newbie2012

June 22, 2012

Thank you! I'll keep this in mind for the future. For now, all is well, I think -- I simply downloaded a new Itunes and installed over the old one (I think the installer automatically removed the old version and cleaned up). It also appears that the new version re-installed ituneshelper.exe (it was running even before I started itunes again). So I think I'm all good for now. Thank you again for all the wonderful help!

June 22, 2012

Thank you again. I figured out that the Ytimg thing is simply recording my volume preference on Youtube.

But I have another problem. Since the unnecessary startup files were cleaned up, I cannot update my Itunes anymore. I click on update, it says there is a new version, but when I click on it to start, the window just closes, leaving Itunes as is. I noticed that one of the deleted startups is a Ituneshelper or some such file. Might that be the cause?

Also, could I use HiJackThis to get rid of unnecessary startups in another computer too (follow the same step as you indicated above and erase HiJackThis from my desktop once I am done with it)?

I really appreciate all your help. You have been amazing to a total stranger on the net. I am going to make another small donation as a gesture of appreciation since your help has been far more valuable than what I gave (and am giving). Thank you!

June 21, 2012

Thank you again for the amazing help! I saved this thread on my favorites so I can check back and review some of the information occasionally.

One quick question: whenever I watch clips on YouTube now, there is this message "ytmg.com is requesting permission to store file on your computer: allow or deny." Does this have anything to do with my new setup? Or is it simply YouTube trying to store my volume level or preferences?

Sorry, one more: does it help to run Internet Explorer in protected mode or is it just a nuissance?

June 21, 2012

Thank you so much for the wonderful help. I have some follow-up reports and questions.

Of the programs to remove:

1. I never ran DeFogger, so I skipped.

2. I tried to remove combofix, but when I followed your direction, it said that "computer could not find combofix."

3. When I ran OTCleanIt, the new Combofix I downloaded into my desktop disappeared before rebooting.

Aside from the three programs I am keeping (Revo, CCleaner, Malwarebyte), I still have on my desktop the following:

4. mbabm-setup (I assume set up program for Malwarebyte -- can I delete it?).

5. HiJackThis and HiJackThis setup program.

6. RKill.

7. Unhide.

8. aswMBR and MBR.dat.

9. Security check.

Could I just delete these from the desktop or keep them?

Last, can MSE, WinPatrol and Malwarebytes (upgraded realtime protection) all run at the same time on the same computer and not cause problems?

Thank you so much again for all the help.

June 20, 2012

Thank you! I deleted the unnecessary startup entries (I always wondered how to do this without using the selective startup). I am going to do this with my other computer too.

I ran the ESET scan and found one threat. The log is below. By the way, I could not find "advanced setting" so I could not tick "Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology."

Log:

C:\Qoobox\Quarantine\C\ProgramData\bSIPsmLEdWM.exe.vir Win32/TrojanDownloader.Prodatect.BL trojan

June 20, 2012

Sorry, I forgot to mention that after using CCleaner and Malwarebyte hung up, I tried to boot to safe mode and got hung up again. When I tried to reboot to normal mode, the computer kicked into Chkdsk and completed the process. Then everything seemed okay (until Hijackthis hung up once).

June 20, 2012

I followed your instruction and did the following:

1. Uninstalled the three programs.

2. Re-installed the latest version of Adobe Reader (10.1.3). For some reason, it would not install on its own, so I had start with 9.5 and painstakingly upgrade version by version until I hit 10.1.3.

3. Re-installed the latest version of Java.

4. Downloaded and ran CCleaner.

5. Ran Malwarebyte. For some reason it hung after 2 min. Then tried to boot to safe mode with networking and it kept hanging up during the boot. Finally, after a few normal and safe mode booting, was able to reboot to safe mode and run it.

