Help - I Have Some Sort of Malware - Sendori Possibly

[Leila]

I posted the Addition log above.  This is the Farbar Recovery Scan Tool.  I download both versions of the FRST.txt, but only the 64 bit would run on my computer.  I realized after I did the scan that my antivirus was on.  Was I supposed to turn it off?

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-10-2013
Ran by Linda (administrator) on LINDA-PC on 05-11-2013 14:52:37
Running from C:\Users\Linda\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\windows\system32\mfevtps.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Windows\SysWOW64\UMonit.exe
(BrowserSafeguard) C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(Samsung Electronics Co. Ltd.) C:\Users\Linda\AppData\Roaming\Verizon\UA_ar\UtilityApplication.exe
(JME) C:\Program Files (x86)\jmesoft\hotkey.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Eye Distance System\Lenovo Eye Distance System.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Brightness System\Lenovo Dynamic Brightness System.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(McAfee, Inc.) C:\Program Files\McAfee\MAT\McPvTray.exe
(Microsoft Corporation) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Online Backup\MOBK400backup.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Online Backup\MOBK400backup.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(McAfee, Inc.) c:\PROGRA~2\mcafee\SITEAD~1\saui.exe
(McAfee, Inc.) C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan\mcods.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11543656 2010-10-26] (Realtek Semiconductor)
HKLM\...\Run: [uMonit] - C:\Windows\SysWOW64\UMonit.exe [28672 2010-11-30] ()
HKLM\...\Run: [Lenovo EE Boot Optimizer] - C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [114688 2011-05-19] (Lenovo)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [browserSafeguard] - C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe [573952 2013-10-29] (BrowserSafeguard)
HKCU\...\Run: [GoogleChromeAutoLaunch_72A69F45706A1906C3BB8A81AA94F778] - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [844752 2013-10-08] (Google Inc.)
HKLM-x32\...\Run: [jmekey] - C:\Program Files (x86)\jmesoft\hotkey.exe [114688 2009-07-16] (JME)
HKLM-x32\...\Run: [Lenovo Eye Distance System] - C:\Program Files\Lenovo\Lenovo Eye Distance System\Lenovo Eye Distance System.exe [265216 2010-09-09] (Lenovo)
HKLM-x32\...\Run: [Lenovo Dynamic Brightness System] - C:\Program Files\Lenovo\Lenovo Brightness System\Lenovo Dynamic Brightness System.exe [285696 2010-10-08] (Lenovo)
HKLM-x32\...\Run: [updatePRCShortCut] - C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2012-12-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [mcui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [537512 2013-09-24] (McAfee, Inc.)
HKLM-x32\...\Run: [mcpltui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [537512 2013-09-24] (McAfee, Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Startup: C:\Users\Linda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Launch Utility Application.lnk
ShortcutTarget: Launch Utility Application.lnk -> C:\Users\Linda\AppData\Roaming\Verizon\UA_ar\UtilityApplication.exe (Samsung Electronics Co. Ltd.)
Startup: C:\Users\Linda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet 4620 series.lnk
ShortcutTarget: Monitor Ink Alerts - HP Officejet 4620 series.lnk -> C:\Program Files\HP\HP Officejet 4620 series\bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:49163;https=127.0.0.1:49163
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\jeuc81t6.default-1383517261482
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @mcafee.com/SAFFPlugin - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml
FF Extension: Linksicle - C:\Program Files (x86)\Mozilla Firefox\extensions\linksicle@linksicle.com
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor
FF HKLM-x32\...\Firefox\Extensions: [linksicle@linksicle.com] - C:\Program Files (x86)\Mozilla Firefox\extensions\linksicle@linksicle.com
FF Extension: Linksicle - C:\Program Files (x86)\Mozilla Firefox\extensions\linksicle@linksicle.com
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK

Chrome:
=======


CHR DefaultSearchURL: (McAfee) - http://search.yahoo.com/search?fr=mcafee&p={searchTerms}
CHR DefaultSuggestURL: (McAfee) -       "suggest_url": "",
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll ()
CHR Extension: (SiteAdvisor) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.6.3.1271_0
CHR Extension: (Linksicle) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\gohhkpbcblcpnaghfmnkfangnkkagacg\1.8.2.0_0
CHR Extension: (Google Wallet) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Scorpion Saver) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\oclgomenfkljhfkfflghppidonpkljjg\5.0_0
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx
CHR HKLM-x32\...\Chrome\Extension: [gohhkpbcblcpnaghfmnkfangnkkagacg] - C:\Program Files (x86)\Linksicle\Chrome\gohhkpbcblcpnaghfmnkfangnkkagacg.crx

==================== Services (Whitelisted) =================

R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178048 2013-09-24] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1017016 2013-09-20] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219272 2013-09-24] (McAfee, Inc.)
R2 mfevtp; C:\windows\system32\mfevtps.exe [182752 2013-09-24] (McAfee, Inc.)
R2 MOBK400backup; C:\Program Files (x86)\McAfee Online Backup\MOBK400backup.exe [231224 2010-06-01] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)

