Trying to get rid of ad.yieldmanager/allmplayerdownloads.com popup ads :(

[tealily12]

Foolishly downloaded a program on my personal laptop - ignored the ESET "are you sure you wish to let this program make changes to your computer?" - now have ad.yieldmanager popups and it's driving me nuts (I also seem to get allmplayerdownloads.com popups too, but mostly yieldmanager). They seem to particularly enjoy coming up whenever I visit facebook.

* Uninstalled and removed said program, and emptied recycling bin
* Updated ESET virus signature database, no changes
* Googled around - added yieldmanager and ad.yieldmanager to my Mozilla Firefox block list but to no avail
* Downloaded Spyhunter 4, always seems to find a bunch of cookies. I noticed the ad.yieldmanager popups come up less frequently after a scan, but just when I think they're gone completely I go to a site like Facebook and BAM there's another one.
* Found this site, going though suggested Malware removal steps now and will upload logs shortly...

[SuperDave]

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
Please download AdwCleaner by Xplode onto your Desktop.

• Please close all open programs and internet browsers.
• Double click on adwcleaner.exe to run the tool.
  
• Click on Delete.
  
• Confirm each time with OK
  
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the content of that logfile in your reply.
• You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.
  

*********************************************
Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
• Please save the log to a location you will remember.
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
*************************************************
Please download Junkware Removal Tool to your desktop.

•Warning! Once the scan is complete JRT will shut down your browser with NO warning.

•Shut down your protection software now to avoid potential conflicts.

•Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

•Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator

•The tool will open and start scanning your system.

•Please be patient as this can take a while to complete depending on your system's specifications.

•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

•Copy and Paste the JRT.txt log into your next message.

[tealily12]

Thanks for offering to help, I really appreciate it!!!

AdwCleaner log:

# AdwCleaner v2.300 - Logfile created 05/16/2013 at 12:33:50
# Updated 28/04/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Lynny - TOSHIBAP870
# Boot Mode : Normal
# Running from : C:\Users\Lynny\Downloads\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Users\Public\Desktop\eBay.lnk

***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Software

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16537

[OK] Registry is clean.

-\\ Mozilla Firefox v20.0.1 (en-US)

File : C:\Users\Lynny\AppData\Roaming\Mozilla\Firefox\Profiles\7on4db8w.default\prefs.js

C:\Users\Lynny\AppData\Roaming\Mozilla\Firefox\Profiles\7on4db8w.default\user.js ... Deleted !

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [885 octets] - [13/05/2013 12:01:30]
AdwCleaner[S1].txt - [921 octets] - [16/05/2013 12:33:50]

########## EOF - C:\AdwCleaner[S1].txt - [980 octets] ##########

[tealily12]

Malwarebtes scan log:

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.05.16.01

Windows 7

Protection: Enabled

16/05/2013 12:44:19 PM
mbam-log-2013-05-16 (12-44-19).txt

Scan type: Full scan (C:\|D:\|Q:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 415471
Time elapsed: 52 minute(s), 9 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

[tealily12]

JRT scan:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran Thu 16/05/2013 at 13:51:34.51
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\eula.1028.txt
Successfully deleted: [File] C:\eula.1031.txt
Successfully deleted: [File] C:\eula.1033.txt
Successfully deleted: [File] C:\eula.1036.txt
Successfully deleted: [File] C:\eula.1040.txt
Successfully deleted: [File] C:\eula.1041.txt
Successfully deleted: [File] C:\eula.1042.txt
Successfully deleted: [File] C:\eula.2052.txt
Successfully deleted: [File] C:\install.res.1028.dll
Successfully deleted: [File] C:\install.res.1031.dll
Successfully deleted: [File] C:\install.res.1033.dll
Successfully deleted: [File] C:\install.res.1036.dll
Successfully deleted: [File] C:\install.res.1040.dll
Successfully deleted: [File] C:\install.res.1041.dll
Successfully deleted: [File] C:\install.res.1042.dll
Successfully deleted: [File] C:\install.res.2052.dll
Successfully deleted: [File] C:\install.res.3082.dll



