ashotinthedark Posted December 7, 2013 ID:761750 Share Posted December 7, 2013 Please:I have been infected with Scorpion Saver.It is messing up my system.Please help me to remove.I am not overly computer "techy" so kindly please speak in layperson-speak as much as possible.Running Windows 7.I think 64 bytes? Not sure and not sure how to be sure. May I ask please how do I know if I have 64 or 32 byte system?Thank you! Link to post Share on other sites More sharing options...
kevinf80 Posted December 7, 2013 ID:761752 Share Posted December 7, 2013 Hello and P2P/Piracy Warning: If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy. Next, Download AdwCleaner by Xplode from here: http://www.bleepingcomputer.com/download/adwcleaner/ and save to your Desktop. Double click on AdwCleaner.exe to run the tool. Vista/Windows 7/8 users right-click and select Run As Administrator Click on the Scan button. AdwCleaner will begin...be patient as the scan may take some time to complete. When it's done you'll see: Pending: Uncheck any elements you don't want removed. Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review. Look over the log especially under Files/Folders for any program you want to save. If there's a program you want to save, just uncheck it from AdwCleaner. If you're not sure, post the log for review. If you're ready to clean it all up.....click the Clean button. After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically. Copy and paste the contents of that logfile in your next reply. A copy of that logfile will also be saved in the C:\AdwCleaner folder. Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine To restore an item that has been deleted (if necessary): Go to Tools > Quarantine Manager > check what you want restored > now click on Restore. Next, Run Malwarebytes, Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.Please Update and run a Full scanMake sure that everything is checked, and click Remove Selected on any found items. Next, Please download SystemLook from the following link below and save it to your Desktop. Use the correct version 32bit or 64bit. http://jpshortstuff.247fixes.com/SystemLook_x64.exe <<- 64 bit…. http://images.malwareremoval.com/jpshortstuff/SystemLook.exe <<- 32 bit Double-click SystemLook.exe to run it.Copy the content of the following codebox into the main textfield: :filefind*adpeak*Adpeak.**Scorpion*Scopion.*:folderfind*Scorpion**adpeak*:regfind*Scorpion*Scorpion*adpeak*adpeak Click the Look button to start the scan.When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.Note: The log can also be found on your Desktop entitled SystemLook.txt Post the produced logs.... Kevin Link to post Share on other sites More sharing options...
ashotinthedark Posted December 8, 2013 Author ID:762003 Share Posted December 8, 2013 First the log from Awd Cleaner: # AdwCleaner v3.014 - Report created 08/12/2013 at 05:53:22# Updated 01/12/2013 by Xplode# Operating System : Windows 7 Professional Service Pack 1 (64 bits)# Username : newlife - ENERGIA# Running from : C:\Users\newlife\Desktop\AdwCleaner(1).exe# Option : Clean***** [ Services ] ********** [ Files / Folders ] *****File Deleted : C:\Windows\System32\Tasks\NCH Software***** [ Shortcuts ] ********** [ Registry ] *****Key Deleted : HKCU\Software\FLEXnet***** [ Browsers ] *****-\\ Internet Explorer v11.0.9600.16428 Link to post Share on other sites More sharing options...
ashotinthedark Posted December 8, 2013 Author ID:762113 Share Posted December 8, 2013 Next When you say: "Run Malwarebytes", I assume you mean to google a program named such and download it?I did so, and then followed your directions, and here is the results as per you request: Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.orgDatabase version: v2013.12.08.01Windows 7 Service Pack 1 x64 NTFSInternet Explorer 11.0.9600.16428newlife :: ENERGIA [administrator]12/8/2013 7:20:09 AMmbam-log-2013-12-08 (07-20-09).txtScan type: Full scan (C:\|)Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 422681Time elapsed: 49 minute(s), 9 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected) Link to post Share on other sites More sharing options...
ashotinthedark Posted December 8, 2013 Author ID:762114 Share Posted December 8, 2013 As far as SystermLook, you say download 32 bit, or 64. How do I know if I am running and need 32 or 64?I have Windows 7. Link to post Share on other sites More sharing options...
ashotinthedark Posted December 8, 2013 Author ID:762115 Share Posted December 8, 2013 When you day copy the content into the textfield, you mean this correct? :filefind*adpeak*Adpeak.**Scorpion*Scopion.*:folderfind*Scorpion**adpeak*:regfind*Scorpion*Scorpion*adpeak*adpeak Link to post Share on other sites More sharing options...