6. Ran HiJackthis. It hung up a couple of times. Again, I rebooted a couple of times to get it done.

Here are the logs. First the Malwarebyte log:

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.06.20.01

Windows Vista Service Pack 2 x86 NTFS (Safe Mode/Networking)

Internet Explorer 9.0.8112.16421

James :: DESKTOP [administrator]

6/20/2012 2:05:19 AM

mbam-log-2012-06-20 (02-05-19).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 256813

Time elapsed: 4 minute(s), 41 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

And the Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 2:42:04 AM, on 6/20/2012

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v9.00 (9.00.8112.16446)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe

C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe

C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\Program Files\Common Files\Apple\Internet Services\ubd.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\XPSMiniViewGadget\XPSMiniViewGadget.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe

C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [bluetooth HCI Monitor] RunDll32 HCIMNTR.DLL,RunCheckHCIMode

O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"

O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup

O4 - HKLM\..\Run: [CCUTRAYICON] "C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe"

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [sigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe

O4 - HKUS\S-1-5-21-3248508387-1688139464-2563787494-1000\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'IUSR_NMPR')

O4 - HKUS\S-1-5-21-3248508387-1688139464-2563787494-1000\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'IUSR_NMPR')

O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: Bluetooth.lnk = ?

O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - http://support.dell.com/systemprofiler/SysProExe.CAB

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Intel® Alert Service (AlertService) - Intel® Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe

O23 - Service: Amazon Download Agent - Amazon.com - C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe

O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: Intel® DHTrace Controller (DHTRACE) - Intel® Corporation - C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe

O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

O23 - Service: Intuit Update Service v4 (IntuitUpdateServiceV4) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Intel® Software Services Manager (ISSM) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe

O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

O23 - Service: Intel® Viiv Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe

O23 - Service: Intel® Application Tracker (MCLServiceATL) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe

O23 - Service: Intel® NMSCore (NMSCore) - Intel® Corporation - C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\Program Files\Common Files\Protexis\License Service\PSIService.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

O23 - Service: Intel® Quality Manager (QualityManager) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe

O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--

End of file - 12473 bytes

Again, many thanks for the wonderful help!

June 20, 2012

As instructed, here is the extra report:

Update for Microsoft Office 2007 (KB2508958)

Adobe AIR

Adobe Anchor Service CS3

Adobe Asset Services CS3

Adobe Bridge CS3

Adobe Bridge Start Meeting

Adobe Camera Raw 4.0

Adobe CMaps

Adobe Default Language CS3

Adobe Device Central CS3

Adobe Elements Studio Launcher

Adobe ExtendScript Toolkit 2

Adobe Flash Player 11 ActiveX

Adobe Help Viewer CS3

Adobe PDF Library Files

Adobe Photoshop Elements 6.0

Adobe Premiere Elements 4.0

Adobe Premiere Elements 4.0 Templates

Adobe Reader 8.1.0

Adobe Setup

Adobe Soundbooth CS3

Adobe Soundbooth CS3 Codecs

Adobe Soundbooth CS3 Scores

Adobe Type Support

Adobe Update Manager CS3

Adobe Version Cue CS3 Client

Adobe XMP DVA Panels CS3

Adobe XMP Panels CS3

Amazon Games & Software Downloader

Amazon MP3 Downloader 1.0.9

AnswerWorks 4.0 Runtime - English

AnswerWorks 5.0 English Runtime

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ATI Parental Control & Encoder

Banctec Service Agreement

Barbarian Invasion

Bonjour

Browser Address Error Redirector

CameraHelperMsi

Canon Camera Window DC_DV 6 for ZoomBrowser EX

Canon Camera Window MC 6 for ZoomBrowser EX

Canon G.726 WMP-Decoder

Canon MovieEdit Task for ZoomBrowser EX

Canon RAW Image Task for ZoomBrowser EX

Canon RemoteCapture Task for ZoomBrowser EX

Canon Utilities ZoomBrowser EX

Conexant D850 PCI V.92 Modem

ContentHD

Contents

Corel GuideMenu

Corel VideoStudio Pro X3

Dell DataSafe Online

Dell Getting Started Guide

Dell Support Center (Support Software)

