[dvk01]

You still have java
I have asked you to un install an old version that should have automatically uninstalled when the newer version was installed, but for some reason it didn't

The reason to uninstall the others is that they are probably responsibe for the blue screens or at least the add on bits that come with them is.

[crystalf2]

the old java is uninstall and the new java is installed.
so whats next.
oh ok.

[dvk01]

please run combofix as I asked you to in post number #44

[crystalf2]

i just tryed to download combo fix and my computer is not letting me.it gives me combo fix.exe is not commonly downloaded and could harm your computer and it tells me to delete the program.

[dvk01]

Ignore that & save it, then run it

[crystalf2]

sorry but its not giving me any other option but to delete the program when i click download it comes run or save i do both and it still gives me no matter witch one i choose delete program.

[dvk01]

just press save & then close the download bar
you will find the file in your downloads folder
I can assure you it is perfectly safe to run, it is just becasue the smart filter has been recently updated and until enough downlaods of this new version of combofix appear in teh records, it flags it up

[crystalf2]

ComboFix 12-03-26.04 - crystal 03/27/2012 7:09.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4060.2376 [GMT -5:00]
Running from: c:\users\crystal\Downloads\username123.exe.exe
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\AMMYY
c:\programdata\AMMYY\hr
c:\programdata\AMMYY\hr3
c:\programdata\AMMYY\settings3.bin
c:\windows\assembly\temp\@
c:\windows\assembly\temp\cfg.ini
.
.
((((((((((((((((((((((((( Files Created from 2012-02-27 to 2012-03-27 )))))))))))))))))))))))))))))))
.
.
2012-03-27 12:23 . 2012-03-27 12:23 -------- d-----w- c:\users\JERMAINE\AppData\Local\temp
2012-03-27 12:23 . 2012-03-27 12:23 -------- d-----w- c:\users\johnny\AppData\Local\temp
2012-03-27 12:23 . 2012-03-27 12:23 -------- d-----w- c:\users\hp\AppData\Local\temp
2012-03-27 12:23 . 2012-03-27 12:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-27 12:23 . 2012-03-27 12:23 -------- d-----w- c:\users\debra\AppData\Local\temp
2012-03-27 12:23 . 2012-03-27 12:23 -------- d-----w- c:\users\carlette\AppData\Local\temp
2012-03-25 16:29 . 2012-03-25 16:29 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-03-25 16:29 . 2012-03-25 16:29 -------- d-----w- c:\program files (x86)\Java
2012-03-25 14:43 . 2012-03-25 14:43 -------- d-----w- c:\programdata\1E380
2012-03-24 19:52 . 2012-03-24 19:52 -------- d-----w- c:\programdata\iMesh
2012-03-24 19:52 . 2012-03-24 19:54 -------- dc-h--w- c:\programdata\{6DFE6B59-3F4E-45AF-A9D0-5EDC43DD23AF}
2012-03-20 19:12 . 2012-03-20 19:12 -------- d-----w- c:\users\JERMAINE\AppData\Roaming\TeamViewer
2012-03-13 17:18 . 2012-01-09 16:16 708096 ----a-w- c:\windows\system32\rdpencom.dll
2012-03-13 17:18 . 2012-01-09 15:54 613376 ----a-w- c:\windows\SysWow64\rdpencom.dll
2012-03-13 17:18 . 2012-01-09 14:27 209920 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-12 19:21 . 2010-02-18 13:49 225280 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-03-12 19:21 . 2010-02-18 11:59 29696 ----a-w- c:\windows\system32\drivers\tunnel.sys
2012-03-07 16:45 . 2010-09-16 18:26 40408 ----a-w- c:\windows\system32\CleanMFT64.exe
2012-03-07 16:45 . 2008-09-18 04:17 658432 ----a-w- c:\windows\SysWow64\MSCOMCT2.OCX
2012-03-07 16:45 . 2008-04-02 22:54 1101824 ----a-w- c:\windows\SysWow64\UniBox210.ocx
2012-03-07 16:45 . 2008-04-02 22:53 212992 ----a-w- c:\windows\SysWow64\UniBoxVB12.ocx
2012-03-07 16:45 . 2008-04-02 22:53 880640 ----a-w- c:\windows\SysWow64\UniBox10.ocx
2012-03-07 16:45 . 2004-08-04 14:00 506368 ----a-w- c:\windows\SysWow64\msxml.dll
2012-03-07 16:45 . 2004-03-09 07:00 1081616 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-03-07 16:45 . 2012-03-07 16:45 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2012-03-07 16:44 . 2012-03-07 16:45 -------- d-----w- c:\users\johnny\FrostWire
2012-03-07 16:44 . 2012-03-25 13:50 -------- d-----w- c:\users\johnny\.frostwire5
2012-03-07 16:43 . 2012-03-07 16:44 -------- d-----w- c:\program files (x86)\Ask.com
