Jump to content

My computer is infected, appears to be the Scorpion virus

dcw182

By dcw182
in Resolved Malware Removal Logs

 Share

Recommended Posts

dcw182

dcw182

Posted
  • Author
Posted

By George I think we got it!!

 

 

RogueKiller V8.7.11 _x64_ [Nov 25 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Debbie [Admin rights]
Mode : Scan -- Date : 12/09/2013 20:49:36
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 10 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowHelp (0) -> FOUND
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Startup Entries : 1 ¤¤¤
[Debbie][sUSP PATH] _uninst_05648578.lnk : C:\Users\Debbie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_05648578.lnk @C:\Users\Debbie\AppData\Local\Temp\_uninst_05648578.bat [-][x] -> FOUND
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Hitachi HTS545032B9A300 +++++
--- User ---
[MBR] 5ea7e81eaf591d3ec1f78e1d30874d01
[bSP] b7b3eb14adfd50ca04b936abaf85fbb5 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 15000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30926848 | Size: 290143 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_S_12092013_204936.txt >>
Link to post
Share on other sites
dcw182

dcw182

Posted
  • Author
Posted

I downloaded ComboFix.exe and right at the end of the download my McAfee program said it quarantined a Trojan.  I have disabled my firewall on McAfee before running this.  And when I went to open the ComboFix.exe file it says "Safari can't show the file because it has moved since you downloaded it."

 

now what?

Link to post
Share on other sites
dcw182

dcw182

Posted
  • Author
Posted

It worked!  

 

 