DeviceIO

Digital Line Detect

erLT

Google Desktop

Google Earth Plug-in

Google Toolbar for Internet Explorer

Google Update Helper

GuideMenu

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

ICA

iCloud

Intel® Matrix Storage Manager

Intel® PRO Network Connections 12.1.12.4

Intel® Viiv Software

InterVideo WinDVD SE

iPhone Configuration Utility

IPM_VS_Pro

iTunes

Java Auto Updater

Java 6 Update 23

Korean Fonts Support For Adobe Reader 8

Logitech Webcam Software

LWS Facebook

LWS Gallery

LWS Help_main

LWS Launcher

LWS Motion Detection

LWS Pictures And Video

LWS Twitter

LWS Video Mask Maker

LWS VideoEffects

LWS Webcam Software

LWS WLM Plugin

LWS YouTube Plugin

Malwarebytes Anti-Malware version 1.61.0.1400

Medieval II Total War

Medieval II Total War : Kingdoms : Americas

Medieval II Total War : Kingdoms : Britannia

Medieval II Total War : Kingdoms : Crusades

Medieval II Total War : Kingdoms : Teutonic

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft IntelliPoint 7.0

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Home and Student 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook 2007

Microsoft Office Outlook Connector

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft XML Parser

MLE

MobileMe Control Panel

Modem Diagnostic Tool

Mouse Suite for Desktop Computers

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB941833)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Music, Photos & Videos Launcher

NetWaiting

NVIDIA Drivers

OGA Notifier 2.0.0048.0

Product Documentation Launcher

PureHD

QuickTime

Rome - Total War

Rome: Total Realism VII: Fate of Empires

Roxio Activation Module

Roxio Creator Audio

Roxio Creator BDAV Plugin

Roxio Creator Copy

Roxio Creator Data

Roxio Creator Premier

Roxio Creator Tools

Roxio EasyArchive

Roxio Express Labeler

Roxio MyDVD Premier

Roxio Update Manager

Safari

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition

Security Update for Windows Media Encoder (KB2447961)

Security Update for Windows Media Encoder (KB979332)

Setup

Share

Shutterfly Express Uploader

SigmaTel Audio

Skype Click to Call

Skype™ 5.9

SmartSound Common Data

SmartSound Quicktracks 5

Sonic CinePlayer Decoder Pack

TurboTax 2008

TurboTax 2008 WinPerFedFormset

TurboTax 2008 WinPerProgramHelp

TurboTax 2008 WinPerReleaseEngine

TurboTax 2008 WinPerTaxSupport

TurboTax 2008 WinPerUserEducation

TurboTax 2008 wrapper

TurboTax 2008 wvaiper

TurboTax 2009

TurboTax 2009 WinPerFedFormset

TurboTax 2009 WinPerReleaseEngine

TurboTax 2009 WinPerTaxSupport

TurboTax 2009 wrapper

TurboTax 2009 wvaiper

TurboTax 2010

TurboTax 2010 WinPerFedFormset

TurboTax 2010 WinPerReleaseEngine

TurboTax 2010 WinPerTaxSupport

TurboTax 2010 wrapper

TurboTax 2010 wvaiper

TurboTax 2011

TurboTax 2011 WinPerFedFormset

TurboTax 2011 WinPerReleaseEngine

TurboTax 2011 WinPerTaxSupport

TurboTax 2011 wrapper

TurboTax 2011 wvaiper

TurboTax Deluxe 2007

TVT7Diag

Ulead DVD MovieFactory SE

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687267) 32-Bit Edition

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

User's Guides

VIO

VSClassic

VSPro

WIDCOMM Bluetooth Software 6.0.1.4300

Windows Live installer

Windows Live Mail

Windows Live Sign-in Assistant

Windows Media Encoder 9 Series

WinFF 0.44

WinRAR archiver

XPS MiniView Gadget

June 20, 2012

By the way, is there a reason why combofix keeps saying I have Microsoft Security Essentials active even though the realtime protection is turned off? It scares me a little each time I run combofix, because it warns of "unpredictable" results if I continue without deactivating MSE.