ashotinthedark Posted December 8, 2013 Author ID:762117 Share Posted December 8, 2013 I downloaded SystemLook 64 bit, as I "think" I have 64, but not sure; awaiting your guidance on this.But here are the results with the 64 bit: SystemLook 30.07.11 by jpshortstuffLog created at 12:55 on 08/12/2013 by newlifeAdministrator - Elevation successful========== filefind ==========Searching for "*adpeak*"C:\AdwCleaner\Quarantine\C\Windows\System32\AdpeakProxy.ini.vir --a---- 5360 bytes [20:42 06/11/2013] [20:42 06/11/2013] 18DFC8C69730221B2CFEFFCCB565A90EC:\AdwCleaner\Quarantine\C\Windows\System32\AdpeakProxyOff.ini.vir --a---- 2312 bytes [20:32 06/11/2013] [20:32 06/11/2013] 1ED56540E72D15EA63DF19D70636A347C:\AdwCleaner\Quarantine\C\Windows\SysWOW64\AdpeakProxy.ini.vir --a---- 5360 bytes [20:42 06/11/2013] [20:42 06/11/2013] 18DFC8C69730221B2CFEFFCCB565A90EC:\AdwCleaner\Quarantine\C\Windows\SysWOW64\AdpeakProxyOff.ini.vir --a---- 2312 bytes [20:32 06/11/2013] [20:32 06/11/2013] 1ED56540E72D15EA63DF19D70636A347C:\Windows\System32\AdpeakProxy64.dll --a---- 439296 bytes [15:45 23/11/2013] [15:18 16/10/2013] 78857BF5996E9BC8E82C1B671CBF85E6Searching for "Adpeak.*"No files found.Searching for "*Scorpion*"No files found.Searching for "Scopion.*"No files found.========== folderfind ==========Searching for "*Scorpion*"No folders found.Searching for "*adpeak*"No folders found.========== regfind ==========Searching for "*Scorpion*"No data found.Searching for "Scorpion"[HKEY_LOCAL_MACHINE\SOFTWARE\Adpeak, Inc.\ScorpionSaver Services][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\6BA018E6E43F3A949AF3E90563067F81]"ProductName"="ScorpionSaver Services"[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SOFTWARE\Wow6432Node\CLSID\F5D333A8-C748-4686-AE0A-9E008F670C22]@="ScorpionSaver"[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SOFTWARE\Wow6432Node\CLSID\F5D333A8-C748-4686-AE0A-9E008F670C22\InProcServer32]@="C:\Program Files(x86)\ScorpionSaver\IECore.dll"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]"c:\Program Files\ScorpionSaver Services\"=""[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\070C83CAC0BBFE455B6212FB4397793C]"6BA018E6E43F3A949AF3E90563067F81"="c:\Program Files\ScorpionSaver Services\AdpeakRegisterLSP.ini"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\32DA746012E6D4F488AAD113D6FA4A44]"6BA018E6E43F3A949AF3E90563067F81"="c:\Program Files\ScorpionSaver Services\"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\382E585E62B6F595CB727CEBAB9E48A0]"6BA018E6E43F3A949AF3E90563067F81"="c:\Program Files\ScorpionSaver Services\AdpeakRegisterLSP.exe"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3B786268CB4A7F156A3BDF6701444F22]"6BA018E6E43F3A949AF3E90563067F81"="c:\Program Files\ScorpionSaver Services\AdpeakProxy64.dll"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3FB1AAC4382437047A03618BF727B859]"6BA018E6E43F3A949AF3E90563067F81"="c:\Program Files\ScorpionSaver Services\Microsoft.Deployment.WindowsInstaller.dll"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4D2EB987C8C8A46578D4943D5A9A1467]"6BA018E6E43F3A949AF3E90563067F81"="c:\Program Files\ScorpionSaver Services\Installbat.dll"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6FB4398202577895B83B74B08F79C3A2]"6BA018E6E43F3A949AF3E90563067F81"="c:\Program Files\ScorpionSaver Services\AdpeakProxy.exe"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7617C782A0FD4D15288CD4E4ECF84C67]"6BA018E6E43F3A949AF3E90563067F81"="c:\Program Files\ScorpionSaver Services\InstallDLL.dll"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7AB2AE85638F6255CA2F35481D3A8828]"6BA018E6E43F3A949AF3E90563067F81"="c:\Program Files\ScorpionSaver Services\PCProxyDLL.dll"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9BBBCEE5468FF9C569B1F7A24F6ED3D8]"6BA018E6E43F3A949AF3E90563067F81"="c:\Program Files\ScorpionSaver Services\InstallDLL64.dll"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A1A8F5D2D938A495DBE3BC97E2BC5FA3]"6BA018E6E43F3A949AF3E90563067F81"="c:\Program Files\ScorpionSaver