Leila

Honorary Members
  • Content count

    135
  • Joined

  • Last visited

About Leila

  • Rank
    Advanced Member

Contact Methods

  • ICQ
    0

Profile Information

  • Location
    California, USA
  1. The laptop had belonged to the college age daughter of a neighbor who said his daughter had bought a new computer and had left her old one in the garage and he was cleaning out the garage and getting rid of unwanted clutter. He asked if I could use that laptop. The laptop computer I was gifted with is an ASUS with an Intel Premium processor, 500 gig hard drive, and Windows 7 installed. It has a manufacture date of June 2012, so it's less than 2 years old, and probably used about a year. I've had it since just before Thanksgiving 2013 and didn't want to deal with it over the holidays. I couldn't get it to boot up and took it to a computer store. The technician checked it out and said it had nothing on it..........whoever owned it had wiped the hard drive including the Windows 7. Then, when they opened it up, they found the hard drive damaged. I bought a Seagate 500 gig hard drive for $64.99 and am paying for installing Windows 7 on the laptop and installing the new hard drive. It comes to less than $200.00. So, I'm essentially starting out with a clean slate. I could have put that money toward a new laptop, but they all come with Windows 8.0 or 8.1 installed, and I don't want Windows 8. I figure it will be a year or so before Windows 8 is perfected. I've never had a laptop computer before.........always have had a desktop. So I may have a lot of questions. I started out with an Apple 2e back in the late 1980s and graduated to an IBM clone in the early 1990s. My current desktop is an almost 3-year-old Lenovo with Windows 7.
  2. At the present time, I'm using McAfee anti-virus on my desktop PC, and it's been suggested that I should look into another anti-virus. In addition to my desktop PC, I've been gifted with a not quite 2-year-old laptop and need to put an anti-virus on that computer. I also have the pro version of Malwarebytes on my desktop. Do I need to buy another copy of the pro version for the laptop too? Any suggestions as to what anti-virus I should get.
  3. I've uninstalled Combofix and used OTCleanIt to remove the tools used. It's looking good! I can't thank you enough for all your help! Thank you so much for all your time and patience in helping to resolve this computer malware.
  4. The computer is running just fine now. It's running smoothly and quickly. I don't see any signs of infection at all. I haven't downloaded and installed Malwarebytes Pro yet, as I wanted to make sure everything was running normally first. If I understand correctly, I'm to disable my antivirus, then download and install Malwarebytes Pro. Upon installation will Malwarebytes Pro automatically ignore the 9 McAfee components and put them on the ignore list, or do I have to manually put them on the ignore list?
  5. I'm surprised that the Security Check still shows Adobe Reader out of date. I did the update prior to downloading and running Security Check. Scorpion Saver by Adpeak is no longer listed on my list of programs.
  6. Here's the log for Security Check............................... Results of screen317's Security Check version 0.99.76 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! McAfee Anti-Virus and Anti-Spyware WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 JavaFX 2.1.1 Java 7 Update 45 Adobe Flash Player 11.9.900.117 Adobe Reader 10.1.8 Adobe Reader out of Date! Mozilla Firefox (25.0) Google Chrome 30.0.1599.101 Google Chrome 30.0.1599.69 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe McAfee Online Backup MOBK400backup.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log``````````````````````
  7. Here's the Combofix log. I hope I did it right this time. ComboFix 13-11-07.01 - Linda 11/08/2013 14:31:30.4.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5992.3805 [GMT -8:00] Running from: c:\users\Linda\Desktop\ComboFix.exe Command switches used :: c:\users\Linda\Desktop\CFScript.txt AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892} FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9} SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . FILE :: "c:\temp\ScorpionSaver.msi" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\ScorpionSaver c:\program files (x86)\ScorpionSaver\CustomActionInstall c:\program files (x86)\ScorpionSaver\CustomActionUninstall c:\program files (x86)\ScorpionSaver\IECore.dll c:\program files (x86)\ScorpionSaver\Microsoft.Deployment.WindowsInstaller.dll c:\program files (x86)\ScorpionSaver\Microsoft.Deployment.WindowsInstaller.xml c:\program files (x86)\ScorpionSaver\SendJson.dll c:\temp\ScorpionSaver.msi . . ((((((((((((((((((((((((( Files Created from 2013-10-08 to 2013-11-08 ))))))))))))))))))))))))))))))) . . 2013-11-08 22:35 . 2013-11-08 22:35 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-11-01 02:28 . 2013-11-01 02:28 -------- d-----w- c:\program files (x86)\Level Quality Watcher 2013-11-01 01:42 . 2013-11-01 01:42 -------- d-----w- c:\windows\ERUNT 2013-10-31 06:23 . 2013-10-31 06:51 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable) 2013-10-31 06:23 . 2013-10-31 06:40 116440 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2013-10-31 06:18 . 2013-10-31 06:39 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2013-10-31 04:09 . 2013-10-31 04:32 -------- d-----w- c:\users\Linda\AppData\Roaming\U3 2013-10-30 19:41 . 2013-10-30 19:41 -------- d-----w- c:\users\Linda\AppData\Roaming\Malwarebytes 2013-10-30 19:40 . 2013-10-30 19:40 -------- d-----w- c:\programdata\Malwarebytes 2013-10-30 19:40 . 2013-10-30 19:41 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-10-30 19:40 . 2013-04-04 21:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-10-30 19:40 . 2013-10-30 19:40 -------- d-----w- c:\users\Linda\AppData\Local\Programs 2013-10-30 04:39 . 2013-10-30 04:39 -------- d-----w- c:\programdata\Oracle 2013-10-30 04:39 . 2013-10-30 04:39 -------- d-----w- c:\program files (x86)\Common Files\Java 2013-10-30 04:38 . 2013-10-30 04:38 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-10-30 04:38 . 2013-10-30 04:38 -------- d-----w- c:\program files (x86)\Java 2013-10-29 20:56 . 2013-10-29 20:56 -------- d--h--w- c:\programdata\Common Files 2013-10-22 01:10 . 2013-10-22 01:10 -------- d-----w- c:\program files\McAfee Security Scan 2013-10-16 03:02 . 2013-09-23 20:49 197704 ----a-w- c:\windows\system32\drivers\HipShieldK.sys 2013-10-10 23:58 . 2013-10-10 23:58 -------- d-----w- c:\users\Linda\AppData\Local\McAfee File Lock 2013-10-10 10:05 . 2013-09-23 01:25 775256 ----a-w- c:\program files\Internet Explorer\iexplore.exe 2013-10-10 03:49 . 2013-07-04 12:50 633856 ----a-w- c:\windows\system32\comctl32.dll 2013-10-10 03:49 . 2013-07-04 11:50 530432 ----a-w- c:\windows\SysWow64\comctl32.dll 2013-10-10 03:49 . 2013-07-12 10:41 100864 ----a-w- c:\windows\system32\drivers\usbcir.sys 2013-10-10 03:49 . 2013-07-12 10:40 109824 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-10-10 10:02 . 2011-07-08 00:34 80541720 ----a-w- c:\windows\system32\MRT.exe 2013-10-09 02:59 . 2012-04-12 10:18 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-10-09 02:59 . 2011-07-09 00:49 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-10-02 21:14 . 2013-10-02 21:14 58192 ----a-w- c:\windows\system32\drivers\lsnfd.sys 2013-09-25 03:29 . 2013-05-13 23:30 70112 ----a-w- c:\windows\system32\drivers\cfwids.sys 2013-09-25 03:25 . 2013-02-19 20:56 343568 ----a-w- c:\windows\system32\drivers\mfewfpk.sys 2013-09-25 03:25 . 2013-05-13 23:24 182752 ----a-w- c:\windows\system32\mfevtps.exe 2013-09-25 03:22 . 2013-02-19 20:54 781312 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2013-09-25 03:21 . 2013-05-13 23:30 519192 ----a-w- c:\windows\system32\drivers\mfefirek.sys 2013-09-25 03:20 . 2013-05-13 23:30 310224 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2013-09-25 03:19 . 2013-02-19 20:52 179664 ----a-w- c:\windows\system32\drivers\mfeapfk.sys 2013-09-20 16:38 . 2013-09-20 16:38 10856 ----a-w- c:\windows\system32\drivers\mfeclnrk.sys 2013-09-20 16:38 . 2013-09-20 16:38 95984 ----a-w- c:\windows\system32\drivers\mfencrk.sys 2013-09-20 16:37 . 2013-09-20 16:37 390552 ----a-w- c:\windows\system32\drivers\mfencbdc.sys 2013-09-09 18:11 . 2013-05-13 23:30 74560 ----a-w- c:\windows\system32\drivers\McPvDrv.sys 2013-08-29 01:48 . 2013-10-10 03:48 44032 ----a-w- c:\windows\apppatch\acwow64.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GoogleChromeAutoLaunch_72A69F45706A1906C3BB8A81AA94F778"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2013-10-09 844752] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "jmekey"="c:\program files (x86)\jmesoft\hotkey.exe" [2009-07-16 114688] "Lenovo Eye Distance System"="c:\program files\Lenovo\Lenovo Eye Distance System\Lenovo Eye Distance System.exe" [2010-09-09 265216] "Lenovo Dynamic Brightness System"="c:\program files\Lenovo\Lenovo Brightness System\Lenovo Dynamic Brightness System.exe" [2010-10-08 285696] "UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 958576] "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-09-24 537512] "mcpltui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-09-24 537512] . c:\users\Linda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Launch Utility Application.lnk - c:\users\Linda\AppData\Roaming\Verizon\UA_ar\UtilityApplication.exe [2012-8-31 903096] Monitor Ink Alerts - HP Officejet 4620 series.lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Officejet 4620 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN28V2412305RT;CONNECTION=USB;MONITOR=1; [2009-7-13 45568] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.130\SSScheduler.exe [2013-9-6 324320] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc] @="" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x] R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys;c:\windows\SYSNATIVE\drivers\HipShieldK.sys [x] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe [x] R3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\DRIVERS\mfencrk.sys;c:\windows\SYSNATIVE\DRIVERS\mfencrk.sys [x] R3 ssmirrdr;ssmirrdr;c:\windows\system32\DRIVERS\ssmirrdr.sys;c:\windows\SYSNATIVE\DRIVERS\ssmirrdr.