tomatojuice

July 5, 2012

Thank you!

July 5, 2012

Thanks! I was able to switch to Xfinity.com Seachbar as the only default and was able to delete Facemood. I have been a fan of Malwarebytes for a while now. Maybe its time to actually buy it! I appreciate your help.

July 5, 2012

Im sure it got rid of Babylon, now I still have Facemood that still needs to be removed.

July 5, 2012

Also, I tried moving CF to the desktop but it only creates a shortcut. When i had downloaded the file earlier it wouldnt let me choose where I wanted to save teh file. Sorry

July 5, 2012

I went ahead and left no space between CFScript and ran the program again. Here are the results:

ComboFix 12-07-05.04 - ftyu89o0iuhgvcvhjikk 07/05/2012 17:50:23.3.4 - x64

Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.8184.6062 [GMT -5:00]

Running from: c:\users\ftyu89o0iuhgvcvhjikk\Downloads\ComboFix.exe

Command switches used :: c:\users\ftyu89o0iuhgvcvhjikk\Desktop\CFScript.txt

AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\programdata\Babylon

c:\users\ftyu89o0iuhgvcvhjikk\AppData\Roaming\Babylon

c:\users\ftyu89o0iuhgvcvhjikk\AppData\Roaming\Babylon\log_file.txt

.

((((((((((((((((((((((((( Files Created from 2012-06-05 to 2012-07-05 )))))))))))))))))))))))))))))))

.

2012-07-05 22:57 . 2012-07-05 22:57 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-07-05 22:57 . 2012-07-05 22:57 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp

2012-07-05 22:57 . 2012-07-05 22:57 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-07-04 18:21 . 2012-07-04 18:41 -------- d-----w- c:\programdata\WeCareReminder

2012-06-28 02:49 . 2012-06-28 02:49 -------- d-----w- c:\program files (x86)\Microsoft Security Client

2012-06-28 02:49 . 2012-06-28 02:50 -------- d-----w- c:\program files\Microsoft Security Client

2012-06-28 02:49 . 2010-04-09 11:06 374664 ----a-w- c:\windows\system32\drivers\netio.sys

2012-06-28 02:47 . 2012-06-28 02:47 -------- d-----w- c:\program files\CCleaner

2012-06-20 00:45 . 2012-06-26 14:37 -------- d-----w- c:\program files (x86)\Diablo III

2012-06-20 00:26 . 2012-06-20 00:26 -------- d-----w- c:\users\ftyu89o0iuhgvcvhjikk\AppData\Local\Macromedia

2012-06-19 14:25 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-19 14:25 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-19 14:25 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-19 14:25 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-19 14:25 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-19 14:25 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-19 14:25 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-19 14:24 . 2012-06-02 20:19 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-19 14:24 . 2012-06-02 20:15 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-06-19 00:09 . 2012-04-04 20:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-13 12:35 . 2012-04-26 05:34 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-06-13 12:35 . 2012-04-26 05:34 76288 ----a-w- c:\windows\system32\rdpwsx.dll

2012-06-13 12:35 . 2012-04-26 05:28 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-06-13 12:35 . 2012-05-02 05:32 208896 ----a-w- c:\windows\system32\profsvc.dll

2012-06-13 12:35 . 2012-05-04 10:52 5505392 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-06-13 12:35 . 2012-05-04 10:08 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-06-13 12:35 . 2012-05-04 10:08 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-06-13 12:34 . 2012-05-15 01:32 3144192 ----a-w- c:\windows\system32\win32k.sys

2012-06-13 12:34 . 2012-04-28 03:50 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-06-13 12:34 . 2012-04-07 12:18 3213824 ----a-w- c:\windows\system32\msi.dll

2012-06-13 12:34 . 2012-04-07 11:34 2342400 ----a-w- c:\windows\SysWow64\msi.dll

2012-06-13 12:34 . 2012-04-24 05:59 182272 ----a-w- c:\windows\system32\cryptsvc.dll

2012-06-13 12:34 . 2012-04-24 05:59 1460224 ----a-w- c:\windows\system32\crypt32.dll

2012-06-13 12:34 . 2012-04-24 04:47 1156608 ----a-w- c:\windows\SysWow64\crypt32.dll

2012-06-13 12:34 . 2012-04-24 05:59 140288 ----a-w- c:\windows\system32\cryptnet.dll

2012-06-13 12:34 . 2012-04-24 04:47 139264 ----a-w- c:\windows\SysWow64\cryptsvc.dll

2012-06-13 12:34 . 2012-04-24 04:47 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-05 22:43 . 2012-07-05 22:04 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8EF467F6-9D35-49D7-8AFF-7BB9467E2A34}\offreg.dll

2012-06-22 13:25 . 2012-04-24 15:13 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-06-22 13:25 . 2011-05-13 13:58 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-06-18 08:12 . 2012-07-05 21:54 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8EF467F6-9D35-49D7-8AFF-7BB9467E2A34}\mpengine.dll

2012-06-18 08:12 . 2012-07-04 19:05 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-05-05 02:40 . 2012-04-24 15:40 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2012-04-16 00:07 . 2012-04-16 00:07 2829 ----a-w- c:\windows\DIIUnin.pif

2012-04-16 00:07 . 2012-04-16 00:07 94208 ----a-w- c:\windows\DIIUnin.exe

2012-04-15 23:38 . 2012-04-15 23:38 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys

.

