Solved Bad Image Error

[Lewis88]

Okay so recently I have been getting Bad Image Errors, and I need some help to fix it.
I have tried both MalwareBytes ad CCleaner, but both were unable to fix the errors.
So I could use some help with it since, they are slowing down my laptop a bit.
I saw that some others used FRST and Fixlist, but since my problem could be different I didn't want to try their method.
A example of the Errors: chrome.exe - Bad Image
c:\progra~2\suppor~1\suppor~1.dll is either not designed to run on Windows or it contains an error. Try installing the program again using the original installation media or contact your system administrator or the software vendor for support.

So could someone help me out with this please?

 

[Broni]

Welcome aboard

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

 

[Lewis88]

Hello broni I have followed the steps but have been unable to get the logs from malwarebytes. I have tried both ways to get them, but Windows encounters a problem when I try.

 

[Broni]

Give me DDS logs.

 

[Lewis88]

Dds attach log:
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 02/09/2012 17:10:09
System Uptime: 20/07/2014 23:56:16 (1 hours ago)
.
Motherboard: Type2 - Board Vendor Name1 | | Type2 - Board Product Name1
Processor: Intel(R) Celeron(R) CPU B815 @ 1.60GHz | U3E1 | 1600/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 281 GiB total, 185.022 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Teredo Tunneling Adapter
Device ID: ROOT\*TEREDO\0000
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TEREDO\0000
Service: tunnel
.
==== System Restore Points ===================
.
RP165: 15/06/2014 19:00:42 - Windows Backup
RP166: 22/06/2014 19:00:28 - Windows Backup
RP167: 28/06/2014 20:03:20 - Removed QuickTime
RP168: 29/06/2014 22:59:31 - Windows Backup
RP169: 03/07/2014 12:00:07 - Restore Operation
RP170: 07/07/2014 11:49:49 - Windows Backup
RP171: 10/07/2014 22:02:49 - Windows Update
RP172: 13/07/2014 20:51:55 - Windows Backup
RP174: 20/07/2014 19:00:27 - Windows Backup
.
==== Installed Programs ======================
.
ActiveX-kontroll för fjärranslutningar för Windows Live Mesh
Adobe AIR
Adobe Flash Player 14 ActiveX
Adobe Reader X (10.1.7) MUI
Adobe Shockwave Player 12.0
Akamai NetSession Interface
Apple Application Support
Apple Software Update
Arcadesafari
BBC iPlayer Desktop
BitRaider Web Client
blinkx beat
CCleaner
D3DX10
Defaulttab
Google Chrome
Google Update Helper
Happy Cloud Client
High-Definition Video Playback
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) Rapid Storage Technology
Intel(R) USB 3.0 eXtensible Host Controller Driver
Java 7 Update 60
Java Auto Updater
Java(TM) 6 Update 30
Junk Mail filter update
Malwarebytes Anti-Malware version 2.0.2.1012
McAfee Internet Security
McAfee Security Scan Plus
Mesh Runtime
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MSVCRT
MSVCRT_amd64
Nero 11 Essentials
Nero 11 Kwik Themes Basic
Nero BackItUp 11
Nero BackItUp 11 Help (CHM)
Nero Backup Drivers
Nero BurnRights 11
Nero BurnRights 11 Help (CHM)
Nero ControlCenter 11
Nero ControlCenter 11 Help (CHM)
Nero Core Components 11
Nero Express 11
Nero Express 11 Help (CHM)
Nero Kwik Media
Nero Kwik Media Help (CHM)
Nero RescueAgent 11
Nero RescueAgent 11 Help (CHM)
Nero Update
nero.prerequisites.msi
Norton PC Checkup
Pando Media Booster
PlayReady PC Runtime amd64
Premium Sound HD
Prompt Downloader
QuickShare
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Realtek WLAN Driver
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Sky Broadband Browser Branding
SOE Web Installer
swMSM
Synaptics Pointing Device Driver
TOSHIBA Assist
TOSHIBA Disc Creator
TOSHIBA eco Utility
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
Toshiba Manuals
TOSHIBA Media Controller
TOSHIBA Media Controller Plug-in
TOSHIBA Online Product Information
TOSHIBA PC Health Monitor
TOSHIBA Places Icon Utility
TOSHIBA Recovery Media Creator
TOSHIBA Recovery Media Creator Reminder
TOSHIBA Resolution+ Plug-in for Windows Media Player
TOSHIBA Service Station
TOSHIBA Supervisor Password
TOSHIBA TEMPRO
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
Unity Web Player
Update Installer for WildTangent Games App
Wajam
welcome
WildTangent Games
WildTangent Games App (Toshiba Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Fotogalleri
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger
Windows Live Mesh ActiveX-objekt til fjernforbindelser
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Meshin etäyhteyksien ActiveX-komponentti
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Liven asennustyökalu
Windows Liven sähköposti
Windows Liven valokuvavalikoima
.
==== Event Viewer Messages From Past Week ========
.
21/07/2014 00:00:49, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8BC3F05E-D86B-11D0-A075-00C04FB68820} and APPID {8BC3F05E-D86B-11D0-A075-00C04FB68820} to the user cash15\Guest SID (S-1-5-21-3054618411-2260828370-2961214982-501) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
20/07/2014 23:57:02, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Supporter service to connect.
20/07/2014 20:53:04, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the McShield service.
20/07/2014 11:31:47, Error: Service Control Manager [7000] - The Search Protect Service service failed to start due to the following error: This version of Search Protect Service is not compatible with the version of Windows you're running. Check your computer's system information to see whether you need a x86 (32-bit) or x64 (64-bit) version of the program, and then contact the software publisher.
20/07/2014 11:29:39, Error: Service Control Manager [7000] - The WajamUpdater service failed to start due to the following error: The system cannot find the file specified.
20/07/2014 11:29:39, Error: Service Control Manager [7000] - The DefaultTabUpdate service failed to start due to the following error: This version of DefaultTabUpdate is not compatible with the version of Windows you're running. Check your computer's system information to see whether you need a x86 (32-bit) or x64 (64-bit) version of the program, and then contact the software publisher.
20/07/2014 11:29:39, Error: Service Control Manager [7000] - The DefaultTabSearch service failed to start due to the following error: This version of DefaultTabSearch is not compatible with the version of Windows you're running. Check your computer's system information to see whether you need a x86 (32-bit) or x64 (64-bit) version of the program, and then contact the software publisher.
19/07/2014 11:42:34, Error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s).
19/07/2014 11:42:19, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the MBAMScheduler service to connect.
19/07/2014 11:42:19, Error: Service Control Manager [7000] - The MBAMScheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
18/07/2014 23:03:10, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the PCCUJobMgr service.
14/07/2014 20:22:25, Error: bowser [8003] - The master browser has received a server announcement from the computer USER-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{F9440518-2146-4CEC-9F9A-97165F3299F9}. The master browser is stopping or an election is being forced.
.
==== End Of File ===========================