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\big fish games"
Successfully deleted: [Folder] "C:\ProgramData\splashtop"
Failed to delete: [Folder] "C:\Program Files (x86)\splashtop"



~~~ FireFox

Emptied folder: C:\Users\Lynny\AppData\Roaming\mozilla\firefox\profiles\7on4db8w.default\minidumps [32 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 16/05/2013 at 13:55:19.15
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[tealily12]

Popup ads were gone post-scan for a while but are definitely back And worse than ever! I notice at the bottom of my screen that almost every page I visit somehow links back to yieldmanager before going to the page I requested.

[SuperDave]

Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
**********************************************
Download Combofix from any of the links below, and save it to your DESKTOP. 
If your version of Windows defaults to you download folder you will need to copy it to your desktop.

Link 1
Link 2
Link 3

To prevent your anti-virus application interfering with  ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

• Close any open windows and double click ComboFix.exe to run it.
  
  You will see the following image:
  

Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:



As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to  have this pre-installed on your machine before doing any malware  removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair  mode that will allow us to more easily help you should your computer  have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.



Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

[tealily12]

Security check log:

 Results of screen317's Security Check version 0.99.63 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 9 
``````````````Antivirus/Firewall Check:``````````````[/u]
 Windows Firewall Disabled! 
ESET Smart Security 5.2   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````[/u]
 Spybot - Search & Destroy
 Malwarebytes Anti-Malware version 1.75.0.1300 
 Java(TM) 6 Update 30 
 Java version out of Date!
 Adobe Flash Player 11.7.700.202 
 Mozilla Firefox (20.0.1)
 Google Chrome 18.0.1025.142 
````````Process Check: objlist.exe by Laurent````````[/u] 
 Norton ccSvcHst.exe
 ESET NOD32 Antivirus egui.exe 
 ESET NOD32 Antivirus ekrn.exe 
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbamgui.exe 
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check`````````````````[/u]
 Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````[/u]

[tealily12]

Combofix log (no computer restarts):

ComboFix 13-05-16.02 - Lynny 17/05/2013  15:07:46.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.61.1033.18.16303.12930 [GMT 10:00]
Running from: c:\users\Lynny\Desktop\ComboFix.exe
AV: ESET Smart Security 5.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\users\Lynny\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk
c:\users\Lynny\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\rasphone.pbk
c:\users\Lynny\Documents\~WRL0005.tmp
c:\users\Lynny\Documents\~WRL0076.tmp
c:\users\Lynny\Documents\~WRL0266.tmp
c:\users\Lynny\Documents\~WRL0892.tmp
c:\users\Lynny\Documents\~WRL0987.tmp
c:\users\Lynny\Documents\~WRL2876.tmp
.
.
(((((((((((((((((((((((((   Files Created from 2013-04-17 to 2013-05-17  )))))))))))))))))))))))))))))))
.
.
2013-05-17 05:12 . 2013-05-17 05:12   --------   d-----w-   c:\users\UpdatusUser\AppData\Local\temp
2013-05-17 05:12 . 2013-05-17 05:12   --------   d-----w-   c:\users\Default\AppData\Local\temp
2013-05-16 22:33 . 2013-05-13 06:37   9460464   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{68B272DF-0AC2-40A2-8B31-C48B9E280B87}\mpengine.dll
2013-05-16 03:59 . 2013-05-16 03:59   --------   d-----w-   c:\programdata\Splashtop
2013-05-16 03:51 . 2013-05-16 03:51   --------   d-----w-   c:\windows\ERUNT
2013-05-16 03:51 . 2013-05-16 03:51   --------   d-----w-   C:\JRT
2013-05-16 02:43 . 2013-05-16 02:43   --------   d-----w-   c:\users\Lynny\AppData\Roaming\Malwarebytes
2013-05-16 02:43 . 2013-05-16 02:43   --------   d-----w-   c:\programdata\Malwarebytes
2013-05-16 02:43 . 2013-05-16 02:43   --------   d-----w-   c:\program files (x86)\Malwarebytes' Anti-Malware
2013-05-16 02:43 . 2013-04-04 04:50   25928   ----a-w-   c:\windows\system32\drivers\mbam.sys
