Jump to content

Search the Community

Showing results for tags 'scorpion saver'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 22 results

  1. So over a year ago I was infected with the PUP Scorpion Saver. For those who don't know, Scorpion Saver is a PUP that is supposed to give you great online shopping deals via pop-up adds. This ends up getting annoying and after I ended up getting rid of it using Malwarebytes (seriously thank you Malwarebytes that thing was annoying.) So I was wondering. Has anybody else on the forum been infected by this terrible PUP?
  2. Hello forum users. I was wondering if anyone has found out the people responsible for "scorpion saver by adpeak, inc." ? this malware, spyware, adware or whatever it is has caused me great inconveniences. it has also caused hundreds, probably thousands of others the same as a simple "google" search will turn up thousands of inquiries. I believe we allow hackers, spammers, et al waaaay too much leniency. I believe an example needs to be set with the people that believe it is their job to make life hard on everyday folks trying to use their computers. I have spent countless hours messing around this particular 'ware and have finally been successful over the last couple of months. however, that does not make up for the time that was stolen from me and my family which cannot be regained. I am a completely single dad and had a diagnosis of stage 4 lymphoma - so our time was more than priceless. my family's quality of life was directly impacted in a negative way due to the problems with this 'ware. now, as I stated, I have not had to deal MUCH with it in the past couple of months due to immense diligence and work on my part. AND, finally my AVG has begun recognizing it and stopping it the last couple of times. finally - I had to deal with it on my own prior to that. BUT, the fact that AVG is "catching it" means the 'ware is still attempting to cause me problems. there are no benefits from this. AND as I stated before, this is harassment at minimum, invasion of privacy, stealing of time and unwarranted, unsolicited emotional stress. I would like any corporate information anyone has on this "adpeak, inc" or whatever their real name is. any contact info, an address, a phone number, mailing address, people in charge, etc. I plan on ensuring I never have to deal with them again, and also become very well compensated for the damages which they are responsible for. this would easily be a class-action lawsuit by the numbers affected involved; but we know only the lawyers who use the plaintiff's get compensated in those arrangements. so being used and abused by 'adpeak, inc" is one thing; but I will definitely not allow some slimebag lawyers to piggyback on this issue as well. it is time that we in this country start holding people accountable for their crimes. and that does definitely include this arena. this is soooo overlooked by our legal factions, that it is pathetic. why should YOU have to deal with this sort of problem everyday, week, month, year or ever? why do YOU accept "oh that's just part of the price of computing" NO, it definitely is NOT. I will not be in bondage to "some little punk who has nothing better to do than try and make life more difficult because he gets a challenge or a kick out of it" AND/OR definitely not a company or corporation which tries to impose its will on my life for its gain and my harm. so, thank you for listening and reading this post in its entirety. and thank you for any helpful information you have. Here's to more freedom for you and yours in your computing!
  3. Hi there, So, somehow I managed to get Scorpion Saver on my computer. I've gotten most of the virus deleted by now because there are no noticeable folder and registry keys, but Scorpion Saver is still in my Programs and Features folder. I've tried to uninstall the program through control panel, but that doesn't. I'm stumped for ideas and figured actually asking someone would be the best. Can anyone help?
  4. Hi! I've been following posts about how to completely remove scorpion saver on my laptop. I installed adwcleaner, jrt and fx.zip. I was able to get rid of Scorpion Saver but Scorpion Saver Services. When I tried to uninstall it again, I got the same message "the feature you are trying to use is on a network resource that is unavailable." I would really really appreciate it if you guys could help me get rid of this thing. Thank you in advance. AdwCleanerR0.txt AdwCleanerS0.txt JRT.txt
  5. My dds and attach files are labeled in the attachments. attach.txt dds.txt
  6. Have exactly the same problem as this thread: https://forums.malwarebytes.org/index.php?showtopic=138412&hl=%2Bscorpion+%2Bsaver#entry765860 - My Malwarebytes is current and does find the scorpion saver, conduit, and worse - a zero access rootkit - but when I try to finish the process to do the removals - malwarebytes hangs when it gets to "Level Quality Watcher" (see attached screenshot). I have gone ahead and scanned using RogueKiller as directed in the referenced thread above, and the log is attached. Thanks in advance for your assistance. RKreport0_S_12202013_091726.txt
  7. Hello, I am having two issues (perhaps the same one?). 1. The first I've had for a couple weeks now. When I open itunes, and sometimes adobe reader, about the fourth or fifth time I get an error message that reads: "the program can't start because xpcom.dll is missing from your computer. Try reinstalling the program to fix this problem." See the attached screen shot. I can click ok on the message and after about 8 times the message disappears and itunes opens. 2. The second issue is I can't uninstall Scorpion Saver, I get this message: "The feature you are trying to use is on a network resource that is unavailable." See the attached screen shot. I have ran the following programs: CCleaner - Cleaner and Registry tools. Spybot Malwarebytes *Free* "Full Scan" Symantec Endpoint Protection "Full Scan" AdwCleaner The runs found several issues, all of which were addressed by the software. Please help! Garrett
  8. Please: I have been infected with Scorpion Saver. It is messing up my system. Please help me to remove. I am not overly computer "techy" so kindly please speak in layperson-speak as much as possible. Running Windows 7. I think 64 bytes? Not sure and not sure how to be sure. May I ask please how do I know if I have 64 or 32 byte system? Thank you!
  9. Hello, I am having two issues (perhaps the same one?). 1. The first I've had for a couple weeks now. When I open itunes, and sometimes adobe reader, about the fourth or fifth time I get an error message that reads: "the program can't start because xpcom.dll is missing from your computer. Try reinstalling the program to fix this problem." See the attached screen shot. I can click ok on the message and after about 8 times the message disappears and itunes opens. 2. The second issue is I can't uninstall Scorpion Saver, I get this message: "The feature you are trying to use is on a network resource that is unavailable." See the attached screen shot. I have ran the following programs: CCleaner - Cleaner and Registry tools. Spybot Malwarebytes *Free* "Full Scan" Symantec Endpoint Protection "Full Scan" AdwCleaner The runs found several issues, all of which were addressed by the software. Please help! Garrett
  10. I installed Windows onto a SSD and downloaded a bunch of drivers. I noticed my computer was running slower, rather then faster over the course of a couple of days. I also realized something was going on with my browsers. At first I thought it might just be Google Chrome so I checked Internet Explorer and the issues were still there. After doing some research and looking through my Programs and Features in Control Panel I discovered that I installed something called Scorpion Saver by Adpeak, Inc. If I remember right I think I downloaded this with my other drivers thinking it was a real driver. I tried to uninstall it and it won't let me and says: Could not delete key \Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID. Verift that you have sufficient access to that key, or contact your support personnel. I ran Malwarbytes Anti-Malware and that seemed to get rid of something but it still showed it was there and I was still having issues in my browsers. I looked it up and after going through some forums with other people having the same problems I ran AdwCleaner, JRT, and rkill. Still it was there and being a nuisance. I'm not sure what to do at this point besides a clean install. Please if anyone knows how to get rid of this, I would really appreciate it.