 

[Lewis88]

Dds other log

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17207 BrowserJavaVersion: 1.6.0_30
Run by paulla at 0:00:52 on 2014-07-21
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.1938.118 [GMT 1:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Outdated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Outdated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\GFNEXSrv.exe
C:\windows\system32\taskeng.exe
C:\windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Users\Guest\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Users\Guest\AppData\Local\Akamai\netsession_win.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.91\ccSvcHst.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.91\ccSvcHst.exe
C:\windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\windows\system32\sppsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\SearchFilterHost.exe
C:\Program Files\Common Files\McAfee\Core\mchost.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uWindow Title = Internet Explorer Provided By Sky Broadband
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TEUA&bmod=TEUA
uProxyOverride = <local>
mWinlogon: Userinit = userinit.exe,
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120217033008.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Arcadesafari BHO: {adff4c9a-4f49-4a1f-8885-360e107b7938} -
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: QuickShare Widget: {ae07101b-46d4-4a98-af68-0333ea26e113} -
uRun: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STAR
uRun: [Akamai NetSession Interface] "C:\Users\paulla\AppData\Local\Akamai\netsession_win.exe"
uRun: [Facebook Update] "C:\Users\paulla\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [jR] "C:\Program Files (x86)\Java\jre7\bin\javaw.exe" -jar "C:\Users\paulla\AppData\Roaming\jR.jar"
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe" "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware"
dRun: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP
dRunOnce: [SpUninstallDeleteDir] rmdir /s /q "\SearchProtect"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\TOSHIB~1.LNK - C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{592A01A8-3212-4AB4-9D07-68105461ACDA} : NameServer = 88.82.13.44 88.82.13.44
TCP: Interfaces\{908BB1D8-212D-49F7-BDA0-63C8640527CD} : NameServer = 88.82.13.28 88.82.13.28
TCP: Interfaces\{C88FDA1A-DD0D-472E-8A6A-0488780E90F4} : NameServer = 88.82.13.12 88.82.13.12
TCP: Interfaces\{F9440518-2146-4CEC-9F9A-97165F3299F9} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{F9440518-2146-4CEC-9F9A-97165F3299F9}\244575966496 : DHCPNameServer = 192.168.22.22 192.168.22.23
TCP: Interfaces\{F9440518-2146-4CEC-9F9A-97165F3299F9}\244575966496D277964786D264F4E4 : DHCPNameServer = 192.168.22.22 192.168.22.23
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll c:\progra~2\suppor~1\suppor~1.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\SystemCore\ScriptSn.20120217033008.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll
x64-TB: QuickShare Widget: {ae07101b-46d4-4a98-af68-0333ea26e113} -
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [SRS Premium Sound HD] "C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe" /f="C:\Program Files\SRS Labs\SRS Control Panel\SRS_Premium_Sound_HD.zip" /h
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r
x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-RunOnce: [*Restore] C:\windows\System32\rstrui.exe /runonce
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 54.204.28.26 dmcecclamecbinmplcolhaljlclhbgah
============= SERVICES / DRIVERS ===============
.
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\windows\System32\drivers\iusb3hcs.sys [2012-1-5 16152]
R0 mfehidk;McAfee Inc. mfehidk;C:\windows\System32\drivers\mfehidk.sys [2011-10-15 647080]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\windows\System32\drivers\mfewfpk.sys [2011-10-15 284648]
R0 NBVol;Nero Backup Volume Filter Driver;C:\windows\System32\drivers\NBVol.sys [2012-2-17 72240]
R0 NBVolUp;Nero Backup Volume Upper Filter Driver;C:\windows\System32\drivers\NBVolUp.sys [2012-2-17 15920]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2009-6-25 482384]
R1 mfenlfk;McAfee NDIS Light Filter;C:\windows\System32\drivers\mfenlfk.sys [2011-10-15 75808]
R2 GFNEXSrv;GFNEX Service;C:\windows\System32\GFNEXSrv.exe [2012-3-8 162824]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-1-27 249936]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-1-27 249936]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-1-27 249936]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2012-2-17 199272]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2012-2-17 208536]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\windows\System32\mfevtps.exe [2012-2-17 161168]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-4 687400]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe [2012-12-12 132056]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.91\ccSvcHst.exe [2012-12-11 126392]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2011-11-24 294848]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-20 14472]
R3 cfwids;McAfee Inc. cfwids;C:\windows\System32\drivers\cfwids.sys [2011-10-15 65264]
R3 huawei_enumerator;huawei_enumerator;C:\windows\System32\drivers\ew_jubusenum.sys [2012-9-2 85504]
R3 IntcDAud;Intel(R) Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2011-12-6 331264]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\windows\System32\drivers\iusb3hub.sys [2012-1-5 355096]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\windows\System32\drivers\iusb3xhc.sys [2012-1-5 786200]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\windows\System32\drivers\mfeavfk.sys [2011-10-15 229528]
R3 mfefirek;McAfee Inc. mfefirek;C:\windows\System32\drivers\mfefirek.sys [2011-10-15 481768]
R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2012-3-8 38096]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2012-3-8 251496]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2012-3-8 565352]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\drivers\rtl8192ce.sys [2012-3-8 1145448]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2012-3-8 57216]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-11-26 138152]
R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2011-12-15 833976]