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x] S0 fbfmon;fbfmon;c:\windows\system32\drivers\fbfmon.sys;c:\windows\SYSNATIVE\drivers\fbfmon.sys [x] S0 McPvDrv;McPvDrv Driver;c:\windows\system32\drivers\McPvDrv.sys;c:\windows\SYSNATIVE\drivers\McPvDrv.sys [x] S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x] S0 WinI2C-DDC;WinI2C-DDC Kernel Mode Driver;c:\windows\system32\drivers\DDCDrv.sys;c:\windows\SYSNATIVE\drivers\DDCDrv.sys [x] S1 BPntDrv;BPntDrv;c:\windows\system32\drivers\BPntDrv.sys;c:\windows\SYSNATIVE\drivers\BPntDrv.sys [x] S1 MOBK400Filter;MOBK400Filter;c:\windows\system32\DRIVERS\MOBK400.sys;c:\windows\SYSNATIVE\DRIVERS\MOBK400.sys [x] S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [x] S2 HomeNetSvc;McAfee Home Network;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x] S2 McAPExe;McAfee AP Service;c:\program files\McAfee\MSC\McAPExe.exe;c:\program files\McAfee\MSC\McAPExe.exe [x] S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x] S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x] S2 mcpltsvc;McAfee Platform Services;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x] S2 mfecore;McAfee Anti-Malware Core;c:\program files\Common Files\McAfee\AMCore\mcshield.exe;c:\program files\Common Files\McAfee\AMCore\mcshield.exe [x] S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x] S2 MOBK400backup;McAfee Online Backup;c:\program files (x86)\McAfee Online Backup\MOBK400backup.exe;c:\program files (x86)\McAfee Online Backup\MOBK400backup.exe [x] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x] S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x] S3 GeneStor;Genesys Logic Storage Driver;c:\windows\system32\DRIVERS\GeneStor.sys;c:\windows\SYSNATIVE\DRIVERS\GeneStor.sys [x] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x] S3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\DRIVERS\mfencbdc.sys;c:\windows\SYSNATIVE\DRIVERS\mfencbdc.sys [x] S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-10-18 17:01 1185744 ----a-w- c:\program files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-11-08 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 02:59] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK400] @="{73552f1f-bf89-9213-24d3-b502f837bb93}" [HKEY_CLASSES_ROOT\CLSID\{73552f1f-bf89-9213-24d3-b502f837bb93}] 2010-06-01 09:05 4741944 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBK400shell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK4002] @="{81d6082a-73e9-8567-a371-6ad62982aca6}" [HKEY_CLASSES_ROOT\CLSID\{81d6082a-73e9-8567-a371-6ad62982aca6}] 2010-06-01 09:05 4741944 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBK400shell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK4003] @="{44391887-365b-8585-2ab9-799a50b9ef5e}" [HKEY_CLASSES_ROOT\CLSID\{44391887-365b-8585-2ab9-799a50b9ef5e}] 2010-06-01 09:05 4741944 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBK400shell.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-11-18 167960] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-11-18 391704] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-11-18 417304] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-10-26 11543656] "UMonit"="c:\windows\SysWOW64\UMonit.exe" [2010-12-01 28672] "Lenovo EE Boot Optimizer"="c:\program files (x86)\Lenovo\Boot Optimizer\PopWnd.exe" [2011-05-19 114688] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = <-loopback> Trusted Zone: microsoft.com\.windowsupdate Trusted Zone: windowsupdate.com TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\jeuc81t6.default-1383517261482\ FF - ExtSQL: 2013-11-03 09:50; {4ED1F68A-5463-4931-9384-8FFF5ED91D92}; c:\program files (x86)\McAfee\SiteAdvisor . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Toolbar-10 - (no file) AddRemove-Browsersafeguard - c:\program files (x86)\Browsersafeguard\uninstall.browsersafeguard.exe AddRemove-Linksicle - c:\program files (x86)\Linksicle\Uninstall.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-11-08 14:37:20 ComboFix-quarantined-files.txt 2013-11-08 22:37 ComboFix2.txt 2013-11-08 04:24 . Pre-Run: 1,407,087,366,144 bytes free Post-Run: 1,407,020,204,032 bytes free . - - End Of File - - 48455FA4A4957B33EC54E79E6F1F2FE6 A36C5E4F47E84449FF07ED3517B43A31
  8. Here's the Combofix log...................................... ComboFix 13-11-07.01 - Linda 11/07/2013 20:19:32.3.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5992.3617 [GMT -8:00] Running from: c:\users\Linda\Desktop\ComboFix.exe AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892} FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9} SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2013-10-08 to 2013-11-08 ))))))))))))))))))))))))))))))) . . 2013-11-08 04:22 . 2013-11-08 04:22 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-11-01 02:28 . 2013-11-01 02:28 -------- d-----w- c:\program files (x86)\ScorpionSaver 2013-11-01 02:28 . 2013-11-01 02:28 -------- d-----w- c:\program files (x86)\Level Quality Watcher 2013-11-01 01:42 . 2013-11-01 01:42 -------- d-----w- c:\windows\ERUNT 2013-10-31 06:23 . 2013-10-31 06:51 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable) 2013-10-31 06:23 . 2013-10-31 06:40 116440 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2013-10-31 06:18 . 2013-10-31 06:39 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2013-10-31 04:09 . 2013-10-31 04:32 -------- d-----w- c:\users\Linda\AppData\Roaming\U3 2013-10-30 19:41 . 2013-10-30 19:41 -------- d-----w- c:\users\Linda\AppData\Roaming\Malwarebytes 2013-10-30 19:40 . 2013-10-30 19:40 -------- d-----w- c:\programdata\Malwarebytes 2013-10-30 19:40 . 2013-10-30 19:41 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-10-30 19:40 . 2013-04-04 21:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-10-30 19:40 . 2013-10-30 19:40 -------- d-----w- c:\users\Linda\AppData\Local\Programs 2013-10-30 04:39 . 2013-10-30 04:39 -------- d-----w- c:\programdata\Oracle 2013-10-30 04:39 . 2013-10-30 04:39 -------- d-----w- c:\program files (x86)\Common Files\Java 2013-10-30 04:38 . 2013-10-30 04:38 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-10-30 04:38 . 2013-10-30 04:38 -------- d-----w- c:\program files (x86)\Java 2013-10-29 20:56 . 2013-10-29 20:56 -------- d--h--w- c:\programdata\Common Files 2013-10-22 01:10 . 2013-10-22 01:10 -------- d-----w- c:\program files\McAfee Security Scan 2013-10-16 03:02 . 2013-09-23 20:49 197704 ----a-w- c:\windows\system32\drivers\HipShieldK.sys 2013-10-10 23:58 . 2013-10-10 23:58 -------- d-----w- c:\users\Linda\AppData\Local\McAfee File Lock 2013-10-10 10:05 . 2013-09-23 01:25 775256 ----a-w- c:\program files\Internet Explorer\iexplore.exe 2013-10-10 03:49 . 2013-07-04 12:50 633856 ----a-w- c:\windows\system32\comctl32.dll 2013-10-10 03:49 . 2013-07-04 11:50 530432 ----a-w- c:\windows\SysWow64\comctl32.dll 2013-10-10 03:49 . 2013-07-12 10:41 100864 ----a-w- c:\windows\system32\drivers\usbcir.sys 2013-10-10 03:49 . 2013-07-12 10:40 109824 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-10-10 10:02 . 2011-07-08 00:34 80541720 ----a-w- c:\windows\system32\MRT.exe 2013-10-09 02:59 . 2012-04-12 10:18 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-10-09 02:59 . 2011-07-09 00:49 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-10-02 21:14 . 2013-10-02 21:14 58192 ----a-w- c:\windows\system32\drivers\lsnfd.sys 2013-09-25 03:29 . 2013-05-13 23:30 70112 ----a-w- c:\windows\system32\drivers\cfwids.sys 2013-09-25 03:25 . 2013-02-19 20:56 343568 ----a-w- c:\windows\system32\drivers\mfewfpk.sys 2013-09-25 03:25 . 2013-05-13 23:24 182752 ----a-w- c:\windows\system32\mfevtps.exe 2013-09-25 03:22 . 2013-02-19 20:54 781312 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2013-09-25 03:21 . 2013-05-13 23:30 519192 ----a-w- c:\windows\system32\drivers\mfefirek.sys 2013-09-25 03:20 . 2013-05-13 23:30 310224 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2013-09-25 03:19 . 2013-02-19 20:52 179664 ----a-w- c:\windows\system32\drivers\mfeapfk.sys 2013-09-20 16:38 . 2013-09-20 16:38 10856 ----a-w- c:\windows\system32\drivers\mfeclnrk.sys 2013-09-20 16:38 . 2013-09-20 16:38 95984 ----a-w- c:\windows\system32\drivers\mfencrk.sys 2013-09-20 16:37 . 2013-09-20 16:37 390552 ----a-w- c:\windows\system32\drivers\mfencbdc.sys 2013-09-09 18:11 . 2013-05-13 23:30 74560 ----a-w- c:\windows\system32\drivers\McPvDrv.sys 2013-08-29 01:48 . 2013-10-10 03:48 44032 ----a-w- c:\windows\apppatch\acwow64.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GoogleChromeAutoLaunch_72A69F45706A1906C3BB8A81AA94F778"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2013-10-09 844752] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "jmekey"="c:\program files (x86)\jmesoft\hotkey.exe" [2009-07-16 114688] "Lenovo Eye Distance System"="c:\program files\Lenovo\Lenovo Eye Distance System\Lenovo Eye Distance System.exe" [2010-09-09 265216] "Lenovo Dynamic Brightness System"="c:\program files\Lenovo\Lenovo Brightness System\Lenovo Dynamic Brightness System.exe" [2010-10-08 285696] "UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 958576] "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-09-24 537512] "mcpltui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-09-24 537512] . c:\users\Linda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Launch Utility Application.lnk - c:\users\Linda\AppData\Roaming\Verizon\UA_ar\UtilityApplication.exe [2012-8-31 903096] Monitor Ink Alerts - HP Officejet 4620 series.lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Officejet 4620 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN28V2412305RT;CONNECTION=USB;MONITOR=1; [2009-7-13 45568] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.130\SSScheduler.exe [2013-9-6 324320] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc] @="" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x] R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys;c:\windows\SYSNATIVE\drivers\HipShieldK.sys [x] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe [x] R3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\DRIVERS\mfencrk.sys;c:\windows\SYSNATIVE\DRIVERS\mfencrk.sys [x] R3 ssmirrdr;ssmirrdr;c:\windows\system32\DRIVERS\ssmirrdr.sys;c:\windows\SYSNATIVE\DRIVERS\ssmirrdr.