
12/18/2013 8:21:26 AM, Error: Service Control Manager [7000]  - The McciServiceHost service failed to start due to the following error:  The system cannot find the file specified.
12/18/2013 8:21:19 AM, Error: Microsoft-Windows-WLAN-AutoConfig [10000]  - WLAN Extensibility Module has failed to start. Module Path: C:\windows\system32\Rtlihvs.dll Error Code: 126
.
==== End Of File ===========================


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 11/19/2011 4:20:54 PM
System Uptime: 12/18/2013 8:20:56 AM (0 hours ago)
.
Motherboard: TOSHIBA |  | Portable PC
Processor: AMD C-50 Processor | Socket FT1 | 1000/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 285 GiB total, 247.417 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
Description: Synaptics PS/2 Port TouchPad
Device ID: ACPI\TOS0100\4&275518F1&0
Manufacturer: Synaptics
Name: Synaptics PS/2 Port TouchPad
PNP Device ID: ACPI\TOS0100\4&275518F1&0
Service: i8042prt
.
==== System Restore Points ===================
.
RP272: 12/15/2013 10:56:09 AM - Scheduled Checkpoint
RP273: 12/15/2013 1:09:35 PM - Windows Update
RP274: 12/15/2013 1:51:11 PM - Windows Update
RP275: 12/15/2013 4:46:24 PM - Windows Modules Installer
RP276: 12/15/2013 4:52:16 PM - Restore Operation
RP277: 12/16/2013 3:34:47 PM - Removed AVG 2012
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.05)
Adobe Shockwave Player 12.0
ATI Catalyst Install Manager
Bing Rewards Client Installer
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Conexant HD Audio
Coupon Printer for Windows
D3DX10
ETDWare PS/2-X64 8.0.8.0_R01
Google Update Helper
HP Deskjet 1000 J110 series Basic Device Software
HP Deskjet 1000 J110 series Help
HP Deskjet 1000 J110 series Product Improvement Study
HP Photo Creations
HP Update
Internet TV for Windows Media Center
Java 7 Update 17
Java Auto Updater
Java 6 Update 20
Junk Mail filter update
Label@Once 1.0
Linksicle
Malwarebytes Anti-Malware version 1.75.0.1300
McAfee SiteAdvisor
Media Player Classic - Home Cinema v1.5.2.3456
Mesh Runtime
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
Microsoft WSE 3.0 Runtime
Mozilla Firefox 25.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
Origin
Plants vs. Zombies
PlayReady PC Runtime amd64
PlayReady PC Runtime x86
Playtopus
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
Realtek USB 2.0 Card Reader
Realtek WLAN Driver
RealUpgrade 1.1
Spybot - Search & Destroy
swMSM
Synaptics Pointing Device Driver
The Weather Channel App
Toshiba App Place
TOSHIBA Application Installer
TOSHIBA Assist
Toshiba Book Place
TOSHIBA Bulletin Board
TOSHIBA Disc Creator
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
Toshiba Laptop Checkup
TOSHIBA Media Controller
Toshiba Online Backup
TOSHIBA Quality Application
TOSHIBA Recovery Media Creator
TOSHIBA ReelTime
TOSHIBA Service Station
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
ToshibaRegistration
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WMV9/VC-1 Video Playback
Yahoo! Software Update
.
==== Event Viewer Messages From Past Week ========
.
12/18/2013 8:21:26 AM, Error: Service Control Manager [7000]  - The McciServiceHost service failed to start due to the following error:  The system cannot find the file specified.
12/18/2013 8:21:19 AM, Error: Microsoft-Windows-WLAN-AutoConfig [10000]  - WLAN Extensibility Module has failed to start. Module Path: C:\windows\system32\Rtlihvs.dll Error Code: 126
.
==== End Of File ===========================
 

[Maniac]

Hello Falneth! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

• If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
• I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
• Make sure you read all of the instructions and fixes thoroughly before continuing with them.
• Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
• Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
• Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

Please do not run ComboFix without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Step 1

I see you are running Teatimer.

I suggest you to disable it because it can interfere with the changes you'll make on your system.

When everything is done and your log is clean again, you can enable it again.

If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.

How to disable TeaTimer <== click me for instructions.

After you disabled Teatimer, download ResetTeaTimer.exe to your desktop.

Then run ResetTeaTimer.exe.

This will only take a few seconds.

Step 2

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

Step 3

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool.
• Click on Clean.
• Confirm each time with Ok.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the content of that logfile with your next answer.
• You can find the logfile at C:\AdwCleaner\AdwCleaner[s0].txt as well.

Step 4

• Download on the desktop RogueKiller (32-bit version) or RogueKiller (64-bit version)
• Quit all programs
• Start RogueKiller.exe
• Wait until Prescan has finished ...
• Click on Scan. Click on Report and copy/paste the content of the notepad in your next reply.
• Note: Don't fix anything without my instructions

  In your next reply, post the following log files:

  • Junkware Removal Tool log
  • AdwCleaner log
  • RogueKiller log

[Falneth]

I cannot get the download link for the ResetTeaTimer.exe. I went there but it does not show up when I translate the page from dutch to english.

[Falneth]

This is the ORIGINAL JunkWare Removal Tool Log from the first time I ran it:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by Ju on Mon 12/16/2013 at 20:26:52.40
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D0F4A166-B8D4-48b8-9D63-80849FE137CB}
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D0F4A166-B8D4-48b8-9D63-80849FE137CB}
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{D0F4A166-B8D4-48b8-9D63-80849FE137CB}