Also, should I update my Java and Adobe Acrobat? I think Essential Security found these to be outdated.

I thik I got this HDD Scan malware while browsing an unfamiliar site through IE. I was looking at an article on this site, ran a product review video clip on it and then IE shut down. When I restarted IE and asked it restore previously viewed sites, that's when the symptoms of the malware showed up. Would it be helpful from now on to have my IE security level at default (medium-high) AND turn Protection Mode on?

Thank you again for all your help. So far the computer seems to be working normally as far as I could tell.

June 19, 2012

I ran the script and here is the report:

ComboFix 12-06-19.03 - James 06/19/2012 19:30:28.1.4 - x86 NETWORK

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3069.2420 [GMT -4:00]

Running from: c:\users\James\Desktop\ComboFix.exe

Command switches used :: c:\users\James\Desktop\CFScript.txt

AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

((((((((((((((((((((((((( Files Created from 2012-05-19 to 2012-06-19 )))))))))))))))))))))))))))))))

.

2012-06-19 23:44 . 2012-06-19 23:44 -------- d-----w- c:\users\James\AppData\Local\temp

2012-06-19 23:44 . 2012-06-19 23:44 -------- d-----w- c:\users\Kimberly\AppData\Local\temp

2012-06-19 23:44 . 2012-06-19 23:44 -------- d-----w- c:\users\IUSR_NMPR\AppData\Local\temp

2012-06-19 23:44 . 2012-06-19 23:44 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-06-19 21:49 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2FCB76D0-FE28-4DFC-9DAF-D538729CB2DA}\mpengine.dll

2012-06-19 05:46 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-06-18 14:21 . 2012-06-18 14:21 -------- d-----w- C:\_OTL

2012-06-17 22:36 . 2012-06-17 22:36 -------- d-----w- C:\found.000

2012-06-17 20:17 . 2012-06-17 20:17 -------- d-----w- c:\users\James\AppData\Roaming\Malwarebytes

2012-06-17 20:17 . 2012-06-17 20:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-06-17 20:17 . 2012-06-17 20:17 -------- d-----w- c:\programdata\Malwarebytes

2012-06-17 20:17 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-12 22:29 . 2012-05-17 23:21 140920 ----a-w- c:\program files\Internet Explorer\sqmapi.dll

2012-06-12 22:29 . 2012-05-17 22:31 194560 ----a-w- c:\program files\Internet Explorer\ieproxy.dll

2012-06-12 22:29 . 2012-05-17 22:24 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-06-12 22:29 . 2012-05-17 22:31 194048 ----a-w- c:\program files\Internet Explorer\IEShims.dll

2012-06-12 22:29 . 2012-05-17 22:29 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2012-06-12 22:28 . 2012-05-17 22:35 1129472 ----a-w- c:\windows\system32\wininet.dll

2012-06-12 22:28 . 2012-05-17 23:21 748664 ----a-w- c:\program files\Internet Explorer\iexplore.exe

2012-06-12 22:28 . 2012-05-17 22:45 1800192 ----a-w- c:\windows\system32\jscript9.dll

2012-06-12 22:28 . 2012-05-17 22:38 678912 ----a-w- c:\program files\Internet Explorer\iedvtool.dll

2012-06-12 22:28 . 2012-05-17 22:37 387584 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll

2012-06-12 22:28 . 2012-05-17 22:35 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2012-06-12 22:15 . 2012-02-10 09:45 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D147F1FD-FDB8-4B26-B48F-BDAAE975954C}\gapaengine.dll

2012-06-12 22:10 . 2012-04-23 16:00 984064 ----a-w- c:\windows\system32\crypt32.dll

2012-06-12 22:10 . 2012-04-23 16:00 98304 ----a-w- c:\windows\system32\cryptnet.dll

2012-06-12 22:10 . 2012-04-23 16:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll

2012-06-12 22:09 . 2012-05-15 19:51 2045440 ----a-w- c:\windows\system32\win32k.sys

2012-06-12 22:09 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-12 21:59 . 2012-04-05 16:29 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-06-12 21:59 . 2011-05-18 19:26 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-04-19 00:56 . 2012-04-19 00:56 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2012-04-19 00:56 . 2012-04-19 00:56 69632 ----a-w- c:\windows\system32\QuickTime.qts

2012-04-03 08:16 . 2012-05-10 05:45 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-04-03 08:16 . 2012-05-10 05:45 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-03-30 12:39 . 2012-05-10 05:45 914304 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-03-29 13:39 . 2012-05-10 05:45 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]

"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Bluetooth HCI Monitor"="HCIMNTR.DLL" [2006-12-07 9728]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]

"NMSSupport"="c:\program files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" [2007-06-27 439512]

"CCUTRAYICON"="c:\program files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" [2007-06-27 215256]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]

"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-05-06 405504]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-05-26 1468296]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]

"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]

.

c:\users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-2-13 715568]

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-2-21 50688]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GOEC62~1.DLL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux3"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AmazonGSDownloaderTray]

2009-04-06 20:35 247296 ----a-w- c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]

2009-05-21 14:55 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]

2007-11-15 14:24 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]

2007-05-25 06:03 17920 ---ha-w- c:\dell\E-Center\EULALauncher.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]

2008-02-22 02:15 1838592 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GuideMenu]

2007-08-07 21:01 1282048 ----a-w- c:\program files\Corel\Corel GuideMenu\GuideMenu.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

2007-09-17 13:07 81920 ----a-w- c:\windows\System32\nvmctray.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]

2007-09-17 13:07 86016 ----a-w- c:\windows\System32\nvsvc.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2012-06-05 20:04 17345712 ----a-r- c:\program files\Skype\Phone\Skype.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Standby]

2009-12-17 10:42 105632 ----a-w- c:\program files\Common Files\Corel\Standby\Standby.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - ECACHE

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

Contents of the 'Scheduled Tasks' folder

.

2012-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-01 17:42]

.

2012-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-01 17:42]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/ig

uInternet Settings,ProxyOverride = <local>;*.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

Trusted Zone: intuit.com\ttlc

Trusted Zone: turbotax.com

TCP: DhcpNameServer = 192.168.98.1

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-06-19 19:44

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,00,2a,4e,f8,87,89,6c,4f,a4,fe,ae,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,00,2a,4e,f8,87,89,6c,4f,a4,fe,ae,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Completion time: 2012-06-19 19:46:59

ComboFix-quarantined-files.txt 2012-06-19 23:46

ComboFix2.txt 2012-06-19 21:46

ComboFix3.txt 2012-06-19 05:43

.

Pre-Run: 279,714,799,616 bytes free

Post-Run: 279,655,690,240 bytes free

.

- - End Of File - - B6F2C4C89540200EECFAAC04C670D0DD

June 19, 2012

Ok. Whew. I downloaded combofix to another computer and then brought it to the afflicted computer with a thumb drive. Everything ran fine and I have my connectivity back. Thank you!

Here is the log:

ComboFix 12-06-19.03 - James 06/19/2012 17:25:06.1.4 - x86 NETWORK

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3069.2499 [GMT -4:00]

Running from: c:\users\James\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((( Files Created from 2012-05-19 to 2012-06-19 )))))))))))))))))))))))))))))))

.

2012-06-19 21:43 . 2012-06-19 21:43 -------- d-----w- c:\users\James\AppData\Local\temp

2012-06-19 21:43 . 2012-06-19 21:43 -------- d-----w- c:\users\Kimberly\AppData\Local\temp

2012-06-19 21:43 . 2012-06-19 21:43 -------- d-----w- c:\users\IUSR_NMPR\AppData\Local\temp

2012-06-19 21:43 . 2012-06-19 21:43 -------- d-----w- c:\users\Default\AppData\Local\temp