2013-05-16 02:42 . 2013-05-16 02:42   --------   d-----w-   c:\users\Lynny\AppData\Local\Programs
2013-05-16 01:50 . 2013-04-10 06:01   265064   ----a-w-   c:\windows\system32\drivers\dxgmms1.sys
2013-05-16 01:50 . 2013-04-10 06:01   983400   ----a-w-   c:\windows\system32\drivers\dxgkrnl.sys
2013-05-16 01:49 . 2013-02-27 05:52   14172672   ----a-w-   c:\windows\system32\shell32.dll
2013-05-16 01:49 . 2013-02-27 05:52   197120   ----a-w-   c:\windows\system32\shdocvw.dll
2013-05-16 01:49 . 2013-02-27 05:48   1930752   ----a-w-   c:\windows\system32\authui.dll
2013-05-16 01:49 . 2013-02-27 06:02   111448   ----a-w-   c:\windows\system32\consent.exe
2013-05-16 01:49 . 2013-02-27 04:49   1796096   ----a-w-   c:\windows\SysWow64\authui.dll
2013-05-16 01:49 . 2013-02-27 05:47   70144   ----a-w-   c:\windows\system32\appinfo.dll
2013-05-16 01:49 . 2013-04-10 03:30   3153920   ----a-w-   c:\windows\system32\win32k.sys
2013-05-16 01:49 . 2013-03-19 05:53   48640   ----a-w-   c:\windows\system32\wwanprotdim.dll
2013-05-16 01:49 . 2013-03-19 05:53   230400   ----a-w-   c:\windows\system32\wwansvc.dll
2013-05-13 01:55 . 2012-06-22 01:01   22704   ----a-w-   c:\windows\system32\drivers\EsgScanner.sys
2013-05-13 01:55 . 2013-05-13 01:55   110080   ----a-r-   c:\users\Lynny\AppData\Roaming\Microsoft\Installer\{6B6C4C46-1B7E-4A41-9E70-ACFBB22B1D81}\IconF7A21AF7.exe
2013-05-13 01:55 . 2013-05-13 01:55   110080   ----a-r-   c:\users\Lynny\AppData\Roaming\Microsoft\Installer\{6B6C4C46-1B7E-4A41-9E70-ACFBB22B1D81}\IconD7F16134.exe
2013-05-13 01:55 . 2013-05-13 01:55   110080   ----a-r-   c:\users\Lynny\AppData\Roaming\Microsoft\Installer\{6B6C4C46-1B7E-4A41-9E70-ACFBB22B1D81}\Icon1226A4C5.exe
2013-05-13 01:55 . 2013-05-13 01:55   --------   d-----w-   C:\sh4ldr
2013-05-13 01:55 . 2013-05-13 01:55   --------   d-----w-   c:\program files\Enigma Software Group
2013-05-13 01:55 . 2013-05-13 01:55   --------   d-----w-   c:\windows\6B6C4C461B7E4A419E70ACFBB22B1D81.TMP
2013-05-13 01:55 . 2013-05-13 04:11   --------   d-----w-   c:\program files (x86)\Common Files\Wise Installation Wizard
2013-05-12 23:57 . 2013-05-13 01:48   --------   d-----w-   c:\programdata\Spybot - Search & Destroy
2013-05-12 23:57 . 2013-05-13 01:05   --------   d-----w-   c:\program files (x86)\Spybot - Search & Destroy
2013-05-12 04:07 . 2013-05-13 04:12   --------   d-----w-   c:\program files (x86)\VideoSaver
2013-05-12 04:06 . 2013-05-12 04:06   --------   d-----w-   c:\users\Lynny\AppData\Local\FlvtoYoutubeDownloader
2013-05-12 04:06 . 2013-05-12 04:08   --------   d-----w-   c:\users\Lynny\AppData\Roaming\FlvtoConverter
2013-05-12 04:05 . 2013-05-12 10:33   --------   d-----w-   c:\users\Lynny\AppData\Local\Flvto Youtube Downloader
2013-04-24 12:33 . 2013-04-12 14:45   1656680   ----a-w-   c:\windows\system32\drivers\ntfs.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-17 03:44 . 2010-06-24 18:33   22240   ----a-w-   c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-15 13:39 . 2012-04-03 10:48   692104   ----a-w-   c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-15 13:39 . 2012-04-03 10:48   71048   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-01 16:06 . 2010-11-21 03:27   278800   ------w-   c:\windows\system32\MpSigStub.exe
2013-04-13 05:49 . 2013-05-16 01:50   135168   ----a-w-   c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-16 01:50   308736   ----a-w-   c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-16 01:50   350208   ----a-w-   c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-16 01:50   111104   ----a-w-   c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-16 01:50   474624   ----a-w-   c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-16 01:50   2176512   ----a-w-   c:\windows\apppatch\AcGenral.dll
2013-03-26 03:33 . 2012-07-23 12:28   56336   ------w-   c:\windows\system32\drivers\PxHlpa64.sys
2013-03-26 03:32 . 2012-07-23 12:28   11376   ------w-   c:\windows\system32\drivers\cdralw2k.sys
2013-03-26 03:32 . 2012-07-23 12:28   10864   ------w-   c:\windows\system32\drivers\cdr4_xp.sys
2013-03-22 20:50 . 2013-03-22 20:50   73728   ----a-w-   c:\windows\SysWow64\SetIEInstalledDate.exe
2013-03-22 20:50 . 2013-03-22 20:50   719360   ----a-w-   c:\windows\SysWow64\mshtmlmedia.dll