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{739DF940-C5EE-4BAB-9D7E-270894AE687A}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1BB8B3AE-757D-443F-B3A4-0629E709B0D9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2952883985-3304835424-3763697947-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4E7BD74F-2B8D-469E-85B2-BC27FE9AAE2E}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{4E7BD74F-2B8D-469E-85B2-BC27FE9AAE2E}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011501160}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110111271147}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011501160}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110111271147}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{35e9438f-19d4-4516-b2ac-59ba9241de4d}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{D62C9914-B2C4-4F54-9E49-D37AA6FAEF47}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E5AFE96F-AEC2-47D9-AF0B-8F20A3E67126}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{35e9438f-19d4-4516-b2ac-59ba9241de4d}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{96A25A24-2E87-4374-8A50-CC6F943FCE4D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{96A25A24-2E87-4374-8A50-CC6F943FCE4D}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{96A25A24-2E87-4374-8A50-CC6F943FCE4D}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Ju\appdata\locallow\wxdownload"
Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"
Successfully deleted: [Folder] "C:\Program Files (x86)\friendschecker"
Successfully deleted: [Folder] "C:\windows\syswow64\ai_recyclebin"
Successfully deleted: [Empty Folder] C:\Users\Ju\appdata\local\{073B2DC5-167A-4E65-8866-939D8CBEDC23}
Successfully deleted: [Empty Folder] C:\Users\Ju\appdata\local\{0942E2C2-FD1D-4CF9-AB9A-CC1B928418CD}
Successfully deleted: [Empty Folder] C:\Users\Ju\appdata\local\{20BA4154-FFC0-4C64-8C06-6BD065EEB312}
Successfully deleted: [Empty Folder] C:\Users\Ju\appdata\local\{24DF7674-17E5-4062-8B02-4EB543F6FA3F}
Successfully deleted: [Empty Folder] C:\Users\Ju\appdata\local\{41D97FAA-EF85-455A-B488-A8FFAD19FFB6}
Successfully deleted: [Empty Folder] C:\Users\Ju\appdata\local\{6A1221A2-773F-4174-88D3-DA8E6EB0BC72}
Successfully deleted: [Empty Folder] C:\Users\Ju\appdata\local\{83F8D405-4BB6-4BF3-AA50-00262DC7BD00}
Successfully deleted: [Empty Folder] C:\Users\Ju\appdata\local\{8A3862F7-F36C-4990-9C23-976332648EA5}
Successfully deleted: [Empty Folder] C:\Users\Ju\appdata\local\{A72434DB-A3AA-404C-8565-668A0D002E82}
Successfully deleted: [Empty Folder] C:\Users\Ju\appdata\local\{AFA8FEE9-175B-4AE7-84D1-6D1EEB2B84C5}
Successfully deleted: [Empty Folder] C:\Users\Ju\appdata\local\{B74F1AE4-28E2-4639-91AD-16EB9C062DDE}



~~~ FireFox

Emptied folder: C:\Users\Ju\AppData\Roaming\mozilla\firefox\profiles\9yrkf0io.default\minidumps [1 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 12/16/2013 at 20:50:28.40
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

This is the ORIGINAL AdwCleaner log when I first ran it:

 

# AdwCleaner v3.015 - Report created 16/12/2013 at 20:22:25
# Updated 10/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Ju - JU-PC
# Running from : C:\Users\Public\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : CltMngSvc
Service Deleted : FromDocToPDF_65Service
Service Deleted : lssvc

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\AskPartnerNetwork
Folder Deleted : C:\ProgramData\BitGuard
Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\Program Files (x86)\AskPartnerNetwork
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\FromDocToPDF_65
Folder Deleted : C:\Program Files (x86)\Linksicle
Folder Deleted : C:\Program Files (x86)\Searchprotect
Folder Deleted : C:\Program Files (x86)\MyPoints Score
Folder Deleted : C:\Program Files\Linksicle
Folder Deleted : C:\Users\Ju\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\Ju\AppData\Local\MyPoints Score
Folder Deleted : C:\Users\Ju\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Ju\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Ju\AppData\LocalLow\FromDocToPDF_65
Folder Deleted : C:\Users\Ju\AppData\LocalLow\iac
Folder Deleted : C:\Users\Ju\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Ju\AppData\LocalLow\MyPoints Score
Folder Deleted : C:\Users\Ju\AppData\Roaming\DefaultTab
Folder Deleted : C:\Users\Ju\AppData\Roaming\file scout
Folder Deleted : C:\Users\Ju\AppData\Roaming\pccustubinstaller
Folder Deleted : C:\Users\Ju\AppData\Roaming\Systweak
Folder Deleted : C:\Users\Ju\AppData\Roaming\UpdaterEX
Folder Deleted : C:\Users\Ju\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
File Deleted : C:\windows\System32\roboot64.exe
File Deleted : C:\windows\System32\Tasks\BitGuard

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp
Key Deleted : HKLM\SOFTWARE\Classes\*\shell\filescout
Key Deleted : HKLM\SOFTWARE\Classes\AppID\DefaultTabBHO.DLL
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX.1
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.DynamicBarButton
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.DynamicBarButton.1
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.FeedManager
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.FeedManager.1
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.HTMLMenu
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.HTMLMenu.1
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.HTMLPanel
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.HTMLPanel.1
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.MultipleButton
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.MultipleButton.1
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.PseudoTransparentPlugin
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.PseudoTransparentPlugin.1
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.Radio
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.Radio.1
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.RadioSettings
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.RadioSettings.1
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.ScriptButton
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.ScriptButton.1
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.SettingsPlugin
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.SettingsPlugin.1
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.SkinLauncher
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.SkinLauncher.1
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.SkinLauncherSettings
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.SkinLauncherSettings.1
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.ThirdPartyInstaller
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.ThirdPartyInstaller.1
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.ToolbarProtector
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.ToolbarProtector.1
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.UrlAlertButton
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.UrlAlertButton.1
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.XMLSessionPlugin
