levers

Sorry for the delay...Thanksgiving holiday weekend here in the States. I have done all of the above and the owner reports that the computer is running well now. I will also refer him to your link of best practices to, hopefully, reduce the chance of infection again in the future. Thank you so very much for your help with this! The issue was brought to me because I am more computer saavy than the owner, but I am BY NO MEANS and expert and could never have handled this on my own without your assistance, so THANK YOU!!

Sorry for the delay. System seems to be running OK now as far as I can tell.

Finally got it to run in safe mode. Here's the log file: All processes killed ========== FILES ========== C:\Documents and Settings\Monte Leiferman\Local Settings\Temporary Internet Files\Content.IE5\BLD90P3D\rkvswicyja[1].js moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32768 bytes ->Flash cache emptied: 321 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32969 bytes ->Flash cache emptied: 41941 bytes User: LocalService ->Temp folder emptied: 65984 bytes ->Temporary Internet Files folder emptied: 41550620 bytes User: Monte Leiferman ->Temp folder emptied: 5458921 bytes ->Temporary Internet Files folder emptied: 1031955222 bytes ->Java cache emptied: 35990707 bytes ->Google Chrome cache emptied: 11934007 bytes ->Flash cache emptied: 113378 bytes User: NetworkService ->Temp folder emptied: 844276 bytes ->Temporary Internet Files folder emptied: 32456811 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 2577 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 138138 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 77832527 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 1202766 bytes RecycleBin emptied: 153629994 bytes Total Files Cleaned = 1,329.00 mb OTM by OldTimer - Version 3.1.21.0 log created on 11252013_141845

Hi Kevin, I am back and attempting the previous instructions. Should the MoveIt process with OTM take very long? It's been running now for over 30 minutes but shows no indication that it is doing anything other than the hourglass cursor, and the desktop did not disappear. Just wondering if it hung or if I simply need to be patient...

I'm out of the office now until Monday morning. I will do this first thing when I return and report back. Thank you for your patience!

Scan done. Only found 1 threat: C:\Documents and Settings\Monte Leiferman\Local Settings\Temporary Internet Files\Content.IE5\BLD90P3D\rkvswicyja[1].js HTML/Iframe.B.Gen virus

Java is all updated and old version removed. I think I will wait until the owner is back on Monday to ask what he would like to do regarding antivirus (stressing that he should have one) and will post back with a scan result at that time. Anything else I should do in the meantime?

All went smoothly except for Adobe Reader....when I check for updates it tells me it is actually up to date. I will, however, mention to him the other reader you recommended and perhaps he will switch to that. I'm going to turn the computer back over to the owner and let him test it out to make sure everything is working for him. I will post back if he encounters any issues. Thank you SO much for your help! You're a lifesaver, MrC!!

Done... Results of screen317's Security Check version 0.99.77 Windows 7 Service Pack 1 x86 (UAC is disabled!) Internet Explorer 10 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Microsoft Security Essentials Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 Java 7 Update 21 Java version out of Date! Adobe Reader 10.1.8 Adobe Reader out of Date! Mozilla Firefox (25.0.1) ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 1% ````````````````````End of Log``````````````````````

As far as I can tell the computer seems to be running well. I do notice there is now an ENORMOUS (11.6 GB) file on the C drive called Avenger.txt, which I assume is a result of all this. Obviously this file is taking up a great deal of room on his hard drive...Is it something that can be deleted? Also, since he had MSE running but it did not prevent this infection is there a different antivirus program you would recommend instead? Here are the requested logs: # AdwCleaner v3.012 - Report created 21/11/2013 at 09:59:30 # Updated 11/11/2013 by Xplode # Operating System : Windows 7 Professional Service Pack 1 (32 bits) # Username : LifeBook - T2010-07 # Running from : C:\Users\LifeBook\Desktop\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\Ask Folder Deleted : C:\ProgramData\Trymedia Folder Deleted : C:\Users\LifeBook\AppData\LocalLow\AskToolbar ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_farming-simulator_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_farming-simulator_RASMANCS Key Deleted : HKCU\Software\ParetoLogic Key Deleted : HKCU\Software\Softonic Key Deleted : HKCU\Software\YahooPartnerToolbar Key Deleted : HKLM\Software\ParetoLogic ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16736 -\\ Mozilla Firefox v25.0.1 (en-US) [ File : C:\Users\LifeBook\AppData\Roaming\Mozilla\Firefox\Profiles\w79sk0fl.default\prefs.js ] ************************* AdwCleaner[R0].txt - [1402 octets] - [21/11/2013 09:29:03] AdwCleaner[s0].txt - [1351 octets] - [21/11/2013 09:59:30] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1411 octets] ########## Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.11.21.06 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 10.0.9200.16736 LifeBook :: T2010-07 [administrator] 11/21/2013 10:10:29 AM mbam-log-2013-11-21 (10-10-29).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 245241 Time elapsed: 19 minute(s), 17 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)

