illegal browsers interfering with firefox

[madam truefire]

A few weeks ago noted that Bing/MisiDJ were showing up when I went to web via firefox.  I have win 7.   I would be abruptly thrown into other programs i.e. Jolly Wallet.  I also noted Conduit.
Full Scan of Malwarebytes revealed PUPs in several regions.  I removed.  They returned.  Two days ago, I noted major slowing down of system and typing online.
Malwarebytes revealed several PUPS on full scan.  Removed.  In frustration went to
google to ask regarding removal of continuously occuring Bing and MixiDJ. was sent to spy hunter.  d/l and ran. it found:  conduit (ll infections) MixiDJ (2 inf)
Hola Search, and Bablyon, a total of 23 threats with 15 serious.  then asked for money. I bailed. Returned to Malwarebytes full scan and it was clean.  As per instruction .txt under attachment   Thank you.  MT

Edit by Corrine to paste logs.

Results of screen317's Security Check version 0.99.73 
Windows 7 Service Pack 1 x86 (UAC is enabled) 
Internet Explorer 10 
``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Firewall Enabled! 
Avira Desktop   
Antivirus up to date!  (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````[/u]
Malwarebytes Anti-Malware version 1.75.0.1300 
CCleaner     
Java 7 Update 17 
Java version out of Date!
Adobe Flash Player    11.8.800.94 
Adobe Reader 10.1.7 Adobe Reader out of Date! 
Mozilla Firefox (23.0.1)
````````Process Check: objlist.exe by Laurent````````[/u] 
Norton ccSvcHst.exe
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````[/u]

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 10.0.9200.16660  BrowserJavaVersion: 10.17.2
Run by Geri at 12:36:11 on 2013-09-01
Microsoft Windows 7 Starter   6.1.7601.1.1252.1.1033.18.2037.907 [GMT -7:00]
.
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Nuance\dgnsvc.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\windows\system32\RunDll32.exe
C:\windows\system32\RunDll32.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\windows\system32\igfxext.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Users\Geri\AppData\Roaming\mjusbsp\magicJack.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\svchost.exe -k HPService
C:\windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.gmail.com/
uDefault_Page_URL = hxxp://start.toshiba.com
uProxyOverride = <local>
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [ISUSPM] c:\programdata\flexnet\connect\11\ISUSPM.exe -scheduler
uRun: [AlcoholAutomount] "c:\program files\alcohol soft\alcohol 52\AxAutoMntSrv.exe" -automount
uRun: [cdloader] "c:\users\geri\appdata\roaming\mjusbsp\cdloader2.exe" MAGICJACK
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SVPWUTIL] c:\program files\toshiba\utilities\SVPWUTIL.exe SVPwUTIL
mRun: [HWSetup] c:\program files\toshiba\utilities\HWSetup.exe hwSetUP
mRun: [KeNotify] c:\program files\toshiba\utilities\KeNotify.exe
mRun: [TPwrMain] c:\program files\toshiba\power saver\TPwrMain.EXE
mRun: [TCrdMain] c:\program files\toshiba\flashcards\TCrdMain.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [RtHDVBg] c:\program files\realtek\audio\hda\RtHDVBg.exe /FORPCEE3
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Teco] "c:\program files\toshiba\teco\Teco.exe" /r
mRun: [ToshibaServiceStation] "c:\program files\toshiba\toshiba service station\ToshibaServiceStation.exe" /hide:60
mRun: [ToshibaAppPlace] "c:\program files\toshiba\toshiba app place\ToshibaAppPlace.exe"
mRun: [NortonOnlineBackupReminder] "c:\program files\toshiba\toshiba online backup\activation\TOBuActivation.exe" UNATTENDED
mRun: [TosVolRegulator] c:\program files\toshiba\tosvolregulator\TosVolRegulator.exe
mRun: [TosSENotify] c:\program files\toshiba\toshiba hdd ssd alert\TosWaitSrv.exe
mRun: [TosReelTimeMonitor] c:\program files\toshiba\reeltime\TosReelTimeMonitor.exe
mRun: [TosNC] c:\program files\toshiba\bulletinboard\TosNcCore.exe
mRun: [DNS7reminder] "c:\program files\nuance\naturallyspeaking11\ereg\ereg.exe" -r "c:\programdata\nuance\naturallyspeaking11\Ereg.ini"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
StartupFolder: c:\users\geri\appdata\roaming\micros~1\windows\startm~1\programs\startup\monito~1.lnk - c:\windows\system32\RunDll32.exe
StartupFolder: c:\users\geri\appdata\roaming\micros~1\windows\startm~1\programs\startup\monito~2.lnk - c:\windows\system32\RunDll32.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{522F92E3-B474-4138-92F9-772A85FE087C} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{522F92E3-B474-4138-92F9-772A85FE087C}\144545736383 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{522F92E3-B474-4138-92F9-772A85FE087C}\144545739323 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{522F92E3-B474-4138-92F9-772A85FE087C}\2375942554834343 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{522F92E3-B474-4138-92F9-772A85FE087C}\84F4D454D224733323 : DHCPNameServer = 75.75.75.75 75.75.76.76
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\geri\appdata\roaming\mozilla\firefox\profiles\njhhnccq.default-1378007428102\
FF - prefs.js: browser.startup.homepage - hxxp://www.gmail.com/
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: c:\program files\wildtangent games\app\browserintegration\registered\0\NP_wtapp.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_8_800_94.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: 2013-09-01 10:12; {b9bfaf1c-a63f-47cd-8b9a-29526ced9060}; c:\users\geri\appdata\roaming\mozilla\firefox\profiles\njhhnccq.default-1378007428102\extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi
FF - ExtSQL: 2013-09-01 10:16; {73a6fe31-595d-460b-a920-fcc0f8843232}; c:\users\geri\appdata\roaming\mozilla\firefox\profiles\njhhnccq.default-1378007428102\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2013-2-23 37352]
R1 tidnet;TID NDIS Protocol Driver;c:\windows\system32\drivers\tidnet.sys [2008-6-12 19200]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2013-2-23 84024]
R2 AntiVirService;Avira Real-Time Protection;c:\program files\avira\antivir desktop\avguard.exe [2013-2-23 108088]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2013-2-23 88840]
R2 DragonSvc;Dragon Service;c:\program files\common files\nuance\dgnsvc.exe [2011-6-4 296808]
R3 PGEffect;Pangu effect driver;c:\windows\system32\drivers\PGEffect.sys [2012-3-26 33616]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2012-3-26 322664]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\drivers\rtl8192ce.sys [2012-3-26 999016]
S2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;c:\program files\alcohol soft\alcohol 52\AxAutoMntSrv.exe [2012-1-5 75624]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 GamesAppService;GamesAppService;c:\program files\wildtangent games\app\GamesAppService.exe [2010-10-12 206072]
S3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\drivers\ewdcsc.sys [2012-8-12 23424]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [2012-8-12 100736]
S3 ICDUSB3;ICDUSB3;c:\windows\system32\drivers\ICDUSB3.sys [2012-7-18 11264]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2012-3-26 194664]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
.