==================== Drivers (Whitelisted) ====================

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-09-24] (McAfee, Inc.)
R3 GeneStor; C:\Windows\System32\DRIVERS\GeneStor.sys [57856 2010-12-16] (GenesysLogic)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R1 lsnfd; C:\Windows\System32\drivers\lsnfd.sys [58192 2013-10-02] (Linksicle)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 McPvDrv; C:\Windows\System32\drivers\McPvDrv.sys [74560 2013-09-09] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179664 2013-09-24] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [310224 2013-09-24] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [519192 2013-09-24] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [781312 2013-09-24] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [390552 2013-09-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [95984 2013-09-20] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [343568 2013-09-24] (McAfee, Inc.)
R1 MOBK400Filter; C:\Windows\System32\DRIVERS\MOBK400.sys [66040 2010-06-01] (Mozy, Inc.)
S3 ssmirrdr; C:\Windows\System32\DRIVERS\ssmirrdr.sys [10112 2011-06-10] (support.com, Inc)
R0 WinI2C-DDC; C:\Windows\System32\drivers\DDCDrv.sys [20832 2008-04-08] (Nicomsoft Ltd.)
R0 WinI2C-DDC; C:\Windows\SysWow64\drivers\DDCDrv.sys [15712 2010-03-22] (Nicomsoft Ltd.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-05 14:52 - 2013-11-05 14:52 - 00000000 ____D C:\FRST
2013-11-05 14:51 - 2013-11-05 14:51 - 01957098 _____ (Farbar) C:\Users\Linda\Desktop\FRST64.exe
2013-11-05 14:50 - 2013-11-05 14:50 - 01089445 _____ (Farbar) C:\Users\Linda\Desktop\FRST.exe
2013-11-05 11:58 - 2013-11-05 11:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-05 10:41 - 2013-11-05 10:42 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\Linda\Desktop\tdsskiller.exe
2013-11-04 20:20 - 2013-11-04 20:20 - 00022067 _____ C:\ComboFix.txt
2013-11-04 20:13 - 2013-11-04 20:20 - 00000000 ____D C:\Qoobox
2013-11-04 20:13 - 2013-11-04 20:19 - 00000000 ____D C:\windows\erdnt
2013-11-04 20:13 - 2011-06-25 22:45 - 00256000 _____ C:\windows\PEV.exe
2013-11-04 20:13 - 2010-11-07 09:20 - 00208896 _____ C:\windows\MBR.exe
2013-11-04 20:13 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2013-11-04 20:13 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2013-11-04 20:13 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2013-11-04 20:13 - 2000-08-30 16:00 - 00098816 _____ C:\windows\sed.exe
2013-11-04 20:13 - 2000-08-30 16:00 - 00080412 _____ C:\windows\grep.exe
2013-11-04 20:13 - 2000-08-30 16:00 - 00068096 _____ C:\windows\zip.exe
2013-11-04 20:11 - 2013-11-04 20:11 - 05143677 ____R (Swearware) C:\Users\Linda\Desktop\ComboFix.exe
2013-11-04 17:27 - 2013-11-04 17:27 - 00359085 _____ (Farbar) C:\Users\Linda\Desktop\FSS.exe
2013-11-03 14:18 - 2013-11-03 14:18 - 00659968 _____ C:\Users\Linda\Desktop\MicrosoftFixit50195.msi
2013-11-03 13:58 - 2013-11-03 13:58 - 00448512 _____ (OldTimer Tools) C:\Users\Linda\Desktop\TFC.exe
2013-10-31 21:22 - 2013-10-31 21:29 - 00043782 _____ C:\Users\Linda\Downloads\FRST.txt
2013-10-31 21:22 - 2013-10-31 21:22 - 00018836 _____ C:\Users\Linda\Downloads\Addition.txt
2013-10-31 19:12 - 2013-10-31 19:12 - 01060070 _____ C:\Users\Linda\Downloads\AdwCleaner.exe
2013-10-31 18:28 - 2013-10-31 18:28 - 00000258 __RSH C:\Users\Linda\ntuser.pol
2013-10-31 18:28 - 2013-10-31 18:28 - 00000000 ____D C:\Program Files (x86)\ScorpionSaver
2013-10-31 18:28 - 2013-10-31 18:28 - 00000000 ____D C:\Program Files (x86)\Level Quality Watcher
2013-10-31 18:28 - 2013-10-31 18:28 - 00000000 ____D C:\Program Files (x86)\Browsersafeguard
2013-10-31 18:27 - 2013-10-31 18:27 - 00000000 ____D C:\ProgramData\Real
2013-10-31 17:42 - 2013-10-31 17:42 - 00000000 ____D C:\windows\ERUNT
2013-10-31 17:41 - 2013-10-31 17:41 - 01033335 _____ (Thisisu) C:\Users\Linda\Downloads\JRT(2).exe
2013-10-31 17:41 - 2013-10-31 17:41 - 01033335 _____ (Thisisu) C:\Users\Linda\Downloads\JRT(1).exe
2013-10-31 17:21 - 2013-10-31 17:21 - 01033335 _____ (Thisisu) C:\Users\Linda\Downloads\JRT.exe
2013-10-30 22:38 - 2013-10-30 22:38 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Linda\Downloads\mbar-1.07.0.1007(1).exe
2013-10-30 22:23 - 2013-10-30 22:51 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-10-30 22:23 - 2013-10-30 22:40 - 00116440 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2013-10-30 22:18 - 2013-10-30 22:51 - 00000000 ____D C:\Users\Linda\Desktop\mbar
2013-10-30 22:18 - 2013-10-30 22:39 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2013-10-30 22:18 - 2013-10-30 22:18 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Linda\Downloads\mbar-1.07.0.1007.exe
2013-10-30 20:52 - 2013-10-30 20:52 - 00688992 ____R (Swearware) C:\Users\Linda\Downloads\dds(2).com
2013-10-30 20:51 - 2013-10-30 20:50 - 00688992 _____ (Swearware) C:\Users\Linda\Downloads\dds(1).com
2013-10-30 20:47 - 2013-10-30 20:46 - 00688992 _____ (Swearware) C:\Users\Linda\Downloads\dds.com
2013-10-30 20:43 - 2013-10-30 20:43 - 00688992 _____ (Swearware) C:\Users\Linda\Downloads\dds.scr
2013-10-30 20:09 - 2013-10-30 20:32 - 00000000 ____D C:\Users\Linda\AppData\Roaming\U3
2013-10-30 11:41 - 2013-10-30 11:41 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-30 11:41 - 2013-10-30 11:41 - 00000000 ____D C:\Users\Linda\AppData\Roaming\Malwarebytes
2013-10-30 11:40 - 2013-10-30 11:41 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-30 11:40 - 2013-10-30 11:40 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-30 11:40 - 2013-04-04 13:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2013-10-30 11:38 - 2013-10-30 11:38 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Linda\Downloads\mbam-setup-1.75.0.1300(3).exe
2013-10-30 11:37 - 2013-10-30 11:37 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Linda\Downloads\mbam-setup-1.75.0.1300(2).exe
2013-10-30 11:37 - 2013-10-30 11:37 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Linda\Downloads\mbam-setup-1.75.0.1300(1).exe
2013-10-30 11:34 - 2013-10-30 11:19 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Linda\Downloads\mbam-setup-1.75.0.1300.exe
2013-10-29 20:39 - 2013-10-29 20:39 - 00000000 ____D C:\ProgramData\Oracle
2013-10-29 20:38 - 2013-10-29 20:38 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2013-10-29 20:38 - 2013-10-29 20:38 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2013-10-29 20:38 - 2013-10-29 20:38 - 00174504 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2013-10-29 20:38 - 2013-10-29 20:38 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2013-10-29 20:38 - 2013-10-29 20:38 - 00000000 ____D C:\Program Files (x86)\Java
2013-10-29 12:59 - 2013-10-29 13:01 - 372627488 _____ C:\Users\Linda\Documents\American Blackout 2013 National Geographic.mp4
2013-10-21 17:10 - 2013-10-21 17:10 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-10-15 19:02 - 2013-09-23 12:49 - 00197704 _____ (McAfee, Inc.) C:\windows\system32\Drivers\HipShieldK.sys
2013-10-10 15:58 - 2013-10-10 15:58 - 00000000 ____D C:\Users\Linda\AppData\Local\McAfee File Lock
2013-10-10 02:06 - 2013-09-22 15:27 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2013-10-10 02:06 - 2013-09-22 15:27 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2013-10-10 02:06 - 2013-09-22 15:27 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2013-10-10 02:06 - 2013-09-22 15:27 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2013-10-10 02:06 - 2013-09-22 14:55 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-10-10 02:06 - 2013-09-22 14:54 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-10-10 02:06 - 2013-09-22 14:54 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-10-10 02:06 - 2013-09-22 14:54 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-10-10 02:06 - 2013-09-20 19:38 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-10-10 02:06 - 2013-09-20 19:30 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2013-10-10 02:06 - 2013-09-20 18:39 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2013-10-10 02:05 - 2013-09-22 15:28 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-10-10 02:05 - 2013-09-22 15:28 - 01141248 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-10-10 02:05 - 2013-09-22 15:27 - 14335488 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-10-10 02:05 - 2013-09-22 15:27 - 13761024 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-10-10 02:05 - 2013-09-22 15:27 - 02876928 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-10-10 02:05 - 2013-09-22 15:27 - 02048512 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-10-10 02:05 - 2013-09-22 15:27 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2013-10-10 02:05 - 2013-09-22 15:27 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2013-10-10 02:05 - 2013-09-22 15:27 - 00039424 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2013-10-10 02:05 - 2013-09-22 14:55 - 02241024 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-10-10 02:05 - 2013-09-22 14:55 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-10-10 02:05 - 2013-09-22 14:54 - 19252224 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-10-10 02:05 - 2013-09-22 14:54 - 15404544 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-10-10 02:05 - 2013-09-22 14:54 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-10-10 02:05 - 2013-09-22 14:54 - 02647552 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-10-10 02:05 - 2013-09-22 14:54 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-10-10 02:05 - 2013-09-22 14:54 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-10-10 02:05 - 2013-09-22 14:54 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-10-10 02:05 - 2013-09-22 14:54 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-10-10 02:05 - 2013-09-20 18:48 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-10-09 19:49 - 2013-07-12 02:41 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbcir.sys
2013-10-09 19:49 - 2013-07-12 02:40 - 00109824 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBAUDIO.sys
2013-10-09 19:49 - 2013-07-04 04:50 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\comctl32.dll
2013-10-09 19:49 - 2013-07-04 03:50 - 00530432 _____ (Microsoft Corporation) C:\windows\SysWOW64\comctl32.dll
2013-10-09 19:48 - 2013-09-13 17:10 - 00497152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2013-10-09 19:48 - 2013-09-07 18:30 - 01903552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2013-10-09 19:48 - 2013-09-07 18:27 - 00327168 _____ (Microsoft Corporation) C:\windows\system32\mswsock.dll
2013-10-09 19:48 - 2013-09-07 18:03 - 00231424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mswsock.dll
2013-10-09 19:48 - 2013-08-28 18:17 - 05549504 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2013-10-09 19:48 - 2013-08-28 18:16 - 01732032 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2013-10-09 19:48 - 2013-08-28 18:16 - 00859648 _____ (Microsoft Corporation) C:\windows\system32\tdh.dll
2013-10-09 19:48 - 2013-08-28 18:16 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2013-10-09 19:48 - 2013-08-28 18:13 - 00878080 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2013-10-09 19:48 - 2013-08-28 17:51 - 03969472 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2013-10-09 19:48 - 2013-08-28 17:51 - 03914176 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2013-10-09 19:48 - 2013-08-28 17:50 - 01292192 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2013-10-09 19:48 - 2013-08-28 17:50 - 00619520 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdh.dll
2013-10-09 19:48 - 2013-08-28 17:50 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2013-10-09 19:48 - 2013-08-28 17:48 - 00640512 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2013-10-09 19:48 - 2013-08-28 16:49 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2013-10-09 19:48 - 2013-08-28 16:49 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2013-10-09 19:48 - 2013-08-28 16:49 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2013-10-09 19:48 - 2013-08-28 16:49 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2013-10-09 19:48 - 2013-08-27 17:21 - 03155968 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-10-09 19:48 - 2013-08-27 17:12 - 00461312 _____ (Microsoft Corporation) C:\windows\system32\scavengeui.dll
2013-10-09 19:48 - 2013-08-01 04:09 - 00983488 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2013-10-09 19:48 - 2013-07-20 02:33 - 00124112 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 19:48 - 2013-07-20 02:33 - 00102608 _____ (Microsoft Corporation) C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 19:48 - 2013-07-04 04:57 - 00259584 _____ (Microsoft Corporation) C:\windows\system32\WebClnt.dll
2013-10-09 19:48 - 2013-07-04 04:50 - 00102400 _____ (Microsoft Corporation) C:\windows\system32\davclnt.dll
2013-10-09 19:48 - 2013-07-04 03:57 - 00205824 _____ (Microsoft Corporation) C:\windows\SysWOW64\WebClnt.dll
2013-10-09 19:48 - 2013-07-04 03:51 - 00081920 _____ (Microsoft Corporation) C:\windows\SysWOW64\davclnt.dll
2013-10-09 19:48 - 2013-07-04 02:11 - 00140800 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
2013-10-09 19:48 - 2013-07-02 20:40 - 00042496 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbscan.sys
2013-10-09 19:48 - 2013-07-02 20:05 - 00076800 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidclass.sys
2013-10-09 19:48 - 2013-07-02 20:05 - 00032896 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidparse.sys
2013-10-09 19:48 - 2013-06-25 14:55 - 00785624 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Wdf01000.sys
2013-10-09 19:48 - 2013-06-05 21:50 - 00041472 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
2013-10-09 19:48 - 2013-06-05 21:49 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2013-10-09 19:48 - 2013-06-05 21:49 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
2013-10-09 19:48 - 2013-06-05 21:47 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2013-10-09 19:48 - 2013-06-05 20:57 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\lpk.dll
2013-10-09 19:48 - 2013-06-05 20:51 - 00070656 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll
2013-10-09 19:48 - 2013-06-05 20:50 - 00010240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dciman32.dll
2013-10-09 19:48 - 2013-06-05 19:30 - 00368128 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2013-10-09 19:48 - 2013-06-05 19:01 - 00295424 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2013-10-09 19:48 - 2013-06-05 19:01 - 00034304 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll

==================== One Month Modified Files and Folders =======

2013-11-05 14:52 - 2013-11-05 14:52 - 00000000 ____D C:\FRST
2013-11-05 14:51 - 2013-11-05 14:51 - 01957098 _____ (Farbar) C:\Users\Linda\Desktop\FRST64.exe
2013-11-05 14:50 - 2013-11-05 14:50 - 01089445 _____ (Farbar) C:\Users\Linda\Desktop\FRST.exe
2013-11-05 14:13 - 2011-05-18 19:57 - 01211491 _____ C:\windows\WindowsUpdate.log
2013-11-05 13:59 - 2012-06-11 23:16 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-11-05 12:21 - 2009-07-13 20:45 - 00020688 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-05 12:21 - 2009-07-13 20:45 - 00020688 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-05 12:18 - 2013-05-13 15:31 - 00001844 _____ C:\Users\Public\Desktop\McAfee Total Protection.lnk
2013-11-05 12:18 - 2012-04-26 00:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-05 12:18 - 2009-07-13 21:13 - 00726444 _____ C:\windows\system32\PerfStringBackup.INI
2013-11-05 12:15 - 2011-07-07 16:05 - 00000000 __RSD C:\Users\Linda\Documents\McAfee Vaults
2013-11-05 12:14 - 2012-10-07 18:18 - 00000000 ____D C:\Users\Public\Documents\Verizon_Android
2013-11-05 12:14 - 2011-05-19 08:29 - 00135181 _____ C:\windows\system32\fastboot.set
2013-11-05 12:13 - 2009-07-13 21:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-11-05 12:13 - 2009-07-13 20:51 - 00060109 _____ C:\windows\setupact.log
2013-11-05 11:58 - 2013-11-05 11:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-05 10:42 - 2013-11-05 10:41 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\Linda\Desktop\tdsskiller.exe
2013-11-04 20:25 - 2010-11-20 19:47 - 00087906 _____ C:\windows\PFRO.log
2013-11-04 20:20 - 2013-11-04 20:20 - 00022067 _____ C:\ComboFix.txt
2013-11-04 20:20 - 2013-11-04 20:13 - 00000000 ____D C:\Qoobox
2013-11-04 20:19 - 2013-11-04 20:13 - 00000000 ____D C:\windows\erdnt
2013-11-04 20:19 - 2011-07-08 15:38 - 00000000 ____D C:\Users\Linda
2013-11-04 20:19 - 2009-07-13 18:34 - 00000215 _____ C:\windows\system.ini
2013-11-04 20:11 - 2013-11-04 20:11 - 05143677 ____R (Swearware) C:\Users\Linda\Desktop\ComboFix.exe
2013-11-04 17:27 - 2013-11-04 17:27 - 00359085 _____ (Farbar) C:\Users\Linda\Desktop\FSS.exe
2013-11-03 14:21 - 2012-11-17 15:21 - 00000000 ____D C:\Users\Linda\Desktop\Old Firefox Data
2013-11-03 14:18 - 2013-11-03 14:18 - 00659968 _____ C:\Users\Linda\Desktop\MicrosoftFixit50195.msi
2013-11-03 13:58 - 2013-11-03 13:58 - 00448512 _____ (OldTimer Tools) C:\Users\Linda\Desktop\TFC.exe
2013-10-31 21:29 - 2013-10-31 21:22 - 00043782 _____ C:\Users\Linda\Downloads\FRST.txt
2013-10-31 21:22 - 2013-10-31 21:22 - 00018836 _____ C:\Users\Linda\Downloads\Addition.txt
2013-10-31 19:12 - 2013-10-31 19:12 - 01060070 _____ C:\Users\Linda\Downloads\AdwCleaner.exe
2013-10-31 18:28 - 2013-10-31 18:28 - 00000258 __RSH C:\Users\Linda\ntuser.pol
2013-10-31 18:28 - 2013-10-31 18:28 - 00000000 ____D C:\Program Files (x86)\ScorpionSaver
2013-10-31 18:28 - 2013-10-31 18:28 - 00000000 ____D C:\Program Files (x86)\Level Quality Watcher
2013-10-31 18:28 - 2013-10-31 18:28 - 00000000 ____D C:\Program Files (x86)\Browsersafeguard
2013-10-31 18:28 - 2009-07-13 19:20 - 00000000 ___HD C:\windows\system32\GroupPolicy
2013-10-31 18:28 - 2009-07-13 19:20 - 00000000 ____D C:\windows\SysWOW64\GroupPolicy
2013-10-31 18:27 - 2013-10-31 18:27 - 00000000 ____D C:\ProgramData\Real
2013-10-31 18:02 - 2009-07-13 19:20 - 00000000 ____D C:\windows\system32\NDF
2013-10-31 17:42 - 2013-10-31 17:42 - 00000000 ____D C:\windows\ERUNT
2013-10-31 17:41 - 2013-10-31 17:41 - 01033335 _____ (Thisisu) C:\Users\Linda\Downloads\JRT(2).exe
2013-10-31 17:41 - 2013-10-31 17:41 - 01033335 _____ (Thisisu) C:\Users\Linda\Downloads\JRT(1).exe
2013-10-31 17:21 - 2013-10-31 17:21 - 01033335 _____ (Thisisu) C:\Users\Linda\Downloads\JRT.exe
2013-10-30 22:51 - 2013-10-30 22:23 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-10-30 22:51 - 2013-10-30 22:18 - 00000000 ____D C:\Users\Linda\Desktop\mbar
2013-10-30 22:40 - 2013-10-30 22:23 - 00116440 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2013-10-30 22:39 - 2013-10-30 22:18 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2013-10-30 22:38 - 2013-10-30 22:38 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Linda\Downloads\mbar-1.07.0.1007(1).exe
2013-10-30 22:18 - 2013-10-30 22:18 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Linda\Downloads\mbar-1.07.0.1007.exe
2013-10-30 20:52 - 2013-10-30 20:52 - 00688992 ____R (Swearware) C:\Users\Linda\Downloads\dds(2).com
2013-10-30 20:50 - 2013-10-30 20:51 - 00688992 _____ (Swearware) C:\Users\Linda\Downloads\dds(1).com
2013-10-30 20:46 - 2013-10-30 20:47 - 00688992 _____ (Swearware) C:\Users\Linda\Downloads\dds.com
2013-10-30 20:43 - 2013-10-30 20:43 - 00688992 _____ (Swearware) C:\Users\Linda\Downloads\dds.scr
2013-10-30 20:32 - 2013-10-30 20:09 - 00000000 ____D C:\Users\Linda\AppData\Roaming\U3
2013-10-30 14:02 - 2013-05-13 15:29 - 00000000 ____D C:\Program Files (x86)\McAfee
2013-10-30 11:41 - 2013-10-30 11:41 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-30 11:41 - 2013-10-30 11:41 - 00000000 ____D C:\Users\Linda\AppData\Roaming\Malwarebytes
2013-10-30 11:41 - 2013-10-30 11:40 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-30 11:40 - 2013-10-30 11:40 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-30 11:38 - 2013-10-30 11:38 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Linda\Downloads\mbam-setup-1.75.0.1300(3).exe
2013-10-30 11:37 - 2013-10-30 11:37 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Linda\Downloads\mbam-setup-1.75.0.1300(2).exe
2013-10-30 11:37 - 2013-10-30 11:37 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Linda\Downloads\mbam-setup-1.75.0.1300(1).exe
2013-10-30 11:19 - 2013-10-30 11:34 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Linda\Downloads\mbam-setup-1.75.0.1300.exe
2013-10-29 20:39 - 2013-10-29 20:39 - 00000000 ____D C:\ProgramData\Oracle
2013-10-29 20:38 - 2013-10-29 20:38 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2013-10-29 20:38 - 2013-10-29 20:38 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2013-10-29 20:38 - 2013-10-29 20:38 - 00174504 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2013-10-29 20:38 - 2013-10-29 20:38 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2013-10-29 20:38 - 2013-10-29 20:38 - 00000000 ____D C:\Program Files (x86)\Java
2013-10-29 13:01 - 2013-10-29 12:59 - 372627488 _____ C:\Users\Linda\Documents\American Blackout 2013 National Geographic.mp4
2013-10-24 17:04 - 2008-12-08 23:02 - 00000000 ____D C:\Users\Linda\Documents\Thomas Blaine Simpson
2013-10-24 17:04 - 2005-09-12 22:17 - 00000000 ____D C:\Users\Linda\Documents\Telephone Numbers & Addresses
2013-10-24 17:03 - 2010-01-31 12:31 - 00000000 ____D C:\Users\Linda\Documents\Tom Simpson
2013-10-21 17:10 - 2013-10-21 17:10 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-10-21 17:10 - 2012-08-27 14:59 - 00001931 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2013-10-18 09:02 - 2011-05-19 08:28 - 00002183 _____ C:\Users\Public\Desktop\Internet Browser.lnk
2013-10-15 18:56 - 2011-07-07 16:04 - 00000000 ____D C:\Program Files\Common Files\McAfee
2013-10-11 10:30 - 2011-05-19 08:26 - 00000000 ____D C:\ProgramData\McAfee
2013-10-10 15:58 - 2013-10-10 15:58 - 00000000 ____D C:\Users\Linda\AppData\Local\McAfee File Lock
2013-10-10 13:41 - 2009-07-13 19:20 - 00000000 ____D C:\windows\rescache
2013-10-10 02:24 - 2009-07-13 20:45 - 00428512 _____ C:\windows\system32\FNTCACHE.DAT
2013-10-10 02:03 - 2013-08-15 02:00 - 00000000 ____D C:\windows\system32\MRT
2013-10-10 02:02 - 2011-07-07 16:34 - 80541720 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-10-08 18:59 - 2012-06-11 23:16 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2013-10-08 18:59 - 2012-04-12 02:18 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2013-10-08 18:59 - 2011-07-08 16:49 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-08 11:49 - 2012-11-03 15:03 - 00000000 ____D C:\Users\Linda\AppData\Local\HP

Some content of TEMP:
====================
C:\Users\Linda\AppData\Local\Temp\{907F5CBA-2CCF-4C53-9258-32861164B423}.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-31 09:08

==================== End Of Log =======

[AdvancedSetup]

Temporarily disable your antivirus and run the following.

 

 

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.
 

fixlist.txt

[Leila]

Here is the fixlist log.............................

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 31-10-2013
Ran by Linda at 2013-11-05 20:14:48 Run:1
Running from C:\Users\Linda\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKCU\...\Run: [browserSafeguard] - C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe [573952 2013-10-29] (BrowserSafeguard)
C:\Program Files (x86)\Browsersafeguard
HKCU\...\Run: [GoogleChromeAutoLaunch_72A69F45706A1906C3BB8A81AA94F778] - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [844752 2013-10-08] (Google Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:49163;https=127.0.0.1:49163
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
FF Extension: Linksicle - C:\Program Files (x86)\Mozilla Firefox\extensions\linksicle@linksicle.com
FF Extension: Linksicle - C:\Program Files (x86)\Mozilla Firefox\extensions\linksicle@linksicle.com
CHR Extension: (Linksicle) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\gohhkpbcblcpnaghfmnkfangnkkagacg\1.8.2.0_0
R1 lsnfd; C:\Windows\System32\drivers\lsnfd.sys [58192 2013-10-02] (Linksicle)
C:\Users\Linda\Downloads\JRT(2).exe
C:\Users\Linda\Downloads\JRT(1).exe
C:\Users\Linda\Downloads\mbar-1.07.0.1007(1).exe
C:\Users\Linda\Downloads\dds(2).com
C:\Users\Linda\Downloads\dds(1).com
C:\Users\Linda\AppData\Local\Temp\{907F5CBA-2CCF-4C53-9258-32861164B423}.exe

*****************

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\BrowserSafeguard => Value deleted successfully.
C:\Program Files (x86)\Browsersafeguard => Moved successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_72A69F45706A1906C3BB8A81AA94F778 => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5} => Key not found.
C:\Program Files (x86)\Mozilla Firefox\extensions\linksicle@linksicle.com => Moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\linksicle@linksicle.com not found.
C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\gohhkpbcblcpnaghfmnkfangnkkagacg => Moved successfully.
lsnfd => Service deleted successfully.
C:\Users\Linda\Downloads\JRT(2).exe => Moved successfully.
C:\Users\Linda\Downloads\JRT(1).exe => Moved successfully.
C:\Users\Linda\Downloads\mbar-1.07.0.1007(1).exe => Moved successfully.
C:\Users\Linda\Downloads\dds(2).com => Moved successfully.
C:\Users\Linda\Downloads\dds(1).com => Moved successfully.
C:\Users\Linda\AppData\Local\Temp\{907F5CBA-2CCF-4C53-9258-32861164B423}.exe => Moved successfully.