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x] S0 fbfmon;fbfmon;c:\windows\system32\drivers\fbfmon.sys;c:\windows\SYSNATIVE\drivers\fbfmon.sys [x] S0 McPvDrv;McPvDrv Driver;c:\windows\system32\drivers\McPvDrv.sys;c:\windows\SYSNATIVE\drivers\McPvDrv.sys [x] S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x] S0 WinI2C-DDC;WinI2C-DDC Kernel Mode Driver;c:\windows\system32\drivers\DDCDrv.sys;c:\windows\SYSNATIVE\drivers\DDCDrv.sys [x] S1 BPntDrv;BPntDrv;c:\windows\system32\drivers\BPntDrv.sys;c:\windows\SYSNATIVE\drivers\BPntDrv.sys [x] S1 MOBK400Filter;MOBK400Filter;c:\windows\system32\DRIVERS\MOBK400.sys;c:\windows\SYSNATIVE\DRIVERS\MOBK400.sys [x] S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [x] S2 HomeNetSvc;McAfee Home Network;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x] S2 McAPExe;McAfee AP Service;c:\program files\McAfee\MSC\McAPExe.exe;c:\program files\McAfee\MSC\McAPExe.exe [x] S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x] S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x] S2 mcpltsvc;McAfee Platform Services;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x] S2 mfecore;McAfee Anti-Malware Core;c:\program files\Common Files\McAfee\AMCore\mcshield.exe;c:\program files\Common Files\McAfee\AMCore\mcshield.exe [x] S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x] S2 MOBK400backup;McAfee Online Backup;c:\program files (x86)\McAfee Online Backup\MOBK400backup.exe;c:\program files (x86)\McAfee Online Backup\MOBK400backup.exe [x] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x] S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x] S3 GeneStor;Genesys Logic Storage Driver;c:\windows\system32\DRIVERS\GeneStor.sys;c:\windows\SYSNATIVE\DRIVERS\GeneStor.sys [x] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x] S3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\DRIVERS\mfencbdc.sys;c:\windows\SYSNATIVE\DRIVERS\mfencbdc.sys [x] S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-10-18 17:01 1185744 ----a-w- c:\program files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-11-08 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 02:59] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK400] @="{73552f1f-bf89-9213-24d3-b502f837bb93}" [HKEY_CLASSES_ROOT\CLSID\{73552f1f-bf89-9213-24d3-b502f837bb93}] 2010-06-01 09:05 4741944 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBK400shell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK4002] @="{81d6082a-73e9-8567-a371-6ad62982aca6}" [HKEY_CLASSES_ROOT\CLSID\{81d6082a-73e9-8567-a371-6ad62982aca6}] 2010-06-01 09:05 4741944 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBK400shell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK4003] @="{44391887-365b-8585-2ab9-799a50b9ef5e}" [HKEY_CLASSES_ROOT\CLSID\{44391887-365b-8585-2ab9-799a50b9ef5e}] 2010-06-01 09:05 4741944 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBK400shell.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-11-18 167960] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-11-18 391704] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-11-18 417304] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-10-26 11543656] "UMonit"="c:\windows\SysWOW64\UMonit.exe" [2010-12-01 28672] "Lenovo EE Boot Optimizer"="c:\program files (x86)\Lenovo\Boot Optimizer\PopWnd.exe" [2011-05-19 114688] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = <-loopback> Trusted Zone: microsoft.com\.windowsupdate Trusted Zone: windowsupdate.com TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\jeuc81t6.default-1383517261482\ FF - ExtSQL: 2013-11-03 09:50; {4ED1F68A-5463-4931-9384-8FFF5ED91D92}; c:\program files (x86)\McAfee\SiteAdvisor . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Toolbar-10 - (no file) SafeBoot-34745535.sys SafeBoot-64969591.sys AddRemove-Browsersafeguard - c:\program files (x86)\Browsersafeguard\uninstall.browsersafeguard.exe AddRemove-Linksicle - c:\program files (x86)\Linksicle\Uninstall.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-11-07 20:24:14 ComboFix-quarantined-files.txt 2013-11-08 04:24 . Pre-Run: 1,407,308,095,488 bytes free Post-Run: 1,407,242,588,160 bytes free . - - End Of File - - EA054749379D7D98E9EB8BC0DF4B9271 A36C5E4F47E84449FF07ED3517B43A31
  9. Here is the log for SystemLook............................. SystemLook 30.07.11 by jpshortstuff Log created at 15:28 on 07/11/2013 by Linda Administrator - Elevation successful ========== filefind ========== Searching for "*Scorpion*" C:\temp\ScorpionSaver.msi --a---- 3166208 bytes [02:28 01/11/2013] [02:28 01/11/2013] 834EAC4E8DCB1E25D97C86CD1C673F5B C:\Users\Linda\Pictures\Winter Pictures 2011-2012\Desert with Phacelia (scorpion weed) blooms every few years.jpg --a---- 85432 bytes [04:43 18/01/2012] [04:43 18/01/2012] 9733A877CA4DAFA53A543B0D66238BFF Searching for "*Adpeak*" No files found. ========== folderfind ========== Searching for "*Scorpion*" C:\Program Files (x86)\ScorpionSaver d------ [02:28 01/11/2013] Searching for "*Adpeak*" No folders found. ========== regfind ========== Searching for "Scorpion" [HKEY_CURRENT_USER\Software\Adpeak, Inc.\ScorpionSaver] [HKEY_CURRENT_USER\Software\AppDataLow\Software\ScorpionSaver] [HKEY_CURRENT_USER\Software\ScorpionSaver] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\8BA5CD9129705784F8B198C6A5C96EEA\SourceList] "PackageName"="scorpionsaver_20131010.msi" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\A1F1E372A1B7C6347A384A8A9CA70D63] "ProductName"="ScorpionSaver" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\A1F1E372A1B7C6347A384A8A9CA70D63\SourceList] "PackageName"="ScorpionSaver.msi" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SOFTWARE\Wow6432Node\CLSID\422332B5-F3A6-47F6-93EF-792299EF24DC] @="ScorpionSaver" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SOFTWARE\Wow6432Node\CLSID\422332B5-F3A6-47F6-93EF-792299EF24DC\InProcServer32] @="C:\Program Files(x86)\ScorpionSaver\IECore.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "c:\Program Files (x86)\ScorpionSaver\"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1C19AC53289098045B06B0DD1D37CBAB] "A1F1E372A1B7C6347A384A8A9CA70D63"="c:\Program Files (x86)\ScorpionSaver\ff_bootstrap.js" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23D9E9D21B4E77E41B9F50DD22F24E20] "A1F1E372A1B7C6347A384A8A9CA70D63"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23EEA1F105A7F45449974D9B95E7AC89] "A1F1E372A1B7C6347A384A8A9CA70D63"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\26982796A8AFD1246B95E00265A95BF9] "A1F1E372A1B7C6347A384A8A9CA70D63"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\42D92D0D75AFEF74297E03876C8D9D33] "A1F1E372A1B7C6347A384A8A9CA70D63"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50FFE845C555A6E4BADB7CB7A145BFEB] "A1F1E372A1B7C6347A384A8A9CA70D63"="c:\Program Files (x86)\ScorpionSaver\SendJson.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\715A3348920B6534690067594BB69F60] "A1F1E372A1B7C6347A384A8A9CA70D63"="c:\Program Files (x86)\ScorpionSaver\" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7B7B13B037A7C2A42AC3E3EAF14D7107] "A1F1E372A1B7C6347A384A8A9CA70D63"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7D05B2942E9CC80499F397F6114DFB35] "A1F1E372A1B7C6347A384A8A9CA70D63"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8591B8948E1C4A04F90505B3CDEE8555] "A1F1E372A1B7C6347A384A8A9CA70D63"="c:\Program Files (x86)\ScorpionSaver\CustomActionInstall" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8D841C5FEC311624CB88D49DB3884FA7] "A1F1E372A1B7C6347A384A8A9CA70D63"="c:\Program Files (x86)\ScorpionSaver\IECore.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AD746BF3B3B3FD8409B86604BA85982A] "A1F1E372A1B7C6347A384A8A9CA70D63"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CD07F81309AB63E4D8592E422645EB73] "8BA5CD9129705784F8B198C6A5C96EEA"="01:\Software\AppDataLow\Software\ScorpionSaver\key" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F355F0DB7A2E3A14B8E7A568FBA25937] "A1F1E372A1B7C6347A384A8A9CA70D63"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A1F1E372A1B7C6347A384A8A9CA70D63\InstallProperties] "DisplayName"="ScorpionSaver" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{273E1F1A-7B1A-436C-A783-A4A8C97AD036}] "DisplayName"="ScorpionSaver" [HKEY_USERS\S-1-5-21-588712172-2151725499-4229388137-1001\Software\Adpeak, Inc.\ScorpionSaver] [HKEY_USERS\S-1-5-21-588712172-2151725499-4229388137-1001\Software\AppDataLow\Software\ScorpionSaver] [HKEY_USERS\S-1-5-21-588712172-2151725499-4229388137-1001\Software\ScorpionSaver] Searching for "Adpeak" [HKEY_CURRENT_USER\Software\Adpeak, Inc.] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23D9E9D21B4E77E41B9F50DD22F24E20] "A1F1E372A1B7C6347A384A8A9CA70D63"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23EEA1F105A7F45449974D9B95E7AC89] "A1F1E372A1B7C6347A384A8A9CA70D63"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\26982796A8AFD1246B95E00265A95BF9] "A1F1E372A1B7C6347A384A8A9CA70D63"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\42D92D0D75AFEF74297E03876C8D9D33] "A1F1E372A1B7C6347A384A8A9CA70D63"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7B7B13B037A7C2A42AC3E3EAF14D7107] "A1F1E372A1B7C6347A384A8A9CA70D63"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7D05B2942E9CC80499F397F6114DFB35] "A1F1E372A1B7C6347A384A8A9CA70D63"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AD746BF3B3B3FD8409B86604BA85982A] "A1F1E372A1B7C6347A384A8A9CA70D63"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F355F0DB7A2E3A14B8E7A568FBA25937] "A1F1E372A1B7C6347A384A8A9CA70D63"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8BA5CD9129705784F8B198C6A5C96EEA\InstallProperties] "Publisher"="Adpeak, Inc." [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A1F1E372A1B7C6347A384A8A9CA70D63\InstallProperties] "HelpLink"="http://www.adpeak.com/" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A1F1E372A1B7C6347A384A8A9CA70D63\InstallProperties] "Publisher"="Adpeak, Inc." [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{19DC5AB8-0792-4875-8F1B-896C5A9CE6AE}] "Publisher"="Adpeak, Inc." [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{273E1F1A-7B1A-436C-A783-A4A8C97AD036}] "HelpLink"="http://www.adpeak.com/" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{273E1F1A-7B1A-436C-A783-A4A8C97AD036}] "Publisher"="Adpeak, Inc." [HKEY_USERS\S-1-5-21-588712172-2151725499-4229388137-1001\Software\Adpeak, Inc.] -= EOF =-
  10. I clicked on Scorpion Saver by Adpeak and uninstall. Instead of uninstalling the program I got a pop-up from windows asking if I wanted to allow this program to update on this computer. I clicked on "no" as I think it was going to update and re-install that program.