The computer's actual owner is on vaction for the next few days so I cannot find out for certain, but I believe he used to have MSE installed. I do not see it on here now though, so he must have uninstalled it for some reason and apparently did not replace it with anything else. However, the other computer I've been working on had MSE installed and active and it let this same infection through without detection. Is there a different free anti-virus I could install for them that would perhaps do a better job?? I will get busy with the Java upgrading in the meantime. Thanks again very much for your time and assistance with this!

OK, here's the ComboFix log. I'm leaving the office for the night now, so I won't have access to this computer again until tomorrow. I will check back here first thing in the morning for any further instructions. Thank you again for your time and knowledge in helping with this! ComboFix 13-11-19.01 - LifeBook 11/20/2013 16:56:09.1.2 - x86 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2002.1001 [GMT -6:00] Running from: c:\users\LifeBook\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F} SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\MyScrapNook_12EI c:\program files\wss c:\program files\wss\CompetitiveCodeBook\CompCodeBook.exe c:\program files\wss\DigitalCodeBook\DigitalCodeBook.exe c:\program files\wss\DigitalCodeBook_SP\CustomInstaller.InstallState c:\windows\Downloaded Program Files\Install.inf c:\windows\mreg.reg c:\windows\PFRO.log c:\windows\system32\FlashPlayerApp.exe . . ((((((((((((((((((((((((( Files Created from 2013-10-20 to 2013-11-20 ))))))))))))))))))))))))))))))) . . 2013-11-20 21:43 . 2013-11-20 21:43 40392 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{60FA7D7B-F5BC-4859-8599-D18B347AAE66}\MpKsl9c8b9e18.sys 2013-11-20 20:32 . 2013-11-20 21:01 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable) 2013-11-20 20:32 . 2013-11-20 20:32 105176 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2013-11-20 20:29 . 2013-11-20 20:30 75992 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2013-11-20 20:25 . 2013-11-08 01:15 7772552 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{60FA7D7B-F5BC-4859-8599-D18B347AAE66}\mpengine.dll 2013-11-20 19:09 . 2013-11-20 19:09 -------- d--h--w- c:\windows\PIF 2013-11-20 18:18 . 2013-11-20 20:11 -------- d-----w- C:\FRST 2013-11-20 16:03 . 2013-11-20 16:03 -------- d-----w- c:\windows\TempE72F9FA2-0FD0-7975-5CBF-112720B2D9DE-Signatures 2013-11-19 20:19 . 2013-11-19 20:19 -------- d-----w- c:\users\LifeBook\AppData\Local\Programs 2013-11-19 09:00 . 2013-11-19 09:01 -------- d-----w- c:\windows\TempB140977A-9441-D4C8-E8D3-E1FDA4434C00-Signatures 2013-11-14 13:57 . 2013-10-12 07:03 817664 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll 2013-11-14 13:57 . 2013-10-12 07:03 1767936 ----a-w- c:\windows\system32\wininet.dll 2013-11-14 13:57 . 2013-10-12 07:44 770736 ----a-w- c:\program files\Internet Explorer\iexplore.exe 2013-11-11 14:41 . 2013-10-14 06:39 7796464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-11-07 01:30 . 2013-10-18 14:20 719224 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FF8B447E-433B-4A12-8AD9-CB3A6F7B33A2}\gapaengine.dll 2013-10-28 14:05 . 2013-10-28 14:05 -------- d-----w- c:\program files\iPod 2013-10-28 14:05 . 2013-10-28 14:07 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1 2013-10-28 14:05 . 2013-10-28 14:07 -------- d-----w- c:\program files\iTunes . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-11-19 10:21 . 2011-02-11 17:37 230048 ------w- c:\windows\system32\MpSigStub.exe 2013-10-18 14:20 . 2011-03-26 14:08 719224 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2013-10-10 13:00 . 2013-01-28 22:03 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-09-14 00:48 . 