Services\Installbat64.dll"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D2E5AC6B3591558529A290643010F81B]"6BA018E6E43F3A949AF3E90563067F81"="c:\Program Files\ScorpionSaver Services\AdpeakProxy.dll"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D5E8CD27C9B1C435AAB81D8619DCEFE3]"6BA018E6E43F3A949AF3E90563067F81"="c:\Program Files\ScorpionSaver Services\AdpeakRegisterLSP64.exe"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6BA018E6E43F3A949AF3E90563067F81\InstallProperties]"DisplayName"="ScorpionSaver Services"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6E810AB6-F34E-49A3-A93F-9E503660F718}]"DisplayName"="ScorpionSaver Services"[HKEY_LOCAL_MACHINE\SOFTWARE\Scorpion Saver][HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\AppId_Catalog\049970F0]"AppFullPath"="C:\Program Files\ScorpionSaver Services\AdpeakProxy.exe"[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\WinSock2\Parameters\AppId_Catalog\049970F0]"AppFullPath"="C:\Program Files\ScorpionSaver Services\AdpeakProxy.exe"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog\049970F0]"AppFullPath"="C:\Program Files\ScorpionSaver Services\AdpeakProxy.exe"Searching for "*adpeak*"No data found.Searching for "adpeak"[HKEY_LOCAL_MACHINE\SOFTWARE\Adpeak, Inc.][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{9DC8FA51-B596-4f77-802C-5B295919C205}]"LocalService"="AdpeakProxy"[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{9DC8FA51-B596-4f77-802C-5B295919C205}]"LocalService"="AdpeakProxy"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\070C83CAC0BBFE455B6212FB4397793C]"6BA018E6E43F3A949AF3E90563067F81"="c:\Program Files\ScorpionSaver Services\AdpeakRegisterLSP.ini"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\382E585E62B6F595CB727CEBAB9E48A0]"6BA018E6E43F3A949AF3E90563067F81"="c:\Program Files\ScorpionSaver Services\AdpeakRegisterLSP.exe"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3B786268CB4A7F156A3BDF6701444F22]"6BA018E6E43F3A949AF3E90563067F81"="c:\Program Files\ScorpionSaver Services\AdpeakProxy64.dll"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6FB4398202577895B83B74B08F79C3A2]"6BA018E6E43F3A949AF3E90563067F81"="c:\Program Files\ScorpionSaver Services\AdpeakProxy.exe"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A3380AB2BD8DB6D5E9CCD5BEE8B77161]"6BA018E6E43F3A949AF3E90563067F81"="c?\Windows\system32\AdpeakProxy.ini"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D2E5AC6B3591558529A290643010F81B]"6BA018E6E43F3A949AF3E90563067F81"="c:\Program Files\ScorpionSaver Services\AdpeakProxy.dll"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D5E8CD27C9B1C435AAB81D8619DCEFE3]"6BA018E6E43F3A949AF3E90563067F81"="c:\Program Files\ScorpionSaver Services\AdpeakRegisterLSP64.exe"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F8088A98A171A45558462E18D211A2D2]"6BA018E6E43F3A949AF3E90563067F81"="c?\Windows\system32\AdpeakProxyOff.ini"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6BA018E6E43F3A949AF3E90563067F81\InstallProperties]"Publisher"="Adpeak, Inc."[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6BA018E6E43F3A949AF3E90563067F81\InstallProperties]"HelpLink"="http://www.adpeak.com/"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6E810AB6-F34E-49A3-A93F-9E503660F718}]"Publisher"="Adpeak, Inc."[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6E810AB6-F34E-49A3-A93F-9E503660F718}]"HelpLink"="http://www.adpeak.com/"[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{9DC8FA51-B596-4f77-802C-5B295919C205}]"LocalService"="AdpeakProxy"[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\AppId_Catalog\049970F0]"AppFullPath"="C:\Program Files\ScorpionSaver Services\AdpeakProxy.exe"[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\WinSock2\Parameters\AppId_Catalog\049970F0]"AppFullPath"="C:\Program Files\ScorpionSaver Services\AdpeakProxy.exe"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog\049970F0]"AppFullPath"="C:\Program Files\ScorpionSaver Services\AdpeakProxy.exe"-= EOF =- Link to post Share on other sites More sharing options...