  11. I've uninstalled Combofix and have downloaded and run OTCleanIt. All of the programs and tools are gone from my desktop except for Security Check. I went to my programs and I had removed ESET after the first time I used it. In going through the programs list I noticed a program there and I'm wondering if it's a legitimate program. It's called Scorpion Saver by Adpeak. It was installed on October 31, 2013 during the time my computer had the virus/trojan. Is this a program that I should uninstall? I want to thank you for all your help! You've worked wonders for my computer! Thank You!
  12. Sorry it's taken so long to get back to this. We had to make another long 140 mil round trip to the bank today and I'm just now getting online. Here's the log from Security Check. So far everything seems to be running smoothly. I can now access the Google search engine, and I haven't had any alerts from McAfee. I was concerned about FireFox as I've had things show up in the "Add-Ons" and I've never subscribed to any add on features. I had that Linsicle add on that turned words in my posts to links and that's now gone. Yesterday, McAfee SiteAdvisor and a Mozilla programs called Default 25, a theme design program, showed up in the Add-Ons. Today, the only item left is the McAfee SiteAdvisor, which I think is okay. Results of screen317's Security Check version 0.99.76 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! McAfee Anti-Virus and Anti-Spyware WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 JavaFX 2.1.1 Java 7 Update 45 Adobe Flash Player 11.9.900.117 Adobe Reader 10.1.8 Adobe Reader out of Date! Mozilla Firefox (25.0) Google Chrome 30.0.1599.101 Google Chrome 30.0.1599.69 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe McAfee Online Backup MOBK400backup.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log`````
  13. Here's the Combofix log............................ ComboFix 13-11-04.01 - Linda 11/05/2013 22:34:28.2.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5992.3938 [GMT -8:00] Running from: c:\users\Linda\Desktop\ComboFix.exe AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892} FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9} SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((( Files Created from 2013-10-06 to 2013-11-06 ))))))))))))))))))))))))))))))) . . 2013-11-06 06:37 . 2013-11-06 06:37 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-11-01 02:28 . 2013-11-01 02:28 -------- d-----w- c:\program files (x86)\ScorpionSaver 2013-11-01 02:28 . 2013-11-01 02:28 -------- d-----w- c:\program files (x86)\Level Quality Watcher 2013-11-01 01:42 . 2013-11-01 01:42 -------- d-----w- c:\windows\ERUNT 2013-10-31 06:23 . 2013-10-31 06:51 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable) 2013-10-31 06:23 . 2013-10-31 06:40 116440 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2013-10-31 06:18 . 2013-10-31 06:39 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2013-10-31 04:09 . 2013-10-31 04:32 -------- d-----w- c:\users\Linda\AppData\Roaming\U3 2013-10-30 19:41 . 2013-10-30 19:41 -------- d-----w- c:\users\Linda\AppData\Roaming\Malwarebytes 2013-10-30 19:40 . 2013-10-30 19:40 -------- d-----w- c:\programdata\Malwarebytes 2013-10-30 19:40 . 2013-10-30 19:41 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-10-30 19:40 . 2013-04-04 21:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-10-30 19:40 . 2013-10-30 19:40 -------- d-----w- c:\users\Linda\AppData\Local\Programs 2013-10-30 04:39 . 2013-10-30 04:39 -------- d-----w- c:\programdata\Oracle 2013-10-30 04:39 . 2013-10-30 04:39 -------- d-----w- c:\program files (x86)\Common Files\Java 2013-10-30 04:38 . 2013-10-30 04:38 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-10-30 04:38 . 2013-10-30 04:38 -------- d-----w- c:\program files (x86)\Java 2013-10-29 20:56 . 2013-10-29 20:56 -------- d--h--w- c:\programdata\Common Files 2013-10-22 01:10 . 2013-10-22 01:10 -------- d-----w- c:\program files\McAfee Security Scan 2013-10-16 03:02 . 2013-09-23 20:49 197704 ----a-w- c:\windows\system32\drivers\HipShieldK.sys 2013-10-10 23:58 . 2013-10-10 23:58 -------- d-----w- c:\users\Linda\AppData\Local\McAfee File Lock 2013-10-10 10:05 . 2013-09-23 01:25 775256 ----a-w- c:\program files\Internet Explorer\iexplore.exe 2013-10-10 03:49 . 2013-07-04 12:50 633856 ----a-w- c:\windows\system32\comctl32.dll 2013-10-10 03:49 . 2013-07-04 11:50 530432 ----a-w- c:\windows\SysWow64\comctl32.dll 2013-10-10 03:49 . 2013-07-12 10:41 100864 ----a-w- c:\windows\system32\drivers\usbcir.sys 2013-10-10 03:49 . 2013-07-12 10:40 109824 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-10-10 10:02 . 2011-07-08 00:34 80541720 ----a-w- c:\windows\system32\MRT.exe 2013-10-09 02:59 . 2012-04-12 10:18 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-10-09 02:59 . 2011-07-09 00:49 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-10-02 21:14 . 2013-10-02 21:14 58192 ----a-w- c:\windows\system32\drivers\lsnfd.sys 2013-09-25 03:29 . 2013-05-13 23:30 70112 ----a-w- c:\windows\system32\drivers\cfwids.sys 2013-09-25 03:25 . 2013-02-19 20:56 343568 ----a-w- c:\windows\system32\drivers\mfewfpk.sys 2013-09-25 03:25 . 2013-05-13 23:24 182752 ----a-w- c:\windows\system32\mfevtps.exe 2013-09-25 03:22 . 2013-02-19 20:54 781312 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2013-09-25 03:21 . 2013-05-13 23:30 519192 ----a-w- c:\windows\system32\drivers\mfefirek.sys 2013-09-25 03:20 . 2013-05-13 23:30 310224 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2013-09-25 03:19 . 2013-02-19 20:52 179664 ----a-w- c:\windows\system32\drivers\mfeapfk.sys 2013-09-20 16:38 . 2013-09-20 16:38 10856 ----a-w- c:\windows\system32\drivers\mfeclnrk.sys 2013-09-20 16:38 . 2013-09-20 16:38 95984 ----a-w- c:\windows\system32\drivers\mfencrk.sys 2013-09-20 16:37 . 2013-09-20 16:37 390552 ----a-w- c:\windows\system32\drivers\mfencbdc.sys 2013-09-09 18:11 . 2013-05-13 23:30 74560 ----a-w- c:\windows\system32\drivers\McPvDrv.sys 2013-08-29 01:48 . 2013-10-10 03:48 44032 ----a-w- c:\windows\apppatch\acwow64.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "jmekey"="c:\program files (x86)\jmesoft\hotkey.exe" [2009-07-16 114688] "Lenovo Eye Distance System"="c:\program files\Lenovo\Lenovo Eye Distance System\Lenovo Eye Distance System.exe" [2010-09-09 265216] "Lenovo Dynamic Brightness System"="c:\program files\Lenovo\Lenovo Brightness System\Lenovo Dynamic Brightness System.exe" [2010-10-08 285696] "UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 958576] "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-09-24 537512] "mcpltui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-09-24 537512] . c:\users\Linda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Launch Utility Application.lnk - c:\users\Linda\AppData\Roaming\Verizon\UA_ar\UtilityApplication.exe [2012-8-31 903096] Monitor Ink Alerts - HP Officejet 4620 series.lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Officejet 4620 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN28V2412305RT;CONNECTION=USB;MONITOR=1; [2009-7-13 45568] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.130\SSScheduler.exe [2013-9-6 324320] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc] @="" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x] R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys;c:\windows\SYSNATIVE\drivers\HipShieldK.sys [x] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe [x] R3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\DRIVERS\mfencrk.sys;c:\windows\SYSNATIVE\DRIVERS\mfencrk.sys [x] R3 ssmirrdr;ssmirrdr;c:\windows\system32\DRIVERS\ssmirrdr.sys;c:\windows\SYSNATIVE\DRIVERS\ssmirrdr.