S2 be0fb33b;Supporter;C:\windows\System32\rundll32.exe [2009-7-14 45568]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 BRSptSvc;BitRaider Mini-Support Service;C:\ProgramData\BitRaider\BRSptSvc.exe [2013-6-30 909592]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\windows\System32\drivers\ew_hwusbdev.sys [2012-9-2 117248]
S3 ew_usbenumfilter;huawei_CompositeFilter;C:\windows\System32\drivers\ew_usbenumfilter.sys [2012-9-2 13952]
S3 GamesAppIntegrationService;GamesAppIntegrationService;C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [2013-10-7 227904]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 203344]
S3 huawei_cdcacm;huawei_cdcacm;C:\windows\System32\drivers\ew_jucdcacm.sys [2012-9-2 94208]
S3 huawei_ext_ctrl;huawei_ext_ctrl;C:\windows\System32\drivers\ew_juextctrl.sys [2012-9-2 28672]
S3 huawei_wwanecm;huawei_wwanecm;C:\windows\System32\drivers\ew_juwwanecm.sys [2012-9-2 196608]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2014-7-10 111616]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\windows\System32\drivers\mwac.sys [2014-7-20 63704]
S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\mcafee\msc\mcawfwk.exe [2012-2-17 225216]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [2013-9-6 288776]
S3 mferkdet;McAfee Inc. mferkdet;C:\windows\System32\drivers\mferkdet.sys [2011-10-15 100912]
S3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [2011-2-10 112080]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-9-18 1255736]
S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-1-27 249936]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-07-20 10:45:50 122584 ----a-w- C:\windows\System32\drivers\MBAMSwissArmy.sys
2014-07-20 10:45:29 91352 ----a-w- C:\windows\System32\drivers\mbamchameleon.sys
2014-07-20 10:45:29 63704 ----a-w- C:\windows\System32\drivers\mwac.sys
2014-07-20 10:45:29 25816 ----a-w- C:\windows\System32\drivers\mbam.sys
2014-07-20 10:45:25 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-19 17:07:25 -------- d-----w- C:\windows\pss
2014-07-14 15:29:31 -------- d-----w- C:\Users\paulla\AppData\Local\Prompt Downloader
2014-07-14 15:29:26 -------- d-----w- C:\Program Files (x86)\Prompt Downloader
2014-07-14 15:28:38 -------- d-----w- C:\Users\paulla\AppData\Local\30706
2014-07-10 14:46:43 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2014-07-10 14:42:35 1460736 ----a-w- C:\windows\System32\lsasrv.dll
2014-07-10 14:42:34 96768 ----a-w- C:\windows\SysWow64\sspicli.dll
2014-07-10 14:42:34 22016 ----a-w- C:\windows\SysWow64\secur32.dll
2014-07-08 18:58:36 5018624 ----a-w- C:\windows\SysWow64\FlashPlayerInstaller.exe
2014-07-03 08:20:33 -------- d-----w- C:\ProgramData\Malwarebytes
2014-07-03 07:56:33 -------- d-----w- C:\Users\paulla\AppData\Local\Skype
.
==================== Find3M ====================
.
2014-07-08 18:58:46 71344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-08 18:58:46 699056 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2014-06-30 02:09:33 519168 ----a-w- C:\windows\System32\aepdu.dll
2014-06-30 02:04:49 424448 ----a-w- C:\windows\System32\aeinv.dll
2014-06-19 01:06:55 2724864 ----a-w- C:\windows\System32\mshtml.tlb
2014-06-19 01:06:24 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll
2014-06-19 00:42:57 548352 ----a-w- C:\windows\System32\vbscript.dll
2014-06-19 00:42:49 66048 ----a-w- C:\windows\System32\iesetup.dll
2014-06-19 00:41:52 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll
2014-06-19 00:41:16 83968 ----a-w- C:\windows\System32\MshtmlDac.dll
2014-06-19 00:24:30 139264 ----a-w- C:\windows\System32\ieUnatt.exe
2014-06-19 00:24:12 111616 ----a-w- C:\windows\System32\ieetwcollector.exe
2014-06-19 00:23:53 752640 ----a-w- C:\windows\System32\jscript9diag.dll
2014-06-19 00:14:28 940032 ----a-w- C:\windows\System32\MsSpellCheckingFacility.exe
2014-06-18 23:59:04 38400 ----a-w- C:\windows\System32\JavaScriptCollectionAgent.dll
2014-06-18 23:56:37 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb
2014-06-18 23:51:38 5721088 ----a-w- C:\windows\System32\jscript9.dll
2014-06-18 23:38:40 455168 ----a-w- C:\windows\SysWow64\vbscript.dll
2014-06-18 23:37:23 61952 ----a-w- C:\windows\SysWow64\iesetup.dll
2014-06-18 23:36:35 51200 ----a-w- C:\windows\SysWow64\ieetwproxystub.dll
2014-06-18 23:35:55 62464 ----a-w- C:\windows\SysWow64\MshtmlDac.dll
2014-06-18 23:27:45 1249280 ----a-w- C:\windows\System32\mshtmlmedia.dll
2014-06-18 23:27:07 2040832 ----a-w- C:\windows\System32\inetcpl.cpl
2014-06-18 23:23:27 112128 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2014-06-18 23:22:40 592896 ----a-w- C:\windows\SysWow64\jscript9diag.dll
2014-06-18 23:06:10 32256 ----a-w- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-06-18 22:58:27 2266112 ----a-w- C:\windows\System32\wininet.dll
2014-06-18 22:52:18 4254720 ----a-w- C:\windows\SysWow64\jscript9.dll
2014-06-18 22:46:23 1068032 ----a-w- C:\windows\SysWow64\mshtmlmedia.dll
2014-06-18 22:45:59 1964544 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2014-06-18 22:13:59 1791488 ----a-w- C:\windows\SysWow64\wininet.dll
2014-06-18 02:18:30 692736 ----a-w- C:\windows\System32\osk.exe
2014-06-18 01:51:32 646144 ----a-w- C:\windows\SysWow64\osk.exe
2014-06-18 01:10:36 3157504 ----a-w- C:\windows\System32\win32k.sys
2014-06-11 11:05:50 0 ----a-w- C:\windows\SysWow64\RENDE7D.tmp
2014-06-11 11:05:50 0 ----a-w- C:\windows\SysWow64\RENDE6C.tmp
2014-06-06 10:10:34 624128 ----a-w- C:\windows\System32\qedit.dll
2014-06-06 09:44:17 509440 ----a-w- C:\windows\SysWow64\qedit.dll
2014-05-30 08:08:52 210944 ----a-w- C:\windows\System32\wdigest.dll
2014-05-30 08:08:49 86528 ----a-w- C:\windows\System32\TSpkg.dll
2014-05-30 08:08:47 340992 ----a-w- C:\windows\System32\schannel.dll
2014-05-30 08:08:41 314880 ----a-w- C:\windows\System32\msv1_0.dll
2014-05-30 08:08:41 307200 ----a-w- C:\windows\System32\ncrypt.dll
2014-05-30 08:08:36 728064 ----a-w- C:\windows\System32\kerberos.dll
2014-05-30 08:08:31 22016 ----a-w- C:\windows\System32\credssp.dll
2014-05-30 07:52:51 172032 ----a-w- C:\windows\SysWow64\wdigest.dll
2014-05-30 07:52:49 65536 ----a-w- C:\windows\SysWow64\TSpkg.dll
2014-05-30 07:52:45 247808 ----a-w- C:\windows\SysWow64\schannel.dll
2014-05-30 07:52:41 220160 ----a-w- C:\windows\SysWow64\ncrypt.dll
2014-05-30 07:52:40 259584 ----a-w- C:\windows\SysWow64\msv1_0.dll
2014-05-30 07:52:36 550912 ----a-w- C:\windows\SysWow64\kerberos.dll
2014-05-30 07:52:30 17408 ----a-w- C:\windows\SysWow64\credssp.dll
2014-05-30 06:45:52 497152 ----a-w- C:\windows\System32\drivers\afd.sys
2014-04-25 02:34:59 801280 ----a-w- C:\windows\System32\usp10.dll
2014-04-25 02:06:17 626688 ----a-w- C:\windows\SysWow64\usp10.dll
.
============= FINISH: 0:02:45.07 ===============

