soar3

Members

View Profile See their activity

Posts
12
Joined
November 29, 2013
Last visited
December 3, 2013

Reputation

0 Neutral

Scorpion Saver keeps returning!

soar3 replied to soar3's topic in Resolved Malware Removal Logs

You da MAN!!!!! That did the trick! ScorpionSaver Services is FINALLY gone! That was the toughest one I've ever seen hit any of my computers. Thank you very much!!!
- December 1, 2013
- 24 replies
Scorpion Saver keeps returning!

soar3 replied to soar3's topic in Resolved Malware Removal Logs

SystemLook 30.07.11 by jpshortstuff Log created at 23:00 on 30/11/2013 by EG3 Administrator - Elevation successful ========== regfind ========== Searching for "Scorpion" [HKEY_LOCAL_MACHINE\SOFTWARE\Adpeak, Inc.\ScorpionSaver Services] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\6BA018E6E43F3A949AF3E90563067F81] "ProductName"="ScorpionSaver Services" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SOFTWARE\Wow6432Node\CLSID\4012] @="ScorpionSaver" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SOFTWARE\Wow6432Node\CLSID\4012\InProcServer32] @="C:\Program Files(x86)\ScorpionSaver\IECore.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3E28F712-0D6C-4EE3-AC8C-8F060F5D7C33}\LocalServer32] @=""C:\Program Files\ScorpionSaver Services\AdpeakProxy.exe"" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}\LocalServer32] @=""C:\Program Files\ScorpionSaver Services\AdpeakProxy.exe"" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6CE321DA-DC11-45C6-A0FC-4E8A7D978ABC}\LocalServer32] @=""C:\Program Files\ScorpionSaver Services\AdpeakProxy.exe"" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6EEBC7FF-67DA-4B90-9251-C2C5696E4B48}\LocalServer32] @=""C:\Program Files\ScorpionSaver Services\AdpeakProxy.exe"" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{74137531-80F7-406F-9543-7D11385FA8C8}\LocalServer32] @=""C:\Program Files\ScorpionSaver Services\AdpeakProxy.exe"" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{832599B2-55BF-4437-8F3E-030CF5AEB262}\LocalServer32] @=""C:\Program Files\ScorpionSaver Services\AdpeakProxy.exe"" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9B7B034B-944A-4261-B487-862F642F7615}\LocalServer32] @=""C:\Program Files\ScorpionSaver Services\AdpeakProxy.exe"" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AE91F9CE-0900-4E2A-B673-F3F6E4FC54D9}\LocalServer32] @=""C:\Program Files\ScorpionSaver Services\AdpeakProxy.exe"" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}\LocalServer32] @=""C:\Program Files\ScorpionSaver Services\AdpeakProxy.exe"" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DD67706E-819E-4EBD-BF8D-6D6147CC7A49}\LocalServer32] @=""C:\Program Files\ScorpionSaver Services\AdpeakProxy.exe"" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F62A4AF9-58B4-4FEC-89CC-D717A547D8E8}\LocalServer32] @=""C:\Program Files\ScorpionSaver Services\AdpeakProxy.exe"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "c:\Program Files\ScorpionSaver Services\"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\070C83CAC0BBFE455B6212FB4397793C] "6BA018E6E43F3A949AF3E90563067F81"="c:\Program Files\ScorpionSaver Services\AdpeakRegisterLSP.ini" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\32DA746012E6D4F488AAD113D6FA4A44] "6BA018E6E43F3A949AF3E90563067F81"="c:\Program Files\ScorpionSaver Services\" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\382E585E62B6F595CB727CEBAB9E48A0] "6BA018E6E43F3A949AF3E90563067F81"="c:\Program Files\ScorpionSaver Services\AdpeakRegisterLSP.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3B786268CB4A7F156A3BDF6701444F22] "6BA018E6E43F3A949AF3E90563067F81"="c:\Program Files\ScorpionSaver Services\AdpeakProxy64.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3FB1AAC4382437047A03618BF727B859] "6BA018E6E43F3A949AF3E90563067F81"="c:\Program Files\ScorpionSaver Services\Microsoft.Deployment.WindowsInstaller.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4D2EB987C8C8A46578D4943D5A9A1467] "6BA018E6E43F3A949AF3E90563067F81"="c:\Program Files\ScorpionSaver Services\Installbat.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6FB4398202577895B83B74B08F79C3A2] "6BA018E6E43F3A949AF3E90563067F81"="c:\Program Files\ScorpionSaver Services\AdpeakProxy.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7617C782A0FD4D15288CD4E4ECF84C67] "6BA018E6E43F3A949AF3E90563067F81"="c:\Program Files\ScorpionSaver Services\InstallDLL.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7AB2AE85638F6255CA2F35481D3A8828] "6BA018E6E43F3A949AF3E90563067F81"="c:\Program Files\ScorpionSaver Services\PCProxyDLL.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9BBBCEE5468FF9C569B1F7A24F6ED3D8] "6BA018E6E43F3A949AF3E90563067F81"="c:\Program Files\ScorpionSaver Services\InstallDLL64.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A1A8F5D2D938A495DBE3BC97E2BC5FA3] "6BA018E6E43F3A949AF3E90563067F81"="c:\Program Files\ScorpionSaver Services\Installbat64.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D2E5AC6B3591558529A290643010F81B] "6BA018E6E43F3A949AF3E90563067F81"="c:\Program Files\ScorpionSaver Services\AdpeakProxy.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D5E8CD27C9B1C435AAB81D8619DCEFE3] "6BA018E6E43F3A949AF3E90563067F81"="c:\Program Files\ScorpionSaver Services\AdpeakRegisterLSP64.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6BA018E6E43F3A949AF3E90563067F81\InstallProperties] "DisplayName"="ScorpionSaver Services" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6E810AB6-F34E-49A3-A93F-9E503660F718}] "DisplayName"="ScorpionSaver Services" [HKEY_LOCAL_MACHINE\SOFTWARE\Scorpion Saver] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{3E28F712-0D6C-4EE3-AC8C-8F060F5D7C33}\LocalServer32] @=""C:\Program Files\ScorpionSaver Services\AdpeakProxy.exe"" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}\LocalServer32] @=""C:\Program Files\ScorpionSaver Services\AdpeakProxy.exe"" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{6CE321DA-DC11-45C6-A0FC-4E8A7D978ABC}\LocalServer32] @=""C:\Program Files\ScorpionSaver Services\AdpeakProxy.exe"" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{6EEBC7FF-67DA-4B90-9251-C2C5696E4B48}\LocalServer32] @=""C:\Program Files\ScorpionSaver Services\AdpeakProxy.exe"" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{74137531-80F7-406F-9543-7D11385FA8C8}\LocalServer32] @=""C:\Program Files\ScorpionSaver Services\AdpeakProxy.exe"" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{832599B2-55BF-4437-8F3E-030CF5AEB262}\LocalServer32] @=""C:\Program Files\ScorpionSaver Services\AdpeakProxy.exe"" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{9B7B034B-944A-4261-B487-862F642F7615}\LocalServer32] @=""C:\Program Files\ScorpionSaver Services\AdpeakProxy.exe"" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{AE91F9CE-0900-4E2A-B673-F3F6E4FC54D9}\LocalServer32] @=""C:\Program Files\ScorpionSaver Services\AdpeakProxy.exe"" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}\LocalServer32] @=""C:\Program Files\ScorpionSaver Services\AdpeakProxy.exe"" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{DD67706E-819E-4EBD-BF8D-6D6147CC7A49}\LocalServer32] @=""C:\Program Files\ScorpionSaver Services\AdpeakProxy.exe"" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{F62A4AF9-58B4-4FEC-89CC-D717A547D8E8}\LocalServer32] @=""C:\Program Files\ScorpionSaver Services\AdpeakProxy.exe"" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\AppId_Catalog\049970F0] "AppFullPath"="C:\Program Files\ScorpionSaver Services\AdpeakProxy.exe" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\WinSock2\Parameters\AppId_Catalog\049970F0] "AppFullPath"="C:\Program Files\ScorpionSaver Services\AdpeakProxy.exe" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog\049970F0] "AppFullPath"="C:\Program Files\ScorpionSaver Services\AdpeakProxy.exe" [HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Scorpion Saver] [HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Scorpion Saver] -= EOF =-
- December 1, 2013
- 24 replies
Scorpion Saver keeps returning!

soar3 replied to soar3's topic in Resolved Malware Removal Logs

HappyAddon is now gone. Thank you. ScorpionSaver Services is still there.
- November 30, 2013
- 24 replies
Scorpion Saver keeps returning!

soar3 replied to soar3's topic in Resolved Malware Removal Logs

SystemLook 30.07.11 by jpshortstuff Log created at 09:59 on 30/11/2013 by EG3 Administrator - Elevation successful ========== regfind ========== Searching for "ScorpionSaver Services " No data found. Searching for "HappyAddon" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\HappyAddon_is1] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\HappyAddon_is1] "DisplayName"="HappyAddon version 8.58" -= EOF =-
- November 30, 2013
- 24 replies
Scorpion Saver keeps returning!

soar3 replied to soar3's topic in Resolved Malware Removal Logs

I did the scan and there weren't any issues that were found.
- November 30, 2013
- 24 replies
Scorpion Saver keeps returning!

soar3 replied to soar3's topic in Resolved Malware Removal Logs

AWESOME! Adblock works, nice!! I deleted FF Extension: WordOv - C:\Program Files (x86)\Mozilla Firefox\extensions\ynpyqfjjnuhyzc@hjtvvpagbmyud.com and yes I would like to remove the two entries from the add/remove programs if it's possible.
- November 30, 2013
- 24 replies
Scorpion Saver keeps returning!

soar3 replied to soar3's topic in Resolved Malware Removal Logs

Oh, really? I thought if it showed in the add/remove program listing then it was an indication of an installed program. I use Firefox for my browser. I just came from a friends' house and visited many of the same web pages that I normally visit and I saw the same adds showing on her computer, also. I didn't see Scorpionsaver anywhere on her computer, though. Maybe I'm being a little paranoid about all of the adds now. Thank you.
- November 30, 2013
- 24 replies
Scorpion Saver keeps returning!

soar3 replied to soar3's topic in Resolved Malware Removal Logs

I just ran Adwcleaner and Malwarebytes again and they both came back clean. I then opened a web page and I still see the added adds. I then opened up the Programs and Features menu in Control Panel and Scorpionsaver Services is there at the top AGAIN showing that it was installed on 11/29. There is also a foreign program that was and still is there named HappyAddon Version 8.58. Every time I try to uninstall it, it gives me a "runtime error(at 28.76) Could not call proc".
- November 29, 2013
- 24 replies
Scorpion Saver keeps returning!

soar3 replied to soar3's topic in Resolved Malware Removal Logs

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-11-2013 Ran by EG3 at 2013-11-29 18:25:14 Run:1 Running from C:\Users\EG3\Desktop\New folder Boot Mode: Normal ============================================== Content of fixlist: ***************** C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe R2 Level Quality Watcher; C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe [512504 2013-11-25] () C:\Windows\system32\AdpeakProxy64.dll C:\Windows\SysWOW64\AdpeakProxy.dll C:\Program Files\Level Quality Watcher C:\Windows\SysWOW64\AdpeakProxy.ini C:\Windows\system32\AdpeakProxy.ini C:\Windows\SysWOW64\AdpeakProxyOff.ini C:\Windows\system32\AdpeakProxyOff.ini ***************** C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe => Moved successfully. Level Quality Watcher => Service deleted successfully. C:\Windows\system32\AdpeakProxy64.dll => Moved successfully. C:\Windows\SysWOW64\AdpeakProxy.dll => Moved successfully. C:\Program Files\Level Quality Watcher => Moved successfully. C:\Windows\SysWOW64\AdpeakProxy.ini => Moved successfully. C:\Windows\system32\AdpeakProxy.ini => Moved successfully. C:\Windows\SysWOW64\AdpeakProxyOff.ini => Moved successfully. C:\Windows\system32\AdpeakProxyOff.ini => Moved successfully. The system needs a manual reboot. ==== End of Fixlog ====
- November 29, 2013
- 24 replies
Scorpion Saver keeps returning!

