TechSpot

PC performance and stability analysis virus -- logs posted

By mik1680
Mar 17, 2012
  1. I am pasting the logs from the instructions listed on this post: www.techspot.com/VB/topic58138.html

    1. Malwarebytes
    2. GMER Log
    3. DDS Logs - both DDS.txt and Attach.txt

    I have a term paper due tommorow that I cannot access now because this virus has either hidden or deleted all of my files. I would be incredibly appreciative of any help you guys can offer.

    Malwarebytes Anti-Malware (Trial) 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.03.17.04

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 8.0.7601.17514
    Reboot Remedy :: REBOOTREMEDY-PC [administrator]

    Protection: Disabled

    3/17/2012 10:18:01 AM
    mbam-log-2012-03-17 (10-18-01).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 232887
    Time elapsed: 13 minute(s), 36 second(s)

    Memory Processes Detected: 1
    C:\ProgramData\YFJDscKybEK.exe (Trojan.FakeHDD) -> 2740 -> Delete on reboot.

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|YFJDscKybEK.exe (Trojan.FakeHDD) -> Data: C:\ProgramData\YFJDscKybEK.exe -> Quarantined and deleted successfully.

    Registry Data Items Detected: 3
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 3
    C:\ProgramData\YFJDscKybEK.exe (Trojan.FakeHDD) -> Delete on reboot.
    C:\Users\Reboot Remedy\AppData\Local\Temp\Temp1_fkeylogger.zip\setup.exe (PUP.Keylogger) -> Quarantined and deleted successfully.
    C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

    (end)


    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-03-17 11:51:44
    Windows 6.1.7601 Service Pack 1
    Running: tevosy2x.exe


    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001a6b2b8f86
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001a6b2b8f86 (not active ControlSet)

    ---- Files - GMER 1.0.15 ----

    File C:\Windows\assembly\NativeImages_v2.0.50727_64\index767.dat 0 bytes
    File C:\Windows\assembly\NativeImages_v2.0.50727_64\index768.dat 0 bytes

    ---- EOF - GMER 1.0.15 ----


    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 8.0.7601.17514
    Run by Reboot Remedy at 11:58:43 on 2012-03-17
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2047.737 [GMT -5:00]
    .
    AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Outdated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Outdated* {3D54B793-665E-3129-9103-206115370C8A}
    FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Windows\system32\svchost.exe -k apphost
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\ArcGIS\License10.0\bin\lmgrd.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\ArcGIS\License10.0\bin\lmgrd.exe
    C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    C:\Windows\system32\mfevtps.exe
    C:\Program Files (x86)\ArcGIS\License10.0\bin\ARCGIS.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
    C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\svchost.exe -k iissvcs
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Program Files (x86)\FK_Monitor\freeklogger.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files (x86)\Ask.com\Updater\Updater.exe
    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files\Common Files\McAfee\Core\mchost.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
    C:\Program Files\Common Files\McAfee\Core\mchost.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    mWinlogon: Userinit=userinit.exe,
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110512193119.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
    BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    BHO: Avery Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
    TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    TB: Avery Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    uRun: [Google Update] "C:\Users\Reboot Remedy\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    uRun: [freeklogger.exe] C:\Program Files (x86)\FK_Monitor\freeklogger.exe
    mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [<NO NAME>]
    mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
    mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    dPolicies-system: DisableTaskMgr = 1 (0x1)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_client_4.4.26.0.cab
    DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{267ABBFD-69AD-4311-8416-BBE66A9D9572} : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{267ABBFD-69AD-4311-8416-BBE66A9D9572}\242486F6D656 : DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{267ABBFD-69AD-4311-8416-BBE66A9D9572}\34A42237 : DhcpNameServer = 68.87.85.102 68.87.69.150
    TCP: Interfaces\{267ABBFD-69AD-4311-8416-BBE66A9D9572}\368616E696B616 : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{267ABBFD-69AD-4311-8416-BBE66A9D9572}\46C696E6B6 : DhcpNameServer = 192.168.0.1
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
    BHO-X64: 0x1 - No File
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
    BHO-X64: McAfee Phishing Filter - No File
    BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110512193119.dll
    BHO-X64: scriptproxy - No File
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
    BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    BHO-X64: URLRedirectionBHO - No File
    BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    BHO-X64: Avery Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    BHO-X64: Ask Toolbar BHO - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
    TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
    TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    TB-X64: Avery Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [(Default)]
    mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
    mRun-x64: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
    R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
    R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 64952]
    R2 ArcGIS License Manager;ArcGIS License Manager;C:\Program Files (x86)\ArcGIS\License10.0\bin\lmgrd.exe [2008-11-6 1500424]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-3-17 652360]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-2-27 355440]
    R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-2-27 355440]
    R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-2-27 355440]
    R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-2-27 355440]
    R2 McShield;McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2011-2-27 200056]
    R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2011-2-27 245352]
    R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
    R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2010-9-16 80896]
    R3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;C:\Windows\system32\Drivers\ATSwpWDF.sys --> C:\Windows\system32\Drivers\ATSwpWDF.sys [?]
    R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
    R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
    R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
    R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
    R3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
    R3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
    R3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
    S2 0020311328329218mcinstcleanup;McAfee Application Installer Cleanup (0020311328329218);C:\Windows\TEMP\002031~1.EXE -cleanup -nolog --> C:\Windows\TEMP\002031~1.EXE -cleanup -nolog [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-2-27 136176]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-1-31 158856]
    S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-4-1 183560]
    S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-2-27 136176]
    S3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys --> C:\Windows\system32\Drivers\ANDROIDUSB.sys [?]
    S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\system32\DRIVERS\htcnprot.sys --> C:\Windows\system32\DRIVERS\htcnprot.sys [?]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
    S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2012-03-17 15:39:06 20480 ----a-w- C:\Windows\svchost.exe
    2012-03-17 15:15:03 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-03-17 14:42:00 -------- d--h--w- C:\Users\Reboot Remedy\AppData\Local\{178A0B08-4472-46DF-95EA-BE0650BCEE68}
    2012-03-17 14:41:39 -------- d--h--w- C:\Users\Reboot Remedy\AppData\Local\{546F550F-0D46-4E72-A894-D39356F4D202}
    2012-03-17 05:32:50 -------- d--h--w- C:\Users\Reboot Remedy\AppData\Local\{668A8AB4-5B38-4BC9-9890-CFECB36D3EC4}
    2012-03-17 05:32:07 -------- d--h--w- C:\Users\Reboot Remedy\AppData\Local\{767D7125-2E22-4E91-8F02-0241730E37A3}
    2012-03-16 22:59:51 -------- d--h--w- C:\Users\Reboot Remedy\AppData\Roaming\Malwarebytes
    2012-03-16 22:59:34 -------- d--h--w- C:\ProgramData\Malwarebytes
    2012-03-16 22:59:33 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-03-16 18:14:46 -------- d--h--w- C:\ab48433134b45195adbb05d7
    2012-03-16 17:25:16 -------- d--h--w- C:\Users\Reboot Remedy\AppData\Local\{B14775E8-0951-4782-9550-5D64AC6B8DD2}
    2012-03-16 17:25:02 -------- d--h--w- C:\Users\Reboot Remedy\AppData\Local\{3CF4428D-B62F-4E9A-98EA-105D80AC29D1}
    2012-03-16 17:20:15 -------- d--h--w- C:\Users\Reboot Remedy\AppData\Local\{44E445B2-9D7A-42E7-9A76-32F74A6A130A}
    2012-03-15 22:40:44 515584 ----a-w- C:\Windows\System32\timedate.cpl
    2012-03-15 22:40:44 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
    2012-03-15 22:40:41 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
    2012-03-15 22:38:53 634880 ----a-w- C:\Windows\System32\msvcrt.dll
    2012-03-15 22:38:52 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
    2012-03-15 17:27:44 -------- d--h--w- C:\Users\Reboot Remedy\AppData\Local\{63449660-50FC-4280-AA30-75A094866870}
    2012-03-15 17:27:23 -------- d--h--w- C:\Users\Reboot Remedy\AppData\Local\{95136510-3888-4DA3-90F5-ABE48E49762F}
    2012-03-15 17:04:07 -------- d--h--w- C:\Users\Reboot Remedy\AppData\Local\{F9830C86-12B7-4FBC-9D65-0A309E28DF2D}
    2012-03-15 17:03:36 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
    2012-03-14 18:15:26 -------- d--h--w- C:\Users\Reboot Remedy\AppData\Local\{BC060CAA-7DA1-477A-9674-33C514C44140}
    2012-03-13 20:23:58 -------- d--h--w- C:\Users\Reboot Remedy\AppData\Local\{A862CE5B-B093-475F-B471-9412BC7EAA94}
    2012-03-13 20:23:44 -------- d--h--w- C:\Users\Reboot Remedy\AppData\Local\{0876678A-D4E7-40BE-80A9-EC16B1A703FE}
    2012-03-13 19:30:38 -------- d--h--w- C:\Users\Reboot Remedy\AppData\Local\{FC55AB2C-270B-49B1-AB0F-42A3BDD90F64}
    2012-03-08 14:07:48 -------- d--h--w- C:\Users\Reboot Remedy\AppData\Local\{F44EFBBE-BC43-4455-A384-BA8F7F512B22}
    2012-03-07 19:43:53 -------- d--h--w- C:\Users\Reboot Remedy\AppData\Local\{96B21DCA-E3DB-4C3E-8806-469FBE973963}
    2012-03-06 23:49:45 -------- d--h--w- C:\Users\Reboot Remedy\AppData\Local\{F0363EFE-D3F2-48C1-8B7E-3156A427E3AB}
    2012-03-04 01:45:04 -------- d--h--w- C:\Users\Reboot Remedy\AppData\Local\{D89A1438-982F-4004-B4CE-A1E77AB34AC6}
    2012-03-03 06:05:59 -------- d--h--w- C:\Users\Reboot Remedy\AppData\Local\{EE2B4266-8803-4020-843A-95A52691A214}
    2012-03-01 21:44:16 -------- d--h--w- C:\Users\Reboot Remedy\AppData\Local\{9B2EE968-B06B-4059-9717-7DDD080FCDD9}
    2012-03-01 01:29:42 -------- d--h--w- C:\Users\Reboot Remedy\AppData\Local\{AC7DB1D4-0D9C-4F20-8D25-F754483AE74C}
    2012-02-28 20:35:13 -------- d--h--w- C:\Users\Reboot Remedy\AppData\Local\{E0B4F546-DCC1-4397-AF93-4226CF1895A6}
    2012-02-27 20:58:23 -------- d--h--w- C:\Users\Reboot Remedy\AppData\Local\{2E61D699-C7E8-448C-A4D2-61129A6B1F69}
    2012-02-26 16:23:53 -------- d--h--w- C:\Users\Reboot Remedy\AppData\Local\{1CFA7C3C-560E-4888-8D15-5D5EFA631B12}
    2012-02-24 20:57:16 -------- d--h--w- C:\Users\Reboot Remedy\AppData\Local\{7A969F40-1034-4F3A-89F6-914C9F82662F}
    2012-02-23 21:01:06 -------- d--h--w- C:\Users\Reboot Remedy\AppData\Local\{BE8987AC-9953-448F-BAD7-A70437D39150}
    2012-02-23 00:06:51 -------- d--h--w- C:\Users\Reboot Remedy\AppData\Local\{CEF2DAE4-461E-4240-89D7-67B2FA0551AB}
    2012-02-23 00:06:36 -------- d--h--w- C:\Users\Reboot Remedy\AppData\Local\{DC788E81-D031-404F-92AB-212E3C61D884}
    2012-02-20 20:24:48 -------- d--h--w- C:\Users\Reboot Remedy\AppData\Local\{55E776F0-96CE-4239-AFDD-290C47401512}
    2012-02-19 21:20:18 -------- d--h--w- C:\Users\Reboot Remedy\AppData\Local\{8F7066C6-A5C0-492F-A8AA-2C7C34595887}
    2012-02-18 15:04:36 -------- d--h--w- C:\Users\Reboot Remedy\AppData\Local\{558EC69F-EF01-4A75-AD55-EECD3E28BEDE}
    2012-02-18 02:48:25 -------- d--h--w- C:\Users\Reboot Remedy\AppData\Local\{3A1018F4-BF97-41BC-8717-0DA00DC35436}
    2012-02-18 02:48:00 -------- d--h--w- C:\Users\Reboot Remedy\AppData\Local\{A05FF30F-8291-4CCB-B67A-60DE8354ED60}
    2012-02-17 15:01:31 -------- d--h--w- C:\ProgramData\100
    2012-02-17 15:01:30 -------- d-----w- C:\Program Files (x86)\BFlix
    2012-02-17 15:00:23 -------- d--h--w- C:\Users\Reboot Remedy\AppData\Local\Babylon
    2012-02-17 15:00:20 -------- d--h--w- C:\Users\Reboot Remedy\AppData\Roaming\Babylon
    2012-02-17 15:00:20 -------- d--h--w- C:\ProgramData\Babylon
    2012-02-17 14:59:35 -------- d--h--w- C:\ProgramData\InstallMate
    2012-02-17 14:46:40 -------- d--h--w- C:\Users\Reboot Remedy\AppData\Local\{9F6C0FBB-4FCB-4FB7-BBF8-B9435634A001}
    .
    ==================== Find3M ====================
    .
    2012-01-20 01:22:45 414368 ---ha-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    .
    ============= FINISH: 12:01:05.07 ===============