 

[Broni]

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

• Close all the running programs
• Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
• Otherwise just double-click on RogueKiller.exe
• Pre-scan will start. Let it finish.
• Click on SCAN button.
• Wait until the Status box shows Scan Finished
• Click on Delete.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.
• If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Create new restore point before proceeding with the next step....
How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

Download Malwarebytes Anti-Rootkit (MBAR) from HERE

• Unzip downloaded file.
• Open the folder where the contents were unzipped and run mbar.exe
• Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
• Click on the Cleanup button to remove any threats and reboot if prompted to do so.
• Wait while the system shuts down and the cleanup process is performed.
• Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
• When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt

 

[Lewis88]

The Malwarebytes Rootkit didn't detect any threats, and here are the Roguekiller logs:

RogueKiller V9.2.3.0 [Jul 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Lewis [Admin rights]
Mode : Remove -- Date : 07/21/2014 13:26:04

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 23 ¤¤¤
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-3054618411-2260828370-2961214982-1000\Software\Microsoft\Windows\CurrentVersion\Run | jR : "C:\Program Files (x86)\Java\jre7\bin\javaw.exe" -jar "C:\Users\Lewis\AppData\Roaming\jR.jar" [x] -> DELETED
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-3054618411-2260828370-2961214982-1000\Software\Microsoft\Windows\CurrentVersion\Run | jR : "C:\Program Files (x86)\Java\jre7\bin\javaw.exe" -jar "C:\Users\Lewis\AppData\Roaming\jR.jar" -> ERROR [2]
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BRDriver64 -> NOT SELECTED
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BRSptSvc -> NOT SELECTED
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BRDriver64 -> NOT SELECTED
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BRSptSvc -> NOT SELECTED
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\BRDriver64 -> NOT SELECTED
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\BRSptSvc -> NOT SELECTED
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{592A01A8-3212-4AB4-9D07-68105461ACDA} | NameServer : 88.82.13.44 88.82.13.44 -> NOT SELECTED
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{908BB1D8-212D-49F7-BDA0-63C8640527CD} | NameServer : 88.82.13.28 88.82.13.28 -> NOT SELECTED
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C88FDA1A-DD0D-472E-8A6A-0488780E90F4} | NameServer : 88.82.13.12 88.82.13.12 -> NOT SELECTED
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{592A01A8-3212-4AB4-9D07-68105461ACDA} | NameServer : 88.82.13.44 88.82.13.44 -> NOT SELECTED
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{908BB1D8-212D-49F7-BDA0-63C8640527CD} | NameServer : 88.82.13.28 88.82.13.28 -> NOT SELECTED
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{C88FDA1A-DD0D-472E-8A6A-0488780E90F4} | NameServer : 88.82.13.12 88.82.13.12 -> NOT SELECTED
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{592A01A8-3212-4AB4-9D07-68105461ACDA} | NameServer : 88.82.13.44 88.82.13.44 -> NOT SELECTED
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{908BB1D8-212D-49F7-BDA0-63C8640527CD} | NameServer : 88.82.13.28 88.82.13.28 -> NOT SELECTED
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{C88FDA1A-DD0D-472E-8A6A-0488780E90F4} | NameServer : 88.82.13.12 88.82.13.12 -> NOT SELECTED
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NOT SELECTED
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NOT SELECTED
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NOT SELECTED
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NOT SELECTED
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-3054618411-2260828370-2961214982-1000\Control Panel\Desktop | SCRNSAVE.EXE : C:\Users\Lewis\World_of.scr [x] -> REPLACED (C:\windows\system32\logon.scr)
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-3054618411-2260828370-2961214982-1000\Control Panel\Desktop | SCRNSAVE.EXE : C:\Users\Lewis\World_of.scr [x] -> REPLACED (C:\windows\system32\logon.scr)

¤¤¤ Scheduled tasks : 3 ¤¤¤
[Suspicious.Path] Arcadesafari.job -- C:\Users\Lewis\AppData\Local\Arcadesafari\ArcadesafariUpdater.exe -> DELETED
[Suspicious.Path] \\Arcadesafari -- C:\Users\Lewis\AppData\Local\Arcadesafari\ArcadesafariUpdater.exe -> DELETED
[Suspicious.Path] \\DTReg -- C:\windows\system32\config\systemprofile\AppData\Roaming\DefaultTab\DefaultTab\DTReg.exe -> DELETED

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 1 ¤¤¤
[C:\windows\System32\drivers\etc\hosts] 54.204.28.26 dmcecclamecbinmplcolhaljlclhbgah

¤¤¤ Antirootkit : 0 (Driver: NOT LOADED [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MK3275GSX +++++
--- User ---
[MBR] c2a3c3c47b6cff45bcda25b4c93fe06d
[BSP] a503721e84236b047a14bee71467917f : HP MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 3074048 | Size: 287492 MB
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 591857664 | Size: 16252 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_SCN_07212014_132520.log

 

[Broni]

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Never rename Combofix unless instructed.
• Close any open browsers.
• Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
• Close any open browsers.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  If the connection is not there use restore point you created prior to running Combofix.
• Double click on combofix.exe & follow the prompts.

• 
  NOTE1. If Combofix asks you to install Recovery Console, please allow it.
  NOTE 2. If Combofix asks you to update the program, always do so.

• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

 

[Lewis88]

Should I disable Malwarebytes and CCleaner?

 

[Broni]

No.

