martianmermaid

All is well, thanks for your assistance

Hello, did as instructed but on reboot my computer freezes on the motherboard splash screen and does not respond to anything. Did I mess something up with that last step? Any suggestions?

SystemLook 30.07.11 by jpshortstuff Log created at 19:11 on 02/12/2013 by Michelle Administrator - Elevation successful ========== regfind ========== Searching for "Scorpion" [HKEY_CURRENT_USER\Software\AppDataLow\Software\Scorpion Saver] [HKEY_CURRENT_USER\Software\AppDataLow\Software\ScorpionSaver] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\3A9F56B942D9A2546BFE41756DE52495] "ProductName"="ScorpionSaver" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\3A9F56B942D9A2546BFE41756DE52495\SourceList] "PackageName"="ScorpionSaver.msi" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SOFTWARE\CLSID\B4AECD8C-1CA3-44B5-9E51-3F6B4DA032AD] @="ScorpionSaver" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SOFTWARE\CLSID\B4AECD8C-1CA3-44B5-9E51-3F6B4DA032AD\InProcServer32] @="C:\Program Files(x86)\ScorpionSaver\IECore.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SOFTWARE\Wow6432Node\CLSID\B4AECD8C-1CA3-44B5-9E51-3F6B4DA032AD] @="ScorpionSaver" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SOFTWARE\Wow6432Node\CLSID\B4AECD8C-1CA3-44B5-9E51-3F6B4DA032AD\InProcServer32] @="C:\Program Files(x86)\ScorpionSaver\IECore.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1C19AC53289098045B06B0DD1D37CBAB] "3A9F56B942D9A2546BFE41756DE52495"="c:\Program Files (x86)\ScorpionSaver\ff_bootstrap.js" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23D9E9D21B4E77E41B9F50DD22F24E20] "3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23EEA1F105A7F45449974D9B95E7AC89] "3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\26982796A8AFD1246B95E00265A95BF9] "3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\42D92D0D75AFEF74297E03876C8D9D33] "3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50FFE845C555A6E4BADB7CB7A145BFEB] "3A9F56B942D9A2546BFE41756DE52495"="c:\Program Files (x86)\ScorpionSaver\SendJson.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\715A3348920B6534690067594BB69F60] "3A9F56B942D9A2546BFE41756DE52495"="c:\Program Files (x86)\ScorpionSaver\" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7B7B13B037A7C2A42AC3E3EAF14D7107] "3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7D05B2942E9CC80499F397F6114DFB35] "3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8591B8948E1C4A04F90505B3CDEE8555] "3A9F56B942D9A2546BFE41756DE52495"="c:\Program Files (x86)\ScorpionSaver\CustomActionInstall" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8D841C5FEC311624CB88D49DB3884FA7] "3A9F56B942D9A2546BFE41756DE52495"="c:\Program Files (x86)\ScorpionSaver\IECore.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AD746BF3B3B3FD8409B86604BA85982A] "3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F355F0DB7A2E3A14B8E7A568FBA25937] "3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3A9F56B942D9A2546BFE41756DE52495\InstallProperties] "DisplayName"="ScorpionSaver" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9B65F9A3-9D24-452A-B6EF-1457D65E4259}] "DisplayName"="ScorpionSaver" [HKEY_USERS\S-1-5-21-938033839-2590711077-2007656739-1000\Software\AppDataLow\Software\Scorpion Saver] [HKEY_USERS\S-1-5-21-938033839-2590711077-2007656739-1000\Software\AppDataLow\Software\ScorpionSaver] -= EOF =-

Cleaned as instructed then updated and re-scanned with Malwarebytes, nothing detected but Scorpionsaver still shows up in my control panel/ uninstall programs. Anymore tricks up your sleeve? I really appreciate your help.

This what I found with adwcleaner, wasn't sure if i should hit clean or not, please advise # AdwCleaner v3.014 - Report created 02/12/2013 at 09:24:24 # Updated 01/12/2013 by Xplode # Operating System : Windows Vista Ultimate Service Pack 2 (64 bits) # Username : Michelle - BEHEMOTH # Running from : C:\Users\Michelle\Downloads\AdwCleaner.exe # Option : Scan ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE} ***** [ Browsers ] ***** -\\ Internet Explorer v9.0.8112.16520 -\\ Mozilla Firefox v25.0.1 (en-US) [ File : C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\tfwcekbk.default\prefs.js ] -\\ Google Chrome v [ File : C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [24155 octets] - [01/12/2013 21:12:18] AdwCleaner[R1].txt - [23884 octets] - [01/12/2013 21:35:07] AdwCleaner[R2].txt - [24005 octets] - [01/12/2013 21:45:44] AdwCleaner[R3].txt - [1392 octets] - [02/12/2013 08:53:22] AdwCleaner[R4].txt - [1512 octets] - [02/12/2013 09:23:11] AdwCleaner[R5].txt - [1191 octets] - [02/12/2013 09:24:24] AdwCleaner[s0].txt - [2274 octets] - [01/12/2013 21:16:46] AdwCleaner[s1].txt - [1899 octets] - [01/12/2013 21:36:48] AdwCleaner[s2].txt - [21208 octets] - [01/12/2013 21:46:32] AdwCleaner[s3].txt - [1455 octets] - [02/12/2013 08:54:55] ########## EOF - C:\AdwCleaner\AdwCleaner[R5].txt - [1492 octets] ##########

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-12-2013 Ran by Michelle at 2013-12-02 08:51:47 Run:1 Running from C:\Users\Michelle\Downloads Boot Mode: Normal ============================================== Content of fixlist: ***************** C:\Windows\SysWOW64\AdpeakProxy.dll C:\Users\Michelle\AppData\Local\Temp\6_Offer_17.exe C:\Users\Michelle\AppData\Local\Temp\BackupSetup.exe C:\Users\Michelle\AppData\Local\Temp\Quarantine.exe C:\Users\Michelle\AppData\Local\Temp\SpOrder.dll C:\Users\Michelle\AppData\Local\Temp\vcredist_x64.exe C:\Users\Michelle\AppData\Local\Temp\VSUSetup.exe ***************** C:\Windows\SysWOW64\AdpeakProxy.dll => Moved successfully. C:\Users\Michelle\AppData\Local\Temp\6_Offer_17.exe => Moved successfully. C:\Users\Michelle\AppData\Local\Temp\BackupSetup.exe => Moved successfully. C:\Users\Michelle\AppData\Local\Temp\Quarantine.exe => Moved successfully. C:\Users\Michelle\AppData\Local\Temp\SpOrder.dll => Moved successfully. C:\Users\Michelle\AppData\Local\Temp\vcredist_x64.exe => Moved successfully. C:\Users\Michelle\AppData\Local\Temp\VSUSetup.exe => Moved successfully. ==== End of Fixlog ====

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-12-2013 Ran by Michelle (administrator) on BEHEMOTH on 01-12-2013 22:23:56 Running from C:\Users\Michelle\Downloads Windows Vista Ultimate Service Pack 2 (X64) OS Language: English(US) Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Seagate Technology LLC) C:\Program Files (x86)\Seagate\Basics\Service\SyncServicesBasics.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Prolific Technology Inc.) C:\Windows\SysWOW64\IoctlSvc.exe (Western Digital) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe (Western Digital ) C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe (Western Digital ) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Dropbox, Inc.) C:\Users\Michelle\AppData\Roaming\Dropbox\bin\Dropbox.exe (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe (Microsoft Corporation) C:\Windows\ehome\ehsched.exe (Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe (Farbar) C:\Users\Michelle\Downloads\FRST64(2).exe ==================== Registry (Whitelisted) ================== HKLM-x32\...\Winlogon: [userinit] C:\Windows\sysWOW64\userinit.exe [25088 2008-01-18] (Microsoft Corporation) HKCU\...\Run: [AdobeBridge] - [x] HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [138240 2008-01-19] (Microsoft Corporation) HKCU\...\Run: [Google Update] - C:\Users\Michelle\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2010-08-31] (Google Inc.) HKCU\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2011-06-20] (Hewlett-Packard Company) HKCU\...\Run: [HP Officejet Pro 8600 (NET)] - C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.) HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-09] (Kaspersky Lab ZAO) HKLM-x32\...\Run: [WD Quick View] - C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5237256 2012-12-20] (Western Digital Technologies, Inc.) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [49208 2011-10-28] (Hewlett-Packard) HKLM-x32\...\Run: [] - [x] HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.) HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\Mcx1\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\Mcx1\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [138240 2008-01-19] (Microsoft Corporation) HKU\Mcx1\...