The system needs a manual reboot.

==== End of Fixlog ====

[AdvancedSetup]

Please restart the computer and run this scanner again now.

 

Please visit this webpage and read the ComboFix User's Guide:

• Once you've read the article and are ready to use the program you can download it directly from the link below.
• Important! - Please make sure you save combofix to your desktop and do not run it from your browser
• Direct download link for: ComboFix.exe
• Please make sure you disable your security applications before running ComboFix.
• Once Combofix has completed it will produce and open a log file.  Please be patient as it can take some time to load.
• Please attach that log file to your next reply.
• If needed the file can be located here:  C:\combofix.txt
• NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.
  

 

[Leila]

Here's the Combofix log............................

 

ComboFix 13-11-04.01 - Linda 11/05/2013  22:34:28.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.5992.3938 [GMT -8:00]
Running from: c:\users\Linda\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2013-10-06 to 2013-11-06  )))))))))))))))))))))))))))))))
.
.
2013-11-06 06:37 . 2013-11-06 06:37    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-11-01 02:28 . 2013-11-01 02:28    --------    d-----w-    c:\program files (x86)\ScorpionSaver
2013-11-01 02:28 . 2013-11-01 02:28    --------    d-----w-    c:\program files (x86)\Level Quality Watcher
2013-11-01 01:42 . 2013-11-01 01:42    --------    d-----w-    c:\windows\ERUNT
2013-10-31 06:23 . 2013-10-31 06:51    --------    d-----w-    c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-10-31 06:23 . 2013-10-31 06:40    116440    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2013-10-31 06:18 . 2013-10-31 06:39    91352    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2013-10-31 04:09 . 2013-10-31 04:32    --------    d-----w-    c:\users\Linda\AppData\Roaming\U3
2013-10-30 19:41 . 2013-10-30 19:41    --------    d-----w-    c:\users\Linda\AppData\Roaming\Malwarebytes
2013-10-30 19:40 . 2013-10-30 19:40    --------    d-----w-    c:\programdata\Malwarebytes
2013-10-30 19:40 . 2013-10-30 19:41    --------    d-----w-    c:\program files (x86)\Malwarebytes' Anti-Malware
2013-10-30 19:40 . 2013-04-04 21:50    25928    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-10-30 19:40 . 2013-10-30 19:40    --------    d-----w-    c:\users\Linda\AppData\Local\Programs
2013-10-30 04:39 . 2013-10-30 04:39    --------    d-----w-    c:\programdata\Oracle
2013-10-30 04:39 . 2013-10-30 04:39    --------    d-----w-    c:\program files (x86)\Common Files\Java
2013-10-30 04:38 . 2013-10-30 04:38    96168    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-30 04:38 . 2013-10-30 04:38    --------    d-----w-    c:\program files (x86)\Java
2013-10-29 20:56 . 2013-10-29 20:56    --------    d--h--w-    c:\programdata\Common Files
2013-10-22 01:10 . 2013-10-22 01:10    --------    d-----w-    c:\program files\McAfee Security Scan
2013-10-16 03:02 . 2013-09-23 20:49    197704    ----a-w-    c:\windows\system32\drivers\HipShieldK.sys
2013-10-10 23:58 . 2013-10-10 23:58    --------    d-----w-    c:\users\Linda\AppData\Local\McAfee File Lock
2013-10-10 10:05 . 2013-09-23 01:25    775256    ----a-w-    c:\program files\Internet Explorer\iexplore.exe
2013-10-10 03:49 . 2013-07-04 12:50    633856    ----a-w-    c:\windows\system32\comctl32.dll
2013-10-10 03:49 . 2013-07-04 11:50    530432    ----a-w-    c:\windows\SysWow64\comctl32.dll
2013-10-10 03:49 . 2013-07-12 10:41    100864    ----a-w-    c:\windows\system32\drivers\usbcir.sys
2013-10-10 03:49 . 2013-07-12 10:40    109824    ----a-w-    c:\windows\system32\drivers\USBAUDIO.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-10 10:02 . 2011-07-08 00:34    80541720    ----a-w-    c:\windows\system32\MRT.exe
2013-10-09 02:59 . 2012-04-12 10:18    692616    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-10-09 02:59 . 2011-07-09 00:49    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-02 21:14 . 2013-10-02 21:14    58192    ----a-w-    c:\windows\system32\drivers\lsnfd.sys
2013-09-25 03:29 . 2013-05-13 23:30    70112    ----a-w-    c:\windows\system32\drivers\cfwids.sys
2013-09-25 03:25 . 2013-02-19 20:56    343568    ----a-w-    c:\windows\system32\drivers\mfewfpk.sys
2013-09-25 03:25 . 2013-05-13 23:24    182752    ----a-w-    c:\windows\system32\mfevtps.exe
2013-09-25 03:22 . 2013-02-19 20:54    781312    ----a-w-    c:\windows\system32\drivers\mfehidk.sys
2013-09-25 03:21 . 2013-05-13 23:30    519192    ----a-w-    c:\windows\system32\drivers\mfefirek.sys
2013-09-25 03:20 . 2013-05-13 23:30    310224    ----a-w-    c:\windows\system32\drivers\mfeavfk.sys
2013-09-25 03:19 . 2013-02-19 20:52    179664    ----a-w-    c:\windows\system32\drivers\mfeapfk.sys
2013-09-20 16:38 . 2013-09-20 16:38    10856    ----a-w-    c:\windows\system32\drivers\mfeclnrk.sys
2013-09-20 16:38 . 2013-09-20 16:38    95984    ----a-w-    c:\windows\system32\drivers\mfencrk.sys
2013-09-20 16:37 . 2013-09-20 16:37    390552    ----a-w-    c:\windows\system32\drivers\mfencbdc.sys
2013-09-09 18:11 . 2013-05-13 23:30    74560    ----a-w-    c:\windows\system32\drivers\McPvDrv.sys
2013-08-29 01:48 . 2013-10-10 03:48    44032    ----a-w-    c:\windows\apppatch\acwow64.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"jmekey"="c:\program files (x86)\jmesoft\hotkey.exe" [2009-07-16 114688]
"Lenovo Eye Distance System"="c:\program files\Lenovo\Lenovo Eye Distance System\Lenovo Eye Distance System.exe" [2010-09-09 265216]
"Lenovo Dynamic Brightness System"="c:\program files\Lenovo\Lenovo Brightness System\Lenovo Dynamic Brightness System.exe" [2010-10-08 285696]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 958576]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-09-24 537512]
"mcpltui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-09-24 537512]
.
c:\users\Linda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Launch Utility Application.lnk - c:\users\Linda\AppData\Roaming\Verizon\UA_ar\UtilityApplication.exe [2012-8-31 903096]
Monitor Ink Alerts - HP Officejet 4620 series.lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Officejet 4620 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN28V2412305RT;CONNECTION=USB;MONITOR=1; [2009-7-13 45568]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.130\SSScheduler.exe [2013-9-6 324320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys;c:\windows\SYSNATIVE\drivers\HipShieldK.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe [x]
R3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\DRIVERS\mfencrk.sys;c:\windows\SYSNATIVE\DRIVERS\mfencrk.sys [x]
R3 ssmirrdr;ssmirrdr;c:\windows\system32\DRIVERS\ssmirrdr.sys;c:\windows\SYSNATIVE\DRIVERS\ssmirrdr.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
S0 fbfmon;fbfmon;c:\windows\system32\drivers\fbfmon.sys;c:\windows\SYSNATIVE\drivers\fbfmon.sys [x]
S0 McPvDrv;McPvDrv Driver;c:\windows\system32\drivers\McPvDrv.sys;c:\windows\SYSNATIVE\drivers\McPvDrv.sys [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]
S0 WinI2C-DDC;WinI2C-DDC Kernel Mode Driver;c:\windows\system32\drivers\DDCDrv.sys;c:\windows\SYSNATIVE\drivers\DDCDrv.sys [x]
S1 BPntDrv;BPntDrv;c:\windows\system32\drivers\BPntDrv.sys;c:\windows\SYSNATIVE\drivers\BPntDrv.sys [x]
S1 MOBK400Filter;MOBK400Filter;c:\windows\system32\DRIVERS\MOBK400.sys;c:\windows\SYSNATIVE\DRIVERS\MOBK400.sys [x]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [x]
S2 HomeNetSvc;McAfee Home Network;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
S2 McAPExe;McAfee AP Service;c:\program files\McAfee\MSC\McAPExe.exe;c:\program files\McAfee\MSC\McAPExe.exe [x]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 mcpltsvc;McAfee Platform Services;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 mfecore;McAfee Anti-Malware Core;c:\program files\Common Files\McAfee\AMCore\mcshield.exe;c:\program files\Common Files\McAfee\AMCore\mcshield.exe [x]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]
S2 MOBK400backup;McAfee Online Backup;c:\program files (x86)\McAfee Online Backup\MOBK400backup.exe;c:\program files (x86)\McAfee Online Backup\MOBK400backup.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x]
S3 GeneStor;Genesys Logic Storage Driver;c:\windows\system32\DRIVERS\GeneStor.sys;c:\windows\SYSNATIVE\DRIVERS\GeneStor.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x]
S3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\DRIVERS\mfencbdc.sys;c:\windows\SYSNATIVE\DRIVERS\mfencbdc.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-18 17:01    1185744    ----a-w-    c:\program files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 02:59]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK400]
@="{73552f1f-bf89-9213-24d3-b502f837bb93}"
[HKEY_CLASSES_ROOT\CLSID\{73552f1f-bf89-9213-24d3-b502f837bb93}]
2010-06-01 09:05    4741944    ----a-w-    c:\program files (x86)\McAfee Online Backup\MOBK400shell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK4002]
@="{81d6082a-73e9-8567-a371-6ad62982aca6}"
[HKEY_CLASSES_ROOT\CLSID\{81d6082a-73e9-8567-a371-6ad62982aca6}]
2010-06-01 09:05    4741944    ----a-w-    c:\program files (x86)\McAfee Online Backup\MOBK400shell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK4003]
@="{44391887-365b-8585-2ab9-799a50b9ef5e}"
[HKEY_CLASSES_ROOT\CLSID\{44391887-365b-8585-2ab9-799a50b9ef5e}]
2010-06-01 09:05    4741944    ----a-w-    c:\program files (x86)\McAfee Online Backup\MOBK400shell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-11-18 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-11-18 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-11-18 417304]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-10-26 11543656]
"UMonit"="c:\windows\SysWOW64\UMonit.exe" [2010-12-01 28672]
"Lenovo EE Boot Optimizer"="c:\program files (x86)\Lenovo\Boot Optimizer\PopWnd.exe" [2011-05-19 114688]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <-loopback>
Trusted Zone: microsoft.com\.windowsupdate
Trusted Zone: windowsupdate.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\jeuc81t6.default-1383517261482\
FF - ExtSQL: 2013-11-03 09:50; {4ED1F68A-5463-4931-9384-8FFF5ED91D92}; c:\program files (x86)\McAfee\SiteAdvisor
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
SafeBoot-34745535.sys
SafeBoot-64969591.sys
AddRemove-Browsersafeguard - c:\program files (x86)\Browsersafeguard\uninstall.browsersafeguard.exe
AddRemove-Linksicle - c:\program files (x86)\Linksicle\Uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-11-05  22:39:24
ComboFix-quarantined-files.txt  2013-11-06 06:39
ComboFix2.txt  2013-11-05 04:20
.
Pre-Run: 1,407,967,416,320 bytes free
Post-Run: 1,407,896,870,912 bytes free
.
- - End Of File - - E79E5071FD6D2D0AFFBAD311A67DF618
A36C5E4F47E84449FF07ED3517B43A31

[AdvancedSetup]

How is the computer running now?