 

[Lewis88]

After Combofix had finished I noticed a lot of changes to my laptop.
And here are the logs:

ComboFix 14-07-22.01 - Lewis 23/07/2014 15:54:07.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.1938.1009 [GMT 1:00]
Running from: C:\Users\Guest\Downloads\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\END
C:\Program Files (x86)\Blinkx
C:\Program Files (x86)\Blinkx\blinkx.ico
C:\Program Files (x86)\Blinkx\blinkxss.exe
C:\Program Files (x86)\Blinkx\blinkxstop.exe
C:\Program Files (x86)\Blinkx\lang.dll
C:\Program Files (x86)\Blinkx\templates\beat.ico
C:\Program Files (x86)\Blinkx\templates\index.html
C:\Program Files (x86)\Blinkx\templates\noflash.html
C:\Program Files (x86)\Blinkx\templates\offline.html
C:\Program Files (x86)\Blinkx\templates\offline.swf
C:\Program Files (x86)\Blinkx\templates\uninstall.exe
C:\Program Files (x86)\Supporter\Supporter.dll
C:\Program Files (x86)\Supporter\SupporterSvc.dll
C:\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk
C:\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk\2.2\background.html
C:\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk\2.2\content.js
C:\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk\2.2\GKyrDsEjjP.js
C:\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk\2.2\lsdb.js
C:\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk\2.2\manifest.json
C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk
C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk\2.2\background.html
C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk\2.2\content.js
C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk\2.2\GKyrDsEjjP.js
C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk\2.2\lsdb.js
C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk\2.2\manifest.json
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk\2.2\background.html
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk\2.2\content.js
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk\2.2\GKyrDsEjjP.js
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk\2.2\lsdb.js
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk\2.2\manifest.json
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk\2.2\background.html
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk\2.2\content.js
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk\2.2\GKyrDsEjjP.js
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk\2.2\lsdb.js
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk\2.2\manifest.json
C:\Users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk
C:\Users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk\2.2\background.html
C:\Users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk\2.2\content.js
C:\Users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk\2.2\GKyrDsEjjP.js
C:\Users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk\2.2\lsdb.js
C:\Users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk\2.2\manifest.json
C:\Users\ASPNET\AppData\Local\Chromatic Browser\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk
C:\Users\ASPNET\AppData\Local\Chromatic Browser\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk\2.2\background.html
C:\Users\ASPNET\AppData\Local\Chromatic Browser\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk\2.2\content.js
C:\Users\ASPNET\AppData\Local\Chromatic Browser\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk\2.2\GKyrDsEjjP.js
C:\Users\ASPNET\AppData\Local\Chromatic Browser\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk\2.2\lsdb.js
C:\Users\ASPNET\AppData\Local\Chromatic Browser\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk\2.2\manifest.json
C:\Users\ASPNET\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk
C:\Users\ASPNET\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk\2.2\background.html
C:\Users\ASPNET\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk\2.2\content.js
C:\Users\ASPNET\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk\2.2\GKyrDsEjjP.js
C:\Users\ASPNET\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk\2.2\lsdb.js
C:\Users\ASPNET\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk\2.2\manifest.json
C:\Users\ASPNET\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk
C:\Users\ASPNET\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk\2.2\background.html
C:\Users\ASPNET\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk\2.2\content.js
C:\Users\ASPNET\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk\2.2\GKyrDsEjjP.js
C:\Users\ASPNET\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk\2.2\lsdb.js
C:\Users\ASPNET\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk\2.2\manifest.json
C:\Users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk
C:\Users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk\2.2\background.html
C:\Users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk\2.2\content.js
C:\Users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk\2.2\GKyrDsEjjP.js
C:\Users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk\2.2\lsdb.js
C:\Users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk\2.2\manifest.json
C:\Users\ASPNET\AppData\Local\Torch\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk
C:\Users\ASPNET\AppData\Local\Torch\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk\2.2\background.html
C:\Users\ASPNET\AppData\Local\Torch\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk\2.2\content.js
C:\Users\ASPNET\AppData\Local\Torch\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk\2.2\GKyrDsEjjP.js
C:\Users\ASPNET\AppData\Local\Torch\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk\2.2\lsdb.js
C:\Users\ASPNET\AppData\Local\Torch\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk\2.2\manifest.json
C:\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk
C:\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk\2.2\background.html
C:\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk\2.2\content.js
C:\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk\2.2\GKyrDsEjjP.js
C:\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk\2.2\lsdb.js
C:\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk\2.2\manifest.json
C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk
C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk\2.2\background.html
C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk\2.2\content.js
C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk\2.2\GKyrDsEjjP.js
C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk\2.2\lsdb.js
C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk\2.2\manifest.json
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk\2.2\background.html
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk\2.2\content.js
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk\2.2\GKyrDsEjjP.js
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk\2.2\lsdb.js
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk\2.2\manifest.json