\Winlogon: [shell] C:\Windows\eHome\McrMgr.exe [196608 2009-04-10] (Microsoft Corporation) <==== ATTENTION Startup: C:\Users\Michelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Michelle\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\Michelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) Startup: C:\Users\Michelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk ShortcutTarget: Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.) BootExecute: autocheck autochk /p \??\I:autocheck autochk * ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo.com?type=714647&fr=spigot-yhp-ie HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xBD3C12301328CE01 StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKCU - {8D44BDD5-86DA-4BAE-A69E-92205043AE90} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3220468 SearchScopes: HKCU - {9065EEB4-48ED-46E0-998D-D035B9B7B4B2} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms} SearchScopes: HKCU - {CC933A5E-88E6-4DA1-8A59-06BF9AEBEA8F} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000031&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=650CF628-1C79-4DD8-99B8-CD7B0E3A571F&apn_sauid=AD5F8C78-DA23-49A7-89FF-A5CDF5716AAC BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO-x32: Facetheme - {cbc5b60a-aa4d-45f6-84c2-d086f320299a} - C:\Program Files (x86)\Object\bho_project.dll No File BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/15116/CTPID.cab Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\tfwcekbk.default FF NewTab: about:blank FF Homepage: https://www.google.com/ FF NetworkProxy: "no_proxies_on", "*.local" FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll () FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems) FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Michelle\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Michelle\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF SearchPlugin: C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\tfwcekbk.default\searchplugins\firefox-add-ons.xml FF SearchPlugin: C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\tfwcekbk.default\searchplugins\flickr-tags.xml FF SearchPlugin: C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\tfwcekbk.default\searchplugins\imdb.xml FF Extension: Evernote Web Clipper - C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\tfwcekbk.default\Extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800} FF Extension: amznUWL2 - C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\tfwcekbk.default\Extensions\amznUWL2@amazon.com.xpi FF Extension: info - C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\tfwcekbk.default\Extensions\info@priceblink.com.xpi FF Extension: readable - C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\tfwcekbk.default\Extensions\readable@evernote.com.xpi FF Extension: defaults - C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\tfwcekbk.default\Extensions\{677a8f98-fd64-40b0-a883-b8c95d0cbf17}.xpi FF Extension: Anti-Banner - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com FF Extension: Content Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com Chrome: ======= CHR DefaultSearchURL: (Yahoo!) - http://search.yahoo.com/search?fr=chr-greentree_gc&ei=utf-8&ilc=12&type=714647&p={searchTerms} CHR DefaultSuggestURL: (Yahoo!) - http://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms} CHR Plugin: (Shockwave Flash) - C:\Users\Michelle\AppData\Local\Google\Chrome\Application\31.0.1650.57\gcswf32.dll No File CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Users\Michelle\AppData\Local\Google\Chrome\Application\31.0.1650.57\pdf.dll () CHR Plugin: (Chrome NaCl) - C:\Users\Michelle\AppData\Local\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Google Gears 0.5.33.0) - C:\Users\Michelle\AppData\Local\Google\Chrome\Application\31.0.1650.57\gears.dll No File CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (Google Update) - C:\Users\Michelle\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll No File CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) CHR Plugin: (Default Plug-in) - default_plugin No File CHR Extension: (Entanglement Web App) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\3.4.9_0 CHR Extension: (Kaspersky URL Advisor) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0 CHR Extension: (Virtual Keyboard) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0 CHR Extension: (Poppit) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0 CHR Extension: (Google Wallet) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0 CHR Extension: (Anti-Banner) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0 CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crx CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\content_blocker_chrome.crx CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx ==================== Services (Whitelisted) ================= R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-09] (Kaspersky Lab ZAO) R2 Basics Service; C:\Program Files (x86)\Seagate\Basics\Service\SyncServicesBasics.exe [124280 2007-10-09] (Seagate Technology LLC) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [275752 2008-01-22] (Nero AG) R2 PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1155088 2012-12-20] (Western Digital ) R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [248840 2012-12-20] (Western Digital) R2 WDRulesService; C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [1178128 2012-12-20] (Western Digital ) ==================== Drivers (Whitelisted) ==================== R3 AX88178; C:\Windows\System32\DRIVERS\ax88178.sys [58368 2010-11-24] (ASIX Electronics Corp.) R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [7717984 2013-10-09] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [626272 2013-10-09] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [28504 2012-08-02] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-10-09] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-09] (Kaspersky Lab ZAO) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-06-20] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-04-24] (Kaspersky Lab ZAO) R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] () S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] () R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2013-03-14] (CACE Technologies, Inc.) R3 Spyder3; C:\Windows\System32\DRIVERS\Spyder3.sys [15360 2010-03-30] () R3 xcbdaNtsc; C:\Windows\System32\DRIVERS\xcbdaNVx64.sys [206504 2007-03-15] (ViXS Systems Inc.) S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x] S3 IpInIp; system32\DRIVERS\ipinip.sys [x] U5 klflt; C:\Windows\System32\Drivers\klflt.sys [90208 2013-04-24] (Kaspersky Lab ZAO) S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-12-01 22:20 - 2013-12-01 22:22 - 01959184 _____ (Farbar) C:\Users\Michelle\Downloads\FRST64(2).exe 2013-12-01 22:18 - 2013-12-01 22:19 - 01959184 _____ (Farbar) C:\Users\Michelle\Downloads\FRST64(1).exe 2013-12-01 22:08 - 2013-12-01 22:09 - 00009575 _____ C:\Users\Michelle\Downloads\Addition.txt 2013-12-01 22:07 - 2013-12-01 22:25 - 00023746 _____ C:\Users\Michelle\Downloads\FRST.txt 2013-12-01 22:07 - 2013-12-01 22:07 - 00000000 ____D C:\FRST 2013-12-01 22:05 - 2013-12-01 22:05 - 01959184 _____ (Farbar) C:\Users\Michelle\Downloads\FRST64.exe 2013-12-01 21:55 - 2013-12-01 21:55 - 00000948 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2013-12-01 21:55 - 2013-12-01 21:55 - 00000000 ____D C:\Users\Michelle\AppData\Roaming\Malwarebytes 2013-12-01 21:55 - 2013-12-01 21:55 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-12-01 21:55 - 2013-12-01 21:55 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-12-01 21:55 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2013-12-01 21:53 - 2013-12-01 21:54 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Michelle\Downloads\mbam-setup-1.75.0.1300.exe 2013-12-01 21:11 - 2013-12-01 21:46 - 00000000 ____D C:\AdwCleaner 2013-12-01 21:09 - 2013-12-01 21:09 - 01110034 _____ C:\Users\Michelle\Downloads\AdwCleaner.exe 2013-11-28 10:42 - 2013-11-28 10:42 - 00000000 _____ C:\Users\Michelle\Downloads\afs 2013-11-27 08:12 - 2013-10-16 10:18 - 00338944 _____ (Adpeak, Inc.) C:\Windows\SysWOW64\AdpeakProxy.dll 2013-11-26 13:16 - 2013-11-26 13:19 - 53672960 _____ C:\Users\Michelle\Downloads\calibre-1.12.0.msi 2013-11-26 13:15 - 2013-11-26 13:15 - 00000000 ____D