=============== Created Last 30 ================
.
2013-09-01 11:58:37   --------   d-----w-   c:\windows\865537E164904193A4B6669C62711852.TMP
2013-09-01 04:07:32   --------   d-----w-   C:\sh4ldr
2013-09-01 04:07:32   --------   d-----w-   c:\program files\Enigma Software Group
2013-09-01 04:06:07   --------   d-----w-   c:\program files\common files\Wise Installation Wizard
2013-08-30 19:48:51   7166848   ----a-w-   c:\programdata\microsoft\windows defender\definition updates\{138b9dd1-db98-4731-a654-17e6514fafde}\mpengine.dll
2013-08-15 14:22:33   2706432   ----a-w-   c:\windows\system32\mshtml.tlb
2013-08-14 14:56:43   652800   ----a-w-   c:\windows\system32\rpcrt4.dll
2013-08-14 14:56:38   175104   ----a-w-   c:\windows\system32\wintrust.dll
2013-08-14 14:56:38   140288   ----a-w-   c:\windows\system32\cryptsvc.dll
2013-08-14 14:56:38   1166848   ----a-w-   c:\windows\system32\crypt32.dll
2013-08-14 14:56:38   103936   ----a-w-   c:\windows\system32\cryptnet.dll
2013-08-14 14:56:30   3913664   ----a-w-   c:\windows\system32\ntoskrnl.exe
2013-08-14 14:56:29   3968960   ----a-w-   c:\windows\system32\ntkrnlpa.exe
2013-08-14 14:56:28   1289096   ----a-w-   c:\windows\system32\ntdll.dll
2013-08-14 14:55:54   1293760   ----a-w-   c:\windows\system32\drivers\tcpip.sys
2013-08-14 14:55:50   1620992   ----a-w-   c:\windows\system32\WMVDECOD.DLL
2013-08-14 14:55:34   2048   ----a-w-   c:\windows\system32\tzres.dll
2013-08-14 14:55:27   31232   ----a-w-   c:\windows\system32\drivers\tssecsrv.sys
.
==================== Find3M  ====================
.
2013-08-29 14:54:16   88840   ----a-w-   c:\windows\system32\drivers\avgntflt.sys
2013-08-29 14:54:16   66144   ----a-w-   c:\windows\system32\drivers\avnetflt.sys
2013-08-23 15:07:13   692104   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
2013-08-23 15:07:12   71048   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2013-07-26 03:13:24   1767936   ----a-w-   c:\windows\system32\wininet.dll
2013-07-26 03:12:04   2877440   ----a-w-   c:\windows\system32\jscript9.dll
2013-07-26 03:12:00   61440   ----a-w-   c:\windows\system32\iesetup.dll
2013-07-26 03:12:00   109056   ----a-w-   c:\windows\system32\iesysprep.dll
2013-07-26 01:59:38   71680   ----a-w-   c:\windows\system32\RegisterIEPKEYs.exe
2013-06-05 03:05:09   2347520   ----a-w-   c:\windows\system32\win32k.sys
2013-06-04 04:53:07   509440   ----a-w-   c:\windows\system32\qedit.dll
.
============= FINISH: 12:38:29.03 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Starter
Boot Device: \Device\HarddiskVolume1
Install Date: 3/26/2012 3:26:21 PM
System Uptime: 9/1/2013 6:38:51 AM (6 hours ago)
.
Motherboard: TOSHIBA |  | PBU00
Processor: Intel(R) Atom(TM) CPU N455   @ 1.66GHz | U2E1 | 1667/166mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 222 GiB total, 124.941 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E97B-E325-11CE-BFC1-08002BE10318}
Description: A9EMYROX IDE Controller
Device ID: PCI\VEN_1103&DEV_5081&SUBSYS_9C3824EA&REV_01\4&5D18F2DF&0
Manufacturer: (Standard mass storage controllers)
Name: A9EMYROX IDE Controller
PNP Device ID: PCI\VEN_1103&DEV_5081&SUBSYS_9C3824EA&REV_01\4&5D18F2DF&0
Service: aohc851z
.
==== System Restore Points ===================
.