 

We were able to remove a few other pieces of adware and also finally go the proxy reset.

 

 

Please download Security Check by screen317 from HERE or HERE.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• If you get Unsupported operating system. Aborting now, just reboot and try again.
• A Notepad document should open automatically called checkup.txt.
• Please Post the contents of that document.
• Do Not Attach It!!!
  

 

[Leila]

Sorry it's taken so long to get back to this.  We had to make another long 140 mil round trip to the bank today and I'm just now getting online.  Here's the log from Security Check.  So far everything seems to be running smoothly.  I can now access the Google search engine, and I haven't had any alerts from McAfee.

 

I was concerned about FireFox as I've had things show up in the "Add-Ons" and I've never subscribed to any add on features.  I had that Linsicle add on that turned words in my posts to links and that's now gone.  Yesterday, McAfee SiteAdvisor and a Mozilla programs called Default 25, a theme design program, showed up in the Add-Ons.  Today, the only item left is the McAfee SiteAdvisor, which I think is okay. 

 

 Results of screen317's Security Check version 0.99.76  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
McAfee Anti-Virus and Anti-Spyware   
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 JavaFX 2.1.1    
 Java 7 Update 45  
 Adobe Flash Player 11.9.900.117  
 Adobe Reader 10.1.8 Adobe Reader out of Date!  
 Mozilla Firefox (25.0)
 Google Chrome 30.0.1599.101  
 Google Chrome 30.0.1599.69  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
 McAfee Online Backup MOBK400backup.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log`````

[AdvancedSetup]

Please update your Adobe Acrobat Reader.

 

At this time there are no more signs of an infection on your system.
However if you are still seeing any signs of an infection please let me know.

Let's go ahead and remove the tools and logs we've used during this process.

Most of the tools used are potentially dangerous to use unsupervised or if ran at the wrong time.
They are often updated daily so if you went to use them again in the future they would be outdated anyways.

The following procedures will implement some cleanup procedures to remove these tools.
It will also reset your System Restore by flushing out previous restore points and create a new restore point.
It will also remove all the backups our tools may have created.

Uninstall ComboFix (if used):

• Turn off all active protection software including your antivirus.
• Push the "Windows key" + "R" (between the "Ctrl" button and "Alt" Button)
• Please copy and past the following into the box ComboFix /Uninstall and click OK.
• Note the space between the X and the /Uninstall, it needs to be there.
  

 
Remove the rest of the tools used:
 

Please download

OTCleanIt

and save it to your Desktop. This tool will remove all the tools we used to clean your pc.

• Double-click OTCleanIt.exe.
• Click the CleanUp! button.
• Select Yes when the "Begin cleanup Process?" prompt appears.
• If you are prompted to Reboot during the cleanup, select Yes.
• The tool will delete itself once it finishes, if not go ahead and delete it by yourself.
• If asked to restart the computer, please do so
  

Note:

If you receive a warning from your firewall or other security programs regarding

OTCleanIt

attempting to contact the internet, please allow it to do so.

AdwCleaner Removal:

• Double click on AdwCleaner.exe to run the tool.
• Click on Uninstall
• Confirm with Yes
  

ESET antivirus Removal:

• This tool can be uninstalled via the Control Panel, Programs, Uninstall
  

 
 
If there are any other left over Folders, Files, Logs then you can delete them on your own.
 
Please visit the following link to see how to delete old System Restore Points. Please delete all of them and create a new one at this time.
How to Delete System Protection Restore Points in Windows 7 and Windows 8

Remove all but the most recent Restore Point on Windows XP


As Java seems to get exploited on a regular basis I advise not using Java if possible but to at least disable java in your web browsers
How do I disable Java in my web browser? - Disable Java

A lot of reading here but if you take the time to read a bit of it you'll see why/how infections and general damage are so easily inflicted on the computer. There is also advice on how to prevent it and keep the system working well. Don't forget about good, solid backups of your data to an external drive that is not connected except when backing up your data. If you leave a backup drive connected and you do get infected it can easily damage, encrypt, delete, or corrupt your backups as well and then you'd lose all data.
Nothing is 100% bulletproof but with a little bit of education you can certainly swing things in your favor.

• How Malware Spreads - How did I get infected
• Best Practices for Safe Computing - Prevention of Malware Infection
• Avoiding those unwanted free applications
• A close look at how Oracle installs deceptive software with Java updates
• IAC / Ask.com toolbars
• Malwarebytes Unpacked Blog
  

If you're not currently using Malwarebytes PRO then you may want to consider purchasing the product which can also help greatly reduce the risk of a future infection.

[Leila]

I've uninstalled Combofix and have downloaded and run OTCleanIt.  All of the programs and tools are gone from my desktop except for Security Check. 

 

I went to my programs and I had removed ESET after the first time I used it.  In going through the programs list I noticed a program there and I'm wondering if it's a legitimate program.  It's called Scorpion Saver by Adpeak.  It was installed on October 31, 2013 during the time my computer had the virus/trojan.  Is this a program that I should uninstall?

 

I want to thank you for all your help!   You've worked wonders for my computer!  Thank You!  

[AdvancedSetup]

Yes that is Adware.  Please try to uninstall it and let me know if you have any issues removing it.

[Leila]

I clicked on Scorpion Saver by Adpeak and uninstall.  Instead of uninstalling the program I got a pop-up from windows asking if I wanted to allow this program to update on this computer.  I clicked on "no" as I think it was going to update and re-install that program.

[AdvancedSetup]

Okay let's see if we can manually find and remove all traces of it.
 
Please download the correct version of SystemLook for your computer and save it to your desktop.
You can check here if you're not sure if your computer is 32-bit or 64-bit

SystemLook 32-bit x86 | or | SystemLook 64-bit x64

• If using Windows XP just double click on SystemLook.exe to run it.
• For all other versions of Windows, right click over SystemLook.exe or SystemLook_x64.exe and choose Run as administrator to run it
• Copy the contents of the following code box into the main text field - including the colon characters.
  

  :filefind*Scorpion**Adpeak*:folderfind*Scorpion**Adpeak*:regfindScorpionAdpeak

• Click the Look button to start the scan
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
• Note: The log can also be found on your Desktop named SystemLook.txt

[Leila]

Here is the log for SystemLook.............................

 

SystemLook 30.07.11 by jpshortstuff
Log created at 15:28 on 07/11/2013 by Linda
Administrator - Elevation successful

========== filefind ==========

Searching for "*Scorpion*"
C:\temp\ScorpionSaver.msi    --a---- 3166208 bytes    [02:28 01/11/2013]    [02:28 01/11/2013] 834EAC4E8DCB1E25D97C86CD1C673F5B
C:\Users\Linda\Pictures\Winter Pictures 2011-2012\Desert with Phacelia (scorpion weed) blooms every few years.jpg    --a---- 85432 bytes    [04:43 18/01/2012]    [04:43 18/01/2012] 9733A877CA4DAFA53A543B0D66238BFF

Searching for "*Adpeak*"
No files found.

========== folderfind ==========

Searching for "*Scorpion*"
C:\Program Files (x86)\ScorpionSaver    d------    [02:28 01/11/2013]

Searching for "*Adpeak*"
No folders found.

========== regfind ==========

Searching for "Scorpion"
[HKEY_CURRENT_USER\Software\Adpeak, Inc.\ScorpionSaver]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\ScorpionSaver]
[HKEY_CURRENT_USER\Software\ScorpionSaver]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\8BA5CD9129705784F8B198C6A5C96EEA\SourceList]
"PackageName"="scorpionsaver_20131010.msi"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\A1F1E372A1B7C6347A384A8A9CA70D63]
"ProductName"="ScorpionSaver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\A1F1E372A1B7C6347A384A8A9CA70D63\SourceList]
"PackageName"="ScorpionSaver.msi"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SOFTWARE\Wow6432Node\CLSID\422332B5-F3A6-47F6-93EF-792299EF24DC]
@="ScorpionSaver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SOFTWARE\Wow6432Node\CLSID\422332B5-F3A6-47F6-93EF-792299EF24DC\InProcServer32]
@="C:\Program Files(x86)\ScorpionSaver\IECore.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\Program Files (x86)\ScorpionSaver\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1C19AC53289098045B06B0DD1D37CBAB]
"A1F1E372A1B7C6347A384A8A9CA70D63"="c:\Program Files (x86)\ScorpionSaver\ff_bootstrap.js"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23D9E9D21B4E77E41B9F50DD22F24E20]
"A1F1E372A1B7C6347A384A8A9CA70D63"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23EEA1F105A7F45449974D9B95E7AC89]
"A1F1E372A1B7C6347A384A8A9CA70D63"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\26982796A8AFD1246B95E00265A95BF9]
"A1F1E372A1B7C6347A384A8A9CA70D63"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\42D92D0D75AFEF74297E03876C8D9D33]
"A1F1E372A1B7C6347A384A8A9CA70D63"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50FFE845C555A6E4BADB7CB7A145BFEB]
"A1F1E372A1B7C6347A384A8A9CA70D63"="c:\Program Files (x86)\ScorpionSaver\SendJson.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\715A3348920B6534690067594BB69F60]
"A1F1E372A1B7C6347A384A8A9CA70D63"="c:\Program Files (x86)\ScorpionSaver\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7B7B13B037A7C2A42AC3E3EAF14D7107]
"A1F1E372A1B7C6347A384A8A9CA70D63"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7D05B2942E9CC80499F397F6114DFB35]
"A1F1E372A1B7C6347A384A8A9CA70D63"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8591B8948E1C4A04F90505B3CDEE8555]
"A1F1E372A1B7C6347A384A8A9CA70D63"="c:\Program Files (x86)\ScorpionSaver\CustomActionInstall"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8D841C5FEC311624CB88D49DB3884FA7]
"A1F1E372A1B7C6347A384A8A9CA70D63"="c:\Program Files (x86)\ScorpionSaver\IECore.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AD746BF3B3B3FD8409B86604BA85982A]
"A1F1E372A1B7C6347A384A8A9CA70D63"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CD07F81309AB63E4D8592E422645EB73]
"8BA5CD9129705784F8B198C6A5C96EEA"="01:\Software\AppDataLow\Software\ScorpionSaver\key"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F355F0DB7A2E3A14B8E7A568FBA25937]
"A1F1E372A1B7C6347A384A8A9CA70D63"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A1F1E372A1B7C6347A384A8A9CA70D63\InstallProperties]
"DisplayName"="ScorpionSaver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{273E1F1A-7B1A-436C-A783-A4A8C97AD036}]
"DisplayName"="ScorpionSaver"
[HKEY_USERS\S-1-5-21-588712172-2151725499-4229388137-1001\Software\Adpeak, Inc.\ScorpionSaver]
[HKEY_USERS\S-1-5-21-588712172-2151725499-4229388137-1001\Software\AppDataLow\Software\ScorpionSaver]
[HKEY_USERS\S-1-5-21-588712172-2151725499-4229388137-1001\Software\ScorpionSaver]