C:\Users\Michelle\Downloads\Veronica Roth - Divergent Trilogy [EPUB, MOBI, PDF] 2013-11-26 11:13 - 2013-11-26 11:13 - 00001304 _____ C:\Users\Michelle\Documents\cc_20131126_111346.reg 2013-11-26 10:50 - 2013-11-26 10:51 - 00459400 _____ C:\Windows\dd_vcredistMSI602E.txt 2013-11-26 10:50 - 2013-11-26 10:51 - 00013782 _____ C:\Windows\dd_vcredistUI602E.txt 2013-11-26 07:35 - 2013-11-26 07:35 - 00000000 ____D C:\ProgramData\VS Revo Group 2013-11-26 07:04 - 2013-12-01 22:10 - 00133742 _____ C:\Windows\PFRO.log 2013-11-25 18:57 - 2013-11-25 19:01 - 00050790 _____ C:\Users\Michelle\Documents\cc_20131125_185747.reg 2013-11-25 18:30 - 2013-11-25 18:31 - 00000000 ____D C:\Users\Michelle\Desktop\CST 2013-11-25 18:24 - 2013-11-25 18:24 - 00317584 _____ C:\Users\Michelle\Documents\cc_20131125_182400.reg 2013-11-25 18:20 - 2013-11-25 18:20 - 00002778 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC 2013-11-25 18:20 - 2013-11-25 18:20 - 00000000 ____D C:\Program Files\CCleaner 2013-11-25 18:19 - 2013-11-25 18:19 - 04618136 _____ (Piriform Ltd) C:\Users\Michelle\Downloads\ccsetup408.exe 2013-11-25 17:55 - 2013-11-25 17:55 - 00000000 ____D C:\Users\Michelle\AppData\Roaming\Convert Audio Free 2013-11-25 17:54 - 2013-11-25 17:56 - 00355336 _____ C:\Users\Michelle\AppData\Local\dd_vcredistMSI5653.txt 2013-11-25 17:54 - 2013-11-25 17:56 - 00014650 _____ C:\Users\Michelle\AppData\Local\dd_vcredistUI5653.txt 2013-11-24 00:34 - 2013-11-24 00:34 - 01071224 _____ (Solid State Networks) C:\Users\Michelle\Downloads\install_flashplayer11x32au_mssd_aaa_aih(1).exe 2013-11-17 10:09 - 2013-11-19 11:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-11-15 13:07 - 2013-11-15 13:07 - 01071224 _____ (Solid State Networks) C:\Users\Michelle\Downloads\install_flashplayer11x32au_mssd_aaa_aih.exe 2013-11-14 09:25 - 2013-10-13 07:58 - 17847296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-11-14 09:25 - 2013-10-13 07:09 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-11-14 09:25 - 2013-10-13 06:55 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-11-14 09:25 - 2013-10-13 06:48 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-11-14 09:25 - 2013-10-13 06:47 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-11-14 09:25 - 2013-10-13 06:46 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2013-11-14 09:25 - 2013-10-13 06:46 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2013-11-14 09:25 - 2013-10-13 06:44 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-11-14 09:25 - 2013-10-13 06:42 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-11-14 09:25 - 2013-10-13 06:42 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2013-11-14 09:25 - 2013-10-13 06:42 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2013-11-14 09:25 - 2013-10-13 06:39 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-11-14 09:25 - 2013-10-13 06:38 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-11-14 09:25 - 2013-10-13 06:36 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2013-11-14 09:25 - 2013-10-13 06:35 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-11-14 09:25 - 2013-10-13 06:29 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-11-14 09:25 - 2013-10-13 02:42 - 12344832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-11-14 09:25 - 2013-10-13 02:08 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-11-14 09:25 - 2013-10-13 01:48 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-11-14 09:25 - 2013-10-13 01:37 - 01104896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-11-14 09:25 - 2013-10-13 01:35 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2013-11-14 09:25 - 2013-10-13 01:35 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-11-14 09:25 - 2013-10-13 01:33 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2013-11-14 09:25 - 2013-10-13 01:32 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-11-14 09:25 - 2013-10-13 01:30 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-11-14 09:25 - 2013-10-13 01:30 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2013-11-14 09:25 - 2013-10-13 01:29 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2013-11-14 09:25 - 2013-10-13 01:27 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-11-14 09:25 - 2013-10-13 01:27 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-11-14 09:25 - 2013-10-13 01:26 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2013-11-14 09:25 - 2013-10-13 01:25 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-11-14 09:25 - 2013-10-13 01:20 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-11-13 12:36 - 2013-10-10 20:23 - 00781824 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL 2013-11-13 12:36 - 2013-10-10 20:23 - 00462848 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL 2013-11-13 12:36 - 2013-10-10 18:29 - 00217074 _____ C:\Windows\system32\WFP.TMF 2013-11-13 12:36 - 2013-10-10 18:07 - 00596480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL 2013-11-13 12:36 - 2013-10-03 07:02 - 01278976 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2013-11-13 12:36 - 2013-10-03 04:45 - 00993792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-11-13 12:35 - 2013-10-03 07:03 - 00389632 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2013-11-13 12:35 - 2013-10-03 04:46 - 00304128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2013-11-13 12:35 - 2013-09-03 18:31 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2013-11-08 08:44 - 2013-11-08 08:44 - 00001694 _____ C:\Users\Public\Desktop\iTunes.lnk 2013-11-08 08:43 - 2013-11-08 08:44 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-11-08 08:43 - 2013-11-08 08:44 - 00000000 ____D C:\Program Files\iTunes 2013-11-08 08:43 - 2013-11-08 08:44 - 00000000 ____D C:\Program Files (x86)\iTunes 2013-11-08 08:43 - 2013-11-08 08:43 - 00000000 ____D C:\Program Files\iPod ==================== One Month Modified Files and Folders ======= 2013-12-01 22:25 - 2013-12-01 22:07 - 00023746 _____ C:\Users\Michelle\Downloads\FRST.txt 2013-12-01 22:22 - 2013-12-01 22:20 - 01959184 _____ (Farbar) C:\Users\Michelle\Downloads\FRST64(2).exe 2013-12-01 22:21 - 2012-04-08 16:01 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-12-01 22:19 - 2013-12-01 22:18 - 01959184 _____ (Farbar) C:\Users\Michelle\Downloads\FRST64(1).exe 2013-12-01 22:18 - 2006-11-02 04:46 - 00731710 _____ C:\Windows\system32\PerfStringBackup.INI 2013-12-01 22:15 - 2011-05-22 14:26 - 00000920 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-938033839-2590711077-2007656739-1000UA.job 2013-12-01 22:14 - 2012-07-26 21:19 - 00000000 ____D C:\Users\Michelle\AppData\Roaming\Dropbox 2013-12-01 22:13 - 2012-07-26 21:23 - 00000000 ___RD C:\Users\Michelle\Dropbox 2013-12-01 22:12 - 2012-09-21 09:24 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-12-01 22:12 - 2011-05-22 10:22 - 00000000 ____D C:\ProgramData\Kaspersky Lab 2013-12-01 22:11 - 2011-05-22 11:12 - 00000000 _____ C:\Windows\system32\Drivers\lvuvc.hs 2013-12-01 22:11 - 2006-11-02 07:40 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-12-01 22:11 - 2006-11-02 07:21 - 00004832 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2013-12-01 22:11 - 2006-11-02 07:21 - 00004832 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2013-12-01 22:10 - 2013-11-26 07:04 - 00133742 _____ C:\Windows\PFRO.log 2013-12-01 22:09 - 2013-12-01 22:08 - 00009575 _____ C:\Users\Michelle\Downloads\Addition.txt 2013-12-01 22:09 - 2006-11-02 07:40 - 00032650 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2013-12-01 22:09 - 2006-11-02 07:26 - 01124466 _____ C:\Windows\WindowsUpdate.log 2013-12-01 22:07 - 2013-12-01 22:07 - 00000000 ____D C:\FRST 2013-12-01 22:05 - 2013-12-01 22:05 - 01959184 _____ (Farbar) C:\Users\Michelle\Downloads\FRST64.exe 2013-12-01 22:05 - 2012-09-21 09:24 - 00000902 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-12-01 21:59 - 2011-05-24 16:28 - 00000000 ____D C:\Users\Michelle\AppData\Local\Adobe 2013-12-01 21:55 - 2013-12-01 21:55 - 00000948 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2013-12-01 21:55 - 2013-12-01 21:55 - 00000000 ____D C:\Users\Michelle\AppData\Roaming\Malwarebytes 2013-12-01 21:55 - 2013-12-01 21:55 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-12-01 21:55 - 2013-12-01 21:55 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-12-01 21:54 - 2013-12-01 21:53 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Michelle\Downloads\mbam-setup-1.75.0.1300.exe 