ComboFix 13-12-08.01 - Debbie 12/09/13  22:02:44.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3893.1981 [GMT -6:00]
Running from: c:\users\Debbie\AppData\Local\Temp\Temp1_ComboFix.zip\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\CRRedist2008_x86.exe
c:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack
c:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\bootstrap.js
c:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\defaults\preferences\prefs.js
c:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\addon-kit\lib\page-mod.js
c:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\addon-kit\lib\private-browsing.js
c:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\addon-kit\lib\request.js
c:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\addon-kit\lib\windows.js
c:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\addon\runner.js
c:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\api-utils.js
c:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\base64.js
c:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\byte-streams.js
c:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\collection.js
c:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\content.js
c:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\content\content-proxy.js
c:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\content\content-worker.js
c:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\content\loader.js
c:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\content\symbiont.js
c:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\content\worker.js
c:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\cortex.js
c:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\cuddlefish.js
c:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\deprecate.js
c:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\dom\events.js
c:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\environment.js
c:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\errors.js
c:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\event\core.js
c:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\event\target.js
c:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\events.js
c:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\events\assembler.js
c:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\file.js
c:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\functional.js
c:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\globals.js
c:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\heritage.js
c:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\hidden-frame.js
c:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\l10n\core.js
c:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\l10n\html.js
c:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\l10n\loader.js
c:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\l10n\locale.js
c:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\l10n\prefs.js
c:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\light-traits.js
c:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\list.js
c:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\loader.js
c:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\match-pattern.js
c:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\memory.js
c:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\namespace.js
c:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\observer-service.js
c:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\plain-text-console.js
c:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\preferences-service.js
c:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\private-browsing\utils.js
c:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\promise.js
c:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\querystring.js
c:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\runtime.js
c:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\sandbox.js
c:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\self.js
c:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\system.js
c:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\system\events.js
c:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\tabs\events.js
c:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\tabs\observer.js
c:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\tabs\tab.js
c:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\tabs\utils.js
c:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\text-streams.js
c:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\timer.js
c:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\traceback.js
c:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\traits.js
c:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\traits\core.js
c:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\unload.js
c:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\url.js
c:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\utils\data.js
c:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\utils\object.js
c:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\utils\registry.js
c:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\utils\thumbnail.js
c:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\uuid.js
c:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\window-utils.js
c:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\window\utils.js
c:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\windows\dom.js
c:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\windows\loader.js
c:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\windows\observer.js
c:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\windows\tabs.js
c:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\xhr.js
c:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\xpcom.js
c:\users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\extensions\ScorpionSaver@jetpack\resources\api-utils\lib\xul-app.js
c:\windows\PFRO.log
.
.
(((((((((((((((((((((((((   Files Created from 2013-11-10 to 2013-12-10  )))))))))))))))))))))))))))))))
.
.
2013-12-10 04:13 . 2013-12-10 04:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-12-10 04:09 . 2013-12-10 04:09 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D3091C3C-2D9B-47B5-BDF5-CBF7D08BA74B}\offreg.dll
2013-12-09 00:22 . 2013-11-18 07:28 10285968 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D3091C3C-2D9B-47B5-BDF5-CBF7D08BA74B}\mpengine.dll
2013-12-07 04:34 . 2013-12-10 01:56 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-12-07 04:34 . 2013-12-10 01:17 117464 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2013-12-07 04:31 . 2013-12-10 01:16 89304 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-12-06 18:05 . 2013-12-10 01:04 -------- d-----w- C:\FRST