Searching for "Adpeak"
[HKEY_CURRENT_USER\Software\Adpeak, Inc.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23D9E9D21B4E77E41B9F50DD22F24E20]
"A1F1E372A1B7C6347A384A8A9CA70D63"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23EEA1F105A7F45449974D9B95E7AC89]
"A1F1E372A1B7C6347A384A8A9CA70D63"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\26982796A8AFD1246B95E00265A95BF9]
"A1F1E372A1B7C6347A384A8A9CA70D63"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\42D92D0D75AFEF74297E03876C8D9D33]
"A1F1E372A1B7C6347A384A8A9CA70D63"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7B7B13B037A7C2A42AC3E3EAF14D7107]
"A1F1E372A1B7C6347A384A8A9CA70D63"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7D05B2942E9CC80499F397F6114DFB35]
"A1F1E372A1B7C6347A384A8A9CA70D63"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AD746BF3B3B3FD8409B86604BA85982A]
"A1F1E372A1B7C6347A384A8A9CA70D63"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F355F0DB7A2E3A14B8E7A568FBA25937]
"A1F1E372A1B7C6347A384A8A9CA70D63"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8BA5CD9129705784F8B198C6A5C96EEA\InstallProperties]
"Publisher"="Adpeak, Inc."
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A1F1E372A1B7C6347A384A8A9CA70D63\InstallProperties]
"HelpLink"="http://www.adpeak.com/"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A1F1E372A1B7C6347A384A8A9CA70D63\InstallProperties]
"Publisher"="Adpeak, Inc."
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{19DC5AB8-0792-4875-8F1B-896C5A9CE6AE}]
"Publisher"="Adpeak, Inc."
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{273E1F1A-7B1A-436C-A783-A4A8C97AD036}]
"HelpLink"="http://www.adpeak.com/"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{273E1F1A-7B1A-436C-A783-A4A8C97AD036}]
"Publisher"="Adpeak, Inc."
[HKEY_USERS\S-1-5-21-588712172-2151725499-4229388137-1001\Software\Adpeak, Inc.]

-= EOF =-

[AdvancedSetup]

Please delete your current copy of Combofix and then download a new fresh copy and save it to your desktop.
 
 

• Direct download link for: ComboFix.exe
• NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.

Then save the attached file CFScript.txt to the same location as Combofix and then drag-and-drop it using your mouse onto combofix.exe and it will run again and create a new log file.  Please post back that new log file when done.

 

CFScript.txt

[Leila]

Here's the Combofix log......................................

 

ComboFix 13-11-07.01 - Linda 11/07/2013  20:19:32.3.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.5992.3617 [GMT -8:00]
Running from: c:\users\Linda\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2013-10-08 to 2013-11-08  )))))))))))))))))))))))))))))))
.
.
2013-11-08 04:22 . 2013-11-08 04:22    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-11-01 02:28 . 2013-11-01 02:28    --------    d-----w-    c:\program files (x86)\ScorpionSaver
2013-11-01 02:28 . 2013-11-01 02:28    --------    d-----w-    c:\program files (x86)\Level Quality Watcher
2013-11-01 01:42 . 2013-11-01 01:42    --------    d-----w-    c:\windows\ERUNT
2013-10-31 06:23 . 2013-10-31 06:51    --------    d-----w-    c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-10-31 06:23 . 2013-10-31 06:40    116440    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2013-10-31 06:18 . 2013-10-31 06:39    91352    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2013-10-31 04:09 . 2013-10-31 04:32    --------    d-----w-    c:\users\Linda\AppData\Roaming\U3
2013-10-30 19:41 . 2013-10-30 19:41    --------    d-----w-    c:\users\Linda\AppData\Roaming\Malwarebytes
2013-10-30 19:40 . 2013-10-30 19:40    --------    d-----w-    c:\programdata\Malwarebytes
2013-10-30 19:40 . 2013-10-30 19:41    --------    d-----w-    c:\program files (x86)\Malwarebytes' Anti-Malware
2013-10-30 19:40 . 2013-04-04 21:50    25928    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-10-30 19:40 . 2013-10-30 19:40    --------    d-----w-    c:\users\Linda\AppData\Local\Programs
2013-10-30 04:39 . 2013-10-30 04:39    --------    d-----w-    c:\programdata\Oracle
2013-10-30 04:39 . 2013-10-30 04:39    --------    d-----w-    c:\program files (x86)\Common Files\Java
2013-10-30 04:38 . 2013-10-30 04:38    96168    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-30 04:38 . 2013-10-30 04:38    --------    d-----w-    c:\program files (x86)\Java
2013-10-29 20:56 . 2013-10-29 20:56    --------    d--h--w-    c:\programdata\Common Files
2013-10-22 01:10 . 2013-10-22 01:10    --------    d-----w-    c:\program files\McAfee Security Scan
2013-10-16 03:02 . 2013-09-23 20:49    197704    ----a-w-    c:\windows\system32\drivers\HipShieldK.sys
2013-10-10 23:58 . 2013-10-10 23:58    --------    d-----w-    c:\users\Linda\AppData\Local\McAfee File Lock
2013-10-10 10:05 . 2013-09-23 01:25    775256    ----a-w-    c:\program files\Internet Explorer\iexplore.exe
2013-10-10 03:49 . 2013-07-04 12:50    633856    ----a-w-    c:\windows\system32\comctl32.dll
2013-10-10 03:49 . 2013-07-04 11:50    530432    ----a-w-    c:\windows\SysWow64\comctl32.dll
2013-10-10 03:49 . 2013-07-12 10:41    100864    ----a-w-    c:\windows\system32\drivers\usbcir.sys
2013-10-10 03:49 . 2013-07-12 10:40    109824    ----a-w-    c:\windows\system32\drivers\USBAUDIO.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-10 10:02 . 2011-07-08 00:34    80541720    ----a-w-    c:\windows\system32\MRT.exe
2013-10-09 02:59 . 2012-04-12 10:18    692616    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-10-09 02:59 . 2011-07-09 00:49    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-02 21:14 . 2013-10-02 21:14    58192    ----a-w-    c:\windows\system32\drivers\lsnfd.sys
2013-09-25 03:29 . 2013-05-13 23:30    70112    ----a-w-    c:\windows\system32\drivers\cfwids.sys
2013-09-25 03:25 . 2013-02-19 20:56    343568    ----a-w-    c:\windows\system32\drivers\mfewfpk.sys
2013-09-25 03:25 . 2013-05-13 23:24    182752    ----a-w-    c:\windows\system32\mfevtps.exe
2013-09-25 03:22 . 2013-02-19 20:54    781312    ----a-w-    c:\windows\system32\drivers\mfehidk.sys
2013-09-25 03:21 . 2013-05-13 23:30    519192    ----a-w-    c:\windows\system32\drivers\mfefirek.sys
2013-09-25 03:20 . 2013-05-13 23:30    310224    ----a-w-    c:\windows\system32\drivers\mfeavfk.sys
2013-09-25 03:19 . 2013-02-19 20:52    179664    ----a-w-    c:\windows\system32\drivers\mfeapfk.sys
2013-09-20 16:38 . 2013-09-20 16:38    10856    ----a-w-    c:\windows\system32\drivers\mfeclnrk.sys
2013-09-20 16:38 . 2013-09-20 16:38    95984    ----a-w-    c:\windows\system32\drivers\mfencrk.sys
2013-09-20 16:37 . 2013-09-20 16:37    390552    ----a-w-    c:\windows\system32\drivers\mfencbdc.sys
2013-09-09 18:11 . 2013-05-13 23:30    74560    ----a-w-    c:\windows\system32\drivers\McPvDrv.sys
2013-08-29 01:48 . 2013-10-10 03:48    44032    ----a-w-    c:\windows\apppatch\acwow64.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GoogleChromeAutoLaunch_72A69F45706A1906C3BB8A81AA94F778"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2013-10-09 844752]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"jmekey"="c:\program files (x86)\jmesoft\hotkey.exe" [2009-07-16 114688]
"Lenovo Eye Distance System"="c:\program files\Lenovo\Lenovo Eye Distance System\Lenovo Eye Distance System.exe" [2010-09-09 265216]
"Lenovo Dynamic Brightness System"="c:\program files\Lenovo\Lenovo Brightness System\Lenovo Dynamic Brightness System.exe" [2010-10-08 285696]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 958576]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-09-24 537512]
"mcpltui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-09-24 537512]
.
c:\users\Linda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Launch Utility Application.lnk - c:\users\Linda\AppData\Roaming\Verizon\UA_ar\UtilityApplication.exe [2012-8-31 903096]
Monitor Ink Alerts - HP Officejet 4620 series.lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Officejet 4620 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN28V2412305RT;CONNECTION=USB;MONITOR=1; [2009-7-13 45568]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.130\SSScheduler.exe [2013-9-6 324320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys;c:\windows\SYSNATIVE\drivers\HipShieldK.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe [x]
R3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\DRIVERS\mfencrk.sys;c:\windows\SYSNATIVE\DRIVERS\mfencrk.sys [x]
R3 ssmirrdr;ssmirrdr;c:\windows\system32\DRIVERS\ssmirrdr.sys;c:\windows\SYSNATIVE\DRIVERS\ssmirrdr.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
S0 fbfmon;fbfmon;c:\windows\system32\drivers\fbfmon.sys;c:\windows\SYSNATIVE\drivers\fbfmon.sys [x]
S0 McPvDrv;McPvDrv Driver;c:\windows\system32\drivers\McPvDrv.sys;c:\windows\SYSNATIVE\drivers\McPvDrv.sys [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]
S0 WinI2C-DDC;WinI2C-DDC Kernel Mode Driver;c:\windows\system32\drivers\DDCDrv.sys;c:\windows\SYSNATIVE\drivers\DDCDrv.sys [x]
S1 BPntDrv;BPntDrv;c:\windows\system32\drivers\BPntDrv.sys;c:\windows\SYSNATIVE\drivers\BPntDrv.sys [x]
S1 MOBK400Filter;MOBK400Filter;c:\windows\system32\DRIVERS\MOBK400.sys;c:\windows\SYSNATIVE\DRIVERS\MOBK400.sys [x]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [x]
S2 HomeNetSvc;McAfee Home Network;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
S2 McAPExe;McAfee AP Service;c:\program files\McAfee\MSC\McAPExe.exe;c:\program files\McAfee\MSC\McAPExe.exe [x]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 mcpltsvc;McAfee Platform Services;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 mfecore;McAfee Anti-Malware Core;c:\program files\Common Files\McAfee\AMCore\mcshield.exe;c:\program files\Common Files\McAfee\AMCore\mcshield.exe [x]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]
S2 MOBK400backup;McAfee Online Backup;c:\program files (x86)\McAfee Online Backup\MOBK400backup.exe;c:\program files (x86)\McAfee Online Backup\MOBK400backup.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x]
S3 GeneStor;Genesys Logic Storage Driver;c:\windows\system32\DRIVERS\GeneStor.sys;c:\windows\SYSNATIVE\DRIVERS\GeneStor.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x]
S3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\DRIVERS\mfencbdc.sys;c:\windows\SYSNATIVE\DRIVERS\mfencbdc.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-18 17:01    1185744    ----a-w-    c:\program files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 02:59]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK400]
@="{73552f1f-bf89-9213-24d3-b502f837bb93}"
[HKEY_CLASSES_ROOT\CLSID\{73552f1f-bf89-9213-24d3-b502f837bb93}]
2010-06-01 09:05    4741944    ----a-w-    c:\program files (x86)\McAfee Online Backup\MOBK400shell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK4002]
@="{81d6082a-73e9-8567-a371-6ad62982aca6}"
[HKEY_CLASSES_ROOT\CLSID\{81d6082a-73e9-8567-a371-6ad62982aca6}]
2010-06-01 09:05    4741944    ----a-w-    c:\program files (x86)\McAfee Online Backup\MOBK400shell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK4003]
@="{44391887-365b-8585-2ab9-799a50b9ef5e}"
[HKEY_CLASSES_ROOT\CLSID\{44391887-365b-8585-2ab9-799a50b9ef5e}]
2010-06-01 09:05    4741944    ----a-w-    c:\program files (x86)\McAfee Online Backup\MOBK400shell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-11-18 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-11-18 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-11-18 417304]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-10-26 11543656]
"UMonit"="c:\windows\SysWOW64\UMonit.exe" [2010-12-01 28672]
"Lenovo EE Boot Optimizer"="c:\program files (x86)\Lenovo\Boot Optimizer\PopWnd.exe" [2011-05-19 114688]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <-loopback>
Trusted Zone: microsoft.com\.windowsupdate
Trusted Zone: windowsupdate.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\jeuc81t6.default-1383517261482\
FF - ExtSQL: 2013-11-03 09:50; {4ED1F68A-5463-4931-9384-8FFF5ED91D92}; c:\program files (x86)\McAfee\SiteAdvisor
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
SafeBoot-34745535.sys
SafeBoot-64969591.sys
AddRemove-Browsersafeguard - c:\program files (x86)\Browsersafeguard\uninstall.browsersafeguard.exe
AddRemove-Linksicle - c:\program files (x86)\Linksicle\Uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-11-07  20:24:14
ComboFix-quarantined-files.txt  2013-11-08 04:24
.
Pre-Run: 1,407,308,095,488 bytes free
Post-Run: 1,407,242,588,160 bytes free
.
- - End Of File - - EA054749379D7D98E9EB8BC0DF4B9271
A36C5E4F47E84449FF07ED3517B43A31