2013-03-22 20:50 . 2013-03-22 20:50   523264   ----a-w-   c:\windows\SysWow64\vbscript.dll
2013-03-22 20:50 . 2013-03-22 20:50   48640   ----a-w-   c:\windows\SysWow64\mshtmler.dll
2013-03-22 20:50 . 2013-03-22 20:50   38400   ----a-w-   c:\windows\SysWow64\imgutil.dll
2013-03-22 20:50 . 2013-03-22 20:50   226304   ----a-w-   c:\windows\system32\elshyph.dll
2013-03-22 20:50 . 2013-03-22 20:50   185344   ----a-w-   c:\windows\SysWow64\elshyph.dll
2013-03-22 20:50 . 2013-03-22 20:50   158720   ----a-w-   c:\windows\SysWow64\msls31.dll
2013-03-22 20:50 . 2013-03-22 20:50   150528   ----a-w-   c:\windows\SysWow64\iexpress.exe
2013-03-22 20:50 . 2013-03-22 20:50   138752   ----a-w-   c:\windows\SysWow64\wextract.exe
2013-03-22 20:50 . 2013-03-22 20:50   137216   ----a-w-   c:\windows\SysWow64\ieUnatt.exe
2013-03-22 20:50 . 2013-03-22 20:50   12800   ----a-w-   c:\windows\SysWow64\mshta.exe
2013-03-22 20:50 . 2013-03-22 20:50   110592   ----a-w-   c:\windows\SysWow64\IEAdvpack.dll
2013-03-22 20:50 . 2013-03-22 20:50   1054720   ----a-w-   c:\windows\system32\MsSpellCheckingFacility.exe
2013-03-22 20:50 . 2013-03-22 20:50   81408   ----a-w-   c:\windows\system32\icardie.dll
2013-03-22 20:50 . 2013-03-22 20:50   762368   ----a-w-   c:\windows\system32\ieapfltr.dll
2013-03-22 20:50 . 2013-03-22 20:50   61952   ----a-w-   c:\windows\SysWow64\tdc.ocx
2013-03-22 20:50 . 2013-03-22 20:50   452096   ----a-w-   c:\windows\system32\dxtmsft.dll
2013-03-22 20:50 . 2013-03-22 20:50   441856   ----a-w-   c:\windows\system32\html.iec
2013-03-22 20:50 . 2013-03-22 20:50   361984   ----a-w-   c:\windows\SysWow64\html.iec
2013-03-22 20:50 . 2013-03-22 20:50   281600   ----a-w-   c:\windows\system32\dxtrans.dll
2013-03-22 20:50 . 2013-03-22 20:50   23040   ----a-w-   c:\windows\SysWow64\licmgr10.dll
2013-03-22 20:50 . 2013-03-22 20:50   216064   ----a-w-   c:\windows\system32\msls31.dll
2013-03-22 20:50 . 2013-03-22 20:50   197120   ----a-w-   c:\windows\system32\msrating.dll
2013-03-22 20:50 . 2013-03-22 20:50   1441280   ----a-w-   c:\windows\SysWow64\inetcpl.cpl
2013-03-22 20:50 . 2013-03-22 20:50   1400416   ----a-w-   c:\windows\system32\ieapfltr.dat
2013-03-22 20:50 . 2013-03-22 20:50   97280   ----a-w-   c:\windows\system32\mshtmled.dll
2013-03-22 20:50 . 2013-03-22 20:50   92160   ----a-w-   c:\windows\system32\SetIEInstalledDate.exe
2013-03-22 20:50 . 2013-03-22 20:50   905728   ----a-w-   c:\windows\system32\mshtmlmedia.dll
2013-03-22 20:50 . 2013-03-22 20:50   77312   ----a-w-   c:\windows\system32\tdc.ocx
2013-03-22 20:50 . 2013-03-22 20:50   62976   ----a-w-   c:\windows\system32\pngfilt.dll
2013-03-22 20:50 . 2013-03-22 20:50   599552   ----a-w-   c:\windows\system32\vbscript.dll
2013-03-22 20:50 . 2013-03-22 20:50   52224   ----a-w-   c:\windows\system32\msfeedsbs.dll
2013-03-22 20:50 . 2013-03-22 20:50   51200   ----a-w-   c:\windows\system32\imgutil.dll
2013-03-22 20:50 . 2013-03-22 20:50   48640   ----a-w-   c:\windows\system32\mshtmler.dll
2013-03-22 20:50 . 2013-03-22 20:50   27648   ----a-w-   c:\windows\system32\licmgr10.dll
2013-03-22 20:50 . 2013-03-22 20:50   270848   ----a-w-   c:\windows\system32\iedkcs32.dll
2013-03-22 20:50 . 2013-03-22 20:50   247296   ----a-w-   c:\windows\system32\webcheck.dll
2013-03-22 20:50 . 2013-03-22 20:50   235008   ----a-w-   c:\windows\system32\url.dll
2013-03-22 20:50 . 2013-03-22 20:50   173568   ----a-w-   c:\windows\system32\ieUnatt.exe
2013-03-22 20:50 . 2013-03-22 20:50   167424   ----a-w-   c:\windows\system32\iexpress.exe
2013-03-22 20:50 . 2013-03-22 20:50   1509376   ----a-w-   c:\windows\system32\inetcpl.cpl
2013-03-22 20:50 . 2013-03-22 20:50   149504   ----a-w-   c:\windows\system32\occache.dll
2013-03-22 20:50 . 2013-03-22 20:50   144896   ----a-w-   c:\windows\system32\wextract.exe
2013-03-22 20:50 . 2013-03-22 20:50   13824   ----a-w-   c:\windows\system32\mshta.exe
2013-03-22 20:50 . 2013-03-22 20:50   136192   ----a-w-   c:\windows\system32\iepeers.dll
2013-03-22 20:50 . 2013-03-22 20:50   135680   ----a-w-   c:\windows\system32\IEAdvpack.dll
2013-03-22 20:50 . 2013-03-22 20:50   12800   ----a-w-   c:\windows\system32\msfeedssync.exe
2013-03-22 20:50 . 2013-03-22 20:50   102912   ----a-w-   c:\windows\system32\inseng.dll