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x] S0 fbfmon;fbfmon;c:\windows\system32\drivers\fbfmon.sys;c:\windows\SYSNATIVE\drivers\fbfmon.sys [x] S0 McPvDrv;McPvDrv Driver;c:\windows\system32\drivers\McPvDrv.sys;c:\windows\SYSNATIVE\drivers\McPvDrv.sys [x] S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x] S0 WinI2C-DDC;WinI2C-DDC Kernel Mode Driver;c:\windows\system32\drivers\DDCDrv.sys;c:\windows\SYSNATIVE\drivers\DDCDrv.sys [x] S1 BPntDrv;BPntDrv;c:\windows\system32\drivers\BPntDrv.sys;c:\windows\SYSNATIVE\drivers\BPntDrv.sys [x] S1 MOBK400Filter;MOBK400Filter;c:\windows\system32\DRIVERS\MOBK400.sys;c:\windows\SYSNATIVE\DRIVERS\MOBK400.sys [x] S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [x] S2 HomeNetSvc;McAfee Home Network;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x] S2 McAPExe;McAfee AP Service;c:\program files\McAfee\MSC\McAPExe.exe;c:\program files\McAfee\MSC\McAPExe.exe [x] S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x] S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x] S2 mcpltsvc;McAfee Platform Services;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x] S2 mfecore;McAfee Anti-Malware Core;c:\program files\Common Files\McAfee\AMCore\mcshield.exe;c:\program files\Common Files\McAfee\AMCore\mcshield.exe [x] S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x] S2 MOBK400backup;McAfee Online Backup;c:\program files (x86)\McAfee Online Backup\MOBK400backup.exe;c:\program files (x86)\McAfee Online Backup\MOBK400backup.exe [x] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x] S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x] S3 GeneStor;Genesys Logic Storage Driver;c:\windows\system32\DRIVERS\GeneStor.sys;c:\windows\SYSNATIVE\DRIVERS\GeneStor.sys [x] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x] S3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\DRIVERS\mfencbdc.sys;c:\windows\SYSNATIVE\DRIVERS\mfencbdc.sys [x] S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-10-18 17:01 1185744 ----a-w- c:\program files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-11-06 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 02:59] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK400] @="{73552f1f-bf89-9213-24d3-b502f837bb93}" [HKEY_CLASSES_ROOT\CLSID\{73552f1f-bf89-9213-24d3-b502f837bb93}] 2010-06-01 09:05 4741944 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBK400shell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK4002] @="{81d6082a-73e9-8567-a371-6ad62982aca6}" [HKEY_CLASSES_ROOT\CLSID\{81d6082a-73e9-8567-a371-6ad62982aca6}] 2010-06-01 09:05 4741944 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBK400shell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK4003] @="{44391887-365b-8585-2ab9-799a50b9ef5e}" [HKEY_CLASSES_ROOT\CLSID\{44391887-365b-8585-2ab9-799a50b9ef5e}] 2010-06-01 09:05 4741944 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBK400shell.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-11-18 167960] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-11-18 391704] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-11-18 417304] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-10-26 11543656] "UMonit"="c:\windows\SysWOW64\UMonit.exe" [2010-12-01 28672] "Lenovo EE Boot Optimizer"="c:\program files (x86)\Lenovo\Boot Optimizer\PopWnd.exe" [2011-05-19 114688] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = <-loopback> Trusted Zone: microsoft.com\.windowsupdate Trusted Zone: windowsupdate.com TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\jeuc81t6.default-1383517261482\ FF - ExtSQL: 2013-11-03 09:50; {4ED1F68A-5463-4931-9384-8FFF5ED91D92}; c:\program files (x86)\McAfee\SiteAdvisor . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Toolbar-10 - (no file) SafeBoot-34745535.sys SafeBoot-64969591.sys AddRemove-Browsersafeguard - c:\program files (x86)\Browsersafeguard\uninstall.browsersafeguard.exe AddRemove-Linksicle - c:\program files (x86)\Linksicle\Uninstall.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-11-05 22:39:24 ComboFix-quarantined-files.txt 2013-11-06 06:39 ComboFix2.txt 2013-11-05 04:20 . Pre-Run: 1,407,967,416,320 bytes free Post-Run: 1,407,896,870,912 bytes free . - - End Of File - - E79E5071FD6D2D0AFFBAD311A67DF618 A36C5E4F47E84449FF07ED3517B43A31
  14. Here is the fixlist log............................. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 31-10-2013 Ran by Linda at 2013-11-05 20:14:48 Run:1 Running from C:\Users\Linda\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** HKCU\...\Run: [browserSafeguard] - C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe [573952 2013-10-29] (BrowserSafeguard) C:\Program Files (x86)\Browsersafeguard HKCU\...\Run: [GoogleChromeAutoLaunch_72A69F45706A1906C3BB8A81AA94F778] - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [844752 2013-10-08] (Google Inc.) HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) ProxyEnable: Internet Explorer proxy is enabled. ProxyServer: http=127.0.0.1:49163;https=127.0.0.1:49163 HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab FF Extension: Linksicle - C:\Program Files (x86)\Mozilla Firefox\extensions\linksicle@linksicle.com FF Extension: Linksicle - C:\Program Files (x86)\Mozilla Firefox\extensions\linksicle@linksicle.com CHR Extension: (Linksicle) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\gohhkpbcblcpnaghfmnkfangnkkagacg\1.8.2.0_0 R1 lsnfd; C:\Windows\System32\drivers\lsnfd.sys [58192 2013-10-02] (Linksicle) C:\Users\Linda\Downloads\JRT(2).exe C:\Users\Linda\Downloads\JRT(1).exe C:\Users\Linda\Downloads\mbar-1.07.0.1007(1).exe C:\Users\Linda\Downloads\dds(2).com C:\Users\Linda\Downloads\dds(1).com C:\Users\Linda\AppData\Local\Temp\{907F5CBA-2CCF-4C53-9258-32861164B423}.exe ***************** HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\BrowserSafeguard => Value deleted successfully. C:\Program Files (x86)\Browsersafeguard => Moved successfully. HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_72A69F45706A1906C3BB8A81AA94F778 => Value deleted successfully. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => Value deleted successfully. HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => Value deleted successfully. HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value deleted successfully. HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5} => Key not found. C:\Program Files (x86)\Mozilla Firefox\extensions\linksicle@linksicle.com => Moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\linksicle@linksicle.com not found. C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\gohhkpbcblcpnaghfmnkfangnkkagacg => Moved successfully. lsnfd => Service deleted successfully. C:\Users\Linda\Downloads\JRT(2).exe => Moved successfully. C:\Users\Linda\Downloads\JRT(1).exe => Moved successfully. C:\Users\Linda\Downloads\mbar-1.07.0.1007(1).exe => Moved successfully. C:\Users\Linda\Downloads\dds(2).com => Moved successfully. C:\Users\Linda\Downloads\dds(1).com => Moved successfully. C:\Users\Linda\AppData\Local\Temp\{907F5CBA-2CCF-4C53-9258-32861164B423}.exe => Moved successfully. The system needs a manual reboot. ==== End of Fixlog ====
  15. I posted the Addition log above. This is the Farbar Recovery Scan Tool. I download both versions of the FRST.txt, but only the 64 bit would run on my computer. I realized after I did the scan that my antivirus was on. Was I supposed to turn it off? Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-10-2013 Ran by Linda (administrator) on LINDA-PC on 05-11-2013 14:52:37 Running from C:\Users\Linda\Desktop Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe (McAfee, Inc.) C:\windows\system32\mfevtps.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe () C:\Windows\SysWOW64\UMonit.exe (BrowserSafeguard) C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (Samsung Electronics Co. Ltd.) C:\Users\Linda\AppData\Roaming\Verizon\UA_ar\UtilityApplication.exe (JME) C:\Program Files (x86)\jmesoft\hotkey.exe (Lenovo) C:\Program Files\Lenovo\Lenovo Eye Distance System\Lenovo Eye Distance System.exe (Lenovo) C:\Program Files\Lenovo\Lenovo Brightness System\Lenovo Dynamic Brightness System.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (McAfee, Inc.) C:\Program Files\McAfee\MAT\McPvTray.exe (Microsoft Corporation) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee Online Backup\MOBK400backup.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee Online Backup\MOBK400backup.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (McAfee, Inc.) c:\PROGRA~2\mcafee\SITEAD~1\saui.exe (McAfee, Inc.) C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe (McAfee, Inc.) C:\Program Files\McAfee\VirusScan\mcods.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE ==================== Registry (Whitelisted) ================== HKLM\...\Run: [HotKeysCmds] - C:\windows\system32\hkcmd.exe [ ] () HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11543656 2010-10-26] (Realtek Semiconductor) HKLM\...\Run: [uMonit] - C:\Windows\SysWOW64\UMonit.exe [28672 2010-11-30] () HKLM\...\Run: [Lenovo EE Boot Optimizer] - C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [114688 2011-05-19] (Lenovo) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKCU\...\Run: [browserSafeguard] - C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe [573952 2013-10-29] (BrowserSafeguard) HKCU\...\Run: [GoogleChromeAutoLaunch_72A69F45706A1906C3BB8A81AA94F778] - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [844752 2013-10-08] (Google Inc.) HKLM-x32\...\Run: [jmekey] - C:\Program Files (x86)\jmesoft\hotkey.exe [114688 2009-07-16] (JME) HKLM-x32\...\Run: [Lenovo Eye Distance System] - C:\Program Files\Lenovo\Lenovo Eye Distance System\Lenovo Eye Distance System.exe [265216 2010-09-09] (Lenovo) HKLM-x32\...\Run: [Lenovo Dynamic Brightness System] - C:\Program Files\Lenovo\Lenovo Brightness System\Lenovo Dynamic Brightness System.exe [285696 2010-10-08] (Lenovo) HKLM-x32\...\Run: [updatePRCShortCut] - C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2012-12-02] (Adobe Systems Incorporated) HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [49208 2011-10-28] (Hewlett-Packard) HKLM-x32\...\Run: [mcui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [537512 2013-09-24] (McAfee, Inc.) HKLM-x32\...