RP166: 8/15/2013 7:19:44 AM - Windows Modules Installer
RP167: 8/15/2013 7:21:37 AM - Windows Modules Installer
RP168: 8/15/2013 10:09:31 PM - Windows Update
RP169: 8/20/2013 6:43:59 AM - Windows Update
RP170: 8/27/2013 8:52:37 AM - Windows Update
RP171: 8/30/2013 12:47:42 PM - Windows Update
RP172: 8/31/2013 9:06:40 PM - Installed SpyHunter
RP173: 9/1/2013 4:55:16 AM - Removed SpyHunter
RP174: 9/1/2013 4:57:04 AM - Removed SpyHunter
RP175: 9/1/2013 4:58:05 AM - Removed SpyHunter
RP176: 9/1/2013 4:59:45 AM - Removed SpyHunter
RP177: 9/1/2013 5:01:29 AM - Removed SpyHunter
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
2012 Affordable Travel Club Directory
32 Bit HP CIO Components Installer
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.7) MUI
Avira Free Antivirus
CCleaner
CDBurnerXP
D3DX10
Digital Voice Editor 3
DJ_AIO_06_F4500_SW_MIN
Dragon NaturallySpeaking 11
EPSON Scan
Escritorio movistar Latam
Free Address Book
HP Deskjet 3050A J611 series Basic Device Software
HP Deskjet 3050A J611 series Help
HP Deskjet F4500 All-in-One Driver 14.0 Rel. 6
HP Photo Creations
HP Photosmart 5510 series Basic Device Software
HP Update
HUAWEI DataCard Driver 2.96
Intel(R) Graphics Media Accelerator Driver
Intel(R) Rapid Storage Technology
Java 7 Update 17
Java Auto Updater
Junk Mail filter update
LibreOffice 3.6
LibreOffice 3.6 Help Pack (English)
magicJack
Malwarebytes Anti-Malware version 1.75.0.1300
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2000 Premium
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Mozilla Firefox 23.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Network
PhotoScape
PlayReady PC Runtime x86
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Realtek WLAN Driver
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Skype Launcher
Skype™ 6.0
Sound Organizer
Synaptics Pointing Device Driver
Toolbox
Toshiba App Place
TOSHIBA Application and Driver Installer
TOSHIBA Assist
Toshiba Book Place
TOSHIBA Bulletin Board
TOSHIBA Disc Creator
TOSHIBA eco Utility
TOSHIBA Flash Cards Support Utility
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
Toshiba Laptop Checkup
TOSHIBA Media Controller
Toshiba Online Backup
TOSHIBA Quality Application
TOSHIBA Recovery Media Creator
TOSHIBA ReelTime
TOSHIBA Service Station
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
TOSHIBA Wireless LAN Indicator
ToshibaRegistration
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2768023) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817642) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update Installer for WildTangent Games App
Utility Common Driver
Visual C++ 9.0 Runtime for Dragon NaturallySpeaking
VLC media player 2.0.5
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
9/1/2013 9:23:50 AM, Error: RTL8192Ce

•   -
  9/1/2013 9:23:48 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
  9/1/2013 4:36:35 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
  8/31/2013 6:46:28 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
  8/31/2013 6:46:28 PM, Error: Service Control Manager [7000]  - The Windows Search service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
  8/31/2013 6:46:28 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
  8/29/2013 7:49:45 AM, Error: Service Control Manager [7000]  - The Windows Media Player Network Sharing Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
  8/29/2013 7:49:42 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.
  8/26/2013 5:35:22 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the IPsec Policy Agent service to connect.
  8/26/2013 5:35:22 AM, Error: Service Control Manager [7000]  - The IPsec Policy Agent service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
  8/25/2013 6:09:59 AM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  cdrom
  .
  ==== End Of File ===========================
  

[Corrine]

Hi, madam truefire.  Welcome to LandzDown Forum.

We will do our best to assist you.  However, in order to do so, please follow all instructions provided in the sequence given.  Do not install/re-install any programs or run any fixes or scanners that you have not been instructed to use.  This may cause conflicts with the tools being used in the cleanup process.   

If you have questions regarding any of the instructions or problems running any tools, please let us know.

1.  You have an outdated/vulnerable version of Java installed on your computer.  Please see this article and decide if you wish to keep Java installed:  Java, The Never-Ending Saga.  If you decide to keep it, please install the latest version from here:  Java Version 7 Update 25.

2.  Adobe Reader also needs to be updated.  The current version, Adobe Reader XI (11.0.03) for Windows, is available here: http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows.

3.  Please download AdwCleaner by Xplode and save to your Desktop.

• Double-click AdwCleaner.exe to run the tool.
  Note:  Windows Vista, Windows 7/8 users right-click and select Run As Administrator.
  
• Click the Scan button.
  
• AdwCleaner will begin.  Be patient as the scan may take some time to complete.
  
• After the scan has finished, click the Report button.  A logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  
• The  contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you  see an entry you want to keep, please let me know about it.
  
• Copy and paste the contents of that logfile in your next reply.
  
• A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
  

[madam truefire]

I followed instructions and installed safe Java and Adobe.  When I got to adw cleaner by xplode, it continued to transfer me to "reimage repair".  I did not want to d/l incorrectly.  Please advise.  MT   thanks.

[Corrine]

Copied from MT's PM:

C. I tried to follow thread, but I'm lost, frankly, on this sequence.  I finally got adw   to work and it came up with files that I was asked to uncheck if wanted to retain.  You had told me to inform you of this.
I was unsure of HKLM software\classes  Prod. cap     and a whole list of HKLM Software\classes\CLSID
do not know what they are.  However, prgarms showed Babylon, conduit, file type helper,  app date local conduit, ask tool bar, conduit, fast free converter, and performer soft.   I left these checked but have not proceeded further.   I then saw your instruction to go to Combo Fix, and disable AV and Mal. I will wait on this til I hear back from you.  If I am doing this incorrectly, I once again apologize.
Here is the Log:

# AdwCleaner v3.002 - Report created 03/09/2013 at 07:52:31
# Updated 01/09/2013 by Xplode
# Operating System : Windows 7 Starter Service Pack 1 (32 bits)
# Username : Geri - ESMERALDA
# Running from : C:\Users\Geri\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ES7RCME7\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\END
File Found : C:\Program Files\Mozilla Firefox\searchplugins\Babylon.xml
Folder Found C:\Program Files\Conduit
Folder Found C:\Program Files\File Type Helper
Folder Found C:\ProgramData\Babylon
Folder Found C:\Users\Geri\AppData\Local\Conduit
Folder Found C:\Users\Geri\AppData\LocalLow\AskToolbar
Folder Found C:\Users\Geri\AppData\LocalLow\Conduit
Folder Found C:\Users\Geri\AppData\LocalLow\Fast Free Converter
Folder Found C:\Users\Geri\AppData\Roaming\PerformerSoft

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\BabylonToolbar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Cr_Installer
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\5e53de8ab735e844
Key Found : HKLM\Software\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\{8D5CFE57-B0FD-4396-97A2-DFD0B7DA935B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3298582
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\DataMngr
Key Found : HKLM\Software\Fast Free Converter
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\tracing\askpartnercobrandingtool_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Found : HKLM\Software\Tarma Installer
Value Found : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [extension@FastFreeConverter.com]

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660


-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\Users\Geri\AppData\Roaming\Mozilla\Firefox\Profiles\njhhnccq.default-1378007428102\prefs.js ]


-\\ Google Chrome v

[ File : C:\Users\Geri\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [3646 octets] - [03/09/2013 07:52:31]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [3706 octets] ##########

[Corrine]

Hi, MT.

Please click the REPLY button.  In the box that opens, you can type any comments and paste requested logs.  When you are finished, click the Post button.