2013-03-19 06:04 . 2013-04-10 06:13   5550424   ----a-w-   c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-10 06:13   43520   ----a-w-   c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 06:13   3968856   ----a-w-   c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 06:13   3913560   ----a-w-   c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-10 06:13   6656   ----a-w-   c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-10 06:13   112640   ----a-w-   c:\windows\system32\smss.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{FCA0E497-33D1-4DBE-8FDB-7F9A597C8BC2}]
2013-04-23 21:57   133528   ----a-w-   c:\program files (x86)\VideoSaver\VideoSaver.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-05-12 39408]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-02-28 18642024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-16 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-16 932288]
"ITSecMng"="c:\program files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2011-04-02 80840]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-27 291608]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-07-12 1298816]
"SacReminderBOX"="c:\programdata\Clickfree\BoxSoftware\reminder\SacReminder.exe" [2011-11-01 567120]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"wave2"=wdmaud.drv
.
R2 CFUACProxy_boxsoftware;CFUACProxy_boxsoftware;c:\programdata\Clickfree\BoxSoftware\UACProxy.exe [2011-11-01 83792]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [2011-03-02 13088]
R3 EsgScanner;EsgScanner;c:\windows\system32\DRIVERS\EsgScanner.sys [2012-06-22 22704]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2012-03-26 22528]
R3 PACSPTISVR-Sound_Organizer;PACSPTISVR-Sound_Organizer;c:\program files (x86)\Sony\Sound Organizer\Sony.Earth\PACSPTISVR.exe [2012-11-07 174176]
R3 RtkBtFilter;Realtek Bluetooth Filter Driver;c:\windows\system32\DRIVERS\RtkBtfilter.sys [2012-01-05 21096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-06-28 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2012-03-13 62496]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-02-27 16152]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2012-01-28 28992]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2013-03-26 56336]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [2011-03-24 36992]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [2009-06-29 14784]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2009-06-24 482384]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2012-03-13 209768]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2012-03-13 148528]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2012-03-13 38288]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2011-06-07 250296]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2011-06-07 47032]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2012-03-07 913144]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-01-11 627936]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-01-20 128280]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-01-20 161560]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.15.77\SymcPCCULaunchSvc.exe [2012-08-01 123320]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.15.77\ccSvcHst.exe [2011-09-13 126392]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-09-30 508776]
S2 SplashtopRemoteService;Splashtop® Remote Service;c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2012-09-03 548264]
S2 SSUService;Splashtop Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2012-03-15 370504]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2011-11-24 294848]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 14472]
S2 UDSS;UDSS;c:\program files (x86)\Common Files\Ulead Systems\UDSS\UDSS.exe [2012-01-18 30064]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-01-20 363800]
S3 CXPOLARIS;YUAN Polaris Hybrid TV AVS Video Capture;c:\windows\system32\drivers\cxRDU253S.sys [2011-02-21 449792]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2009-07-07 9216]
S3 hidshim;Service for HID-KMDF Shim layer;c:\windows\system32\DRIVERS\hidshim.sys [2011-03-09 6656]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-12-06 331264]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-02-27 356120]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-02-27 788760]