2013-12-03 20:26 . 2013-12-03 20:26 -------- d-----w- C:\_OTM
2013-12-03 18:32 . 2013-04-04 20:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-12-03 18:32 . 2013-12-03 18:33 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-12-03 17:28 . 2013-12-06 05:04 -------- d-----w- C:\AdwCleaner
2013-12-03 17:07 . 2013-12-03 17:07 -------- d-----w- c:\program files (x86)\VS Revo Group
2013-12-03 16:19 . 2013-09-23 19:49 197704 ----a-w- c:\windows\system32\drivers\HipShieldK.sys
2013-12-03 16:17 . 2013-12-03 16:17 -------- d-----w- c:\program files\McAfee.com
2013-12-03 16:17 . 2013-12-06 07:37 -------- d-----w- c:\program files (x86)\McAfee
2013-12-03 15:36 . 2013-11-04 22:46 182752 ----a-w- c:\windows\system32\mfevtps.exe
2013-11-29 14:16 . 2013-11-29 14:16 -------- d-----w- c:\windows\Migration
2013-11-29 06:25 . 2013-11-29 06:25 -------- d-----w- c:\users\Debbie\AppData\Roaming\Malwarebytes
2013-11-29 06:25 . 2013-11-29 06:25 -------- d-----w- c:\programdata\Malwarebytes
2013-11-29 06:23 . 2013-11-29 06:23 -------- d-----w- c:\users\Debbie\AppData\Local\Programs
2013-11-29 05:22 . 2013-11-29 05:22 -------- d-----w- c:\users\Debbie\AppData\Roaming\McAFee TechCheck
2013-11-29 05:20 . 2000-05-22 07:00 244416 ----a-w- c:\windows\SysWow64\Msflxgrd.ocx
2013-11-29 05:20 . 2000-05-22 07:00 203976 ----a-w- c:\windows\SysWow64\RICHTX32.OCX
2013-11-29 05:20 . 2013-11-29 05:24 -------- d-----w- c:\users\Debbie\AppData\Roaming\TechCheck
2013-11-28 15:50 . 2013-12-03 16:18 -------- d-----w- c:\program files\Common Files\McAfee
2013-11-28 15:24 . 2013-11-28 15:31 -------- d-----w- c:\program files\stinger
2013-11-28 03:51 . 2013-11-28 03:51 -------- d-----w- c:\program files\iPod
2013-11-28 03:51 . 2013-11-28 03:53 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-11-28 03:51 . 2013-11-28 03:52 -------- d-----w- c:\program files\iTunes
2013-11-28 03:51 . 2013-11-28 03:52 -------- d-----w- c:\program files (x86)\iTunes
2013-11-28 02:10 . 2013-10-16 16:18 439296 ----a-w- c:\windows\system32\AdpeakProxy64.dll
2013-11-27 23:04 . 2013-10-15 00:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
2013-11-27 22:52 . 2013-11-27 22:52 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-11-27 22:52 . 2013-11-27 22:52 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-11-15 19:51 . 2013-11-15 19:58 -------- d-----w- C:\bbc32f117dc597ff11b76deb
2013-11-15 02:49 . 2013-10-05 20:25 1474048 ----a-w- c:\windows\system32\crypt32.dll
2013-11-15 02:49 . 2013-10-05 19:57 1168384 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-11-15 02:49 . 2013-09-28 01:09 497152 ----a-w- c:\windows\system32\drivers\afd.sys
2013-11-15 02:49 . 2013-10-04 02:24 1930752 ----a-w- c:\windows\system32\authui.dll
2013-11-15 02:49 . 2013-10-04 02:28 190464 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll
2013-11-15 02:49 . 2013-10-04 02:25 197120 ----a-w- c:\windows\system32\credui.dll
2013-11-15 02:49 . 2013-10-04 01:56 1796096 ----a-w- c:\windows\SysWow64\authui.dll
2013-11-15 02:49 . 2013-10-04 01:58 152576 ----a-w- c:\windows\SysWow64\SmartcardCredentialProvider.dll
2013-11-15 02:49 . 2013-10-04 01:56 168960 ----a-w- c:\windows\SysWow64\credui.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-10 02:21 . 2013-10-29 03:27 16152 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2013-11-27 22:44 . 2012-04-10 05:46 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-11-27 22:44 . 2012-03-14 21:57 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-21 12:52 . 2013-10-22 05:15 46368 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2013-11-19 09:33 . 2010-09-03 06:14 267936 ------w- c:\windows\system32\MpSigStub.exe
2013-11-18 18:07 . 2013-08-08 03:53 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2013-11-07 22:00 . 2010-09-05 00:05 82896128 ----a-w- c:\windows\system32\MRT.exe
2013-11-04 22:51 . 2013-09-25 02:29 70112 ----a-w- c:\windows\system32\drivers\cfwids.sys
2013-11-04 22:46 . 2013-09-25 02:25 343696 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2013-11-04 22:43 . 2013-09-25 02:22 782360 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2013-11-04 22:41 . 2013-09-25 02:21 519576 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2013-11-04 22:40 . 2013-09-25 02:20 311120 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2013-11-04 22:39 . 2013-09-25 02:19 179792 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2013-10-20 15:31 . 2013-10-20 15:31 17813896 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-09-25 02:25 . 2013-10-09 05:42 182752 ----a-w- c:\windows\system32\mfevtps.exe.82a7.deleteme
2013-09-20 15:38 . 2013-09-20 15:38 10856 ----a-w- c:\windows\system32\drivers\mfeclnrk.sys
2013-09-20 15:38 . 2013-09-20 15:38 95984 ----a-w- c:\windows\system32\drivers\mfencrk.sys
2013-09-20 15:37 . 2013-09-20 15:37 390552 ----a-w- c:\windows\system32\drivers\mfencbdc.sys
2013-09-17 15:29 . 2013-09-21 04:39 30752 ----a-w- c:\windows\system32\drivers\ElRawDsk.sys
2013-09-12 03:21 . 2013-09-12 03:21 863344 ----a-w- c:\windows\SysWow64\msvcr110_clr0400.dll
2013-09-12 03:21 . 2013-09-12 03:21 501872 ----a-w- c:\windows\SysWow64\msvcp110_clr0400.dll
2013-09-12 03:21 . 2013-09-12 03:21 28776 ----a-w- c:\windows\SysWow64\aspnet_counters.dll
2013-09-12 03:21 . 2013-09-12 03:21 18000 ----a-w- c:\windows\SysWow64\msvcr100_clr0400.dll
2013-09-12 01:39 . 2013-09-12 01:39 855664 ----a-w- c:\windows\system32\msvcr110_clr0400.dll
2013-09-12 01:39 . 2013-09-12 01:39 614000 ----a-w- c:\windows\system32\msvcp110_clr0400.dll
2013-09-12 01:39 . 2013-09-12 01:39 30312 ----a-w- c:\windows\system32\aspnet_counters.dll
2013-09-12 01:39 . 2013-09-12 01:39 18000 ----a-w- c:\windows\system32\msvcr100_clr0400.dll
2012-01-06 19:41 . 2012-01-06 19:41 14848 ----a-w- c:\program files (x86)\EDDI7.vshost.exe
2012-01-06 19:40 . 2012-01-06 19:40 10718208 ----a-w- c:\program files (x86)\EDDI7.exe
2012-01-06 19:40 . 2012-01-06 19:40 71168 ----a-w- c:\program files (x86)\TRIBUTA_LN.DLL
2012-01-06 19:40 . 2012-01-06 19:40 281600 ----a-w- c:\program files (x86)\TRIBUTA_EN.DLL
2012-01-06 19:40 . 2012-01-06 19:40 17408 ----a-w- c:\program files (x86)\TRIBUTA_AD.DLL
2011-08-25 15:58 . 2011-08-25 15:58 17920 ----a-w- c:\program files (x86)\Microsoft.VisualStudio.HostingProcess.Utilities.Sync.dll
2011-02-19 03:54 . 2011-02-19 03:54 3518464 ----a-w- c:\program files (x86)\itextsharp.DLL
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Debbie\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Debbie\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Debbie\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-11-02 152392]
"mcpltui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-09-24 537512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-14 559616]