I removed my previous instructions about ComboFix since you were able to run AdwCleaner.  Instead, please do the following:

1.  Double-click AdwCleaner.exe to run the tool again.

• Click the Scan button.
  
• AdwCleaner will begin to scan your computer like it did before.
  Note:  Windows Vista, Windows 7/8 users right-click and select Run As Administrator.
  
• After the scan has finished,
  
• This time click on the Clean button.
  
• Press OK when asked to close all programs and follow the onscreen prompts.
  
• Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  
• After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  
• Copy and paste the contents of that logfile in your next reply.
  
• A copy of that logfile will also be saved in the C:\AdwCleaner folder.

2.  Please download Junkware Removal Tool to your desktop.

• Disable your protection software now to avoid potential conflicts.
  
• Run the tool by double-clicking it.  If you are using Windows Vista or Seven, right-mouse click it and select "Run as Administrator".
  
• The tool will open and start scanning your system.
  
• Please be patient as this can take a while to complete depending on your system's specifications.
  
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  
• Post the contents of JRT.txt into your next message.
  

[madam truefire]

I tried to send from this forum site and was blocked by IE.  I will certainly try again.
adw log and  jrt.  hope it works this time.
# AdwCleaner v3.002 - Report created 03/09/2013 at 11:27:30
# Updated 01/09/2013 by Xplode
# Operating System : Windows 7 Starter Service Pack 1 (32 bits)
# Username : Geri - ESMERALDA
# Running from : C:\Users\Geri\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O27MNTGZ\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\5e53de8ab735e844
Key Found : HKLM\SOFTWARE\Classes\AppID\{8D5CFE57-B0FD-4396-97A2-DFD0B7DA935B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3298582
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\tracing\askpartnercobrandingtool_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Value Found : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660


-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\Users\Geri\AppData\Roaming\Mozilla\Firefox\Profiles\njhhnccq.default-1378007428102\prefs.js ]


-\\ Google Chrome v

[ File : C:\Users\Geri\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.7 (09.01.2013:1)
OS: Windows 7 Starter x86
Ran by Geri on Tue 09/03/2013 at 11:59:17.66
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\\*.crossrider.com
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\New Windows\Allow\\*.crossrider.com



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{8D5CFE57-B0FD-4396-97A2-DFD0B7DA935B}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-513251605-3801331127-576000335-1000\Software\SweetIM
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\i want this_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\i want this_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3298582
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\TaskScheduler_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\TaskScheduler_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{D16A65AF-BA56-44EF-BA3E-687922932B3F}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E7B33B86-48AA-4C66-92BC-D6F1FC6D6930}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Geri\AppData\Roaming\pccustubinstaller"
Successfully deleted: [Empty Folder] C:\Users\Geri\appdata\local\{03330EC3-93D0-46D9-B018-55AF0F6E25FE}
Successfully deleted: [Empty Folder] C:\Users\Geri\appdata\local\{0BE24058-B545-435E-9347-F57B37E36E51}
Successfully deleted: [Empty Folder] C:\Users\Geri\appdata\local\{0BFD7A3F-DC41-4C2A-A5D5-81B6BFC6E740}
Successfully deleted: [Empty Folder] C:\Users\Geri\appdata\local\{186F5B0D-1FE1-46AA-96DF-F1824389D58B}
Successfully deleted: [Empty Folder] C:\Users\Geri\appdata\local\{333C58CE-38FF-4DF0-9C79-478F22BD8778}
Successfully deleted: [Empty Folder] C:\Users\Geri\appdata\local\{493D1B64-705C-4379-993B-97B31BF6AF2A}
Successfully deleted: [Empty Folder] C:\Users\Geri\appdata\local\{6FFDC417-C065-4AA9-A407-137560BEC2C6}
Successfully deleted: [Empty Folder] C:\Users\Geri\appdata\local\{751BCE68-27B9-4632-B5EE-DD1E69A800A5}
Successfully deleted: [Empty Folder] C:\Users\Geri\appdata\local\{8C5BC583-92BD-4ED8-A9C3-F92AE3486A0E}
Successfully deleted: [Empty Folder] C:\Users\Geri\appdata\local\{8FB5531E-A1A8-4FF7-9C03-22A2F249D6CC}
Successfully deleted: [Empty Folder] C:\Users\Geri\appdata\local\{ADDD97C8-1A7C-4222-82EA-714A1B6171EA}
Successfully deleted: [Empty Folder] C:\Users\Geri\appdata\local\{B4408A97-7ED3-48E9-BB59-DC9047648223}
Successfully deleted: [Empty Folder] C:\Users\Geri\appdata\local\{B5ADFF12-7D00-41F7-905B-4907C7550BD7}
Successfully deleted: [Empty Folder] C:\Users\Geri\appdata\local\{B73585C9-81D7-4D06-AA4A-6DE33693D325}
Successfully deleted: [Empty Folder] C:\Users\Geri\appdata\local\{C777FD2C-BCBE-4630-AF9C-CB323177FB97}
Successfully deleted: [Empty Folder] C:\Users\Geri\appdata\local\{D97E967C-A9F9-4373-ADF5-C3031472FD2E}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 09/03/2013 at 12:05:39.85
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


AdwCleaner[R0].txt - [3786 octets] - [03/09/2013 07:52:31]
AdwCleaner[R1].txt - [2350 octets] - [03/09/2013 11:27:30]
AdwCleaner[S0].txt - [4035 octets] - [03/09/2013 10:09:36]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [2470 octets] ##########

[Corrine]

Thank you for posting the log here, MT!  You've got the hang of it now.

For some reason, AdwCleaner did not remove all of the files that were shown in the original log.  Either you checked them for non-removal or it is because you didn't place AdwCleaner on your desktop as instructed.  Rather it is running from a temporary location:  C:\Users\Geri\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O27MNTGZ\AdwCleaner.exe

Let's try it again.  Please navigate to C:\Users\Geri\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O27MNTGZ\AdwCleaner.exe and move AdwCleaner to your Desktop.  Then run it again.

Double-click AdwCleaner.exe to run the tool again.

• Click the Scan button.
  
• AdwCleaner will begin to scan your computer like it did before.
  Note:  Windows Vista, Windows 7/8 users right-click and select Run As Administrator.
  
• After the scan has finished,
  
• This time click on the Clean button.
  
• Press OK when asked to close all programs and follow the onscreen prompts.
