BleepingComputer.com: Redirect Virus after ComboFix

Yesterday morning I woke up to find that my computer had a really nasty virus. It was the type of virus that completely cripples your computer and won't let you run anti-malware programs like ComboFix. I decided to restore my computer to a previous point in time (sometime last week). This got rid of the really nasty virus, but I still had/have one that redirects and randomly opens IE (and also adds lots of tracking cookies). I ran ComboFix, and it made things better, but only temporarily. I think that ComboFix keeps going back to the same restore point that I established when I found that my computer was infected. Anyway, this thing is nasty and I want to get rid of it.
Any suggestions or help are appreciated.
Thanks in advance,
Scott

I just ran ComboFix again (it took more than an hour) and I still have the redirect virus. Here is my log:
ComboFix 11-11-05.02 - Williams 11/05/2011 10:03:56.15.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4061.2840 [GMT -5:00]
Running from: c:\users\Williams\Downloads\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-10-05 to 2011-11-05 )))))))))))))))))))))))))))))))
.
.
2011-11-05 15:32 . 2011-11-05 15:32 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-11-05 15:32 . 2011-11-05 15:32 -------- d-----w- c:\users\Guest\AppData\Local\temp
2011-11-05 15:32 . 2011-11-05 15:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-04 21:02 . 2011-11-04 21:02 -------- d-----w- c:\programdata\Hitman Pro
2011-10-17 00:19 . 2011-10-17 00:22 -------- d--h--w- c:\users\Williams\AppData\Roaming\Xiqyoc
2011-10-15 17:09 . 2011-10-15 17:09 -------- d--h--w- c:\users\Williams\AppData\Roaming\k1ivD2onFpHsJdK
2011-10-15 17:08 . 2011-10-15 17:08 -------- d--h--w- c:\users\Williams\AppData\Roaming\ohhhTXXqjUC
2011-10-15 17:07 . 2011-10-15 17:07 -------- d--h--w- c:\users\Williams\AppData\Roaming\jwwUUVOOtP0cSi3
2011-10-15 17:06 . 2011-10-15 17:06 -------- d--h--w- c:\users\Williams\AppData\Roaming\WAAA0uucS2iD3nG
2011-10-15 17:05 . 2011-10-15 17:05 -------- d--h--w- c:\users\Williams\AppData\Roaming\lGG55aQQH6dK
2011-10-15 17:04 . 2011-10-15 17:04 -------- d--h--w- c:\users\Williams\AppData\Roaming\t1ioG6sL8ZCkl
2011-10-15 17:03 . 2011-10-15 17:03 -------- d--h--w- c:\users\Williams\AppData\Roaming\a99hXUCekz
2011-10-15 17:02 . 2011-10-15 17:02 -------- d--h--w- c:\users\Williams\AppData\Roaming\mzOONttxA0uc2Dp
2011-10-15 17:01 . 2011-10-15 17:01 -------- d--h--w- c:\users\Williams\AppData\Roaming\wAAA0uuvS2
2011-10-15 17:00 . 2011-10-15 17:00 -------- d--h--w- c:\users\Williams\AppData\Roaming\TjUUeelIt
2011-10-15 16:59 . 2011-10-15 16:59 -------- d--h--w- c:\users\Williams\AppData\Roaming\w11ivDD3onF4H5W
2011-10-15 16:58 . 2011-10-15 16:58 -------- d--h--w- c:\users\Williams\AppData\Roaming\pJJdgqVOB
2011-10-15 16:57 . 2011-10-15 16:57 -------- d--h--w- c:\users\Williams\AppData\Roaming\sjjUUCeelIB
2011-10-15 16:56 . 2011-10-15 16:56 -------- d--h--w- c:\users\Williams\AppData\Roaming\wYYYXwwjUVelB
2011-10-15 16:55 . 2011-10-15 16:55 -------- d--h--w- c:\users\Williams\AppData\Roaming\IQQJ6dEK8fR9Twj
2011-10-15 16:54 . 2011-10-15 16:54 -------- d--h--w- c:\users\Williams\AppData\Roaming\AzAuuSiFp5Q6