S3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2012-01-16 103536]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 25928]
S3 nuvotonhidcir;Nuvoton HID CIR Receiver;c:\windows\system32\DRIVERS\nuvotonhidcir.sys [2011-03-09 32256]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2011-02-09 38096]
S3 RSP2STOR;Realtek PCIE CardReader Driver - P2;c:\windows\system32\DRIVERS\RtsP2Stor.sys [2011-12-13 259176]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtwlane.sys [2012-01-17 1082472]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-09-30 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-09-30 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-09-30 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-09-30 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-09-30 219496]
S3 SmbDrv;SmbDrv;c:\windows\system32\DRIVERS\Smb_driver.sys [2012-02-25 22800]
S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-07-12 57216]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-11-26 138152]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2011-12-14 833976]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 13:39]
.
2013-05-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-12 23:01]
.
2013-05-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-12 23:01]
.
2013-05-17 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 20:41]
.
2013-05-16 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 20:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-02-22 12452456]
"SRS Premium Sound 3D"="c:\program files\SRS Labs\SRS Control Panel\SRSPanel_64.exe" [2012-03-06 2165120]
"TRCMan"="c:\program files (x86)\TOSHIBA\TRCMan\TRCMan.exe" [2011-10-19 718720]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2011-11-26 710560]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-05-10 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-05-10 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-05-10 440088]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2012-03-07 4081008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to TOSHIBA Bulletin Board - c:\program files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 10.1.1.1
FF - ProfilePath - c:\users\Lynny\AppData\Roaming\Mozilla\Firefox\Profiles\7on4db8w.default\
FF - prefs.js: network.proxy.type - 4
FF - ExtSQL: 2013-05-12 14:07; [email protected]; c:\program files (x86)\VideoSaver\FF
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-TSleepSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
Wow6432Node-HKLM-Run-WinampAgent - c:\program files (x86)\Winamp\winampa.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-HDMICtrlMan - c:\program files (x86)\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-TPSCMain - c:\program files (x86)\TOSHIBA\PeakShift\TPSCMain.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
AddRemove-Splashtop Software Updater - c:\program files (x86)\Splashtop\Splashtop Software Updater\uninst.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.15.77\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.15.77\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@=" v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@=" v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-05-17  15:14:18
ComboFix-quarantined-files.txt  2013-05-17 05:14
.
Pre-Run: 785,359,781,888 bytes free
Post-Run: 785,651,441,664 bytes free
.
- - End Of File - - F875C6D5D85706F3A36FED9E5E4E6295

[SuperDave]

Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.

First Verify your Java Version

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the Sun Java Runtime Environment.

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download JavaRa and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
******************************************
Please download Rooter and Save it to your desktop.

• Double click it to start the tool.Vista and Windows7 run as administrator.
• Click Scan.
  
• Eventually, a Notepad file containing the report will open, also found at C:\Rooter.txt. Post that log in your next reply.
  

************************************

• Download RogueKiller on the desktop
  
• Close all the running programs
• Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  
• Otherwise just double-click on RogueKiller.exe
  
• Pre-scan will start. Let it finish.
• Click on SCAN button.
  