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.XMLSessionPlugin.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Savings Sidekick_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Savings Sidekick_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0046678.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0046678.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0046678.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0046678.Sandbox.1
Key Deleted : HKCU\Software\532ddd0b16ee945
Key Deleted : HKLM\SOFTWARE\532ddd0b16ee945
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3268935
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3289663
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3289847
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [FromDocToPDF Search Scope Monitor]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [FromDocToPDF_65 Browser Plugin Loader]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{38495740-0035-4471-851E-F5BBB86AB085}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{017D68F2-19B3-41AE-9D8A-8B09DBD25479}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2AD2D8CA-D24D-40D2-A8FC-46952409BA9A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2BD4465D-669A-42E6-B449-636B0B10EBB8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3700B685-D795-4E17-9B78-73BCEE5D4086}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3E6260AC-BC6F-44B4-942B-1568C367543A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{504B4AA9-9952-4490-B0E1-80A5321C35F7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{72D05120-DF65-4C27-921E-899B5267FEF2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8AD40E5E-9FD9-4F5E-B4D1-DDF2C921DCE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A0CF6CB9-2276-4F30-B841-05A67067ACE0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE84501A-2CB6-41D6-B3A7-9679BDBDFA0B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AFA196F4-80E5-47AD-B7BC-C671487D36FB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B7FD68F7-D28B-431E-9EE8-E45D915B7F17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC7E25D7-4681-46A3-AF5A-9A1B865783ED}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C66A678D-5E6C-4AF9-8F57-C6192F42CF74}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CBBEA4B9-B183-47AC-8B1F-FD526AC99A8D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC99A798-FD3D-4AB4-969E-6071612524F9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD1D181E-C654-4CA5-9D09-B3648537FD7D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E0C3A839-0E5E-4EBC-9F8F-E56F8FC732CE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E1C4699E-5E74-4F30-A4A2-378E45D44F07}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F96EE2EF-FE15-4878-AECD-BC367F12C70F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FC2B119B-2352-4E7A-9197-B9E1BBADE61B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110411661178}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422662278}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{36B445BF-1B84-466A-A623-A360A8CFF8C3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6CBF5C01-C876-481B-867E-111CB1D2A7D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D97143C2-4282-496B-BDC4-7EC852F1497C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550455665578}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466666678}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1747AE4D-0A83-4336-84D4-48500BF1554F}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2C9D27D8-C81E-4968-8026-E725E01650C1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3BB1BA04-1B88-4690-9AD3-0D38412F5FF1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3EFEC319-72E8-42AA-AC38-8CF8A0661CDD}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4D8AEB1D-4ED4-44AC-A039-4775B2575DB0}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{542EAC56-BF4B-46A7-943E-0A4C2CBA34EA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6191571E-F7EE-47C3-B229-2DFAC70DB5D2}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74C02D12-FAEE-4834-80D2-5B7D2480AD61}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{840AE8AE-D547-433E-985C-6BF6C74F5084}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A85ACA7E-5CD2-461B-877A-994CCCCF491C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{BF6FDBB8-7CD5-402D-AB4F-E4F13D3490C8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E3CDDB72-3ADC-4920-B42B-68A8C29FA942}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440444664478}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2AD2D8CA-D24D-40D2-A8FC-46952409BA9A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411661178}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BC7E25D7-4681-46A3-AF5A-9A1B865783ED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC99A798-FD3D-4AB4-969E-6071612524F9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110411661178}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110411661178}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2AD2D8CA-D24D-40D2-A8FC-46952409BA9A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2BD4465D-669A-42E6-B449-636B0B10EBB8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8AD40E5E-9FD9-4F5E-B4D1-DDF2C921DCE3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BC7E25D7-4681-46A3-AF5A-9A1B865783ED}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CBBEA4B9-B183-47AC-8B1F-FD526AC99A8D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E1C4699E-5E74-4F30-A4A2-378E45D44F07}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FC2B119B-2352-4E7A-9197-B9E1BBADE61B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{36B445BF-1B84-466A-A623-A360A8CFF8C3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6CBF5C01-C876-481B-867E-111CB1D2A7D6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{701F5C41-BB30-46DA-A56B-68784B0B762B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A3B975A0-F679-444E-9D94-6D292FA53140}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D97143C2-4282-496B-BDC4-7EC852F1497C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0C3A839-0E5E-4EBC-9F8F-E56F8FC732CE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{57570839-c6e2-4ff6-8b35-48da0365d6bc}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5991de45-6980-4257-b64c-1650d50eecc1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5bd1e7eb-bc11-4e66-bc52-198c14461fd4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7c69de7f-7bd7-408c-b273-941e9b8284b7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{91541f7f-9119-4bc8-a07b-ba486f572300}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9A216821-0EC5-49A3-85AC-FB72AE79A1E8}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9A216821-0EC5-49A3-85AC-FB72AE79A1E8}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{C66A678D-5E6C-4AF9-8F57-C6192F42CF74}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D0F4A166-B8D4-48B8-9D63-80849FE137CB}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{D3D233D5-9F6D-436C-B6C7-E63F77503B30}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110411661178}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422662278}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{36B445BF-1B84-466A-A623-A360A8CFF8C3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6CBF5C01-C876-481B-867E-111CB1D2A7D6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D97143C2-4282-496B-BDC4-7EC852F1497C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550455665578}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466666678}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411661178}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{57570839-c6e2-4ff6-8b35-48da0365d6bc}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5991de45-6980-4257-b64c-1650d50eecc1}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5bd1e7eb-bc11-4e66-bc52-198c14461fd4}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7c69de7f-7bd7-408c-b273-941e9b8284b7}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{91541f7f-9119-4bc8-a07b-ba486f572300}