  
• Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  
• After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  
• Copy and paste the contents of that logfile in your next reply.
  
• A copy of that logfile will also be saved in the C:\AdwCleaner folder.

[madam truefire]

before I run Ad again, I had sent a message inquiring about some of the items and whether I should delete:  If Ad gives me a list, and Microsoft is in the title, I hestitated.  I also hesitated on somethat that had Letters and then Class in it.
forgive me, but I erased my notes on that specific message.  So should I just clean them all?   

[Corrine]

Good question, MT! 

Yes, you do want to delete them all.  That is the location in the registry that the adware is storing files.  Many of the files were removed but the Conduit, Babylon, etc folders were not shown in the log as being removed.

[madam truefire]

oh dear.  well we shall see after you view this file:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.7 (09.01.2013:1)
OS: Windows 7 Starter x86
Ran by Geri on Tue 09/03/2013 at 19:31:03.67
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 09/03/2013 at 19:59:45.51
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# AdwCleaner v3.002 - Report created 03/09/2013 at 19:20:57
# Updated 01/09/2013 by Xplode
# Operating System : Windows 7 Starter Service Pack 1 (32 bits)
# Username : Geri - ESMERALDA
# Running from : C:\Users\Geri\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZW1UMFVK\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\5e53de8ab735e844
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660


-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\Users\Geri\AppData\Roaming\Mozilla\Firefox\Profiles\njhhnccq.default-1378007428102\prefs.js ]


-\\ Google Chrome v

[ File : C:\Users\Geri\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [3786 octets] - [03/09/2013 07:52:31]
AdwCleaner[R1].txt - [2550 octets] - [03/09/2013 11:27:30]
AdwCleaner[R2].txt - [1495 octets] - [03/09/2013 19:17:19]
AdwCleaner[S0].txt - [4035 octets] - [03/09/2013 10:09:36]
AdwCleaner[S1].txt - [1426 octets] - [03/09/2013 19:20:57]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1486 octets] ##########
I hope I did not delete anything important.  I had seen that Conduit was gone????

[Corrine]

Hi, MT.

You did great!  It appears that the folders were indeed removed but aren't listed in the logs.  I am going to ask the developer of AdwCleaner why logs are is no longer showing removed folders. 

Let's move on to the next step.

Please follow these instructions carefully.  Download ComboFix from the following location:  Link 1

!!! IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your antivirus and anti-malware security applications. If not disabled, these programs will likely interfere with cleanup process. This can usually be accomplished by a right-click on the icon in the System Tray. 
  
  Note:  If you are unsure how to disable your security software, see the instructions in this topic at Tech Support Forum:  How to disable your security applications.
  
  
• If infections are found, ComboFix will automatically reboot the machine to complete the removal process.  Please ensure all opened windows are closed before proceeding.
  
• Double-click ComboFix.exe on your desktop and follow the prompts. 
  
• Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  
• When finished, a log will be produced. Please copy C:\ComboFix.txt in your next reply.
  

[madam truefire]

combo fix log to follow.   assume can use fire fox after fix? prefer to IE.
thanks so  much.  Here's the log:
ComboFix 13-09-04.01 - Geri 09/04/2013  11:17:43.1.2 - x86
Microsoft Windows 7 Starter   6.1.7601.1.1252.1.1033.18.2037.1094 [GMT -7:00]
Running from: c:\users\Geri\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2013-08-04 to 2013-09-04  )))))))))))))))))))))))))))))))
.
.
2013-09-04 18:36 . 2013-09-04 18:36   --------   d-----w-   c:\users\Default\AppData\Local\temp
2013-09-04 18:16 . 2013-09-04 18:16   60872   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{E8655E87-BCE4-482E-A361-569C106986C3}\offreg.dll
2013-09-03 18:59 . 2013-09-03 18:59   --------   d-----w-   c:\windows\ERUNT
2013-09-03 14:51 . 2013-09-04 14:27   --------   d-----w-   C:\AdwCleaner
2013-09-03 14:49 . 2013-08-06 07:28   7166848   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{E8655E87-BCE4-482E-A361-569C106986C3}\mpengine.dll
2013-09-03 06:08 . 2013-09-03 06:08   --------   d-----w-   c:\program files\Common Files\Adobe
2013-09-03 04:49 . 2013-09-03 04:49   --------   d-----w-   c:\program files\Common Files\Java
2013-09-03 04:49 . 2013-09-03 04:48   94632   ----a-w-   c:\windows\system32\WindowsAccessBridge.dll
2013-09-01 11:58 . 2013-09-01 12:04   --------   d-----w-   c:\windows\865537E164904193A4B6669C62711852.TMP
2013-09-01 04:07 . 2013-09-01 12:04   --------   d-----w-   C:\sh4ldr
2013-09-01 04:07 . 2013-09-01 04:07   --------   d-----w-   c:\program files\Enigma Software Group
2013-09-01 04:06 . 2013-09-01 04:06   --------   d-----w-   c:\program files\Common Files\Wise Installation Wizard
2013-08-14 14:56 . 2013-07-09 04:50   652800   ----a-w-   c:\windows\system32\rpcrt4.dll
2013-08-14 14:56 . 2013-07-09 04:52   175104   ----a-w-   c:\windows\system32\wintrust.dll
2013-08-14 14:56 . 2013-07-09 04:46   140288   ----a-w-   c:\windows\system32\cryptsvc.dll
2013-08-14 14:56 . 2013-07-09 04:46   1166848   ----a-w-   c:\windows\system32\crypt32.dll
2013-08-14 14:56 . 2013-07-09 04:46   103936   ----a-w-   c:\windows\system32\cryptnet.dll
2013-08-14 14:56 . 2013-07-09 05:03   3913664   ----a-w-   c:\windows\system32\ntoskrnl.exe
2013-08-14 14:56 . 2013-07-09 05:03   3968960   ----a-w-   c:\windows\system32\ntkrnlpa.exe
2013-08-14 14:56 . 2013-07-09 04:53   1289096   ----a-w-   c:\windows\system32\ntdll.dll
2013-08-14 14:55 . 2013-07-06 05:05   1293760   ----a-w-   c:\windows\system32\drivers\tcpip.sys
2013-08-14 14:55 . 2013-07-25 08:57   1620992   ----a-w-   c:\windows\system32\WMVDECOD.DLL
2013-08-14 14:55 . 2013-07-19 01:41   2048   ----a-w-   c:\windows\system32\tzres.dll
2013-08-14 14:55 . 2013-06-15 03:38   31232   ----a-w-   c:\windows\system32\drivers\tssecsrv.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-04 13:51 . 2013-02-23 22:27   88840   ----a-w-   c:\windows\system32\drivers\avgntflt.sys
2013-09-03 04:48 . 2013-03-02 22:02   867240   ----a-w-   c:\windows\system32\npDeployJava1.dll
2013-09-03 04:48 . 2011-04-01 01:02   789416   ----a-w-   c:\windows\system32\deployJava1.dll
2013-08-29 14:54 . 2013-05-07 15:08   66144   ----a-w-   c:\windows\system32\drivers\avnetflt.sys
2013-08-29 14:54 . 2013-02-23 22:27   136672   ----a-w-   c:\windows\system32\drivers\avipbb.sys
2013-08-23 15:07 . 2012-07-19 22:12   692104   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
2013-08-23 15:07 . 2012-07-19 22:12   71048   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2011-06-04 222496]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" [2012-01-05 75624]
