Inactive Malwarebytes & DDS logs

[Sam66]

Malwarebytes Anti-Malware

www.malwarebytes.org


Scan Date: 10/09/2014

Scan Time: 6:41:48 PM

Logfile: Malwarebytes.txt

Administrator: Yes


Version: 2.00.2.1012

Malware Database: v2014.09.10.03

Rootkit Database: v2014.08.21.01

License: Premium

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled


OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: Sam


Scan Type: Threat Scan

Result: Completed

Objects Scanned: 399377

Time Elapsed: 10 min, 34 sec


Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled


Processes: 0

(No malicious items detected)


Modules: 0

(No malicious items detected)


Registry Keys: 1

PUP.Optional.Qone8, HKU\S-1-5-21-3986084605-3247356130-1725618732-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, , [9603ecdd3d3ea1953f3caca1b25251af],


Registry Values: 0

(No malicious items detected)


Registry Data: 0

(No malicious items detected)


Folders: 0

(No malicious items detected)


Files: 0

(No malicious items detected)


Physical Sectors: 0

(No malicious items detected)



(end)

---------------------------------------------------------------------------------------------------------------------------------------------------------------------------

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 11.0.9600.17280 BrowserJavaVersion: 10.67.2

Run by Sam at 19:06:45 on 2014-09-10

Microsoft Windows 7 Professional 6.1.7601.1.1252.61.1033.18.8191.6676 [GMT 9.5:30]

.

AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: AVG Internet Security 2012 *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Atomic Alarm Clock\timeserv.exe

C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\hasplms.exe

C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\System32\WUDFHost.exe

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Program Files\HitmanPro\hmpsched.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe

C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\iolo\System Mechanic\iologovernor64.exe

C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe

C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe

C:\Program Files (x86)\AVG\AVG2012\avgtray.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\PROGRA~2\MICROS~1\Office12\WINWORD.EXE

C:\Windows\splwow64.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

C:\PROGRAM FILES\NVIDIA CORPORATION\RAID\NVRAIDSERVICE.EXE

C:\Program Files (x86)\AVG\AVG2012\avgcfgex.exe

C:\Windows\System32\wbem\WmiPrvSE.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = www.google.com

uSearch Bar = Preserve

mStart Page = www.google.com

mSearch Page = hxxp://www.google.com

mDefault_Page_URL = www.google.com

mDefault_Search_URL = www.google.com

mWinlogon: Userinit = userinit.exe,

BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll

BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll

BHO: FdmIeBho.FDMIEBHO: {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -

BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO: Adblock Plus for IE Browser Helper Object: {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll

uRun: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler

uRun: [SkinClock] C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe

mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

mRun: [AntiLogger] "C:\Program Files (x86)\AntiLogger\AntiLogger.exe" /minimized

mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

mRun: [NWEReboot] <no file>

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm

IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm

.

INFO: HKCU has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

SEH: ShellHook Class - {88485281-8b4b-4f8d-9ede-82e29a064277} - C:\Program Files (x86)\MarkAny\ContentSAFER\MACSMANAGER.dll

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-mStart Page = www.google.com

x64-mSearch Page = hxxp://www.google.com

x64-mDefault_Page_URL = www.google.com

x64-mDefault_Search_URL = www.google.com

x64-BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll

x64-BHO: ExplorerWnd Helper: {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll

x64-BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll

x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

x64-BHO: Adblock Pro: {F385C231-605B-4d8f-ACA9-DBFF765BBE17} - C:\Program Files\Adblock Pro\AdblockPro.dll

x64-BHO: Adblock Plus for IE Browser Helper Object: {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll

x64-IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll

x64-IE: {E7FD3540-AB30-40f1-91E7-101F733C1FD5} - {7685B225-8229-4321-BA13-A24485B0A760} - C:\Program Files\Adblock Pro\AdblockPro.dll

x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>

x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll

x64-SSODL: WebCheck - <orphaned>

x64-mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-4-19 28480]

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-1-31 36944]

R0 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-5-21 122584]

R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\System32\drivers\SmartDefragDriver.sys [2013-9-28 17720]

R1 AntiLog32;AntiLog32;C:\Windows\System32\drivers\AntiLog64.sys [2012-7-24 49752]

R1 Avgfwfd;AVG network filter service;C:\Windows\System32\drivers\avgfwd6a.sys [2011-5-23 48992]