  11. I have followed the instructions on how to remove the Scorpion saver, found here https://forums.malwarebytes.org/index.php?showtopic=138204&hl=%2Bremoval+%2Bcrash#entry763615 The only problem is can't get passed step 2 because Malwarebytes crashed when I select remove - it just freezes and goes unresponsive. I am not very computer savvy, so a lot of what I found when searching this online is a bit over my head. Can someone help me in laymen's terms how to get Malwarebytes working so I can continue to try to get rid of Scorpion Saver? (I've attached the log from Adwcleaner) AdwCleanerS1.txt
  12. I have followed a couple of other uninstall guides for Scorpion Saver from bleepingcomputer. It seems as though I have gotten rid of the ads in my browsers, but when I try to uninstall it via revo,ccleaner, or windows uninstaller it gives me this error: "The feature you are trying to use is on a network resource that is unavailable. Click OK to try again, or enter an alternate path to a folder containing the installation package 'ScorpionSaver.msi' in the box below. Use source c:\\temp\\ Browse" When I try browsing for an alternate folder that contains the msi file, none of the folders contain the installation package. When I try closing out of the error message, this is the response I get. "The installation source for this product is not available. Verify that the source exists and that you can access it." I saw the topic https://forums.malwarebytes.org/index.php?showtopic=137526 and here are my posts: also.... when I run Farbar it crashes and the only report i get is the FRST.txt. I searched my computer for Addition.txt to no avail. the error was AutoIt Error Line 9537 (file "C\Users\mrvitamin\desktop\vir removal\frst64.exe"): Error=Variable used without bring declared. AdwCleanerS0new.txt mbam-log-2013-12-07 (18-06-02).txt FRST.txt
  13. Hello everyone, I put together a high-end gaming PC about 5 months ago. A few weeks ago I attempted to download a mod for a game that I have, and somehow Scorpion Saver was downloaded as well (the site was not malicious to my knowledge). I only had Microsolf Security Essentials protecting my computer. Anyway, I've downloaded Malwarebytes Anti-Malware (free), ADWcleaner, CCleaner and Spybot Search and Destroy (also a couple others whose names escape me now) and Scorpion Saver will disappear for a few hours or until I shut my computer down, but in the end, it always comes back. It seems to be getting a bit worse now as well. My toolbar was never "hijacked", but now I am noticing slow internet speed and some performance issues gaming. When I run the Malwarebytes scan, malware detected has gone from 1 to 4, and now 5. I'm not extremely computer savvy and I'm obviously pretty frustrated now. Any help would be much appreciated. Thank you.
  14. I thought everything was alright but looks like the malware has re-inserted itself into system again after running malwarebytes. I am currently running a scan to try to remove it again. I need some help figuring out how to fry this thing for good. If I learned anything never download files from cnet again.
  15. Using Windows Uninstaller, AdwCleaner, and Malwarebytes, I tried removing Scorpion Saver and Level Quality Watcher, but now it's down to Malwarebytes' saying there are no infected files, while I can manually scroll down through Program Files and find folders and files for both still leftover. I obviously needed help from the start (when will I learn?). I know just about enough about my computer to be dangerous, I guess. Could I ask for step-by-step help in finally getting rid of this evil stuff? I am running Windows 8 64-bit on a Lenovo dual-core Idea Pad Z580. Thanks ever so much, Granny
  16. I'm having the same trouble. I've gone through the following steps already: 1. Uninstalled Scorpion Saver through Add/Remove Programs; it keeps coming back and I am now unable to uninstall it. 2. Downloaded AdwCleaner; scanned my system with it; Cleaned my system with it 3. Set Malwarebytes to Show PUP's in Results List and Check for removal; updated; ran a quick scan; removed everything 4. Downloaded Farbar Recovery Scan Tool; scanned with it. I need some help on finishing this up. Pertinent logs are attached. Thanks for the assistance! Addition.txt AdwCleanerR0.txt AdwCleanerS0.txt FRST_05-12-2013_19-49-19.txt mbam-log-2013-12-05 (19-35-09).txt
  17. I'm sorry, another Scorpion Saver issue. Like others, I've tried to follow previous threads solutions, but I still can't get rid of it. Any help is greatly appreciated. Here is the DDS text: DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 11.0.9600.16428 BrowserJavaVersion: 10.45.2 Run by Elvis at 11:52:03 on 2013-11-29 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4094.2412 [GMT -8:00] . AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664} . ============== Running Processes =============== . C:\PROGRA~2\AVG\AVG2014\avgrsa.exe C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\atieclxx.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe C:\Program Files (x86)\AVG\AVG2014\avgemca.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\System32\WUDFHost.exe C:\Windows\system32\svchost.exe -k HPService C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k swprv C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\AVG\AVG2014\avgui.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\wuauclt.exe C:\Program Files\ScorpionSaver Services\AdpeakProxy.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Windows\system32\vssvc.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned> mWinlogon: Userinit = userinit.exe, TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll TB: @C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll EB: Adobe PDF: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [KeePass 2 PreLoad] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll LSP: C:\Windows\System32\AdpeakProxy.dll TCP: NameServer = 192.168.1.1 TCP: Interfaces\{733242BC-FE6A-43A1-A053-CEA4860C834D} : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{855E6CA1-0E33-4A60-AF31-F0370A975387} : DHCPNameServer = 192.168.1.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned> SSODL: WebCheck - <orphaned> SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned> x64-SSODL: WebCheck - <orphaned> x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Elvis\AppData\Roaming\Mozilla\Firefox\Profiles\15w8e5cf.default\ FF - prefs.js: browser.startup.homepage - www.google.com FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff4.dll FF - component: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll FF - component: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll FF - component: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll FF - plugin: C:\Users\Elvis\AppData\Roaming\Mozilla\Firefox\Profiles\15w8e5cf.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll . ============= SERVICES / DRIVERS =============== . R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-10-24 194872] R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-10-31 294712] R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-10-1 123704] R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-9-10 31544] R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2013-11-5 150808] R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-11-4 240920] R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-10-31 212280] R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-8-1 251192] R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-11-8 45856] R2 AdpeakProxy;AdpeakProxy;C:\Program Files\ScorpionSaver Services\AdpeakProxy.exe [2013-10-16 3688448] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-11-25 203776] R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2013-11-11 3478544] R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2013-9-24 348008] R2 Level Quality Watcher;Level Quality Watcher;C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe run options=01110010000000000000000000000000 sourceguid=F5D333A8-C748-4686-AE0A-9E008F670C22 --> C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe run options=01110010000000000000000000000000 sourceguid=F5D333A8-C748-4686-AE0A-9E008F670C22 [?] R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-12-5 92632] R3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;C:\Windows\System32\drivers\netr7364.sys [2011-10-5 729152] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-5-5 947528] S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-11-1 33736] S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-11-18 111616] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-2-4 19456] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-2-4 57856] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-12-8 1255736] . =============== Created Last 30 ================ . 