"cdloader"="c:\users\Geri\AppData\Roaming\mjusbsp\cdloader2.exe" [2012-02-01 50592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-10-01 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-10-01 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-10-01 150552]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-03-04 352256]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2010-03-04 425984]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2010-09-14 35440]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2010-12-10 521640]
"TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2010-12-15 844152]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-11-17 9874024]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RtHDVBg.exe" [2010-11-11 1522280]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-03-11 1697064]
"Teco"="c:\program files\TOSHIBA\TECO\Teco.exe" [2010-11-12 1349032]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2010-07-01 1295224]
"ToshibaAppPlace"="c:\program files\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-09-23 552960]
"NortonOnlineBackupReminder"="c:\program files\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" [2010-08-17 3218792]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 22840]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 611672]
"TosReelTimeMonitor"="c:\program files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [2011-03-31 31648]
"TosNC"="c:\program files\Toshiba\BulletinBoard\TosNcCore.exe" [2010-04-23 467816]
"DNS7reminder"="c:\program files\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" [2010-10-27 328992]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-08-29 347192]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\users\Geri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Monitor Ink Alerts - HP Deskjet 3050A J611 series.lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Deskjet 3050A J611 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN18T4316305PJ;CONNECTION=USB;MONITOR=1; [2009-7-13 44544]
Monitor Ink Alerts - HP Photosmart 5510 series.lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Photosmart 5510 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN1BU2639905NR;CONNECTION=USB;MONITOR=1; [2009-7-13 44544]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE -b -l [1999-2-17 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;c:\program files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe [2012-01-05 75624]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-11-09 160944]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys

• 
  R3 GamesAppService;GamesAppService;c:\program files\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
  R3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\DRIVERS\ewdcsc.sys [2007-08-08 23424]
  R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2009-06-22 100736]
  R3 ICDUSB3;ICDUSB3;c:\windows\system32\Drivers\ICDUSB3.sys [2008-08-18 11264]
  R3 PACSPTISVR-Sound_Organizer;PACSPTISVR-Sound_Organizer;c:\program files\Sony\Sound Organizer\Sony.Earth\PACSPTISVR.exe [2011-06-23 157544]
  R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-07-21 194664]
  R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
  R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
  R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]
  R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
  S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys
• 
  S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-03-28 37352]
  S1 tidnet;TID NDIS Protocol Driver;c:\windows\system32\DRIVERS\tidnet.sys [2008-06-12 19200]
  S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2013-08-29 84024]
  S2 DragonSvc;Dragon Service;c:\program files\Common Files\Nuance\dgnsvc.exe [2011-06-04 296808]
  S2 IconMan_R;IconMan_R;c:\program files\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2010-08-05 1809920]
  S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe [2011-02-03 126392]
  S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-11-12 189880]
  S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2011-02-09 33616]
  S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-10-07 322664]
  S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2010-10-18 999016]
  S3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-07-01 51576]
  S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 111960]
  .
  .
  [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
  LocalServiceAndNoImpersonation   REG_MULTI_SZ      SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc
  HPZ12   REG_MULTI_SZ      Pml Driver HPZ12 Net Driver HPZ12
  HPService   REG_MULTI_SZ      HPSLPSVC
  .
  Contents of the 'Scheduled Tasks' folder
  .
  2013-09-04 c:\windows\Tasks\Adobe Flash Player Updater.job
  - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-19 15:07]
  .
  .
  ------- Supplementary Scan -------
  .
  uStart Page = hxxp://www.gmail.com/
  uInternet Settings,ProxyOverride = <local>
  IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
  TCP: DhcpNameServer = 192.168.0.1
  FF - ProfilePath - c:\users\Geri\AppData\Roaming\Mozilla\Firefox\Profiles\njhhnccq.default-1378007428102\
  FF - prefs.js: browser.startup.homepage - hxxp://www.gmail.com/
  FF - ExtSQL: 2013-09-01 10:12; {b9bfaf1c-a63f-47cd-8b9a-29526ced9060}; c:\users\Geri\AppData\Roaming\Mozilla\Firefox\Profiles\njhhnccq.default-1378007428102\extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi
  FF - ExtSQL: 2013-09-01 10:16; {73a6fe31-595d-460b-a920-fcc0f8843232}; c:\users\Geri\AppData\Roaming\Mozilla\Firefox\Profiles\njhhnccq.default-1378007428102\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
  .
  - - - - ORPHANS REMOVED - - - -
  .
  Toolbar-Locked - (no file)
  .
  .
  .
  [HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCCUJobMgr]
  "ImagePath"="\"c:\program files\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files\Norton PC Checkup\Engine\2.0.10.26\diMaster.dll\" /prefetch:1"
  .
  --------------------- LOCKED REGISTRY KEYS ---------------------
  .
  [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
  @Denied: (A 2) (Everyone)
  @="FlashBroker"
  "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
  .
  [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
  "Enabled"=dword:00000001
  .
  [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
  @="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
  .
  [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
  @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
  .
  [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
  @Denied: (A 2) (Everyone)
  @="IFlashBroker5"
  .
  [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
  @="{00020424-0000-0000-C000-000000000046}"
  .
  [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
  @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
  "Version"="1.0"
  .
  [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
  @="*Spammer*?????? v1"
  .