R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-11-8 307040]

R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2011-12-23 47696]

R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-4-11 384800]

R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-10-24 50976]

R1 ElRawDisk;ElRawDisk;C:\Windows\System32\drivers\ElRawDsk.sys [2013-11-13 30752]

R1 RawDisk3;RawDisk3;C:\Windows\System32\drivers\rawdsk3.sys [2014-9-7 32912]

R2 AdvancedSystemCareService7;Advanced SystemCare Service 7;C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [2013-11-2 893216]

R2 aksdf;aksdf;C:\Windows\System32\drivers\aksdf.sys [2014-7-10 75648]

R2 AtomicAlarmClock;Atomic Alarm Clock Time;C:\Program Files\Atomic Alarm Clock\timeserv.exe [2013-2-9 2062336]

R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]

R2 hasplms;Sentinel HASP License Manager;C:\Windows\System32\hasplms.exe -run --> C:\Windows\System32\hasplms.exe -run [?]

R2 IDMWFP;IDMWFP;C:\Windows\System32\drivers\idmwfp.sys [2014-9-3 180136]

R2 ioloSystemService;iolo System Service;C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2014-9-7 4700872]

R2 PDFsFilter;PDFsFilter;C:\Windows\System32\drivers\PDFsFilter.sys [2013-11-13 82160]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-4-9 411936]

R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-12-10 127328]

R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\avgidsfiltera.sys [2011-12-23 29776]

S2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2012\avgfws.exe [2012-12-5 2321560]

S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2013-10-15 5175856]

S2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2014-9-7 127752]

S2 LiveUpdateSvc;LiveUpdate;C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2013-11-2 2282272]

S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-5-21 1809720]

S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-5-21 860472]

S3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\drivers\AmUStor.sys [2012-10-3 95232]

S3 cleanhlp;cleanhlp;C:\EEK\bin\cleanhlp64.sys [2014-9-8 57024]

S3 DrvAgent64;DrvAgent64;C:\Windows\SysWOW64\drivers\DrvAgent64.SYS [2014-3-16 21712]

S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2014-9-7 17480]

S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2014-9-7 9800]

S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-9-10 111616]

S3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\System32\drivers\LVPr2M64.sys [2009-10-7 30232]

S3 LVUVC64;Logitech Webcam 100(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2014-3-5 6379288]

S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-7-21 25816]

S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-5-21 63704]

S3 MRV6X64P;Vista 64-bits Native WiFi Driver;C:\Windows\System32\drivers\MRVW13C.sys [2007-5-3 244736]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-10-24 19456]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]

S3 TFsExDisk;TFsExDisk;C:\Windows\System32\drivers\TFsExDisk.sys [2012-11-4 16448]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-11-13 56832]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-2-26 1255736]

S4 LVPrcS64;Process Monitor;C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe [2009-10-7 191000]

S4 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2013-7-18 762192]

S4 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]

.

=============== Created Last 30 ================

.

2014-09-10 08:46:25 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

2014-09-10 08:46:25 728064 ----a-w- C:\Windows\System32\kerberos.dll

2014-09-10 08:46:25 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll

2014-09-10 08:46:25 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2014-09-10 08:46:25 1460736 ----a-w- C:\Windows\System32\lsasrv.dll

2014-09-10 08:09:29 2777088 ----a-w- C:\Windows\System32\msmpeg2vdec.dll

2014-09-10 08:09:29 2285056 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll

2014-09-10 07:37:09 793600 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll

2014-09-10 07:37:09 1031168 ----a-w- C:\Windows\System32\TSWorkspace.dll

2014-09-10 07:37:00 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll

2014-09-10 07:37:00 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll

2014-09-08 15:43:56 -------- d-----w- C:\Users\Sam\AppData\Local\CrashDumps

2014-09-08 10:54:17 -------- d-----w- C:\EEK

2014-09-08 09:05:43 36456 ----a-w- C:\Windows\System32\drivers\TrueSight.sys

2014-09-08 09:05:32 -------- d-----w- C:\ProgramData\RogueKiller

2014-09-07 12:00:39 -------- d-----w- C:\Windows\System32\CatRoot2

2014-09-07 11:22:15 -------- d-----w- C:\Users\Sam\AppData\Roaming\AntiLogger

2014-09-07 05:52:28 24136 ----a-w- C:\Windows\System32\fbnative.exe

2014-09-07 05:46:00 9800 ----a-w- C:\Windows\System32\EuGdiDrv.sys

2014-09-07 05:46:00 9160 ----a-w- C:\Windows\SysWow64\EuGdiDrv.sys

2014-09-07 05:46:00 87112 ----a-w- C:\Windows\SysWow64\setupempdrv03.exe

2014-09-07 05:46:00 3382440 ----a-w- C:\Windows\System32\BootMan.exe

2014-09-07 05:46:00 2499752 ----a-w- C:\Windows\SysWow64\BootMan.exe

2014-09-07 05:46:00 19840 ----a-w- C:\Windows\SysWow64\EuEpmGdi.dll

2014-09-07 05:46:00 17480 ----a-w- C:\Windows\System32\epmntdrv.sys

2014-09-07 05:46:00 16256 ----a-w- C:\Windows\System32\EuEpmGdi.dll

2014-09-07 05:46:00 13896 ----a-w- C:\Windows\SysWow64\epmntdrv.sys

2014-09-07 05:46:00 100936 ----a-w- C:\Windows\System32\setupempdrvx64.exe

2014-09-07 02:37:09 32912 ----a-w- C:\Windows\System32\drivers\rawdsk3.sys

2014-09-07 02:37:07 -------- d-----w- C:\logs

2014-09-06 16:41:51 8643640 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll

2014-09-06 16:41:48 11319192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D03AFC31-F206-4261-98FA-9D8F551501CE}\mpengine.dll

2014-09-06 16:04:10 -------- d-----w- C:\Program Files\HitmanPro

2014-09-06 16:03:39 -------- d-----w- C:\ProgramData\HitmanPro

2014-09-06 15:10:08 -------- d-----w- C:\AdwCleaner

2014-09-06 10:14:29 -------- d-----w- C:\Windows\ERUNT

2014-09-06 08:15:13 74703 ----a-w- C:\Windows\SysWow64\mfc45.dat

2014-09-05 10:41:00 664064 ----a-w- C:\Windows\SysWow64\rpcrt4.dll

2014-09-05 10:41:00 1216000 ----a-w- C:\Windows\System32\rpcrt4.dll

2014-09-04 13:37:41 -------- d-----w- C:\Windows\SysWow64\X86

2014-09-04 13:37:41 -------- d-----w- C:\Windows\SysWow64\AMD64

2014-09-04 13:34:28 -------- d-----w- C:\ProgramData\YouiTiubeiAAdBloockee

2014-09-04 13:34:27 -------- d-----w- C:\Program Files (x86)\YouiTiubeiAAdBloockee

2014-09-04 13:27:18 -------- d-----w- C:\ProgramData\207e1cbe898ce19f

2014-09-04 13:27:17 -------- d-----w- C:\Users\Sam\AppData\Local\Comodo

2014-09-03 08:23:46 180136 ----a-w- C:\Windows\System32\drivers\idmwfp.sys

2014-08-28 08:53:05 404480 ----a-w- C:\Windows\System32\gdi32.dll

2014-08-28 08:53:05 3163648 ----a-w- C:\Windows\System32\win32k.sys

2014-08-28 08:53:05 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll

2014-08-23 11:47:59 -------- d-----w- C:\Program Files (x86)\Wi-Fi Password Key

2014-08-13 10:27:19 99480 ----a-w- C:\Windows\SysWow64\infocardapi.dll

2014-08-13 10:27:19 8856 ----a-w- C:\Windows\SysWow64\icardres.dll

2014-08-13 10:27:19 8856 ----a-w- C:\Windows\System32\icardres.dll

2014-08-13 10:27:19 619672 ----a-w- C:\Windows\SysWow64\icardagt.exe

2014-08-13 10:27:19 171160 ----a-w- C:\Windows\System32\infocardapi.dll

2014-08-13 10:27:19 1389208 ----a-w- C:\Windows\System32\icardagt.exe

2014-08-13 10:27:05 35480 ----a-w- C:\Windows\SysWow64\TsWpfWrp.exe

2014-08-13 10:27:05 35480 ----a-w- C:\Windows\System32\TsWpfWrp.exe

2014-08-13 09:52:51 985536 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys

.

==================== Find3M ====================

.