2013-11-29 19:29:48 439296 ----a-w- C:\Windows\System32\AdpeakProxy64.dll 2013-11-29 19:29:42 338944 ----a-w- C:\Windows\SysWow64\AdpeakProxy.dll 2013-11-29 19:29:37 -------- d-----w- C:\Program Files\ScorpionSaver Services 2013-11-28 18:24:20 -------- d-----w- C:\ProgramData\HitmanPro 2013-11-28 01:03:46 -------- d-----w- C:\Windows\ERUNT 2013-11-28 00:55:01 -------- d-----w- C:\Program Files\Level Quality Watcher 2013-11-16 00:33:17 -------- d-----w- C:\Program Files\iPod 2013-11-16 00:33:16 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-11-16 00:33:16 -------- d-----w- C:\Program Files\iTunes 2013-11-14 04:56:48 340992 ----a-w- C:\Windows\System32\schannel.dll 2013-11-14 04:54:57 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL 2013-11-14 04:54:56 830464 ----a-w- C:\Windows\System32\nshwfp.dll 2013-11-14 04:54:56 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll 2013-11-14 04:54:56 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL 2013-11-14 04:54:56 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL 2013-11-06 05:55:48 150808 ----a-w- C:\Windows\System32\drivers\avgdiska.sys 2013-11-05 05:52:42 240920 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys 2013-11-01 07:00:18 212280 ----a-w- C:\Windows\System32\drivers\avgldx64.sys 2013-11-01 06:49:46 294712 ----a-w- C:\Windows\System32\drivers\avgloga.sys . ==================== Find3M ==================== . 2013-11-14 04:53:44 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-11-14 04:53:44 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-10-26 17:48:00 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2013-10-25 06:25:58 194872 ----a-w- C:\Windows\System32\drivers\avgidsha.sys 2013-10-05 20:25:35 1474048 ----a-w- C:\Windows\System32\crypt32.dll 2013-10-05 19:57:25 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll 2013-10-04 02:28:31 190464 ----a-w- C:\Windows\System32\SmartcardCredentialProvider.dll 2013-10-04 02:25:17 197120 ----a-w- C:\Windows\System32\credui.dll 2013-10-04 02:24:49 1930752 ----a-w- C:\Windows\System32\authui.dll 2013-10-04 01:58:50 152576 ----a-w- C:\Windows\SysWow64\SmartcardCredentialProvider.dll 2013-10-04 01:56:25 168960 ----a-w- C:\Windows\SysWow64\credui.dll 2013-10-04 01:56:00 1796096 ----a-w- C:\Windows\SysWow64\authui.dll 2013-10-03 02:23:48 404480 ----a-w- C:\Windows\System32\gdi32.dll 2013-10-03 02:00:44 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll 2013-10-01 08:52:08 123704 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys 2013-09-28 01:09:10 497152 ----a-w- C:\Windows\System32\drivers\afd.sys 2013-09-25 02:26:40 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2013-09-25 02:26:40 154560 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2013-09-25 02:23:33 28672 ----a-w- C:\Windows\System32\sspisrv.dll 2013-09-25 02:23:33 135680 ----a-w- C:\Windows\System32\sspicli.dll 2013-09-25 02:23:01 28160 ----a-w- C:\Windows\System32\secur32.dll 2013-09-25 02:21:50 307200 ----a-w- C:\Windows\System32\ncrypt.dll 2013-09-25 02:21:07 1447936 ----a-w- C:\Windows\System32\lsasrv.dll 2013-09-25 01:58:17 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll 2013-09-25 01:57:26 22016 ----a-w- C:\Windows\SysWow64\secur32.dll 2013-09-25 01:57:24 247808 ----a-w- C:\Windows\SysWow64\schannel.dll 2013-09-25 01:56:42 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll 2013-09-25 01:03:24 30720 ----a-w- C:\Windows\System32\lsass.exe 2013-09-10 08:43:02 31544 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys 2013-09-08 02:30:37 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2013-09-08 02:27:14 327168 ----a-w- C:\Windows\System32\mswsock.dll 2013-09-08 02:03:58 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll 2013-09-04 12:12:11 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys 2013-09-04 12:11:51 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys 2013-09-04 12:11:49 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys 2013-09-04 12:11:43 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys 2013-09-04 12:11:43 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys 2013-09-04 12:11:42 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys 2013-09-04 12:11:40 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys . ============= FINISH: 11:52:37.49 ===============
  18. Hi all, I seem to have recently acquired a real nasty virus. Metacrawler pops up whenever I open Google Chrome and prohibits me from visiting most all websites. Ividi appears in another window and does the same. The message I receive is "SSL Connection Error." I go to my control panel to try and remove these bugs and nothing appears besides Scorpion Saver. Then, when I try to uninstall it, it says it cannot be found. I have run scans from Metacrawler and Spybot and they detect nothing. I am totally out of ideas. Clearly I am infected pretty badly. I have done my best to follow previous threads trying to troubleshoot this thing but to no avail. Can anyone please help me!? What follows here are 2 scan results. The first from Adware and the second from Malware Bytes: # AdwCleaner v3.012 - Report created 19/11/2013 at 16:37:08 # Updated 11/11/2013 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : Sean - LAPPY # Running from : C:\Users\Sean\Downloads\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\Ask Folder Deleted : C:\Program Files (x86)\BonanzaDeals Folder Deleted : C:\Users\Sean\AppData\Local\apn Folder Deleted : C:\Users\Sean\AppData\Local\webplayer Folder Deleted : C:\Users\Sean\AppData\LocalLow\AskToolbar Folder Deleted : C:\Users\Sean\AppData\LocalLow\Softonic Folder Deleted : C:\Users\Sean\AppData\Roaming\MetaCrawler Folder Deleted : C:\Users\Sean\AppData\Roaming\Systweak File Deleted : C:\windows\System32\roboot64.exe File Deleted : C:\windows\System32\Tasks\RegClean Pro ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateBatBrowse_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateBatBrowse_RASMANCS Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKCU\Software\BI Key Deleted : HKCU\Software\systweak Key Deleted : HKCU\Software\Webplayer Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F} ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16686 -\\ Google Chrome v [ File : C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [2563 octets] - [19/11/2013 16:35:16] AdwCleaner[s0].txt - [2423 octets] - [19/11/2013 16:37:08] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2483 octets] ########## And the Malware Bytes one: Malwarebytes Anti-Malware (Trial) 1.75.0.1300 www.malwarebytes.org Database version: v2013.11.17.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16686 Sean :: LAPPY [administrator] Protection: Enabled 11/19/2013 4:43:18 PM mbam-log-2013-11-19 (16-43-18).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 209401 Time elapsed: 4 minute(s), 33 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Users\Sean\Downloads\SoftonicDownloader_for_erunt.exe (PUP.Optional.Softonic.A) -> Quarantined and deleted successfully. (end) Attached are my DDS and attach logs. Thank you so much for your time! Sean attach.txt dds.txt
  19. I apologize because I know this Scorpion Saver thing is a frequent topic on here, but I did try to follow directions in some other people's threads and no luck. I was infected with it yesterday, and it was gone for a while until this evening. Every time I remove it from the add/remove programs it returns right away when I go back on Chrome. I did download the Anti-Malware and did the scan, and removed items that were titled with "adware". I've had bad previous experience with anti-virus scans because i've ended up in one of those situations where all my stuff gets deleted, so I wanted to ask and make sure i'm deleting the right things and what not. Thanks in advance (and of course a donation will be made provided there is a paypal link!)