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume1
    Install Date: 2/2/2011 9:39:10 AM
    System Uptime: 3/17/2012 10:37:05 AM (2 hours ago)
    .
    Motherboard: Quanta | | 30D0
    Processor: AMD Turion(tm) 64 X2 Mobile Technology TL-60 | Socket S1 | 2000/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 233 GiB total, 179.562 GiB free.
    D: is CDROM (UDF)
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID:
    Description: Coprocessor
    Device ID: PCI\VEN_10DE&DEV_0447&SUBSYS_30CF103C&REV_A1\3&2411E6FE&1&0B
    Manufacturer:
    Name: Coprocessor
    PNP Device ID: PCI\VEN_10DE&DEV_0447&SUBSYS_30CF103C&REV_A1\3&2411E6FE&1&0B
    Service:
    .
    ==== System Restore Points ===================
    .
    RP106: 2/1/2012 6:15:32 PM - Windows Update
    RP107: 2/16/2012 6:22:54 AM - Windows Update
    RP108: 3/15/2012 12:07:12 PM - Windows Update
    RP109: 3/16/2012 12:29:27 PM - Windows Update
    RP110: 3/16/2012 3:03:47 PM - Windows Update
    RP111: 3/17/2012 9:55:11 AM - Windows Update
    .
    ==== Installed Programs ======================
    .
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Reader X (10.1.1)
    AoA DVD Ripper
    Apple Application Support
    Apple Software Update
    ArcGIS Desktop 10
    ArcGIS License Manager 10
    ArcSoft MediaImpression for Kodak
    Ask Toolbar
    Avery Wizard 4.0
    Bing Bar
    D3DX10
    Data Interoperability Extension
    Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    Google Chrome
    Google Toolbar for Internet Explorer
    Google Update Helper
    HTC BMP USB Driver
    HTC Driver Installer
    HTC Sync
    Java Auto Updater
    Java(TM) 6 Update 24
    Junk Mail filter update
    Malwarebytes Anti-Malware version 1.60.1.1000
    McAfee Internet Security
    McAfee Security Scan Plus
    Mesh Runtime
    Messenger Companion
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook Connector
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP3 Parser
    MSXML 4.0 SP3 Parser (KB973685)
    QuickTime
    RICOH Media Driver
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
    Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
    Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
    Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition
    Skype™ 5.8
    System Requirements Lab
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2494150)
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553092)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
    Update for Microsoft Outlook Social Connector (KB2583935)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Xvid 1.2.2 final uninstall
    Yahoo! BrowserPlus 2.9.8
    Yahoo! Messenger
    Yahoo! Software Update
    Yahoo! Toolbar
    .
    ==== Event Viewer Messages From Past Week ========
    .
    3/17/2012 9:52:29 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
    3/17/2012 11:58:25 AM, Error: Service Control Manager [7023] - The Peer Name Resolution Protocol service terminated with the following error: Access is denied.
    3/17/2012 11:58:25 AM, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: Access is denied.
    3/17/2012 11:58:25 AM, Error: Microsoft-Windows-PNRPSvc [102] - The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80070005.
    3/16/2012 7:27:41 PM, Error: Service Control Manager [7031] - The McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
    3/16/2012 7:26:11 PM, Error: Service Control Manager [7009] - A timeout was reached (60000 milliseconds) while waiting for the Windows Modules Installer service to connect.
    3/16/2012 7:26:11 PM, Error: Service Control Manager [7000] - The Windows Modules Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    3/16/2012 7:22:36 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service TrustedInstaller with arguments "" in order to run the server: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
    3/16/2012 7:18:18 PM, Error: Microsoft-Windows-WMPNSS-Service [14346] - A new media server was not initialized because RegisterRunningDevice() encountered error '0x80070005'. Restart your computer, and then restart the WMPNetworkSvc service.
    3/16/2012 2:44:32 PM, Error: Service Control Manager [7009] - A timeout was reached (60000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
    3/16/2012 12:41:12 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 for x64-based Systems (KB2621440).
    3/16/2012 1:14:09 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 for x64-based Systems (KB2667402).
    3/16/2012 1:12:06 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 for x64-based Systems (KB2665364).
    3/16/2012 1:06:14 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Windows 7 for x64-based Systems (KB2639308).
    3/15/2012 3:41:14 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147014847
    3/15/2012 12:13:26 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 for x64-based Systems (KB2641653).
    .
    ==== End Of File ===========================
     
  2. mik1680

    mik1680 TS Rookie Topic Starter

    Bumping for help. I'm sorry, I know its long. Please help.
     
  3. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Okay, I know you're in a panic, but don't bump a thread after an hour!!

    Emergency fix only:
    Download Unhide.exe and save to the desktop.
    • Double-click on Unhide.exe icon to run the program.
    • This program will remove the +H, or hidden, attribute from all the files on your hard drives.
    Note 1: This does not remove the malware- only the attribute causing the 'missing' problem.So it is important for you to continue.
    Note 2: If you are infected with System Check it is important that you do not delete any files from your Temp folder or use any temp file cleaners

    I can't finish you up by morning (Sunday??) but this might help you view the file you need for now.
     
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Okay, if you're in, let's go ahead with the malware removal:

    Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    Before you run the Combofix scan, please disable any security software you have running.

    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe [​IMG]& follow the prompts.
    • If prompted for Recovery Console, please allow.
    • Once installed, you should see a blue screen prompt that says:
      • The Recovery Console was successfully installed.[/b]
      • Note: If Combofix was downloaded to a flash drive, the Recovery Console will not install- just bypass and go on.[/b]
      • Note: No query will be made if the Recovery Console is already on the system.
    • .Close/disable all anti virus and anti malware programs
      (If you need help with this, please see HERE)
    • .Close any open browsers.
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.
    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2:If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart the computer.
    Note 3:CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    ========================================
    This malware is a fake computer analysis and optimization program that displays fake information in order to scare you into believing that there is an issue with your computer and you need their program to fix it.
    • It will display numerous error messages when you attempt to launch programs or delete files.
    • It will scan your computer, which will then find a variety of errors that it states it cannot fix until you purchase the program. so-called defragment tool.
    • Folder, icons, programs may appear to be missing their content.
    • It may terminate a program you launch stating that "the program or hard drive is corrupted".
    • The messages that you will see when you attempt run a program are:
      [o]Hard Drive Failure
      [o]System ot Critical Error
      [o]Closing these messages will then bring 'notice' of Windows Recovery Diagnostics and/or Fix Disk
    • When running it will also display fake alerts from your Windows taskbar of various "Critical Errors" and other fake warnings.
    • . The malware may prevent downloads directly to the infected computer. In that case, programs can be loaded onto a flash drive, then transferred to the problem system to run.
    • Run RKill> Download from iExplore.exe download link and save to the desktop/
      [o] Double click the iExplore.exe icon to run
      [o] If you cannot find the icon, do as follows:
      [o]Win XP: Click on Start> Run> type in %userprofile%\desktop\iexplore.exe> OK
      [o]Win Vista/Win 7: Click on Start> type in Search Field %userprofile%\desktop\iexplore.exe> Enter
      [o] Be patient> a black windows will automatically close when finished
      [o] If you get a message that RKill is an infection, [leave the warning and run RKill again.
      Important: Do not reboot your computer after running RKill as the malware programs will start again.
    • Update and rescan with Malwarebytes using Perform Full Scan this time.
    • Make sure programs are updated to the most current version. This malware frequently uses an exploit in and outdated program:Please update the following:
      Note: Check each download screen for any pre-checked Toolbars or BHOs. Uncheck them before the download.
      [o]Adobe Reader:Adobe Reader Update
      [o]Java(TM):Java Updates .
      Uninstall any earlier versions in of both as they are vulnerabilities for the system.
    ======================================
    To run the Eset Online Virus Scan:
    If you use Internet Explorer:
    1. Open the ESETOnlineScan
    2. Skip to #4 to "Continue with the directions"