  [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
  @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
  .
  [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
  @="*Spammer*?????? v2"
  .
  [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
  @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
  .
  [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
  @Denied: (A) (Users)
  @Denied: (A) (Everyone)
  @Allowed: (B 1 2 3 4 5) (S-1-5-20)
  "BlindDial"=dword:00000000
  .
  [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
  @Denied: (A) (Users)
  @Denied: (A) (Everyone)
  @Allowed: (B 1 2 3 4 5) (S-1-5-20)
  "BlindDial"=dword:00000000
  .
  [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
  @Denied: (Full) (Everyone)
  .
  Completion time: 2013-09-04  12:01:40
  ComboFix-quarantined-files.txt  2013-09-04 19:01
  .
  Pre-Run: 141,048,872,960 bytes free
  Post-Run: 141,302,067,200 bytes free
  .
  - - End Of File - - F884FD71DEB79611E2EF73D212B3D82C
  5B5E648D12FCADC244C1EC30318E1EB9
  

[Corrine]

Good job, MT.

Yes, please resume using Firefox and let me know if you are having any problems with it or if all is well again.

This next step is to clean up the files that SpyHunter left behind after you removed it. 

Custom CFScript

Note: The following instructions were created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

• Please open Notepad (Click Start -> Run -> type notepad in the Open field -> OK).  Copy/Paste all of the text present inside the code box below:

Code Select Expand


Driver::
esgiguard

File::
c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys

Folder::
C:\sh4ldr
c:\program files\Enigma Software Group


• Save this as CFScript.txt and place it on your desktop.
• Close any open browsers.
• Close/disable all antivirus and anti-malware programs so they do not interfere with the running of ComboFix.
  
  
  
  
  


• Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
• ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
• When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

[madam truefire]

here is the combo fix log.  thanks so much.
ComboFix 13-09-04.01 - Geri 09/04/2013  19:32:59.2.2 - x86
Microsoft Windows 7 Starter   6.1.7601.1.1252.1.1033.18.2037.1180 [GMT -7:00]
Running from: c:\users\Geri\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2013-08-05 to 2013-09-05  )))))))))))))))))))))))))))))))
.
.
2013-09-05 02:49 . 2013-09-05 02:49   --------   d-----w-   c:\users\Default\AppData\Local\temp
2013-09-04 18:16 . 2013-09-04 18:16   60872   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{E8655E87-BCE4-482E-A361-569C106986C3}\offreg.dll
2013-09-03 18:59 . 2013-09-03 18:59   --------   d-----w-   c:\windows\ERUNT
2013-09-03 14:51 . 2013-09-04 14:27   --------   d-----w-   C:\AdwCleaner
2013-09-03 14:49 . 2013-08-06 07:28   7166848   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{E8655E87-BCE4-482E-A361-569C106986C3}\mpengine.dll
2013-09-03 06:08 . 2013-09-04 21:15   --------   d-----w-   c:\program files\Common Files\Adobe
2013-09-03 04:49 . 2013-09-03 04:49   --------   d-----w-   c:\program files\Common Files\Java
2013-09-03 04:49 . 2013-09-03 04:48   94632   ----a-w-   c:\windows\system32\WindowsAccessBridge.dll
2013-09-01 11:58 . 2013-09-01 12:04   --------   d-----w-   c:\windows\865537E164904193A4B6669C62711852.TMP
2013-09-01 04:07 . 2013-09-01 12:04   --------   d-----w-   C:\sh4ldr
2013-09-01 04:07 . 2013-09-01 04:07   --------   d-----w-   c:\program files\Enigma Software Group
2013-09-01 04:06 . 2013-09-01 04:06   --------   d-----w-   c:\program files\Common Files\Wise Installation Wizard
2013-08-14 14:56 . 2013-07-09 04:50   652800   ----a-w-   c:\windows\system32\rpcrt4.dll
2013-08-14 14:56 . 2013-07-09 04:52   175104   ----a-w-   c:\windows\system32\wintrust.dll
2013-08-14 14:56 . 2013-07-09 04:46   140288   ----a-w-   c:\windows\system32\cryptsvc.dll
2013-08-14 14:56 . 2013-07-09 04:46   1166848   ----a-w-   c:\windows\system32\crypt32.dll
2013-08-14 14:56 . 2013-07-09 04:46   103936   ----a-w-   c:\windows\system32\cryptnet.dll
2013-08-14 14:56 . 2013-07-09 05:03   3913664   ----a-w-   c:\windows\system32\ntoskrnl.exe
2013-08-14 14:56 . 2013-07-09 05:03   3968960   ----a-w-   c:\windows\system32\ntkrnlpa.exe
2013-08-14 14:56 . 2013-07-09 04:53   1289096   ----a-w-   c:\windows\system32\ntdll.dll
2013-08-14 14:55 . 2013-07-06 05:05   1293760   ----a-w-   c:\windows\system32\drivers\tcpip.sys
2013-08-14 14:55 . 2013-07-25 08:57   1620992   ----a-w-   c:\windows\system32\WMVDECOD.DLL
2013-08-14 14:55 . 2013-07-19 01:41   2048   ----a-w-   c:\windows\system32\tzres.dll
2013-08-14 14:55 . 2013-06-15 03:38   31232   ----a-w-   c:\windows\system32\drivers\tssecsrv.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-04 13:51 . 2013-02-23 22:27   88840   ----a-w-   c:\windows\system32\drivers\avgntflt.sys
2013-09-03 04:48 . 2013-03-02 22:02   867240   ----a-w-   c:\windows\system32\npDeployJava1.dll
2013-09-03 04:48 . 2011-04-01 01:02   789416   ----a-w-   c:\windows\system32\deployJava1.dll
2013-08-29 14:54 . 2013-05-07 15:08   66144   ----a-w-   c:\windows\system32\drivers\avnetflt.sys
2013-08-29 14:54 . 2013-02-23 22:27   136672   ----a-w-   c:\windows\system32\drivers\avipbb.sys
2013-08-23 15:07 . 2012-07-19 22:12   692104   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
2013-08-23 15:07 . 2012-07-19 22:12   71048   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2011-06-04 222496]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" [2012-01-05 75624]
"cdloader"="c:\users\Geri\AppData\Roaming\mjusbsp\cdloader2.exe" [2012-02-01 50592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-10-01 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-10-01 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-10-01 150552]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-03-04 352256]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2010-03-04 425984]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2010-09-14 35440]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2010-12-10 521640]
"TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2010-12-15 844152]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-11-17 9874024]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RtHDVBg.exe" [2010-11-11 1522280]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-03-11 1697064]
"Teco"="c:\program files\TOSHIBA\TECO\Teco.exe" [2010-11-12 1349032]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2010-07-01 1295224]
"ToshibaAppPlace"="c:\program files\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-09-23 552960]
"NortonOnlineBackupReminder"="c:\program files\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" [2010-08-17 3218792]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 22840]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 611672]
"TosReelTimeMonitor"="c:\program files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [2011-03-31 31648]