  20. My user's PC shows adtext type links in both Chrome & IE, and Scorpion Saver in Programs and Features. Malware Bytes shows no problems. Symantec Endpoint shows no problems. DDS results follow. - Bob Ballard ------------------ dds.txt: DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16537 BrowserJavaVersion: 1.5.0_17Run by chester at 9:53:51 on 2013-11-18Microsoft Windows 8 Pro 6.2.9200.0.1252.1.1033.18.8066.5200 [GMT -5:00].AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AV: Symantec Endpoint Protection *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Symantec Endpoint Protection *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}FW: Symantec Endpoint Protection *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}.============== Running Processes ===============.C:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\system32\dwm.exeC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exec:\Program Files\ScorpionSaver Services\AdpeakProxy.exeC:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exeC:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exeC:\Windows\system32\dashost.exeC:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exeC:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin\ccSvcHst.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exeC:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin64\Smc.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin\ccSvcHst.exeC:\Windows\system32\taskhostex.exeC:\Windows\Explorer.EXEC:\Program Files\Classic Shell\ClassicStartMenu.exeC:\Windows\system32\SearchIndexer.exeC:\Windows\System32\mobsync.exeC:\Windows\System32\igfxtray.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Program Files (x86)\Ebix Inc\Common Files\SOFileManager.exeC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exeC:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exeC:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exeC:\Program Files (x86)\Java\jre1.5.0_17\bin\jusched.exeC:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exeC:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exeC:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exeC:\Windows\system32\wbem\unsecapp.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\sysWow64\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.mWinlogon: Userinit = userinit.exe,BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dllBHO: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dllBHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLLBHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\GROOVEEX.DLLBHO: ClassicIEBHO Class: {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_32.dllTB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dllTB: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dlluRun: [sOFileManager] "C:\Program Files (x86)\Ebix Inc\Common Files\SOFileManager.exe"uRun: [smartOffice Desktop Integrations] \\cgco.local\User Shared\chester\Start Menu\Programs\Ebix Inc\SmartOffice Desktop Integrations 2.0 - Installer.appref-msuRun: [AdobeBridge] <no file>mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [KeePass 2 PreLoad] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preloadmRun: [Display] C:\Program Files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exemRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbyloginmRun: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=truemRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.5.0_17\bin\jusched.exe"StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\APCUPS~1.LNK - C:\Program Files (x86)\APC\PowerChute Personal Edition\Display.exeStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\POWERC~1.LNK - C:\Power Clock\PClock32.ExeuPolicies-Explorer: NoDriveTypeAutoRun = dword:145mPolicies-System: EnableVirtualization = dword:0mPolicies-System: EnableInstallerDetection = dword:0mPolicies-System: PromptOnSecureDesktop = dword:0mPolicies-System: EnableSecureUIAPaths = dword:0mPolicies-System: ConsentPromptBehaviorAdmin = dword:0mPolicies-System: EnableUIADesktopToggle = dword:1IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC} - C:\Program Files (x86)\Java\jre1.5.0_17\bin\ssv.dllIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dllIE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dllIE: {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exeIE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dllTrusted Zone: ebix.comTrusted Zone: ebixcrm.comTrusted Zone: ez-data.comTrusted Zone: ezdata.comTrusted Zone: smartofficeonline.comTCP: NameServer = 8.8.8.8,8.8.4.4TCP: NameServer = 192.168.16.2 64.89.70.2 8.8.8.8TCP: Interfaces\{97e1de57-d6fa-11e1-be62-806e6f6e6963} : NameServer = 8.8.8.8,8.8.4.4TCP: Interfaces\{C02CAB3E-C922-4371-A1DD-E72CF76EF979} : NameServer = 8.8.8.8,8.8.4.4TCP: Interfaces\{D5A9B0CC-97FB-40EF-8401-70091F5A562B} : NameServer = 192.168.16.2,4.2.2.2TCP: Interfaces\{D5A9B0CC-97FB-40EF-8401-70091F5A562B} : DHCPNameServer = 192.168.16.2 64.89.70.2 8.8.8.8Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLLSSODL: WebCheck - <orphaned>mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chromex64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dllx64-BHO: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dllx64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLLx64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLLx64-BHO: ClassicIEBHO Class: {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_64.dllx64-TB: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dllx64-Run: [igfxTray] C:\Windows\System32\igfxtray.exex64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exex64-Run: [Persistence] C:\Windows\System32\igfxpers.exex64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetchx64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"x64-mPolicies-System: EnableVirtualization = dword:0x64-mPolicies-System: EnableInstallerDetection = dword:0x64-mPolicies-System: PromptOnSecureDesktop = dword:0x64-mPolicies-System: EnableSecureUIAPaths = dword:0x64-mPolicies-System: ConsentPromptBehaviorAdmin = dword:0x64-mPolicies-System: EnableUIADesktopToggle = dword:1x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dllx64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dllx64-IE: {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exex64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dllx64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>x64-Notify: igfxcui - igfxdev.dllx64-SSODL: WebCheck - <orphaned>.