      If you are using a browser other than Internet Explorer
    3. Open Eset Smart Installer
      [o] Click on the esetsmartinstaller_enu.exelink and save to the desktop.
      [o] Double click on the desktop icon to run.
      [o] After successful installation of the ESET Smart Installer, the ESET Online Scanner will be launched in a new Window
    4. Continue with the directions.
    5. Check 'Yes I accept terms of use.'
    6. Click Start button
    7. Accept any security warnings from your browser.
      [​IMG]
    8. Uncheck 'Remove found threats'
    9. Check 'Scan archives/
    10. Leave remaining settings as is.
    11. Press the Start button.
    12. ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    13. When the scan completes, press List of found threats
    14. Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    15. Push the Back button, then Finish
    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
    =======================================
    Let me know the status after completing the above- please leave logs for Combofix, Mbam Full Scan and Eset online scan in your next reply.

    If you have any problems with any of the programs or any remaining system problems, please explain them as precisely as possible.
    ======================================
    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time. I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me. Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't follow directions given to someone else
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.
    Threads are closed after 5 days if there is no reply.
     
  5. mik1680

    mik1680 TS Rookie Topic Starter

    My apologies for bumping the thread too soon. I was a bit desperate.

    Thank you so much for your reply.

    To update you, I followed the instructions as listed, however, after initially running Combofix, my computer crashed. After rebooting it, I ran Combofix again. The log from the 2nd run is attached. Also, the computer froze prior to completing the first ESET Scan, I rescanned again after rebooting the computer, so the results of the 2nd scan are also attached here.



    ComboFix 12-03-17.01 - Reboot Remedy 03/17/2012 23:30:58.2.2 - x64
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2047.1038 [GMT -5:00]
    Running from: c:\users\Reboot Remedy\Desktop\ComboFix.exe
    AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
    SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-02-18 to 2012-03-18 )))))))))))))))))))))))))))))))
    .
    .
    2012-03-18 04:43 . 2012-03-18 04:43 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
    2012-03-18 04:43 . 2012-03-18 04:43 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
    2012-03-18 04:43 . 2012-03-18 04:43 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-03-17 15:39 . 2009-07-14 01:14 20480 ----a-w- c:\windows\svchost.exe
    2012-03-17 15:15 . 2011-12-10 20:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-03-16 22:59 . 2012-03-16 22:59 -------- d-----w- c:\users\Reboot Remedy\AppData\Roaming\Malwarebytes
    2012-03-16 22:59 . 2012-03-16 22:59 -------- d-----w- c:\programdata\Malwarebytes
    2012-03-16 22:59 . 2012-03-17 15:15 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-03-16 18:14 . 2012-03-16 18:14 -------- d-----w- C:\ab48433134b45195adbb05d7
    2012-03-15 22:40 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
    2012-03-15 22:40 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
    2012-03-15 22:40 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
    2012-03-15 22:38 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
    2012-03-15 22:38 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
    2012-03-15 20:49 . 2012-03-15 20:49 -------- d-----w- c:\windows\Sun
    2012-03-15 17:03 . 2012-03-15 17:03 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
    2012-02-17 15:01 . 2012-03-15 19:00 -------- d-----w- c:\program files (x86)\BFlix
    2012-02-17 15:00 . 2012-03-17 17:21 -------- d-----w- c:\users\Reboot Remedy\AppData\Local\Babylon
    2012-02-17 15:00 . 2012-02-17 15:00 -------- d-----w- c:\users\Reboot Remedy\AppData\Roaming\Babylon
    2012-02-17 15:00 . 2012-02-17 15:00 -------- d-----w- c:\programdata\Babylon
    2012-02-17 14:59 . 2012-02-17 15:01 -------- d-----w- c:\programdata\InstallMate
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-01-20 01:22 . 2011-06-08 16:15 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-01-07 14:32 . 2012-01-07 14:32 53248 ----a-r- c:\users\Reboot Remedy\AppData\Roaming\Microsoft\Installer\{7196E6BD-4B65-43F9-9D30-73A8E58D0E84}\ARPPRODUCTICON.exe
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-03-18_04.18.30 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2012-03-16 17:33 . 2012-03-18 04:22 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
    - 2012-03-16 17:33 . 2012-03-16 18:21 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
    - 2012-03-15 17:03 . 2012-03-16 17:24 16384 c:\windows\SysWOW64\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
    + 2012-03-15 17:03 . 2012-03-18 04:22 16384 c:\windows\SysWOW64\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
    + 2009-07-14 05:10 . 2012-03-18 04:23 42538 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2011-02-02 15:42 . 2012-03-18 04:23 13572 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2846935167-178982516-714802623-1000_UserData.bin
    + 2011-02-24 19:37 . 2012-03-18 04:21 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2011-02-24 19:37 . 2012-03-17 15:37 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2012-03-14 19:35 . 2012-03-17 15:39 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
    + 2012-03-14 19:35 . 2012-03-18 04:23 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
    - 2012-03-14 19:35 . 2012-03-17 15:38 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
    + 2012-03-14 19:35 . 2012-03-18 04:21 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
    + 2012-03-14 19:35 . 2012-03-18 04:21 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
    - 2012-03-14 19:35 . 2012-03-17 15:38 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
    + 2011-02-24 19:37 . 2012-03-18 04:23 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2011-02-24 19:37 . 2012-03-17 15:39 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2011-02-24 19:37 . 2012-03-17 15:37 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2011-02-24 19:37 . 2012-03-18 04:21 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2011-02-21 23:26 . 2012-03-17 15:37 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2011-02-21 23:26 . 2012-03-18 04:21 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2011-02-21 23:26 . 2012-03-18 04:21 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2011-02-21 23:26 . 2012-03-17 15:37 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2012-03-17 15:37 . 2012-03-17 15:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-03-17 15:37 . 2012-03-18 04:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2012-03-17 15:37 . 2012-03-17 15:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2012-03-17 15:37 . 2012-03-18 04:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2011-03-05 21:02 . 2012-03-18 03:59 360448 c:\windows\Temp\History\History.IE5\index.dat
    + 2011-03-05 21:02 . 2012-03-18 04:27 360448 c:\windows\Temp\History\History.IE5\index.dat
    - 2011-03-05 21:02 . 2012-03-18 03:59 163840 c:\windows\Temp\Cookies\index.dat
    + 2011-03-05 21:02 . 2012-03-18 04:27 163840 c:\windows\Temp\Cookies\index.dat
    + 2011-03-05 21:02 . 2012-03-18 04:27 3309568 c:\windows\Temp\Temporary Internet Files\Content.IE5\index.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    2011-11-18 01:29 1515688 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-11-18 1515688]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-02-27 39408]
    "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-01-31 17147528]
    "freeklogger.exe"="c:\program files (x86)\FK_Monitor\freeklogger.exe" [2011-10-13 794624]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
    "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-06-28 1486392]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
    "ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2011-11-18 901800]
    "ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
    "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    R2 0020311328329218mcinstcleanup;McAfee Application Installer Cleanup (0020311328329218);c:\windows\TEMP\002031~1.EXE [x]
    R2 0117951332004784mcinstcleanup;McAfee Application Installer Cleanup (0117951332004784);c:\windows\TEMP\011795~1.EXE [x]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-27 136176]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-01-31 158856]
    R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-27 136176]
    R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
    R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]
    R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
    R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
    S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
    S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
    S2 ArcGIS License Manager;ArcGIS License Manager;c:\program files (x86)\ArcGIS\License10.0\bin\lmgrd.exe [2008-11-06 1500424]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
    S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
    S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
    S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
    S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-04-14 245352]
    S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
    S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2010-09-16 80896]
    S3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [x]
    S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
    S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
    S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
    S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
    S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - mfeavfk01
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    iissvcs REG_MULTI_SZ w3svc was
    apphost REG_MULTI_SZ apphostsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-27 17:40]
    .
    2012-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-27 17:40]
    .
    2012-03-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2846935167-178982516-714802623-1000Core.job
    - c:\users\Reboot Remedy\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-25 20:02]
    .
    2012-03-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2846935167-178982516-714802623-1000UA.job
    - c:\users\Reboot Remedy\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-25 20:02]
    .
    .
    --------- x86-64 -----------
    .
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
    TCP: DhcpNameServer = 192.168.1.1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\McAfee]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-03-17 23:51:35
    ComboFix-quarantined-files.txt 2012-03-18 04:51
    ComboFix2.txt 2012-03-18 04:25
    .
    Pre-Run: 193,262,923,776 bytes free
    Post-Run: 193,233,428,480 bytes free
    .
    - - End Of File - - F8A7E27BA6561708A041979C81054624


    This log file is located at C:\rkill.log.
    Please post this only if requested to by the person helping you.
    Otherwise you can close this log when you wish.

    Rkill was run on 03/17/2012 at 23:58:29.
    Operating System: Windows 7 Ultimate


    Processes terminated by Rkill or while it was running:

    \\.\globalroot\systemroot\svchost.exe


    Rkill completed on 03/17/2012 at 23:59:05.



    Malwarebytes Anti-Malware (Trial) 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.03.18.01

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 8.0.7601.17514
    Reboot Remedy :: REBOOTREMEDY-PC [administrator]

    Protection: Enabled

    3/18/2012 12:09:26 AM
    mbam-log-2012-03-18 (00-09-26).txt

    Scan type: Full scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 397684
    Time elapsed: 2 hour(s), 18 minute(s), 23 second(s)

    Memory Processes Detected: 1
    C:\Windows\svchost.exe (Trojan.Agent) -> 4504 -> Delete on reboot.