2013-12-01 21:46 - 2013-12-01 21:11 - 00000000 ____D C:\AdwCleaner 2013-12-01 21:15 - 2011-05-22 14:26 - 00000868 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-938033839-2590711077-2007656739-1000Core.job 2013-12-01 21:09 - 2013-12-01 21:09 - 01110034 _____ C:\Users\Michelle\Downloads\AdwCleaner.exe 2013-12-01 21:08 - 2011-05-22 14:27 - 00000000 ____D C:\Users\Michelle\AppData\Roaming\uTorrent 2013-11-28 12:09 - 2012-05-30 07:51 - 00000000 ____D C:\Users\Michelle\Documents\Calibre Library 2013-11-28 10:53 - 2011-05-22 14:13 - 00000000 ____D C:\Users\Michelle\Documents\Quicken 2013-11-28 10:42 - 2013-11-28 10:42 - 00000000 _____ C:\Users\Michelle\Downloads\afs 2013-11-28 05:00 - 2012-09-21 09:24 - 00003898 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2013-11-28 05:00 - 2012-09-21 09:24 - 00003646 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2013-11-26 13:24 - 2013-07-19 09:38 - 00000871 _____ C:\Users\Public\Desktop\calibre - E-book management.lnk 2013-11-26 13:24 - 2012-05-30 07:50 - 00000000 ____D C:\Program Files (x86)\Calibre2 2013-11-26 13:19 - 2013-11-26 13:16 - 53672960 _____ C:\Users\Michelle\Downloads\calibre-1.12.0.msi 2013-11-26 13:15 - 2013-11-26 13:15 - 00000000 ____D C:\Users\Michelle\Downloads\Veronica Roth - Divergent Trilogy [EPUB, MOBI, PDF] 2013-11-26 11:13 - 2013-11-26 11:13 - 00001304 _____ C:\Users\Michelle\Documents\cc_20131126_111346.reg 2013-11-26 10:51 - 2013-11-26 10:50 - 00459400 _____ C:\Windows\dd_vcredistMSI602E.txt 2013-11-26 10:51 - 2013-11-26 10:50 - 00013782 _____ C:\Windows\dd_vcredistUI602E.txt 2013-11-26 10:50 - 2006-11-02 05:33 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared 2013-11-26 07:35 - 2013-11-26 07:35 - 00000000 ____D C:\ProgramData\VS Revo Group 2013-11-25 19:01 - 2013-11-25 18:57 - 00050790 _____ C:\Users\Michelle\Documents\cc_20131125_185747.reg 2013-11-25 18:53 - 2011-05-31 19:22 - 00000000 ____D C:\Windows\Minidump 2013-11-25 18:53 - 2011-05-22 12:44 - 00000000 ____D C:\Users\Michelle\AppData\Local\MigWiz 2013-11-25 18:53 - 2011-05-22 10:31 - 00000000 ____D C:\Windows\Panther 2013-11-25 18:31 - 2013-11-25 18:30 - 00000000 ____D C:\Users\Michelle\Desktop\CST 2013-11-25 18:31 - 2013-05-01 15:23 - 00000000 ____D C:\Users\Michelle\Desktop\City of Las Vegas - Online Payments - Printer Friendly Page_files 2013-11-25 18:24 - 2013-11-25 18:24 - 00317584 _____ C:\Users\Michelle\Documents\cc_20131125_182400.reg 2013-11-25 18:20 - 2013-11-25 18:20 - 00002778 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC 2013-11-25 18:20 - 2013-11-25 18:20 - 00000000 ____D C:\Program Files\CCleaner 2013-11-25 18:19 - 2013-11-25 18:19 - 04618136 _____ (Piriform Ltd) C:\Users\Michelle\Downloads\ccsetup408.exe 2013-11-25 18:09 - 2011-05-22 09:47 - 00000000 ___RD C:\Users\Michelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2013-11-25 17:56 - 2013-11-25 17:54 - 00355336 _____ C:\Users\Michelle\AppData\Local\dd_vcredistMSI5653.txt 2013-11-25 17:56 - 2013-11-25 17:54 - 00014650 _____ C:\Users\Michelle\AppData\Local\dd_vcredistUI5653.txt 2013-11-25 17:55 - 2013-11-25 17:55 - 00000000 ____D C:\Users\Michelle\AppData\Roaming\Convert Audio Free 2013-11-25 17:34 - 2011-07-28 10:18 - 00000069 _____ C:\Windows\NeroDigital.ini 2013-11-24 00:34 - 2013-11-24 00:34 - 01071224 _____ (Solid State Networks) C:\Users\Michelle\Downloads\install_flashplayer11x32au_mssd_aaa_aih(1).exe 2013-11-21 09:54 - 2012-04-25 09:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-11-19 11:09 - 2013-11-17 10:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-11-15 13:07 - 2013-11-15 13:07 - 01071224 _____ (Solid State Networks) C:\Users\Michelle\Downloads\install_flashplayer11x32au_mssd_aaa_aih.exe 2013-11-14 19:27 - 2006-11-02 05:33 - 00000000 ____D C:\Windows\rescache 2013-11-14 09:27 - 2011-05-22 14:35 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-11-14 09:24 - 2013-08-14 10:57 - 00000000 ____D C:\Windows\system32\MRT 2013-11-14 09:22 - 2006-11-02 04:35 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2013-11-11 05:50 - 2011-05-22 10:23 - 00267936 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2013-11-08 08:44 - 2013-11-08 08:44 - 00001694 _____ C:\Users\Public\Desktop\iTunes.lnk 2013-11-08 08:44 - 2013-11-08 08:43 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-11-08 08:44 - 2013-11-08 08:43 - 00000000 ____D C:\Program Files\iTunes 2013-11-08 08:44 - 2013-11-08 08:43 - 00000000 ____D C:\Program Files (x86)\iTunes 2013-11-08 08:43 - 2013-11-08 08:43 - 00000000 ____D C:\Program Files\iPod Some content of TEMP: ==================== C:\Users\Michelle\AppData\Local\Temp\6_Offer_17.exe C:\Users\Michelle\AppData\Local\Temp\BackupSetup.exe C:\Users\Michelle\AppData\Local\Temp\Quarantine.exe C:\Users\Michelle\AppData\Local\Temp\SpOrder.dll C:\Users\Michelle\AppData\Local\Temp\vcredist_x64.exe C:\Users\Michelle\AppData\Local\Temp\VSUSetup.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-12-01 22:17 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-12-2013 Ran by Michelle at 2013-12-01 22:25:35 Running from C:\Users\Michelle\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Kaspersky Internet Security (Disabled - Up to date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5} AS: Kaspersky Internet Security (Disabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Kaspersky Internet Security (Disabled) {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E} ==================== Installed Programs ====================== Update for Microsoft Office 2007 (KB2508958) (x32) @BIOS (x32 Version: 2.12) µTorrent (HKCU Version: 3.3.2.30303) ABC (remove only) (x32) Adobe AIR (x32 Version: 3.3.0.3650) Adobe Community Help (x32 Version: 3.4.980) Adobe Digital Editions (x32) Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117) Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117) Adobe Photoshop CS5.1 (x32 Version: 12.1) Adobe Photoshop Lightroom 3.6 64-bit (Version: 3.6.1) Adobe Photoshop Lightroom 5 Beta 64-bit (Version: 5.0.0) Adobe Reader X (10.1.8) (x32 Version: 10.1.8) Amazon Cloud Drive (x32 Version: 0.11.12.0) AnswerWorks 5.0 English Runtime (x32 Version: 5.0.7) Apple Application Support (x32 Version: 2.3.6) Apple Mobile Device Support (Version: 7.0.0.117) Apple Software Update (x32 Version: 2.1.3.127) Audacity 1.3.13 (Unicode) (x32) AX88178 Vista Drivers (x32 Version: 1.0.1.0) Bonjour (Version: 3.0.0.10) calibre (x32 Version: 1.12.0) CCleaner (Version: 4.08) Click-N-Ship for Business® (x32 Version: 4.1.167.0) CompanionLink (x32 Version: 5.00.5050) Coupon Printer for Windows (x32 Version: 5.0.0.4) Creative Audio Control Panel (x32 Version: 2.00) Creative Software AutoUpdate (x32 Version: 1.40) Creative Sound Blaster Properties x64 Edition (x32) Drive Manager (x32 Version: 1.00.0012) Dropbox (HKCU Version: 2.0.22) DVDFab 8.2.2.0 (16/11/2012) Qt (x32) Evernote v. 4.6.7 (x32 Version: 4.6.7.8409) ffdshow [rev 1328] [2007-07-06] (Version: 1.0) Flickr Uploadr 3.2.1 (x32) Google Apps Migration For Microsoft Outlook® 2.3.14.36 (x32 Version: 2.3.14.36) Google Chrome (HKCU Version: 31.0.1650.57) Google Drive (x32 Version: 1.12.5329.1887) Google Update Helper (x32 Version: 1.3.22.3) HP Officejet Pro 8500 A910 Basic Device Software (Version: 22.50.231.0) HP Officejet Pro 8500 A910 Help (x32 Version: 140.0.2.2) HP Officejet Pro 8500 A910 Product Improvement Study (Version: 22.50.231.0) HP Officejet Pro 8600 Basic Device Software (Version: 28.0.1315.0) HP Officejet Pro 8600 Help (x32 Version: 28.0.0) HP Officejet Pro 8600 Product Improvement Study (Version: 28.0.1315.0) HP Update (x32 Version: 5.003.003.001) HPDiagnosticAlert (x32 Version: 1.00.0000) I.R.I.S. OCR (x32 Version: 12.3.4.0) iCloud (Version: 2.1.2.8) inSSIDer (x32 Version: 2.1.6) iTunes (Version: 11.1.3.8) Java 7 Update 25 (64-bit) (Version: 7.0.250) Java 7 Update 45 (x32 Version: 7.0.450) Java Auto Updater (x32 Version: 2.1.9.8) Kaspersky Internet Security 2013 (x32 Version: 13.0.1.4190) Kies Air Discovery Service (HKCU) LEGO Digital Designer (x32) LightScribe System Software (x32 Version: 1.18.24.1) LightScribe Template Designs - Holiday Pack 1 (x32 Version: 1.10.16.1) LightScribe Template Labeler (x32 Version: 1.18.24.1) Logitech Vid HD (x32 Version: 7.2 (7248)) Logitech Webcam Software (Version: 12.10.1113) Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300) Marketsplash Shortcuts (x32 