2011-10-15 16:53 . 2011-10-15 16:53 -------- d--h--w- c:\users\Williams\AppData\Roaming\yIIVVrzzONtA0cS
2011-10-15 16:52 . 2011-10-15 16:52 -------- d--h--w- c:\users\Williams\AppData\Roaming\o444pmmG5sQJKh
2011-10-15 16:51 . 2011-10-15 16:51 -------- d--h--w- c:\users\Williams\AppData\Roaming\m0yyycA1ivD2o
2011-10-15 16:50 . 2011-10-15 16:50 -------- d--h--w- c:\users\Williams\AppData\Roaming\mvS2obF3pGaJdKf
2011-10-15 16:49 . 2011-10-15 16:49 -------- d--h--w- c:\users\Williams\AppData\Roaming\xsWJ7fEL8TqYwUr
2011-10-15 16:48 . 2011-10-15 16:48 -------- d--h--w- c:\users\Williams\AppData\Roaming\iwkkUUVrlOBtP
2011-10-15 16:47 . 2011-10-15 16:47 -------- d--h--w- c:\users\Williams\AppData\Roaming\OONNyyxA0uvS2b3
2011-10-15 16:46 . 2011-10-15 16:46 -------- d--h--w- c:\users\Williams\AppData\Roaming\AKK88gRRZ9hXwUV
2011-10-15 16:45 . 2011-10-15 16:45 -------- d--h--w- c:\users\Williams\AppData\Roaming\OQQQH66sWK
2011-10-15 16:44 . 2011-10-15 16:44 -------- d--h--w- c:\users\Williams\AppData\Roaming\b2oobbF3pmG5QJ
2011-10-15 16:43 . 2011-10-15 16:43 -------- d--h--w- c:\users\Williams\AppData\Roaming\o333onnF4am5sJ
2011-10-15 16:42 . 2011-10-15 16:42 -------- d--h--w- c:\users\Williams\AppData\Roaming\yVVVrzzONtx0uS
2011-10-15 16:41 . 2011-10-15 16:41 -------- d--h--w- c:\users\Williams\AppData\Roaming\FEEEK88fRZ9hXwU
2011-10-15 16:40 . 2011-10-15 16:40 -------- d--h--w- c:\users\Williams\AppData\Roaming\VnnFF4ammHsWJdL
2011-10-15 16:39 . 2011-10-15 16:39 -------- d--h--w- c:\users\Williams\AppData\Roaming\T11uuvSS2oF3
2011-10-15 16:38 . 2011-10-15 16:38 -------- d--h--w- c:\users\Williams\AppData\Roaming\WXXwwkUUVelB
2011-10-15 16:37 . 2011-10-15 16:37 -------- d--h--w- c:\users\Williams\AppData\Roaming\CLLL9hhTXqjUek
2011-10-15 16:36 . 2011-10-15 16:36 -------- d--h--w- c:\users\Williams\AppData\Roaming\zeeelOOBtzPyc1i
2011-10-15 16:35 . 2011-10-15 16:35 -------- d--h--w- c:\users\Williams\AppData\Roaming\yjjYYCwkkIr
2011-10-15 16:34 . 2011-10-15 16:34 -------- d--h--w- c:\users\Williams\AppData\Roaming\immGG5aaQJ
2011-10-15 16:33 . 2011-10-15 16:33 -------- d--h--w- c:\users\Williams\AppData\Roaming\r888fRRL9hTXjUe
2011-10-15 16:32 . 2011-10-15 16:32 -------- d--h--w- c:\users\Williams\AppData\Roaming\JfffELL9g
2011-10-15 16:31 . 2011-10-15 16:31 -------- d--h--w- c:\users\Williams\AppData\Roaming\RzOONNyxA0uv2i
2011-10-15 16:30 . 2011-10-15 16:30 -------- d--h--w- c:\users\Williams\AppData\Roaming\YEEEK88gRZ9YX
2011-10-15 16:29 . 2011-10-15 16:29 -------- d--h--w- c:\users\Williams\AppData\Roaming\oHH66sWKK7EL9Tq
2011-10-15 16:28 . 2011-10-15 16:28 -------- d--h--w- c:\users\Williams\AppData\Roaming\XCeekkIBrzONy
2011-10-15 16:27 . 2011-10-15 16:27 -------- d--h--w- c:\users\Williams\AppData\Roaming\V5ssWWJ7dEL8
2011-10-15 16:26 . 2011-10-15 16:26 -------- d--h--w- c:\users\Williams\AppData\Roaming\KyyxxA00uv2ib3p
2011-10-15 16:25 . 2011-10-15 16:25 -------- d--h--w- c:\users\Williams\AppData\Roaming\SgRRZZqhYXwkVeO
2011-10-15 16:24 . 2011-10-15 16:24 -------- d--h--w- c:\users\Williams\AppData\Roaming\rDDD33pnG4aQ6sK
2011-10-15 16:23 . 2011-10-15 16:23 -------- d--h--w- c:\users\Williams\AppData\Roaming\mqjjjYCekIVrzNx
2011-10-15 16:22 . 2011-10-15 16:22 -------- d--h--w- c:\users\Williams\AppData\Roaming\rQQJJ6ddE