============= SERVICES / DRIVERS ===============.R0 iaStorA;iaStorA;C:\Windows\System32\Drivers\iaStorA.sys [2013-2-21 575448]R0 SymDS;Symantec Data Store;C:\Windows\System32\Drivers\SEP\0C010BB9\00A5.105\x64\SymDS64.sys [2013-9-23 493656]R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\Drivers\SEP\0C010BB9\00A5.105\x64\SymEFA64.sys [2013-9-23 1139800]R1 BHDrvx64;BHDrvx64;C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Data\Definitions\BASHDefs\20131101.011\BHDrvx64.sys [2013-11-5 1524824]R1 ccSettings_{E1A40A89-2B89-44FA-9E96-395B7D7F03AC};Symantec Endpoint Protection 12.1.3001.165.105 Settings Manager;C:\Windows\System32\Drivers\SEP\0C010BB9\00A5.105\x64\ccSetx64.sys [2013-9-23 169048]R1 IDSVia64;IDSVia64;C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Data\Definitions\IPSDefs\20131115.011\IDSviA64.sys [2013-11-15 521816]R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\Drivers\SEP\0C010BB9\00A5.105\x64\Ironx64.sys [2013-9-23 224416]R1 SYMNETS;Symantec Network Security WFP Driver;C:\Windows\System32\Drivers\SEP\0C010BB9\00A5.105\x64\symnets.sys [2013-9-23 433752]R2 AdpeakProxy;AdpeakProxy;C:\Program Files\ScorpionSaver Services\AdpeakProxy.exe [2013-10-16 3688448]R2 AdpeakWFP;AdpeakWFP;C:\Windows\System32\Drivers\AdpeakWFP64.sys [2013-11-15 41624]R2 APC Data Service;APC Data Service;C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe [2012-1-24 21880]R2 Level Quality Watcher;Level Quality Watcher;C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe run options=01110010000000000000000000000000 sourceguid=422332B5-F3A6-47F6-93EF-792299EF24DC --> C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe run options=01110010000000000000000000000000 sourceguid=422332B5-F3A6-47F6-93EF-792299EF24DC [?]R2 OfficeSvc;Microsoft Office Service;C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-9-17 1907896]R2 SepMasterService;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin\ccSvcHst.exe [2013-10-24 144368]R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-9-23 140376]S0 SymELAM;Symantec ELAM Driver;C:\Windows\System32\Drivers\SEP\0C010BB9\00A5.105\x64\SymELAM.sys [2013-9-23 23448]S3 ahcix64s;ahcix64s;C:\Windows\System32\Drivers\ahcix64s.sys [2013-2-21 298304]S3 amd_sata;amd_sata;C:\Windows\System32\Drivers\amd_sata.sys [2012-8-20 79016]S3 amd_xata;amd_xata;C:\Windows\System32\Drivers\amd_xata.sys [2012-8-20 26280]S3 iaStorS;iaStorS;C:\Windows\System32\Drivers\iaStorS.sys [2013-2-21 651736]S3 megasas2;megasas2;C:\Windows\System32\Drivers\megasas2.sys [2013-2-21 53552]S3 vmbusr;Virtual Machine Bus Provider;C:\Windows\System32\Drivers\vmbusr.sys [2012-7-25 117248]S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\Drivers\wdcsam64.sys [2008-5-6 14464]S3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-25 198656].=============== Created Last 30 ================.2013-11-15 16:32:19 78296 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2013-11-15 16:32:19 694232 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2013-11-15 16:05:24 -------- d-----w- C:\Users\chester\AppData\Roaming\Malwarebytes2013-11-15 16:05:15 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys2013-11-15 16:05:15 -------- d-----w- C:\ProgramData\Malwarebytes2013-11-15 16:05:15 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware2013-11-15 15:18:20 41624 ----a-w- C:\Windows\System32\drivers\AdpeakWFP64.sys2013-11-15 15:18:18 -------- d-----w- C:\Program Files\ScorpionSaver Services2013-11-14 15:25:29 -------- d-----w- C:\Users\chester\AppData\Roaming\ClassicShell2013-11-14 15:25:12 -------- d-----w- C:\Program Files\Classic Shell2013-11-14 15:15:36 -------- d-----w- C:\Program Files\Level Quality Watcher2013-11-14 15:14:53 -------- d-----w- C:\Program Files (x86)\sp2013-11-13 21:27:47 300720 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10225.bin2013-10-29 13:18:15 -------- d-----w- C:\Backup2013-10-24 00:15:48 58880 ----a-w- C:\Windows\RemComSvc80.exe2013-10-23 14:04:36 -------- d-----w- C:\Program Files (x86)\HP2013-10-20 22:47:24 329216 ----a-w- C:\Windows\System32\StartMenuHelper64.dll2013-10-20 22:46:56 268288 ----a-w- C:\Windows\SysWow64\StartMenuHelper32.dll.==================== Find3M ====================.2013-10-24 23:27:09 177312 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS2013-10-24 23:26:02 576400 ----a-w- C:\Windows\System32\SymVPN.dll2013-10-24 23:26:02 44448 ----a-w- C:\Windows\System32\drivers\WGX64.SYS2013-10-24 23:26:02 420240 ----a-w- C:\Windows\SysWow64\SymVPN.dll2013-10-24 23:26:02 157584 ----a-w- C:\Windows\System32\FwsVpn.dll2013-10-24 23:26:02 136592 ----a-w- C:\Windows\SysWow64\FwsVpn.dll2013-10-12 08:45:20 2241536 ----a-w- C:\Windows\System32\wininet.dll2013-10-12 08:43:37 3959808 ----a-w- C:\Windows\System32\jscript9.dll2013-10-12 07:03:50 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll2013-10-12 07:02:33 2877952 ----a-w- C:\Windows\SysWow64\jscript9.dll2013-10-10 11:53:35 96600 ----a-w- C:\Windows\System32\drivers\wfplwfs.sys2013-10-10 09:21:20 1160192 ----a-w- C:\Windows\System32\IKEEXT.DLL2013-10-10 09:20:43 723968 ----a-w- C:\Windows\System32\BFE.DLL2013-10-02 23:25:41 1300992 ----a-w- C:\Windows\System32\gdi32.dll2013-10-01 23:37:57 1569280 ----a-w- C:\Windows\SysWow64\crypt32.dll2013-10-01 23:37:53 2035712 ----a-w- C:\Windows\SysWow64\authui.dll2013-10-01 23:26:49 1890816 ----a-w- C:\Windows\System32\crypt32.dll2013-10-01 23:26:45 2304512 ----a-w- C:\Windows\System32\authui.dll2013-10-01 22:22:19 1022976 ----a-w- C:\Windows\SysWow64\gdi32.dll2013-09-24 00:08:12 56720 ----a-w- C:\Windows\System32\snacnp.dll2013-09-24 00:08:12 50576 ----a-w- C:\Windows\SysWow64\snacnp.dll2013-09-24 00:02:14 796760 ----a-w- C:\Windows\System32\drivers\SEP\0C010BB9\00A5.105\x64\srtsp64.sys2013-09-24 00:02:14 493656 ----a-w- C:\Windows\System32\drivers\SEP\0C010BB9\00A5.105\x64\SymDS64.sys2013-09-24 00:02:14 433752 ----a-w- C:\Windows\System32\drivers\SEP\0C010BB9\00A5.105\x64\symnets.sys2013-09-24 00:02:14 36952 ----a-w- C:\Windows\System32\drivers\SEP\0C010BB9\00A5.105\x64\srtspx64.sys2013-09-24 00:02:14 23448 ----a-w- C:\Windows\System32\drivers\SEP\0C010BB9\00A5.105\x64\SymELAM.sys2013-09-24 00:02:14 224416 ----a-w- C:\Windows\System32\drivers\SEP\0C010BB9\00A5.105\x64\Ironx64.sys2013-09-24 00:02:14 