.
c:\users\Debbie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Webshots.lnk - c:\program files (x86)\Webshots\3.1.5.7619\Launcher.exe  /t [2010-9-4 157088]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck autochk /p \??\F:\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 ioloSystemService;iolo System Service;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe [x]
R2 vToolbarUpdater17.1.3;vToolbarUpdater17.1.3;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.3\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.3\ToolbarUpdater.exe [x]
R3 acfva;acfva;c:\windows\system32\DRIVERS\ACFVA64.sys;c:\windows\SYSNATIVE\DRIVERS\ACFVA64.sys [x]
R3 dgcfltr;DGC Filter Driver;c:\windows\system32\DRIVERS\ACFDCP64.sys;c:\windows\SYSNATIVE\DRIVERS\ACFDCP64.sys [x]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys;c:\windows\SYSNATIVE\drivers\HipShieldK.sys [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbdev.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys;c:\windows\SYSNATIVE\DRIVERS\LEqdUsb.Sys [x]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys;c:\windows\SYSNATIVE\DRIVERS\LHidEqd.Sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech QuickCam Pro 9000(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
R3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\DRIVERS\mfencrk.sys;c:\windows\SYSNATIVE\DRIVERS\mfencrk.sys [x]
R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms;c:\program files\dell support center\pcdsrvc_x64.pkms [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys;c:\windows\SYSNATIVE\DRIVERS\SWDUMon.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R4 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
R4 AGCoreService;AG Core Services;c:\program files (x86)\AGI\core\4.2.0.10753\AGCoreService.exe;c:\program files (x86)\AGI\core\4.2.0.10753\AGCoreService.exe [x]
R4 sbupdate;AOL Update Service (sbupdate);c:\program files (x86)\SentryBay\Update\SentryBayUpdate.exe;c:\program files (x86)\SentryBay\Update\SentryBayUpdate.exe [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R4 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
R4 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
R4 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [x]
R4 WDDMService;WD SmartWare Drive Manager Service;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [x]
R4 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys;c:\windows\SYSNATIVE\drivers\ElRawDsk.sys [x]
S2 EntryProtect;DataMask by AOL;c:\program files (x86)\AOL\DataMask by AOL\epservice.exe;c:\program files (x86)\AOL\DataMask by AOL\epservice.exe [x]
S2 HomeNetSvc;McAfee Home Network;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 McAPExe;McAfee AP Service;c:\program files\McAfee\MSC\McAPExe.exe;c:\program files\McAfee\MSC\McAPExe.exe [x]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 mcpltsvc;McAfee Platform Services;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\WD\WD Anywhere Backup\MemeoBackgroundService.exe;c:\program files (x86)\WD\WD Anywhere Backup\MemeoBackgroundService.exe [x]
S2 mfecore;McAfee Anti-Malware Core;c:\program files\Common Files\McAfee\AMCore\mcshield.exe;c:\program files\Common Files\McAfee\AMCore\mcshield.exe [x]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
S2 WDFMEService;WDFMEService;c:\program files\Western Digital\WD SmartWare\WDFME.exe;c:\program files\Western Digital\WD SmartWare\WDFME.exe [x]
S2 WDRulesService;WDRulesService;c:\program files\Western Digital\WD SmartWare\WDRulesEngine.exe;c:\program files\Western Digital\WD SmartWare\WDRulesEngine.exe [x]
S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys;c:\windows\SYSNATIVE\DRIVERS\bcmvwl64.sys [x]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys;c:\windows\SYSNATIVE\drivers\btusbflt.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 epfilter;epfilter;c:\windows\system32\drivers\epfilter.sys;c:\windows\SYSNATIVE\drivers\epfilter.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x]
S3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\DRIVERS\mfencbdc.sys;c:\windows\SYSNATIVE\DRIVERS\mfencbdc.sys [x]
S3 SaiH8000;SaiH8000;c:\windows\system32\DRIVERS\SaiH8000.sys;c:\windows\SYSNATIVE\DRIVERS\SaiH8000.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - epinject
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ   hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 22:44]
.
2013-12-10 c:\windows\Tasks\DriverUpdate Startup.job
- c:\program files (x86)\DriverUpdate\DriverUpdate.exe [2013-06-22 21:26]
.
2013-12-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-02 06:52]
.
2013-12-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-02 06:52]
.
2013-09-29 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2010-11-18 15:13]
.
2013-12-10 c:\windows\Tasks\SentryBayUpdateTaskMachineCore.job
- c:\program files (x86)\SentryBay\Update\SentryBayUpdate.exe [2012-05-27 04:57]
.
2013-12-10 c:\windows\Tasks\SentryBayUpdateTaskMachineUA.job
- c:\program files (x86)\SentryBay\Update\SentryBayUpdate.exe [2012-05-27 04:57]
.
2014-09-26 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\pcdrcui.exe [2010-11-18 15:13]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Debbie\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Debbie\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Debbie\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Debbie\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2013-07-31 3091224]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 10.0.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
c:\users\Debbie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_05648578.lnk - c:\users\Debbie\AppData\Local\Temp\_uninst_05648578.bat
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
WebBrowser-{8413196D-E290-4418-B5C6-A3B1379A909C} - (no file)
WebBrowser-{F999A48B-1950-4D81-9971-79018F807B4B} - (no file)
AddRemove-{2857dbef-0b50-361c-8690-7d505747009f} - c:\program files (x86)\AGI\core\4.2.0.10753\InstallerGUI.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_152_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_152_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_152_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_152_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_152.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_152.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_152.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_152.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-12-09  22:18:39
ComboFix-quarantined-files.txt  2013-12-10 04:18
.
Pre-Run: 156,617,891,840 bytes free
Post-Run: 156,508,192,768 bytes free
.
- - End Of File - - 9C919F3D0CB787CFE140D2F107E58C6F
Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Well Done!

