BleepingComputer.com: Registry Mechanic repeat Temp Files / Shortcuts and Deep Scan files

I'm seeing the same four files repeat in the Temp Files / Shortcuts section of a Registry Mechanic scan.

\C:\ProgramData\McAfee\VirusScan\Data\TFRBBC1.tmp
\C:\ProgramData\Microsoft\Search\Data\Application\Windows\MCC.chk
\C:\ProgramData\Microsoft\Windows\DRM\Cache\Indiv01.tmp
\C:\Users\Kevin\AppData\Local\Microsoft\Windows Mail\edb.chk

I'm also seeing the following two files in the Deep Scan section.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Reporting\EventCache\7971f918-a847-4430-9279-4a52d1efe18d
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Reporting\EventCache\9482fb4-e343-43b6-b170-9a65bc822c77

Recent history: Less than a week ago, during a routine McAfee antivirus scan I discovered a half dozen files associated with the Artemis trojan. Several months earlier I found and debugged (also with McAfee) a different trojan. And the laptop has been slow for several weeks/months.

In anticipation of getting help here I tried running RootRepeal. That ran for more than 24 hours. So I stopped it. Then I tried running SysProt AntiRootkit. But McAfee wouldn't accept it and returned the following message.

McAfee has automatically blocked and removed a Trojan.
About this Trojan
Detected: Artemis!9CE216C69E21 (Trojan), Artemis!9CE216C69E21 (Trojan)

In general the laptop runs slow. And I suspect it's infected. Any help will be greatly appreciated. Thanks. What should I do first?

Regards,


Kevin

Anybody have time to help with this one?

Welcome to BC


Please download TFC by Old Timer and save it to your desktop.
alternate download link

• Save any unsaved work. TFC will close ALL open programs including your browser!
  
• Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator.
  
• Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
  
• Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.

===========================


Please download Win32kDiag.exe by AD and save it to your desktop.
alternate download 1
alternate download 2

• This tool will create a diagnostic report
  
• Double-click on Win32kDiag.exe to run and let it finish.
  
• When it states Finished! Press any key to exit..., press any key on your keyboard to close the program.
  
• A file called Win32kDiag.txt should be created on your Desktop.
  
• Open that file in Notepad and copy/paste the entire contents (from Starting up... to Finished! Press any key to exit...) in your next reply.

--------------------------------------


Go to > Run..., then copy and paste this command into the open box: cmd
Click OK.
At the command prompt C:\>, copy and paste the following command and press Enter:

DIR /a/s %windir%\scecli.dll %windir%\netlogon.dll %windir%\eventlog.dll >Log.txt & START notepad Log.txt

A file called log.txt should be created on your Desktop.
Open that file and copy/paste the contents in your next reply.

Thanks garmanma. And sorry for not responding sooner. I got busy with work and school. And I waited too long. Last night the laptop went south...the deep south. It won't even boot.

I had been using it as usual...with slow response...but all functionality worked. So last night after checking email I closed the lid. A couple of hours later I opened it, saw a lot of blue lights but nothing on the screen. So pressed the esc key and...nothing. So I pressed and held the on/off button...waited a moment and turned it back on. Now it's in a loop where the blue lights come one for a minute or two. Then all lights go off for a second. The the blue lights come back on for a minute or two. And nothing on the screen. Is it toast? Is there anything I can do to recover from this?

Thanks.

You can try various rescue disks and maybe at least get it to boot to where you can continue
I believe people have had the most success with:
Vipre rescue disk
http://live.sunbeltsoftware.com/
Remember that you have to go into the BIOS and change the CD drive to the first boot device



Have you tried using System Restore from a command prompt in Safe Mode to return to a previous state before your problems began?

If that doesn't work. these are links to Anti-virus vendors that offer free LiveCD or Rescue CD utilities that are used to boot from for repair of unbootable and damaged systems, rescue data, scan the system for virus infections. Burn it as an image to a disk to get a bootable CD. All (except Avira) are in the ISO Image file format. Avira uses an EXE that has built-in CD burning capability.

• Avira AntiVir Rescue System - Tutorial for Avira Rescue CD.
  If you encounter problems running the Rescue Disk, you can get further assistance at the Avira Support Forum.
  
• Dr Web LiveCD. Be sure to print out and follow the instructions provided in the User Manual.
  
• F-Secure Rescue CD - Current version download & Rescue CD User’s Guide.
  Video: How to Remove Malware with F-Secure Rescue CD
  If you encounter problems running the Rescue CD, you can get further assistance at the F-Secure Support Forum.
  
• BitDefender LiveCD - Index of /rescue_cd
  If you encounter problems running the Rescue CD, you can get further assistance at the BitDefender Support Forum.
  
• Kaspersky RescueDisk - Index of /devbuilds/RescueDisk/
  If you encounter problems running the RescueDisk, you can get further assistance at the Kaspersky Support Forum.
  
• Users of Panda products can also try Panda SafeCD. The download consists of an ISO that you can either burn into a CD/DVD or create a more convenient Boot USB stick.
  If you encounter problems running SafeCD, you can get further assistance at the Panda Support Forum.

If you are not sure how to burn an image, please read How to write a CD/DVD image or ISO. If you need a FREE utility to burn the ISO image, download and use ImgBurn.

Note: In order to use a rescue disk, the boot order must be set to start from the CD-ROM drive. If the CD is not first in the boot order, the computer will attempt to start normally by booting from the hard drive. The boot order is a setting found in the computer’s BIOS which runs when it is first powered on. This setting controls the order that the BIOS uses to look for a boot device from which to load the operating system. The default will normally be A:, C:, CD-ROM. Different computers have different ways to enter the BIOS. If you're not sure how to do this, refer to:

• Changing Your Computers Boot Order
  
• How to Change the Boot Order in BIOS