169048 ----a-w- C:\Windows\System32\drivers\SEP\0C010BB9\00A5.105\x64\ccSetx64.sys2013-09-24 00:02:14 1139800 ----a-w- C:\Windows\System32\drivers\SEP\0C010BB9\00A5.105\x64\SymEFA64.sys2013-09-23 22:30:14 419328 ----a-w- C:\Windows\System32\schannel.dll2013-09-23 22:30:03 323072 ----a-w- C:\Windows\SysWow64\schannel.dll2013-09-13 22:36:37 35328 ----a-w- C:\Windows\SysWow64\wuapp.exe2013-09-13 22:36:23 84992 ----a-w- C:\Windows\SysWow64\wudriver.dll2013-09-13 22:36:23 126976 ----a-w- C:\Windows\SysWow64\wuwebv.dll2013-09-13 22:36:14 247296 ----a-w- C:\Windows\SysWow64\ubpm.dll2013-09-13 22:34:14 40448 ----a-w- C:\Windows\System32\wuapp.exe2013-09-13 22:33:55 252928 ----a-w- C:\Windows\System32\WUSettingsProvider.dll2013-09-13 22:33:55 142848 ----a-w- C:\Windows\System32\wuwebv.dll2013-09-13 22:33:54 99328 ----a-w- C:\Windows\System32\wudriver.dll2013-09-13 22:33:54 1622016 ----a-w- C:\Windows\System32\wucltux.dll2013-09-13 22:33:42 328192 ----a-w- C:\Windows\System32\ubpm.dll2013-09-13 22:33:39 175104 ----a-w- C:\Windows\System32\storewuauth.dll2013-09-04 03:11:23 576512 ----a-w- C:\Windows\System32\drivers\afd.sys2013-08-30 05:43:40 61784 ----a-w- C:\Windows\System32\drivers\crashdmp.sys2013-08-30 05:20:13 1173504 ----a-w- C:\Windows\System32\UIAutomationCore.dll2013-08-29 23:48:12 914432 ----a-w- C:\Windows\SysWow64\UIAutomationCore.dll2013-08-23 07:22:24 2062848 ----a-w- C:\Windows\System32\d3d11.dll2013-08-23 05:11:57 4040192 ----a-w- C:\Windows\System32\win32k.sys2013-08-23 01:44:40 1711616 ----a-w- C:\Windows\SysWow64\d3d11.dll2013-08-21 06:39:29 465240 ----a-w- C:\Windows\System32\drivers\fvevol.sys.============= FINISH: 9:54:46.38 =============== attach.txt: .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 8 ProBoot Device: \Device\HarddiskVolume1Install Date: 9/11/2013 11:44:05 AMSystem Uptime: 11/15/2013 11:30:25 AM (70 hours ago).Motherboard: Hewlett-Packard | | 3397Processor: Intel® Core i5-3470 CPU @ 3.20GHz | Intel® Core i5-3470 CPU @ 3.20GHz | 3201/100mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 465 GiB total, 415.759 GiB free.D: is CDROM ().==== Disabled Device Manager Items =============.Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}Description: Microsoft PS/2 MouseDevice ID: ACPI\PNP0F03\4&27CD646&0Manufacturer: MicrosoftName: Microsoft PS/2 MousePNP Device ID: ACPI\PNP0F03\4&27CD646&0Service: i8042prt.==== System Restore Points ===================.RP9: 10/31/2013 3:13:07 AM - Scheduled CheckpointRP10: 11/7/2013 3:12:25 AM - Scheduled CheckpointRP11: 11/14/2013 3:00:15 AM - Windows Update.==== Installed Programs ======================.7-Zip 9.22betaAdobe Acrobat XI StandardAdobe AIRAdobe Creative CloudAdobe Help ManagerAdobe Illustrator CS6Adobe Reader XI (11.0.04)Citrix Online LauncherClassic ShellDocRecord Advanced ViewersDocRecord Desktop ClientDocRecord Office ExtensionDot4Google ChromeGoogle Update HelperIntel® Processor GraphicsJ2SE Runtime Environment 5.0 Update 17KeePass Password Safe 2.23Malwarebytes Anti-Malware version 1.75.0.1300Microsoft Office 365 ProPlus - en-usMicrosoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219Office 15 Click-to-Run Extensibility ComponentOffice 15 Click-to-Run Licensing ComponentOffice 15 Click-to-Run Localization ComponentPaint.NET v3.5.11PDF Settings CS6Power Clock 7.65PowerChute Personal Edition 3.0.2ScorpionSaver ServicesShared Add-in Extensibility Update for Microsoft .NET Framework 2.0 (KB908002)Shared Add-in Support Update for Microsoft .NET Framework 2.0 (KB908002)SmartAnalyzer for SmartOfficeSmartAnalyzer for SmartOffice - Installer - 1 SmartOffice Desktop Integrations 2.0SmartOffice Desktop Integrations 2.0 - Installer - 1 Symantec Endpoint Protection.==== Event Viewer Messages From Past Week ========.11/18/2013 9:08:38 AM, Error: Application Management Group Policy [103] - The removal of the assignment of application Classic Menu for Office 2007 from policy Copy of Default Domain Policy failed. The error was : %%211/15/2013 12:35:22 PM, Error: NETLOGON [5719] - This computer was not able to set up a secure session with a domain controller in domain CGCO due to the following: There are currently no logon servers available to service the logon request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.11/15/2013 11:32:35 AM, Error: Microsoft-Windows-GroupPolicy [1130] - Startup script failed. GPO Name : LPI Group Policy GPO File System Path : \\cgco.local\SysVol\cgco.local\Policies\{148797D9-6AF5-4AB2-BA0A-EEFEA370EEE4}\Machine Script Name: C:\LPI_Startup_Script.vbs11/15/2013 11:32:34 AM, Error: Application Management Group Policy [108] - Failed to apply changes to software installation settings. Software changes could not be applied. A previous log entry with details should exist. The error was : %%161211/15/2013 11:32:34 AM, Error: Application Management Group Policy [102] - The install of application Classic Menu for Office 2007 from policy Copy of Default Domain Policy failed. The error was : %%161211/15/2013 11:31:27 AM, Error: Service Control Manager [7000] - The UAC File Virtualization service failed to start due to the following error: This driver has been blocked from loading.==== End Of File ===========================
  21. I've seen that you have helped other people with the Scorpion Saver problem and I was wondering if you would be kind enough to help me out as well. I have my mother-in-laws computer here as she asked me for help in removing this software. I have read the "I'm Infected- What do I do now?" thread and have followed the first set of instructions to the best of my ability. Thank you very much in advance for your help with this problem. ******************************************************************************************* Here is the copied contents of the DDS.txt file: ******************************************************************************************* DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16537 Run by Stephanie at 22:30:48 on 2013-11-14 Microsoft Windows 8 6.2.9200.0.1252.1.1033.18.3546.1567 [GMT -5:00] . AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} . ============== Running Processes =============== . C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Program Files\IDT\WDM\STacSV64.exe C:\Windows\system32\Hpservice.