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Preferences
C:\Users\Guest\AppData\Local\Torch\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk
C:\Users\Guest\AppData\Local\Torch\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk\2.2\background.html
C:\Users\Guest\AppData\Local\Torch\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk\2.2\content.js
C:\Users\Guest\AppData\Local\Torch\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk\2.2\GKyrDsEjjP.js
C:\Users\Guest\AppData\Local\Torch\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk\2.2\lsdb.js
C:\Users\Guest\AppData\Local\Torch\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk\2.2\manifest.json
C:\Users\Guest\AppData\Local\Torch\User Data\Default\Preferences
C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk
C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk\2.2\background.html
C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk\2.2\content.js
C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk\2.2\GKyrDsEjjP.js
C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk\2.2\lsdb.js
C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk\2.2\manifest.json
C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk
C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk\2.2\background.html
C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk\2.2\content.js
C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk\2.2\GKyrDsEjjP.js
C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk\2.2\lsdb.js
C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk\2.2\manifest.json
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk\2.2\background.html
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk\2.2\content.js
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk\2.2\GKyrDsEjjP.js
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk\2.2\lsdb.js
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk\2.2\manifest.json
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk\2.2\background.html
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk\2.2\content.js
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk\2.2\GKyrDsEjjP.js
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk\2.2\lsdb.js
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk\2.2\manifest.json
C:\Users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk
C:\Users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk\2.2\background.html
C:\Users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk\2.2\content.js
C:\Users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk\2.2\GKyrDsEjjP.js
C:\Users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk\2.2\lsdb.js
C:\Users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk\2.2\manifest.json
C:\Users\Lewis\AppData\Local\Chromatic Browser\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk
C:\Users\Lewis\AppData\Local\Chromatic Browser\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk\2.2\background.html
C:\Users\Lewis\AppData\Local\Chromatic Browser\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk\2.2\content.js
C:\Users\Lewis\AppData\Local\Chromatic Browser\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk\2.2\GKyrDsEjjP.js
C:\Users\Lewis\AppData\Local\Chromatic Browser\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk\2.2\lsdb.js
C:\Users\Lewis\AppData\Local\Chromatic Browser\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk\2.2\manifest.json
C:\Users\Lewis\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk
C:\Users\Lewis\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk\2.2\background.html
C:\Users\Lewis\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk\2.2\content.js
C:\Users\Lewis\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk\2.2\GKyrDsEjjP.js
C:\Users\Lewis\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk\2.2\lsdb.js
C:\Users\Lewis\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk\2.2\manifest.json
C:\Users\Lewis\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk
C:\Users\Lewis\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk\2.2\background.html
C:\Users\Lewis\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk\2.2\content.js
C:\Users\Lewis\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk\2.2\GKyrDsEjjP.js
C:\Users\Lewis\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk\2.2\lsdb.js
C:\Users\Lewis\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk\2.2\manifest.json
C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk
C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk\2.2\background.html
C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk\2.2\content.js
C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk\2.2\GKyrDsEjjP.js
C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk\2.2\lsdb.js
C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk\2.2\manifest.json
C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_apfjgobhighimlciaicmoembbpiibjgk_0.localstorage
C:\Users\Lewis\AppData\Local\Google\Chrome\User Data\Default\Preferences
C:\Users\Lewis\AppData\Local\Temp
C:\Users\Lewis\AppData\Local\Temp\Cheat Engine\{866AE938-D87B-4BC6-BC33-AEC0EDDECCD1}\Addresses.TMP
C:\Users\Lewis\AppData\Local\Temp\Cheat Engine\{866AE938-D87B-4BC6-BC33-AEC0EDDECCD1}\MEMORY.FIRST
C:\Users\Lewis\AppData\Local\Temp\Cheat Engine\{866AE938-D87B-4BC6-BC33-AEC0EDDECCD1}\Memory.TMP
C:\Users\Lewis\AppData\Local\Temp\is-SF62I.tmp\_isetup\_setup64.tmp
C:\Users\Lewis\AppData\Local\Temp\is-SF62I.tmp\_isetup\_shfoldr.dll
C:\Users\Lewis\AppData\Local\Temp\is-SF62I.tmp\InstallerExtensions.dll
C:\Users\Lewis\AppData\Local\Temp\is-SF62I.tmp\license.en.rtf
C:\Users\Lewis\AppData\Local\Temp\is-SF62I.tmp\notcertified.bmp
C:\Users\Lewis\AppData\Local\Temp\is-SF62I.tmp\printer.bmp
C:\Users\Lewis\AppData\Local\Temp\is-SF62I.tmp\SpeedUpMyPC-standalone-setup.exe
C:\Users\Lewis\AppData\Local\Temp\Smartbar\fulkxf2d.uw2
C:\Users\Lewis\AppData\Local\Temp\Smartbar\mpd3vmqf.oar
C:\Users\Lewis\AppData\Local\Torch\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk
C:\Users\Lewis\AppData\Local\Torch\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk\2.2\background.html
C:\Users\Lewis\AppData\Local\Torch\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk\2.2\content.js
C:\Users\Lewis\AppData\Local\Torch\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk\2.2\GKyrDsEjjP.js
C:\Users\Lewis\AppData\Local\Torch\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk\2.2\lsdb.js
C:\Users\Lewis\AppData\Local\Torch\User Data\Default\Extensions\apfjgobhighimlciaicmoembbpiibjgk\2.2\manifest.json
C:\Users\Lewis\AppData\Roaming\ejygvukp.exe
C:\Users\Lewis\AppData\Roaming\kknewme.exe
C:\Users\Lewis\Documents\DCSCMIN
C:\Users\Lewis\Documents\DCSCMIN\NhJ5wEKQ5jXs\NhJ5wEKQ5jXs\IMDCSC.exe
C:\Users\Lewis\Documents\DCSCMIN\pgLoRuTR2Ldn\pgLoRuTR2Ldn\Tumblr.exe
C:\Users\Lewis\Documents\DCSCMIN\Tumblr.exe
C:\Users\Lewis\Documents\DCSCMIN\Y4UjLvUj4Ucw\IMDCSC.exe