Version: 1.0.1.7) Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft Office 2007 Service Pack 3 (SP3) (x32) Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003) Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000) Microsoft Office Outlook 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014) Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32) Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Standard 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000) Microsoft Outlook Personal Folders Backup (x32 Version: 1.10.0.0) Microsoft Silverlight (x32 Version: 5.1.20913.0) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053) Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053) Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053) Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053) Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053) Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053) Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053) Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053) Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000) Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000) Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000) Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000) Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000) Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000) Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000) Microsoft_VC90_MFCLOC_x86_x64 (Version: 1.00.0000) MobileMe Control Panel (Version: 3.1.8.0) Mozilla Firefox 25.0.1 (x86 en-US) (x32 Version: 25.0.1) Mozilla Maintenance Service (x32 Version: 25.0.1) MPEG2 Codec(libmpeg2/mad) (x32) MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0) My Sirius Studio (x32) Nero 7 Ultra Edition (x32 Version: 7.03.1357) neroxml (x32 Version: 1.0.0) Netflix in Windows Media Center (x32 Version: 2.0.0.0) OpenAL (x32) Password Kernel 1.7 (x32 Version: 1.7) PDF ePub DRM Removal (x32 Version: 1.4.1) PDF Settings CS5 (x32 Version: 10.0) Photomatix Pro version 4.1.1 (Version: 4.1.1) Quicken 2011 (x32 Version: 20.1.8.6) QuickTime (x32 Version: 7.74.80.86) RAR File Open Knife - Free Opener (x32 Version: 3.00) Recuva (Version: 1.40) Revo Uninstaller Pro 3.0.7 (Version: 3.0.7) Safari (x32 Version: 5.34.57.2) ScorpionSaver (x32 Version: 1.0.0.0) <==== ATTENTION Seagate Manager Installer (x32 Version: 2.01.0013) Search Protection (HKCU Version: 7.5.0.1) <==== ATTENTION ServiceProvider (x32) Sirius Device Recovery (x32 Version: 1.00.0007) Spyder3Pro (x32) SpyderCheckr (x32) SUPER © v2011.build.49 (July 1st, 2011) version v2011.build.49 (x32 Version: v2011.build.49) TweetDeck (x32 Version: 0.38.1) Ultimate Extras sounds from Microsoft® Tinker™ Update for 2007 Microsoft Office System (KB967642) (x32) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3) Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32) Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32) Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32) Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32) Update for Microsoft Office Excel 2007 Help (KB963678) (x32) Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32) Update for Microsoft Office Outlook 2007 Help (KB963677) (x32) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2825642) 32-Bit Edition (x32) Update for Microsoft Office Powerpoint 2007 Help (KB963669) (x32) Update for Microsoft Office Script Editor Help (KB963671) (x32) Update for Microsoft Office Word 2007 Help (KB963665) (x32) VLC media player 1.1.11 (x32 Version: 1.1.11) VueScan (x32) WD SmartWare (Version: 1.6.5.2) WD Software Upgrader (x32 Version: 1.5.1) Windows Installer Clean Up (x32 Version: 3.00.00.0000) Windows Sound Schemes ==================== Restore Points ========================= 26-11-2013 09:50:26 Windows Update 26-11-2013 15:24:15 Removed ScorpionSaver 26-11-2013 15:36:15 Revo Uninstaller Pro's restore point - ScorpionSaver 26-11-2013 18:37:00 Removed ScorpionSaver 26-11-2013 18:47:03 Revo Uninstaller Pro's restore point - ScorpionSaver 26-11-2013 18:47:33 Removed ScorpionSaver 26-11-2013 18:50:35 Windows Update 26-11-2013 19:06:16 Removed ScorpionSaver 26-11-2013 19:09:25 Removed ScorpionSaver 26-11-2013 21:21:47 Installed calibre 27-11-2013 17:42:11 Scheduled Checkpoint 28-11-2013 08:00:01 Scheduled Checkpoint 30-11-2013 09:39:14 Windows Update 01-12-2013 23:38:51 Removed ScorpionSaver Services 01-12-2013 23:41:30 Removed ScorpionSaver 01-12-2013 23:44:04 Removed ScorpionSaver 01-12-2013 23:57:31 Removed ScorpionSaver ==================== Hosts content: ========================== 2006-11-02 04:34 - 2006-09-18 13:37 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {0F4827BB-40D8-48A5-9B6D-B5A420FF84C6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {5DAFD194-1AEF-4252-8A0C-593BE841B85F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-19] (Google Inc.) Task: {7CFEE8B6-EA66-4977-884D-3F82129B895A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-938033839-2590711077-2007656739-1000UA => C:\Users\Michelle\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-31] (Google Inc.) Task: {9475DD97-BB54-4FD8-A31A-032B4833F6AA} - System32\Tasks\Microsoft\Windows\MobilePC\TMM Task: {9FA94E21-3E13-46D8-9FF1-F6FC8F308CFA} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.) Task: {AA105019-BFFB-4713-B627-81B47F4419F0} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages Task: {AB60156F-EB1A-4C54-9000-6C0D3335318B} - \DealPlyLiveUpdateTaskMachineCore No Task File Task: {B1353C38-1627-4C7A-A24E-22A2216B0D1C} - System32\Tasks\AdobeAAMUpdater-1.0-Behemoth-Michelle => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2012-09-20] (Adobe Systems Incorporated) Task: {B631F454-7CC1-4AD5-AC51-2604255B24DF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-11-22] (Piriform Ltd) Task: {B8234318-6721-4C43-B7D9-CEF6BBBF3FDB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-19] (Google Inc.) Task: {B8865CFE-39D8-4074-B014-77EB239AA357} - \DealPlyLiveUpdateTaskMachineUA No Task File Task: {C1330C29-DD3A-4ABA-AA40-F4631D6CE77B} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI Task: {C24DDCE1-39FB-4B78-A1BD-14C68F1B5BBD} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-938033839-2590711077-2007656739-1000Core => C:\Users\Michelle\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-31] (Google Inc.) Task: {C28278BF-1ABF-4595-BB2A-15201DDF25E3} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\System32\gatherWirelessInfo.vbs [2011-05-22] () Task: {C41E9FD5-A5DB-4DEF-9715-E4F7BAFEE730} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\System32\RacAgent.exe [2008-01-19] (Microsoft Corporation) Task: {D4B6CCFC-6912-4837-900B-B809899BE100} - System32\Tasks\HPCustParticipation HP Officejet Pro 8500 A910 => C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPCustPartic.exe [2010-11-16] (Hewlett-Packard Co.) Task: {DE9E267D-6DE0-4FF1-8869-5EA153BA745D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-09] (Adobe Systems Incorporated) Task: {EC70A6A4-A818-40A8-A11C-4D54F0EFCC6E} - \Scheduled Update for Ask Toolbar No Task File Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-938033839-2590711077-2007656739-1000Core.job => C:\Users\Michelle\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-938033839-2590711077-2007656739-1000UA.job => C:\Users\Michelle\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2006-11-02 04:41 - 2008-06-03 02:35 - 00116736 _____ () C:\Windows\system32\atitmm64.dll 2011-06-24 21:56 - 2011-06-24 21:56 - 00087328 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2011-06-24 21:56 - 2011-06-24 21:56 - 01241888 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2012-08-17 21:39 - 2012-12-21 11:13 - 01310136 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\kpcengine.2.2.dll 2011-06-17 11:46 - 2011-06-17 11:46 - 02408448 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll 2011-06-17 11:46 - 2011-06-17 11:46 - 08626176 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll 2011-06-17 11:46 - 2011-06-17 11:46 - 00212992 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll 2012-08-17 21:38 - 2012-08-17 21:38 - 00479160 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll 2013-03-13 12:48 - 2013-03-13 12:48 - 24978944 _____ () C:\Users\Michelle\AppData\Roaming\Dropbox\bin\libcef.dll 2012-09-08 12:16 - 2012-09-08 12:16 - 00433664 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll 2012-09-08 12:16 - 2012-09-08 12:16 - 00315392 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll 2013-11-17 10:09 - 2013-11-17 10:09 - 03363952 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll 2013-10-09 09:21 - 2013-10-09 09:21 - 16233864 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== ==================== Faulty Device Manager Devices ============= Name: Realtek RTL8168B/8111B Family PCI-E Gigabit Ethernet NIC (NDIS 6.0) Description: Realtek RTL8168B/8111B Family PCI-E Gigabit Ethernet NIC (NDIS 6.0) Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Realtek Service: RTL8169 Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Universal Serial Bus (USB) Controller Description: Universal Serial Bus (USB) Controller Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: SM Bus Controller Description: SM Bus Controller Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (12/01/2013 10:21:24 PM) (Source: Application Hang) (User: ) Description: The program firefox.exe version 25.0.1.5064 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 11e4 Start Time: 01ceef25eca61268 Termination Time: 8 Error: (12/01/2013 09:41:09 PM) (Source: Windows Search Service) (User: ) Description: The entry <C:\USERS\MICHELLE\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\TFWCEKBK.DEFAULT\SAFEBROWSING-TO_DELETE> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error: (12/01/2013 09:41:08 PM) (Source: Windows Search Service) (User: ) Description: The entry <C:\USERS\MICHELLE\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\TFWCEKBK.DEFAULT\SAFEBROWSING> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error: (12/01/2013 09:41:08 PM) (Source: Windows Search Service) (User: ) Description: The entry <C:\USERS\MICHELLE\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\TFWCEKBK.DEFAULT\SAFEBROWSING> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error: (12/01/2013 09:41:07 PM) (Source: Windows Search Service) (User: ) Description: The entry <C:\USERS\MICHELLE\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\TFWCEKBK.DEFAULT\SAFEBROWSING-TO_DELETE> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error: (12/01/2013 09:41:07 PM) (Source: Windows Search Service) (User: ) Description: The entry <C:\USERS\MICHELLE\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\TFWCEKBK.DEFAULT\SAFEBROWSING> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error: (12/01/2013 09:41:07 PM) (Source: Windows Search Service) (User: ) Description: The entry <C:\USERS\MICHELLE\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\TFWCEKBK.DEFAULT\SAFEBROWSING> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error: (12/01/2013 09:41:06 PM) (Source: Windows Search Service) (User: ) Description: The entry <C:\USERS\MICHELLE\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\TFWCEKBK.DEFAULT\SAFEBROWSING-TO_DELETE> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error: (12/01/2013 09:41:06 PM) (Source: Windows Search Service) (User: ) Description: The entry <C:\USERS\MICHELLE\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\TFWCEKBK.DEFAULT\SAFEBROWSING> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error: (12/01/2013 09:41:06 PM) (Source: Windows Search Service) (User: ) Description: The entry <C:\USERS\MICHELLE\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\TFWCEKBK.DEFAULT\SAFEBROWSING> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) System errors: ============= Error: (12/01/2013 10:20:06 PM) (Source: Service Control Manager) (User: ) Description: Windows Update Error: (12/01/2013 10:14:55 PM) (Source: Service Control Manager) (User: ) Description: 30000ShellHWDetection Error: (12/01/2013 10:14:55 PM) (Source: Service Control Manager) (User: ) Description: 30000ShellHWDetection Error: (12/01/2013 10:14:55 PM) (Source: Service Control Manager) (User: ) Description: Windows Media Player Network Sharing Service%%1053 Error: (12/01/2013 10:14:55 PM) (Source: Service Control Manager) (User: ) Description: 30000Windows Media Player Network Sharing Service Error: (12/01/2013 10:12:45 PM) (Source: Service Control Manager) (User: ) Description: 30000Windows Media Center Scheduler Service Error: (12/01/2013 10:12:45 PM) (Source: DCOM) (User: ) Description: 1053ehSched-Service{4B635ECB-0887-4015-8CA6-D621362F98D1} Error: (12/01/2013 09:52:04 PM) (Source: Service Control Manager) (User: ) Description: 30000ShellHWDetection Error: (12/01/2013 09:36:58 PM) (Source: Service Control Manager) (User: ) Description: Windows Media Center Receiver Service1100001Restart the service Error: (12/01/2013 09:36:49 PM) (Source: Service Control Manager) (User: ) Description: Software Licensing11200001Restart the service Microsoft Office Sessions: ========================= Error: (08/31/2013 09:18:54 AM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 239 seconds with 0 seconds of active time. This session ended with a crash. Error: (12/03/2012 08:21:18 AM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 87 seconds with 0 seconds of active time. This session ended with a crash. Error: (02/02/2012 09:07:09 AM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 16 seconds with 0 seconds of active time. This session ended with a crash. Error: (07/11/2011 09:46:42 AM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 41 seconds with 0 seconds of active time. This session ended with a crash. CodeIntegrity Errors: =================================== Date: 2013-12-01 22:24:55.167 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\kl1.sys because the set of per-page image hashes could not be found on the system. Date: 2013-12-01 22:24:54.865 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\kl1.sys because the set of per-page image hashes could not be found on the system. Date: 2013-12-01 22:24:54.659 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\kl1.sys because the set of per-page image hashes could not be found on the system. Date: 2013-12-01 22:24:54.047 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\kl1.sys because the set of per-page image hashes could not be found on the system. Date: 2013-12-01 22:18:38.334 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\kl1.sys because the set of per-page image hashes could not be found on the system. Date: 2013-12-01 22:07:58.711 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\kl1.sys because the set of per-page image hashes could not be found on the system. Date: 2013-12-01 22:07:58.508 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\kl1.sys because the set of per-page image hashes could not be found on the system. Date: 2013-12-01 22:07:58.273 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\kl1.sys because the set of per-page image hashes could not be found on the system. Date: 2013-12-01 22:07:58.050 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\kl1.sys because the set of per-page image hashes could not be found on the system. Date: 2013-06-02 13:41:06.097 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Percentage of memory in use: 19% Total physical RAM: 16374.52 MB Available physical RAM: 13170.7 MB Total Pagefile: 32555.89 MB Available Pagefile: 29744.39 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:931.51 GB) (Free:392.86 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: () (Fixed) (Total:931.51 GB) (Free:281.49 GB) NTFS Drive g: (My Book) (Fixed) (Total:2794.49 GB) (Free:1410.18 GB) NTFS Drive h: (FreeAgent Drive) (Fixed) (Total:465.76 GB) (Free:153.34 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 932 GB) (Disk ID: ED8BEE61) Partition 1: (Active) - (Size=932 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 932 GB) (Disk ID: 7CCED9C2) Partition 1: (Active) - (Size=932 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (Size: 466 GB) (Disk ID: A4B57300) Partition 1: (Not Active) - (Size=466 GB) - (Type=07 NTFS) Attempted reading MBR returned 0 bytes. Could not read MBR for disk 7. ==================== End Of Log ============================