2013-10-10 13:24 338944 ----a-w- c:\windows\system32\drivers\afd.sys 2013-09-08 02:07 . 2013-10-10 13:24 1294272 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-09-08 02:03 . 2013-10-10 13:24 231424 ----a-w- c:\windows\system32\mswsock.dll 2013-08-29 01:51 . 2013-10-10 13:24 3969472 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-08-29 01:51 . 2013-10-10 13:24 3914176 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-08-29 01:50 . 2013-10-10 13:24 1289096 ----a-w- c:\windows\system32\ntdll.dll 2013-08-29 01:50 . 2013-10-10 13:24 619520 ----a-w- c:\windows\system32\tdh.dll 2013-08-29 01:48 . 2013-10-10 13:24 640512 ----a-w- c:\windows\system32\advapi32.dll 2013-08-28 01:04 . 2013-10-10 13:24 2348544 ----a-w- c:\windows\system32\win32k.sys 2013-08-28 00:57 . 2013-10-10 13:24 434688 ----a-w- c:\windows\system32\scavengeui.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATSwpNav"="c:\program files\Fingerprint Sensor\ATSwpNav -run" [X] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-24 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-24 174104] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-24 151064] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-05 7703072] "IndicatorUtility"="c:\program files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2009-06-22 47464] "LoadFUJ02E3"="c:\program files\Fujitsu\FUJ02E3\FUJ02E3.exe" [2009-06-17 36712] "SSUtility"="c:\program files\Fujitsu\SSUtility\FJSSDMN.exe" [2007-12-14 193832] "FjStrtAp"="c:\program files\Fujitsu\Utils\FjStrtAp.exe" [2008-04-01 20480] "RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-16 91432] "PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-16 50472] "UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504] "OmniPass"="c:\program files\Softex\OmniPass\scureapp.exe" [2009-07-16 3162112] "CSRSkype"="c:\program files\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe" [2009-08-20 346464] "ConMgr"="c:\program files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe" [2009-08-20 504160] "FJUPDNV_Chitose"="c:\program files\Fujitsu\fjdvrupd\updatenv.exe" [2009-08-08 143360] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240] "Gnetmous"="c:\program files\COMPAQ\Scroll Mouse\gnetmous.exe" [2002-11-26 153600] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-08-12 995176] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-10-23 152392] . c:\users\LifeBook\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ EvernoteClipper.lnk - c:\program files\Evernote\Evernote\EvernoteClipper.exe [2013-7-23 1089888] OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 228552] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6232.sys [2009-06-13 221912] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2013-08-12 295376] R3 rcvpn;SonicWALL VPN Adapter;c:\windows\system32\DRIVERS\rcvpn.sys [x] R3 swivsp;AC8xx Virtual Serial Port;c:\windows\system32\DRIVERS\swivspnt.sys [2007-03-26 20352] R3 SWNC8U33;Sierra Wireless MUX NDIS Driver (UMTS33);c:\windows\system32\DRIVERS\swnc8u33.sys [2009-07-22 222720] R3 SWUMX00;Sierra Wireless USB MUX Driver (UMTS00);c:\windows\system32\DRIVERS\swumx00.sys [2009-07-22 148992] R3 swumx12;Sierra Wireless USB MUX Driver (UMTS12);c:\windows\system32\DRIVERS\swumx12.sys [2009-07-22 148992] R3 SWUMX21;Sierra Wireless USB MUX Driver (UMTS21);c:\windows\system32\DRIVERS\swumx21.sys [2009-07-22 148992] R3 SWUMX22;Sierra Wireless USB MUX Driver (UMTS22);c:\windows\system32\DRIVERS\swumx22.sys [2009-07-22 148992] R3 SWUMX32;Sierra Wireless USB MUX Driver (UMTS32);c:\windows\system32\DRIVERS\swumx32.sys [2009-07-22 148992] R3 SWUMX33;Sierra Wireless USB MUX Driver (UMTS33);c:\windows\system32\DRIVERS\swumx33.sys [2009-07-22 148992] R3 SWUMX3A;Sierra Wireless USB MUX Driver (UMTS3A);c:\windows\system32\DRIVERS\swumx3a.sys [2009-07-22 148992] R3 SWUMX3B;Sierra Wireless USB MUX Driver (UMTS3B);c:\windows\system32\DRIVERS\swumx3B.sys [2009-07-22 148992] R3 SWUMX3C;Sierra Wireless USB MUX Driver (UMTS3C);c:\windows\system32\DRIVERS\swumx3C.sys [2009-07-22 148992] R3 SWUMX3D;Sierra Wireless USB MUX Driver (UMTS3D);c:\windows\system32\DRIVERS\swumx3D.sys [2009-07-22 148992] R3 SWUMX3E;Sierra Wireless USB MUX Driver (UMTS3E);c:\windows\system32\DRIVERS\swumx3e.sys [2009-07-22 148992] R3 SWUMX40;Sierra Wireless USB MUX Driver (UMTS40);c:\windows\system32\DRIVERS\swumx40.sys [2009-07-22 148992] R3 SWUMX50;Sierra Wireless USB MUX Driver (UMTS50);c:\windows\system32\DRIVERS\swumx50.sys [2009-07-22 148992] R3 SWUMX52;Sierra Wireless USB MUX Driver (UMTS52);c:\windows\system32\DRIVERS\swumx52.sys [2009-07-22 148992] R3 SWUMX53;Sierra Wireless USB MUX Driver (UMTS53);c:\windows\system32\DRIVERS\swumx53.sys [2009-07-22 148992] R3 SWUMX54;Sierra Wireless USB MUX Driver (UMTS54);c:\windows\system32\DRIVERS\swumx54.sys [2009-07-22 148992] R3 SWUMX55;Sierra Wireless USB MUX Driver (UMTS55);c:\windows\system32\DRIVERS\swumx55.sys [2009-07-22 148992] R3 SWUMX56;Sierra Wireless USB MUX Driver (UMTS56);c:\windows\system32\DRIVERS\swumx56.sys [2009-07-22 148992] R3 SWUMX57;Sierra Wireless USB MUX Driver (UMTS57);c:\windows\system32\DRIVERS\swumx57.sys [2009-07-22 148992] R3 SWUMX58;Sierra Wireless USB MUX Driver (UMTS58);c:\windows\system32\DRIVERS\swumx58.sys [2009-07-22 148992] R3 SWUMX59;Sierra Wireless USB MUX Driver (UMTS59);c:\windows\system32\DRIVERS\swumx59.sys [2009-07-22 148992] R3 SWUMX5A;Sierra Wireless USB MUX Driver (UMTS5A);c:\windows\system32\DRIVERS\swumx5A.sys [2009-07-22 148992] R3 SWUMX70;Sierra Wireless USB MUX Driver (UMTS70);c:\windows\system32\DRIVERS\swumx70.sys [2009-07-22 148992] R3 SWUMX71;Sierra Wireless USB MUX Driver (UMTS71);c:\windows\system32\DRIVERS\swumx71.sys [2009-07-22 148992] R3 SWUMX80;Sierra Wireless USB MUX Driver (UMTS80);c:\windows\system32\DRIVERS\swumx80.sys [2009-07-22 148992] R3 SWUMX81;Sierra Wireless USB MUX Driver (UMTS81);c:\windows\system32\DRIVERS\swumx81.sys [2009-07-22 148992] R3 SWUMX82;Sierra Wireless USB MUX Driver (UMTS82);c:\windows\system32\DRIVERS\swumx82.sys [2009-07-22 148992] R3 SWUMX90;Sierra Wireless USB MUX Driver (UMTS90);c:\windows\system32\DRIVERS\swumx90.sys [2009-07-22 148992] R3 SWUMX91;Sierra Wireless USB MUX Driver (UMTS91);c:\windows\system32\DRIVERS\swumx91.sys [2009-07-22 148992] R3 SWUMX92;Sierra Wireless USB MUX Driver (UMTS92);c:\windows\system32\DRIVERS\swumx92.sys [2009-07-22 148992] R3 SWUMX93;Sierra Wireless USB MUX Driver (UMTS93);c:\windows\system32\DRIVERS\swumx93.sys [2009-07-22 148992] R3 SWUMXA3;Sierra Wireless USB MUX Driver (UMTSA3);c:\windows\system32\DRIVERS\swumxa3.sys [2009-07-22 148992] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224] R3 wacomhidfilter;Wacom HID Filter;c:\windows\system32\DRIVERS\wacomhidfilter.sys [2009-07-16 14376] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-06 1343400] S0 FBIOSDRV;Fujitsu BIOS Driver;c:\windows\System32\Drivers\FBIOSDRV.sys [2009-06-24 17008] S0 FJGSDisk;G-Sensor Application Filter Driver;c:\windows\system32\DRIVERS\FJGSDisk.sys [2009-09-09 12776] S1 MpKsl9c8b9e18;MpKsl9c8b9e18;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{60FA7D7B-F5BC-4859-8599-D18B347AAE66}\MpKsl9c8b9e18.sys [2013-11-20 40392] S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [2009-08-01 1807608] S2 Mobility Time Manager;Mobility Time Manager;c:\program files\A-B\Mobility Time Manager\ABMTimeManager.exe [2010-10-18 18944] S2 MSSQL$ABMSQL;SQL Server (ABMSQL);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408] S2 MSSQL$ABRSM;SQL Server (ABRSM);c:\program files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408] S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-06-19 