2012-03-07 16:43 . 2012-03-07 16:43 -------- d-----w- c:\users\johnny\AppData\Local\APN
2012-03-07 16:43 . 2012-03-07 16:44 -------- d-----w- c:\program files (x86)\FrostWire 5
2012-03-05 12:57 . 2012-03-25 13:49 -------- d-----w- c:\programdata\boost_interprocess
2012-03-04 20:11 . 2012-03-04 20:11 -------- d-----w- c:\users\crystal\AppData\Roaming\MusicNet
2012-03-04 20:11 . 2012-03-04 20:11 -------- d-----w- c:\programdata\18235
2012-03-04 20:11 . 2012-03-04 20:11 -------- d-----w- c:\users\crystal\AppData\Local\iMesh
2012-03-04 02:11 . 2012-03-04 02:11 -------- d-----w- c:\users\johnny\AppData\Roaming\MusicNet
2012-03-04 02:11 . 2012-03-25 15:43 -------- d-----w- c:\users\johnny\AppData\Local\iMesh
2012-03-04 02:10 . 2012-03-04 02:11 -------- d-----w- c:\program files (x86)\iMesh Applications
2012-03-04 02:10 . 2012-03-04 02:10 -------- d-----w- c:\users\johnny\AppData\Local\PackageAware
2012-03-01 01:59 . 2012-03-01 01:59 -------- d-----w- c:\users\JERMAINE\AppData\Roaming\Oberon Media
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-25 16:29 . 2011-12-19 12:11 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-03-24 05:53 . 2011-12-18 23:54 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-07 15:16 . 2011-03-29 00:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-01-03 14:25 . 2012-02-15 00:49 404992 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{28387537-e3f9-4ed7-860c-11e69af4a8a0}]
2012-02-27 08:49 89008 ----a-w- c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-01-03 22:31 1514152 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
"{28387537-e3f9-4ed7-860c-11e69af4a8a0}"= "c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll" [2012-02-27 89008]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{28387537-e3f9-4ed7-860c-11e69af4a8a0}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2008-10-17 972080]
"KGShareApp"="c:\program files (x86)\Kodak\KODAK Share Button App\KGShare_App.exe" [2011-09-22 394752]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ru n]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe" [2007-02-15 119296]
"HP KEYBOARD"="c:\program files (x86)\Hewlett-Packard\HP KEYBOARD\HPKEYBOARD.EXE" [2008-09-27 468992]
"Buttons & OSDs control application gen2"="c:\program files (x86)\Hewlett Packard\Buttons & OSDs control application gen2\FastUserSwitching.exe" [2008-12-03 208896]
"HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePDIRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" [2008-09-11 210216]
"UCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"TSMAgent"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2008-10-17 1152296]
"CLMLServer for HP TouchSmart"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2008-10-17 189736]
"DVDAgent"="c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2008-09-26 1148200]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2008-07-25 1310720]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-09-24 1486392]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-01-03 1391272]
"SSDMonitor"="c:\program files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2010-11-15 112600]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\johnny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
FrostWire On Startup.lnk - c:\program files (x86)\FrostWire 5\FrostWire.exe [2011-10-10 466944]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-5-14 1026600]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\IMESHA~1\MediaBar\Datamngr\datamngr.dll c:\progra~2\IMESHA~1\MediaBar\Datamngr\IEBHO.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscs vc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S3 ACPIService;Buttons and OSDs ACPI driver gen2;c:\windows\system32\DRIVERS\OSDACPI.SYS [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4157396609-548099475-2699287914-1001Core.job
- c:\users\JERMAINE\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-18 23:51]
.
2012-03-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4157396609-548099475-2699287914-1001UA.job
- c:\users\JERMAINE\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-18 23:51]