\Run: [mcpltui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [537512 2013-09-24] (McAfee, Inc.) HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) Startup: C:\Users\Linda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Launch Utility Application.lnk ShortcutTarget: Launch Utility Application.lnk -> C:\Users\Linda\AppData\Roaming\Verizon\UA_ar\UtilityApplication.exe (Samsung Electronics Co. Ltd.) Startup: C:\Users\Linda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet 4620 series.lnk ShortcutTarget: Monitor Ink Alerts - HP Officejet 4620 series.lnk -> C:\Program Files\HP\HP Officejet 4620 series\bin\HPStatusBL.dll (Hewlett-Packard Co.) ==================== Internet (Whitelisted) ==================== ProxyEnable: Internet Explorer proxy is enabled. ProxyServer: http=127.0.0.1:49163;https=127.0.0.1:49163 HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.) Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\jeuc81t6.default-1383517261482 FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll () FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll () FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.) FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL () FF Plugin-x32: @mcafee.com/SAFFPlugin - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml FF Extension: Linksicle - C:\Program Files (x86)\Mozilla Firefox\extensions\linksicle@linksicle.com FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor FF HKLM-x32\...\Firefox\Extensions: [linksicle@linksicle.com] - C:\Program Files (x86)\Mozilla Firefox\extensions\linksicle@linksicle.com FF Extension: Linksicle - C:\Program Files (x86)\Mozilla Firefox\extensions\linksicle@linksicle.com FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK Chrome: ======= CHR DefaultSearchURL: (McAfee) - http://search.yahoo.com/search?fr=mcafee&p={searchTerms} CHR DefaultSuggestURL: (McAfee) - "suggest_url": "", CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll () CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\gcswf32.dll No File CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll () CHR Extension: (SiteAdvisor) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.6.3.1271_0 CHR Extension: (Linksicle) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\gohhkpbcblcpnaghfmnkfangnkkagacg\1.8.2.0_0 CHR Extension: (Google Wallet) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0 CHR Extension: (Scorpion Saver) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\oclgomenfkljhfkfflghppidonpkljjg\5.0_0 CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx CHR HKLM-x32\...\Chrome\Extension: [gohhkpbcblcpnaghfmnkfangnkkagacg] - C:\Program Files (x86)\Linksicle\Chrome\gohhkpbcblcpnaghfmnkfangnkkagacg.crx ==================== Services (Whitelisted) ================= R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.) R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178048 2013-09-24] (McAfee, Inc.) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.) R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.) R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1017016 2013-09-20] (McAfee, Inc.) R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219272 2013-09-24] (McAfee, Inc.) R2 mfevtp; C:\windows\system32\mfevtps.exe [182752 2013-09-24] (McAfee, Inc.) R2 MOBK400backup; C:\Program Files (x86)\McAfee Online Backup\MOBK400backup.exe [231224 2010-06-01] (McAfee, Inc.) R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) ==================== Drivers (Whitelisted) ==================== R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-09-24] (McAfee, Inc.) R3 GeneStor; C:\Windows\System32\DRIVERS\GeneStor.sys [57856 2010-12-16] (GenesysLogic) S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.) R1 lsnfd; C:\Windows\System32\drivers\lsnfd.sys [58192 2013-10-02] (Linksicle) R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R0 McPvDrv; C:\Windows\System32\drivers\McPvDrv.sys [74560 2013-09-09] (McAfee, Inc.) R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179664 2013-09-24] (McAfee, Inc.) R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [310224 2013-09-24] (McAfee, Inc.) R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [519192 2013-09-24] (McAfee, Inc.) R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [781312 2013-09-24] (McAfee, Inc.) R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [390552 2013-09-20] (McAfee, Inc.) S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [95984 2013-09-20] (McAfee, Inc.) R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [343568 2013-09-24] (McAfee, Inc.) R1 MOBK400Filter; C:\Windows\System32\DRIVERS\MOBK400.sys [66040 2010-06-01] (Mozy, Inc.) S3 ssmirrdr; C:\Windows\System32\DRIVERS\ssmirrdr.sys [10112 2011-06-10] (support.com, Inc) R0 WinI2C-DDC; C:\Windows\System32\drivers\DDCDrv.sys [20832 2008-04-08] (Nicomsoft Ltd.) R0 WinI2C-DDC; C:\Windows\SysWow64\drivers\DDCDrv.sys [15712 2010-03-22] (Nicomsoft Ltd.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) S3 catchme; \??\C:\ComboFix\catchme.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-11-05 14:52 - 2013-11-05 14:52 - 00000000 ____D C:\FRST 2013-11-05 14:51 - 2013-11-05 14:51 - 01957098 _____ (Farbar) C:\Users\Linda\Desktop\FRST64.exe 2013-11-05 14:50 - 2013-11-05 14:50 - 01089445 _____ (Farbar) C:\Users\Linda\Desktop\FRST.exe 2013-11-05 11:58 - 2013-11-05 11:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-11-05 10:41 - 2013-11-05 10:42 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\Linda\Desktop\tdsskiller.exe 2013-11-04 20:20 - 2013-11-04 20:20 - 00022067 _____ C:\ComboFix.txt 2013-11-04 20:13 - 2013-11-04 20:20 - 00000000 ____D C:\Qoobox 2013-11-04 20:13 - 2013-11-04 20:19 - 00000000 ____D C:\windows\erdnt 2013-11-04 20:13 - 2011-06-25 22:45 - 00256000 _____ C:\windows\PEV.exe 2013-11-04 20:13 - 2010-11-07 09:20 - 00208896 _____ C:\windows\MBR.exe 2013-11-04 20:13 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe 2013-11-04 20:13 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe 2013-11-04 20:13 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe 2013-11-04 20:13 - 2000-08-30 16:00 - 00098816 _____ C:\windows\sed.exe 2013-11-04 20:13 - 2000-08-30 16:00 - 00080412 _____ C:\windows\grep.exe 2013-11-04 20:13 - 2000-08-30 16:00 - 00068096 _____ C:\windows\zip.exe 2013-11-04 20:11 - 2013-11-04 20:11 - 05143677 ____R (Swearware) C:\Users\Linda\Desktop\ComboFix.exe 2013-11-04 17:27 - 2013-11-04 17:27 - 00359085 _____ (Farbar) C:\Users\Linda\Desktop\FSS.exe 2013-11-03 14:18 - 2013-11-03 14:18 - 00659968 _____ C:\Users\Linda\Desktop\MicrosoftFixit50195.msi 2013-11-03 13:58 - 2013-11-03 13:58 - 00448512 _____ (OldTimer Tools) C:\Users\Linda\Desktop\TFC.exe 2013-10-31 21:22 - 2013-10-31 21:29 - 00043782 _____ C:\Users\Linda\Downloads\FRST.txt 2013-10-31 21:22 - 2013-10-31 21:22 - 00018836 _____ C:\Users\Linda\Downloads\Addition.txt 2013-10-31 19:12 - 2013-10-31 19:12 - 01060070 _____ C:\Users\Linda\Downloads\AdwCleaner.exe 2013-10-31 18:28 - 2013-10-31 18:28 - 00000258 __RSH C:\Users\Linda\ntuser.pol 2013-10-31 18:28 - 2013-10-31 18:28 - 00000000 ____D C:\Program Files (x86)\ScorpionSaver 2013-10-31 18:28 - 2013-10-31 18:28 - 00000000 ____D C:\Program Files (x86)\Level Quality Watcher 2013-10-31 18:28 - 2013-10-31 18:28 - 00000000 ____D C:\Program Files (x86)\Browsersafeguard 2013-10-31 18:27 - 2013-10-31 18:27 - 00000000 ____D C:\ProgramData\Real 2013-10-31 17:42 - 2013-10-31 17:42 - 00000000 ____D C:\windows\ERUNT 2013-10-31 17:41 - 2013-10-31 17:41 - 01033335 _____ (Thisisu) C:\Users\Linda\Downloads\JRT(2).exe 2013-10-31 17:41 - 2013-10-31 17:41 - 01033335 _____ (Thisisu) C:\Users\Linda\Downloads\JRT(1).exe 2013-10-31 17:21 - 2013-10-31 17:21 - 01033335 _____ (Thisisu) C:\Users\Linda\Downloads\JRT.exe 2013-10-30 22:38 - 2013-10-30 22:38 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Linda\Downloads\mbar-1.07.0.1007(1).exe 2013-10-30 22:23 - 2013-10-30 22:51 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2013-10-30 22:23 - 2013-10-30 22:40 - 00116440 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2013-10-30 22:18 - 2013-10-30 22:51 - 00000000 ____D C:\Users\Linda\Desktop\mbar 2013-10-30 22:18 - 2013-10-30 22:39 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys 2013-10-30 22:18 - 2013-10-30 22:18 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Linda\Downloads\mbar-1.07.0.1007.exe 2013-10-30 20:52 - 2013-10-30 20:52 - 00688992 ____R (Swearware) C:\Users\Linda\Downloads\dds(2).com 2013-10-30 20:51 - 2013-10-30 20:50 - 00688992 _____ (Swearware) C:\Users\Linda\Downloads\dds(1).com 2013-10-30 20:47 - 2013-10-30 20:46 - 00688992 _____ (Swearware) C:\Users\Linda\Downloads\dds.com 2013-10-30 20:43 - 2013-10-30 20:43 - 00688992 _____ (Swearware) C:\Users\Linda\Downloads\dds.scr 2013-10-30 20:09 - 2013-10-30 20:32 - 00000000 ____D C:\Users\Linda\AppData\Roaming\U3 2013-10-30 11:41 - 2013-10-30 11:41 