soar3 replied to soar3's topic in Resolved Malware Removal Logs

Here's the Farbar FRST.txt log Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-11-2013 Ran by EG3 (administrator) on ELECTRIFYING on 29-11-2013 16:00:27 Running from C:\Users\EG3\Desktop\New folder Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (GFI Software Ltd.) C:\Program Files (x86)\GFI\GFI BackUp Freeware\GFIFInst.exe (GFI Software Ltd.) C:\Program Files (x86)\GFI\GFI BackUp Freeware\GFIFSched.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (White Sky, Inc.) C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe () C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe (Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\ccsvchst.exe () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe (Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcCMService.exe (Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe (Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\ccsvchst.exe (Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe (PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (White Sky, Inc.) C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe (http://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe (Alcatel-Lucent) C:\Program Files\Comcast\pcTrayApp.exe (GFI Software Ltd.) C:\Program Files (x86)\GFI\GFI BackUp Freeware\GFIAgent.exe (Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcContextHookShim.exe (Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe () C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [hpsysdrv] - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard) HKLM\...\Run: [itype] - C:\Program Files\Microsoft IntelliType Pro\itype.exe [1873256 2011-08-10] (Microsoft Corporation) HKLM\...\Run: [intelliPoint] - C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation) HKLM\...\Run: [Comcast_McciTrayApp] - C:\Program Files\Comcast\pcTrayApp.exe [2792448 2012-12-10] (Alcatel-Lucent) HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2013-11-19] (Hewlett-Packard) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKCU\...\Run: [GFI BackUp Freeware] - C:\Program Files (x86)\GFI\GFI BackUp Freeware\GFIAgent.exe [2318704 2012-02-16] (GFI Software Ltd.) HKCU\...\Run: [GoogleChromeAutoLaunch_9906C968D54DA39BC8CC1C6F1769BC59] - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [863184 2013-11-14] (Google Inc.) MountPoints2: {b8f13493-1f56-11e2-a9d8-ffb70dafbe7e} - N:\LaunchU3.exe MountPoints2: {dc4f75fe-5ed7-11e1-82f8-386077b91d69} - L:\LaunchU3.exe -a HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe [49208 2011-05-10] (Hewlett-Packard) HKLM-x32\...\Run: [] - [x] HKLM-x32\...\Run: [PDF Complete] - C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-08-12] (PDF Complete Inc) HKLM-x32\...\Run: [HTC Sync Loader] - C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe [655360 2012-12-12] () HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated) HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) AppInit_DLLs: C:\Program Files (x86)\KeyCryptSDK\KeyCrypt64(3).dll [88376 2013-07-24] (Zemana Ltd.) AppInit_DLLs-x32: C:\PROGRA~2\KEYCRY~1\KEYCRY~3.DLL [81160 2013-07-24] (Zemana Ltd.) ==================== Internet (Whitelisted) ==================== StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Symantec VIP Access Add-On - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation) BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard) BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\coieplg.dll (Symantec Corporation) BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation) BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Constant Guard Protection Suite - {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.13.1030.3\NativeBHO.dll (WhiteSky) BHO-x32: Symantec VIP Access Add-On - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation) BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\coieplg.dll (Symantec Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\EG3\AppData\Roaming\Mozilla\Firefox\Profiles\hiw9kyyl.default FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll () FF Plugin: @java.com/DTPlugin,version=10.11.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.11.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @Motive.com/NpMotive,version=1.0 - C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent) FF Plugin-x32: @Motive.com/npMotiveRequest,version=1.0 - C:\Program Files (x86)\Common Files\Motive\npMotiveRequest.dll (Alcatel-Lucent) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\EG3\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF SearchPlugin: C:\Users\EG3\AppData\Roaming\Mozilla\Firefox\Profiles\hiw9kyyl.default\searchplugins\safeguard-secure-search.xml FF Extension: XFINITY Constant Guard Protection Suite - C:\Users\EG3\AppData\Roaming\Mozilla\Firefox\Profiles\hiw9kyyl.default\Extensions\idvaultaddin@whitesky FF Extension: WordOv - C:\Program Files (x86)\Mozilla Firefox\extensions\ynpyqfjjnuhyzc@hjtvvpagbmyud.com FF Extension: mcciwbch - C:\Program Files (x86)\Mozilla Firefox\extensions\mcciwbch@motive.com.xpi FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn\ FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn\ FF HKLM-x32\...\Firefox\Extensions: [VIP1X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client\ FF Extension: Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client\ FF HKLM-x32\...\Firefox\Extensions: [VIP2X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client\ FF Extension: Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client\ FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFF FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFF Chrome: ======= CHR DefaultSearchURL: (Conduit) - http://www.google.com CHR DefaultSuggestURL: (Conduit) - http://www.google.com CHR Extension: (Motive Extension) - C:\Users\EG3\AppData\Local\Google\Chrome\User Data\Default\Extensions\edmgmpmklgfbohogafcfobonnkogchec\1.0_0 CHR Extension: (Norton Identity Protection) - C:\Users\EG3\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.3.4_0 CHR Extension: (Google Wallet) - C:\Users\EG3\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0 CHR HKLM-x32\...\Chrome\Extension: [edmgmpmklgfbohogafcfobonnkogchec] - C:\Program Files (x86)\Common Files\Motive\extensions\MotiveRequest.crx CHR HKLM-x32\...\Chrome\Extension: [lipgolpfajiadodbcbljdpmbmbdmfcil] - C:\Users\EG3\AppData\Local\CRE\lipgolpfajiadodbcbljdpmbmbdmfcil.crx CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\Exts\Chrome.crx ==================== Services (Whitelisted) ================= R2 GFIBckFAtt; C:\Program Files (x86)\GFI\GFI BackUp Freeware\GFIFInst.exe [1011056 2012-02-16] (GFI Software Ltd.) R2 GFIBckFSched; C:\Program Files (x86)\GFI\GFI BackUp Freeware\GFIFSched.exe [2664816 2012-02-16] (GFI Software Ltd.) R2 Level Quality Watcher; C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe [512504 2013-11-25] () R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-20] (Symantec Corporation) R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () R2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [460288 2012-12-10] (Alcatel-Lucent) R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-08-12] (PDF Complete Inc) R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [81552 2012-12-02] (Symantec Corporation) ==================== Drivers (Whitelisted) ==================== R1 AntiLog32; C:\Windows\system32\drivers\AntiLog64.sys [49240 2013-11-15] (Zemana Ltd.) R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20131114.001\BHDrvx64.sys [1524824 2013-10-22] (Symantec Corporation) R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1404000.028\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-22] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-22] (Symantec Corporation) R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20131128.001\IDSvia64.sys [521816 2013-10-28] (Symantec Corporation) R3 keycrypt; C:\Windows\System32\DRIVERS\KeyCrypt64.sys [25056 2013-07-24] (Zemana Ltd.) S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2012-12-10] (Printing Communications Assoc., Inc. (PCAUSA)) S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.sys [43008 2012-12-10] (Printing Communications Assoc., Inc. (PCAUSA)) S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2012-12-10] (Printing Communications Assoc., Inc. (PCAUSA)) S3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.sys [40960 2012-12-10] (Printing Communications Assoc., Inc. (PCAUSA)) R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20131126.016\ENG64.SYS [126040 2013-11-02] (Symantec Corporation) R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20131126.016\EX64.SYS [2099288 2013-11-02] (Symantec Corporation) S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2011-12-19] () R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1404000.028\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1404000.028\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation) R0 SymDS; C:\Windows\System32\drivers\N360x64\1404000.028\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\N360x64\1404000.028\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-07-16] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\N360x64\1404000.028\Ironx64.SYS [224416 2012-07-27] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1404000.028\SYMNETS.SYS [433752 2013-04-24] (Symantec Corporation) S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x] S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x] S1 SABKUTIL; \??\C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys [x] S3 SABProcEnum; \??\C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SABProcEnum.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-11-29 16:00 - 2013-11-29 16:00 - 00000000 ____D C:\FRST 2013-11-29 15:58 - 2013-11-29 16:00 - 00000000 ____D C:\Users\EG3\Desktop\New folder 2013-11-29 15:39 - 2013-11-29 15:39 - 01091882 _____ C:\Users\EG3\Desktop\AdwCleaner(1).exe 2013-11-29 12:57 - 2013-11-29 12:57 - 00023171 _____ C:\Users\EG3\Desktop\dds.txt 2013-11-29 12:57 - 2013-11-29 12:57 - 00014208 _____ C:\Users\EG3\Desktop\attach.txt 2013-11-29 12:53 - 2013-11-29 12:53 - 00688992 ____R (Swearware) C:\Users\EG3\Desktop\dds.scr 2013-11-29 11:37 - 2013-10-16 10:18 - 00439296 _____ (Adpeak, Inc.) C:\Windows\system32\AdpeakProxy64.dll 2013-11-29 11:37 - 2013-10-16 10:18 - 00338944 _____ (Adpeak, Inc.) C:\Windows\SysWOW64\AdpeakProxy.dll 2013-11-26 21:39 - 2013-11-26 21:39 - 00000000 ____D C:\Program Files\Level Quality Watcher 2013-11-25 22:46 - 2013-11-25 22:46 - 01034531 _____ (Thisisu) C:\Users\EG3\Downloads\JRT.exe 2013-11-25 22:46 - 2013-11-25 22:46 - 00000000 ____D C:\Windows\ERUNT 2013-11-25 22:23 - 2013-11-25 22:23 - 00001115 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2013-11-25 22:23 - 2013-11-25 22:23 - 00000000 ____D C:\Users\EG3\AppData\Roaming\Malwarebytes 2013-11-25 22:23 - 2013-11-25 22:23 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-11-25 22:23 - 2013-11-25 22:23 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-11-25 22:23 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2013-11-25 22:22 - 2013-11-25 22:22 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\EG3\Downloads\mbam-setup-1.75.0.1300.exe 2013-11-25 19:51 - 2013-11-29 15:57 - 00013204 _____ C:\Windows\PFRO.log 2013-11-25 19:43 - 2013-11-25 19:45 - 00000000 ____D C:\Program Files (x86)\SuperAdBlocker.com 2013-11-25 19:43 - 2013-11-25 19:43 - 00000000 ____D C:\Users\EG3\AppData\Roaming\SuperAdBlocker.com 2013-11-25 19:42 - 2013-11-25 19:42 - 00000000 ____D C:\Users\EG3\AppData\Local\NativeMessaging 2013-11-25 19:08 - 2013-11-29 15:57 - 00000448 _____ C:\Windows\setupact.log 2013-11-25 19:08 - 2013-11-25 19:08 - 00000000 _____ C:\Windows\setuperr.log 2013-11-15 17:23 - 2013-11-15 17:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-11-15 03:04 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE 2013-11-15 03:03 - 2013-11-15 03:03 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-11-15 03:03 - 2013-11-15 03:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-11-15 03:03 - 2013-11-15 03:03 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2013-11-15 03:03 - 2013-11-15 03:03 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2013-11-15 03:03 - 2013-11-15 03:03 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2013-11-15 03:03 - 2013-11-15 03:03 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat 2013-11-15 03:03 - 2013-11-15 03:03 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat 2013-11-15 03:03 - 2013-11-15 03:03 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2013-11-15 03:03 - 2013-11-15 03:03 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2013-11-15 03:03 - 2013-11-15 03:03 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-11-15 03:03 - 2013-11-15 03:03 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe 2013-11-15 03:03 - 2013-11-15 03:03 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe 2013-11-15 03:03 - 2013-11-15 03:03 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe 2013-11-15 03:03 - 2013-11-15 03:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe 2013-11-15 03:03 - 2013-11-15 03:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2013-11-15 03:03 - 2013-11-15 03:03 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2013-11-15 03:03 - 2013-11-15 03:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2013-11-15 03:03 - 2013-11-15 03:03 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe 2013-11-15 03:03 - 2013-11-15 03:03 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-11-15 03:03 - 2013-11-15 03:03 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx 2013-11-15 03:03 - 2013-11-15 03:03 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe 2013-11-15 03:03 - 2013-11-15 03:03 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-11-15 03:03 - 2013-11-15 03:03 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx 2013-11-15 03:03 - 2013-11-15 03:03 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2013-11-15 03:03 - 2013-11-15 03:03 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe 2013-11-15 03:03 - 2013-11-15 03:03 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2013-11-15 03:03 - 2013-11-15 03:03 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe 2013-11-15 03:03 - 2013-11-15 03:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2013-11-14 19:26 - 2013-10-11 21:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll 2013-11-14 19:26 - 2013-10-11 21:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL 2013-11-14 19:26 - 2013-10-11 21:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL 2013-11-14 19:26 - 2013-10-11 21:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll 2013-11-14 19:26 - 2013-10-11 21:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL 2013-11-14 19:26 - 2013-10-05 15:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2013-11-14 19:26 - 2013-10-05 14:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-11-14 19:26 - 2013-10-03 21:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll 2013-11-14 19:26 - 2013-10-03 21:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll 2013-11-14 19:26 - 2013-10-03 21:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2013-11-14 19:26 - 2013-10-03 20:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll 2013-11-14 19:26 - 2013-10-03 20:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2013-11-14 19:26 - 2013-10-03 20:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll 2013-11-14 19:26 - 2013-10-02 21:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2013-11-14 19:26 - 2013-10-02 21:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2013-11-14 19:26 - 2013-09-27 20:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2013-11-14 19:26 - 2013-09-24 21:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2013-11-14 19:26 - 2013-09-24 21:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2013-11-14 19:26 - 2013-09-24 21:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2013-11-14 19:26 - 2013-09-24 21:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2013-11-14 19:26 - 2013-09-24 21:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2013-11-14 19:26 - 2013-09-24 21:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2013-11-14 19:26 - 2013-09-24 21:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2013-11-14 19:26 - 2013-09-24 21:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2013-11-14 19:26 - 2013-09-24 20:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2013-11-14 19:26 - 2013-09-24 20:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2013-11-14 19:26 - 2013-09-24 20:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2013-11-14 19:26 - 2013-09-24 20:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2013-11-14 19:26 - 2013-09-24 20:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2013-11-14 19:26 - 2013-07-04 07:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2013-11-10 15:43 - 2013-11-29 15:45 - 00000000 ____D C:\AdwCleaner 2013-11-10 15:10 - 2013-11-10 15:10 - 00000006 _____ C:\Users\EG3\AppData\Roaming\smw_inst 2013-11-10 15:10 - 2013-11-10 15:10 - 00000000 ____D C:\Users\EG3\AppData\Local\Opera 2013-11-10 15:10 - 2013-11-10 15:10 - 00000000 ____D C:\Program Files (x86)\fnex 2013-11-10 15:01 - 2013-11-10 15:14 - 00000000 ____D C:\Users\EG3\AppData\Local\WordOv 2013-11-06 15:42 - 2013-11-06 15:42 - 00005360 _____ C:\Windows\SysWOW64\AdpeakProxy.ini 2013-11-06 15:42 - 2013-11-06 15:42 - 00005360 _____ C:\Windows\system32\AdpeakProxy.ini 2013-11-06 15:32 - 2013-11-06 15:32 - 00002312 _____ C:\Windows\SysWOW64\AdpeakProxyOff.ini 2013-11-06 15:32 - 2013-11-06 15:32 - 00002312 _____ C:\Windows\system32\AdpeakProxyOff.ini 2013-11-05 13:17 - 2013-11-05 13:17 - 04379048 _____ (Piriform Ltd) C:\Users\EG3\Downloads\ccsetup407.exe 2013-11-04 09:41 - 2013-09-04 07:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys 2013-11-04 09:41 - 2013-09-04 07:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys 2013-11-04 09:41 - 2013-09-04 07:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys 2013-11-04 09:41 - 2013-09-04 07:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys 2013-11-04 09:41 - 2013-09-04 07:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys 2013-11-04 09:41 - 2013-09-04 07:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys 2013-11-04 09:41 - 2013-09-04 07:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys 2013-11-04 06:19 - 2013-08-23 22:06 - 06631458 _____ C:\Users\EG3\Documents\Dead Trigger 2 ULTIMATE Hack Tool v.3.3.diz 2013-11-03 14:52 - 2013-11-03 14:52 - 00000000 ____D C:\Windows\SysWOW64\modules 2013-11-03 14:52 - 2013-11-03 14:52 - 00000000 ____D C:\Windows\SysWOW64\js 2013-11-03 14:52 - 2013-11-03 14:52 - 00000000 ____D C:\Windows\SysWOW64\images 2013-11-03 14:52 - 2013-11-03 14:52 - 00000000 ____D C:\Windows\SysWOW64\html 2013-11-03 14:52 - 2013-11-03 14:52 - 00000000 ____D C:\Windows\SysWOW64\css 2013-11-03 14:51 - 2013-11-27 06:16 - 00000000 ____D C:\ProgramData\RHelpers 2013-11-03 14:51 - 2013-11-25 22:29 - 00000000 ____D C:\ProgramData\Updater 2013-11-03 14:51 - 2013-11-05 05:50 - 00000000 ____D C:\ProgramData\Yahoo! ==================== One Month Modified Files and Folders ======= 2013-11-29 16:00 - 2013-11-29 16:00 - 00000000 ____D C:\FRST 2013-11-29 16:00 - 2013-11-29 15:58 - 00000000 ____D C:\Users\EG3\Desktop\New folder 2013-11-29 16:00 - 2012-02-23 19:23 - 01426748 _____ C:\Windows\WindowsUpdate.log 2013-11-29 15:58 - 2012-02-24 17:07 - 00000000 ____D C:\Users\EG3\AppData\Roaming\ID Vault 2013-11-29 15:57 - 2013-11-25 19:51 - 00013204 _____ C:\Windows\PFRO.log 2013-11-29 15:57 - 2013-11-25 19:08 - 00000448 _____ C:\Windows\setupact.log 2013-11-29 15:57 - 2013-05-26 07:16 - 00000888 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-11-29 15:57 - 2013-02-20 21:18 - 00000000 ____D C:\Users\EG3\AppData\Local\Htc 2013-11-29 15:57 - 2013-02-04 19:27 - 00000000 ____D C:\Users\EG3\AppData\Local\TSVNCache 2013-11-29 15:57 - 2011-12-19 17:05 - 00000000 ____D C:\ProgramData\PDFC 2013-11-29 15:57 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-11-29 15:54 - 2013-05-26 07:16 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-11-29 15:53 - 2012-02-23 19:31 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{1CC8CD34-B65B-460D-9BD9-C0F83AD81DB3} 2013-11-29 15:53 - 2009-07-13 23:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-11-29 15:53 - 2009-07-13 23:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-11-29 15:52 - 2009-07-14 00:13 - 00779724 _____ C:\Windows\system32\PerfStringBackup.INI 2013-11-29 15:45 - 2013-11-10 15:43 - 00000000 ____D C:\AdwCleaner 2013-11-29 15:39 - 2013-11-29 15:39 - 01091882 _____ C:\Users\EG3\Desktop\AdwCleaner(1).exe 2013-11-29 15:38 - 2012-04-12 04:44 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-11-29 14:41 - 2012-03-28 05:00 - 00000000 ____D C:\Users\EG3\AppData\Local\CrashDumps 2013-11-29 12:57 - 2013-11-29 12:57 - 00023171 _____ C:\Users\EG3\Desktop\dds.txt 2013-11-29 12:57 - 2013-11-29 12:57 - 00014208 _____ C:\Users\EG3\Desktop\attach.txt 2013-11-29 12:53 - 2013-11-29 12:53 - 00688992 ____R (Swearware) C:\Users\EG3\Desktop\dds.scr 2013-11-27 06:16 - 2013-11-03 14:51 - 00000000 ____D C:\ProgramData\RHelpers 2013-11-26 21:39 - 2013-11-26 21:39 - 00000000 ____D C:\Program Files\Level Quality Watcher 2013-11-25 22:46 - 2013-11-25 22:46 - 01034531 _____ (Thisisu) C:\Users\EG3\Downloads\JRT.exe 2013-11-25 22:46 - 2013-11-25 22:46 - 00000000 ____D C:\Windows\ERUNT 2013-11-25 22:29 - 2013-11-03 14:51 - 00000000 ____D C:\ProgramData\Updater 2013-11-25 22:23 - 2013-11-25 22:23 - 00001115 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2013-11-25 22:23 - 2013-11-25 22:23 - 00000000 ____D C:\Users\EG3\AppData\Roaming\Malwarebytes 2013-11-25 22:23 - 2013-11-25 22:23 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-11-25 22:23 - 2013-11-25 22:23 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-11-25 22:22 - 2013-11-25 22:22 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\EG3\Downloads\mbam-setup-1.75.0.1300.exe 2013-11-25 19:53 - 2012-02-23 19:31 - 00000000 ____D C:\Users\EG3\AppData\Local\VirtualStore 2013-11-25 19:51 - 2012-02-24 20:52 - 00000324 _____ C:\Windows\Tasks\HPCeeScheduleForEG3.job 2013-11-25 19:50 - 2012-02-23 19:31 - 00000000 ___RD C:\Users\EG3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2013-11-25 19:45 - 2013-11-25 19:43 - 00000000 ____D C:\Program Files (x86)\SuperAdBlocker.com 2013-11-25 19:43 - 2013-11-25 19:43 - 00000000 ____D C:\Users\EG3\AppData\Roaming\SuperAdBlocker.com 2013-11-25 19:42 - 2013-11-25 19:42 - 00000000 ____D C:\Users\EG3\AppData\Local\NativeMessaging 2013-11-25 19:41 - 2012-02-24 20:52 - 00003174 _____ C:\Windows\System32\Tasks\HPCeeScheduleForEG3 2013-11-25 19:41 - 2012-02-24 20:29 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log 2013-11-25 19:40 - 2012-05-12 07:19 - 00000000 _____ C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt 2013-11-25 19:38 - 2012-02-24 20:28 - 00000000 ____D C:\Users\EG3\AppData\Roaming\HP Support Assistant 2013-11-25 19:38 - 2012-02-24 20:25 - 00000000 ____D C:\Users\EG3\AppData\Roaming\HpUpdate 2013-11-25 19:08 - 2013-11-25 19:08 - 00000000 _____ C:\Windows\setuperr.log 2013-11-22 19:20 - 2011-02-11 12:00 - 00000000 ____D C:\Windows\Panther 2013-11-22 09:35 - 2013-05-26 07:16 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2013-11-18 17:25 - 2012-05-12 20:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-11-15 17:23 - 2013-11-15 17:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-11-15 03:26 - 2012-02-24 17:07 - 00000000 ____D C:\Users\EG3\AppData\Local\ID Vault 2013-11-15 03:25 - 2013-10-20 07:48 - 00001166 _____ C:\Windows\SysWOW64\InstallUtil.InstallLog 2013-11-15 03:25 - 2013-01-20 10:17 - 00049240 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\AntiLog64.sys 2013-11-15 03:25 - 2013-01-20 10:17 - 00000000 ____D C:\Windows\SysWOW64\ZALSDK_uninst 2013-11-15 03:25 - 2013-01-20 10:17 - 00000000 ____D C:\Program Files (x86)\KeyCryptSDK 2013-11-15 03:25 - 2012-02-24 17:06 - 00002191 _____ C:\Users\Public\Desktop\Constant Guard.lnk 2013-11-15 03:25 - 2012-02-24 17:06 - 00000000 ____D C:\Program Files (x86)\Constant Guard Protection Suite 2013-11-15 03:22 - 2012-02-23 19:31 - 00001313 _____ C:\Users\EG3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2013-11-15 03:20 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\PolicyDefinitions 2013-11-15 03:03 - 2013-11-15 03:03 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-11-15 03:03 - 2013-11-15 03:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-11-15 03:03 - 2013-11-15 03:03 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2013-11-15 03:03 - 2013-11-15 03:03 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2013-11-15 03:03 - 2013-11-15 03:03 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2013-11-15 03:03 - 2013-11-15 03:03 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat 2013-11-15 03:03 - 2013-11-15 03:03 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat 2013-11-15 03:03 - 2013-11-15 03:03 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2013-11-15 03:03 - 2013-11-15 03:03 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2013-11-15 03:03 - 2013-11-15 03:03 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-11-15 03:03 - 2013-11-15 03:03 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe 2013-11-15 03:03 - 2013-11-15 03:03 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe 2013-11-15 03:03 - 2013-11-15 03:03 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe 2013-11-15 03:03 - 2013-11-15 03:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe 2013-11-15 03:03 - 2013-11-15 03:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2013-11-15 03:03 - 2013-11-15 03:03 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2013-11-15 03:03 - 2013-11-15 03:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2013-11-15 03:03 - 2013-11-15 03:03 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe 2013-11-15 03:03 - 2013-11-15 03:03 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-11-15 03:03 - 2013-11-15 03:03 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx 2013-11-15 