Help Removing Virus

Thanks In Advance.

This trojan has been a real PITA to remove. I will start from the beginning and go through what I have tried to clean. I am a sys admin, so any issues with having to reformat isn't a big deal. I really don't want to lose my photoshop, otherwise the rest of the files are disposable. That being said:

1. I am the tech support for my company and had this laptop returned by a departing employee. Part of my protocol when stuff is returned is to run ESET online scanner, as I find it works the best. I did this and low and behold 30+ issues showed up, after cleaning and running MBAB and anti spy ware more trojans (mostly installer items it seems) showed. I got it down to showing 5-7 now.

2. I did run combofix, malwarebytes, super anti spyware to no avail. The trojans are still showing. Per the instructions I ran the following RK, Hitman, MB again, and MG tools. I will post the logs here.

3. I am not working over the weekend so I will need to follow up on Monday.


Again TIA. Files are attached. :banghead

 

Here is the log from ESET, I also attached the file:

C:\MGtools\Process.exe Win32/PrcView application
C:\Program Files (x86)\FLVPlayer\FLVPlayer.exe a variant of Win32/InstallCore.A application
C:\Program Files (x86)\FLVPlayer\Uninstall\Uninstall.exe a variant of Win32/InstallCore.AB application
C:\ProgramData\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
C:\Users\All Users\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
C:\Users\Intern\Desktop\misc\vlcmediaplayer-setup.exe Win32/DownloadAdmin.A.Gen application
C:\Users\Intern\Downloads\7 zip setup.exe a variant of Win32/Soft32Downloader.B application
C:\Users\Intern\Downloads\cnet2_TatvicAdwordsExcelPluginSetup_exe.exe a variant of Win32/InstallCore.D application
C:\Users\Intern\Downloads\FLVPlayerSetup.exe a variant of Win32/InstallCore.AB application

 

I got the ESET to clean up those. However now Malware Bytes showed 2 issues:

Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Intern\AppData\Local\Temp\GiantSavings.exe (PUP.GamePlayLabs) -> No action taken.

Thanks again.