((((((((((((((((((((((((( Files Created from 2014-06-23 to 2014-07-23 )))))))))))))))))))))))))))))))


2014-07-23 15:05:26 . 2014-07-23 15:05:26 -------- d-----w- C:\Users\hedev\AppData\Local\temp
2014-07-23 15:05:26 . 2014-07-23 15:05:26 -------- d-----w- C:\Users\Default\AppData\Local\temp
2014-07-21 12:36:13 . 2014-07-21 13:03:44 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-07-21 12:17:52 . 2014-07-21 12:17:52 29160 ----a-w- C:\windows\SysWow64\drivers\TrueSight.sys
2014-07-21 12:17:51 . 2014-07-21 12:17:52 -------- d-----w- C:\ProgramData\RogueKiller
2014-07-20 10:45:50 . 2014-07-21 12:36:13 128728 ----a-w- C:\windows\system32\drivers\MBAMSwissArmy.sys
2014-07-20 10:45:29 . 2014-07-21 13:12:13 92888 ----a-w- C:\windows\system32\drivers\mbamchameleon.sys
2014-07-20 10:45:29 . 2014-05-12 06:26:10 63704 ----a-w- C:\windows\system32\drivers\mwac.sys
2014-07-20 10:45:29 . 2014-05-12 06:25:56 25816 ----a-w- C:\windows\system32\drivers\mbam.sys
2014-07-20 10:45:25 . 2014-07-20 10:45:35 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-14 15:29:31 . 2014-07-14 15:29:40 -------- d-----w- C:\Users\paulla\AppData\Local\Prompt Downloader
2014-07-14 15:29:26 . 2014-07-14 15:29:32 -------- d-----w- C:\Program Files (x86)\Prompt Downloader
2014-07-14 15:28:38 . 2014-07-20 11:10:17 -------- d-----w- C:\Users\paulla\AppData\Local\30706
2014-07-10 14:46:43 . 2014-06-03 10:02:21 1719296 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2014-07-10 14:42:35 . 2014-06-05 14:45:15 1460736 ----a-w- C:\windows\system32\lsasrv.dll
2014-07-10 14:42:34 . 2014-06-05 14:26:58 22016 ----a-w- C:\windows\SysWow64\secur32.dll
2014-07-10 14:42:34 . 2014-06-05 14:25:49 96768 ----a-w- C:\windows\SysWow64\sspicli.dll
2014-07-08 18:58:36 . 2014-07-08 18:58:36 5018624 ----a-w- C:\windows\SysWow64\FlashPlayerInstaller.exe
2014-07-03 08:20:33 . 2014-07-03 08:20:33 -------- d-----w- C:\ProgramData\Malwarebytes
2014-07-03 07:56:33 . 2014-07-03 07:56:33 -------- d-----w- C:\Users\Lewis\AppData\Local\Skype
2014-07-03 07:55:54 . 2014-07-03 07:55:56 -------- d-----w- C:\Users\Lewis\AppData\Roaming\Apple Computer
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2014-07-10 21:05:32 . 2012-12-29 23:21:17 96441528 ----a-w- C:\windows\system32\MRT.exe
2014-07-08 18:58:46 . 2012-02-17 02:19:36 71344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-08 18:58:46 . 2012-02-17 02:19:36 699056 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2014-06-11 11:05:50 . 2014-06-11 11:05:50 0 ----a-w- C:\windows\SysWow64\RENDE7D.tmp
2014-06-11 11:05:50 . 2014-06-11 11:05:50 0 ----a-w- C:\windows\SysWow64\RENDE6C.tmp
2014-05-20 21:20:26 . 2014-05-20 21:20:26 261 ----a-w- C:\Users\Guest\AppData\Roaming\Permission.bat
2014-04-25 02:34:59 . 2014-06-10 21:51:08 801280 ----a-w- C:\windows\system32\usp10.dll
2014-04-25 02:06:17 . 2014-06-10 21:51:07 626688 ----a-w- C:\windows\SysWow64\usp10.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{adff4c9a-4f49-4a1f-8885-360e107b7938}]
2010-11-21 03:24:01 297808 ----a-w- C:\Windows\System32\mscoree.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOPI.EXE"="C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2011-05-16 08:40:36 846936]
"Akamai NetSession Interface"="C:\Users\paulla\AppData\Local\Akamai\netsession_win.exe" [2013-06-05 00:01:52 4489472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"mcui_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2011-11-22 16:19:30 1675160]
"USB3MON"="C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-05 11:59:50 291608]
"ToshibaServiceStation"="C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-07-12 01:16:10 1298816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware (cleanup)"="C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe" [2014-05-12 06:24:36 54072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOPI.EXE"="C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2011-05-16 08:40:36 846936]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SpUninstallDeleteDir"="rmdir" [X]

C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-2 481184]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Toshiba Places Icon Utility.lnk - C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe [2012-3-8 1492352]

C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-2 481184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

R2 be0fb33b;Supporter;C:\windows\system32\rundll32.exe;C:\windows\SYSNATIVE\rundll32.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 BRDriver64;BRDriver64;C:\programdata\bitraider\BRDriver64.sys;C:\programdata\bitraider\BRDriver64.sys [x]
R3 BRSptSvc;BitRaider Mini-Support Service;C:\ProgramData\BitRaider\BRSptSvc.exe;C:\ProgramData\BitRaider\BRSptSvc.exe [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\windows\system32\DRIVERS\ew_hwusbdev.sys;C:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ew_usbenumfilter;huawei_CompositeFilter;C:\windows\system32\DRIVERS\ew_usbenumfilter.sys;C:\windows\SYSNATIVE\DRIVERS\ew_usbenumfilter.sys [x]
R3 GamesAppIntegrationService;GamesAppIntegrationService;C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe;C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [x]
R3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 huawei_cdcacm;huawei_cdcacm;C:\windows\system32\DRIVERS\ew_jucdcacm.sys;C:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x]
R3 huawei_ext_ctrl;huawei_ext_ctrl;C:\windows\system32\DRIVERS\ew_juextctrl.sys;C:\windows\SYSNATIVE\DRIVERS\ew_juextctrl.sys [x]
R3 huawei_wwanecm;huawei_wwanecm;C:\windows\system32\DRIVERS\ew_juwwanecm.sys;C:\windows\SYSNATIVE\DRIVERS\ew_juwwanecm.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\system32\IEEtwCollector.exe;C:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\windows\system32\drivers\mwac.sys;C:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 McAWFwk;McAfee Activation Service;c:\PROGRA~1\mcafee\msc\mcawfwk.exe;c:\PROGRA~1\mcafee\msc\mcawfwk.exe [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe;C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [x]
R3 mferkdet;McAfee Inc. mferkdet;C:\windows\system32\drivers\mferkdet.sys;C:\windows\SYSNATIVE\drivers\mferkdet.sys [x]
R3 TDEIO;TDEIO;C:\Windows\SysWOW64\sysprep\BOOTPRIO\tdeio64.sys;C:\Windows\SysWOW64\sysprep\BOOTPRIO\tdeio64.sys [x]
R3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe;C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [x]
R3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys;C:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys;C:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe;C:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe;C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\windows\system32\DRIVERS\iusb3hcs.sys;C:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 mfewfpk;McAfee Inc. mfewfpk;C:\windows\system32\drivers\mfewfpk.sys;C:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]
S0 NBVol;Nero Backup Volume Filter Driver;C:\windows\system32\DRIVERS\NBVol.sys;C:\windows\SYSNATIVE\DRIVERS\NBVol.sys [x]
S0 NBVolUp;Nero Backup Volume Upper Filter Driver;C:\windows\system32\DRIVERS\NBVolUp.sys;C:\windows\SYSNATIVE\DRIVERS\NBVolUp.sys [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\system32\DRIVERS\tos_sps64.sys;C:\windows\SYSNATIVE\DRIVERS\tos_sps64.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;C:\windows\system32\DRIVERS\mfenlfk.sys;C:\windows\SYSNATIVE\DRIVERS\mfenlfk.sys [x]
S2 GFNEXSrv;GFNEX Service;C:\Windows\System32\GFNEXSrv.exe;C:\windows\SYSNATIVE\GFNEXSrv.exe [x]
S2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
S2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe;C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [x]
S2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe;C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
S2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\system32\mfevtps.exe;C:\windows\SYSNATIVE\mfevtps.exe [x]
S2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe;C:\Program Files (x86)\Nero\Update\NASvc.exe [x]
S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe;C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe [x]
S2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.91\ccSvcHst.exe;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.91\ccSvcHst.exe [x]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe;C:\Program Files\TOSHIBA\TECO\TecoService.exe [x]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys;C:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x]
S3 cfwids;McAfee Inc. cfwids;C:\windows\system32\drivers\cfwids.sys;C:\windows\SYSNATIVE\drivers\cfwids.sys [x]
S3 huawei_enumerator;huawei_enumerator;C:\windows\system32\DRIVERS\ew_jubusenum.sys;C:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 IntcDAud;Intel(R) Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys;C:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\windows\system32\DRIVERS\iusb3hub.sys;C:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\windows\system32\DRIVERS\iusb3xhc.sys;C:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;C:\windows\system32\drivers\mfefirek.sys;C:\windows\SYSNATIVE\drivers\mfefirek.sys [x]
S3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys;C:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys;C:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys;C:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\system32\DRIVERS\rtl8192Ce.sys;C:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x]
S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
S3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [x]