03:03 - 2013-11-15 03:03 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe 2013-11-15 03:03 - 2013-11-15 03:03 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-11-15 03:03 - 2013-11-15 03:03 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx 2013-11-15 03:03 - 2013-11-15 03:03 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll 2013-11-15 03:03 - 2013-11-15 03:03 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2013-11-15 03:03 - 2013-11-15 03:03 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe 2013-11-15 03:03 - 2013-11-15 03:03 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2013-11-15 03:03 - 2013-11-15 03:03 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe 2013-11-15 03:03 - 2013-11-15 03:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2013-11-15 03:02 - 2013-08-02 02:01 - 00000000 ____D C:\Windows\system32\MRT 2013-11-15 03:00 - 2012-02-26 07:47 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-11-10 19:16 - 2012-03-10 21:22 - 00000000 ___RD C:\Users\EG3\Dropbox 2013-11-10 19:16 - 2012-03-10 21:20 - 00000000 ____D C:\Users\EG3\AppData\Roaming\Dropbox 2013-11-10 15:47 - 2012-02-24 05:55 - 00001055 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2013-11-10 15:14 - 2013-11-10 15:01 - 00000000 ____D C:\Users\EG3\AppData\Local\WordOv 2013-11-10 15:10 - 2013-11-10 15:10 - 00000006 _____ C:\Users\EG3\AppData\Roaming\smw_inst 2013-11-10 15:10 - 2013-11-10 15:10 - 00000000 ____D C:\Users\EG3\AppData\Local\Opera 2013-11-10 15:10 - 2013-11-10 15:10 - 00000000 ____D C:\Program Files (x86)\fnex 2013-11-06 15:42 - 2013-11-06 15:42 - 00005360 _____ C:\Windows\SysWOW64\AdpeakProxy.ini 2013-11-06 15:42 - 2013-11-06 15:42 - 00005360 _____ C:\Windows\system32\AdpeakProxy.ini 2013-11-06 15:32 - 2013-11-06 15:32 - 00002312 _____ C:\Windows\SysWOW64\AdpeakProxyOff.ini 2013-11-06 15:32 - 2013-11-06 15:32 - 00002312 _____ C:\Windows\system32\AdpeakProxyOff.ini 2013-11-05 13:17 - 2013-11-05 13:17 - 04379048 _____ (Piriform Ltd) C:\Users\EG3\Downloads\ccsetup407.exe 2013-11-05 13:17 - 2012-12-05 22:28 - 00000000 ____D C:\Program Files\CCleaner 2013-11-05 05:50 - 2013-11-03 14:51 - 00000000 ____D C:\ProgramData\Yahoo! 2013-11-04 17:39 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Resources 2013-11-04 06:10 - 2012-03-02 17:24 - 00000000 ____D C:\Users\EG3\AppData\Roaming\SoftGrid Client 2013-11-03 14:52 - 2013-11-03 14:52 - 00000000 ____D C:\Windows\SysWOW64\modules 2013-11-03 14:52 - 2013-11-03 14:52 - 00000000 ____D C:\Windows\SysWOW64\js 2013-11-03 14:52 - 2013-11-03 14:52 - 00000000 ____D C:\Windows\SysWOW64\images 2013-11-03 14:52 - 2013-11-03 14:52 - 00000000 ____D C:\Windows\SysWOW64\html 2013-11-03 14:52 - 2013-11-03 14:52 - 00000000 ____D C:\Windows\SysWOW64\css Some content of TEMP: ==================== C:\Users\EG3\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-11-01 21:55 ==================== End Of Log ============================ Here's the Farbar Addition.txt log Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-11-2013 Ran by EG3 at 2013-11-29 16:01:16 Running from C:\Users\EG3\Desktop\New folder Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Norton Security Suite (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Norton Security Suite (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Norton Security Suite (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} ==================== Installed Programs ====================== Adobe AIR (x32 Version: 3.5.0.880) Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117) Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117) Adobe Reader XI (11.0.05) (x32 Version: 11.0.05) Adobe Shockwave Player 12.0 (x32 Version: 12.0.0.112) AntiLogger SDK version 1.6.6.296 (x32 Version: 1.6.6.296) Bejeweled 3 (x32 Version: 2.2.0.97) Bing Bar (x32 Version: 7.0.826.0) Blackhawk Striker 2 (x32 Version: 2.2.0.95) Blio (x32 Version: 2.2.8188) Bubble Wrap (x32 Version: 1.0.0.0) CCleaner (Version: 4.07) Chuzzle Deluxe (x32 Version: 2.2.0.95) Constant Guard Protection Suite (x32 Version: 1.13.1030.3) Cradle of Rome 2 (x32 Version: 2.2.0.98) D3DX10 (x32 Version: 15.4.2368.0902) DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904) Dora's World Adventure (x32 Version: 2.2.0.95) Dropbox (HKCU Version: 2.2.13) EasySolve (x32) Facebook (x32 Version: 1.1.0004) Farm Frenzy (x32 Version: 2.2.0.98) Farmscapes (x32 Version: 2.2.0.98) FATE (x32 Version: 2.2.0.97) Final Drive Fury (x32 Version: 2.2.0.95) GFI BackUp Freeware (x32 Version: 4.0) Google Chrome (x32 Version: 31.0.1650.57) Google Update Helper (x32 Version: 1.3.21.165) HappyAddon version 8.58 (x32 Version: 8.58) Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000) Hoyle Card Games (x32 Version: 2.2.0.95) HP Application Assistant (Version: 1.0.393.3870) HP Auto (Version: 1.0.12935.3667) HP Calendar (x32 Version: 5.1.4245.23508) HP Client Services (Version: 1.1.12938.3539) HP Clock (x32 Version: 5.1.4244.16367) HP Customer Experience Enhancements (x32 Version: 6.0.1.8) HP Games (x32 Version: 1.0.2.5) HP LinkUp (x32 Version: 2.01.029) HP Magic Canvas (x32 Version: 5.1.15.0) HP Magic Canvas Tutorials (x32 Version: 5.0.0.3) HP Notes (x32 Version: 5.1.4274.30382) HP Odometer (x32 Version: 2.10.0000) HP RSS (x32 Version: 5.1.4301.21494) HP Setup (x32 Version: 9.0.15130.3904) HP Setup Manager (x32 Version: 1.2.15145.3905) HP Support Assistant (x32 Version: 7.0.39.15) HP Support Information (x32 Version: 11.00.0001) HP TouchSmart RecipeBox (x32 Version: 3.0.3830.27730) HP Update (x32 Version: 5.003.001.001) HP Vision Hardware Diagnostics (Version: 2.12.1.0) HP Weather (x32 Version: 5.1.4295.16450) HTC BMP USB Driver (x32 Version: 1.0.5375) HTC Driver Installer (x32 Version: 4.0.1.001) HTC Sync (x32 Version: 3.3.21) Intel® Identity Protection Technology 1.1.2.0 (x32 Version: 1.1.2.0) Intel® Management Engine Components (x32 Version: 7.0.0.1144) Intel® Processor Graphics (x32 Version: 8.15.10.2291) Intel® Rapid Storage Technology (x32 Version: 10.5.0.1026) IPTInstaller (x32 Version: 4.0.8) iSEEK AnswerWorks English Runtime (x32 Version: 010.000.0101) Java 7 Update 11 (64-bit) (Version: 7.0.110) Java 7 Update 45 (x32 Version: 7.0.450) Java Auto Updater (x32 Version: 2.1.9.8) Jewel Match 3 (x32 Version: 2.2.0.98) Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98) John Deere Drive Green (x32 Version: 2.2.0.95) Junk Mail filter update (x32 Version: 15.4.3502.0922) LabelPrint (x32 Version: 2.5.4507) Letters from Nowhere 2 (x32 Version: 2.2.0.97) Luxor HD (x32 Version: 2.2.0.98) Mah Jong Medley (x32 Version: 2.2.0.95) Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300) Mesh Runtime (x32 Version: 15.4.5722.2) Metric Converter (x32 Version: 1.0.0.0) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Extended (Version: 4.0.30319) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft IntelliPoint 8.2 (Version: 8.20.468.0) Microsoft IntelliType Pro 8.2 (Version: 8.20.469.0) Microsoft Mathematics (x32 Version: 4.0) Microsoft Office 2010 (x32 Version: 14.0.4763.1000) Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000) Microsoft Office Click-to-Run 2010 (x32 Version: 14.0.4763.1000) Microsoft Office Starter 2010 - English (x32 Version: 14.0.5139.5005) Microsoft Silverlight (Version: 5.1.20913.0) Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319) Mozilla Firefox 25.0.1 (x86 en-US) (x32 Version: 25.0.1) Mozilla Maintenance Service (x32 Version: 25.0.1) MSVCRT (x32 Version: 15.4.2862.0708) MSVCRT_amd64 (x32 Version: 15.4.2862.0708) MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0) MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0) MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0) Norton Security Suite (x32 Version: 20.4.0.40) opensource (x32 Version: 1.0.14960.3876) PDF Complete Special Edition (x32 Version: 4.0.65) Penguins! (x32 Version: 2.2.0.98) Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98) PlayReady PC Runtime amd64 (Version: 1.3.0) PlayReady PC Runtime x86 (x32 Version: 1.3.0) Poker Superstars III (x32 Version: 2.2.0.95) Polar Bowler (x32 Version: 2.2.0.97) Polar Golfer (x32 Version: 2.2.0.98) Power2Go (x32 Version: 6.1.5705) Quicken 2011 (x32 Version: 20.1.8.6) Ralink 802.11n Wireless LAN Card (x32 Version: 4.0.3.0) Realtek High Definition Audio Driver (x32 Version: 6.0.1.6387) Recovery Manager (x32 Version: 5.5.0.4424) Remote Graphics Receiver (x32 Version: 5.4.5) RollerCoaster Tycoon 3: Platinum (x32 Version: 2.2.0.98) ScorpionSaver Services (Version: 1.0.0.0) <==== ATTENTION Spot (x32 Version: 1.0.0.0) swMSM (x32 Version: 12.0.0.1) Tap Tap Bear (x32 Version: 1.0.0.0) The Treasures of Mystery Island: The Ghost Ship (x32 Version: 2.2.0.98) Torchlight (x32 Version: 2.2.0.98) TortoiseSVN 1.7.11.23600 (64 bit) (Version: 1.7.23600) TSHostedAppLauncher (x32 Version: 5.1.15.0) Unity Web Player (HKCU Version: ) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3) Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3) Update Installer for WildTangent Games App (x32) Updater (x32 Version: 2.6.43) VIP Access (x32 Version: 2.1.1.34) VIP Access SDK (1.0.1.4) (x32 Version: 1.0.1.4) Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98) WildTangent Games App (HP Games) (x32 Version: 4.0.5.32) Windows Live Communications Platform (x32 Version: 15.4.3502.0922) Windows Live Essentials (x32 Version: 15.4.3502.0922) Windows Live Essentials (x32 Version: 15.4.3555.0308) Windows Live ID Sign-in Assistant (Version: 7.250.4232.0) Windows Live Installer (x32 Version: 15.4.3502.0922) Windows Live Language Selector (Version: 15.4.3555.0308) Windows Live Mail (x32 Version: 15.4.3502.0922) Windows Live Mesh (x32 Version: 15.4.3502.0922) Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2) Windows Live Messenger (x32 Version: 15.4.3538.0513) Windows Live MIME IFilter (Version: 15.4.3502.0922) Windows Live Movie Maker (x32 Version: 15.4.3502.0922) Windows Live Photo Common (x32 Version: 15.4.3502.0922) Windows Live Photo Gallery (x32 Version: 15.4.3502.0922) Windows Live PIMT Platform (x32 Version: 15.4.3508.1109) Windows Live Remote Client (Version: 15.4.5722.2) Windows Live Remote Client Resources (Version: 15.4.5722.2) Windows Live Remote Service (Version: 15.4.5722.2) Windows Live Remote Service Resources (Version: 15.4.5722.2) Windows Live SOXE (x32 Version: 15.4.3502.0922) Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922) Windows Live UX Platform (x32 Version: 15.4.3502.0922) Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109) Windows Live Writer (x32 Version: 15.4.3502.0922) Windows Live Writer Resources (x32 Version: 15.4.3502.0922) WinRAR 4.20 (64-bit) (Version: 4.20.0) WinZip 17.0 (Version: 17.0.10381) Zuma's Revenge (x32 Version: 2.2.0.98) ==================== Restore Points ========================= 31-10-2013 01:21:33 Scheduled Checkpoint 03-11-2013 20:04:54 Removed CWA Reminder by We-Care.com v4.1.24.3 05-11-2013 08:00:34 Windows Update 05-11-2013 10:54:34 Removed ScorpionSaver 05-11-2013 10:55:03 Removed ScorpionSaver 10-11-2013 20:32:07 Removed ScorpionSaver 10-11-2013 20:32:39 Removed ScorpionSaver 10-11-2013 20:34:49 Removed ScorpionSaver 15-11-2013 08:00:35 Windows Update 23-11-2013 00:15:55 Removed ScorpionSaver 26-11-2013 00:43:14 Installed Super Ad Blocker 26-11-2013 01:36:06 Removed Super Ad Blocker 27-11-2013 02:46:11 Removed ScorpionSaver ==================== Hosts content: ========================== 2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {06617194-6520-4508-9078-3DDB19EFCA07} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-08] (Adobe Systems Incorporated) Task: {100C534B-1F80-42DF-A610-911C98C059C5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-04-01] (Hewlett-Packard Company) Task: {11F39DFE-9D08-4296-A720-DBF7CEEF514E} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe [2012-12-12] () Task: {1243A118-88F9-494D-958E-C3986ACA7205} - System32\Tasks\HPCeeScheduleForEG3 => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard) Task: {1BA41B41-A99E-4049-A3C2-9222CC764357} - \BackgroundContainer Startup Task No Task File Task: {2CE953F0-5169-4CD1-89D1-69EC0A05A3EF} - System32\Tasks\Norton Security Suite\Norton Error Analyzer => C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\symerr.exe [2013-06-03] (Symantec Corporation) Task: {3B8B906F-F994-45BF-BA1B-6DDE089782DF} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => C:\Program Files\Microsoft IntelliType Pro\itype.exe [2011-08-10] (Microsoft Corporation) Task: {3D5B0E36-406C-4076-A13F-8DDFB5F165E7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company) Task: {46FD9636-0D67-41EB-AE3C-E22F82674E9E} - System32\Tasks\Norton Security Suite\Norton Error Processor => C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\symerr.exe [2013-06-03] (Symantec Corporation) Task: {529FAE0B-537B-46EA-AEA1-4EA546DF5E1A} - System32\Tasks\IHUninstallTrackingTASK => CMD Task: {5C3C0755-267C-42DB-93B1-F03D61DACA67} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\wscstub.exe [2013-06-03] (Symantec Corporation) Task: {7E041F13-2BD4-48EB-859C-73EB2E968617} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2011-08-01] (Microsoft Corporation) Task: {9834C940-0FD4-4D56-8DC0-8EE508A9ADED} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-26] (Google Inc.) Task: {A1E2C1CA-85A9-4198-827F-9E663BB3EA55} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc Task: {A26900D1-0100-4189-9A70-42C47FB12A70} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-10-21] (Piriform Ltd) Task: {A3289A0B-6911-4665-BED2-2D67E1B0F41F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company) Task: {A4ACAE9E-4CE6-4EA5-A036-2F24AF677200} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-26] (Google Inc.) Task: {BB4BBF91-17E4-4ECA-8D80-CB5589E4492A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-10-15] (Hewlett-Packard) Task: {CF41C5D5-7059-4927-B8C8-31738B39BA80} - \AmiUpdXp No Task File Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\HPCeeScheduleForEG3.