2014-09-10 08:54:54 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys

2014-08-24 21:23:42 270496 ------w- C:\Windows\System32\MpSigStub.exe

2014-08-18 22:29:49 2724864 ----a-w- C:\Windows\System32\mshtml.tlb

2014-08-18 22:29:35 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll

2014-08-18 22:19:53 5833728 ----a-w- C:\Windows\System32\jscript9.dll

2014-08-18 22:15:34 547328 ----a-w- C:\Windows\System32\vbscript.dll

2014-08-18 22:15:09 66048 ----a-w- C:\Windows\System32\iesetup.dll

2014-08-18 22:14:38 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll

2014-08-18 22:14:10 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll

2014-08-18 22:08:55 4232704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2014-08-18 22:03:47 139264 ----a-w- C:\Windows\System32\ieUnatt.exe

2014-08-18 22:03:37 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe

2014-08-18 22:03:01 758272 ----a-w- C:\Windows\System32\jscript9diag.dll

2014-08-18 21:57:44 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2014-08-18 21:56:17 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe

2014-08-18 21:46:26 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll

2014-08-18 21:45:23 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll

2014-08-18 21:45:12 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll

2014-08-18 21:44:44 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll

2014-08-18 21:44:09 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll

2014-08-18 21:36:07 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2014-08-18 21:35:24 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll

2014-08-18 21:23:17 2104832 ----a-w- C:\Windows\System32\inetcpl.cpl

2014-08-18 21:23:16 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll

2014-08-18 21:22:48 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll

2014-08-18 21:15:13 2310656 ----a-w- C:\Windows\System32\wininet.dll

2014-08-18 21:08:54 2014208 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2014-08-18 21:07:44 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll

2014-08-18 20:46:48 1812992 ----a-w- C:\Windows\SysWow64\wininet.dll

2014-08-12 14:27:18 57584 ----a-w- C:\Windows\System32\iolobtdfg.exe

2014-08-12 14:27:10 26184 ----a-w- C:\Windows\System32\smrgdf.exe

2014-08-12 14:11:20 2155152 ----a-w- C:\Windows\System32\Incinerator64.dll

2014-08-12 14:11:18 2097984 ----a-w- C:\Windows\SysWow64\Incinerator32.dll

2014-08-11 11:40:06 50976 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys

2014-08-06 09:22:42 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2014-07-24 17:05:46 875688 ----a-w- C:\Windows\SysWow64\msvcr120_clr0400.dll

2014-07-24 14:17:06 869544 ----a-w- C:\Windows\System32\msvcr120_clr0400.dll

2014-07-16 03:23:41 2048 ----a-w- C:\Windows\System32\tzres.dll

2014-07-16 02:46:02 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2014-07-09 11:43:34 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2014-07-09 11:43:34 699056 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2014-07-09 09:18:34 692736 ----a-w- C:\Windows\System32\osk.exe

2014-07-09 09:18:34 646144 ----a-w- C:\Windows\SysWow64\osk.exe

2014-07-09 09:16:49 497152 ----a-w- C:\Windows\System32\drivers\afd.sys

2014-07-09 09:15:29 86528 ----a-w- C:\Windows\System32\TSpkg.dll

2014-07-09 09:15:29 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll

2014-07-09 09:15:29 340992 ----a-w- C:\Windows\System32\schannel.dll

2014-07-09 09:15:29 314880 ----a-w- C:\Windows\System32\msv1_0.dll

2014-07-09 09:15:29 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2014-07-09 09:15:29 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll

2014-07-09 09:15:29 247808 ----a-w- C:\Windows\SysWow64\schannel.dll

2014-07-09 09:15:29 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2014-07-09 09:15:29 22016 ----a-w- C:\Windows\System32\credssp.dll

2014-07-09 09:15:29 210944 ----a-w- C:\Windows\System32\wdigest.dll

2014-07-09 09:15:29 17408 ----a-w- C:\Windows\SysWow64\credssp.dll

2014-07-09 09:15:29 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll

2014-07-09 09:14:22 624128 ----a-w- C:\Windows\System32\qedit.dll

2014-07-09 09:14:22 509440 ----a-w- C:\Windows\SysWow64\qedit.dll

2014-07-09 02:03:23 7168 ----a-w- C:\Windows\System32\KBDYAK.DLL

2014-07-09 02:03:22 7168 ----a-w- C:\Windows\System32\KBDBASH.DLL

2014-07-09 01:31:42 7168 ----a-w- C:\Windows\SysWow64\KBDYAK.DLL

2014-07-09 01:31:41 6656 ----a-w- C:\Windows\SysWow64\KBDBASH.DLL

.