2011-10-15 16:21 . 2011-10-15 16:21 -------- d--h--w- c:\users\Williams\AppData\Roaming\bssWWJ77fELgTqh
2011-10-15 16:20 . 2011-10-15 16:20 -------- d--h--w- c:\users\Williams\AppData\Roaming\taQQHH6dWK7fR9T
2011-10-15 16:19 . 2011-10-15 16:19 -------- d--h--w- c:\users\Williams\AppData\Roaming\qZZZ9hhTXwjUelB
2011-10-15 16:18 . 2011-10-15 16:18 -------- d--h--w- c:\users\Williams\AppData\Roaming\hhhYYCwwkUVlOtx
2011-10-15 16:17 . 2011-10-15 16:17 -------- d--h--w- c:\users\Williams\AppData\Roaming\VWWKK7fEELgTZjC
2011-10-15 16:16 . 2011-10-15 16:16 -------- d--h--w- c:\users\Williams\AppData\Roaming\dlIIBBrzPNyx
2011-10-15 16:15 . 2011-10-15 16:15 -------- d--h--w- c:\users\Williams\AppData\Roaming\I555sWWJ7
2011-10-15 16:14 . 2011-10-15 16:14 -------- d--h--w- c:\users\Williams\AppData\Roaming\ZffRRL9hTXqj
2011-10-15 16:13 . 2011-10-15 16:13 -------- d--h--w- c:\users\Williams\AppData\Roaming\rffEEL99gTZjYwk
2011-10-15 16:12 . 2011-10-15 16:12 -------- d--h--w- c:\users\Williams\AppData\Roaming\fNyyxxA1uvS2b
2011-10-15 16:11 . 2011-10-15 16:11 -------- d--h--w- c:\users\Williams\AppData\Roaming\rXXqqjYYCeIVrON
2011-10-15 16:10 . 2011-10-15 16:10 -------- d--h--w- c:\users\Williams\AppData\Roaming\knFFF4pmH5sQJdK
2011-10-15 16:09 . 2011-10-15 16:09 -------- d--h--w- c:\users\Williams\AppData\Roaming\pnGG44amH6sW
2011-10-15 16:08 . 2011-10-15 16:08 -------- d--h--w- c:\users\Williams\AppData\Roaming\rIIBBrzzPNyA1vS
2011-10-11 02:52 . 2011-10-11 02:52 -------- d--h--w- c:\users\Default\AppData\Local\Microsoft Help
2011-10-06 21:05 . 2011-10-06 21:10 -------- d--h--w- c:\users\Williams\AppData\Roaming\QP0ucS1ib3n4m6W
2011-10-06 21:05 . 2011-10-06 21:10 -------- d--h--w- c:\users\Williams\AppData\Roaming\TS2ibD3pn4Q6W7E
2011-10-06 21:05 . 2011-10-06 21:05 -------- d--h--w- c:\users\Williams\AppData\Roaming\vH5sQJ7dE8R9YwU
2011-10-06 21:05 . 2011-10-06 21:05 -------- d--h--w- c:\users\Williams\AppData\Roaming\ftA2pJ8hjINvFaK
2011-10-06 21:05 . 2011-10-06 21:05 -------- d--h--w- c:\users\Williams\AppData\Roaming\UxP0ucS1iDoGaHs
2011-10-06 21:05 . 2011-10-06 21:05 -------- d--h--w- c:\users\Williams\AppData\Roaming\rjYCekIVrNu2
2011-10-06 21:05 . 2011-10-06 21:05 -------- d--h--w- c:\users\Williams\AppData\Roaming\bYwVraEgZUlo4H
2011-10-06 21:04 . 2011-10-06 21:04 -------- d--h--w- c:\users\Williams\AppData\Roaming\vJ7dEKgBzNc1DoF
2011-10-06 21:04 . 2011-10-06 21:04 -------- d--h--w- c:\users\Williams\AppData\Roaming\oNycAuD2o5Q6E8R
2011-10-06 21:04 . 2011-10-06 21:04 -------- d--h--w- c:\users\Williams\AppData\Roaming\JS3na6WR9XjeIzt
2011-10-06 21:04 . 2011-10-06 21:04 -------- d--h--w- c:\users\Williams\AppData\Roaming\gxSpQK9jVxSomJh
2011-10-06 21:04 . 2011-10-06 21:04 -------- d--h--w- c:\users\Williams\AppData\Roaming\gF5K9jByS3aK9jr
2011-10-06 21:04 . 2011-10-06 21:04 -------- d--h--w- c:\users\Williams\AppData\Roaming\lEqXketyinm7
2011-10-06 21:04 . 2011-10-06 21:04 -------- d--h--w- c:\users\Williams\AppData\Roaming\IinsEqkOyvFWLqU
2011-10-06 21:04 . 2011-10-06 21:04 -------- d--h--w- c:\users\Williams\AppData\Roaming\CeVA2pa6fZw
2011-10-06 21:03 . 2011-10-06 21:03 -------- d--h--w- c:\users\Williams\AppData\Roaming\yO0iG6fqkOu
2011-10-06 21:03 . 2011-10-06 21:03 -------- d--h--w- c:\users\Williams\AppData\Roaming\FQKTCr0iG