Malwarebytes Anti-Malware (Trial) 1.75.0.1300 www.malwarebytes.org Database version: v2013.12.02.02 Windows Vista Service Pack 2 x64 NTFS Internet Explorer 9.0.8112.16421 Michelle :: BEHEMOTH [administrator] Protection: Enabled 12/1/2013 9:57:21 PM MBAM-log-2013-12-01 (22-03-08).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 231620 Time elapsed: 4 minute(s), 33 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 4 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10AD2C61-0898-4348-8600-14A342F22AC3} (PUP.Optional.ScorpionSaver) -> No action taken. HKCR\TypeLib\{DCABB943-792E-44C4-9029-ECBEE6265AF9} (PUP.Optional.Smart) -> No action taken. HKCR\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534} (PUP.Optional.Smart) -> No action taken. HKCR\AppID\AdpeakProxy.exe (PUP.Optional.Adpeak) -> No action taken. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 5 C:\Users\Michelle\AppData\Local\Temp\DownloadManager.exe (PUP.Optional.Smart) -> No action taken. C:\Users\Michelle\AppData\Local\Temp\RegClean10.exe (PUP.Optional.RegCleanerPro) -> No action taken. C:\Users\Michelle\Downloads\InstallRARFileOpenKnife(1).exe (PUP.Optional.OpenCandy) -> No action taken. C:\Users\Michelle\Downloads\InstallRARFileOpenKnife.exe (PUP.Optional.OpenCandy) -> No action taken. C:\Users\Michelle\Downloads\mkvtomp4_setup.exe (PUP.Optional.Smart) -> No action taken. (end)

# AdwCleaner v3.014 - Report created 01/12/2013 at 21:46:32 # Updated 01/12/2013 by Xplode # Operating System : Windows Vista Ultimate Service Pack 2 (64 bits) # Username : Michelle - BEHEMOTH # Running from : C:\Users\Michelle\Downloads\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** [!] Folder Deleted : C:\ProgramData\Ask [!] Folder Deleted : C:\ProgramData\DealPlyLive [!] Folder Deleted : C:\Program Files (x86)\Ask.com [!] Folder Deleted : C:\Program Files (x86)\Babylon [!] Folder Deleted : C:\Program Files (x86)\Conduit [!] Folder Deleted : C:\Program Files (x86)\DealPly [!] Folder Deleted : C:\Program Files (x86)\DealPlyLive [!] Folder Deleted : C:\Program Files (x86)\MyPC Backup [!] Folder Deleted : C:\Program Files (x86)\Object [!] Folder Deleted : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe} [!] Folder Deleted : C:\Program Files\Babylon [!] Folder Deleted : C:\Program Files\Level Quality Watcher [!] Folder Deleted : C:\Users\Michelle\AppData\Local\Conduit [!] Folder Deleted : C:\Users\Michelle\AppData\Local\DealPlyLive [!] Folder Deleted : C:\Users\Michelle\AppData\LocalLow\AskToolbar [!] Folder Deleted : C:\Users\Michelle\AppData\LocalLow\Conduit [!] Folder Deleted : C:\Users\Michelle\AppData\LocalLow\uTorrentControl_v2 [!] Folder Deleted : C:\Users\Michelle\AppData\Roaming\DealPly [!] Folder Deleted : C:\Users\Michelle\AppData\Roaming\Search Protection [!] Folder Deleted : C:\Users\Michelle\AppData\Roaming\Systweak [!] Folder Deleted : C:\Users\Michelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly [!] Folder Deleted : C:\Users\Michelle\Documents\Tutorials [!] Folder Deleted : C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl [!] Folder Deleted : C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda [!] Folder Deleted : C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\kincjchfokkeneeofpeefomkikfkiedl [!] Folder Deleted : C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc File Deleted : C:\Windows\System32\roboot64.exe File Deleted : C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\tfwcekbk.default\searchplugins\Askcom.xml File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\Babylon.xml File Deleted : C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\tfwcekbk.default\searchplugins\Conduit.xml File Deleted : C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\tfwcekbk.default\user.js File Deleted : C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage File Deleted : C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage-journal File Deleted : C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineCore.job File Deleted : C:\Windows\System32\Tasks\DealPlyLiveUpdateTaskMachineCore File Deleted : C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineUA.job File Deleted : C:\Windows\System32\Tasks\DealPlyLiveUpdateTaskMachineUA File Deleted : C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{EB132DB0-A4CA-11DF-9732-0E29E0D72085}] Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{EB132DB0-A4CA-11DF-9732-0E29E0D72085}] Key Deleted : HKCU\Software\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl Key Deleted : HKCU\Software\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc Key Deleted : HKLM\SOFTWARE\Classes\AppID\BabylonHelper.EXE Key Deleted : HKLM\SOFTWARE\Classes\AppID\dealplylive.exe Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL Key Deleted : HKLM\SOFTWARE\Classes\DealPlyLive.OneClickCtrl.9 Key Deleted : HKLM\SOFTWARE\Classes\DealPlyLive.OneClickProcessLauncherMachine Key Deleted : HKLM\SOFTWARE\Classes\DealPlyLive.OneClickProcessLauncherMachine.1.0 Key Deleted : HKLM\SOFTWARE\Classes\DealPlyLive.Update3WebControl.3 Key Deleted : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.CoCreateAsync Key Deleted : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.CoCreateAsync.1.0 Key Deleted : HKLM\SOFTWARE\Classes\dealplyliveupdate.coreclass Key Deleted : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.CoreClass.1 Key Deleted : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.CoreMachineClass Key Deleted : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.CoreMachineClass.1 Key Deleted : HKLM\SOFTWARE\Classes\dealplyliveupdate.credentialdialogmachine Key Deleted : HKLM\SOFTWARE\Classes\dealplyliveupdate.credentialdialogmachine.1.0 Key Deleted : HKLM\SOFTWARE\Classes\dealplyliveupdate.ondemandcomclassmachine Key Deleted : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.OnDemandCOMClassMachine.1.0 Key Deleted : HKLM\SOFTWARE\Classes\dealplyliveupdate.ondemandcomclassmachinefallback Key Deleted : HKLM\SOFTWARE\Classes\dealplyliveupdate.ondemandcomclassmachinefallback.1.0 Key Deleted : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.OnDemandCOMClassSvc Key Deleted : HKLM\SOFTWARE\Classes\dealplyliveupdate.ondemandcomclasssvc.1.0 Key Deleted : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.ProcessLauncher Key Deleted : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.ProcessLauncher.1.0 Key Deleted : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.Update3COMClassService Key Deleted : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.Update3COMClassService.1.0 Key Deleted : HKLM\SOFTWARE\Classes\dealplyliveupdate.update3webmachine Key Deleted : HKLM\SOFTWARE\Classes\dealplyliveupdate.update3webmachine.1.0 Key Deleted : HKLM\SOFTWARE\Classes\dealplyliveupdate.update3webmachinefallback Key Deleted : HKLM\SOFTWARE\Classes\dealplyliveupdate.update3webmachinefallback.1.0 Key Deleted : HKLM\SOFTWARE\Classes\dealplyliveupdate.update3websvc Key Deleted : HKLM\SOFTWARE\Classes\dealplyliveupdate.update3websvc.1.0 Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1 Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dealplylive.exe Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@tools.dpliveupdate.com/DealPlyLive Update;version=3 Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@tools.dpliveupdate.com/DealPlyLive Update;version=9 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3220468 Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{80FABB17-63AF-4655-9F07-B6509EE37AF2} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{F48FC5B2-094A-44C7-B48C-289738C9582D} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0D89DE71-3D99-4288-84DC-F18F1047A7D8} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1E0C9B2A-6447-452C-B012-2314A0C29412} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{34A8CEB6-89BB-49F1-B5E4-0D0D6C21F3B1} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3A4DBD3A-98CC-41CE-AD21-352D42B6F754} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4F8A50F6-69DE-4BE3-A33A-A1079B9AC0DB} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{501CB57A-D4E2-4855-96AD-EDB0A9083395} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64B00DAC-870D-4E6A-8D34-3A6E3E427A30} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6FF2C4DD-77A4-4BB5-BA4C-B42DEFBF9137} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7473B6BD-4691-4744-A82B-7854EB3D70B6} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7F1796B2-BEC6-427B-B734-F9C75ED94A80} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80FABB17-63AF-4655-9F07-B6509EE37AF2} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{83ABA270-8390-4CA6-AE48-FC089F55629E} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8B218A5F-1A3D-4347-94EF-A