Value Deleted : HKLM\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist [1]
Key Deleted : HKCU\Software\Default Tab
Key Deleted : HKCU\Software\DefaultTab
Key Deleted : HKCU\Software\filescout
Key Deleted : HKCU\Software\FromDocToPDF_65
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\installedbrowserextensions
Key Deleted : HKCU\Software\pc optimizer pro
Key Deleted : HKCU\Software\performersoft llc
Key Deleted : HKCU\Software\SearchProtect
Key Deleted : HKCU\Software\SiteRanker
Key Deleted : HKCU\Software\UpdaterEX
Key Deleted : HKCU\Software\wecarereminder
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\DefaultTab
Key Deleted : HKCU\Software\AppDataLow\Software\FromDocToPDF_65
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\MyPoints Score
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Default Tab
Key Deleted : HKLM\Software\FromDocToPDF_65
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\MyPoints Score
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\UpdaterEX
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FromDocToPDF_65bar Uninstall Internet Explorer
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPoints Score

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [searchAssistant]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [CustomizeSearch]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [CustomizeSearch]

-\\ Mozilla Firefox v25.0.1 (en-US)

[ File : C:\Users\Ju\AppData\Roaming\Mozilla\Firefox\Profiles\9yrkf0io.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [25008 octets] - [16/12/2013 20:18:20]
AdwCleaner[s0].txt - [21746 octets] - [16/12/2013 20:22:25]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [21807 octets] ##########
 

This is the RECENT JunkWare Removal Tool Log:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by Ju on Wed 12/18/2013 at 18:41:53.50
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D0F4A166-B8D4-48b8-9D63-80849FE137CB}



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 12/18/2013 at 19:03:45.76
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

This is the RECENT AdwCleaner log:

 

# AdwCleaner v3.015 - Report created 18/12/2013 at 19:07:29
# Updated 10/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Ju - JU-PC
# Running from : \\JU-PC\Users\Public\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v25.0.1 (en-US)

[ File : C:\Users\Ju\AppData\Roaming\Mozilla\Firefox\Profiles\9yrkf0io.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [25008 octets] - [16/12/2013 20:18:20]
AdwCleaner[R1].txt - [823 octets] - [18/12/2013 19:06:06]
AdwCleaner[s1].txt - [745 octets] - [18/12/2013 19:07:29]

########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [804 octets] ##########
 

 

RogueKiller 64-bit Log:

 

RogueKiller V8.7.13 _x64_ [Dec 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Ju [Admin rights]
Mode : Scan -- Date : 12/18/2013 19:15:10
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 8 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 4 ¤¤¤
[V1][sUSP PATH] Playtopus Updater.job : C:\Windows\SysWOW64\rundll32.exe - C:\Users\Ju\AppData\Local\PLAYTO~1\Updater.dll,ProcessRequest [7][-][x] -> FOUND
[V2][sUSP PATH] IHSelfDeleteTASK : CMD - /C DEL C:\Users\Ju\AppData\Local\Temp\IHUC793.tmp.exe [x][x] -> FOUND
[V2][sUSP PATH] IHUninstallTrackingTASK : CMD - /C DEL C:\windows\TEMP\IHUAA61.tmp.exe [x][x] -> FOUND
[V2][sUSP PATH] Playtopus Updater : C:\Windows\SysWOW64\rundll32.exe - C:\Users\Ju\AppData\Local\PLAYTO~1\Updater.dll,ProcessRequest [7][-][x] -> FOUND

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) TOSHIBA MK3265GSXN SATA Disk Device +++++
--- User ---
[MBR] ccf60736590eef2cfd6a7aa695256f66
[bSP] 66145dbfca0f0410ab0749a594446f83 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 292137 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 601370624 | Size: 11607 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_12182013_191510.txt >>


This is the log from when I ran ComboFix on my own 2 days ago before posting my help request:

 

ComboFix 13-12-16.01 - Ju 12/16/2013  17:17:57.1.2 - x64 NETWORK
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2663.1991 [GMT -6:00]
Running from: c:\users\Ju\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\wxDownload
c:\programdata\wxDownload\50e1c0d6a707d.dll
c:\programdata\wxDownload\50e1c0d6a707d.tlb
c:\programdata\wxDownload\data\wxDownload.dat
c:\programdata\wxDownload\opilbjgolebgjkdcmnocgmojaghhcckm.crx
c:\programdata\wxDownload\settings.ini
c:\users\Ju\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_ehdcpdlmoolkbecbefimbgnneifpcpne_0
c:\users\Ju\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_ehdcpdlmoolkbecbefimbgnneifpcpne_0\3
c:\users\Ju\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdcpdlmoolkbecbefimbgnneifpcpne
c:\users\Ju\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdcpdlmoolkbecbefimbgnneifpcpne\1.25.7_0\background.html
c:\users\Ju\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdcpdlmoolkbecbefimbgnneifpcpne\1.25.7_0\crossriderManifest.json
c:\users\Ju\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdcpdlmoolkbecbefimbgnneifpcpne\1.25.7_0\extensionData\manifest.xml
c:\users\Ju\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdcpdlmoolkbecbefimbgnneifpcpne\1.25.7_0\extensionData\plugins.json
c:\users\Ju\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdcpdlmoolkbecbefimbgnneifpcpne\1.25.7_0\extensionData\plugins\1_base.js
c:\users\Ju\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdcpdlmoolkbecbefimbgnneifpcpne\1.25.7_0\extensionData\plugins\13_CrossriderAppUtils.js
c:\users\Ju\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdcpdlmoolkbecbefimbgnneifpcpne\1.25.7_0\extensionData\plugins\14_CrossriderUtils.js
c:\users\Ju\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdcpdlmoolkbecbefimbgnneifpcpne\1.25.7_0\extensionData\plugins\17_jQuery.js
c:\users\Ju\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdcpdlmoolkbecbefimbgnneifpcpne\1.25.7_0\extensionData\plugins\19_CHAppAPIWrapper.js
c:\users\Ju\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdcpdlmoolkbecbefimbgnneifpcpne\1.25.7_0\extensionData\plugins\21_debug.js