2011-10-06 21:03 . 2011-10-06 21:03 -------- d--h--w- c:\users\Williams\AppData\Roaming\f3G6fTYkO0inHfT
2011-10-06 21:03 . 2011-10-06 21:03 -------- d--h--w- c:\users\Williams\AppData\Roaming\enaHJEgZYweBzyA
2011-10-06 21:03 . 2011-10-06 21:03 -------- d--h--w- c:\users\Williams\AppData\Roaming\N5WEqXkltPc12F
2011-10-06 21:03 . 2011-10-06 21:03 -------- d--h--w- c:\users\Williams\AppData\Roaming\WpGQsKE9ZjwVl0i
2011-10-06 21:03 . 2011-10-06 21:03 -------- d--h--w- c:\users\Williams\AppData\Roaming\oJ8hUByvF5KZjlP
2011-10-06 21:03 . 2011-10-06 21:03 -------- d--h--w- c:\users\Williams\AppData\Roaming\RQK9qIxba7g
2011-10-06 21:02 . 2011-10-06 21:02 -------- d--h--w- c:\users\Williams\AppData\Roaming\Wa6WfLTjCIrNAbG
2011-10-06 21:02 . 2011-10-06 21:02 -------- d--h--w- c:\users\Williams\AppData\Roaming\j56fhUByvF
2011-10-06 21:02 . 2011-10-06 21:02 -------- d--h--w- c:\users\Williams\AppData\Roaming\R5EZjByS3a8hCzA
2011-10-06 21:02 . 2011-10-06 21:02 -------- d--h--w- c:\users\Williams\AppData\Roaming\S89jkO0F5W
2011-10-06 21:02 . 2011-10-06 21:02 -------- d--h--w- c:\users\Williams\AppData\Roaming\mqeBzyAvbp
2011-10-06 21:02 . 2011-10-06 21:02 -------- d--h--w- c:\users\Williams\AppData\Roaming\StPc1Doa5WdLRwU
2011-10-06 21:02 . 2011-10-06 21:02 -------- d--h--w- c:\users\Williams\AppData\Roaming\FZhCk3aWLhVz1op
2011-10-06 21:02 . 2011-10-06 21:02 -------- d--h--w- c:\users\Williams\AppData\Roaming\vubG6fTCrxSpQ
2011-10-06 21:01 . 2011-10-06 21:01 -------- d--h--w- c:\users\Williams\AppData\Roaming\us9XezA2p
2011-10-06 21:01 . 2011-10-06 21:01 -------- d--h--w- c:\users\Williams\AppData\Roaming\mkO02paKLqkO0
2011-10-06 21:01 . 2011-10-06 21:01 -------- d--h--w- c:\users\Williams\AppData\Roaming\RHEhe1FsfwBxo5W
2011-10-06 21:01 . 2011-10-06 21:01 -------- d--h--w- c:\users\Williams\AppData\Roaming\qOc3HjrunsLYOc5
2011-10-06 21:01 . 2011-10-06 21:01 -------- d--h--w- c:\users\Williams\AppData\Roaming\o5d8RhXUIzNAuo4
2011-10-06 21:01 . 2011-10-06 21:01 -------- d--h--w- c:\users\Williams\AppData\Roaming\l3nas7EgZ
2011-10-06 21:00 . 2011-10-06 21:00 -------- d--h--w- c:\users\Williams\AppData\Roaming\X6KR9XjISb
2011-10-06 21:00 . 2011-10-06 21:00 -------- d--h--w- c:\users\Williams\AppData\Roaming\ixui3naHWEgZYBx
2011-10-06 21:00 . 2011-10-06 21:00 -------- d--h--w- c:\users\Williams\AppData\Roaming\LPxu2F5dRqkrNuS
2011-10-06 21:00 . 2011-10-06 21:00 -------- d--h--w- c:\users\Williams\AppData\Roaming\ASbpGQWfLTqVztA
2011-10-06 21:00 . 2011-10-06 21:00 -------- d--h--w- c:\users\Williams\AppData\Roaming\Da7RXeP1nsK9jlP
2011-10-06 20:59 . 2011-10-06 20:59 -------- d--h--w- c:\users\Williams\AppData\Roaming\Uc1DnHWgYri
2011-10-06 20:59 . 2011-10-06 20:59 -------- d--h--w- c:\users\Williams\AppData\Roaming\GwrxcDasEZwezA2
2011-10-06 18:26 . 2011-10-06 18:26 -------- d--h--w- c:\users\Williams\AppData\Roaming\cv2FpHQ7KRjl
2011-10-06 18:25 . 2011-10-06 18:25 -------- d--h--w- c:\users\Williams\AppData\Roaming\TH5sQJ7dE8Zh
2011-10-06 18:25 . 2011-10-06 18:25 -------- d--h--w- c:\users\Williams\AppData\Roaming\v4m6WEgqCkVOtPc
2011-10-06 18:25 . 2011-10-06 18:25 -------- d--h--w- c:\users\Williams\AppData\Roaming\DW9qkzAS346