Delete your copy of AdwCleaner, download a fresh one and run it as before, post the log.

Then.....Please Update Malwarebytes and....

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please run a Full Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

Link to post
Share on other sites
dcw182

dcw182

Posted
  • Author
Posted
# AdwCleaner v3.014 - Report created 10/12/2013 at 10:51:15

# Updated 01/12/2013 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : Debbie - DEBBIE-DELL

# Running from : C:\Users\Debbie\Desktop\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v11.0.9600.16428

 

 

-\\ Mozilla Firefox v

 

[ File : C:\Users\Debbie\AppData\Roaming\Mozilla\Firefox\Profiles\cenagysq.default\prefs.js ]

 

 

-\\ Google Chrome v

 

[ File : C:\Users\Debbie\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [36566 octets] - [03/12/2013 11:29:08]

AdwCleaner[R1].txt - [1002 octets] - [03/12/2013 15:11:03]

AdwCleaner[R2].txt - [1403 octets] - [05/12/2013 22:57:13]

AdwCleaner[R3].txt - [1241 octets] - [10/12/2013 10:45:26]

AdwCleaner[s0].txt - [35657 octets] - [03/12/2013 11:50:46]

AdwCleaner[s1].txt - [1063 octets] - [03/12/2013 15:12:27]

AdwCleaner[s2].txt - [1435 octets] - [05/12/2013 23:04:10]

AdwCleaner[s3].txt - [1163 octets] - [10/12/2013 10:51:15]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s3].txt - [1223 octets] ##########

 

 

 


Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

 

Database version: v2013.12.10.05

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 11.0.9600.16428

Debbie :: DEBBIE-DELL [administrator]

 

12/10/13 11:09:57 AM

MBAM-log-2013-12-10 (12-59-02).txt

 

Scan type: Full scan (C:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 465340

Time elapsed: 1 hour(s), 37 minute(s), 1 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 1

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AdpeakProxy (PUP.Optional.ScorpionSaver) -> No action taken.