kevinf80 Posted December 8, 2013 ID:762172 Share Posted December 8, 2013 Download OTM from either of the following links and save to your Desktop: (If your security alerts to OTM, either accept the alert or turn off security to allow OTM to run)http://oldtimer.geekstogo.com/OTM.exe.http://www.itxassociates.com/OT-Tools/OTM.comhttp://www.itxassociates.com/OT-Tools/OTM.exe Double click OTM.exe to start the tool. Vista or Windows 7 users accepy UAC alert. Be aware all processes will be stopped during run, also Desktop will disappear, this will be put back on completion.... If your security alerts to OTM either, accept the alert or turn off security until OTM completes...Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy). Ensure to start with and include the colon before Reg :Reg:Reg[-HKEY_LOCAL_MACHINE\SOFTWARE\Adpeak, Inc.\ScorpionSaver Services][-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\6BA018E6E43F3A949AF3E90563067F81][-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SOFTWARE\Wow6432Node\CLSID\F5D333A8-C748-4686-AE0A-9E008F670C22][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\070C83CAC0BBFE455B6212FB4397793C][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\32DA746012E6D4F488AAD113D6FA4A44][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\382E585E62B6F595CB727CEBAB9E48A0][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3B786268CB4A7F156A3BDF6701444F22][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3FB1AAC4382437047A03618BF727B859][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4D2EB987C8C8A46578D4943D5A9A1467][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6FB4398202577895B83B74B08F79C3A2][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7617C782A0FD4D15288CD4E4ECF84C67][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7AB2AE85638F6255CA2F35481D3A8828][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9BBBCEE5468FF9C569B1F7A24F6ED3D8][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A1A8F5D2D938A495DBE3BC97E2BC5FA3][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D2E5AC6B3591558529A290643010F81B][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D5E8CD27C9B1C435AAB81D8619DCEFE3][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6BA018E6E43F3A949AF3E90563067F81][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6E810AB6-F34E-49A3-A93F-9E503660F718}][-HKEY_LOCAL_MACHINE\SOFTWARE\Scorpion Saver][-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\AppId_Catalog\049970F0][-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\WinSock2\Parameters\AppId_Catalog\049970F0][-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog\049970F0][-HKEY_LOCAL_MACHINE\SOFTWARE\Adpeak, Inc.][-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{9DC8FA51-B596-4f77-802C-5B295919C205}][-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{9DC8FA51-B596-4f77-802C-5B295919C205}][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\070C83CAC0BBFE455B6212FB4397793C][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\382E585E62B6F595CB727CEBAB9E48A0][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3B786268CB4A7F156A3BDF6701444F22][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6FB4398202577895B83B74B08F79C3A2][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A3380AB2BD8DB6D5E9CCD5BEE8B77161][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D2E5AC6B3591558529A290643010F81B][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D5E8CD27C9B1C435AAB81D8619DCEFE3][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F8088A98A171A45558462E18D211A2D2][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6BA018E6E43F3A949AF3E90563067F81][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6E810AB6-F34E-49A3-A93F-9E503660F718}][-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{9DC8FA51-B596-4f77-802C-5B295919C205}][-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\AppId_Catalog\049970F0][-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\WinSock2\Parameters\AppId_Catalog\049970F0][-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog\049970F0]:FilesC:\Windows\System32\AdpeakProxy64.dllC:\Program Files(x86)\ScorpionSaverC:\Program Files\ScorpionSaver Services:Commands[EmptyTemp] Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste. Click the red button. Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply. Close OTMNote: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.If the machine reboots, the Results log can be found here:c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.logWhere mmddyyyy_hhmmss is the date of the tool run. Let me see that log, Next, Run Malwarebytes, Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.Please Update and run a Full scanMake sure that everything is checked, and click Remove Selected on any found items. Post the produced log, also let me know if there are any remaining issues or concerns... Kevin Link to post Share on other sites More sharing options...