============= FINISH: 19:07:18.36 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 16/02/2012 2:40:43 PM

System Uptime: 10/09/2014 6:18:17 PM (1 hours ago)

.

Motherboard: ASUSTeK Computer INC. | | STRIKER II FORMULA

Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz | Socket 775 | 2400/266mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 328 GiB total, 60.413 GiB free.

D: is FIXED (NTFS) - 138 GiB total, 96.218 GiB free.

E: is CDROM ()

F: is Removable

G: is CDROM ()

H: is Removable

I: is Removable

J: is Removable

K: is Removable

L: is CDROM (CDFS)

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: NETGEAR WG311v3 54Mbps Wireless PCI Adapter

Device ID: PCI\VEN_11AB&DEV_1FAA&SUBSYS_6B001385&REV_03\4&36AC3632&0&3878

Manufacturer: Marvell

Name: NETGEAR WG311v3 54Mbps Wireless PCI Adapter

PNP Device ID: PCI\VEN_11AB&DEV_1FAA&SUBSYS_6B001385&REV_03\4&36AC3632&0&3878

Service: MRV6X64P

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

2007 Microsoft Office Suite Service Pack 3 (SP3)

Adblock Plus for IE (32-bit and 64-bit)

Adblock Pro x64 3.0

Adobe AIR

Adobe Digital Editions 3.0

Adobe Flash Player 14 ActiveX

Adobe Flash Player 14 Plugin

Adobe Reader XI (11.0.08)

Adobe Shockwave Player 12.1

Advanced SystemCare 7

Alcor Micro USB Card Reader

AntiLogger

ASUSUpdate

Atomic Alarm Clock 5.91

AVG 2012

Avogadro

Bootstrapper

CCleaner

Copy Plus

DataNumen CAB Repair v2.0

Daum PotPlayer 1.5.44465

Dodo Wireless Broadband

Driver Booster

EaseUS Partition Master 10.1

GNU Backgammon (MAIN branch, 20121023 code)

GOM Player

Google Chrome

Google Update Helper

Hard Disk Sentinel

HitmanPro 3.7

HP Color LaserJet CP1210 Series

HP Color LaserJet CP1210 Series Toolbox

HP LaserJet Toolbox

HP Update

hppusgCP1215

HPSSupply

Internet Download Manager

IObit Uninstaller

iolo technologies' System Mechanic

Java 7 Update 25 (64-bit)

Java 7 Update 67

Java Auto Updater

Lame ACM MP3 Codec

LightScribe System Software

Logitech Vid

Logitech Webcam Software

Logitech Webcam Software Driver Package

MagicDisc 2.7.106

Malwarebytes Anti-Malware version 2.0.2.1012

MarketResearch

Microsoft .NET Framework 4.5.1

Microsoft Application Error Reporting

Microsoft Mouse and Keyboard Center

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office Office 64-bit Components 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared 64-bit MUI (English) 2007

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Minitab 16

Minitab Software Update Manager

Minitab16

MrvlUsgTracking64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

NavDesk 7.50

Nero 7 Essentials

Nero Burning Core

Nero Burning ROM

Nero Burning ROM 2014

Nero Burning ROM Help (CHM)

Nero ControlCenter

Nero ControlCenter Help (CHM)

Nero Core Components

Nero CoverDesigner

Nero CoverDesigner Help (CHM)

Nero SharedVideoCodecs

Nero Update

NVIDIA 3D Vision Controller Driver 320.49

NVIDIA 3D Vision Driver 335.23

NVIDIA Control Panel 335.23

NVIDIA Drivers

NVIDIA ForceWare Network Access Manager

NVIDIA GeForce Experience 1.5

NVIDIA Graphics Driver 335.23

NVIDIA Install Application

NVIDIA MediaShield

NVIDIA PhysX

NVIDIA PhysX System Software 9.13.0604

NVIDIA Stereoscopic 3D Driver

NVIDIA Update 10.4.0

NVIDIA Update Components

PDF Password Remover

PeerBlock 1.2 (r693)

Prerequisite installer

Puran File Recovery 1.2

Samsung Media Studio

Samsung New PC Studio

SAMSUNG USB Driver for Mobile Phones

Screenpresso

Secure Download Manager

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)

Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)

Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)

Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)

Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2817330) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2827329) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2878233) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2880507) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2880508) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2880513) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2881069) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition

Security Update for Microsoft Office OneNote 2007 (KB2596857) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2817565) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2880515) 32-Bit Edition

Smart Defrag 2

SoftOrbits Flash Drive Recovery 2.1

SoftPerfect WiFi Guard version 1.0.0

SoftwareManager

Speccy

Surfing Protection

swMSM

System Requirements Lab for Intel

Tweaking.com - Windows Repair (All in One)

UniPDF 1.1

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Infopath 2007 Help (KB963662)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition

Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2889914) 32-Bit Edition

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 (KB974631)

Update for Microsoft Office Word 2007 Help (KB963665)

Viper Plagiarism Scanner

Visual Studio 2008 x64 Redistributables

VueScan

Wi-Fi Password Key

WinPDFEditor V2.0.5

WinZip 16.5

XviD MPEG-4 Video Codec

.

==== Event Viewer Messages From Past Week ========

.

9/09/2014 5:18:54 PM, Error: Microsoft-Windows-HAL [12] - The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.

9/09/2014 4:27:42 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running.

9/09/2014 4:27:12 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

9/09/2014 4:27:03 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.

9/09/2014 4:26:21 PM, Error: volmgr [46] - Crash dump initialization failed!

9/09/2014 2:10:49 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk6\DR6.

9/09/2014 1:46:20 AM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.

9/09/2014 1:45:26 AM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Type with the following error: Access is denied.

9/09/2014 1:45:26 AM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Description with the following error: Access is denied.

9/09/2014 1:45:25 AM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.

9/09/2014 1:45:24 AM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for DelayedAutostart with the following error: Access is denied.

9/09/2014 1:45:12 AM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for DeleteFlag with the following error: Access is denied.

10/09/2014 6:01:44 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070003: Update for Windows 7 for x64-based Systems (KB2985461).

10/09/2014 6:01:44 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070003: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2894844).

10/09/2014 12:24:13 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

10/09/2014 12:22:13 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AeLookupSvc service.

10/09/2014 12:22:13 AM, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

10/09/2014 12:20:11 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanServer service.

10/09/2014 12:19:41 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgwd service.

10/09/2014 12:10:22 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk6\DR7.

.

==== End Of File ===========================

The Qone8 registry key keeps returning.
Have run

Kaspersky TDSSKiller
RKill
Malwarebytes Anti-Malware
RogueKiller
HitmanPro
Emsisoft Emergency Kit
AdwCleane
Junkware Removal Tool

 

[Sam66]

Also AVG scans always show

"";"C:\Windows\SysWOW64\mfc45.dat";"Corrupted executable file";"Reboot is required to finish the action"

 

[Broni]

Welcome aboard
Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===================================

You're not saying what your computer issues are.

Are you using Wordpad to open logs? If so, please switch to Notepad.

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

• Close all the running programs
• Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
• Otherwise just double-click on RogueKiller.exe
• Pre-scan will start. Let it finish.
• Click on SCAN button.
• Wait until the Status box shows Scan Finished
• Click on Delete.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.
• If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Create new restore point before proceeding with the next step....
How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

Download http://www.imgdumper.nl/uploads6/51a5f31352f71/51a5f31352b88-icon_MBAR.png][/url][b][url=https://www.techspot.com/downloads/5603-malwarebytes-anti-rootkit.html][color=#0000FF]Malwarebytes Anti-Rootkit[/color][/url][/b] to your desktop.
[LIST]
[*][b][color=#FF0000]Warning![/color][/b] [I]Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.[/I]
[*]Double click on downloaded file. OK self extracting prompt.
[*]MBAR will start. Click "[b]Next[/b]" to continue.
[*]Click in the following screen "[b]Update[/b]" to obtain the latest malware definitions.
[*]Once the update is complete select "[b]Next[/b]" and click "[b]Scan[/b]".
[*]When the scan is finished and no malware has been found select "[b]Exit[/b]".
[*]If malware was detected, make sure to check all the items and click "[b]Cleanup[/b]". Reboot your computer.
[*]Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
[LIST]
[*][b]"mbar-log-[I]{date} (xx-xx-xx)[/I].txt"[/b]
[*][b]"system-log.txt"[/b]
[/LIST]
[/LIST]