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

    (end)


    C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\11724130-1dcceaa4 Java/Exploit.Blacole.AN trojan
    C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\11724130-1dcceaa4 Java/Exploit.Blacole.AN trojan
     
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:
    Code:
    File::
    FileLook::
    C:\Windows\svchost.exe
    Folder::
    C:\ab48433134b45195adbb05d7
    C:\ProgramData\100
    C:\Program Files (x86)\BFlix
    C:\Users\Reboot Remedy\AppData\Local\Babylon
    C:\Users\Reboot Remedy\AppData\Roaming\Babylon
    C:\ProgramData\Babylon
    C:\ProgramData\InstallMate
    C:\Users\Reboot Remedy\AppData\Local\{9F6C0FBB-4FCB-4FB7-BBF8-B9435634A001}
    Registry::
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ru n]
    "ApnUpdater"=-
    RegLock::
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    
    Clearjavacache::
    
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
    ==========================================
    The malware in Eset is in the Java cache. I have cleared that in Combofix. But you have multiple outdated Java:
    Please update Java: Java Updates .

    Be sure to check all download screens for any pre-check toolbars or BHO> if found, remove the check before the download..
    ======================================
    Please run the following to remove the old Java:
    You have multiple old versions of Java and do not have the current version. The best way to handle that is to run the following: Note: I do not want this log!

    Please download JavaRa and unzip it to your desktop.

    Important!***Please close any instances of Internet Explorer before continuing!***
    • Double-click on JavaRa.exe to start the program.
    • From the drop-down menu, choose English and click on Select.
    • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
    • Click Yes when prompted. When JavaRa is done, a notice will appear that
      a logfile has been produced. Click OK.
    • A logfile will pop up. Note: Do not leave this log.
    ===========================================
    How is the system doing now?
     
  7. mik1680

    mik1680 TS Rookie Topic Starter

    It seems to be working ok, you've been incredibly helpful. Thank you so much.

    Here is the last Combofix Log:

    ComboFix 12-03-17.01 - Reboot Remedy 03/19/2012 16:13:27.3.2 - x64
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2047.1159 [GMT -5:00]
    Running from: c:\users\Reboot Remedy\Desktop\ComboFix.exe
    Command switches used :: c:\users\Reboot Remedy\Desktop\CFScript.txt
    AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
    SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\ab48433134b45195adbb05d7
    c:\ab48433134b45195adbb05d7\$shtdwn$.req
    c:\ab48433134b45195adbb05d7\1025\eula.rtf
    c:\ab48433134b45195adbb05d7\1025\LocalizedData.xml
    c:\ab48433134b45195adbb05d7\1025\SetupResources.dll
    c:\ab48433134b45195adbb05d7\1028\eula.rtf
    c:\ab48433134b45195adbb05d7\1028\LocalizedData.xml
    c:\ab48433134b45195adbb05d7\1028\SetupResources.dll
    c:\ab48433134b45195adbb05d7\1029\eula.rtf
    c:\ab48433134b45195adbb05d7\1029\LocalizedData.xml
    c:\ab48433134b45195adbb05d7\1029\SetupResources.dll
    c:\ab48433134b45195adbb05d7\1030\eula.rtf
    c:\ab48433134b45195adbb05d7\1030\LocalizedData.xml
    c:\ab48433134b45195adbb05d7\1030\SetupResources.dll
    c:\ab48433134b45195adbb05d7\1031\eula.rtf
    c:\ab48433134b45195adbb05d7\1031\LocalizedData.xml
    c:\ab48433134b45195adbb05d7\1031\SetupResources.dll
    c:\ab48433134b45195adbb05d7\1032\eula.rtf
    c:\ab48433134b45195adbb05d7\1032\LocalizedData.xml
    c:\ab48433134b45195adbb05d7\1032\SetupResources.dll
    c:\ab48433134b45195adbb05d7\1033\eula.rtf
    c:\ab48433134b45195adbb05d7\1033\LocalizedData.xml
    c:\ab48433134b45195adbb05d7\1033\SetupResources.dll
    c:\ab48433134b45195adbb05d7\1035\eula.rtf
    c:\ab48433134b45195adbb05d7\1035\LocalizedData.xml
    c:\ab48433134b45195adbb05d7\1035\SetupResources.dll
    c:\ab48433134b45195adbb05d7\1036\eula.rtf
    c:\ab48433134b45195adbb05d7\1036\LocalizedData.xml
    c:\ab48433134b45195adbb05d7\1036\SetupResources.dll
    c:\ab48433134b45195adbb05d7\1037\eula.rtf
    c:\ab48433134b45195adbb05d7\1037\LocalizedData.xml
    c:\ab48433134b45195adbb05d7\1037\SetupResources.dll
    c:\ab48433134b45195adbb05d7\1038\eula.rtf
    c:\ab48433134b45195adbb05d7\1038\LocalizedData.xml
    c:\ab48433134b45195adbb05d7\1038\SetupResources.dll
    c:\ab48433134b45195adbb05d7\1040\eula.rtf
    c:\ab48433134b45195adbb05d7\1040\LocalizedData.xml
    c:\ab48433134b45195adbb05d7\1040\SetupResources.dll
    c:\ab48433134b45195adbb05d7\1041\eula.rtf
    c:\ab48433134b45195adbb05d7\1041\LocalizedData.xml
    c:\ab48433134b45195adbb05d7\1041\SetupResources.dll
    c:\ab48433134b45195adbb05d7\1042\eula.rtf
    c:\ab48433134b45195adbb05d7\1042\LocalizedData.xml
    c:\ab48433134b45195adbb05d7\1042\SetupResources.dll
    c:\ab48433134b45195adbb05d7\1043\eula.rtf
    c:\ab48433134b45195adbb05d7\1043\LocalizedData.xml
    c:\ab48433134b45195adbb05d7\1043\SetupResources.dll
    c:\ab48433134b45195adbb05d7\1044\eula.rtf
    c:\ab48433134b45195adbb05d7\1044\LocalizedData.xml
    c:\ab48433134b45195adbb05d7\1044\SetupResources.dll
    c:\ab48433134b45195adbb05d7\1045\eula.rtf
    c:\ab48433134b45195adbb05d7\1045\LocalizedData.xml
    c:\ab48433134b45195adbb05d7\1045\SetupResources.dll
    c:\ab48433134b45195adbb05d7\1046\eula.rtf
    c:\ab48433134b45195adbb05d7\1046\LocalizedData.xml
    c:\ab48433134b45195adbb05d7\1046\SetupResources.dll
    c:\ab48433134b45195adbb05d7\1049\eula.rtf
    c:\ab48433134b45195adbb05d7\1049\LocalizedData.xml
    c:\ab48433134b45195adbb05d7\1049\SetupResources.dll
    c:\ab48433134b45195adbb05d7\1053\eula.rtf
    c:\ab48433134b45195adbb05d7\1053\LocalizedData.xml
    c:\ab48433134b45195adbb05d7\1053\SetupResources.dll
    c:\ab48433134b45195adbb05d7\1055\eula.rtf
    c:\ab48433134b45195adbb05d7\1055\LocalizedData.xml
    c:\ab48433134b45195adbb05d7\1055\SetupResources.dll
    c:\ab48433134b45195adbb05d7\2052\eula.rtf
    c:\ab48433134b45195adbb05d7\2052\LocalizedData.xml
    c:\ab48433134b45195adbb05d7\2052\SetupResources.dll
    c:\ab48433134b45195adbb05d7\2070\eula.rtf
    c:\ab48433134b45195adbb05d7\2070\LocalizedData.xml
    c:\ab48433134b45195adbb05d7\2070\SetupResources.dll
    c:\ab48433134b45195adbb05d7\3076\eula.rtf
    c:\ab48433134b45195adbb05d7\3076\LocalizedData.xml
    c:\ab48433134b45195adbb05d7\3076\SetupResources.dll
    c:\ab48433134b45195adbb05d7\3082\eula.rtf
    c:\ab48433134b45195adbb05d7\3082\LocalizedData.xml
    c:\ab48433134b45195adbb05d7\3082\SetupResources.dll
    c:\ab48433134b45195adbb05d7\DHtmlHeader.html
    c:\ab48433134b45195adbb05d7\Graphics\Print.ico
    c:\ab48433134b45195adbb05d7\Graphics\Rotate1.ico
    c:\ab48433134b45195adbb05d7\Graphics\Rotate2.ico
    c:\ab48433134b45195adbb05d7\Graphics\Rotate3.ico
    c:\ab48433134b45195adbb05d7\Graphics\Rotate4.ico
    c:\ab48433134b45195adbb05d7\Graphics\Rotate5.ico
    c:\ab48433134b45195adbb05d7\Graphics\Rotate6.ico
    c:\ab48433134b45195adbb05d7\Graphics\Rotate7.ico
    c:\ab48433134b45195adbb05d7\Graphics\Rotate8.ico
    c:\ab48433134b45195adbb05d7\Graphics\Save.ico
    c:\ab48433134b45195adbb05d7\Graphics\Setup.ico
    c:\ab48433134b45195adbb05d7\Graphics\stop.ico
    c:\ab48433134b45195adbb05d7\Graphics\SysReqMet.ico
    c:\ab48433134b45195adbb05d7\Graphics\SysReqNotMet.ico
    c:\ab48433134b45195adbb05d7\Graphics\warn.ico
    c:\ab48433134b45195adbb05d7\header.bmp
    c:\ab48433134b45195adbb05d7\NDP40-KB2633870.msp
    c:\ab48433134b45195adbb05d7\ParameterInfo.xml
    c:\ab48433134b45195adbb05d7\Setup.exe
    c:\ab48433134b45195adbb05d7\SetupEngine.dll
    c:\ab48433134b45195adbb05d7\SetupUi.dll
    c:\ab48433134b45195adbb05d7\SetupUi.xsd
    c:\ab48433134b45195adbb05d7\SetupUtility.exe
    c:\ab48433134b45195adbb05d7\SplashScreen.bmp
    c:\ab48433134b45195adbb05d7\sqmapi.dll
    c:\ab48433134b45195adbb05d7\Strings.xml
    c:\ab48433134b45195adbb05d7\UiInfo.xml
    c:\ab48433134b45195adbb05d7\watermark.bmp
    c:\program files (x86)\BFlix
    c:\program files (x86)\BFlix\bflix.crx
    c:\programdata\Babylon
    c:\programdata\InstallMate
    c:\programdata\InstallMate\{B01A9061-55EF-4AEF-9983-6BD5B2D76491}\20120217085925.log
    c:\programdata\InstallMate\{B01A9061-55EF-4AEF-9983-6BD5B2D76491}\Setup.dat
    c:\users\Reboot Remedy\AppData\Local\{9F6C0FBB-4FCB-4FB7-BBF8-B9435634A001}
    c:\users\Reboot Remedy\AppData\Local\Babylon
    c:\users\Reboot Remedy\AppData\Local\Babylon\Setup\bab033.tbinst.dat
    c:\users\Reboot Remedy\AppData\Local\Babylon\Setup\bab091.norecovericon.dat
    c:\users\Reboot Remedy\AppData\Local\Babylon\Setup\Babylon.dat
    c:\users\Reboot Remedy\AppData\Local\Babylon\Setup\HtmlScreens\cmbx.png
    c:\users\Reboot Remedy\AppData\Local\Babylon\Setup\HtmlScreens\eula.html
    c:\users\Reboot Remedy\AppData\Local\Babylon\Setup\HtmlScreens\lngs.png
    c:\users\Reboot Remedy\AppData\Local\Babylon\Setup\HtmlScreens\page1.css
    c:\users\Reboot Remedy\AppData\Local\Babylon\Setup\HtmlScreens\page1.html
    c:\users\Reboot Remedy\AppData\Local\Babylon\Setup\HtmlScreens\page1.js
    c:\users\Reboot Remedy\AppData\Local\Babylon\Setup\HtmlScreens\page1Lrg.css
    c:\users\Reboot Remedy\AppData\Local\Babylon\Setup\HtmlScreens\page2.css
    c:\users\Reboot Remedy\AppData\Local\Babylon\Setup\HtmlScreens\page2.html
    c:\users\Reboot Remedy\AppData\Local\Babylon\Setup\HtmlScreens\page2.js
    c:\users\Reboot Remedy\AppData\Local\Babylon\Setup\HtmlScreens\page2Lrg.css
    c:\users\Reboot Remedy\AppData\Local\Babylon\Setup\HtmlScreens\page9.html
    c:\users\Reboot Remedy\AppData\Local\Babylon\Setup\HtmlScreens\pBar.gif
    c:\users\Reboot Remedy\AppData\Local\Babylon\Setup\HtmlScreens\title1.png
    c:\users\Reboot Remedy\AppData\Local\Babylon\Setup\HtmlScreens\title2.png
    c:\users\Reboot Remedy\AppData\Local\Babylon\Setup\HtmlScreens\toolBar.jpg
    c:\users\Reboot Remedy\AppData\Local\Babylon\Setup\HtmlScreens\vIcn.png
    c:\users\Reboot Remedy\AppData\Local\Babylon\Setup\Setup-tbmntr903-9.0.3.35.zpb
    c:\users\Reboot Remedy\AppData\Local\Babylon\Setup\SetupStrings.dat
    c:\users\Reboot Remedy\AppData\Roaming\Babylon
    c:\users\Reboot Remedy\AppData\Roaming\Babylon\log_file.txt
    c:\windows\SysWow64\RENFFF4.tmp
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-02-19 to 2012-03-19 )))))))))))))))))))))))))))))))
    .
    .
    2012-03-19 21:29 . 2012-03-19 21:29 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
    2012-03-19 21:29 . 2012-03-19 21:29 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
    2012-03-19 21:29 . 2012-03-19 21:29 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-03-18 11:23 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
    2012-03-18 11:23 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
    2012-03-18 11:23 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
    2012-03-18 11:18 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
    2012-03-18 11:18 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
    2012-03-18 11:18 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
    2012-03-18 11:18 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
    2012-03-18 11:18 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
    2012-03-18 11:18 . 2012-02-17 06:38 1112064 ----a-w- c:\windows\system32\rdpcorets.dll
    2012-03-18 11:18 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
    2012-03-18 11:18 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
    2012-03-18 11:18 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-03-18 11:18 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
    2012-03-18 09:31 . 2009-07-14 01:14 20480 ----a-w- c:\windows\svchost.exe
    2012-03-18 08:01 . 2012-03-18 08:01 -------- d-----w- c:\program files (x86)\ESET
    2012-03-18 07:58 . 2012-03-18 07:58 -------- d-----w- c:\program files (x86)\Common Files\Java
    2012-03-18 07:57 . 2011-03-20 00:31 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-03-18 07:56 . 2012-03-18 07:56 -------- d-----w- c:\program files (x86)\Java
    2012-03-18 07:50 . 2012-03-18 07:50 -------- d-----w- c:\windows\system32\appmgmt
    2012-03-17 15:15 . 2011-12-10 20:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-03-16 22:59 . 2012-03-16 22:59 -------- d-----w- c:\users\Reboot Remedy\AppData\Roaming\Malwarebytes
    2012-03-16 22:59 . 2012-03-16 22:59 -------- d-----w- c:\programdata\Malwarebytes
    2012-03-16 22:59 . 2012-03-17 15:15 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-03-15 22:40 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
    2012-03-15 22:40 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
    2012-03-15 22:40 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
    2012-03-15 22:38 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
    2012-03-15 22:38 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
    2012-03-15 20:49 . 2012-03-15 20:49 -------- d-----w- c:\windows\Sun
    2012-03-15 17:03 . 2012-03-15 17:03 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-01-20 01:22 . 2011-06-08 16:15 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-01-07 14:32 . 2012-01-07 14:32 53248 ----a-r- c:\users\Reboot Remedy\AppData\Roaming\Microsoft\Installer\{7196E6BD-4B65-43F9-9D30-73A8E58D0E84}\ARPPRODUCTICON.exe
    .
    .
    (((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    --- c:\windows\svchost.exe ---
    Company: Microsoft Corporation
    File Description: winrscmde
    File Version: 6.1.7600.16385 (win7_rtm.090713-1255)
    Product Name: Microsoft® Windows® Operating System
    Copyright: © Microsoft Corporation. All rights reserved.
    Original Filename: winrscmde.exe
    File size: 20480
    Created time: 2012-03-18 09:31
    Modified time: 2009-07-14 01:14
    MD5: 2CEFF13ACE25A40BD8D97654944297CD
    SHA1: D839453DD53E2E1970ACE260DDD60597CA04E357
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-03-18_04.18.30 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2012-03-16 17:33 . 2012-03-19 20:26 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
    - 2012-03-16 17:33 . 2012-03-16 18:21 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
    + 2012-03-15 17:03 . 2012-03-19 21:09 16384 c:\windows\SysWOW64\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
    - 2012-03-15 17:03 . 2012-03-16 17:24 16384 c:\windows\SysWOW64\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
    + 2011-02-21 23:24 . 2012-03-19 20:29 40422 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10 . 2012-03-19 20:29 42928 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2011-02-02 15:42 . 2012-03-19 20:29 13692 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2846935167-178982516-714802623-1000_UserData.bin
    + 2012-03-15 19:00 . 2012-03-18 09:47 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat
    - 2012-03-15 19:00 . 2012-03-17 05:51 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat
    - 2011-02-24 19:37 . 2012-03-17 15:37 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2011-02-24 19:37 . 2012-03-19 20:25 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-07-14 04:46 . 2012-03-19 20:37 88248 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
    + 2012-03-14 19:35 . 2012-03-19 20:29 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
    - 2012-03-14 19:35 . 2012-03-17 15:39 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
    - 2012-03-14 19:35 . 2012-03-17 15:38 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
    + 2012-03-14 19:35 . 2012-03-19 20:26 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
    + 2012-03-14 19:35 . 2012-03-19 20:26 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
    - 2012-03-14 19:35 . 2012-03-17 15:38 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
    + 2011-02-24 19:37 . 2012-03-19 20:29 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2011-02-24 19:37 . 2012-03-17 15:39 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2011-02-24 19:37 . 2012-03-17 15:37 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2011-02-24 19:37 . 2012-03-19 20:25 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2011-02-21 23:26 . 2012-03-19 20:26 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2011-02-21 23:26 . 2012-03-17 15:37 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2011-02-21 23:26 . 2012-03-17 15:37 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2011-02-21 23:26 . 2012-03-19 20:26 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2011-02-27 00:17 . 2012-03-19 20:04 34144 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\oisicon.exe
    - 2011-02-27 00:17 . 2012-03-17 15:19 34144 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\oisicon.exe
    - 2011-02-27 00:17 . 2012-03-17 15:19 42848 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\msouc.exe
    + 2011-02-27 00:17 . 2012-03-19 20:04 42848 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\msouc.exe
    + 2011-02-27 00:17 . 2012-03-19 20:04 19296 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\cagicon.exe
    - 2011-02-27 00:17 . 2012-03-17 15:19 19296 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\cagicon.exe
    + 2011-06-06 17:55 . 2011-06-06 17:55 64952 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\armsvc.exe
    + 2012-03-19 20:25 . 2012-03-19 20:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2012-03-17 15:37 . 2012-03-17 15:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-03-19 20:25 . 2012-03-19 20:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2012-03-17 15:37 . 2012-03-17 15:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2011-03-05 21:02 . 2012-03-19 21:09 491520 c:\windows\Temp\History\History.IE5\index.dat
    + 2011-03-05 21:02 . 2012-03-19 21:09 245760 c:\windows\Temp\Cookies\index.dat
    + 2012-03-18 07:57 . 2012-03-18 07:57 157472 c:\windows\SysWOW64\javaws.exe
    - 2011-03-20 00:32 . 2011-03-20 00:31 157472 c:\windows\SysWOW64\javaws.exe
    + 2012-03-18 07:57 . 2012-03-18 07:57 149280 c:\windows\SysWOW64\javaw.exe
    + 2012-03-18 07:57 . 2012-03-18 07:56 149280 c:\windows\SysWOW64\java.exe
    + 2011-02-25 21:58 . 2012-03-19 19:51 282618 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
    - 2009-07-14 04:45 . 2011-12-16 20:29 465656 c:\windows\system32\FNTCACHE.DAT
    + 2009-07-14 04:45 . 2012-03-19 20:25 465656 c:\windows\system32\FNTCACHE.DAT
    - 2009-07-14 05:38 . 2012-03-17 17:37 262144 c:\windows\system32\config\systemprofile\ntuser.dat
    + 2009-07-14 05:38 . 2012-03-18 14:01 262144 c:\windows\system32\config\systemprofile\ntuser.dat
    - 2011-06-30 09:20 . 2012-03-18 03:54 262144 c:\windows\system32\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
    + 2011-06-30 09:20 . 2012-03-19 20:40 262144 c:\windows\system32\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
    + 2011-02-24 19:37 . 2012-03-18 04:21 262144 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    - 2011-02-24 19:37 . 2012-02-16 13:45 262144 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    - 2009-07-14 05:01 . 2012-03-17 15:35 422316 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2009-07-14 05:01 . 2012-03-19 20:23 422316 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2012-03-18 07:58 . 2012-03-18 07:58 207360 c:\windows\Installer\b909f5.msi
    + 2012-03-18 07:55 . 2012-03-18 07:55 907264 c:\windows\Installer\b909f0.msi
    + 2011-02-27 00:17 . 2012-03-19 20:04 415584 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pubs.exe
    - 2011-02-27 00:17 . 2012-03-17 15:19 415584 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pubs.exe
    + 2011-02-27 00:17 . 2012-03-19 20:04 303456 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe
    - 2011-02-27 00:17 . 2012-03-17 15:19 303456 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe
    - 2011-02-27 00:17 . 2012-03-17 15:19 571232 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\misc.exe
    + 2011-02-27 00:17 . 2012-03-19 20:04 571232 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\misc.exe
    - 2011-02-27 00:17 . 2012-03-17 15:19 326496 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\joticon.exe
    + 2011-02-27 00:17 . 2012-03-19 20:04 326496 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\joticon.exe
    + 2011-02-27 00:17 . 2012-03-19 20:04 469856 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\inficon.exe
    - 2011-02-27 00:17 . 2012-03-17 15:19 469856 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\inficon.exe
    - 2011-02-27 00:17 . 2012-03-17 15:19 178528 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\grvicons.exe
    + 2011-02-27 00:17 . 2012-03-19 20:04 178528 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\grvicons.exe
    + 2011-03-05 21:02 . 2012-03-19 21:09 3932160 c:\windows\Temp\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-14 04:45 . 2012-03-19 20:34 5988437 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
    - 2009-07-14 04:45 . 2012-03-17 14:54 5988437 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
    + 2012-03-01 04:55 . 2012-03-01 04:55 3462656 c:\windows\Installer\9b972.msp
    + 2011-02-27 00:17 . 2012-03-19 20:04 1479520 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\xlicons.exe
    - 2011-02-27 00:17 . 2012-03-17 15:19 1479520 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\xlicons.exe
    - 2011-02-27 00:17 . 2012-03-17 15:19 1858400 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\wordicon.exe
    + 2011-02-27 00:17 . 2012-03-19 20:04 1858400 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\wordicon.exe
    + 2011-02-27 00:17 . 2012-03-19 20:04 3792736 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pptico.exe
    - 2011-02-27 00:17 . 2012-03-17 15:19 3792736 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pptico.exe
    - 2011-02-27 00:17 . 2012-03-17 15:19 1449312 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\accicons.exe
    + 2011-02-27 00:17 . 2012-03-19 20:04 1449312 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\accicons.exe
    + 2011-06-06 17:55 . 2011-06-06 17:55 1189004 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\JSByteCodeWin.bin
    + 2012-03-18 11:23 . 2012-01-04 08:59 12872704 c:\windows\SysWOW64\shell32.dll
    - 2009-07-14 02:34 . 2012-03-16 19:56 10747904 c:\windows\system32\SMI\Store\Machine\schema.dat
    + 2009-07-14 02:34 . 2012-03-19 20:22 10747904 c:\windows\system32\SMI\Store\Machine\schema.dat
    + 2012-03-18 11:23 . 2012-01-04 10:44 14172672 c:\windows\system32\shell32.dll
    + 2012-01-03 17:58 . 2012-01-03 17:58 15929344 c:\windows\Installer\b90776.msp
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    2011-11-18 01:29 1515688 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-02-27 39408]
    "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-01-31 17147528]
    "freeklogger.exe"="c:\program files (x86)\FK_Monitor\freeklogger.exe" [2011-10-13 794624]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
    "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-06-28 1486392]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2011-11-18 901800]
    "ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
    "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-27 136176]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-01-31 158856]
    R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-27 136176]
    R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
    R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]
    R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
    R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
    S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
    S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
    S2 ArcGIS License Manager;ArcGIS License Manager;c:\program files (x86)\ArcGIS\License10.0\bin\lmgrd.exe [2008-11-06 1500424]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
    S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
    S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
    S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
    S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-04-14 245352]
    S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
    S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2010-09-16 80896]
    S3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [x]
    S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
    S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
    S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
    S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
    S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - mfeavfk01
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    iissvcs REG_MULTI_SZ w3svc was
    apphost REG_MULTI_SZ apphostsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-03-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-27 17:40]
    .
    2012-03-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-27 17:40]
    .
    2012-03-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2846935167-178982516-714802623-1000Core.job
    - c:\users\Reboot Remedy\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-25 20:02]
    .
    2012-03-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2846935167-178982516-714802623-1000UA.job
    - c:\users\Reboot Remedy\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-25 20:02]
    .
    .
    --------- x86-64 -----------
    .
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
    TCP: DhcpNameServer = 192.168.1.1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus\1]
    @="131473"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\McAfee]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-03-19 16:38:28
    ComboFix-quarantined-files.txt 2012-03-19 21:38
    ComboFix2.txt 2012-03-18 04:51
    ComboFix3.txt 2012-03-18 04:25
    .
    Pre-Run: 192,624,214,016 bytes free
    Post-Run: 192,626,466,816 bytes free
    .
    - - End Of File - - 17FBF78A5742D1AE65488DC95F5ADC25
     