--- Other Services/Drivers In Memory ---

*Deregistered* - mfeavfk01

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-07-18 18:43:06 1104200 ----a-w- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe

Contents of the 'Scheduled Tasks' folder

2014-07-23 C:\windows\Tasks\Adobe Flash Player Updater.job
- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-02-17 02:19:36 . 2014-07-08 18:58:47]

2014-07-22 C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3054618411-2260828370-2961214982-1000Core.job
- C:\Users\paulla\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-04-01 15:35:55 . 2013-04-01 15:35:36]

2014-07-22 C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3054618411-2260828370-2961214982-1000UA.job
- C:\Users\Lewis\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-04-01 15:35:55 . 2013-04-01 15:35:36]

2014-07-23 C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-17 02:24:46 . 2012-02-17 02:24:44]

2014-07-23 C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-17 02:24:46 . 2012-02-17 02:24:44]


--------- X64 Entries -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-02-01 03:09:06 12446824]
"SRS Premium Sound HD"="C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe" [2012-02-06 19:11:38 2165120]
"TosSENotify"="C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2011-11-26 02:53:16 710560]
"TosVolRegulator"="C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 22:31:34 24376]
"Toshiba TEMPRO"="C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe" [2011-02-10 08:25:42 1546720]
"IgfxTray"="C:\windows\system32\igfxtray.exe" [2012-05-10 14:20:46 170264]
"HotKeysCmds"="C:\windows\system32\hkcmd.exe" [2012-05-10 14:20:46 398616]
"Persistence"="C:\windows\system32\igfxpers.exe" [2012-05-10 14:20:46 440088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"*Restore"="C:\windows\System32\rstrui.exe" [2010-11-21 03:25:06 296960]

------- Supplementary Scan -------

uLocal Page = C:\windows\system32\blank.htm
mLocal Page = C:\Windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
mSearchAssistant =
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{592A01A8-3212-4AB4-9D07-68105461ACDA}: NameServer = 88.82.13.44 88.82.13.44
TCP: Interfaces\{908BB1D8-212D-49F7-BDA0-63C8640527CD}: NameServer = 88.82.13.28 88.82.13.28
TCP: Interfaces\{C88FDA1A-DD0D-472E-8A6A-0488780E90F4}: NameServer = 88.82.13.12 88.82.13.12

- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-Skype - C:\Program Files (x86)\Skype\Phone\Skype.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
WebBrowser-{4153492D-4700-A76A-76A7-7A786E7484D7} - (no file)
HKLM-Run-SynTPEnh - C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-TPwrMain - C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-TCrdMain - C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-Teco - C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-TosWaitSrv - C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
AddRemove-DefaultTab - C:\windows\system32\config\systemprofile\AppData\Roaming\defaulttab\defaulttab\uninstalldt.exe
AddRemove-Wajam - C:\Program Files (x86)\Wajam\uninstall.exe
AddRemove-blinkx beat - C:\Program Files (x86)\Blinkx\templates\uninstall.exe



[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.91\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.91\diMaster.dll\" /prefetch:1"

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"

[HKEY_USERS\S-1-5-21-3054618411-2260828370-2961214982-501_Classes\CLSID]
@DACL=(02 0000)

[HKEY_USERS\S-1-5-21-3054618411-2260828370-2961214982-501_Classes\CLSID\{00000001-0E3A-4123-8B32-4B68A91E104A}]
@DACL=(02 0000)
@="Music Place"

[HKEY_USERS\S-1-5-21-3054618411-2260828370-2961214982-501_Classes\CLSID\{00000002-0E3A-4123-8B32-4B68A91E104A}]
@DACL=(02 0000)
@="Video Place"

[HKEY_USERS\S-1-5-21-3054618411-2260828370-2961214982-501_Classes\CLSID\{00000003-0E3A-4123-8B32-4B68A91E104A}]
@DACL=(02 0000)
@="Software Place"

[HKEY_USERS\S-1-5-21-3054618411-2260828370-2961214982-501_Classes\CLSID\{00000006-0E3A-4123-8B32-4B68A91E104A}]
@DACL=(02 0000)
@="Game Place"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@C:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="C:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@C:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="C:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="C:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="C:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="C:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="C:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)

Completion time: 2014-07-23 16:09:43
ComboFix-quarantined-files.txt 2014-07-23 15:09:42

Pre-Run: 197,421,314,048 bytes free
Post-Run: 197,319,327,744 bytes free

- - End Of File - - F1861C5F1E164775668323C084FD0FED

 

[Lewis88]

Also I can't redownload programs that Combofix broke?

 

[Lewis88]

Nevermind I got it working.

 

[Broni]

After Combofix had finished I noticed a lot of changes to my laptop.

Which would be?

1. Please open Notepad (Start>All Programs>Accessories>Notepad).

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Driver::
be0fb33b

ClearJavaCache::

3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt

 

[Lewis88]

After ComboFix had finished and rebooted my laptop it came up saying Access Denied and is constantly opening and closing it took me 10 minutes to write this because of that.

 

[Broni]

This?

**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.

 

[Lewis88]

No just Access Denied then it rapidly opens and closes.

 

[Broni]

For now go ahead with my reply #15.

 

[Lewis88]

Restarting did not fix it. Should I try to uninstall it?

 

[Broni]

Uninstall what exactly?

 

[Lewis88]

ComboFix.

 

[Broni]

Why there is a problem with completing my reply #15?

 

[Lewis88]

The one with CFScript?

 

[Broni]

Yes.