c:\users\Ju\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdcpdlmoolkbecbefimbgnneifpcpne\1.25.7_0\extensionData\plugins\22_resources.js
c:\users\Ju\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdcpdlmoolkbecbefimbgnneifpcpne\1.25.7_0\extensionData\plugins\28_initializer.js
c:\users\Ju\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdcpdlmoolkbecbefimbgnneifpcpne\1.25.7_0\extensionData\plugins\4_jquery_1_7_1.js
c:\users\Ju\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdcpdlmoolkbecbefimbgnneifpcpne\1.25.7_0\extensionData\plugins\47_resources_background.js
c:\users\Ju\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdcpdlmoolkbecbefimbgnneifpcpne\1.25.7_0\extensionData\plugins\64_appApiMessage.js
c:\users\Ju\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdcpdlmoolkbecbefimbgnneifpcpne\1.25.7_0\extensionData\plugins\72_appApiValidation.js
c:\users\Ju\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdcpdlmoolkbecbefimbgnneifpcpne\1.25.7_0\extensionData\plugins\78_CrossriderInfo.js
c:\users\Ju\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdcpdlmoolkbecbefimbgnneifpcpne\1.25.7_0\extensionData\plugins\80_CHPopupAppAPI.js
c:\users\Ju\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdcpdlmoolkbecbefimbgnneifpcpne\1.25.7_0\extensionData\plugins\97_resourceApiWrapper.js
c:\users\Ju\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdcpdlmoolkbecbefimbgnneifpcpne\1.25.7_0\extensionData\userCode\background.js
c:\users\Ju\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdcpdlmoolkbecbefimbgnneifpcpne\1.25.7_0\extensionData\userCode\extension.js
c:\users\Ju\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdcpdlmoolkbecbefimbgnneifpcpne\1.25.7_0\icons\actions\1.png
c:\users\Ju\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdcpdlmoolkbecbefimbgnneifpcpne\1.25.7_0\icons\icon128.png
c:\users\Ju\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdcpdlmoolkbecbefimbgnneifpcpne\1.25.7_0\icons\icon16.png
c:\users\Ju\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdcpdlmoolkbecbefimbgnneifpcpne\1.25.7_0\icons\icon48.png
c:\users\Ju\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdcpdlmoolkbecbefimbgnneifpcpne\1.25.7_0\js\api\chrome.js
c:\users\Ju\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdcpdlmoolkbecbefimbgnneifpcpne\1.25.7_0\js\api\cookie.js
c:\users\Ju\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdcpdlmoolkbecbefimbgnneifpcpne\1.25.7_0\js\api\message.js
c:\users\Ju\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdcpdlmoolkbecbefimbgnneifpcpne\1.25.7_0\js\api\pageAction.js
c:\users\Ju\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdcpdlmoolkbecbefimbgnneifpcpne\1.25.7_0\js\api\pageActionBG.js
c:\users\Ju\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdcpdlmoolkbecbefimbgnneifpcpne\1.25.7_0\js\background.js
c:\users\Ju\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdcpdlmoolkbecbefimbgnneifpcpne\1.25.7_0\js\lib\app_api.js
c:\users\Ju\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdcpdlmoolkbecbefimbgnneifpcpne\1.25.7_0\js\lib\bg_app_api.js
c:\users\Ju\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdcpdlmoolkbecbefimbgnneifpcpne\1.25.7_0\js\lib\consts.js
c:\users\Ju\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdcpdlmoolkbecbefimbgnneifpcpne\1.25.7_0\js\lib\cookie_store.js
c:\users\Ju\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdcpdlmoolkbecbefimbgnneifpcpne\1.25.7_0\js\lib\crossriderAPI.js
c:\users\Ju\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdcpdlmoolkbecbefimbgnneifpcpne\1.25.7_0\js\lib\delegate.js
c:\users\Ju\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdcpdlmoolkbecbefimbgnneifpcpne\1.25.7_0\js\lib\events.js
c:\users\Ju\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdcpdlmoolkbecbefimbgnneifpcpne\1.25.7_0\js\lib\extensionDataStore.js
c:\users\Ju\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdcpdlmoolkbecbefimbgnneifpcpne\1.25.7_0\js\lib\installer.js
c:\users\Ju\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdcpdlmoolkbecbefimbgnneifpcpne\1.25.7_0\js\lib\logFile.js
c:\users\Ju\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdcpdlmoolkbecbefimbgnneifpcpne\1.25.7_0\js\lib\logging.js
c:\users\Ju\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdcpdlmoolkbecbefimbgnneifpcpne\1.25.7_0\js\lib\onBGDocumentLoad.js
c:\users\Ju\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdcpdlmoolkbecbefimbgnneifpcpne\1.25.7_0\js\lib\popupResource\newPopup.js
c:\users\Ju\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdcpdlmoolkbecbefimbgnneifpcpne\1.25.7_0\js\lib\popupResource\popup.js
c:\users\Ju\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdcpdlmoolkbecbefimbgnneifpcpne\1.25.7_0\js\lib\reports.js
c:\users\Ju\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdcpdlmoolkbecbefimbgnneifpcpne\1.25.7_0\js\lib\storageWrapper.js
c:\users\Ju\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdcpdlmoolkbecbefimbgnneifpcpne\1.25.7_0\js\lib\updateManager.js
c:\users\Ju\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdcpdlmoolkbecbefimbgnneifpcpne\1.25.7_0\js\lib\util.js
c:\users\Ju\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdcpdlmoolkbecbefimbgnneifpcpne\1.25.7_0\js\lib\xhr.js
c:\users\Ju\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdcpdlmoolkbecbefimbgnneifpcpne\1.25.7_0\js\main.js
c:\users\Ju\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdcpdlmoolkbecbefimbgnneifpcpne\1.25.7_0\manifest.json
c:\users\Ju\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdcpdlmoolkbecbefimbgnneifpcpne\1.25.7_0\popup.html
c:\users\Ju\AppData\Roaming\DefaultTab\DefaultTab
c:\users\Ju\AppData\Roaming\DefaultTab\DefaultTab\addon.ico
c:\users\Ju\AppData\Roaming\DefaultTab\DefaultTab\Apps\RelatedLinksBHO.dll
c:\users\Ju\AppData\Roaming\DefaultTab\DefaultTab\blocklist.json
c:\users\Ju\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.cfg
c:\users\Ju\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
c:\users\Ju\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart.exe
c:\users\Ju\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart64.exe
c:\users\Ju\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabUninstaller.exe
c:\users\Ju\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap.dll
c:\users\Ju\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap64.dll
c:\users\Ju\AppData\Roaming\DefaultTab\DefaultTab\DT.ico
c:\users\Ju\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
c:\users\Ju\AppData\Roaming\DefaultTab\DefaultTab\searchhere.ico
c:\users\Ju\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exe
c:\users\Ju\AppData\Roaming\DefaultTab\DefaultTab\update.exe
c:\users\Public\ComboFix.exe
c:\users\Public\mbam-clean-1.60.2.0003.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_DefaultTabUpdate
-------\Service_DefaultTabUpdate
.
.
(((((((((((((((((((((((((   Files Created from 2013-11-17 to 2013-12-17  )))))))))))))))))))))))))))))))
.
.