.
2012-03-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4157396609-548099475-2699287914-1003Core.job
- c:\users\johnny\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-19 00:03]
.
2012-03-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4157396609-548099475-2699287914-1003UA.job
- c:\users\johnny\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-19 00:03]
.
2012-03-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4157396609-548099475-2699287914-1005Core.job
- c:\users\crystal\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-18 23:58]
.
2012-03-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4157396609-548099475-2699287914-1005UA.job
- c:\users\crystal\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-18 23:58]
.
2012-02-29 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2008-09-10 16:43]
.
2012-03-27 c:\windows\Tasks\RMSchedule.job
- c:\program files (x86)\Registry Mechanic\RegMech.exe [2012-03-07 17:02]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-06 153624]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-06 225816]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-06 199704]
"SoundMAX"="c:\program files (x86)\Analog Devices\SoundMAX\SoundMAX.exe" [2008-07-26 3858432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\progra~2\IMESHA~1\MediaBar\Datamngr\x64\datamngr.dll c:\progra~2\IMESHA~1\MediaBar\Datamngr\x64\IEBHO.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=crossfire&pf=cndt
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
Wow6432Node-HKCU-Run-HPSmartCenterBoot - _c:\program files (x86)\Hewlett-Packard\TouchSmart\SmartCenter 2.0\SmartCenter.exe
Toolbar-10 - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_7de0ed9.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCD5SRVC{8AAF211B-043E02A9-05040000}]
"ImagePath"="\??\c:\progra~1\PC-DOC~1\PCD5SRVC_x64.pkms"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_Ac tiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00, 79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00, \
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00, 59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00, \
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
c:\program files (x86)\Hewlett-Packard\HP Touch Screen Enhance Service\HPTSEnSrv.EXE
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Hewlett-Packard\HP Touch Screen Enhance Service\HPTSEnProxy.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
c:\program files (x86)\Kodak\KODAK Share Button App\Listener.exe
c:\program files (x86)\Hewlett Packard\Buttons & OSDs control application gen2\OSDForm.exe
c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\datamngrUI.exe
.
**************************************************************************
.
Completion time: 2012-03-27 07:33:55 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-27 12:33
.
Pre-Run: 327,016,394,752 bytes free
Post-Run: 332,933,152,768 bytes free
.
- - End Of File - - 00D40B5B047EB9E926D1560AC27C9595

[dvk01]

I am sorry, but if you are not willing to uninstall the P2P programs, that are most likely to be responsible for the problems , then I can't help you any longer

*Follow these steps to uninstall Combofix and the other tools it downloaded to remove the malware*
* Click START then RUN
* Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the /U, it needs to be there.


This will also purge the restore folder and clear any malware that has been put in there. Now Empty Recycle bin on desktop Then reboot.

go here http://www.thespykiller.co.uk/index.php?page=3 for info on how to tighten your security settings and how to help prevent future attacks.

and scan here http://secunia.com/vulnerability_scanning/online/ for out of date & vulnerable common applications on your computer and update whatever it suggests

Then pay an urgent visit to windows update & make sure you are fully updated, that will help to plug the security holes that let these pests on in the first place. If windows update doesn't work, please come back & tell us

[crystalf2]

combo fix uninstall
recycle bin empty
reboot and update up to date
scan sucessfully