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 2

C:\AdwCleaner\Quarantine\C\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher32.exe.vir (Adware.AdPeak) -> No action taken.

C:\AdwCleaner\Quarantine\C\Windows\System32\ljkb\lmrn.dll.vir (PUP.Optional.Sweetpacks) -> No action taken.

 

(end)

 

 

 

 


Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

 

Database version: v2013.12.10.05

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 11.0.9600.16428

Debbie :: DEBBIE-DELL [administrator]

 

12/10/13 11:09:57 AM

mbam-log-2013-12-10 (11-09-57).txt

 

Scan type: Full scan (C:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 465340

Time elapsed: 1 hour(s), 37 minute(s), 1 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 1

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AdpeakProxy (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 2

C:\AdwCleaner\Quarantine\C\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher32.exe.vir (Adware.AdPeak) -> Quarantined and deleted successfully.

C:\AdwCleaner\Quarantine\C\Windows\System32\ljkb\lmrn.dll.vir (PUP.Optional.Sweetpacks) -> Quarantined and deleted successfully.

 

(end)

 


Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Looks Good.....

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!
MrC
Link to post
Share on other sites
dcw182

dcw182

Posted
  • Author
Posted

Yep, it appears we are finally getting there!  When I downloaded the Security Check,  McAfee Security immediately quarantined a file called:  Artemis!32F2448BF194 (Trojan)   This stopped the SecurityCheck from downloading completely.  I turned McAfee off and redownloaded.  

 

Also it appears I have the McAfee Anti-Virus and Anti-Spyware AND the Windows Defender running.  Is this not good to have two running at the same time?  I'm not that thrilled, as I got a virus and I had McAfee.  Recommendations?

 

 

 Results of screen317's Security Check version 0.99.77  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
McAfee Anti-Virus and Anti-Spyware   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 6 Update 31  
 Java 7 Update 45  
 Adobe Flash Player 11.9.900.152  
 Adobe Reader XI  
````````Process Check: objlist.exe by Laurent````````  
 mcafee VIRUSS~1 mcvsmap.exe  
 mcafee VIRUSS~1 mcvsshld.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 1% 
````````````````````End of Log`````````````````````` 
Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

According to your scans, WD is disabled and out of date:
 

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}

 


Here's the description of WD: (really doesn't say anything about being an anti-virus)

1. Windows Defender is your first line of defense against spyware and other unwanted software. And in Windows 7, it's easier to use, with simpler notifications, more scanning options, and less impact on your computer's performance.

2. Windows Defender is software that helps protect your computer against pop-ups, slow performance, and security threats caused by spyware and other unwanted software by detecting and removing known spyware from your computer. Windows Defender features Real-Time Protection, a monitoring system that recommends actions against spyware when it's detected, minimizes interruptions, and helps you stay productive.

The benefits of installing Windows Defender include:

Spyware detection and removal
Improved Internet browsing safety
Protection against the latest threats
--------------------------------------------------

I would recommend you purchase the Pro version of Malwarebytes to get the Real-Time Protection.
It's $25 for a lifetime license. (you really just have to purchase a key and id, then enter them in your current version of MB to turn it into the Pro version)

---------------------------------------------------

Java™ 6 Update 31 <--------please uninstall this from your add/remove programs.

The rest looks OK

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.
This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller)

---------------------------------

Please download OTC to your desktop. (This will clean up most of the tools and logs)
http://oldtimer.geekstogo.com/OTC.exe

Double-click OTC to run it. (Vista and up users, please right click on OTC and select "Run as an Administrator")
Click on the CleanUp! button and follow the prompts.
(If you get a warning from your firewall or other security programs regarding OTC attempting to contact the Internet, please allow the connection.)
You will be asked to reboot the machine to finish the Cleanup process, choose Yes.
After the reboot all the tools we used should be gone.
Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.

Any other programs or logs you can manually delete.
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, MBAR, etc....AdwCleaner > just run the program and click uninstall.

Note:
If you used FRST and can't delete the quarantine folder:
Download the fixlist.txt to the same folder as FRST.exe.
Run FRST.exe and click Fix only once and wait
That will delete the quarantine folder created by FRST.
The rest you can manually delete.