2013-12-17 00:09 . 2013-12-17 00:09    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-12-16 22:40 . 2013-12-16 22:40    36680    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2013-12-16 22:37 . 2013-12-16 22:37    --------    d-----w-    c:\users\Ju\AppData\Roaming\Malwarebytes
2013-12-16 22:36 . 2013-12-16 22:36    --------    d-----w-    c:\programdata\Malwarebytes
2013-12-16 22:36 . 2013-04-04 20:50    25928    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-12-16 22:36 . 2013-12-16 22:36    --------    d-----w-    c:\program files (x86)\Malwarebytes' Anti-Malware
2013-12-15 23:42 . 2013-12-15 23:42    --------    d-----w-    c:\users\Ju\AppData\Local\Macromedia
2013-12-15 23:40 . 2013-12-15 23:40    --------    d-----w-    c:\users\Ju\AppData\Local\Mozilla
2013-12-15 23:35 . 2013-12-15 23:35    --------    d-----w-    c:\program files\Linksicle
2013-12-15 23:35 . 2013-12-15 23:35    --------    d-----w-    c:\users\Ju\AppData\Roaming\UpdaterEX
2013-12-15 23:35 . 2013-12-15 23:35    --------    d-----w-    c:\program files (x86)\Common Files\McAfee
2013-12-15 23:35 . 2013-12-15 23:35    --------    d-----w-    c:\users\Ju\AppData\Local\MyPoints Score
2013-12-15 23:35 . 2013-12-15 23:35    --------    d-----w-    c:\program files (x86)\Linksicle
2013-12-15 23:35 . 2013-12-15 23:35    --------    d-----w-    c:\program files (x86)\MyPoints Score
2013-12-15 23:35 . 2013-12-15 23:39    --------    d-----w-    c:\program files (x86)\McAfee
2013-12-15 23:05 . 2013-11-08 03:12    10285968    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C7B7B889-0719-4AE4-894B-735705F33FF2}\mpengine.dll
2013-12-15 20:01 . 2012-08-23 08:13    5773824    ----a-w-    c:\windows\system32\mstscax.dll
2013-12-15 20:01 . 2013-12-15 20:01    --------    d-----w-    C:\history
2013-12-15 19:57 . 2013-12-15 19:57    --------    d-----w-    c:\program files\Synaptics
2013-12-15 19:51 . 2012-05-04 11:00    366592    ----a-w-    c:\windows\system32\qdvd.dll
2013-12-15 19:51 . 2012-05-04 09:59    514560    ----a-w-    c:\windows\SysWow64\qdvd.dll
2013-12-15 19:12 . 2013-12-15 19:12    --------    d-----w-    c:\windows\Migration
2013-12-15 08:16 . 2013-11-08 03:12    10285968    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-12-12 09:06 . 2013-05-10 04:30    167424    ----a-w-    c:\program files\Windows Media Player\wmplayer.exe
2013-12-12 09:06 . 2013-05-10 03:48    164864    ----a-w-    c:\program files (x86)\Windows Media Player\wmplayer.exe
2013-12-12 09:06 . 2013-05-10 05:56    12625920    ----a-w-    c:\windows\system32\wmploc.DLL
2013-12-12 09:05 . 2013-05-10 04:56    12625408    ----a-w-    c:\windows\SysWow64\wmploc.DLL
2013-12-12 09:05 . 2013-05-10 05:56    14631424    ----a-w-    c:\windows\system32\wmp.dll
2013-12-12 09:01 . 2013-11-26 08:16    4243968    ----a-w-    c:\windows\SysWow64\jscript9.dll
2013-12-12 09:01 . 2013-11-26 08:35    5769216    ----a-w-    c:\windows\system32\jscript9.dll
2013-12-12 05:51 . 2013-10-30 02:32    335360    ----a-w-    c:\windows\system32\msieftp.dll
2013-12-12 05:51 . 2013-10-30 02:19    301568    ----a-w-    c:\windows\SysWow64\msieftp.dll
2013-12-12 05:51 . 2013-10-30 01:24    3155968    ----a-w-    c:\windows\system32\win32k.sys
2013-12-12 05:51 . 2013-11-23 18:26    417792    ----a-w-    c:\windows\SysWow64\WMPhoto.dll
2013-12-12 05:51 . 2013-11-23 17:47    465920    ----a-w-    c:\windows\system32\WMPhoto.dll
2013-12-12 05:51 . 2013-10-19 02:18    81408    ----a-w-    c:\windows\system32\imagehlp.dll
2013-12-12 05:51 . 2013-10-19 01:36    159232    ----a-w-    c:\windows\SysWow64\imagehlp.dll
2013-12-12 05:50 . 2013-11-12 02:23    2048    ----a-w-    c:\windows\system32\tzres.dll
2013-12-12 05:50 . 2013-11-12 02:07    2048    ----a-w-    c:\windows\SysWow64\tzres.dll
2013-12-12 05:50 . 2013-10-04 02:16    116736    ----a-w-    c:\windows\system32\drivers\drmk.sys
2013-12-12 05:50 . 2013-10-04 01:36    230400    ----a-w-    c:\windows\system32\drivers\portcls.sys
2013-12-12 05:50 . 2013-10-12 02:32    150016    ----a-w-    c:\windows\system32\wshom.ocx
2013-12-12 05:50 . 2013-10-12 02:31    202752    ----a-w-    c:\windows\system32\scrrun.dll
2013-12-12 05:50 . 2013-10-12 02:04    121856    ----a-w-    c:\windows\SysWow64\wshom.ocx
2013-12-12 05:50 . 2013-10-12 01:33    156160    ----a-w-    c:\windows\system32\cscript.exe
2013-12-12 05:50 . 2013-10-12 02:03    163840    ----a-w-    c:\windows\SysWow64\scrrun.dll
2013-12-12 05:50 . 2013-10-12 01:33    168960    ----a-w-    c:\windows\system32\wscript.exe
2013-12-12 05:50 . 2013-10-12 01:15    141824    ----a-w-    c:\windows\SysWow64\wscript.exe
2013-12-12 05:50 . 2013-10-12 01:15    126976    ----a-w-    c:\windows\SysWow64\cscript.exe
2013-12-06 09:44 . 2013-10-18 01:09    965000    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{30F31551-F3B8-431E-BE5C-FFF844E253C7}\gapaengine.dll
2013-11-23 00:14 . 2013-11-23 00:14    --------    d-----w-    c:\programdata\AskPartnerNetwork
2013-11-23 00:14 . 2013-11-23 00:14    --------    d-----w-    c:\program files (x86)\AskPartnerNetwork
2013-11-23 00:14 . 2013-11-23 00:14    --------    d-----w-    c:\programdata\APN
2013-11-23 00:08 . 2013-11-23 00:08    --------    d-----w-    c:\users\Ju\AppData\Local\Downloaded Installations
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-15 09:01 . 2012-02-14 19:37    90708896    ----a-w-    c:\windows\system32\MRT.exe
2013-12-12 22:58 . 2012-08-10 01:09    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-12 22:58 . 2012-08-10 01:09    692616    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-11-19 10:21 . 2010-11-21 03:27    267936    ------w-    c:\windows\system32\MpSigStub.exe
2013-10-18 01:09 . 2012-10-03 00:21    965000    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-10-15 00:00 . 2012-11-20 12:15    28368    ----a-w-    c:\windows\system32\IEUDINIT.EXE
2013-10-12 02:30 . 2013-11-13 18:14    830464    ----a-w-    c:\windows\system32\nshwfp.dll
2013-10-12 02:29 . 2013-11-13 18:14    859648    ----a-w-    c:\windows\system32\IKEEXT.DLL
2013-10-12 02:29 . 2013-11-13 18:14    324096    ----a-w-    c:\windows\system32\FWPUCLNT.DLL
2013-10-12 02:03 . 2013-11-13 18:14    656896    ----a-w-    c:\windows\SysWow64\nshwfp.dll
2013-10-12 02:01 . 2013-11-13 18:14    216576    ----a-w-    c:\windows\SysWow64\FWPUCLNT.DLL
2013-10-05 20:25 . 2013-11-13 18:41    1474048    ----a-w-    c:\windows\system32\crypt32.dll
2013-10-05 19:57 . 2013-11-13 18:41    1168384    ----a-w-    c:\windows\SysWow64\crypt32.dll
2013-10-04 02:28 . 2013-11-13 18:41    190464    ----a-w-    c:\windows\system32\SmartcardCredentialProvider.dll
2013-10-04 02:25 . 2013-11-13 18:41    197120    ----a-w-    c:\windows\system32\credui.dll
2013-10-04 02:24 . 2013-11-13 18:41    1930752    ----a-w-    c:\windows\system32\authui.dll
2013-10-04 01:58 . 2013-11-13 18:41    152576    ----a-w-    c:\windows\SysWow64\SmartcardCredentialProvider.dll
2013-10-04 01:56 . 2013-11-13 18:41    168960    ----a-w-    c:\windows\SysWow64\credui.dll
2013-10-04 01:56 . 2013-11-13 18:41    1796096    ----a-w-    c:\windows\SysWow64\authui.dll
2013-10-03 02:23 . 2013-11-13 18:16    404480    ----a-w-    c:\windows\system32\gdi32.dll