2011-10-06 18:25 . 2011-10-06 18:25 -------- d--h--w- c:\users\Williams\AppData\Roaming\Ff8TYO0inH7Zw14
2011-10-06 18:25 . 2011-10-06 18:25 -------- d--h--w- c:\users\Williams\AppData\Roaming\Z4QZUt14JZeN
2011-10-06 18:25 . 2011-10-06 18:25 -------- d--h--w- c:\users\Williams\AppData\Roaming\HJXxaTtpLVDEkis
2011-10-06 18:25 . 2011-10-06 18:25 -------- d--h--w- c:\users\Williams\AppData\Roaming\otzP0ycA1v2n4m5
2011-10-06 18:25 . 2011-10-06 18:25 -------- d--h--w- c:\users\Williams\AppData\Roaming\hY2kiJk1shSHhzF
2011-10-06 18:25 . 2011-10-06 18:25 -------- d--h--w- c:\users\Williams\AppData\Roaming\u7EgZjwIl
2011-10-06 18:25 . 2011-10-06 18:25 -------- d--h--w- c:\users\Williams\AppData\Roaming\XwPnLlvJUv7Ip
2011-10-06 18:25 . 2011-10-06 18:25 -------- d--h--w- c:\users\Williams\AppData\Roaming\fHX0aZNoLOnR0p9
2011-10-06 18:25 . 2011-10-06 18:25 -------- d--h--w- c:\users\Williams\AppData\Roaming\pRk0GEI0G8OoEUv
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-04 21:03 . 2011-08-22 01:17 25160 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-09-30 22:57 . 2011-07-05 01:26 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-10 19:22 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-09-10 19:22 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-08-21 00:42 . 2011-08-21 00:42 332288 ----a-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-032.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2011-11-04_16.56.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-11-05 06:08 . 2011-11-05 06:08 13585 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2011-10-31 12:38 . 2011-10-31 12:38 13585 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2010-07-28 16:21 . 2011-11-05 02:09 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-07-28 16:21 . 2011-11-04 13:40 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-07-28 16:21 . 2011-11-04 13:40 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-07-28 16:21 . 2011-11-05 02:09 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-11-04 13:40 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-11-05 02:09 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-09-04 00:48 . 2011-11-04 12:57 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-09-04 00:48 . 2011-11-05 13:59 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-11-04 12:05 . 2011-11-05 13:58 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2011-11-04 12:05 . 2011-11-04 12:59 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2011-11-04 12:05 . 2011-11-04 12:59 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
+ 2011-11-04 12:05 . 2011-11-05 13:58 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
+ 2011-11-04 12:05 . 2011-11-05 13:58 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
- 2011-11-04 12:05 . 2011-11-04 12:59 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