107392] S2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2009-08-21 2790696] S2 UpdateNaviInstallService;UpdateNaviInstallService;c:\program files\Fujitsu\fjdvrupd\updnvsrv.exe [2009-07-15 12800] S2 VFPRadioSupportService;Bluetooth Feature Support;c:\program files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe [2009-08-20 111488] S3 acpials;ALS Sensor Filter;c:\windows\system32\DRIVERS\acpials.sys [2009-07-13 7680] S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2009-08-01 659328] S3 Fjbtndrv;Fujitsu Button Driver;c:\windows\system32\DRIVERS\FjBtnDrv.sys [2009-08-28 18816] S3 FjGenIo;Fujitsu Generic I/O Driver;c:\windows\System32\Drivers\FjGenIo.sys [2009-08-07 7680] S3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\DRIVERS\FUJ02E3.sys [2006-11-02 5632] S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-10 122880] S3 k57nd60x;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2009-06-07 273448] S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-08-23 4232192] S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2009-05-13 48672] S3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [2009-07-03 44064] S3 WISDPen;Wacom Penabled MiniDriver;c:\windows\system32\DRIVERS\wisdpen.sys [2011-01-04 37232] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - NISDRV *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\SPP-ActiveSetup] 2013-02-15 12:11 151509 ----a-w- c:\program files\JDA\ABCustom\Service Release\ABUserProfileFiles.EXE . Contents of the 'Scheduled Tasks' folder . 2013-11-20 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-28 13:00] . 2013-11-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-12-19 17:14] . 2013-11-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-12-19 17:14] . . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = *.local Trusted Zone: ab-sales.com Trusted Zone: ab-sales.com\secure Trusted Zone: ab-sales.com\www Trusted Zone: abmarketing.com Trusted Zone: budnet.com\www Trusted Zone: eaglebh.com TCP: DhcpNameServer = 64.251.160.2 64.251.173.40 FF - ProfilePath - c:\users\LifeBook\AppData\Roaming\Mozilla\Firefox\Profiles\w79sk0fl.default\ . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'Explorer.exe'(5356) c:\program files\Softex\OmniPass\SCUREDLL.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Softex\OmniPass\OmniServ.exe c:\program files\Microsoft Security Client\MsMpEng.exe c:\windows\SYSTEM32\WISPTIS.EXE c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\system32\o2flash.exe c:\program files\CyberLink\Shared files\RichVideo.exe c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\windows\System32\WUDFHost.exe c:\program files\Google\Update\1.3.21.165\GoogleCrashHandler.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\system32\taskhost.exe c:\windows\SYSTEM32\WISPTIS.EXE c:\program files\Common Files\microsoft shared\ink\TabTip.exe c:\windows\system32\WTablet\Pen_TabletUser.exe c:\windows\system32\conhost.exe c:\windows\system32\igfxsrvc.exe c:\program files\Fingerprint Sensor\ATSwpNav.exe c:\program files\Fujitsu\Utils\FjDspMon.exe c:\program files\Softex\OmniPass\opvapp.exe c:\windows\system32\igfxext.exe c:\program files\Microsoft Office\Office14\ONENOTEM.EXE c:\program files\iPod\bin\iPodService.exe c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe c:\program files\Common Files\Java\Java Update\jucheck.exe c:\program files\Microsoft Security Client\MpCmdRun.exe . ************************************************************************** . Completion time: 2013-11-20 17:35:15 - machine was rebooted ComboFix-quarantined-files.txt 2013-11-20 23:35 . Pre-Run: 6,483,603,456 bytes free Post-Run: 9,468,751,872 bytes free . - - End Of File - - F30FC2B9E7E4209E55B45EC6A105E6D2 A36C5E4F47E84449FF07ED3517B43A31