79575EB8094} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9BDB5E09-4BBA-4422-8C2B-529B281C32B8} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE48ED75-5A56-4C5F-BBCE-6F1AC3875F66} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C536F080-57B7-46D6-8894-C647553F2889} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA5D945F-E738-4D0B-A0B5-25AC51C64659} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F48FC5B2-094A-44C7-B48C-289738C9582D} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F7698761-4ABA-45C2-A5BB-D2163922C725} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FFCC53E6-2655-47FC-A89B-54E8D7F305D1} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{537F4F0B-3542-4C7D-A3E5-CF121482696C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{37425600-CB21-49A0-8659-476FBAB0F8E8} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{431FB0E5-2CBB-4602-9FE6-F1D64488ADD7} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5C9A230D-70A5-11D5-AFB0-0050DAC67890} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8911483C-C00A-4183-9FBC-6C9C00946C15} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C3F058A9-407D-4CD1-8F66-B75605B54B69} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{5C9A2304-70A5-11D5-AFB0-0050DAC67890} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7473B6BD-4691-4744-A82B-7854EB3D70B6} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE48ED75-5A56-4C5F-BBCE-6F1AC3875F66} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7473B6BD-4691-4744-A82B-7854EB3D70B6} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7473B6BD-4691-4744-A82B-7854EB3D70B6} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F1796B2-BEC6-427B-B734-F9C75ED94A80} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{537F4F0B-3542-4C7D-A3E5-CF121482696C} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F1796B2-BEC6-427B-B734-F9C75ED94A80} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C536F080-57B7-46D6-8894-C647553F2889} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DACE14EB-ACD2-4300-9DE9-1EE2380C7AD9} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B9870544-D89C-435B-98B2-7FCC163A81CA} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{7473B6BD-4691-4744-A82B-7854EB3D70B6}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{7473B6BD-4691-4744-A82B-7854EB3D70B6}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{7473B6BD-4691-4744-A82B-7854EB3D70B6}] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{64B00DAC-870D-4E6A-8D34-3A6E3E427A30} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}] Key Deleted : HKCU\Software\APN Key Deleted : HKCU\Software\Ask.com Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\DealPly Key Deleted : HKCU\Software\DealPlyLive Key Deleted : HKCU\Software\SmartBar Key Deleted : HKCU\Software\StartSearch Key Deleted : HKCU\Software\YahooPartnerToolbar Key Deleted : HKCU\Software\AppDataLow\Toolbar Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar Key Deleted : HKCU\Software\AppDataLow\Software\uTorrentControl_v2 Key Deleted : HKLM\Software\APN Key Deleted : HKLM\Software\AskToolbar Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\Software\DealPly Key Deleted : HKLM\Software\DealPlyLive Key Deleted : HKLM\Software\systweak Key Deleted : HKLM\Software\TENCENT Key Deleted : HKLM\Software\uTorrentControl_v2 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\facetheme Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentControl_v2 Toolbar Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\facetheme Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\uTorrentControl_v2 Toolbar Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF ***** [ Browsers ] ***** -\\ Internet Explorer v9.0.8112.16520 -\\ Mozilla Firefox v25.0.1 (en-US) [ File : C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\tfwcekbk.default\prefs.js ] Line Deleted : user_pref("Smartbar.ConduitHomepagesList", ""); Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "uTorrentControl_v2 Customized Web Search"); Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3220468"); Line Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com"); Line Deleted : user_pref("browser.search.defaultengine", "Ask.com"); Line Deleted : user_pref("browser.search.defaultenginename,S", "S,S,S,S,S,Search the web (Babylon)"); Line Deleted : user_pref("browser.search.order.1", "Ask.com"); Line Deleted : user_pref("extensions.asktb.InstallDir", "C:\\Program Files (x86)\\Ask.com\\"); Line Deleted : user_pref("extensions.asktb.abar-war-timeout", "4000"); Line Deleted : user_pref("extensions.asktb.cbid", "TV"); Line Deleted : user_pref("extensions.asktb.config-updated", false); Line Deleted : user_pref("extensions.asktb.crumb", "2012.08.24+07.01.26-toolbar012iad-US-TGFzIFZlZ2FzLE5WLFVuaXRlZCBTdGF0ZXM%3D"); Line Deleted : user_pref("extensions.asktb.dtid", "OSJ000YYUS"); Line Deleted : user_pref("extensions.asktb.dyn-weather-do-locid-lookup-weatherWidget", false); Line Deleted : user_pref("extensions.asktb.dyn-weather-locid-weatherWidget", "USNV0049"); Line Deleted : user_pref("extensions.asktb.dyn-weather-tempunit-weatherWidget", "F"); Line Deleted : user_pref("extensions.asktb.fresh-install", false); Line Deleted : user_pref("extensions.asktb.guid", "650CF628-1C79-4DD8-99B8-CD7B0E3A571F"); Line Deleted : user_pref("extensions.asktb.if", "first"); Line Deleted : user_pref("extensions.asktb.l", "dis"); Line Deleted : user_pref("extensions.asktb.last-config-req", "1345821898170"); Line Deleted : user_pref("extensions.asktb.locale", "en_US"); Line Deleted : user_pref("extensions.asktb.location", "Las Vegas,NV,United States"); Line Deleted : user_pref("extensions.asktb.new-tab-enabled", true); Line Deleted : user_pref("extensions.asktb.o", "100000031"); Line Deleted : user_pref("extensions.asktb.overlay-reloaded-using-restart", true); Line Deleted : user_pref("extensions.asktb.qsrc", "2871"); Line Deleted : user_pref("extensions.asktb.r", "8"); Line Deleted : user_pref("extensions.asktb.sa", "YES"); Line Deleted : user_pref("extensions.asktb.saguid", "AD5F8C78-DA23-49A7-89FF-A5CDF5716AAC"); Line Deleted : user_pref("extensions.asktb.search-suggestions-enabled", true); Line Deleted : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false); Line Deleted : user_pref("extensions.asktb.socialmini-first", true); Line Deleted : user_pref("extensions.asktb.socialmini-interval", "1200000"); Line Deleted : user_pref("extensions.asktb.socialmini-max-char-ticker", "33"); Line Deleted : user_pref("extensions.asktb.socialmini-max-items", "30"); Line Deleted : user_pref("extensions.asktb.socialmini-native-on", true); Line Deleted : user_pref("extensions.asktb.socialmini-speed", "5000"); Line Deleted : user_pref("extensions.asktb.socialmini-transition-first-open", false); Line Deleted : user_pref("extensions.asktb.themeid", ""); Line Deleted : user_pref("extensions.asktb.to", ""); Line Deleted : user_pref("extensions.asktb.version", "5.12.5.17640"); Line Deleted : user_pref("extensions.helperbar.DockingPositionDown", false); Line Deleted : user_pref("extensions.helperbar.SmartbarDisabled", false); Line Deleted : user_pref("extensions.helperbar.SmartbarStateMinimaized", false); Line Deleted : user_pref("extensions.helperbar.Visibility", false); Line Deleted : user_pref("extensions.helperbar.countryiso", "us"); Line Deleted : user_pref("extensions.helperbar.downloadprovider", "ry_707"); Line Deleted : user_pref("extensions.helperbar.installationid", "2b247529-4d53-41d3-e3ce-96b7bfe6f1d7"); Line Deleted : user_pref("extensions.helperbar.installdate", "25/11/2013"); Line Deleted : user_pref("extensions.helperbar.publisher", "quickobrw"); -\\ Google Chrome v [ File : C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\preferences ] Deleted : urls_to_restore_on_startup ************************* AdwCleaner[R0].txt - [24155 octets] - [01/12/2013 21:12:18] AdwCleaner[R1].txt - [23884 octets] - [01/12/2013 21:35:07] AdwCleaner[R2].txt - [24005 octets] - [01/12/2013 21:45:44] AdwCleaner[s0].txt - [2274 octets] - [01/12/2013 21:16:46] AdwCleaner[s1].txt - [1899 octets] - [01/12/2013 21:36:48] AdwCleaner[s2].txt - [21115 octets] - [01/12/2013 21:46:32] ########## EOF - C:\AdwCleaner\AdwCleaner[s2].txt - [21176 octets] ##########

Would someone please help me remove Scorpion Saver? I am running Windows Vista 64bit Program will not uninstall from control panel.