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe ==================== Loaded Modules (whitelisted) ============= 2012-12-12 21:37 - 2012-12-12 21:37 - 00088968 _____ () C:\Program Files\TortoiseSVN\bin\libsasl.dll 2011-12-19 16:44 - 2011-09-19 02:50 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2012-12-12 20:30 - 2012-12-12 20:30 - 00070536 _____ () C:\Program Files\TortoiseSVN\bin\libsasl32.dll 2013-07-16 17:45 - 2012-05-30 09:51 - 00699280 ____R () C:\PROGRAM FILES (X86)\NORTON SECURITY SUITE\ENGINE\20.4.0.40\wincfi39.dll 2013-10-31 14:50 - 2013-10-31 14:50 - 00549272 _____ () C:\Program Files (x86)\Constant Guard Protection Suite\sqlite3.DLL 2012-12-12 14:56 - 2012-12-12 14:56 - 00028672 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\OutputLog.dll 2012-12-12 14:56 - 2012-12-12 14:56 - 00516599 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.dll 2012-12-12 14:56 - 2012-12-12 14:56 - 00094208 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\fdHttpd.dll 2012-12-12 14:56 - 2012-12-12 14:56 - 00405504 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\HtcDetect.dll 2012-12-12 14:56 - 2012-12-12 14:56 - 00159744 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDisk.dll 2012-12-12 14:56 - 2012-12-12 14:56 - 00172032 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetectLegend.dll 2012-12-12 14:56 - 2012-12-12 14:56 - 00559244 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.7.dll 2012-12-12 14:56 - 2012-12-12 14:56 - 01515520 _____ () C:\Program Files (x86)\HTC\HTC Sync 3.0\Maps\R66Api.dll 2013-11-15 17:23 - 2013-11-15 17:23 - 03363952 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll 2013-10-08 18:14 - 2013-10-08 18:14 - 16233864 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AdpeakProxy => ""="service" ==================== Faulty Device Manager Devices ============= Name: 802.11n Wireless LAN Card Description: 802.11n Wireless LAN Card Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Ralink Technology, Corp. Service: netr28x Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (11/29/2013 03:46:43 PM) (Source: IDVault) (User: ) Description: StarServiceAndWait failed to start for W32TimeCannot start service W32Time on computer '.'. at System.ServiceProcess.ServiceController.Start(String[] args) at System.ServiceProcess.ServiceController.Start() at GuardId.IdVaultCore.Utils.ServiceHelper.StarServiceAndWait(String serviceName, Int32 timeoutSec) Error: (11/29/2013 02:41:14 PM) (Source: Application Error) (User: ) Description: Faulting application name: plugin-container.exe, version: 25.0.1.5064, time stamp: 0x5282f18a Faulting module name: mozalloc.dll, version: 25.0.1.5064, time stamp: 0x5282c493 Exception code: 0x80000003 Fault offset: 0x0000119c Faulting process id: 0x1754 Faulting application start time: 0xplugin-container.exe0 Faulting application path: plugin-container.exe1 Faulting module path: plugin-container.exe2 Report Id: plugin-container.exe3 Error: (11/29/2013 02:41:12 PM) (Source: Application Error) (User: ) Description: Faulting application name: firefox.exe, version: 25.0.1.5064, time stamp: 0x5282f204 Faulting module name: clr.dll, version: 4.0.30319.1008, time stamp: 0x517a1be7 Exception code: 0xc0000005 Fault offset: 0x00510064 Faulting process id: 0x2d40 Faulting application start time: 0xfirefox.exe0 Faulting application path: firefox.exe1 Faulting module path: firefox.exe2 Report Id: firefox.exe3 Error: (11/29/2013 02:41:11 PM) (Source: .NET Runtime) (User: ) Description: Application: firefox.exe Framework Version: v4.0.30319 Description: The process was terminated due to an internal error in the .NET Runtime at IP 72540064 (72030000) with exit code 80131506. Error: (11/29/2013 02:04:51 PM) (Source: Application Error) (User: ) Description: Faulting application name: firefox.exe, version: 25.0.1.5064, time stamp: 0x5282f204 Faulting module name: clr.dll, version: 4.0.30319.1008, time stamp: 0x517a1be7 Exception code: 0xc0000005 Fault offset: 0x0017da7e Faulting process id: 0x2ce0 Faulting application start time: 0xfirefox.exe0 Faulting application path: firefox.exe1 Faulting module path: firefox.exe2 Report Id: firefox.exe3 Error: (11/29/2013 02:04:50 PM) (Source: .NET Runtime) (User: ) Description: Application: firefox.exe Framework Version: v4.0.30319 Description: The process was terminated due to an internal error in the .NET Runtime at IP 721ADA7E (72030000) with exit code 80131506. Error: (11/29/2013 00:36:14 PM) (Source: Application Error) (User: ) Description: Faulting application name: plugin-container.exe, version: 25.0.1.5064, time stamp: 0x5282f18a Faulting module name: mozalloc.dll, version: 25.0.1.5064, time stamp: 0x5282c493 Exception code: 0x80000003 Fault offset: 0x0000119c Faulting process id: 0x1960 Faulting application start time: 0xplugin-container.exe0 Faulting application path: plugin-container.exe1 Faulting module path: plugin-container.exe2 Report Id: plugin-container.exe3 Error: (11/29/2013 00:36:10 PM) (Source: Application Error) (User: ) Description: Faulting application name: firefox.exe, version: 25.0.1.5064, time stamp: 0x5282f204 Faulting module name: clr.dll, version: 4.0.30319.1008, time stamp: 0x517a1be7 Exception code: 0xc0000005 Fault offset: 0x0022e062 Faulting process id: 0x18b0 Faulting application start time: 0xfirefox.exe0 Faulting application path: firefox.exe1 Faulting module path: firefox.exe2 Report Id: firefox.exe3 Error: (11/29/2013 00:36:08 PM) (Source: .NET Runtime) (User: ) Description: Application: firefox.exe Framework Version: v4.0.30319 Description: The process was terminated due to an internal error in the .NET Runtime at IP 7225E062 (72030000) with exit code 80131506. Error: (11/29/2013 11:36:19 AM) (Source: CVHSVC) (User: ) Description: Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected. System errors: ============= Error: (11/29/2013 03:57:23 PM) (Source: Service Control Manager) (User: ) Description: The following boot-start or system-start driver(s) failed to load: SABKUTIL Error: (11/29/2013 03:46:43 PM) (Source: Service Control Manager) (User: ) Description: The following boot-start or system-start driver(s) failed to load: SABKUTIL Error: (11/29/2013 03:39:03 PM) (Source: Disk) (User: ) Description: The driver detected a controller error on \Device\Harddisk1\DR1. Error: (11/29/2013 03:39:02 PM) (Source: Disk) (User: ) Description: The driver detected a controller error on \Device\Harddisk1\DR1. Error: (11/29/2013 03:38:11 PM) (Source: Disk) (User: ) Description: The driver detected a controller error on \Device\Harddisk1\DR1. Error: (11/29/2013 11:37:00 AM) (Source: Service Control Manager) (User: ) Description: The AdpeakProxy service terminated unexpectedly. It has done this 1 time(s). Error: (11/29/2013 11:36:26 AM) (Source: Disk) (User: ) Description: The driver detected a controller error on \Device\Harddisk1\DR1. Error: (11/27/2013 06:18:04 AM) (Source: Service Control Manager) (User: ) Description: The following boot-start or system-start driver(s) failed to load: SABKUTIL Error: (11/27/2013 06:12:01 AM) (Source: Service Control Manager) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error: (11/27/2013 06:12:01 AM) (Source: Service Control Manager) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Microsoft Office Sessions: ========================= Error: (11/29/2013 03:46:43 PM) (Source: IDVault)(User: ) Description: StarServiceAndWait failed to start for W32TimeCannot start service W32Time on computer '.'. at System.ServiceProcess.ServiceController.Start(String[] args) at System.ServiceProcess.ServiceController.Start() at GuardId.IdVaultCore.Utils.ServiceHelper.StarServiceAndWait(String serviceName, Int32 timeoutSec) Error: (11/29/2013 02:41:14 PM) (Source: Application Error)(User: ) Description: plugin-container.exe25.0.1.50645282f18amozalloc.dll25.0.1.50645282c493800000030000119c175401ceed3a7000b78aC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll34c498f5-592e-11e3-bf2e-386077b91d69 Error: (11/29/2013 02:41:12 PM) (Source: Application Error)(User: ) Description: firefox.exe25.0.1.50645282f204clr.dll4.0.30319.1008517a1be7c0000005005100642d4001ceed3a6eb287c5C:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll33211c00-592e-11e3-bf2e-386077b91d69 Error: (11/29/2013 02:41:11 PM) (Source: .NET Runtime)(User: ) Description: Application: firefox.exe Framework Version: v4.0.30319 Description: The process was terminated due to an internal error in the .NET Runtime at IP 72540064 (72030000) with exit code 80131506. Error: (11/29/2013 02:04:51 PM) (Source: Application Error)(User: ) Description: firefox.exe25.0.1.50645282f204clr.dll4.0.30319.1008517a1be7c00000050017da7e2ce001ceed2e6d3fe65fC:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll1f24fc5d-5929-11e3-bf2e-386077b91d69 Error: (11/29/2013 02:04:50 PM) (Source: .NET Runtime)(User: ) Description: Application: firefox.exe Framework Version: v4.0.30319 Description: The process was terminated due to an internal error in the .NET Runtime at IP 721ADA7E (72030000) with exit code 80131506. Error: (11/29/2013 00:36:14 PM) (Source: Application Error)(User: ) Description: plugin-container.exe25.0.1.50645282f18amozalloc.dll25.0.1.50645282c493800000030000119c196001ceed244a2548d9C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dllbdf1723c-591c-11e3-bf2e-386077b91d69 Error: (11/29/2013 00:36:10 PM) (Source: Application Error)(User: ) Description: firefox.exe25.0.1.50645282f204clr.dll4.0.30319.1008517a1be7c00000050022e06218b001ceed2145dbcfb3C:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dllbbcf2e4a-591c-11e3-bf2e-386077b91d69 Error: (11/29/2013 00:36:08 PM) (Source: .NET Runtime)(User: ) Description: Application: firefox.exe Framework Version: v4.0.30319 Description: The process was terminated due to an internal error in the .NET Runtime at IP 7225E062 (72030000) with exit code 80131506. Error: (11/29/2013 11:36:19 AM) (Source: CVHSVC)(User: ) Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected. CodeIntegrity Errors: =================================== Date: 2013-11-25 19:51:41.828 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\sabdifsv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-11-25 19:51:41.766 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\sabdifsv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-11-25 19:51:41.672 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-11-25 19:51:41.578 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-11-25 19:43:34.467 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SABProcEnum.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-11-25 19:43:34.420 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SABProcEnum.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-11-25 19:43:29.381 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-11-25 19:43:29.334 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-11-25 19:43:28.929 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\sabdifsv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-11-25 19:43:28.882 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\sabdifsv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Percentage of memory in use: 30% Total physical RAM: 8098.52 MB Available physical RAM: 5652.75 MB Total Pagefile: 16195.21 MB Available Pagefile: 13040.9 MB Total Virtual: 8192 MB Available Virtual: 8191.81 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:914.98 GB) (Free:826.73 GB) NTFS Drive d: (HP_RECOVERY) (Fixed) (Total:16.44 GB) (Free:2.05 GB) NTFS ==>[system with boot components (obtained from reading drive)] Drive l: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS Drive m: () (Removable) (Total:3.81 GB) (Free:3.02 GB) FAT32 Drive o: (EXTERNAL) (Fixed) (Total:698.64 GB) (Free:397.79 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 5266F27B) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=915 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=16 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 4 GB) (Disk ID: E470E470) Partition 1: (Not Active) - (Size=4 GB) - (Type=0B) ======================================================== Disk: 7 (Size: 699 GB) (Disk ID: 02180A83) Partition 1: (Not Active) - (Size=699 GB) - (Type=07 NTFS) ==================== End Of Log ============================
- November 29, 2013
- 24 replies
Scorpion Saver keeps returning!