2013-10-03 02:00 . 2013-11-13 18:16    311808    ----a-w-    c:\windows\SysWow64\gdi32.dll
2013-10-02 21:14 . 2013-10-02 21:14    58192    ----a-w-    c:\windows\system32\drivers\lsnfd.sys
2013-09-28 01:09 . 2013-11-13 18:41    497152    ----a-w-    c:\windows\system32\drivers\afd.sys
2013-09-27 15:53 . 2013-09-27 15:53    248240    ----a-w-    c:\windows\system32\drivers\MpFilter.sys
2013-09-27 15:53 . 2012-03-21 03:44    134944    ----a-w-    c:\windows\system32\drivers\NisDrvWFP.sys
2013-09-25 02:26 . 2013-11-13 18:40    95680    ----a-w-    c:\windows\system32\drivers\ksecdd.sys
2013-09-25 02:26 . 2013-11-13 18:40    154560    ----a-w-    c:\windows\system32\drivers\ksecpkg.sys
2013-09-25 02:23 . 2013-11-13 18:40    135680    ----a-w-    c:\windows\system32\sspicli.dll
2013-09-25 02:23 . 2013-11-13 18:40    28672    ----a-w-    c:\windows\system32\sspisrv.dll
2013-09-25 02:23 . 2013-11-13 18:40    28160    ----a-w-    c:\windows\system32\secur32.dll
2013-09-25 02:22 . 2013-11-13 18:40    340992    ----a-w-    c:\windows\system32\schannel.dll
2013-09-25 02:21 . 2013-11-13 18:40    307200    ----a-w-    c:\windows\system32\ncrypt.dll
2013-09-25 02:21 . 2013-11-13 18:40    1447936    ----a-w-    c:\windows\system32\lsasrv.dll
2013-09-25 01:58 . 2013-11-13 18:40    96768    ----a-w-    c:\windows\SysWow64\sspicli.dll
2013-09-25 01:57 . 2013-11-13 18:40    22016    ----a-w-    c:\windows\SysWow64\secur32.dll
2013-09-25 01:57 . 2013-11-13 18:40    247808    ----a-w-    c:\windows\SysWow64\schannel.dll
2013-09-25 01:56 . 2013-11-13 18:40    220160    ----a-w-    c:\windows\SysWow64\ncrypt.dll
2013-09-25 01:03 . 2013-11-13 18:40    30720    ----a-w-    c:\windows\system32\lsass.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{11111111-1111-1111-1111-110411661178}]
2013-12-15 23:35    637440    ----a-w-    c:\program files (x86)\MyPoints Score\MyPoints Score-bho.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{2AD2D8CA-D24D-40D2-A8FC-46952409BA9A}]
2013-10-02 21:14    145960    ----a-w-    c:\program files (x86)\Linksicle\IE\LinksicleClientIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{a235e1e3-6296-4710-af39-104a7faa6c7c}]
2013-07-18 17:30    712264    ----a-w-    c:\progra~2\FROMDO~2\bar\1.bin\65bar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{f236ca79-3123-4afb-9f74-e98117ad5625}]
2013-07-18 17:30    62864    ----a-w-    c:\program files (x86)\FromDocToPDF_65\bar\1.bin\65SrcAs.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{c66a678d-5e6c-4af9-8f57-c6192f42cf74}"= "c:\program files (x86)\FromDocToPDF_65\bar\1.bin\65bar.dll" [2013-07-18 712264]
.
[HKEY_CLASSES_ROOT\clsid\{c66a678d-5e6c-4af9-8f57-c6192f42cf74}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-02-16 336384]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736]
"NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" [2010-08-17 3218792]
"ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-09-23 552960]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"FromDocToPDF Search Scope Monitor"="c:\progra~2\FROMDO~2\bar\1.bin\65srchmn.exe" [2013-07-18 44784]
"FromDocToPDF_65 Browser Plugin Loader"="c:\progra~2\FROMDO~2\bar\1.bin\65brmon.exe" [2013-07-18 30096]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2013-09-11 295512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 hfgfazxo;hfgfazxo;c:\windows\system32\drivers\hfgfazxo.sys;c:\windows\SYSNATIVE\drivers\hfgfazxo.sys [x]
R1 hvscfecd;hvscfecd;c:\windows\system32\drivers\hvscfecd.sys;c:\windows\SYSNATIVE\drivers\hvscfecd.sys [x]
R2 0026191387150821mcinstcleanup;McAfee Application Installer Cleanup (0026191387150821);c:\windows\TEMP\002619~1.EXE;c:\windows\TEMP\002619~1.EXE [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 CltMngSvc;Search Protect by Conduit Updater;c:\program files (x86)\SearchProtect\bin\CltMngSvc.exe;c:\program files (x86)\SearchProtect\bin\CltMngSvc.exe [x]
R2 McciServiceHost;McciServiceHost;c:\program files (x86)\Common Files\Motive\McciServiceHost.exe;c:\program files (x86)\Common Files\Motive\McciServiceHost.exe [x]
R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
R3 McAfee ScanAndRepair Svc;McAfee ScanAndRepair Svc;c:\program files (x86)\McAfeeScanAndRepair\McAfeeScanRepairSvc.exe;c:\program files (x86)\McAfeeScanAndRepair\McAfeeScanRepairSvc.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S1 lsnfd;lsnfd;c:\windows\system32\drivers\lsnfd.sys;c:\windows\SYSNATIVE\drivers\lsnfd.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 FromDocToPDF_65Service;FromDocToPDFService;c:\progra~2\FROMDO~2\bar\1.bin\65barsvc.exe;c:\progra~2\FROMDO~2\bar\1.bin\65barsvc.exe [x]
S2 lssvc;Linksicle Client Service;c:\program files (x86)\Linksicle\Service\lssvc.exe;c:\program files (x86)\Linksicle\Service\lssvc.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [x]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe;c:\program files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe [x]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys;c:\windows\SYSNATIVE\DRIVERS\FwLnk.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
S3 RTWlanE;Realtek Wireless LAN 802.11n PCI-E Network Adapter;c:\windows\system32\DRIVERS\rtwlane.sys;c:\windows\SYSNATIVE\DRIVERS\rtwlane.sys [x]
S3 SRS_AE_Service;SRS Audio;c:\windows\system32\drivers\SRS_AE_amd64.sys;c:\windows\SYSNATIVE\drivers\SRS_AE_amd64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMPROTECTOR
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-24 22:58]
.
2013-12-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-26 18:03]
.
2013-12-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-26 18:03]
.
2013-12-17 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\programdata\HP Photo Creations\Communicator.exe [2013-01-10 13:01]
.
2013-12-16 c:\windows\Tasks\Playtopus Updater.job
- c:\users\Ju\AppData\Local\PLAYTO~1\Updater.dll [2013-06-26 16:01]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{11111111-1111-1111-1111-110411661178}]
2013-12-15 23:35    965120    ----a-w-    c:\program files (x86)\MyPoints Score\MyPoints Score-bho64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 1266912]
"FromDocToPDF Home Page Guard 64 bit"="c:\progra~2\FROMDO~2\bar\1.bin\AppIntegrator64.exe" [2013-07-18 548936]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
mSearchAssistant =

Trusted Zone: $talisma_url$
TCP: DhcpNameServer = 8.8.4.4 8.8.8.8
FF - ProfilePath - c:\users\Ju\AppData\Roaming\Mozilla\Firefox\Profiles\9yrkf0io.default\

FF - ExtSQL: 2013-12-15 17:40; {4ED1F68A-5463-4931-9384-8FFF5ED91D92}; c:\program files (x86)\McAfee\SiteAdvisor
FF - ExtSQL: 2013-12-15 17:42; feca4b87-3be4-43da-a1b1-137c24220968@jetpack; c:\users\Ju\AppData\Roaming\Mozilla\Firefox\Profiles\9yrkf0io.default\extensions\feca4b87-3be4-43da-a1b1-137c24220968@jetpack.xpi
FF - ExtSQL: 2013-12-15 17:43; jid0-XZn6pYCdV3ANrfYigxlyyGDrxAM@jetpack; c:\users\Ju\AppData\Roaming\Mozilla\Firefox\Profiles\9yrkf0io.default\extensions\jid0-XZn6pYCdV3ANrfYigxlyyGDrxAM@jetpack.xpi
FF - ExtSQL: 2013-12-15 17:45; {c9d31470-81c6-4e3e-9a37-46eb9237ed3a}; c:\users\Ju\AppData\Roaming\Mozilla\Firefox\Profiles\9yrkf0io.default\extensions\{c9d31470-81c6-4e3e-9a37-46eb9237ed3a}