[AdvancedSetup]

Please try again.  It did not run with the CFscript.txt file.

 

Running from: c:\users\Linda\Desktop\ComboFix.exe

 

It will include the script name and switch in the run line when done correctly as well as it will show the file deletions

 

Thanks

[Leila]

Here's the Combofix log.  I hope I did it right this time.    

 

ComboFix 13-11-07.01 - Linda 11/08/2013  14:31:30.4.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.5992.3805 [GMT -8:00]
Running from: c:\users\Linda\Desktop\ComboFix.exe
Command switches used :: c:\users\Linda\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\temp\ScorpionSaver.msi"
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\ScorpionSaver
c:\program files (x86)\ScorpionSaver\CustomActionInstall
c:\program files (x86)\ScorpionSaver\CustomActionUninstall
c:\program files (x86)\ScorpionSaver\IECore.dll
c:\program files (x86)\ScorpionSaver\Microsoft.Deployment.WindowsInstaller.dll
c:\program files (x86)\ScorpionSaver\Microsoft.Deployment.WindowsInstaller.xml
c:\program files (x86)\ScorpionSaver\SendJson.dll
c:\temp\ScorpionSaver.msi
.
.
(((((((((((((((((((((((((   Files Created from 2013-10-08 to 2013-11-08  )))))))))))))))))))))))))))))))
.
.
2013-11-08 22:35 . 2013-11-08 22:35    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-11-01 02:28 . 2013-11-01 02:28    --------    d-----w-    c:\program files (x86)\Level Quality Watcher
2013-11-01 01:42 . 2013-11-01 01:42    --------    d-----w-    c:\windows\ERUNT
2013-10-31 06:23 . 2013-10-31 06:51    --------    d-----w-    c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-10-31 06:23 . 2013-10-31 06:40    116440    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2013-10-31 06:18 . 2013-10-31 06:39    91352    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2013-10-31 04:09 . 2013-10-31 04:32    --------    d-----w-    c:\users\Linda\AppData\Roaming\U3
2013-10-30 19:41 . 2013-10-30 19:41    --------    d-----w-    c:\users\Linda\AppData\Roaming\Malwarebytes
2013-10-30 19:40 . 2013-10-30 19:40    --------    d-----w-    c:\programdata\Malwarebytes
2013-10-30 19:40 . 2013-10-30 19:41    --------    d-----w-    c:\program files (x86)\Malwarebytes' Anti-Malware
2013-10-30 19:40 . 2013-04-04 21:50    25928    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-10-30 19:40 . 2013-10-30 19:40    --------    d-----w-    c:\users\Linda\AppData\Local\Programs
2013-10-30 04:39 . 2013-10-30 04:39    --------    d-----w-    c:\programdata\Oracle
2013-10-30 04:39 . 2013-10-30 04:39    --------    d-----w-    c:\program files (x86)\Common Files\Java
2013-10-30 04:38 . 2013-10-30 04:38    96168    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-30 04:38 . 2013-10-30 04:38    --------    d-----w-    c:\program files (x86)\Java
2013-10-29 20:56 . 2013-10-29 20:56    --------    d--h--w-    c:\programdata\Common Files
2013-10-22 01:10 . 2013-10-22 01:10    --------    d-----w-    c:\program files\McAfee Security Scan
2013-10-16 03:02 . 2013-09-23 20:49    197704    ----a-w-    c:\windows\system32\drivers\HipShieldK.sys
2013-10-10 23:58 . 2013-10-10 23:58    --------    d-----w-    c:\users\Linda\AppData\Local\McAfee File Lock
2013-10-10 10:05 . 2013-09-23 01:25    775256    ----a-w-    c:\program files\Internet Explorer\iexplore.exe
2013-10-10 03:49 . 2013-07-04 12:50    633856    ----a-w-    c:\windows\system32\comctl32.dll
2013-10-10 03:49 . 2013-07-04 11:50    530432    ----a-w-    c:\windows\SysWow64\comctl32.dll
2013-10-10 03:49 . 2013-07-12 10:41    100864    ----a-w-    c:\windows\system32\drivers\usbcir.sys
2013-10-10 03:49 . 2013-07-12 10:40    109824    ----a-w-    c:\windows\system32\drivers\USBAUDIO.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-10 10:02 . 2011-07-08 00:34    80541720    ----a-w-    c:\windows\system32\MRT.exe
2013-10-09 02:59 . 2012-04-12 10:18    692616    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-10-09 02:59 . 2011-07-09 00:49    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-02 21:14 . 2013-10-02 21:14    58192    ----a-w-    c:\windows\system32\drivers\lsnfd.sys
2013-09-25 03:29 . 2013-05-13 23:30    70112    ----a-w-    c:\windows\system32\drivers\cfwids.sys
2013-09-25 03:25 . 2013-02-19 20:56    343568    ----a-w-    c:\windows\system32\drivers\mfewfpk.sys
2013-09-25 03:25 . 2013-05-13 23:24    182752    ----a-w-    c:\windows\system32\mfevtps.exe
2013-09-25 03:22 . 2013-02-19 20:54    781312    ----a-w-    c:\windows\system32\drivers\mfehidk.sys
2013-09-25 03:21 . 2013-05-13 23:30    519192    ----a-w-    c:\windows\system32\drivers\mfefirek.sys
2013-09-25 03:20 . 2013-05-13 23:30    310224    ----a-w-    c:\windows\system32\drivers\mfeavfk.sys
2013-09-25 03:19 . 2013-02-19 20:52    179664    ----a-w-    c:\windows\system32\drivers\mfeapfk.sys
2013-09-20 16:38 . 2013-09-20 16:38    10856    ----a-w-    c:\windows\system32\drivers\mfeclnrk.sys
2013-09-20 16:38 . 2013-09-20 16:38    95984    ----a-w-    c:\windows\system32\drivers\mfencrk.sys
2013-09-20 16:37 . 2013-09-20 16:37    390552    ----a-w-    c:\windows\system32\drivers\mfencbdc.sys
2013-09-09 18:11 . 2013-05-13 23:30    74560    ----a-w-    c:\windows\system32\drivers\McPvDrv.sys
2013-08-29 01:48 . 2013-10-10 03:48    44032    ----a-w-    c:\windows\apppatch\acwow64.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GoogleChromeAutoLaunch_72A69F45706A1906C3BB8A81AA94F778"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2013-10-09 844752]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"jmekey"="c:\program files (x86)\jmesoft\hotkey.exe" [2009-07-16 114688]
"Lenovo Eye Distance System"="c:\program files\Lenovo\Lenovo Eye Distance System\Lenovo Eye Distance System.exe" [2010-09-09 265216]
"Lenovo Dynamic Brightness System"="c:\program files\Lenovo\Lenovo Brightness System\Lenovo Dynamic Brightness System.exe" [2010-10-08 285696]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 958576]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-09-24 537512]
"mcpltui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-09-24 537512]
.
c:\users\Linda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Launch Utility Application.lnk - c:\users\Linda\AppData\Roaming\Verizon\UA_ar\UtilityApplication.exe [2012-8-31 903096]
Monitor Ink Alerts - HP Officejet 4620 series.lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Officejet 4620 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN28V2412305RT;CONNECTION=USB;MONITOR=1; [2009-7-13 45568]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.130\SSScheduler.exe [2013-9-6 324320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys;c:\windows\SYSNATIVE\drivers\HipShieldK.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe [x]
R3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\DRIVERS\mfencrk.sys;c:\windows\SYSNATIVE\DRIVERS\mfencrk.sys [x]
R3 ssmirrdr;ssmirrdr;c:\windows\system32\DRIVERS\ssmirrdr.sys;c:\windows\SYSNATIVE\DRIVERS\ssmirrdr.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
S0 fbfmon;fbfmon;c:\windows\system32\drivers\fbfmon.sys;c:\windows\SYSNATIVE\drivers\fbfmon.sys [x]
S0 McPvDrv;McPvDrv Driver;c:\windows\system32\drivers\McPvDrv.sys;c:\windows\SYSNATIVE\drivers\McPvDrv.sys [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]
S0 WinI2C-DDC;WinI2C-DDC Kernel Mode Driver;c:\windows\system32\drivers\DDCDrv.sys;c:\windows\SYSNATIVE\drivers\DDCDrv.sys [x]
S1 BPntDrv;BPntDrv;c:\windows\system32\drivers\BPntDrv.sys;c:\windows\SYSNATIVE\drivers\BPntDrv.sys [x]
S1 MOBK400Filter;MOBK400Filter;c:\windows\system32\DRIVERS\MOBK400.sys;c:\windows\SYSNATIVE\DRIVERS\MOBK400.sys [x]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [x]
S2 HomeNetSvc;McAfee Home Network;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
S2 McAPExe;McAfee AP Service;c:\program files\McAfee\MSC\McAPExe.exe;c:\program files\McAfee\MSC\McAPExe.exe [x]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 mcpltsvc;McAfee Platform Services;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 mfecore;McAfee Anti-Malware Core;c:\program files\Common Files\McAfee\AMCore\mcshield.exe;c:\program files\Common Files\McAfee\AMCore\mcshield.exe [x]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]
S2 MOBK400backup;McAfee Online Backup;c:\program files (x86)\McAfee Online Backup\MOBK400backup.exe;c:\program files (x86)\McAfee Online Backup\MOBK400backup.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x]
S3 GeneStor;Genesys Logic Storage Driver;c:\windows\system32\DRIVERS\GeneStor.sys;c:\windows\SYSNATIVE\DRIVERS\GeneStor.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x]
S3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\DRIVERS\mfencbdc.sys;c:\windows\SYSNATIVE\DRIVERS\mfencbdc.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-18 17:01    1185744    ----a-w-    c:\program files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 02:59]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK400]
@="{73552f1f-bf89-9213-24d3-b502f837bb93}"
[HKEY_CLASSES_ROOT\CLSID\{73552f1f-bf89-9213-24d3-b502f837bb93}]
2010-06-01 09:05    4741944    ----a-w-    c:\program files (x86)\McAfee Online Backup\MOBK400shell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK4002]
@="{81d6082a-73e9-8567-a371-6ad62982aca6}"
[HKEY_CLASSES_ROOT\CLSID\{81d6082a-73e9-8567-a371-6ad62982aca6}]
2010-06-01 09:05    4741944    ----a-w-    c:\program files (x86)\McAfee Online Backup\MOBK400shell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK4003]
@="{44391887-365b-8585-2ab9-799a50b9ef5e}"
[HKEY_CLASSES_ROOT\CLSID\{44391887-365b-8585-2ab9-799a50b9ef5e}]
2010-06-01 09:05    4741944    ----a-w-    c:\program files (x86)\McAfee Online Backup\MOBK400shell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-11-18 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-11-18 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-11-18 417304]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-10-26 11543656]
"UMonit"="c:\windows\SysWOW64\UMonit.exe" [2010-12-01 28672]
"Lenovo EE Boot Optimizer"="c:\program files (x86)\Lenovo\Boot Optimizer\PopWnd.exe" [2011-05-19 114688]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <-loopback>
Trusted Zone: microsoft.com\.windowsupdate
Trusted Zone: windowsupdate.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\jeuc81t6.default-1383517261482\
FF - ExtSQL: 2013-11-03 09:50; {4ED1F68A-5463-4931-9384-8FFF5ED91D92}; c:\program files (x86)\McAfee\SiteAdvisor
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
AddRemove-Browsersafeguard - c:\program files (x86)\Browsersafeguard\uninstall.browsersafeguard.exe
AddRemove-Linksicle - c:\program files (x86)\Linksicle\Uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-11-08  14:37:20
ComboFix-quarantined-files.txt  2013-11-08 22:37
ComboFix2.txt  2013-11-08 04:24
.
Pre-Run: 1,407,087,366,144 bytes free
Post-Run: 1,407,020,204,032 bytes free
.
- - End Of File - - 48455FA4A4957B33EC54E79E6F1F2FE6
A36C5E4F47E84449FF07ED3517B43A31
 