OK, silly question time. I'm trying to run this and he has Microsoft Security Essentials on this laptop. I have unchecked the Real Time Protection to turn it off, but ComboFix still seems to think it is running as it is popping up a warning alert for me to turn it off. I have double and triple checked and it is definitely off...can I continue with ComboFix or do I need to do something more??

New RougeKiller log: RogueKiller V8.7.8 [Nov 14 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.adlice.com/forum/ Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version Started in : Normal mode User : LifeBook [Admin rights] Mode : Scan -- Date : 11/20/2013 15:47:08 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 5 ¤¤¤ [HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> FOUND [HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 1 ¤¤¤ [V2][sUSP PATH] {1F2B390E-CEEC-44F7-BCBA-C8A41C95C0A8} : C:\Users\LifeBook\Desktop\FarmingSimulator2011DemoEN.exe [x] -> FOUND ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) FUJITSU MHZ2160BH G2 +++++ --- User --- [MBR] 2205df3d1ef6fa4c70201dfd31259c16 [bSP] e4939a16928225a2597fcfd0a38c5d09 : Windows 7/8 MBR Code Partition table: 0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 16384 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 33556480 | Size: 200 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 33966080 | Size: 68020 Mo 3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 173271040 | Size: 68021 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[0]_S_11202013_154708.txt >> RKreport[0]_S_11202013_132024.txt