ashotinthedark Posted December 9, 2013 Author ID:762332 Share Posted December 9, 2013 Kevin: Ran OTMIt forced me to rebootA notebook doc opened and I think this is what you want below?Where would I cut and paste:c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.logas you request? Is this what you need?All processes killed========== REGISTRY ==========Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Adpeak, Inc.\ScorpionSaver Services\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\6BA018E6E43F3A949AF3E90563067F81\ deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SOFTWARE\Wow6432Node\CLSID\F5D333A8-C748-4686-AE0A-9E008F670C22\ deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\070C83CAC0BBFE455B6212FB4397793C\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\32DA746012E6D4F488AAD113D6FA4A44\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\382E585E62B6F595CB727CEBAB9E48A0\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3B786268CB4A7F156A3BDF6701444F22\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3FB1AAC4382437047A03618BF727B859\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4D2EB987C8C8A46578D4943D5A9A1467\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6FB4398202577895B83B74B08F79C3A2\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7617C782A0FD4D15288CD4E4ECF84C67\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7AB2AE85638F6255CA2F35481D3A8828\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9BBBCEE5468FF9C569B1F7A24F6ED3D8\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A1A8F5D2D938A495DBE3BC97E2BC5FA3\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D2E5AC6B3591558529A290643010F81B\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D5E8CD27C9B1C435AAB81D8619DCEFE3\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6BA018E6E43F3A949AF3E90563067F81\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6E810AB6-F34E-49A3-A93F-9E503660F718}\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6E810AB6-F34E-49A3-A93F-9E503660F718}\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Scorpion Saver\ not found.Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\AppId_Catalog\049970F0\ deleted successfully.Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\WinSock2\Parameters\AppId_Catalog\049970F0\ deleted successfully.Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog\049970F0\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Adpeak, Inc.\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{9DC8FA51-B596-4f77-802C-5B295919C205}\ deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9DC8FA51-B596-4f77-802C-5B295919C205}\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{9DC8FA51-B596-4f77-802C-5B295919C205}\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9DC8FA51-B596-4f77-802C-5B295919C205}\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\070C83CAC0BBFE455B6212FB4397793C\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\382E585E62B6F595CB727CEBAB9E48A0\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3B786268CB4A7F156A3BDF6701444F22\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6FB4398202577895B83B74B08F79C3A2\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A3380AB2BD8DB6D5E9CCD5BEE8B77161\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D2E5AC6B3591558529A290643010F81B\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D5E8CD27C9B1C435AAB81D8619DCEFE3\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F8088A98A171A45558462E18D211A2D2\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6BA018E6E43F3A949AF3E90563067F81\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6E810AB6-F34E-49A3-A93F-9E503660F718}\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6E810AB6-F34E-49A3-A93F-9E503660F718}\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{9DC8FA51-B596-4f77-802C-5B295919C205}\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9DC8FA51-B596-4f77-802C-5B295919C205}\ not found.Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\AppId_Catalog\049970F0\ not found.Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\WinSock2\Parameters\AppId_Catalog\049970F0\ not found.Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog\049970F0\ not found.========== FILES ==========File/Folder C:\Windows\System32\AdpeakProxy64.dll not found.File/Folder C:\Program Files(x86)\ScorpionSaver not found.File/Folder C:\Program Files\ScorpionSaver Services not found.========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes->Flash cache emptied: 57472 bytes User: Default User->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes->Flash cache emptied: 0 bytes User: newlife->Temp folder emptied: 10419071 bytes->Temporary Internet Files folder emptied: 845681047 bytes->Java cache emptied: 1831973 bytes->FireFox cache emptied: 369935019 bytes->Flash cache emptied: 58242 bytes User: Public User: UpdatusUser->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes%systemroot% .tmp files removed: 0 bytes%systemroot%\System32 .tmp files removed: 0 bytes%systemroot%\System32 (64bit) .tmp files removed: 0 bytes%systemroot%\System32\drivers .tmp files removed: 0 bytesWindows Temp folder emptied: 2801477 bytes%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33298 bytes%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 115572 bytesRecycleBin emptied: 45514461983 bytes Total Files Cleaned = 44,580.00 mb OTM by OldTimer - Version 3.1.21.0 log created on 12092013_071320Files moved on Reboot...C:\Users\newlife\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.C:\Users\newlife\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.Registry entries deleted on Reboot... Link to post Share on other sites More sharing options...