soar3 replied to soar3's topic in Resolved Malware Removal Logs

Here's the AdwCleaner[s0].txt # AdwCleaner v3.013 - Report created 29/11/2013 at 15:45:19 # Updated 24/11/2013 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : EG3 - ELECTRIFYING # Running from : C:\Users\EG3\Desktop\AdwCleaner(1).exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.16428 -\\ Mozilla Firefox v25.0.1 (en-US) [ File : C:\Users\EG3\AppData\Roaming\Mozilla\Firefox\Profiles\hiw9kyyl.default\prefs.js ] -\\ Google Chrome v31.0.1650.57 [ File : C:\Users\EG3\AppData\Local\Google\Chrome\User Data\Default\preferences ] Deleted : icon_url Deleted : search_url Deleted : suggest_url Deleted : keyword ************************* AdwCleaner[R0].txt - [19560 octets] - [10/11/2013 15:45:14] AdwCleaner[R1].txt - [17225 octets] - [25/11/2013 19:50:14] AdwCleaner[R2].txt - [1948 octets] - [25/11/2013 22:59:24] AdwCleaner[R3].txt - [1434 octets] - [29/11/2013 15:43:02] AdwCleaner[s0].txt - [16654 octets] - [10/11/2013 15:47:39] AdwCleaner[s1].txt - [17055 octets] - [25/11/2013 19:50:33] AdwCleaner[s2].txt - [2023 octets] - [25/11/2013 23:00:32] AdwCleaner[s3].txt - [1267 octets] - [29/11/2013 15:45:19] ########## EOF - C:\AdwCleaner\AdwCleaner[s3].txt - [1327 octets] ########## Here's the report of the Malwarebytes quickscan before pressing CLEAN. Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.11.29.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.16428 EG3 :: ELECTRIFYING [administrator] 11/29/2013 3:50:45 PM MBAM-log-2013-11-29 (15-54-51).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 206550 Time elapsed: 3 minute(s), 49 second(s) Memory Processes Detected: 1 C:\Program Files\ScorpionSaver Services\AdpeakProxy.exe (PUP.Optional.ScorpionSaver) -> 1708 -> No action taken. Memory Modules Detected: 1 C:\Program Files\ScorpionSaver Services\PCProxyDLL.dll (PUP.Optional.ScorpionSaver) -> No action taken. Registry Keys Detected: 7 HKCR\AppID\AdpeakProxy.exe (PUP.Optional.Adpeak) -> No action taken. HKCR\Wow6432Node\AppID\AdpeakProxy.exe (PUP.Optional.Adpeak) -> No action taken. HKLM\SOFTWARE\Wow6432Node\Adpeak, Inc. (PUP.Optional.Adpeak) -> No action taken. HKLM\SOFTWARE\Wow6432Node\Wow6432Node\Adpeak, Inc. (PUP.Optional.Adpeak) -> No action taken. HKCR\TypeLib\{ED721A76-8160-4DA0-A18E-7FD7C4574774} (PUP.Optional.ScorpionSaver) -> No action taken. HKCR\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2} (PUP.Optional.ScorpionSaver) -> No action taken. HKLM\SYSTEM\CurrentControlSet\Services\AdpeakProxy (PUP.Optional.ScorpionSaver) -> No action taken. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 1 C:\Program Files\ScorpionSaver Services (PUP.Optional.ScorpionSaver) -> No action taken. Files Detected: 13 C:\Program Files\ScorpionSaver Services\AdpeakProxy.dll (PUP.Optional.ScorpionSaver) -> No action taken. C:\Program Files\ScorpionSaver Services\AdpeakProxy.exe (PUP.Optional.ScorpionSaver) -> No action taken. C:\Program Files\ScorpionSaver Services\AdpeakProxy64.dll (PUP.Optional.ScorpionSaver) -> No action taken. C:\Program Files\ScorpionSaver Services\AdpeakRegisterLSP.exe (PUP.Optional.ScorpionSaver) -> No action taken. C:\Program Files\ScorpionSaver Services\AdpeakRegisterLSP.ini (PUP.Optional.ScorpionSaver) -> No action taken. C:\Program Files\ScorpionSaver Services\AdpeakRegisterLSP64.exe (PUP.Optional.ScorpionSaver) -> No action taken. C:\Program Files\ScorpionSaver Services\Installbat.dll (PUP.Optional.ScorpionSaver) -> No action taken. C:\Program Files\ScorpionSaver Services\Installbat64.dll (PUP.Optional.ScorpionSaver) -> No action taken. C:\Program Files\ScorpionSaver Services\InstallDLL.dll (PUP.Optional.ScorpionSaver) -> No action taken. C:\Program Files\ScorpionSaver Services\InstallDLL64.dll (PUP.Optional.ScorpionSaver) -> No action taken. C:\Program Files\ScorpionSaver Services\Microsoft.Deployment.WindowsInstaller.dll (PUP.Optional.ScorpionSaver) -> No action taken. C:\Program Files\ScorpionSaver Services\Microsoft.Deployment.WindowsInstaller.xml (PUP.Optional.ScorpionSaver) -> No action taken. C:\Program Files\ScorpionSaver Services\PCProxyDLL.dll (PUP.Optional.ScorpionSaver) -> No action taken. (end) Here's the log of Malwarebytes after pressing CLEAN. alwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.11.29.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.16428 EG3 :: ELECTRIFYING [administrator] 11/29/2013 3:50:45 PM mbam-log-2013-11-29 (15-50-45).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 206550 Time elapsed: 3 minute(s), 49 second(s) Memory Processes Detected: 1 C:\Program Files\ScorpionSaver Services\AdpeakProxy.exe (PUP.Optional.ScorpionSaver) -> 1708 -> Delete on reboot. Memory Modules Detected: 1 C:\Program Files\ScorpionSaver Services\PCProxyDLL.dll (PUP.Optional.ScorpionSaver) -> Delete on reboot. Registry Keys Detected: 7 HKCR\AppID\AdpeakProxy.exe (PUP.Optional.Adpeak) -> Quarantined and deleted successfully. HKCR\Wow6432Node\AppID\AdpeakProxy.exe (PUP.Optional.Adpeak) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Wow6432Node\Adpeak, Inc. (PUP.Optional.Adpeak) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Wow6432Node\Wow6432Node\Adpeak, Inc. (PUP.Optional.Adpeak) -> Quarantined and deleted successfully. HKCR\TypeLib\{ED721A76-8160-4DA0-A18E-7FD7C4574774} (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully. HKCR\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2} (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully. HKLM\SYSTEM\CurrentControlSet\Services\AdpeakProxy (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 1 C:\Program Files\ScorpionSaver Services (PUP.Optional.ScorpionSaver) -> Delete on reboot. Files Detected: 13 C:\Program Files\ScorpionSaver Services\AdpeakProxy.dll (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully. C:\Program Files\ScorpionSaver Services\AdpeakProxy.exe (PUP.Optional.ScorpionSaver) -> Delete on reboot. C:\Program Files\ScorpionSaver Services\AdpeakProxy64.dll (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully. C:\Program Files\ScorpionSaver Services\AdpeakRegisterLSP.exe (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully. C:\Program Files\ScorpionSaver Services\AdpeakRegisterLSP.ini (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully. C:\Program Files\ScorpionSaver Services\AdpeakRegisterLSP64.exe (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully. C:\Program Files\ScorpionSaver Services\Installbat.dll (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully. C:\Program Files\ScorpionSaver Services\Installbat64.dll (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully. C:\Program Files\ScorpionSaver Services\InstallDLL.dll (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully. C:\Program Files\ScorpionSaver Services\InstallDLL64.dll (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully. C:\Program Files\ScorpionSaver Services\Microsoft.Deployment.WindowsInstaller.dll (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully. C:\Program Files\ScorpionSaver Services\Microsoft.Deployment.WindowsInstaller.xml (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully. C:\Program Files\ScorpionSaver Services\PCProxyDLL.dll (PUP.Optional.ScorpionSaver) -> Delete on reboot. (end)
- November 29, 2013
- 24 replies
Scorpion Saver keeps returning!