• A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
  
• If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
  

[tealily12]

Had issues verifying my Java, but downloaded latest one anyway (7. something?) from the site you recommended. Also downloaded JavaRa - it wasn't able to "find" the log but did tell me that it removed C:/Program Files(x86)\Java\jre\6.

Rooter log: (It mentions something about not being an administrator - but I should be?)
Rooter.exe (v1.0.2) by Eric_71
.
The token does not have the SeDebugPrivilege privilege ! (error:1300)
Can not acquire SeDebugPrivilege !
Please run the tool as administrator ..
.
Windows 7 Home Edition (6.1.7601) Service Pack 1
[32_bits] - Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
.
Error OpenService (wscsvc) : 6
Error OpenSCManager : 5
Error OpenService (MpsSvc) : 6
Windows Defender -> Enabled
User Account Control (UAC) -> Enabled
.
Internet Explorer 9.10.9200.16576
Mozilla Firefox 20.0.1 (en-US)
.
C:\  [Fixed-NTFS] .. ( Total:918 Go - Free:731 Go )
D:\  [Fixed-NTFS] .. ( Total:465 Go - Free:465 Go )
E:\  [CD_Rom]
F:\  [Removable]
Q:\  [Fixed-NTFS] .. ( Total:0 Go - Free:0 Go )
.
Scan : 09:41.57
Path : C:\Users\Lynny\Desktop\Rooter.exe
User : Lynny ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
Locked System (4)
Locked smss.exe (456)
Locked csrss.exe (672)
Locked wininit.exe (752)
Locked csrss.exe (772)
Locked winlogon.exe (816)
Locked services.exe (860)
Locked lsass.exe (880)
Locked lsm.exe (888)
Locked svchost.exe (988)
Locked SH4SER~1.EXE (188)
Locked nvvsvc.exe (476)
Locked svchost.exe (668)
Locked svchost.exe (688)
Locked svchost.exe (1068)
Locked svchost.exe (1116)
Locked svchost.exe (1148)
Locked svchost.exe (1492)
Locked spoolsv.exe (1628)
Locked svchost.exe (1656)
Locked AppleMobileDeviceService.exe (1748)
Locked mDNSResponder.exe (1792)
Locked ekrn.exe (1864)
Locked svchost.exe (1888)
Locked HeciServer.exe (1924)
Locked IntelMeFWService.exe (1964)
Locked Jhi_service.exe (1992)
Locked mbamscheduler.exe (1196)
Locked mbamservice.exe (1472)
Locked ccSvcHst.exe (1520)
Locked PsiService_2.exe (2096)
Locked sftvsa.exe (2436)
Locked SRService.exe (2488)
Locked SSUService.exe (2524)
Locked ThpSrv.exe (2576)
Locked TODDSrv.exe (2612)
Locked TosCoSrv.exe (2648)
Locked UDSS.exe (2712)
Locked WLIDSVC.EXE (2812)
Locked sftlist.exe (2860)
Locked TecoService.exe (2948)
Locked WLIDSVCM.EXE (1312)
Locked WmiPrvSE.exe (3168)
Locked CVHSVC.EXE (3656)
Locked SearchIndexer.exe (3776)
Locked svchost.exe (4200)
Locked WUDFHost.exe (4968)
Locked nvxdsync.exe (4576)
Locked nvvsvc.exe (236)
Locked PresentationFontCache.exe (4208)
Locked CFIWmxSvcs64.exe (2672)
Locked CFSvcs.exe (464)
Locked LMS.exe (432)
Locked SymcPCCULaunchSvc.exe (996)
Locked daemonu.exe (3408)
Locked svchost.exe (3644)
Locked wmpnetwk.exe (3820)
Locked UNS.exe (3432)
______ C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (1184)
______ ? (2272)
______ ? (4100)
______ ? (1364)
Locked ccSvcHst.exe (4356)
Locked SRServer.exe (1220)
______ ? (4416)
______ ? (4808)
______ ? (2664)
Locked audiodg.exe (4464)
______ ? (4396)
______ ? (2896)
______ ? (3952)
______ ? (3140)
______ ? (1212)
______ ? (1088)
______ ? (4752)
______ ? (2884)
______ ? (3824)
______ ? (3056)
Locked GoogleToolbarNotifier.exe (5312)
______ C:\Program Files (x86)\Skype\Phone\Skype.exe (5412)
______ C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE (6136)
______ C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE (5236)
Locked SynTPHelper.exe (5720)
______ C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (6100)
______ C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (5424)
______ ? (5692)
______ C:\Program Files (x86)\iTunes\iTunesHelper.exe (5908)
______ ? (5972)
Locked OSPPSVC.EXE (5816)
Locked iPodService.exe (2356)
______ ? (6784)
______ ? (6804)
______ C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe (6852)
______ C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe (6600)
Locked TMachInfo.exe (7500)
Locked TPCHSrv.exe (7528)
Locked TosSmartSrv.exe (3632)