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2013-10-30 11:41 - 2013-10-30 11:41 - 00000000 ____D C:\Users\Linda\AppData\Roaming\Malwarebytes 2013-10-30 11:40 - 2013-10-30 11:41 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-10-30 11:40 - 2013-10-30 11:40 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-10-30 11:40 - 2013-04-04 13:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys 2013-10-30 11:38 - 2013-10-30 11:38 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Linda\Downloads\mbam-setup-1.75.0.1300(3).exe 2013-10-30 11:37 - 2013-10-30 11:37 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Linda\Downloads\mbam-setup-1.75.0.1300(2).exe 2013-10-30 11:37 - 2013-10-30 11:37 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Linda\Downloads\mbam-setup-1.75.0.1300(1).exe 2013-10-30 11:34 - 2013-10-30 11:19 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Linda\Downloads\mbam-setup-1.75.0.1300.exe 2013-10-29 20:39 - 2013-10-29 20:39 - 00000000 ____D C:\ProgramData\Oracle 2013-10-29 20:38 - 2013-10-29 20:38 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe 2013-10-29 20:38 - 2013-10-29 20:38 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe 2013-10-29 20:38 - 2013-10-29 20:38 - 00174504 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe 2013-10-29 20:38 - 2013-10-29 20:38 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll 2013-10-29 20:38 - 2013-10-29 20:38 - 00000000 ____D C:\Program Files (x86)\Java 2013-10-29 12:59 - 2013-10-29 13:01 - 372627488 _____ C:\Users\Linda\Documents\American Blackout 2013 National Geographic.mp4 2013-10-21 17:10 - 2013-10-21 17:10 - 00000000 ____D C:\Program Files\McAfee Security Scan 2013-10-15 19:02 - 2013-09-23 12:49 - 00197704 _____ (McAfee, Inc.) C:\windows\system32\Drivers\HipShieldK.sys 2013-10-10 15:58 - 2013-10-10 15:58 - 00000000 ____D C:\Users\Linda\AppData\Local\McAfee File Lock 2013-10-10 02:06 - 2013-09-22 15:27 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll 2013-10-10 02:06 - 2013-09-22 15:27 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll 2013-10-10 02:06 - 2013-09-22 15:27 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll 2013-10-10 02:06 - 2013-09-22 15:27 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll 2013-10-10 02:06 - 2013-09-22 14:55 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2013-10-10 02:06 - 2013-09-22 14:54 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2013-10-10 02:06 - 2013-09-22 14:54 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll 2013-10-10 02:06 - 2013-09-22 14:54 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll 2013-10-10 02:06 - 2013-09-20 19:38 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2013-10-10 02:06 - 2013-09-20 19:30 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb 2013-10-10 02:06 - 2013-09-20 18:39 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe 2013-10-10 02:05 - 2013-09-22 15:28 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll 2013-10-10 02:05 - 2013-09-22 15:28 - 01141248 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll 2013-10-10 02:05 - 2013-09-22 15:27 - 14335488 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2013-10-10 02:05 - 2013-09-22 15:27 - 13761024 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll 2013-10-10 02:05 - 2013-09-22 15:27 - 02876928 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll 2013-10-10 02:05 - 2013-09-22 15:27 - 02048512 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll 2013-10-10 02:05 - 2013-09-22 15:27 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll 2013-10-10 02:05 - 2013-09-22 15:27 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll 2013-10-10 02:05 - 2013-09-22 15:27 - 00039424 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll 2013-10-10 02:05 - 2013-09-22 14:55 - 02241024 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2013-10-10 02:05 - 2013-09-22 14:55 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2013-10-10 02:05 - 2013-09-22 14:54 - 19252224 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2013-10-10 02:05 - 2013-09-22 14:54 - 15404544 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2013-10-10 02:05 - 2013-09-22 14:54 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2013-10-10 02:05 - 2013-09-22 14:54 - 02647552 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2013-10-10 02:05 - 2013-09-22 14:54 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll 2013-10-10 02:05 - 2013-09-22 14:54 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2013-10-10 02:05 - 2013-09-22 14:54 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll 2013-10-10 02:05 - 2013-09-22 14:54 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2013-10-10 02:05 - 2013-09-20 18:48 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe 2013-10-09 19:49 - 2013-07-12 02:41 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbcir.sys 2013-10-09 19:49 - 2013-07-12 02:40 - 00109824 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBAUDIO.sys 2013-10-09 19:49 - 2013-07-04 04:50 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\comctl32.dll 2013-10-09 19:49 - 2013-07-04 03:50 - 00530432 _____ (Microsoft Corporation) C:\windows\SysWOW64\comctl32.dll 2013-10-09 19:48 - 2013-09-13 17:10 - 00497152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys 2013-10-09 19:48 - 2013-09-07 18:30 - 01903552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys 2013-10-09 19:48 - 2013-09-07 18:27 - 00327168 _____ (Microsoft Corporation) C:\windows\system32\mswsock.dll 2013-10-09 19:48 - 2013-09-07 18:03 - 00231424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mswsock.dll 2013-10-09 19:48 - 2013-08-28 18:17 - 05549504 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe 2013-10-09 19:48 - 2013-08-28 18:16 - 01732032 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll 2013-10-09 19:48 - 2013-08-28 18:16 - 00859648 _____ (Microsoft Corporation) C:\windows\system32\tdh.dll 2013-10-09 19:48 - 2013-08-28 18:16 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll 2013-10-09 19:48 - 2013-08-28 18:13 - 00878080 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll 2013-10-09 19:48 - 2013-08-28 17:51 - 03969472 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe 2013-10-09 19:48 - 2013-08-28 17:51 - 03914176 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe 2013-10-09 19:48 - 2013-08-28 17:50 - 01292192 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll 2013-10-09 19:48 - 2013-08-28 17:50 - 00619520 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdh.dll 2013-10-09 19:48 - 2013-08-28 17:50 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll 2013-10-09 19:48 - 2013-08-28 17:48 - 00640512 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll 2013-10-09 19:48 - 2013-08-28 16:49 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe 2013-10-09 19:48 - 2013-08-28 16:49 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll 2013-10-09 19:48 - 2013-08-28 16:49 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe 2013-10-09 19:48 - 2013-08-28 16:49 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe 2013-10-09 19:48 - 2013-08-27 17:21 - 03155968 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2013-10-09 19:48 - 2013-08-27 17:12 - 00461312 _____ (Microsoft Corporation) C:\windows\system32\scavengeui.dll 2013-10-09 19:48 - 2013-08-01 04:09 - 00983488 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys 2013-10-09 19:48 - 2013-07-20 02:33 - 00124112 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll 2013-10-09 19:48 - 2013-07-20 02:33 - 00102608 _____ (Microsoft Corporation) C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2013-10-09 19:48 - 2013-07-04 04:57 - 00259584 _____ (Microsoft Corporation) C:\windows\system32\WebClnt.dll 2013-10-09 19:48 - 2013-07-04 04:50 - 00102400 _____ (Microsoft Corporation) C:\windows\system32\davclnt.dll 2013-10-09 19:48 - 2013-07-04 03:57 - 00205824 _____ (Microsoft Corporation) C:\windows\SysWOW64\WebClnt.dll 2013-10-09 19:48 - 2013-07-04 03:51 - 00081920 _____ (Microsoft Corporation) C:\windows\SysWOW64\davclnt.dll 2013-10-09 19:48 - 2013-07-04 02:11 - 00140800 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys 2013-10-09 19:48 - 2013-07-02 20:40 - 00042496 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbscan.sys 2013-10-09 19:48 - 2013-07-02 20:05 - 00076800 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidclass.sys 2013-10-09 19:48 - 2013-07-02 20:05 - 00032896 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidparse.sys 2013-10-09 19:48 - 2013-06-25 14:55 - 00785624 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Wdf01000.sys 2013-10-09 19:48 - 2013-06-05 21:50 - 00041472 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll 2013-10-09 19:48 - 2013-06-05 21:49 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll 2013-10-09 19:48 - 2013-06-05 21:49 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll 2013-10-09 19:48 - 2013-06-05 21:47 