soar3 posted a topic in Resolved Malware Removal Logs

I was recently infected with the Scorpion Saver virus. I was successful in removing it once, but now it's back. The pop up adds are very annoying! Please HELP! Here's the DDS file. DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 11.0.9600.16428 BrowserJavaVersion: 10.45.2 Run by EG3 at 12:56:41 on 2013-11-29 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8099.5082 [GMT -5:00] . AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\PROGRA~2\GFI\GFIBAC~1\GFIFInst.exe C:\PROGRA~2\GFI\GFIBAC~1\GFIFSC~1.EXE C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\ccSvcHst.exe C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe C:\Program Files (x86)\Common Files\Motive\pcCMService.exe C:\Program Files\Common Files\Motive\pcCMService.exe C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\ccSvcHst.exe C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe C:\Program Files (x86)\PDF Complete\pdfsvc.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\System32\WUDFHost.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\igfxpers.exe C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Comcast\pcTrayApp.exe C:\Program Files (x86)\GFI\GFI BackUp Freeware\GFIAgent.exe C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe C:\Program Files (x86)\Common Files\Motive\pcContextHookShim.exe C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files\TortoiseSVN\bin\TSVNCache.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Program Files (x86)\Comcast\pcBrowser.exe C:\Program Files\ScorpionSaver Services\AdpeakProxy.exe C:\Windows\splwow64.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . mWinlogon: Userinit = userinit.exe, BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\coieplg.dll BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\ips\ipsbho.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Constant Guard Protection Suite: {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.13.1030.3\NativeBHO.dll BHO: Symantec VIP Access Add-On: {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\coieplg.dll uRun: [GFI BackUp Freeware] "C:\PROGRA~2\GFI\GFIBAC~1\GFIAgent.exe" uRun: [GoogleChromeAutoLaunch_9906C968D54DA39BC8CC1C6F1769BC59] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe mRun: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CONSTA~1.LNK - C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe LSP: C:\Windows\System32\AdpeakProxy.dll TCP: NameServer = 192.168.1.1 TCP: Interfaces\{6A1CA1E5-1528-4090-8F64-C3AFE0526775} : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{80774779-5E1D-4618-A57A-AA8EBEACEDC8} : DHCPNameServer = 192.168.1.1 Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll AppInit_DLLs= C:\PROGRA~2\KEYCRY~1\KEYCRY~3.DLL SSODL: WebCheck - <orphaned> mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome mASetup: {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec /fu {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} /qn x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Symantec VIP Access Add-On: {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe x64-Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe" x64-Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" x64-Run: [Comcast_McciTrayApp] "C:\Program Files\Comcast\pcTrayApp.exe" x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> x64-mASetup: {B34A07DD-C6F7-414A-AE63-01019482EAF0} - msiexec /fu {B34A07DD-C6F7-414A-AE63-01019482EAF0} /qn . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\EG3\AppData\Roaming\Mozilla\Firefox\Profiles\hiw9kyyl.default\ FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Common Files\Motive\npMotive.dll FF - plugin: C:\Program Files (x86)\Common Files\Motive\npMotiveRequest.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\EG3\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll . ============= SERVICES / DRIVERS =============== . R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\1404000.028\symds64.sys [2013-7-16 493656] R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\1404000.028\symefa64.sys [2013-7-16 1139800] R1 AntiLog32;AntiLog32;C:\Windows\System32\drivers\AntiLog64.sys [2013-1-20 49240] R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20131114.001\BHDrvx64.sys [2013-11-22 1524824] R1 ccSet_N360;Norton Security Suite Settings Manager;C:\Windows\System32\drivers\N360x64\1404000.028\ccsetx64.sys [2013-7-16 169048] R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20131128.001\IDSviA64.sys [2013-11-29 521816] R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\1404000.028\ironx64.sys [2013-7-16 224416] R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\1404000.028\symnets.sys [2013-7-16 433752] R2 AdpeakProxy;AdpeakProxy;C:\Program Files\ScorpionSaver Services\AdpeakProxy.exe [2013-10-16 3688448] R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-7-20 249648] R2 CalendarSynchService;CalendarSynchService;C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [2011-8-16 16384] R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504] R2 GFIBckFAtt;GFI BackUp Freeware Attendant Service;C:\PROGRA~2\GFI\GFIBAC~1\GFIFInst.exe [2012-4-1 1011056] R2 GFIBckFSched;GFI BackUp Freeware Scheduler Service;C:\PROGRA~2\GFI\GFIBAC~1\GFIFSC~1.EXE [2012-4-1 2664816] R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528] R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168] R2 IDVaultSvc;CGPS Service;C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe [2013-10-31 41024] R2 jhi_service;Intel® Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-2-24 212944] R2 Level Quality Watcher;Level Quality Watcher;C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe run options=01110010000000000000000000000000 sourceguid=4012 --> C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe run options=01110010000000000000000000000000 sourceguid=4012 [?] R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\ccsvchst.exe [2013-7-16 144368] R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2013-2-20 167424] R2 pcCMService;pcCMService;C:\Program Files (x86)\Common Files\Motive\pcCMService.exe [2012-7-7 369152] R2 pcCMService64;pcCMService64;C:\Program Files\Common Files\Motive\pcCMService.exe [2012-7-7 460288] R2 pcServiceHost;pcServiceHost;C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe [2012-7-7 342016] R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2011-12-19 1128952] R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-12-19 2656536] R2 VIPAppService;VIPAppService;C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [2012-12-2 81552] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-11-25 137648] R3 keycrypt;keycrypt;C:\Windows\System32\drivers\KeyCrypt64.sys [2013-1-20 25056] R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144] R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576] R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840] R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208] R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 androidusb;ADB Interface Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-11-2 33736] S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-8-1 195320] S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-11-2 33736] S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\System32\drivers\htcnprot.sys [2012-12-7 36928] S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-11-15 111616] S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-12-19 158976] S3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2011-12-19 1874016] S3 pmxdrv;pmxdrv;C:\Windows\System32\drivers\pmxdrv.sys [2011-12-19 31152] S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-12-19 533096] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-2-25 1255736] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2013-11-29 16:37:01 439296 ----a-w- C:\Windows\System32\AdpeakProxy64.dll 2013-11-29 16:37:00 338944 ----a-w- C:\Windows\SysWow64\AdpeakProxy.dll 2013-11-29 16:36:57 -------- d-----w- C:\Program Files\ScorpionSaver Services 2013-11-27 02:39:25 -------- d-----w- C:\Program Files\Level Quality Watcher 2013-11-26 03:46:39 -------- d-----w- C:\Windows\ERUNT 2013-11-26 03:23:22 -------- d-----w- C:\Users\EG3\AppData\Roaming\Malwarebytes 2013-11-26 03:23:10 -------- d-----w- C:\ProgramData\Malwarebytes 2013-11-26 03:23:09 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2013-11-26 03:23:09 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-11-26 00:43:28 -------- d-----w- C:\Users\EG3\AppData\Roaming\SuperAdBlocker.com 2013-11-26 00:43:24 -------- d-----w- C:\Windows\SysWow64\URTTemp 2013-11-26 00:43:23 -------- d-----w- C:\Program Files (x86)\SuperAdBlocker.com 2013-11-26 00:42:40 -------- d-----w- C:\Users\EG3\AppData\Local\NativeMessaging 2013-11-15 00:26:37 1474048 ----a-w- C:\Windows\System32\crypt32.dll 2013-11-10 20:43:44 -------- d-----w- C:\AdwCleaner 2013-11-10 20:10:41 -------- d-----w- C:\Users\EG3\AppData\Local\Opera 2013-11-10 20:10:41 -------- d-----w- C:\Program Files (x86)\fnex 2013-11-10 20:01:32 -------- d-----w- C:\Users\EG3\AppData\Local\WordOv 2013-11-05 10:46:47 -------- d-----w- C:\temp 2013-11-04 14:41:57 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys 2013-11-04 14:41:57 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys 2013-11-04 14:41:57 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys 2013-11-04 14:41:57 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys 2013-11-04 14:41:57 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys 2013-11-04 14:41:57 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys 2013-11-04 14:41:57 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys 2013-11-03 19:52:17 -------- d-----w- C:\Windows\SysWow64\modules 2013-11-03 19:52:17 -------- d-----w- C:\Windows\SysWow64\js 2013-11-03 19:52:17 -------- d-----w- C:\Windows\SysWow64\images 2013-11-03 19:52:17 -------- d-----w- C:\Windows\SysWow64\html 2013-11-03 19:52:17 -------- d-----w- C:\Windows\SysWow64\css 2013-11-03 19:51:43 -------- d-----w- C:\ProgramData\Updater 2013-11-03 19:51:43 -------- d-----w- C:\ProgramData\RHelpers . ==================== Find3M ==================== . 