ashotinthedark Posted December 9, 2013 Author ID:762347 Share Posted December 9, 2013 Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.orgDatabase version: v2013.12.09.05Windows 7 Service Pack 1 x64 NTFSInternet Explorer 11.0.9600.16428newlife :: ENERGIA [administrator]12/9/2013 7:32:02 AMmbam-log-2013-12-09 (07-32-02).txtScan type: Full scan (C:\|)Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 391260Time elapsed: 39 minute(s), 22 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)(end) Link to post Share on other sites More sharing options...
kevinf80 Posted December 9, 2013 ID:762356 Share Posted December 9, 2013 What is the status of your system now, any remaining issues or concerns... Link to post Share on other sites More sharing options...
ashotinthedark Posted December 9, 2013 Author ID:762358 Share Posted December 9, 2013 I am checkingWill let you know ASAP Link to post Share on other sites More sharing options...
ashotinthedark Posted December 9, 2013 Author ID:762450 Share Posted December 9, 2013 Kevin, All seems well. You are a very gracious man. Thank you Link to post Share on other sites More sharing options...
kevinf80 Posted December 9, 2013 ID:762454 Share Posted December 9, 2013 We need to run an online AV scan to ensure there are no remnants of any infection left on your system, this scan can take several hours to complete, it is very thorough and well worth running, please be patient and let it complete: Run Eset Online Scanner **Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET. Turn off the real time scanner of any existing antivirus program while performing the online scan click on the Run ESET Online Scanner button Tick the box next to YES, I accept the Terms of Use.Click Start When asked, allow the add/on to be installedClick Start Make sure that the option Remove found threats is unticked Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.Click Scan wait for the virus definitions to be downloaded Wait for the scan to finish When the scan is complete If no threats were found put a checkmark in "Uninstall application on close" close program report to me that nothing was found If threats were found click on "list of threats found" click on "export to text file" and save it as ESET SCAN and save to the desktop Click on back put a checkmark in "Uninstall application on close" click on finish close program copy and paste the report in next reply Next, Download Security Check by screen317 from either of the following: http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exeSave it to your Desktop. (If your security alerts either accept the alert, or turn the security off while Secuirity Check runs)Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.A Notepad document should open automatically called checkup.txt; please post the contents of that document. Let me see those logs... Kevin Link to post Share on other sites More sharing options...
ashotinthedark Posted December 10, 2013 Author ID:762903 Share Posted December 10, 2013 C:\AdwCleaner\Quarantine\C\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher32.exe.vir a variant of Win32/AdWare.Adpeak.B applicationC:\AdwCleaner\Quarantine\C\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe.vir a variant of Win64/Adware.Adpeak.B applicationC:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A applicationC:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application Link to post Share on other sites More sharing options...
ashotinthedark Posted December 10, 2013 Author ID:762904 Share Posted December 10, 2013 Results of screen317's Security Check version 0.99.77 Windows XP x64 (UAC is disabled!) Out of date service pack!! Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` WMI entry may not exist for antivirus; attempting automatic update.`````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 TuneUp Utilities 2007 Java 7 Update 45 Adobe Flash Player 11.9.900.152 Adobe Reader XI Mozilla Firefox (25.0.1) Mozilla Thunderbird (17.0.5) Google Chrome 31.0.1650.57 ````````Process Check: objlist.exe by Laurent```````` `````````````````System Health check````````````````` Total Fragmentation on Drive C: %````````````````````End of Log`````````````````````` Link to post Share on other sites More sharing options...
kevinf80 Posted December 10, 2013 ID:763001 Share Posted December 10, 2013 Eset log is ok, no issues, Security Check log indicating the OS to be Windows XP 64 bit, also does not show an active Anti Virus program, earlier scans indIcate Windows 7, what happened here? Link to post Share on other sites More sharing options...
ashotinthedark Posted December 12, 2013 Author ID:763699 Share Posted December 12, 2013 Sorry for the delay in answering. I did remove the security antivirus program AVG, free version, that I initially had installed to allow the programs that you recommended to scan to operate appropriately. Some of them would not run with AVG in the way. Once I was done doing everything you said above, each time, with each step, I would put AVG back in, after having removed, which happened several times. As far as going from Windows 7 to Windows XP 64, I have no idea. I did not change anything. How can this be addressed and fixed?Also, I noticed now when I reboot my computer, I have to unplug my external multi-plug USB port plug-in which I have several external hard drives plugged into, and a printer, etc., or the computer will not reboot. Do you know why this is happening? This is now happening only after I did what you said above. Link to post Share on other sites More sharing options...