((((((((((((((((((((((((((((( SnapShot@2012-07-05_17.14.39 )))))))))))))))))))))))))))))))))))))))))

.

- 2009-07-14 04:54 . 2012-07-05 17:12 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:54 . 2012-07-05 22:59 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:54 . 2012-07-05 22:59 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 04:54 . 2012-07-05 17:12 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-09-01 11:38 . 2012-07-05 23:01 68814 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-07-05 23:01 44362 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2010-08-31 03:00 . 2012-07-05 23:01 30448 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1697123931-2070091935-2512258470-1000_UserData.bin

- 2009-07-14 05:30 . 2012-06-12 01:27 86016 c:\windows\system32\DriverStore\infpub.dat

+ 2009-07-14 05:30 . 2012-07-05 21:40 86016 c:\windows\system32\DriverStore\infpub.dat

+ 2010-08-31 04:37 . 2012-07-05 21:07 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-08-31 04:37 . 2012-07-05 16:54 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-08-31 04:37 . 2012-07-05 21:07 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2010-08-31 04:37 . 2012-07-05 16:54 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-07-05 16:54 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2012-07-05 21:07 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2012-07-05 17:12 . 2012-07-05 17:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-07-05 22:59 . 2012-07-05 22:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-07-05 22:59 . 2012-07-05 22:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2012-07-05 17:12 . 2012-07-05 17:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2009-07-14 04:54 . 2012-07-05 17:12 589824 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2012-07-05 22:59 589824 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 05:30 . 2012-06-12 01:27 143360 c:\windows\system32\DriverStore\infstrng.dat

+ 2009-07-14 05:30 . 2012-07-05 21:40 143360 c:\windows\system32\DriverStore\infstrng.dat

- 2009-07-14 05:30 . 2012-06-12 01:26 143360 c:\windows\system32\DriverStore\infstor.dat

+ 2009-07-14 05:30 . 2012-07-05 21:40 143360 c:\windows\system32\DriverStore\infstor.dat

+ 2009-07-14 05:01 . 2012-07-05 22:57 470724 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2009-07-14 05:01 . 2012-07-05 17:10 470724 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2011-05-19 05:18 . 2012-07-05 21:42 3294240 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1697123931-2070091935-2512258470-1000-12288.dat

- 2009-07-14 02:34 . 2012-07-05 14:22 10747904 c:\windows\system32\SMI\Store\Machine\schema.dat

+ 2009-07-14 02:34 . 2012-07-05 22:38 10747904 c:\windows\system32\SMI\Store\Machine\schema.dat

+ 2010-10-18 03:50 . 2012-07-05 22:57 38347752 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1697123931-2070091935-2512258470-1000-8192.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"VeohPlugin"="c:\program files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2011-06-22 2648184]

"Desktop Software"="c:\program files (x86)\Common Files\SupportSoft\bin\bcont.exe" [2009-04-24 1025320]

"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-08-02 1242448]

"Xvid"="c:\program files (x86)\Xvid\CheckUpdate.exe" [2011-01-17 8192]

"Download"="c:\users\ftyu89o0iuhgvcvhjikk\AppData\Local\SupportSoft\ddoctorv2\ftyu89o0iuhgvcvhjikk\SSGet.exe" [2012-01-11 987648]

"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-11 3672384]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"ddoctorv2"="c:\program files (x86)\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]

"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2011-11-11 273528]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]

"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]

"LTCM Client"="c:\program files (x86)\LTCM Client\ltcmClient.exe" [2009-08-05 1596096]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]

"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"B Register c:\program files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDFXAudioPlugin.dll"="c:\windows\system32\rundll32.exe" [2009-07-14 44544]

"B Register c:\program files (x86)\DivX\DivX Plus Player\DSEPlugins\DFXAudioPlugin.dll"="c:\windows\system32\rundll32.exe" [2009-07-14 44544]

"B Register c:\program files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll"="c:\windows\system32\rundll32.exe" [2009-07-14 44544]

"B Register c:\program files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll"="c:\windows\system32\rundll32.exe" [2009-07-14 44544]

"B Register c:\program files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll"="c:\windows\system32\rundll32.exe" [2009-07-14 44544]

"B Register c:\program files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll"="c:\windows\system32\rundll32.exe" [2009-07-14 44544]

.

c:\users\ftyu89o0iuhgvcvhjikk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Epson all-in-one Registration.lnk - e:\common\EpsonReg\EpsonReg.exe [N/A]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-23 136176]