2013-11-15 08:25:36 49240 ----a-w- C:\Windows\System32\drivers\AntiLog64.sys 2013-10-16 18:03:00 10674488 ----a-w- C:\Windows\SysWow64\ZALSDKCore.dll 2013-10-12 02:30:42 830464 ----a-w- C:\Windows\System32\nshwfp.dll 2013-10-12 02:29:21 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL 2013-10-12 02:29:08 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL 2013-10-12 02:03:08 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll 2013-10-12 02:01:25 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL 2013-10-08 23:14:57 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-10-08 23:14:57 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-10-08 11:50:37 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2013-10-05 19:57:25 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll 2013-10-04 02:28:31 190464 ----a-w- C:\Windows\System32\SmartcardCredentialProvider.dll 2013-10-04 02:25:17 197120 ----a-w- C:\Windows\System32\credui.dll 2013-10-04 02:24:49 1930752 ----a-w- C:\Windows\System32\authui.dll 2013-10-04 01:58:50 152576 ----a-w- C:\Windows\SysWow64\SmartcardCredentialProvider.dll 2013-10-04 01:56:25 168960 ----a-w- C:\Windows\SysWow64\credui.dll 2013-10-04 01:56:00 1796096 ----a-w- C:\Windows\SysWow64\authui.dll 2013-10-03 02:23:48 404480 ----a-w- C:\Windows\System32\gdi32.dll 2013-10-03 02:00:44 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll 2013-09-28 01:09:10 497152 ----a-w- C:\Windows\System32\drivers\afd.sys 2013-09-25 02:26:40 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2013-09-25 02:26:40 154560 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2013-09-25 02:23:33 28672 ----a-w- C:\Windows\System32\sspisrv.dll 2013-09-25 02:23:33 135680 ----a-w- C:\Windows\System32\sspicli.dll 2013-09-25 02:23:01 28160 ----a-w- C:\Windows\System32\secur32.dll 2013-09-25 02:22:59 340992 ----a-w- C:\Windows\System32\schannel.dll 2013-09-25 02:21:50 307200 ----a-w- C:\Windows\System32\ncrypt.dll 2013-09-25 02:21:07 1447936 ----a-w- C:\Windows\System32\lsasrv.dll 2013-09-25 01:58:17 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll 2013-09-25 01:57:26 22016 ----a-w- C:\Windows\SysWow64\secur32.dll 2013-09-25 01:57:24 247808 ----a-w- C:\Windows\SysWow64\schannel.dll 2013-09-25 01:56:42 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll 2013-09-25 01:03:24 30720 ----a-w- C:\Windows\System32\lsass.exe 2013-09-08 02:30:37 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2013-09-08 02:27:14 327168 ----a-w- C:\Windows\System32\mswsock.dll 2013-09-08 02:03:58 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll . ============= FINISH: 12:57:07.77 =============== Here's the Attach file. . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 2/23/2012 7:23:38 PM System Uptime: 11/29/2013 11:31:42 AM (1 hours ago) . Motherboard: PEGATRON CORPORATION | | 2AC2 Processor: Intel® Core i5-2400 CPU @ 3.10GHz | CPU 1 | 3101/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 915 GiB total, 826.867 GiB free. D: is FIXED (NTFS) - 16 GiB total, 2.051 GiB free. E: is CDROM () F: is Removable G: is Removable H: is Removable I: is Removable J: is Removable L: is CDROM (CDFS) M: is Removable O: is FIXED (NTFS) - 699 GiB total, 397.785 GiB free. . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Realtek PCIe GBE Family Controller Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_2AC2103C&REV_06\4&A97A1C8&0&00E4 Manufacturer: Realtek Name: Realtek PCIe GBE Family Controller PNP Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_2AC2103C&REV_06\4&A97A1C8&0&00E4 Service: RTL8167 . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: 802.11n Wireless LAN Card Device ID: PCI\VEN_1814&DEV_5390&SUBSYS_F0511814&REV_00\4&33009FC3&0&00E3 Manufacturer: Ralink Technology, Corp. Name: 802.11n Wireless LAN Card PNP Device ID: PCI\VEN_1814&DEV_5390&SUBSYS_F0511814&REV_00\4&33009FC3&0&00E3 Service: netr28x . ==== System Restore Points =================== . RP123: 10/30/2013 9:21:33 PM - Scheduled Checkpoint RP124: 11/3/2013 3:04:54 PM - Removed CWA Reminder by We-Care.com v4.1.24.3 RP125: 11/5/2013 3:00:34 AM - Windows Update RP126: 11/5/2013 5:54:34 AM - Removed ScorpionSaver RP127: 11/5/2013 5:55:03 AM - Removed ScorpionSaver RP128: 11/10/2013 3:32:07 PM - Removed ScorpionSaver RP129: 11/10/2013 3:32:39 PM - Removed ScorpionSaver RP130: 11/10/2013 3:34:49 PM - Removed ScorpionSaver RP131: 11/15/2013 3:00:35 AM - Windows Update RP132: 11/22/2013 7:15:55 PM - Removed ScorpionSaver RP133: 11/25/2013 7:43:14 PM - Installed Super Ad Blocker RP134: 11/25/2013 8:36:06 PM - Removed Super Ad Blocker RP135: 11/26/2013 9:46:11 PM - Removed ScorpionSaver . ==== Installed Programs ====================== . Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader XI (11.0.05) Adobe Shockwave Player 12.0 AntiLogger SDK version 1.6.6.296 Bejeweled 3 Bing Bar Blackhawk Striker 2 Blio Bubble Wrap CCleaner Chuzzle Deluxe Constant Guard Protection Suite Cradle of Rome 2 D3DX10 DirectX for Managed Code Update (Summer 2004) Dora's World Adventure Dropbox EasySolve Facebook Farm Frenzy Farmscapes FATE Final Drive Fury GFI BackUp Freeware Google Chrome Google Update Helper HappyAddon version 8.58 Hewlett-Packard ACLM.NET v1.2.1.1 Hoyle Card Games HP Application Assistant HP Auto HP Calendar HP Client Services HP Clock HP Customer Experience Enhancements HP Games HP LinkUp HP Magic Canvas HP Magic Canvas Tutorials HP Notes HP Odometer HP RSS HP Setup HP Setup Manager HP Support Assistant HP Support Information HP TouchSmart RecipeBox HP Update HP Vision Hardware Diagnostics HP Weather HTC BMP USB Driver HTC Driver Installer HTC Sync Intel® Identity Protection Technology 1.1.2.0 Intel® Management Engine Components Intel® Processor Graphics Intel® Rapid Storage Technology IPTInstaller iSEEK AnswerWorks English Runtime Java 7 Update 11 (64-bit) Java 7 Update 45 Java Auto Updater Jewel Match 3 Jewel Quest Mysteries: The Seventh Gate Collector's Edition John Deere Drive Green Junk Mail filter update LabelPrint Letters from Nowhere 2 Luxor HD Mah Jong Medley Malwarebytes Anti-Malware version 1.75.0.1300 Mesh Runtime Metric Converter Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Application Error Reporting Microsoft IntelliPoint 8.2 Microsoft IntelliType Pro 8.2 Microsoft Mathematics Microsoft Office 2010 Microsoft Office Click-to-Run 2010 Microsoft Office Starter 2010 - English Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Mozilla Firefox 25.0.1 (x86 en-US) Mozilla Maintenance Service MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP3 Parser MSXML 4.0 SP3 Parser (KB2758694) Norton Security Suite opensource PDF Complete Special Edition Penguins! Plants vs. Zombies - Game of the Year PlayReady PC Runtime amd64 PlayReady PC Runtime x86 Poker Superstars III Polar Bowler Polar Golfer Power2Go Quicken 2011 Ralink 802.11n Wireless LAN Card Realtek High Definition Audio Driver Recovery Manager Remote Graphics Receiver RollerCoaster Tycoon 3: Platinum ScorpionSaver Services Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft .NET Framework 4 Extended (KB2736428) Security Update for Microsoft .NET Framework 4 Extended (KB2742595) Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2) Spot swMSM Tap Tap Bear The Treasures of Mystery Island: The Ghost Ship Torchlight TortoiseSVN 1.7.11.23600 (64 bit) TSHostedAppLauncher Unity Web Player Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2836939) Update for Microsoft .NET Framework 4 Extended (KB2836939v3) Update Installer for WildTangent Games App Updater VIP Access VIP Access SDK (1.0.1.4) Virtual Villagers 4 - The Tree of Life WildTangent Games App (HP Games) Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources WinRAR 4.20 (64-bit) WinZip 17.0 Zuma's Revenge . ==== Event Viewer Messages From Past Week ======== . 11/29/2013 11:37:00 AM, Error: Service Control Manager [7034] - The AdpeakProxy service terminated unexpectedly. It has done this 1 time(s). 11/29/2013 11:36:26 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1. 11/27/2013 6:18:04 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SABKUTIL 11/27/2013 6:12:01 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 11/27/2013 6:12:00 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 11/27/2013 6:12:00 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 11/27/2013 6:11:54 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} 11/27/2013 6:11:54 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E} 11/27/2013 6:11:53 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 11/27/2013 6:11:45 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 11/27/2013 6:11:37 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx64 ccSet_N360 DfsC discache eeCtrl IDSVia64 NetBIOS NetBT nsiproxy Psched rdbss SABKUTIL spldr SRTSPX SymIRON SymNetS tdx vwififlt Wanarpv6 WfpLwf 11/27/2013 6:11:37 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 11/27/2013 6:11:37 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 11/27/2013 6:11:37 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 11/27/2013 6:11:37 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 11/27/2013 6:11:37 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 11/27/2013 6:11:37 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning. 11/27/2013 6:11:37 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 11/27/2013 6:11:37 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 11/27/2013 6:11:37 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 11/27/2013 6:11:37 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 11/27/2013 6:11:37 AM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start. . ==== End Of File ===========================
- November 29, 2013
- 24 replies

Sign In

soar3

Posts

Joined

Last visited

Reputation

Scorpion Saver keeps returning!

Scorpion Saver keeps returning!

Scorpion Saver keeps returning!

Scorpion Saver keeps returning!

Scorpion Saver keeps returning!

Scorpion Saver keeps returning!

Scorpion Saver keeps returning!

Scorpion Saver keeps returning!

Scorpion Saver keeps returning!

Scorpion Saver keeps returning!

Scorpion Saver keeps returning!

Scorpion Saver keeps returning!

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information