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe C:\Windows\system32\svchost.exe -k apphost C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe C:\Windows\system32\dashost.exe C:\Windows\Installer\MSID552.tmp C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\printfilterpipelinesvc.exe C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE C:\Windows\System32\dwm.exe C:\Windows\system32\atieclxx.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\system32\taskhostex.exe C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe C:\Windows\Explorer.EXE C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe C:\Program Files\IDT\WDM\sttray64.exe C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE C:\Windows\System32\RuntimeBroker.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\Rundll32.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Stephanie\AppData\Local\NativeMessaging\CT3317127\1_0_0_4\TBMessagingHost.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uProxyServer = hxxp=127.0.0.1:52340;https=127.0.0.1:52340 uProxyOverride = <-loopback> mWinlogon: Userinit = userinit.exe BHO: ScorpionSaver: {10AD2C61-0898-4348-8600-14A342F22AC3} - C:\Program Files (x86)\ScorpionSaver\IECore.dll BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coieplg.dll BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ips\ipsbho.dll BHO: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} - BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coieplg.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll uRun: [HP Photosmart 5510 series (NET)] "C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN1BM295WY05NR:NW" -scfn "HP Photosmart 5510 series (NET)" -AutoStart 1 uRun: [browserSafeguard] "C:\Program Files (x86)\Browsersafeguard\Browsersafeguard.exe" uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" uRun: [GoogleChromeAutoLaunch_15A09AB4B2860ED1D468C1D57628C0D5] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window uRun: [TBHostSupport] "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Stephanie\AppData\Local\TBHostSupport\TBHostSupport.dll",DLLRunTBHostSupportPlugin uRun: [PluginsWhiteListing] "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Stephanie\AppData\Local\WhiteListing\PluginsWhiteListing.dll",DLLRunTBWhiteListPlugin mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [CLVirtualDrive] "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe mRun: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent StartupFolder: C:\Users\STEPHA~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\Windows\System32\RunDll32.exe StartupFolder: C:\Users\STEPHA~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll TCP: NameServer = 192.168.10.19 TCP: Interfaces\{6A65A474-BBE6-428A-A1A2-2C0067EA97EB} : DHCPNameServer = 192.168.10.19 TCP: Interfaces\{6A65A474-BBE6-428A-A1A2-2C0067EA97EB}\D425632524 : DHCPNameServer = 192.168.1.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll AppInit_DLLs= SSODL: WebCheck - <orphaned> mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-SSODL: WebCheck - <orphaned> . ============= SERVICES / DRIVERS =============== . R0 amd_sata;amd_sata;C:\Windows\System32\Drivers\amd_sata.sys [2012-7-24 79528] R0 amd_xata;amd_xata;C:\Windows\System32\Drivers\amd_xata.sys [2012-7-24 26280] R0 SymDS;Symantec Data Store;C:\Windows\System32\Drivers\N360x64\1404000.028\symds64.sys [2013-6-15 493656] R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\Drivers\N360x64\1404000.028\symefa64.sys [2013-6-15 1139800] R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\BASHDefs\20131101.003\BHDrvx64.sys [2013-11-14 1524824] R1 ccSet_N360;Norton 360 Settings Manager;C:\Windows\System32\Drivers\N360x64\1404000.028\ccsetx64.sys [2013-6-15 169048] R1 CLVirtualDrive;CLVirtualDrive;C:\Windows\System32\Drivers\CLVirtualDrive.sys [2012-9-12 92536] R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\IPSDefs\20131114.001\IDSviA64.sys [2013-11-14 521816] R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\Drivers\N360x64\1404000.028\ironx64.sys [2013-6-15 224416] R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\Drivers\N360x64\1404000.028\symnets.sys [2013-6-15 433752] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-8-9 239616] R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-8-8 361984] R2 APXACC;AppEx Networks Accelerator LWF;C:\Windows\System32\Drivers\appexDrv.sys [2012-9-12 199008] R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-8-10 85504] R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2012-8-10 29600] R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-7-9 35232] R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-9-12 2451456] R2 Level Quality Watcher;Level Quality Watcher;C:\Windows\Installer\MSID552.tmp run sourceguid=8FB7175F-C1FB-4437-9555-1822DF6D4CA1 --> C:\Windows\Installer\MSID552.tmp run sourceguid=8FB7175F-C1FB-4437-9555-1822DF6D4CA1 [?] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-11-14 418376] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-11-14 701512] R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccsvchst.exe [2013-6-15 144368] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\Drivers\AtihdW86.sys [2012-7-17 98472] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-9-6 140376] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\Drivers\mbam.sys [2013-11-14 25928] R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;C:\Windows\System32\Drivers\RtsP2Stor.sys [2012-9-12 269968] R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2012-9-12 690832] R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\Drivers\usbfilter.sys [2012-9-12 57000] R3 WirelessButtonDriver;HP Wireless Button Driver Service;C:\Windows\System32\Drivers\WirelessButtonDriver64.sys [2012-8-3 20288] S0 SymELAM;Symantec ELAM Driver;C:\Windows\System32\Drivers\N360x64\1404000.028\symelam.sys [2013-6-15 23448] S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] S3 iaStorA;iaStorA;C:\Windows\System32\Drivers\iaStorA.sys [2012-7-31 645952] S3 SmbDrv;SmbDrv;C:\Windows\System32\Drivers\Smb_driver_AMDASF.sys [2012-9-12 41272] S3 SmbDrvI;SmbDrvI;C:\Windows\System32\Drivers\Smb_driver_Intel.sys [2012-9-12 43832] S3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-25 198656] . =============== Created Last 30 ================ . 