+ 2010-09-04 00:48 . 2011-11-05 13:58 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-09-04 00:48 . 2011-11-04 12:59 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-09-04 00:48 . 2011-11-04 12:57 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-09-04 00:48 . 2011-11-05 13:59 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-11-05 13:58 . 2011-11-05 13:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-11-04 12:57 . 2011-11-04 12:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-11-05 13:58 . 2011-11-05 13:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-11-04 12:57 . 2011-11-04 12:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 04:54 . 2011-11-04 12:57 114688 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-11-05 13:59 114688 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-11-04 12:57 180224 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-11-05 13:59 180224 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 02:36 . 2011-11-04 13:01 627288 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-11-05 14:03 627288 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-11-05 14:03 107346 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2011-11-04 13:01 107346 c:\windows\system32\perfc009.dat
- 2009-07-14 04:54 . 2011-11-04 12:57 1703936 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-11-05 13:59 1703936 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ElevatedDiagnosticsUpdate"="c:\users\Williams\AppData\Local\ElevatedDiagnostics\ElevatedDiagnosticsUpdate\ElevatedDiagnosticsupdt32.exe" [BU]
"Macrovision Update"="c:\users\Williams\AppData\Local\DataSafeOnline\DataSafeOnlineUpdate\DataSafeOnlineupdt32.DLL" [BU]
"GoogleOnlineService"="c:\programdata\GoogleOnlineService.dll" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
"VERIZONDM"="c:\program files (x86)\VERIZONDM\bin\sprtcmd.exe" [2010-07-20 206120]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-06 559616]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ElevatedDiagnosticsUpdate"="c:\users\Williams\AppData\Local\ElevatedDiagnostics\ElevatedDiagnosticsUpdate\ElevatedDiagnosticsupdt32.exe" [BU]
.
c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
c:\users\Williams\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 AxInstSV32;ActiveX Installer (AxInstSV) ;c:\windows\system32\secur3232.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 IPBusEnum32;PnP-X IP Bus Enumerator ;c:\windows\system32\wshcon32.exe [x]
R3 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-09-18 169312]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files (x86)\VERIZONDM\bin\sprtsvc.exe [2010-07-20 206120]
S2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files (x86)\VERIZONDM\bin\tgsrvc.exe [2010-07-20 185640]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-21 8306208]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - ProfilePath - c:\users\Williams\AppData\Roaming\Mozilla\Firefox\Profiles\uxuudfl5.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z157&form=ZGAADF&install_date=20110808&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
Supplementary scan did not complete!
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
AddRemove-MiKTeX 2.9 - c:\users\Williams\Desktop\TeX\miktex/bin/internal\copystart.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-11-05 10:50:50
ComboFix-quarantined-files.txt 2011-09-30 23:53
ComboFix2.txt 2011-09-18 17:36
ComboFix3.txt 2011-09-17 16:43
ComboFix4.txt 2011-09-16 00:12
ComboFix5.txt 2011-11-05 14:56
.
Pre-Run: 424,670,621,696 bytes free
Post-Run: 421,618,728,960 bytes free
.
- - End Of File - - 8E3EC0A7934A5E58E4F2F1945B34002B