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.


Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites
dcw182

dcw182

Posted
  • Author
Posted

I was able to uninstall the Java 6 file.  

Thank you for the info on WD, I will be installing Pro version of Malwarebytes.  

Things were going too smoothly.....

 

I did use combofix and downloaded it to my desktop.  It's in a zip file.  Inside the zip file is the exe file that it will not allow me to rename it.  

I do not show combofix in my windows uninstall list.

When I do the windows logo key + R I get the window that windows can't find it.   

 

Now what?

Link to post
Share on other sites
dcw182

dcw182

Posted
  • Author
Posted

I miss understood that part when I read it......that big word,  "or"

Everything went smoothly and now I need to know how to delete the other programs.  Just right click and delete or is there a better way?

 

I see these programs in my program file I am unsure of and have today's date on them as being installed, and I can uninstall.  Should these been uninstalled?

Advanced Audio FX Engine

Realtek High Definition Audio Driver

Revo Uninstaler 1.95

 

And another question for you:  Should I delete all the other files I have accumulated over all this repair process and just go with the Pro Malwarebytes to keep me secure?

 

I hope I am making sense here.  Hard to convey what I mean in words sometimes.

 

deb

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

I miss understood that part when I read it......that big word, "or"
Everything went smoothly and now I need to know how to delete the other programs. Just right click and delete or is there a better way?

Just right click and delete

I see these programs in my program file I am unsure of and have today's date on them as being installed, and I can uninstall. Should these been uninstalled?
Advanced Audio FX Engine
Realtek High Definition Audio Driver
Revo Uninstaler 1.95

These are all good programs

And another question for you: Should I delete all the other files I have accumulated over all this repair process and just go with the Pro Malwarebytes to keep me secure?

I'm not sure what you mean by this, what files do you want to delete??

You need an anti-virus (you have McAfee at the present time) and Malwarebytes

 

MrC

Link to post
Share on other sites
dcw182

dcw182

Posted
  • Author
Posted

I'm not sure what you mean by this, what files do you want to delete??   I have a lot of files that are not program files but are related to running the programs.  Notebook and folders of misc.  Can I delete all this and only keep my Malwarebytes?

You need an anti-virus (you have McAfee at the present time) and Malwarebytes  Do I need two?  And how good is McAfee?  

 

I am SO appreciative of all you have done for me and malwarebytes org I am happy to buy the Pro.  Obviously you know your stuff.  Do I need this?  And if I do, then do I disable my McAfee?

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

I'm not sure what you mean by this, what files do you want to delete?? I have a lot of files that are not program files but are related to running the programs. Notebook and folders of misc. Can I delete all this and only keep my Malwarebytes?

Yes, you can delete them if you want

You need an anti-virus (you have McAfee at the present time) and Malwarebytes Do I need two? And how good is McAfee?

You need an anti-virus program plus an anti-malware program (Malwarebytes).
So you're buying Malwarebytes Pro for your anti-malware program and you have McAfee as your anti-virus program.
If you paid for McAfee keep it until it is expired and install AVAST free
http://www.avast.com/index

I am SO appreciative of all you have done for me and malwarebytes org I am happy to buy the Pro. Obviously you know your stuff. Do I need this?
Yes, with todays malware you do.

And if I do, then do I disable my McAfee?
No you keep it.

MrC

Link to post
Share on other sites
dcw182

dcw182

Posted
  • Author
Posted

Everything is deleted and so I guess I shall run a normal day tomorrow and see what happens.  I can't thank you enough!  Come to Costa Rica, Dominical, we have wonderful vacation properties and will give you a good deal for taking such good care of me! Can I post how you can contact me or our website?

Link to post
Share on other sites
dcw182

dcw182

Posted
  • Author
Posted

check out our vacation rentals on our VRBO's at www.vrbo.com/167560 for our two-bedroom villa or 

www.vrbo.com/84676 for our studio by the beach.  I can be reached at deb@costadelsol-cr.net.  

Comment you helped me with my computer virus and we will give you a deal.  

 

Thanks so very much for putting up with me and my ignorance.  You are awesome!

 

deb

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.