  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    You're welcome! Hope you were able to access your homework and get it in.

    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:
    Code:
    File::
    DDS::
    BHO: Avery Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    TB: Avery Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    dPolicies-system: DisableTaskMgr = 1 (0x1)
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    BHO-X64: Avery Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    BHO-X64: Ask Toolbar BHO - No File
    TB-X64: Avery Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
    Folder::
    c:\windows\system32\config\systemprofile\AppData\Local\temp
    c:\users\DefaultAppPool\AppData\Local\temp
    c:\users\Default\AppData\Local\temp
    Registry::
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ru n]
    "ApnUpdater"=-
    RegLock::
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus\1]
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    
    Clearjavacache::
    
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
    =============================================
    The following should be gone, but let's make sure:

    Please download OTMovit by Old Timer and save to your desktop.
    • Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
      Code:
      :Files 
      C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployme nt\cache\6.0\48\11724130-1dcceaa4 
      C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployme nt\cache\6.0\48\11724130-1dcceaa4 
      :Commands
      [purity]
      [emptytemp]
      [start explorer]
      [Reboot]
    • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
    • Click the red Moveit! button.
    • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
    • Close OTMoveIt3
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
    ======================================
    Please use add/remove Programs to uninstall any Ask entries. Also look for Avery Toolbar and Babylon Toolbar and remove if found.
    For any uninstall programs: use Windows Explorer (Right click on Start> Explore) to access Computer> Local Drive C)> Programs> find the program folder for each and do a right click> Delete
    Is everything in order now: No hidden icons, desktop, Task Manager, desktop okay, Start Menu in order?
     
  9. mik1680

    mik1680 TS Rookie Topic Starter

    Hi Bobbye,

    Here are the two latest logs:

    ComboFix 12-03-17.01 - Reboot Remedy 03/26/2012 18:09:08.5.2 - x64
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2047.1122 [GMT -5:00]
    Running from: c:\users\Reboot Remedy\Desktop\ComboFix.exe
    Command switches used :: c:\users\Reboot Remedy\Desktop\CFScript.txt
    AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
    SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    - REDUCED FUNCTIONALITY MODE -
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files (x86)\Ask.com\GenericAskToolbar.dll
    c:\program files (x86)\Ask.com\Updater\Updater.exe
    c:\users\Default\AppData\Local\temp
    c:\users\DefaultAppPool\AppData\Local\temp
    c:\windows\svchost.exe
    c:\windows\system32\config\systemprofile\AppData\Local\temp
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-02-26 to 2012-03-26 )))))))))))))))))))))))))))))))
    .
    .
    2012-03-19 22:29 . 2012-03-19 22:29 -------- d-----w- c:\program files (x86)\Common Files\Java
    2012-03-18 11:23 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
    2012-03-18 11:23 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
    2012-03-18 11:23 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
    2012-03-18 11:18 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
    2012-03-18 11:18 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
    2012-03-18 11:18 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
    2012-03-18 11:18 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
    2012-03-18 11:18 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
    2012-03-18 11:18 . 2012-02-17 06:38 1112064 ----a-w- c:\windows\system32\rdpcorets.dll
    2012-03-18 11:18 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
    2012-03-18 11:18 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
    2012-03-18 11:18 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-03-18 11:18 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
    2012-03-18 08:01 . 2012-03-18 08:01 -------- d-----w- c:\program files (x86)\ESET
    2012-03-18 07:57 . 2011-03-20 00:31 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-03-18 07:56 . 2012-03-18 07:56 -------- d-----w- c:\program files (x86)\Java
    2012-03-18 07:50 . 2012-03-18 07:50 -------- d-----w- c:\windows\system32\appmgmt
    2012-03-17 15:15 . 2011-12-10 20:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-03-16 22:59 . 2012-03-16 22:59 -------- d-----w- c:\users\Reboot Remedy\AppData\Roaming\Malwarebytes
    2012-03-16 22:59 . 2012-03-16 22:59 -------- d-----w- c:\programdata\Malwarebytes
    2012-03-16 22:59 . 2012-03-17 15:15 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-03-15 22:40 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
    2012-03-15 22:40 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
    2012-03-15 22:40 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
    2012-03-15 22:38 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
    2012-03-15 22:38 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
    2012-03-15 20:49 . 2012-03-15 20:49 -------- d-----w- c:\windows\Sun
    2012-03-15 17:03 . 2012-03-25 16:57 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-01-20 01:22 . 2011-06-08 16:15 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-01-07 14:32 . 2012-01-07 14:32 53248 ----a-r- c:\users\Reboot Remedy\AppData\Roaming\Microsoft\Installer\{7196E6BD-4B65-43F9-9D30-73A8E58D0E84}\ARPPRODUCTICON.exe
    .
    .
    ((((((((((((((((((((((((((((( SnapShot_2012-03-19_21.30.50 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2012-03-16 17:33 . 2012-03-25 14:19 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
    - 2012-03-16 17:33 . 2012-03-19 20:26 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
    + 2012-03-15 17:03 . 2012-03-26 23:06 16384 c:\windows\SysWOW64\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
    - 2012-03-15 17:03 . 2012-03-19 21:09 16384 c:\windows\SysWOW64\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
    + 2011-02-21 23:24 . 2012-03-26 21:25 41868 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10 . 2012-03-26 21:25 42976 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2011-02-02 15:42 . 2012-03-26 21:25 13880 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2846935167-178982516-714802623-1000_UserData.bin
    - 2012-03-15 19:00 . 2012-03-18 09:47 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat
    + 2012-03-15 19:00 . 2012-03-25 17:44 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat
    + 2011-02-24 19:37 . 2012-03-26 21:23 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2011-02-24 19:37 . 2012-03-19 20:25 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-07-14 04:46 . 2012-03-22 23:41 89288 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
    - 2012-03-14 19:35 . 2012-03-19 20:29 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
    + 2012-03-14 19:35 . 2012-03-26 21:25 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
    - 2012-03-14 19:35 . 2012-03-19 20:26 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
    + 2012-03-14 19:35 . 2012-03-26 21:23 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
    - 2012-03-14 19:35 . 2012-03-19 20:26 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
    + 2012-03-14 19:35 . 2012-03-26 21:23 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
    - 2011-02-24 19:37 . 2012-03-19 20:29 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2011-02-24 19:37 . 2012-03-26 21:25 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2011-02-24 19:37 . 2012-03-26 21:23 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2011-02-24 19:37 . 2012-03-19 20:25 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2011-02-21 23:26 . 2012-03-26 21:23 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2011-02-21 23:26 . 2012-03-19 20:26 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2011-02-21 23:26 . 2012-03-26 21:23 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2011-02-21 23:26 . 2012-03-19 20:26 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2012-03-19 20:25 . 2012-03-19 20:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-03-26 21:22 . 2012-03-26 21:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2012-03-19 20:25 . 2012-03-19 20:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2012-03-26 21:22 . 2012-03-26 21:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2011-03-05 21:02 . 2012-03-26 23:06 557056 c:\windows\Temp\History\History.IE5\index.dat
    + 2011-03-05 21:02 . 2012-03-26 23:06 262144 c:\windows\Temp\Cookies\index.dat
    + 2011-02-25 21:58 . 2012-03-22 23:34 282922 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
    + 2009-07-14 05:31 . 2011-08-01 12:57 399360 c:\windows\system32\DriverStore\drvindex(13).dat
    + 2009-07-14 05:38 . 2012-03-26 21:45 262144 c:\windows\system32\config\systemprofile\ntuser.dat
    - 2009-07-14 05:38 . 2012-03-18 14:01 262144 c:\windows\system32\config\systemprofile\ntuser.dat
    - 2009-07-14 05:01 . 2012-03-19 20:23 422316 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2009-07-14 05:01 . 2012-03-26 21:21 422316 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    - 2011-03-05 21:02 . 2012-03-19 21:09 3932160 c:\windows\Temp\Temporary Internet Files\Content.IE5\index.dat
    + 2011-03-05 21:02 . 2012-03-26 23:06 3932160 c:\windows\Temp\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 02:34 . 2012-03-19 20:22 10747904 c:\windows\system32\SMI\Store\Machine\schema.dat
    + 2009-07-14 02:34 . 2012-03-25 17:04 10747904 c:\windows\system32\SMI\Store\Machine\schema.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-02-27 39408]
    "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-01-31 17147528]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
    "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-06-28 1486392]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
    "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    R2 0233821332801047mcinstcleanup;McAfee Application Installer Cleanup (0233821332801047);c:\windows\TEMP\023382~1.EXE [x]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-27 136176]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-01-31 158856]
    R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-27 136176]
    R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
    R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]
    R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
    R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
    S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
    S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
    S2 ArcGIS License Manager;ArcGIS License Manager;c:\program files (x86)\ArcGIS\License10.0\bin\lmgrd.exe [2008-11-06 1500424]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
    S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
    S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
    S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
    S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-04-14 245352]
    S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
    S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2010-09-16 80896]
    S3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [x]
    S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
    S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
    S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
    S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
    S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - mfeavfk01
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    iissvcs REG_MULTI_SZ w3svc was
    apphost REG_MULTI_SZ apphostsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-03-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-27 17:40]
    .
    2012-03-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-27 17:40]
    .
    2012-03-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2846935167-178982516-714802623-1000Core.job
    - c:\users\Reboot Remedy\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-25 20:02]
    .
    2012-03-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2846935167-178982516-714802623-1000UA.job
    - c:\users\Reboot Remedy\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-25 20:02]
    .
    .
    --------- x86-64 -----------
    .
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
    TCP: DhcpNameServer = 192.168.1.1
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus\1]
    @="131473"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\McAfee]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-03-26 18:17:20
    ComboFix-quarantined-files.txt 2012-03-26 23:17
    ComboFix2.txt 2012-03-26 19:15
    ComboFix3.txt 2012-03-19 21:38
    ComboFix4.txt 2012-03-18 04:51
    ComboFix5.txt 2012-03-26 23:04
    .
    Pre-Run: 196,672,311,296 bytes free
    Post-Run: 196,513,304,576 bytes free
    .
    - - End Of File - - 1D1D44395A486A9A0FFF6B06BA09B4E8





    All processes killed
    ========== FILES ==========
    File/Folder C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployme nt\cache\6.0\48\11724130-1dcceaa4 not found.
    File/Folder C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployme nt\cache\6.0\48\11724130-1dcceaa4 not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 134 bytes
    ->Flash cache emptied: 56502 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: DefaultAppPool
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 56502 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: Reboot Remedy
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 3281360710 bytes
    ->Java cache emptied: 0 bytes
    ->Google Chrome cache emptied: 15914152 bytes
    ->Flash cache emptied: 142204 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 49215127 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 3,192.00 mb