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll 2013-10-09 19:48 - 2013-06-05 20:57 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\lpk.dll 2013-10-09 19:48 - 2013-06-05 20:51 - 00070656 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll 2013-10-09 19:48 - 2013-06-05 20:50 - 00010240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dciman32.dll 2013-10-09 19:48 - 2013-06-05 19:30 - 00368128 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll 2013-10-09 19:48 - 2013-06-05 19:01 - 00295424 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll 2013-10-09 19:48 - 2013-06-05 19:01 - 00034304 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll ==================== One Month Modified Files and Folders ======= 2013-11-05 14:52 - 2013-11-05 14:52 - 00000000 ____D C:\FRST 2013-11-05 14:51 - 2013-11-05 14:51 - 01957098 _____ (Farbar) C:\Users\Linda\Desktop\FRST64.exe 2013-11-05 14:50 - 2013-11-05 14:50 - 01089445 _____ (Farbar) C:\Users\Linda\Desktop\FRST.exe 2013-11-05 14:13 - 2011-05-18 19:57 - 01211491 _____ C:\windows\WindowsUpdate.log 2013-11-05 13:59 - 2012-06-11 23:16 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job 2013-11-05 12:21 - 2009-07-13 20:45 - 00020688 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-11-05 12:21 - 2009-07-13 20:45 - 00020688 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-11-05 12:18 - 2013-05-13 15:31 - 00001844 _____ C:\Users\Public\Desktop\McAfee Total Protection.lnk 2013-11-05 12:18 - 2012-04-26 00:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-11-05 12:18 - 2009-07-13 21:13 - 00726444 _____ C:\windows\system32\PerfStringBackup.INI 2013-11-05 12:15 - 2011-07-07 16:05 - 00000000 __RSD C:\Users\Linda\Documents\McAfee Vaults 2013-11-05 12:14 - 2012-10-07 18:18 - 00000000 ____D C:\Users\Public\Documents\Verizon_Android 2013-11-05 12:14 - 2011-05-19 08:29 - 00135181 _____ C:\windows\system32\fastboot.set 2013-11-05 12:13 - 2009-07-13 21:08 - 00000006 ____H C:\windows\Tasks\SA.DAT 2013-11-05 12:13 - 2009-07-13 20:51 - 00060109 _____ C:\windows\setupact.log 2013-11-05 11:58 - 2013-11-05 11:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-11-05 10:42 - 2013-11-05 10:41 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\Linda\Desktop\tdsskiller.exe 2013-11-04 20:25 - 2010-11-20 19:47 - 00087906 _____ C:\windows\PFRO.log 2013-11-04 20:20 - 2013-11-04 20:20 - 00022067 _____ C:\ComboFix.txt 2013-11-04 20:20 - 2013-11-04 20:13 - 00000000 ____D C:\Qoobox 2013-11-04 20:19 - 2013-11-04 20:13 - 00000000 ____D C:\windows\erdnt 2013-11-04 20:19 - 2011-07-08 15:38 - 00000000 ____D C:\Users\Linda 2013-11-04 20:19 - 2009-07-13 18:34 - 00000215 _____ C:\windows\system.ini 2013-11-04 20:11 - 2013-11-04 20:11 - 05143677 ____R (Swearware) C:\Users\Linda\Desktop\ComboFix.exe 2013-11-04 17:27 - 2013-11-04 17:27 - 00359085 _____ (Farbar) C:\Users\Linda\Desktop\FSS.exe 2013-11-03 14:21 - 2012-11-17 15:21 - 00000000 ____D C:\Users\Linda\Desktop\Old Firefox Data 2013-11-03 14:18 - 2013-11-03 14:18 - 00659968 _____ C:\Users\Linda\Desktop\MicrosoftFixit50195.msi 2013-11-03 13:58 - 2013-11-03 13:58 - 00448512 _____ (OldTimer Tools) C:\Users\Linda\Desktop\TFC.exe 2013-10-31 21:29 - 2013-10-31 21:22 - 00043782 _____ C:\Users\Linda\Downloads\FRST.txt 2013-10-31 21:22 - 2013-10-31 21:22 - 00018836 _____ C:\Users\Linda\Downloads\Addition.txt 2013-10-31 19:12 - 2013-10-31 19:12 - 01060070 _____ C:\Users\Linda\Downloads\AdwCleaner.exe 2013-10-31 18:28 - 2013-10-31 18:28 - 00000258 __RSH C:\Users\Linda\ntuser.pol 2013-10-31 18:28 - 2013-10-31 18:28 - 00000000 ____D C:\Program Files (x86)\ScorpionSaver 2013-10-31 18:28 - 2013-10-31 18:28 - 00000000 ____D C:\Program Files (x86)\Level Quality Watcher 2013-10-31 18:28 - 2013-10-31 18:28 - 00000000 ____D C:\Program Files (x86)\Browsersafeguard 2013-10-31 18:28 - 2009-07-13 19:20 - 00000000 ___HD C:\windows\system32\GroupPolicy 2013-10-31 18:28 - 2009-07-13 19:20 - 00000000 ____D C:\windows\SysWOW64\GroupPolicy 2013-10-31 18:27 - 2013-10-31 18:27 - 00000000 ____D C:\ProgramData\Real 2013-10-31 18:02 - 2009-07-13 19:20 - 00000000 ____D C:\windows\system32\NDF 2013-10-31 17:42 - 2013-10-31 17:42 - 00000000 ____D C:\windows\ERUNT 2013-10-31 17:41 - 2013-10-31 17:41 - 01033335 _____ (Thisisu) C:\Users\Linda\Downloads\JRT(2).exe 2013-10-31 17:41 - 2013-10-31 17:41 - 01033335 _____ (Thisisu) C:\Users\Linda\Downloads\JRT(1).exe 2013-10-31 17:21 - 2013-10-31 17:21 - 01033335 _____ (Thisisu) C:\Users\Linda\Downloads\JRT.exe 2013-10-30 22:51 - 2013-10-30 22:23 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2013-10-30 22:51 - 2013-10-30 22:18 - 00000000 ____D C:\Users\Linda\Desktop\mbar 2013-10-30 22:40 - 2013-10-30 22:23 - 00116440 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2013-10-30 22:39 - 2013-10-30 22:18 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys 2013-10-30 22:38 - 2013-10-30 22:38 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Linda\Downloads\mbar-1.07.0.1007(1).exe 2013-10-30 22:18 - 2013-10-30 22:18 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Linda\Downloads\mbar-1.07.0.1007.exe 2013-10-30 20:52 - 2013-10-30 20:52 - 00688992 ____R (Swearware) C:\Users\Linda\Downloads\dds(2).com 2013-10-30 20:50 - 2013-10-30 20:51 - 00688992 _____ (Swearware) C:\Users\Linda\Downloads\dds(1).com 2013-10-30 20:46 - 2013-10-30 20:47 - 00688992 _____ (Swearware) C:\Users\Linda\Downloads\dds.com 2013-10-30 20:43 - 2013-10-30 20:43 - 00688992 _____ (Swearware) C:\Users\Linda\Downloads\dds.scr 2013-10-30 20:32 - 2013-10-30 20:09 - 00000000 ____D C:\Users\Linda\AppData\Roaming\U3 2013-10-30 14:02 - 2013-05-13 15:29 - 00000000 ____D C:\Program Files (x86)\McAfee 2013-10-30 11:41 - 2013-10-30 11:41 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2013-10-30 11:41 - 2013-10-30 11:41 - 00000000 ____D C:\Users\Linda\AppData\Roaming\Malwarebytes 2013-10-30 11:41 - 2013-10-30 11:40 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-10-30 11:40 - 2013-10-30 11:40 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-10-30 11:38 - 2013-10-30 11:38 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Linda\Downloads\mbam-setup-1.75.0.1300(3).exe 2013-10-30 11:37 - 2013-10-30 11:37 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Linda\Downloads\mbam-setup-1.75.0.1300(2).exe 2013-10-30 11:37 - 2013-10-30 11:37 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Linda\Downloads\mbam-setup-1.75.0.1300(1).exe 2013-10-30 11:19 - 2013-10-30 11:34 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Linda\Downloads\mbam-setup-1.75.0.1300.exe 2013-10-29 20:39 - 2013-10-29 20:39 - 00000000 ____D C:\ProgramData\Oracle 2013-10-29 20:38 - 2013-10-29 20:38 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe 2013-10-29 20:38 - 2013-10-29 20:38 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe 2013-10-29 20:38 - 2013-10-29 20:38 - 00174504 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe 2013-10-29 20:38 - 2013-10-29 20:38 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll 2013-10-29 20:38 - 2013-10-29 20:38 - 00000000 ____D C:\Program Files (x86)\Java 2013-10-29 13:01 - 2013-10-29 12:59 - 372627488 _____ C:\Users\Linda\Documents\American Blackout 2013 National Geographic.mp4 2013-10-24 17:04 - 2008-12-08 23:02 - 00000000 ____D C:\Users\Linda\Documents\Thomas Blaine Simpson 2013-10-24 17:04 - 2005-09-12 22:17 - 00000000 ____D C:\Users\Linda\Documents\Telephone Numbers & Addresses 2013-10-24 17:03 - 2010-01-31 12:31 - 00000000 ____D C:\Users\Linda\Documents\Tom Simpson 2013-10-21 17:10 - 2013-10-21 17:10 - 00000000 ____D C:\Program Files\McAfee Security Scan 2013-10-21 17:10 - 2012-08-27 14:59 - 00001931 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk 2013-10-18 09:02 - 2011-05-19 08:28 - 00002183 _____ C:\Users\Public\Desktop\Internet Browser.lnk 2013-10-15 18:56 - 2011-07-07 16:04 - 00000000 ____D C:\Program Files\Common Files\McAfee 2013-10-11 10:30 - 2011-05-19 08:26 - 00000000 ____D C:\ProgramData\McAfee 2013-10-10 15:58 - 2013-10-10 15:58 - 00000000 ____D C:\Users\Linda\AppData\Local\McAfee File Lock 2013-10-10 13:41 - 2009-07-13 19:20 - 00000000 ____D C:\windows\rescache 2013-10-10 02:24 - 2009-07-13 20:45 - 00428512 _____ C:\windows\system32\FNTCACHE.DAT 2013-10-10 02:03 - 2013-08-15 02:00 - 00000000 ____D C:\windows\system32\MRT 2013-10-10 02:02 - 2011-07-07 16:34 - 80541720 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2013-10-08 18:59 - 2012-06-11 23:16 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater 2013-10-08 18:59 - 2012-04-12 02:18 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe 2013-10-08 18:59 - 2011-07-08 16:49 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-10-08 11:49 - 2012-11-03 15:03 - 00000000 ____D C:\Users\Linda\AppData\Local\HP Some content of TEMP: ==================== C:\Users\Linda\AppData\Local\Temp\{907F5CBA-2CCF-4C53-9258-32861164B423}.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-10-31 09:08 ==================== End Of Log =======