R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-22 250056]

R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [2009-01-29 6144]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-23 136176]

R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2009-06-19 20992]

R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2009-01-29 9216]

R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [2010-04-01 26624]

R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [2010-01-26 10240]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-14 113120]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 S3XXx64;SCR3xx USB SmartCardReader64;c:\windows\system32\DRIVERS\S3XXx64.sys [2010-01-07 68224]

R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-01 1255736]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 ahcix64s;ahcix64s;c:\windows\system32\DRIVERS\ahcix64s.sys [2009-05-19 231224]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-04-15 283200]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 AntiSpywareService;Comcast AntiSpyware;c:\program files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [2009-06-17 616408]

S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2009-09-14 166400]

S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2009-09-14 128512]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

S2 MotoConnect Service;MotoConnect Service;c:\program files (x86)\Motorola\MotoConnectService\MotoConnectService.exe [2010-06-24 91456]

S2 NovacomD;Palm Novacom;c:\program files\Palm, Inc\novacomd\amd64\novacomd.exe [2011-03-15 71168]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]

S2 Palm_TCP_Relay;Palm TCP Relay;c:\program files (x86)\HP webOS\PDK\tcprelay.exe [2011-10-07 11776]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-03-02 187392]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

.

Contents of the 'Scheduled Tasks' folder

.

2012-07-05 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-24 13:25]

.

2012-07-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-23 23:33]

.

2012-07-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-23 23:33]

.

2012-07-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1697123931-2070091935-2512258470-1000Core.job

- c:\users\ftyu89o0iuhgvcvhjikk\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-07 15:38]

.

2012-07-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1697123931-2070091935-2512258470-1000UA.job

- c:\users\ftyu89o0iuhgvcvhjikk\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-07 15:38]

.

--------- X64 Entries -----------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 75.75.76.76 75.75.75.75 192.168.1.1

FF - ProfilePath - c:\users\ftyu89o0iuhgvcvhjikk\AppData\Roaming\Mozilla\Firefox\Profiles\00owrm4h.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - hxxp://www.google.co.uk/webhp?hl=en&tab=ww

FF - prefs.js: network.proxy.type - 0

.

- - - - ORPHANS REMOVED - - - -

.

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)

WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\windows\SysWOW64\PnkBstrA.exe

c:\program files (x86)\Comcast\Desktop Doctor\bin\sprtsvc.exe

c:\program files (x86)\Motorola\MotoConnectService\MotoConnect.exe

.

**************************************************************************

.

Completion time: 2012-07-05 18:06:25 - machine was rebooted

ComboFix-quarantined-files.txt 2012-07-05 23:06

ComboFix2.txt 2012-07-05 22:28

ComboFix3.txt 2012-07-05 17:27

.

Pre-Run: 240,404,987,904 bytes free

Post-Run: 240,085,684,224 bytes free

.

- - End Of File - - 0CF36989C8986474D6B1B3D7B53727E0

July 5, 2012

When I hit ok, The program closes

July 5, 2012

I have run into the same error.

Were you trying to run CF Script?

The name, CF Script appears to be incorrectly spelt.

I saved the notepad document without the “ “ and has a space between CF and Script.

Will it run after i press ok?

July 5, 2012

The computer is running a bit better now. Less CPU usage it seems, but Facemood is still in the toolbar

July 5, 2012

ComboFix 12-07-05.04 - ftyu89o0iuhgvcvhjikk 07/05/2012 17:09:05.2.4 - x64

Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.8184.6203 [GMT -5:00]

Running from: c:\users\ftyu89o0iuhgvcvhjikk\Downloads\ComboFix.exe

AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((( Files Created from 2012-06-05 to 2012-07-05 )))))))))))))))))))))))))))))))

.

2012-07-05 22:17 . 2012-07-05 22:17 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-07-05 22:17 . 2012-07-05 22:17 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp

2012-07-05 22:17 . 2012-07-05 22:17 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-07-05 22:04 . 2012-07-05 22:04 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8EF467F6-9D35-49D7-8AFF-7BB9467E2A34}\offreg.dll

2012-07-05 21:54 . 2012-06-18 08:12 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8EF467F6-9D35-49D7-8AFF-7BB9467E2A34}\mpengine.dll

2012-07-04 19:05 . 2012-06-18 08:12 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-07-04 18:21 . 2012-07-04 18:41 -------- d-----w- c:\programdata\WeCareReminder

2012-07-04 18:20 . 2012-07-04 18:20 -------- d-----w- c:\users\ftyu89o0iuhgvcvhjikk\AppData\Roaming\Babylon

2012-07-04 18:20 . 2012-07-04 18:20 -------- d-----w- c:\programdata\Babylon

2012-07-03 15:41 . 2012-02-09 19:17 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2012-07-03 15:41 . 2012-02-09 19:17 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7F1A2F1D-BD76-4573-9B7C-2C1D71ED3F31}\gapaengine.dll