2013-11-15 01:19:02 -------- d-----w- C:\Users\Stephanie\AppData\Local\NativeMessaging 2013-11-15 01:18:46 -------- d-----w- C:\Users\Stephanie\AppData\Local\WhiteListing 2013-11-15 01:18:36 -------- d-----w- C:\Users\Stephanie\AppData\Local\TBHostSupport 2013-11-15 01:18:23 -------- d-----w- C:\Users\Stephanie\AppData\Roaming\Malwarebytes 2013-11-15 01:18:00 -------- d-----w- C:\ProgramData\Malwarebytes 2013-11-15 01:17:58 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2013-11-15 01:17:56 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-11-15 00:50:07 300720 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10225.bin 2013-10-31 00:33:45 -------- d-----w- C:\Program Files (x86)\Browsersafeguard 2013-10-31 00:32:50 -------- d-----w- C:\Program Files (x86)\ScorpionSaver 2013-10-31 00:32:43 -------- d-----w- C:\temp 2013-10-31 00:32:40 -------- d-----w- C:\Program Files (x86)\Level Quality Watcher 2013-10-31 00:32:22 -------- d-----w- C:\Users\Stephanie\AppData\Local\Programs 2013-10-31 00:31:42 -------- d-----w- C:\ProgramData\Conduit 2013-10-31 00:31:41 -------- d-----w- C:\Users\Stephanie\AppData\Local\Conduit 2013-10-31 00:31:09 -------- d-----w- C:\Users\Stephanie\AppData\Local\CRE 2013-10-31 00:31:07 -------- d-----w- C:\Program Files (x86)\Conduit . ==================== Find3M ==================== . 2013-10-02 01:38:13 78296 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-10-02 01:38:13 694232 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-09-22 23:28:06 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-09-22 23:27:49 2876928 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-09-22 22:55:10 2241024 ----a-w- C:\Windows\System32\wininet.dll 2013-09-22 22:54:51 3959296 ----a-w- C:\Windows\System32\jscript9.dll 2013-08-23 05:11:57 4040192 ----a-w- C:\Windows\System32\win32k.sys . ============= FINISH: 22:31:51.53 =============== ******************************************************************************************* Here is the copied contents of the Attach.txt file: ******************************************************************************************* . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 8 Boot Device: \Device\HarddiskVolume2 Install Date: 1/10/2013 6:55:58 PM System Uptime: 11/1/2013 9:45:30 AM (325 hours ago) . Motherboard: Hewlett-Packard | | 1849 Processor: AMD A6-4400M APU with Radeon HD Graphics | Socket FT1 | 2700/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 673 GiB total, 621.911 GiB free. D: is FIXED (NTFS) - 25 GiB total, 2.964 GiB free. E: is CDROM (CDFS) . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP45: 10/30/2013 8:48:22 PM - Removed ScorpionSaver RP46: 11/4/2013 5:35:00 PM - Windows Update RP47: 11/14/2013 8:06:29 PM - Windows Update . ==== Installed Programs ====================== . 4 Elements II Adobe AIR Adobe Shockwave Player 11.6 AMD Accelerated Video Transcoding AMD APP SDK Runtime AMD Catalyst Install Manager AMD Fuel AMD Quick Stream AMD VISION Engine Control Center Bejeweled 3 Bonjour BrowserSafeguard Build-a-lot 4 - Power Source Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-utility64 CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish Chuzzle Deluxe Cradle Of Egypt Collector's Edition Cradle of Rome 2 CyberLink LabelPrint CyberLink Media Suite 10 CyberLink PhotoDirector CyberLink Power2Go 8 CyberLink PowerDirector 10 CyberLink PowerDVD CyberLink YouCam D3DX10 Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Energy Star Farm Frenzy FATE: The Cursed King Final Drive Fury FlatOut 2 Google Chrome Google Toolbar for Internet Explorer Google Update Helper Governor of Poker 2 Premium Edition Hewlett-Packard ACLM.NET v1.2.0.0 Hoyle Card Games HP 3D DriveGuard HP Connected Music (Meridian - installer) HP Connected Music (Meridian - player) HP CoolSense HP Customer Experience Enhancements HP Documentation HP Games HP MyRoom HP Photo Creations HP Photosmart 5510 series Basic Device Software HP Photosmart 5510 series Help HP Photosmart 5510 series Product Improvement Study HP Postscript Converter HP Quick Launch HP Recovery Manager HP Registration Service HP Software Framework HP Support Assistant HP Update HP Utility Center HP Wireless Button Driver IDT Audio Jewel Match 3 John Deere Drive Green Level Quality Watcher Luxor Evolved Mahjongg Dimensions Deluxe: Tiles in Time Malwarebytes Anti-Malware version 1.75.0.1300 Microsoft Application Error Reporting Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Home and Student 2010 Microsoft Office Office 64-bit Components 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared 64-bit MUI (English) 2010 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Single Image 2010 Microsoft Office Word MUI (English) 2010 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Mortimer Beckett and the Crimson Thief Premium Edition MSVCRT Mystery P.I. - Curious Case of Counterfeit Cove Norton 360 Peggle Nights Penguins! Polar Bowler Polar Golfer Qualcomm Atheros Driver Installation Program Realtek Ethernet Controller Driver Realtek PCIE Card Reader Roads of Rome 3 ScorpionSaver Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2760781) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition Security Update for Microsoft Outlook 2010 (KB2837597) 32-Bit Edition Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition Sheet Music Plus Digital Print swMSM Synaptics Pointing Device Driver Tales of Lagoona Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition Update for Microsoft Word 2010 (KB2827323) 32-Bit Edition Update Installer for WildTangent Games App Vacation Quest™ - Australia WildTangent Games WildTangent Games App Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Language Selector Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Zuma's Revenge . ==== End Of File ===========================
  22. Hi all, I seem to have recently acquired a real nasty virus. Metacrawler pops up whenever I open Google Chrome and prohibits me from visiting most all websites. Ividi appears in another window and does the same. The message I receive is "SSL Connection Error." I go to my control panel to try and remove these bugs and nothing appears besides Scorpion Saver. Then, when I try to uninstall it, it says it cannot be found. Clearly I am infected pretty badly. I have done my best to follow previous threads trying to troubleshoot this thing but to no avail. Can anyone please help me!? Thank you so much for your time, Sean
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.