______ ? (6256)
______ ? (5164)
______ C:\Program Files (x86)\iTunes\iTunes.exe (7008)
______ C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe (4816)
______ ? (6384)
______ C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe (4488)
______ ? (8036)
______ C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (3544)
______ ? (6012)
______ C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe (10640)
______ C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\updateui.exe (1608)
______ C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe (5256)
______ ? (9424)
Locked SRFeature.exe (12880)
Locked msiexec.exe (13280)
Locked svchost.exe (11556)
Locked TrustedInstaller.exe (13584)
______ ? (12704)
______ C:\Users\Lynny\Desktop\JavaRa\JavaRa.exe (8536)
Locked taskeng.exe (14024)
______ C:\Program Files (x86)\Mozilla Firefox\firefox.exe (11348)
______ C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (9668)
______ C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe (10812)
______ C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe (13044)
Locked SearchProtocolHost.exe (12488)
Locked SearchFilterHost.exe (13528)
______ C:\Users\Lynny\Desktop\Rooter.exe (8520)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:1048576 | Length:1572864000)
\Device\Harddisk0\Partition2 (Start_Offset:1573912576 | Length:985914146816)
\Device\Harddisk0\Partition3 (Start_Offset:987488059392 | Length:12716081152)
.
----------------------\\ Scheduled Tasks
.
C:\windows\Tasks\Adobe Flash Player Updater.job
C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
C:\windows\Tasks\SA.DAT
C:\windows\Tasks\SCHEDLGU.TXT
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 09:42.02
.
C:\Rooter$\Rooter_1.txt - (18/05/2013 | 09:42.02)

[tealily12]

roguekiller log: (it found stuff! Should I delete the five ticked items?)

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Lynny [Admin rights]
Mode : Scan -- Date : 05/18/2013 09:48:26
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 5 ¤¤¤
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\Run : SacReminderBOX (C:\ProgramData\Clickfree\BoxSoftware\reminder\SacReminder.exe) [7] -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\windows\system32\drivers\etc\hosts

127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MQ01ABD100 +++++
--- User ---
[MBR] 4bad06f2666e3afa6f0b88cb06f8429f
[BSP] 3829025f6d7950e82f01c4b1622cb505 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 940241 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 1928687616 | Size: 12127 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: TOSHIBA MQ01ABD050 +++++
--- User ---
[MBR] e8eb6175e5b63cabf60a09af76b4ee09
[BSP] 12b1a2624a46569841183faa8d7f55c8 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476938 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_05182013_02d0948.txt >>
RKreport[1]_S_05182013_02d0948.txt

[SuperDave]

Please run RogueKiller again and delete those items.

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan

•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

•Check
•Click the button.
•Accept any security warnings from your browser.

• Leave the check mark next to Remove found threats.
  

•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

[tealily12]

Deleted found items. Ran roguekiller again, log below. Still having some crazy ad issues (like random text words being linked to ads when I run the mouse over them)

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Lynny [Admin rights]
Mode : Scan -- Date : 05/18/2013 14:29:00
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\windows\system32\drivers\etc\hosts

127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MQ01ABD100 +++++
--- User ---
[MBR] 4bad06f2666e3afa6f0b88cb06f8429f
[BSP] 3829025f6d7950e82f01c4b1622cb505 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 940241 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 1928687616 | Size: 12127 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: TOSHIBA MQ01ABD050 +++++
--- User ---
[MBR] e8eb6175e5b63cabf60a09af76b4ee09
[BSP] 12b1a2624a46569841183faa8d7f55c8 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476938 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[3]_S_05182013_02d1429.txt >>
RKreport[1]_S_05182013_02d0948.txt ; RKreport[2]_D_05182013_02d1426.txt ; RKreport[3]_S_05182013_02d1429.txt


Will run the ESET scan and upload the scan tonight. Thanks again for all your help so far!

[tealily12]

ESET scans - "No threats found" (but popup ads are definitely still in full force!)

What should I do next?