"TosNC"="c:\program files\Toshiba\BulletinBoard\TosNcCore.exe" [2010-04-23 467816]
"DNS7reminder"="c:\program files\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" [2010-10-27 328992]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-08-29 347192]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\users\Geri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Monitor Ink Alerts - HP Deskjet 3050A J611 series.lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Deskjet 3050A J611 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN18T4316305PJ;CONNECTION=USB;MONITOR=1; [2009-7-13 44544]
Monitor Ink Alerts - HP Photosmart 5510 series.lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Photosmart 5510 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN1BU2639905NR;CONNECTION=USB;MONITOR=1; [2009-7-13 44544]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE -b -l [1999-2-17 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;c:\program files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe [2012-01-05 75624]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-11-09 160944]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys

• 
  R3 GamesAppService;GamesAppService;c:\program files\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
  R3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\DRIVERS\ewdcsc.sys [2007-08-08 23424]
  R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2009-06-22 100736]
  R3 ICDUSB3;ICDUSB3;c:\windows\system32\Drivers\ICDUSB3.sys [2008-08-18 11264]
  R3 PACSPTISVR-Sound_Organizer;PACSPTISVR-Sound_Organizer;c:\program files\Sony\Sound Organizer\Sony.Earth\PACSPTISVR.exe [2011-06-23 157544]
  R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-07-21 194664]
  R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
  R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
  R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]
  R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
  S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys
• 
  S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-03-28 37352]
  S1 tidnet;TID NDIS Protocol Driver;c:\windows\system32\DRIVERS\tidnet.sys [2008-06-12 19200]
  S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2013-08-29 84024]
  S2 DragonSvc;Dragon Service;c:\program files\Common Files\Nuance\dgnsvc.exe [2011-06-04 296808]
  S2 IconMan_R;IconMan_R;c:\program files\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2010-08-05 1809920]
  S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe [2011-02-03 126392]
  S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-11-12 189880]
  S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2011-02-09 33616]
  S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-10-07 322664]
  S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2010-10-18 999016]
  S3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-07-01 51576]
  S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 111960]
  .
  .
  --- Other Services/Drivers In Memory ---
  .
  *NewlyCreated* - WS2IFSL
  .
  [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
  LocalServiceAndNoImpersonation   REG_MULTI_SZ      SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc
  HPZ12   REG_MULTI_SZ      Pml Driver HPZ12 Net Driver HPZ12
  HPService   REG_MULTI_SZ      HPSLPSVC
  .
  Contents of the 'Scheduled Tasks' folder
  .
  2013-09-05 c:\windows\Tasks\Adobe Flash Player Updater.job
  - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-19 15:07]
  .
  .
  ------- Supplementary Scan -------
  .
  uStart Page = hxxp://www.gmail.com/
  uInternet Settings,ProxyOverride = <local>
  IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
  TCP: DhcpNameServer = 192.168.0.1
  FF - ProfilePath - c:\users\Geri\AppData\Roaming\Mozilla\Firefox\Profiles\njhhnccq.default-1378007428102\
  FF - prefs.js: browser.startup.homepage - hxxp://www.gmail.com/
  FF - ExtSQL: 2013-09-01 10:12; {b9bfaf1c-a63f-47cd-8b9a-29526ced9060}; c:\users\Geri\AppData\Roaming\Mozilla\Firefox\Profiles\njhhnccq.default-1378007428102\extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi
  FF - ExtSQL: 2013-09-01 10:16; {73a6fe31-595d-460b-a920-fcc0f8843232}; c:\users\Geri\AppData\Roaming\Mozilla\Firefox\Profiles\njhhnccq.default-1378007428102\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
  .
  .
  [HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCCUJobMgr]
  "ImagePath"="\"c:\program files\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files\Norton PC Checkup\Engine\2.0.10.26\diMaster.dll\" /prefetch:1"
  .
  --------------------- LOCKED REGISTRY KEYS ---------------------
  .
  [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
  @Denied: (A 2) (Everyone)
  @="FlashBroker"
  "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
  .
  [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
  "Enabled"=dword:00000001
  .
  [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
  @="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
  .
  [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
  @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
  .
  [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
  @Denied: (A 2) (Everyone)
  @="IFlashBroker5"
  .
  [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
  @="{00020424-0000-0000-C000-000000000046}"
  .
  [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
  @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
  "Version"="1.0"
  .
  [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
  @="*Spammer*?????? v1"
  .
  [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
  @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
  .
  [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
  @="*Spammer*?????? v2"
  .
  [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
  @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
  .
  [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
  @Denied: (A) (Users)
  @Denied: (A) (Everyone)
  @Allowed: (B 1 2 3 4 5) (S-1-5-20)
  "BlindDial"=dword:00000000
  .
  [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
  @Denied: (A) (Users)
  @Denied: (A) (Everyone)
  @Allowed: (B 1 2 3 4 5) (S-1-5-20)
  "BlindDial"=dword:00000000
  .
  [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
  @Denied: (Full) (Everyone)
  .
  Completion time: 2013-09-04  19:54:27
  ComboFix-quarantined-files.txt  2013-09-05 02:54
  ComboFix2.txt  2013-09-04 19:01
  .
  Pre-Run: 137,682,780,160 bytes free
  Post-Run: 137,630,855,168 bytes free
  .
  - - End Of File - - 870FDFD32B17596A6CF0ADCC0AD0AF1A
  5B5E648D12FCADC244C1EC30318E1EB9
  

[madam truefire]

I submitted the Combo fix final last eve.  I am finding that the fire fox runs without hanging and that all things are much better.  I must tell you this has been a profound experience in determination and I thank you all profusely.   Sincerely,
MT