Fixlog: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 18-11-2013 Ran by LifeBook at 2013-11-20 14:10:14 Run:1 Running from C:\Users\LifeBook\Desktop\MalwareRemoval Boot Mode: Normal ============================================== Content of fixlist: ***************** HKCU\...\Run: [Google Update*] - [x] U2 *etadpug; "C:\Program Files\Google\Desktop\Install\{90ab704f-7d68-8135-6e3d-19c9c90019af}\ \...\???\{90ab704f-7d68-8135-6e3d-19c9c90019af}\GoogleUpdate.exe" C:\Users\LifeBook\AppData\Local\Google\Desktop\Install C:\Program Files\Google\Desktop\Install C:\Users\LifeBook\Recycle SQL.bat C:\Users\LifeBook\AppData\Local\Temp\ApnStub.exe C:\Users\LifeBook\AppData\Local\Temp\G2MCoreInstExtractor.exe C:\Users\LifeBook\AppData\Local\Temp\G2MInstallerExtractor.exe C:\Users\LifeBook\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe C:\Users\LifeBook\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe C:\Users\LifeBook\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe C:\Users\LifeBook\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe C:\Users\LifeBook\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe C:\Users\LifeBook\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe C:\Users\LifeBook\AppData\Local\Temp\LMIRescue001.exe C:\Users\LifeBook\AppData\Local\Temp\LMIRescue002.exe C:\Users\LifeBook\AppData\Local\Temp\LMIRescue003.exe C:\Users\LifeBook\AppData\Local\Temp\LMIRescue004.exe C:\Users\LifeBook\AppData\Local\Temp\LMIRescue005.exe C:\Users\LifeBook\AppData\Local\Temp\mpam-2e23955b.exe C:\Users\LifeBook\AppData\Local\Temp\mssinstaller.exe C:\Users\LifeBook\AppData\Local\Temp\npappdetector.dll DeleteJunctionsIndirectory: C:\Program Files\Windows Defender DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client ***************** HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update* => Value deleted successfully. *etadpug => Service deleted successfully. C:\Users\LifeBook\AppData\Local\Google\Desktop\Install => Moved successfully. C:\Program Files\Google\Desktop\Install => Moved successfully. C:\Users\LifeBook\Recycle SQL.bat => Moved successfully. C:\Users\LifeBook\AppData\Local\Temp\ApnStub.exe => Moved successfully. C:\Users\LifeBook\AppData\Local\Temp\G2MCoreInstExtractor.exe => Moved successfully. C:\Users\LifeBook\AppData\Local\Temp\G2MInstallerExtractor.exe => Moved successfully. C:\Users\LifeBook\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe => Moved successfully. C:\Users\LifeBook\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe => Moved successfully. C:\Users\LifeBook\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe => Moved successfully. C:\Users\LifeBook\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe => Moved successfully. C:\Users\LifeBook\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe => Moved successfully. C:\Users\LifeBook\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe => Moved successfully. C:\Users\LifeBook\AppData\Local\Temp\LMIRescue001.exe => Moved successfully. C:\Users\LifeBook\AppData\Local\Temp\LMIRescue002.exe => Moved successfully. C:\Users\LifeBook\AppData\Local\Temp\LMIRescue003.exe => Moved successfully. C:\Users\LifeBook\AppData\Local\Temp\LMIRescue004.exe => Moved successfully. C:\Users\LifeBook\AppData\Local\Temp\LMIRescue005.exe => Moved successfully. C:\Users\LifeBook\AppData\Local\Temp\mpam-2e23955b.exe => Moved successfully. C:\Users\LifeBook\AppData\Local\Temp\mssinstaller.exe => Moved successfully. C:\Users\LifeBook\AppData\Local\Temp\npappdetector.dll => Moved successfully. "C:\Program Files\Windows Defender" => Deleting reparse point and unlocking started. "C:\Program Files\Windows Defender\en-US" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender\MpAsDesc.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender\MpClient.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender\MpCmdRun.exe" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender\MpCommu.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender\MpEvMsg.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender\MpOAV.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender\MpRTP.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender\MpSvc.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender\MSASCui.exe" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender\MsMpCom.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender\MsMpLics.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender\MsMpRes.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Windows Defender" => Deleting reparse point and unlocking completed. "C:\Program Files\Microsoft Security Client" => Deleting reparse point and unlocking started. "C:\Program Files\Microsoft Security Client\Backup" => Deleting reparse point and unlocking done. "C:\Program Files\Microsoft Security Client\DbgHelp.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Microsoft Security Client\Drivers" => Deleting reparse point and unlocking done. "C:\Program Files\Microsoft Security Client\en-us" => Deleting reparse point and unlocking done. "C:\Program Files\Microsoft Security Client\EppManifest.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Microsoft Security Client\MpAsDesc.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Microsoft Security Client\MpClient.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Microsoft Security Client\MpCmdRun.exe" => Deleting reparse point and unlocking done. "C:\Program Files\Microsoft Security Client\MpCommu.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Microsoft Security Client\mpevmsg.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Microsoft Security Client\MpOAv.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Microsoft Security Client\MpRTP.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Microsoft Security Client\MpSvc.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Microsoft Security Client\MSESysprep.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Microsoft Security Client\MsMpCom.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Microsoft Security Client\MsMpEng.exe" => Deleting reparse point and unlocking done. "C:\Program Files\Microsoft Security Client\MsMpLics.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Microsoft Security Client\MsMpRes.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Microsoft Security Client\msseces.exe" => Deleting reparse point and unlocking done. "C:\Program Files\Microsoft Security Client\msseoobe.exe" => Deleting reparse point and unlocking done. "C:\Program Files\Microsoft Security Client\msseooberes.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Microsoft Security Client\MsseWat.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Microsoft Security Client\NisIpsPlugin.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Microsoft Security Client\NisLog.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Microsoft Security Client\NisSrv.exe" => Deleting reparse point and unlocking done. "C:\Program Files\Microsoft Security Client\NisWFP.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Microsoft Security Client\Setup.exe" => Deleting reparse point and unlocking done. "C:\Program Files\Microsoft Security Client\SetupRes.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Microsoft Security Client\shellext.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Microsoft Security Client\sqmapi.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Microsoft Security Client\SymSrv.dll" => Deleting reparse point and unlocking done. "C:\Program Files\Microsoft Security Client\SymSrv.yes" => Deleting reparse point and unlocking done. "C:\Program Files\Microsoft Security Client" => Deleting reparse point and unlocking completed. The system needs a manual reboot. ==== End of Fixlog ==== MBAR Log: Malwarebytes Anti-Rootkit BETA 1.07.0.1007 www.malwarebytes.org Database version: v2013.11.20.12 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 10.0.9200.16736 LifeBook :: T2010-07 [administrator] 11/20/2013 2:32:43 PM mbar-log-2013-11-20 (14-32-43).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Objects scanned: 247345 Time elapsed: 26 minute(s), 19 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end) MBAR found no threats the first time I ran it. Should I still run it a second time to be sure?