ashotinthedark Posted December 12, 2013 Author ID:763701 Share Posted December 12, 2013 My system, it says I am running Windows 7 Professional. I am not technically proficient in computers, as I stated, but I do know how to click on system and see what it says, which I did, so I have no idea why you are seeing what you are saying. Did the malware or viruses cause some kind of damage? Do you have any idea what's going on here? The system seems to be working okay, but, I would say it is still a bit lethargic. Link to post Share on other sites More sharing options...
kevinf80 Posted December 12, 2013 ID:763809 Share Posted December 12, 2013 I`m not too concerned about the version of OS, that only show with Secuirty Check, could have been a glinche with the program. Regarding the problem with the USB port at boot, that could be the boot order, if USB device is before your Hard drive windows will look at that first, if it sees another HD it will try to boot from that, as no OS on those it will create an error and not boot. Check to the boot order in BIOS if USB proceeds the HD change order.... Regarding lethargy, see if this temp file cleaner makes any difference.... Download TFC to your desktop, from either of the following linkshttp://oldtimer.geekstogo.com/TFC.exehttp://itxassociates.com/OT-Tools/TFC.exe Save any open work. TFC will close all open application windows. Double-click TFC.exe to run the program. Vista or Windows 7 users accept the UAC alert. If prompted, click "Yes" to reboot.TFC will automatically close any open programs, including your Desktop. Let it run uninterrupted. It shouldn't take longer than a couple of minutes, and may only take a few seconds. TFC may re-boot your system, if not Re-boot it yourself to complete cleaning process <---- Very Important Keep TFC it is an excellent, run weekly utility to keep your system optimized, it empties all user temp folders, Java cache etc etc. Always remember to re-boot after a run, even if not prompted Link to post Share on other sites More sharing options...
ashotinthedark Posted December 12, 2013 Author ID:763844 Share Posted December 12, 2013 "Check to the boot order in BIOS if USB proceeds the HD change order...." May I ask please: How do I do this? Link to post Share on other sites More sharing options...
kevinf80 Posted December 12, 2013 ID:763861 Share Posted December 12, 2013 Look here: http://www.howtogeek.com/129815/ Link to post Share on other sites More sharing options...
ashotinthedark Posted December 13, 2013 Author ID:764005 Share Posted December 13, 2013 Look here: http://www.howtogeek.com/129815/ Did as you said. Used the site above read it and understand and did find that the computer was booting the external hard drives first, then the main hard drives. Successfully changed the order so that now it boots up the internal hard drive first. But the external hard drives to boot last. I believe it is now booting first primary hard drive, then secondary, then CD drive, then external hard drive. Something like that.However, when the three external hard drives are plugged into the multi-plug USB which is plugged into the computer, when the computer is rebooted it stays stuck on the start screen and goes no further.This problem was not occurring before we engaged in removing the malware.Next step? Link to post Share on other sites More sharing options...
ashotinthedark Posted December 13, 2013 Author ID:764006 Share Posted December 13, 2013 Also did the clean up temporary files as you said. System still seems lethargic. Windows Outlook for email opens very slowly. Mozilla Firefox opens very slowly. Any ideas? Link to post Share on other sites More sharing options...
kevinf80 Posted December 13, 2013 ID:764055 Share Posted December 13, 2013 Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from the following link :- http://download.bleepingcomputer.com/sUBs/ComboFix.exe Ensure that Combofix is saved directly to the Desktop <--- Very important Disable all security programs as they will have a negative effect on Combofix, instructions available here http://www.bleepingcomputer.com/forums/topic114351.html if required. Be aware the list may not have all programs listed, if you need more help please ask. Close any open browsers and any other programs you might have running Double click the icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator) Instructions for running Combofix available here http://www.bleepingcomputer.com/combofix/how-to-use-combofix if required. If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes. When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review ****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze **** Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read here http://thespykiller.co.uk/index.php?page=20 why disabling autoruns is recommended. *EXTRA NOTES* If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so. If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted) Post the log in next reply please... Kevin Link to post Share on other sites More sharing options...
Recommended Posts