Hi,

Please run the following:

Please download TDSSKiller.zip

• Extract it to your desktop
  
• Double click TDSSKiller.exe
  
• Press Start Scan
  
  • Only if Malicious objects are found then ensure Cure is selected
    
  • Then click Continue > Reboot now
  
  
• Copy and paste the log in your next reply
  
  • A copy of the log will be saved automatically to the root of the drive (typically C:\)

NEXT

• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  
• They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

Folder::
c:\users\Williams\AppData\Roaming\Xiqyoc
c:\users\Williams\AppData\Roaming\k1ivD2onFpHsJdK
c:\users\Williams\AppData\Roaming\ohhhTXXqjUC
c:\users\Williams\AppData\Roaming\jwwUUVOOtP0cSi3
c:\users\Williams\AppData\Roaming\WAAA0uucS2iD3nG
c:\users\Williams\AppData\Roaming\lGG55aQQH6dK
c:\users\Williams\AppData\Roaming\t1ioG6sL8ZCkl
c:\users\Williams\AppData\Roaming\a99hXUCekz
c:\users\Williams\AppData\Roaming\mzOONttxA0uc2Dp
c:\users\Williams\AppData\Roaming\wAAA0uuvS2
c:\users\Williams\AppData\Roaming\TjUUeelIt
c:\users\Williams\AppData\Roaming\w11ivDD3onF4H5W
c:\users\Williams\AppData\Roaming\pJJdgqVOB
c:\users\Williams\AppData\Roaming\sjjUUCeelIB
c:\users\Williams\AppData\Roaming\wYYYXwwjUVelB
c:\users\Williams\AppData\Roaming\IQQJ6dEK8fR9Twj
c:\users\Williams\AppData\Roaming\AzAuuSiFp5Q6
c:\users\Williams\AppData\Roaming\yIIVVrzzONtA0cS
c:\users\Williams\AppData\Roaming\o444pmmG5sQJKh
c:\users\Williams\AppData\Roaming\m0yyycA1ivD2o
c:\users\Williams\AppData\Roaming\mvS2obF3pGaJdKf
c:\users\Williams\AppData\Roaming\xsWJ7fEL8TqYwUr
c:\users\Williams\AppData\Roaming\iwkkUUVrlOBtP
c:\users\Williams\AppData\Roaming\OONNyyxA0uvS2b3
c:\users\Williams\AppData\Roaming\AKK88gRRZ9hXwUV
c:\users\Williams\AppData\Roaming\OQQQH66sWK
c:\users\Williams\AppData\Roaming\b2oobbF3pmG5QJ
c:\users\Williams\AppData\Roaming\o333onnF4am5sJ
c:\users\Williams\AppData\Roaming\yVVVrzzONtx0uS
c:\users\Williams\AppData\Roaming\FEEEK88fRZ9hXwU
c:\users\Williams\AppData\Roaming\VnnFF4ammHsWJdL
c:\users\Williams\AppData\Roaming\T11uuvSS2oF3
c:\users\Williams\AppData\Roaming\WXXwwkUUVelB
c:\users\Williams\AppData\Roaming\CLLL9hhTXqjUek
c:\users\Williams\AppData\Roaming\zeeelOOBtzPyc1i
c:\users\Williams\AppData\Roaming\yjjYYCwkkIr
c:\users\Williams\AppData\Roaming\immGG5aaQJ
c:\users\Williams\AppData\Roaming\r888fRRL9hTXjUe
c:\users\Williams\AppData\Roaming\JfffELL9g
c:\users\Williams\AppData\Roaming\RzOONNyxA0uv2i
c:\users\Williams\AppData\Roaming\YEEEK88gRZ9YX
c:\users\Williams\AppData\Roaming\oHH66sWKK7EL9Tq
c:\users\Williams\AppData\Roaming\XCeekkIBrzONy
c:\users\Williams\AppData\Roaming\V5ssWWJ7dEL8
c:\users\Williams\AppData\Roaming\KyyxxA00uv2ib3p
c:\users\Williams\AppData\Roaming\SgRRZZqhYXwkVeO
c:\users\Williams\AppData\Roaming\rDDD33pnG4aQ6sK
c:\users\Williams\AppData\Roaming\mqjjjYCekIVrzNx
c:\users\Williams\AppData\Roaming\rQQJJ6ddE
c:\users\Williams\AppData\Roaming\bssWWJ77fELgTqh
c:\users\Williams\AppData\Roaming\taQQHH6dWK7fR9T
c:\users\Williams\AppData\Roaming\qZZZ9hhTXwjUelB
c:\users\Williams\AppData\Roaming\hhhYYCwwkUVlOtx
c:\users\Williams\AppData\Roaming\VWWKK7fEELgTZjC
c:\users\Williams\AppData\Roaming\dlIIBBrzPNyx
c:\users\Williams\AppData\Roaming\I555sWWJ7
c:\users\Williams\AppData\Roaming\ZffRRL9hTXqj
c:\users\Williams\AppData\Roaming\rffEEL99gTZjYwk
c:\users\Williams\AppData\Roaming\fNyyxxA1uvS2b