[AdvancedSetup]

There we go that should have removed it.  Please update your Adobe Flash player.

 

http://get.adobe.com/flashplayer/

 

Please download Security Check by screen317 from HERE or HERE.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• If you get Unsupported operating system. Aborting now, just reboot and try again.
• A Notepad document should open automatically called checkup.txt.
• Please Post the contents of that document.
• Do Not Attach It!!!
  

 

[Leila]

Here's the log for  Security Check...............................

 

 Results of screen317's Security Check version 0.99.76  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
McAfee Anti-Virus and Anti-Spyware   
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 JavaFX 2.1.1    
 Java 7 Update 45  
 Adobe Flash Player 11.9.900.117  
 Adobe Reader 10.1.8 Adobe Reader out of Date!  
 Mozilla Firefox (25.0)
 Google Chrome 30.0.1599.101  
 Google Chrome 30.0.1599.69  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
 McAfee Online Backup MOBK400backup.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 

[Leila]

I'm surprised that the Security Check still shows Adobe Reader out of date.  I did the update prior to downloading and running Security Check.

 

Scorpion Saver by Adpeak is no longer listed on my list of programs.

[AdvancedSetup]

Security Check can sometimes miss the Adobe updates so not an issue.

 

How is the computer running now?

Are there still any signs of an infection ?

[Leila]

The computer is running just fine now.  It's running smoothly and quickly.  I don't see any signs of infection at all. 

 

I haven't downloaded and installed Malwarebytes Pro yet, as I wanted to make sure everything was running normally first.  If I understand correctly, I'm to disable my antivirus, then download and install Malwarebytes Pro. 

 

Upon installation will Malwarebytes Pro automatically ignore the 9 McAfee components and put them on the ignore list, or do I have to manually put them on the ignore list?

[AdvancedSetup]

You would need to put the exclusions into MBAM manually.

 

 

 

 

 

At this time there are no more signs of an infection on your system.
However if you are still seeing any signs of an infection please let me know.

Let's go ahead and remove the tools and logs we've used during this process.

Most of the tools used are potentially dangerous to use unsupervised or if ran at the wrong time.
They are often updated daily so if you went to use them again in the future they would be outdated anyways.

The following procedures will implement some cleanup procedures to remove these tools.
It will also reset your System Restore by flushing out previous restore points and create a new restore point.
It will also remove all the backups our tools may have created.

Uninstall ComboFix (if used):

• Turn off all active protection software including your antivirus.
• Push the "Windows key" + "R" (between the "Ctrl" button and "Alt" Button)
• Please copy and past the following into the box ComboFix /Uninstall and click OK.
• Note the space between the X and the /Uninstall, it needs to be there.
  

 
Remove the rest of the tools used:
 

Please download

OTCleanIt

and save it to your Desktop. This tool will remove all the tools we used to clean your pc.

• Double-click OTCleanIt.exe.
• Click the CleanUp! button.
• Select Yes when the "Begin cleanup Process?" prompt appears.
• If you are prompted to Reboot during the cleanup, select Yes.
• The tool will delete itself once it finishes, if not go ahead and delete it by yourself.
• If asked to restart the computer, please do so
  

Note:

If you receive a warning from your firewall or other security programs regarding

OTCleanIt

attempting to contact the internet, please allow it to do so.

AdwCleaner Removal:

• Double click on AdwCleaner.exe to run the tool.
• Click on Uninstall
• Confirm with Yes
  

ESET antivirus Removal:

• This tool can be uninstalled via the Control Panel, Programs, Uninstall
  

 
 
If there are any other left over Folders, Files, Logs then you can delete them on your own.
 
Please visit the following link to see how to delete old System Restore Points. Please delete all of them and create a new one at this time.
How to Delete System Protection Restore Points in Windows 7 and Windows 8

Remove all but the most recent Restore Point on Windows XP


As Java seems to get exploited on a regular basis I advise not using Java if possible but to at least disable java in your web browsers
How do I disable Java in my web browser? - Disable Java

A lot of reading here but if you take the time to read a bit of it you'll see why/how infections and general damage are so easily inflicted on the computer. There is also advice on how to prevent it and keep the system working well. Don't forget about good, solid backups of your data to an external drive that is not connected except when backing up your data. If you leave a backup drive connected and you do get infected it can easily damage, encrypt, delete, or corrupt your backups as well and then you'd lose all data.
Nothing is 100% bulletproof but with a little bit of education you can certainly swing things in your favor.

• How Malware Spreads - How did I get infected
• Best Practices for Safe Computing - Prevention of Malware Infection
• Avoiding those unwanted free applications
• A close look at how Oracle installs deceptive software with Java updates
• IAC / Ask.com toolbars
• Malwarebytes Unpacked Blog
  

If you're not currently using Malwarebytes PRO then you may want to consider purchasing the product which can also help greatly reduce the risk of a future infection.

[Leila]

I've uninstalled Combofix and used OTCleanIt to remove the tools used.  It's looking good!

 

I can't thank you enough for all your help!   Thank you so much for all your time and patience in helping to resolve this computer malware. 

[AdvancedSetup]

You're quite welcome Leila.  Good luck and stay safe out there. 

 

Don't forget to tell your friends and family about Malwarebytes