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{7F6AFBF1-E065-4627-A2FD-810366367D01} - c:\users\Ju\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
BHO-{96A25A24-2E87-4374-8A50-CC6F943FCE4D} - c:\users\Ju\AppData\Roaming\DefaultTab\DefaultTab\Apps\RelatedLinksBHO.dll
Toolbar-Locked - (no file)
Toolbar-{D0F4A166-B8D4-48b8-9D63-80849FE137CB} - (no file)
Toolbar-{96A25A24-2E87-4374-8A50-CC6F943FCE4D} - c:\users\Ju\AppData\Roaming\DefaultTab\DefaultTab\Apps\RelatedLinksBHO.dll
Wow6432Node-HKCU-Run-DW7 - c:\program files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-DefaultTab - c:\users\Ju\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.10.26\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2952883985-3304835424-3763697947-1000\Software\SecuROM\License information*]
"datasecu"=hex:a5,d6,6b,fe,ec,ad,c3,a0,d2,1b,60,8c,c0,68,a6,e1,0e,d0,91,8c,b9,
   95,aa,75,c5,1f,b2,e0,14,6d,0d,90,d6,2e,f6,d5,cf,1f,d5,b7,26,39,91,ce,ff,d7,\
"rkeysecu"=hex:de,b6,88,f1,4a,ef,9e,a7,7b,a7,e0,ef,c4,ac,6c,b4
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
.
**************************************************************************
.
Completion time: 2013-12-16  18:19:57 - machine was rebooted
ComboFix-quarantined-files.txt  2013-12-17 00:19
.
Pre-Run: 266,307,182,592 bytes free
Post-Run: 265,629,065,216 bytes free
.
- - End Of File - - AD9EE5E00CCECD72F19B60396027F037
5B5E648D12FCADC244C1EC30318E1EB9


 

[Maniac]

Thanks!

• Launch Malwarebytes' Anti-Malware
• Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
• Go to Scanner tab and select Perform Quick Scan, then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

[Falneth]

I am running Malwarebytes on the laptop right now. However, it is not responding. I updated to the latest definitions first then proceeded to start a Quick Scan. It has been sitting at 1 minute and 58 seconds elapsed for over 30 minutes and has been showing the same file for the Currently Scanning the entire time. So far, it has found 4 items but is not doing anything.

 

The file it is caught on is:

C:\Windows\System32\colorcpl.exe

[Maniac]

Please try this tip:

https://forums.malwarebytes.org/index.php?showtopic=10138&page=1entry417944

[Falneth]

I have already been trying those tips. I ran malwarebytes in safe mode and it does the same thing. However, it locks up when scanning a different file. I am currently running a full scan in safe mode and it stopped at 3 minutes and 45 seconds on file:

C:\Program Files\TOSHIBA\TOSAPINS\COMPS\TC0028910\TC00289100H.exe

 

I have tried to run checkdisk but it locked up when it got to 11% in stage 4: file data verification. It sat on the same file for over 2 hours before I ended up shutting it off manually.

 

I will let the laptop sit here for a few hours while it tries to finish the full scan. The quick scan I was running in normal mode this morning finally completed and found 5 items.  This is the log from the Quick Scan

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.19.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Ju :: JU-PC [administrator]

12/19/2013 8:08:35 AM
mbam-log-2013-12-19 (08-08-35).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 217173
Time elapsed: 1 hour(s), 51 minute(s), 59 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 5
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0A4D512D-697E-4AD5-872D-5A9941AF6EBB} (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2D33ED6-EBBD-467C-BF6F-F175D9B51363} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BAD84EE2-624D-4e7c-A8BB-41EFD720FD77} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\LSNFD (PUP.Optional.Linksicle) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKLM\SYSTEM\CurrentControlSet\Services\lsnfd|ImagePath (PUP.Optional.Linksicle) -> Data: system32\drivers\lsnfd.sys -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

[Maniac]

Let me know about your full scan.

[Falneth]

Full scan result when run in Safe Mode:

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.19.07

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 11.0.9600.16476
Ju :: JU-PC [administrator]

12/19/2013 1:16:35 PM
mbam-log-2013-12-19 (13-16-35).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 324427
Time elapsed: 14 hour(s), 27 minute(s), 15 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 11
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert0.dll.vir (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyPoints Score\Uninstall.exe.vir (PUP.Optional.AdLyrics.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Users\Ju\AppData\Local\SwvUpdater\Updater.exe.vir (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Users\Ju\AppData\Roaming\file scout\filescout.exe.vir (PUP.Optional.FileScout.A) -> Quarantined and deleted successfully.
C:\Downloads\Software\rcpmmnew_mynew30679-20kTYF3wsvOk8rlI3MZ7L.1vrpXd000..exe (PUP.Optional.RegCleanerPro) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Ju\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll.vir (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Ju\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart.exe.vir (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Ju\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart64.exe.vir (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Ju\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap.dll.vir (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Ju\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap64.dll.vir (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Ju\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe.vir (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.

(end)
 

 

I updated yesterday and reran the Full Scan in Normal Mode and it took 12 hours to complete. It came up clean though.

[Falneth]

The laptop is still having an issue where anytime a window is opened, regardless of what type of window it is, it switches windows. For example, I opened Firefox to download Chrome. I clicked Download and it popped up the download window then went back to the firefox window. it has also been making a weird beep anytime anything finishes. It is not using normal windows sounds. The laptop owners said that it started doing this weird beep just a couple weeks ago.

[Maniac]

Please scan your machine with ESET OnlineScan

• Hold down Control and click on the following link to open ESET OnlineScan in a new window.

  ESET OnlineScan

• Click the button.
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.

    Save it to your Desktop.

  • Double click on the to download the ESET Smart Installer. icon on your Desktop.
• Check "YES, I accept the Terms of Use."
• Click the Start button.
• Accept any security warnings from your browser.
• Under Scan Settings, check "Scan Archives" and "Remove found threats"
• Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, click List Threats
• Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• Click the Back button.
• Click the Finish button.

[AdvancedSetup]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!