    OTM by OldTimer - Version 3.1.19.0 log created on 03262012_181908

    Files moved on Reboot...
    C:\Users\Reboot Remedy\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    File C:\Windows\temp\Temporary Internet Files\Content.IE5\TYAQX8YS\28569-15[1].htm not found!
    File C:\Windows\temp\Temporary Internet Files\Content.IE5\TYAQX8YS\28569-9[1].htm not found!
    C:\Windows\temp\Temporary Internet Files\Content.IE5\TYAQX8YS\adsPage[1].php moved successfully.
    C:\Windows\temp\Temporary Internet Files\Content.IE5\TYAQX8YS\beacon[1].htm moved successfully.
    File C:\Windows\temp\Temporary Internet Files\Content.IE5\TYAQX8YS\ddc[1].htm not found!
    C:\Windows\temp\Temporary Internet Files\Content.IE5\TYAQX8YS\default;pos=11;tile=4;sz=300x250;ord=9543548031[1].htm moved successfully.
    File C:\Windows\temp\Temporary Internet Files\Content.IE5\TYAQX8YS\fpi[1].htm not found!
    File C:\Windows\temp\Temporary Internet Files\Content.IE5\TYAQX8YS\hbpix[1].gif not found!
    C:\Windows\temp\Temporary Internet Files\Content.IE5\TYAQX8YS\meta[1].htm moved successfully.
    C:\Windows\temp\Temporary Internet Files\Content.IE5\TYAQX8YS\results[1].htm moved successfully.
    File C:\Windows\temp\Temporary Internet Files\Content.IE5\KOBWN45M\adaptvAdPlayer[1].js not found!
    C:\Windows\temp\Temporary Internet Files\Content.IE5\KOBWN45M\doubleclick[1].html moved successfully.
    C:\Windows\temp\Temporary Internet Files\Content.IE5\KOBWN45M\DroidSans-webfont[1].eot moved successfully.
    C:\Windows\temp\Temporary Internet Files\Content.IE5\KOBWN45M\emily[1].html moved successfully.
    C:\Windows\temp\Temporary Internet Files\Content.IE5\KOBWN45M\emily[2].html moved successfully.
    C:\Windows\temp\Temporary Internet Files\Content.IE5\KOBWN45M\League_Gothic-webfont[1].eot moved successfully.
    File C:\Windows\temp\Temporary Internet Files\Content.IE5\JTRMVW20\aceUACping[1].htm not found!
    C:\Windows\temp\Temporary Internet Files\Content.IE5\JTRMVW20\doubleclick[1].html moved successfully.
    C:\Windows\temp\Temporary Internet Files\Content.IE5\JTRMVW20\swfobject-33adea91ad4aad136036772546746d49[1].js moved successfully.
    C:\Windows\temp\Temporary Internet Files\Content.IE5\IUFKTZUI\1644777953@x71[1].htm moved successfully.
    File C:\Windows\temp\Temporary Internet Files\Content.IE5\IUFKTZUI\28571-15[1].htm not found!
    C:\Windows\temp\Temporary Internet Files\Content.IE5\IUFKTZUI\8053816736[1].htm moved successfully.
    C:\Windows\temp\Temporary Internet Files\Content.IE5\IUFKTZUI\@x94[1].htm moved successfully.
    C:\Windows\temp\Temporary Internet Files\Content.IE5\IUFKTZUI\clk[1].htm moved successfully.
    C:\Windows\temp\Temporary Internet Files\Content.IE5\IUFKTZUI\img[3].fetch moved successfully.
    C:\Windows\temp\Temporary Internet Files\Content.IE5\IUFKTZUI\p-01-0VIaSjnOLg[1].gif moved successfully.
    C:\Windows\temp\Temporary Internet Files\Content.IE5\IUFKTZUI\p-01-0VIaSjnOLg[2].gif moved successfully.
    C:\Windows\temp\Temporary Internet Files\Content.IE5\IUFKTZUI\PortalServe[2].htm moved successfully.
    C:\Windows\temp\Temporary Internet Files\Content.IE5\IUFKTZUI\sea-of-fire[1].txt moved successfully.
    C:\Windows\temp\Temporary Internet Files\Content.IE5\IUFKTZUI\search_eclickz_com[1].htm moved successfully.
    C:\Windows\temp\Temporary Internet Files\Content.IE5\IUFKTZUI\st[1] moved successfully.
    C:\Windows\temp\Temporary Internet Files\Content.IE5\IUFKTZUI\st[2] moved successfully.
    C:\Windows\temp\Temporary Internet Files\Content.IE5\IUFKTZUI\topscript.js[1].php moved successfully.
    C:\Windows\temp\Temporary Internet Files\Content.IE5\IUFKTZUI\tr-pbm[1].txt moved successfully.
    C:\Windows\temp\Temporary Internet Files\Content.IE5\IUFKTZUI\tv-quotes[1].txt moved successfully.
    C:\Windows\temp\Temporary Internet Files\Content.IE5\IUFKTZUI\yellow-pages[1].txt moved successfully.
    C:\Windows\temp\Temporary Internet Files\Content.IE5\HKXW8UNK\11945689a-f17d-41c0-9a3b-bdf24ce68ccd@x90[1].htm moved successfully.
    C:\Windows\temp\Temporary Internet Files\Content.IE5\HKXW8UNK\28569-15[1].htm moved successfully.
    C:\Windows\temp\Temporary Internet Files\Content.IE5\HKXW8UNK\aceUACping[1].htm moved successfully.
    C:\Windows\temp\Temporary Internet Files\Content.IE5\HKXW8UNK\ae_12232010[1].html moved successfully.
    C:\Windows\temp\Temporary Internet Files\Content.IE5\HKXW8UNK\afr[1].htm moved successfully.
    C:\Windows\temp\Temporary Internet Files\Content.IE5\HKXW8UNK\afr[2].htm moved successfully.
    File C:\Windows\temp\Temporary Internet Files\Content.IE5\HKXW8UNK\categoryframe[1].htm not found!
    File C:\Windows\temp\Temporary Internet Files\Content.IE5\HKXW8UNK\celebritybabycraze_btf[1].txt not found!
    C:\Windows\temp\Temporary Internet Files\Content.IE5\HKXW8UNK\data_sync[1].htm moved successfully.
    C:\Windows\temp\Temporary Internet Files\Content.IE5\HKXW8UNK\default;pos=1;tile=1;sz=728x90;ord=933711826[1].txt moved successfully.
    C:\Windows\temp\Temporary Internet Files\Content.IE5\HKXW8UNK\default;pos=3;tile=4;sz=160x600;ord=933711826[1].htm moved successfully.
    File C:\Windows\temp\Temporary Internet Files\Content.IE5\HKXW8UNK\fastbutton[1].txt not found!
    File C:\Windows\temp\Temporary Internet Files\Content.IE5\HKXW8UNK\getadi[1].txt not found!
    File C:\Windows\temp\Temporary Internet Files\Content.IE5\HKXW8UNK\getjs[3].aspx not found!
    C:\Windows\temp\Temporary Internet Files\Content.IE5\HKXW8UNK\gzfwcqwgbj-gi-joe-the-rise-of-cobra[1].txt moved successfully.
    C:\Windows\temp\Temporary Internet Files\Content.IE5\HKXW8UNK\likebox[1].php moved successfully.
    File C:\Windows\temp\Temporary Internet Files\Content.IE5\HKXW8UNK\like[1].php not found!
    C:\Windows\temp\Temporary Internet Files\Content.IE5\HKXW8UNK\misc;pos=160a;exp=0;adnt=1;tile=4;sz=160x600;ord=2471475757599339[1].htm moved successfully.
    C:\Windows\temp\Temporary Internet Files\Content.IE5\HKXW8UNK\misc;pos=728b;exp=0;adnt=1;dcopt=ist;tile=4;sz=728x90;ord=5589365395766991[1].htm moved successfully.
    C:\Windows\temp\Temporary Internet Files\Content.IE5\HKXW8UNK\mpphygynrx-family-matters[1].txt moved successfully.
    C:\Windows\temp\Temporary Internet Files\Content.IE5\HKXW8UNK\p-5aWVS_roA1dVM[1].gif moved successfully.
    C:\Windows\temp\Temporary Internet Files\Content.IE5\HKXW8UNK\passback.c.r[1].php moved successfully.
    File C:\Windows\temp\Temporary Internet Files\Content.IE5\HKXW8UNK\smartmomstyle_btf[1].txt not found!
    C:\Windows\temp\Temporary Internet Files\Content.IE5\HKXW8UNK\victoria-beckham-peter-wolf-book-bono[1].txt moved successfully.
    C:\Windows\temp\Temporary Internet Files\Content.IE5\GLX0MYFE\411answers_com[1].txt moved successfully.
    C:\Windows\temp\Temporary Internet Files\Content.IE5\GLX0MYFE\post-widget[1].js moved successfully.
    C:\Windows\temp\Temporary Internet Files\Content.IE5\GLX0MYFE\search[3].htm moved successfully.
    C:\Windows\temp\Temporary Internet Files\Content.IE5\GLX0MYFE\tweet_button.1332442903[1].html moved successfully.
    C:\Windows\temp\Temporary Internet Files\Content.IE5\9GDVSW7M\11636956296@x23[1].htm moved successfully.
    File C:\Windows\temp\Temporary Internet Files\Content.IE5\9GDVSW7M\20120326232609[1].htm not found!
    C:\Windows\temp\Temporary Internet Files\Content.IE5\9GDVSW7M\2312[1].htm moved successfully.
    File C:\Windows\temp\Temporary Internet Files\Content.IE5\9GDVSW7M\28569-9[2].htm not found!
    C:\Windows\temp\Temporary Internet Files\Content.IE5\9GDVSW7M\ad[1] moved successfully.
    C:\Windows\temp\Temporary Internet Files\Content.IE5\9GDVSW7M\afr[1].htm moved successfully.
    File C:\Windows\temp\Temporary Internet Files\Content.IE5\9GDVSW7M\afr[2].htm not found!
    File C:\Windows\temp\Temporary Internet Files\Content.IE5\9GDVSW7M\afr[3].htm not found!
    File C:\Windows\temp\Temporary Internet Files\Content.IE5\9GDVSW7M\afr[4].htm not found!
    C:\Windows\temp\Temporary Internet Files\Content.IE5\9GDVSW7M\ci[2].txt moved successfully.
    C:\Windows\temp\Temporary Internet Files\Content.IE5\9GDVSW7M\default;pos=3;tile=2;sz=160x600;ord=933711826[1].txt moved successfully.
    C:\Windows\temp\Temporary Internet Files\Content.IE5\9GDVSW7M\dppix[2].html moved successfully.
    C:\Windows\temp\Temporary Internet Files\Content.IE5\9GDVSW7M\dref=http%253A%252F%252Fsearch.eclickz.com%252F%253Faffiliate%253Dhouse%2526ref%253Dhttp%25253A%25252F%25252Fsearch.eclickz[1].com%2526Terms%253DStocks moved successfully.
    C:\Windows\temp\Temporary Internet Files\Content.IE5\9GDVSW7M\freq[2].html moved successfully.
    C:\Windows\temp\Temporary Internet Files\Content.IE5\9GDVSW7M\iframe3[1].htm moved successfully.
    C:\Windows\temp\Temporary Internet Files\Content.IE5\9GDVSW7M\iframe3[2].htm moved successfully.
    C:\Windows\temp\Temporary Internet Files\Content.IE5\9GDVSW7M\if[1].txt moved successfully.
    C:\Windows\temp\Temporary Internet Files\Content.IE5\9GDVSW7M\img[1].fetch moved successfully.
    C:\Windows\temp\Temporary Internet Files\Content.IE5\9GDVSW7M\img[3].fetch moved successfully.
    File C:\Windows\temp\Temporary Internet Files\Content.IE5\9GDVSW7M\like[2].php not found!
    C:\Windows\temp\Temporary Internet Files\Content.IE5\9GDVSW7M\p-01-0VIaSjnOLg[1].gif moved successfully.
    File C:\Windows\temp\Temporary Internet Files\Content.IE5\9GDVSW7M\p-01-0VIaSjnOLg[2].gif not found!
    C:\Windows\temp\Temporary Internet Files\Content.IE5\9GDVSW7M\Pug[1].htm moved successfully.
    C:\Windows\temp\Temporary Internet Files\Content.IE5\9GDVSW7M\Salmon[1].css moved successfully.
    C:\Windows\temp\Temporary Internet Files\Content.IE5\9GDVSW7M\syncuppixels[1].html moved successfully.
    C:\Windows\temp\Temporary Internet Files\Content.IE5\9GDVSW7M\tr-clk[1].htm moved successfully.
    C:\Windows\temp\Temporary Internet Files\Content.IE5\9GDVSW7M\v=5%3Bm=3%3Bl=33451%3Bc=218712%3Bb=1303981%3Bts=20120326192657%3Bdct=;ord=1332804417[1].htm moved successfully.
    C:\Windows\temp\Temporary Internet Files\Content.IE5\2PV1DQ3E\audience-science[1].htm moved successfully.
    C:\Windows\temp\Temporary Internet Files\Content.IE5\2PV1DQ3E\emily[1].html moved successfully.
    C:\Windows\temp\flaE910.tmp moved successfully.
    File C:\Windows\temp\mcafee_DPoDIkwRcC1pZpC not found!

    Registry entries deleted on Reboot...
     
  10. mik1680

    mik1680 TS Rookie Topic Starter

    So far everything appears to be ok...icons, desktop, and task manager are in order.
     
  11. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    What happened that caused Combofix to run in REDUCED FUNCTIONALITY MODE?-
    .
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...