c:\users\Williams\AppData\Roaming\rXXqqjYYCeIVrON
c:\users\Williams\AppData\Roaming\knFFF4pmH5sQJdK
c:\users\Williams\AppData\Roaming\pnGG44amH6sW
c:\users\Williams\AppData\Roaming\rIIBBrzzPNyA1vS
c:\users\Williams\AppData\Roaming\QP0ucS1ib3n4m6W
c:\users\Williams\AppData\Roaming\TS2ibD3pn4Q6W7E
c:\users\Williams\AppData\Roaming\vH5sQJ7dE8R9YwU
c:\users\Williams\AppData\Roaming\ftA2pJ8hjINvFaK
c:\users\Williams\AppData\Roaming\UxP0ucS1iDoGaHs
c:\users\Williams\AppData\Roaming\rjYCekIVrNu2
c:\users\Williams\AppData\Roaming\bYwVraEgZUlo4H
c:\users\Williams\AppData\Roaming\vJ7dEKgBzNc1DoF
c:\users\Williams\AppData\Roaming\oNycAuD2o5Q6E8R
c:\users\Williams\AppData\Roaming\JS3na6WR9XjeIzt
c:\users\Williams\AppData\Roaming\gxSpQK9jVxSomJh
c:\users\Williams\AppData\Roaming\gF5K9jByS3aK9jr
c:\users\Williams\AppData\Roaming\lEqXketyinm7
c:\users\Williams\AppData\Roaming\IinsEqkOyvFWLqU
c:\users\Williams\AppData\Roaming\CeVA2pa6fZw
c:\users\Williams\AppData\Roaming\yO0iG6fqkOu
c:\users\Williams\AppData\Roaming\FQKTCr0iG
c:\users\Williams\AppData\Roaming\f3G6fTYkO0inHfT
c:\users\Williams\AppData\Roaming\enaHJEgZYweBzyA
c:\users\Williams\AppData\Roaming\N5WEqXkltPc12F
c:\users\Williams\AppData\Roaming\WpGQsKE9ZjwVl0i
c:\users\Williams\AppData\Roaming\oJ8hUByvF5KZjlP
c:\users\Williams\AppData\Roaming\RQK9qIxba7g
c:\users\Williams\AppData\Roaming\Wa6WfLTjCIrNAbG
c:\users\Williams\AppData\Roaming\j56fhUByvF
c:\users\Williams\AppData\Roaming\R5EZjByS3a8hCzA
c:\users\Williams\AppData\Roaming\S89jkO0F5W
c:\users\Williams\AppData\Roaming\mqeBzyAvbp
c:\users\Williams\AppData\Roaming\StPc1Doa5WdLRwU
c:\users\Williams\AppData\Roaming\FZhCk3aWLhVz1op
c:\users\Williams\AppData\Roaming\vubG6fTCrxSpQ
c:\users\Williams\AppData\Roaming\us9XezA2p
c:\users\Williams\AppData\Roaming\mkO02paKLqkO0
c:\users\Williams\AppData\Roaming\RHEhe1FsfwBxo5W
c:\users\Williams\AppData\Roaming\qOc3HjrunsLYOc5
c:\users\Williams\AppData\Roaming\o5d8RhXUIzNAuo4
c:\users\Williams\AppData\Roaming\l3nas7EgZ
c:\users\Williams\AppData\Roaming\X6KR9XjISb
c:\users\Williams\AppData\Roaming\ixui3naHWEgZYBx
c:\users\Williams\AppData\Roaming\LPxu2F5dRqkrNuS
c:\users\Williams\AppData\Roaming\ASbpGQWfLTqVztA
c:\users\Williams\AppData\Roaming\Da7RXeP1nsK9jlP
c:\users\Williams\AppData\Roaming\Uc1DnHWgYri
c:\users\Williams\AppData\Roaming\GwrxcDasEZwezA2
c:\users\Williams\AppData\Roaming\cv2FpHQ7KRjl
c:\users\Williams\AppData\Roaming\TH5sQJ7dE8Zh
c:\users\Williams\AppData\Roaming\v4m6WEgqCkVOtPc
c:\users\Williams\AppData\Roaming\DW9qkzAS346
c:\users\Williams\AppData\Roaming\Ff8TYO0inH7Zw14
c:\users\Williams\AppData\Roaming\Z4QZUt14JZeN
c:\users\Williams\AppData\Roaming\HJXxaTtpLVDEkis
c:\users\Williams\AppData\Roaming\otzP0ycA1v2n4m5
c:\users\Williams\AppData\Roaming\hY2kiJk1shSHhzF
c:\users\Williams\AppData\Roaming\u7EgZjwIl
c:\users\Williams\AppData\Roaming\XwPnLlvJUv7Ip
c:\users\Williams\AppData\Roaming\fHX0aZNoLOnR0p9
c:\users\Williams\AppData\Roaming\pRk0GEI0G8OoEUv


ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

• Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  
• ComboFix may request an update; please allow it.
  
• ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  
• When finished, it shall produce a log for you.
  
• Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.



Please advise if there are any outstanding issues

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.