Can't delete Scorpion Saver from ScreenHunter Download

[pdmayhew27]

Thanks for your time and advice.  I am in IT support (non-security) so I really appreciate you giving your time in this manner to help those of us with less skills.  You are appreciated!!  I have read over the basic information in your other posts and have already run the RKill and RogueKiller programs.  Below are the dds and attach text documents as requested.  Hopefully I haven't hosed the works too bad.  The shame is this malware came from a CNET download ScreenHunter, a screen capture program. I expect I will be leaving a strongly worded review for that program.  Anyway, anything you can do to help, I really appreciate.  P

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.45.2
Run by Gateway at 19:39:49 on 2013-11-19
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.8157.5838 [GMT -6:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler64.exe
C:\Program Files (x86)\ATT\8.3.1.7\ma\bin\MAHostService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files (x86)\ATT\8.3.1.7\ma\bin\node.exe
C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
C:\Program Files (x86)\Seagate\SeagateManager\Sync\MaxSync.exe
C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe
C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Windows\SysWOW64\java.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
C:\Program Files\Common Files\Motive\pcCMService.exe
C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe
C:\Program Files (x86)\Secunia\PSI\PSIA.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\ATT-SST\pcTrayApp.exe
C:\Program Files (x86)\AWS\WeatherBug\Weather.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Online Backup\OnlineBackup.exe
C:\Program Files (x86)\4Team Corporation\Sync2\Sync2.exe
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files (x86)\Samsung\Kies\Kies.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Common Files\Motive\pcContextHookShim.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
C:\Program Files (x86)\JRT Studio\iSyncr\iSyncr.exe
C:\Program Files (x86)\Secunia\PSI\sua.exe
C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Users\Gateway\AppData\Local\Apps\2.0\9H190T43.6R1\WRKHL1DX.J91\amaz..tion_f2fa081ea2183235_0002.0000_52f6f5477bfc400b\AmazonCloudDrive.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Users\Gateway\AppData\Local\Apps\2.0\9H190T43.6R1\WRKHL1DX.J91\amaz..tion_f2fa081ea2183235_0002.0000_52f6f5477bfc400b\LocalServiceJre\bin\AmazonCloudDriveW.exe
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\iolo\System Mechanic\SMSystemAnalyzer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.







mWinlogon: Userinit = userinit.exe,
BHO: ScorpionSaver: {10AD2C61-0898-4348-8600-14A342F22AC3} - C:\Program Files (x86)\ScorpionSaver\IECore.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1
uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [OnlineBackupScheduler] C:\Program Files\Online Backup\OnlineBackup.exe
uRun: [sync2] "C:\Program Files (x86)\4Team Corporation\Sync2\Sync2.exe" /background
uRun: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
uRun: [Google Update] "C:\Users\Gateway\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [MusicManager] "C:\Users\Gateway\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
uRun: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
uRun: [Amazon Cloud Player] C:\Users\Gateway\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [Viber] "C:\Users\Gateway\AppData\Local\Viber\Viber.exe" StartMinimized
uRun: [GoogleChromeAutoLaunch_226FEE9190F0AB84A4F40A67CFC48A10] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
uRun: [TBHostSupport] "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Gateway\AppData\Local\TBHostSupport\TBHostSupport.dll",DLLRunTBHostSupportPlugin
uRun: [Wisdom-soft ScreenHunter 6.0 Free] 0
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [MaxMenuMgr] "C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
mRun: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce: [sMRequiresRestart] <no file>
StartupFolder: C:\Users\Gateway\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\AMAZON~1.LNK - C:\Users\Gateway\AppData\Local\Apps\2.0\9H190T43.6R1\WRKHL1DX.J91\amaz..tion_f2fa081ea2183235_0002.0000_52f6f5477bfc400b\AmazonCloudDrive.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\iSyncr.lnk - C:\Windows\Installer\{5321C831-3717-43FA-A098-33B254C1E60E}\_C3AA6B698193CE8D0FECAF.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-001045-0002-0045-ABCDEFFEDCBC} - <orphaned>
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
Trusted Zone: $talisma_url$



DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{8AD2EA06-D63C-4D49-B656-FE3F6DAA3251} : DHCPNameServer = 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: {31ad400d-1b06-4e33-a59a-90c2c140cba0} - <orphaned>
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-BHO: avast! Ad Blocker: {FFCB3198-32F3-4E8B-9539-4324694ED663} - C:\Program Files (x86)\AVAST Software\avast! Ad Blocker IE\Adblocker64.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
x64-Run: [ATT-SST_McciTrayApp] "C:\Program Files\ATT-SST\pcTrayApp.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Gateway\AppData\Roaming\Mozilla\Firefox\Profiles\brg28snl.default-1369084727994\



FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\Program Files (x86)\Common Files\Motive\npMotive.dll
FF - plugin: C:\Program Files (x86)\Common Files\Motive\npMotiveRequest.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Users\Gateway\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-4-15 65336]
R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-4-15 204880]
R0 gfibto;gfibto;C:\Windows\System32\drivers\gfibto.sys [2013-7-8 14456]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-4-15 1030952]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-4-15 378944]
R1 ElRawDisk;ElRawDisk;C:\Windows\System32\drivers\ElRawDsk.sys [2013-4-16 30752]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-4-15 33400]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-4-15 80816]
R2 ATT MAHostService;ATT MAHostService;C:\Program Files (x86)\ATT\8.3.1.7\ma\bin\MAHostService.exe [2013-7-3 321024]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-9-22 46808]
R2 FreeAgentGoNext Service;Seagate Service;C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-5-1 181544]
R2 ioloSystemService;iolo System Service;C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2013-9-15 1164328]
R2 Level Quality Watcher;Level Quality Watcher;C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe run options=01110010000000000000000000000000 sourceguid=F5D333A8-C748-4686-AE0A-9E008F670C22 --> C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe run options=01110010000000000000000000000000 sourceguid=F5D333A8-C748-4686-AE0A-9E008F670C22 [?]
R2 LinksysUpdater;Linksys Updater;C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe [2008-11-13 204800]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-4-15 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-4-15 701512]
R2 pcCMService;pcCMService;C:\Program Files (x86)\Common Files\Motive\pcCMService.exe [2013-7-24 369152]
R2 pcCMService64;pcCMService64;C:\Program Files\Common Files\Motive\pcCMService.exe [2013-7-24 460288]
R2 pcServiceHost;pcServiceHost;C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe [2013-7-24 342528]
R2 PDFsFilter;PDFsFilter;C:\Windows\System32\drivers\PDFsFilter.sys [2013-4-16 82160]
R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2013-7-3 1228504]
R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2013-7-3 660184]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-10-9 3275136]
R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-4-16 5087584]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;C:\Windows\System32\drivers\e1y60x64.sys [2009-6-10 281088]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-4-15 25928]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\System32\drivers\nx6000.sys [2010-12-13 36720]
R3 PSI;PSI;C:\Windows\System32\drivers\psi_mf_amd64.sys [2013-7-3 18456]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-6-4 103448]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-11-8 111616]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-4-16 19456]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-6-4 203672]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-4-16 57856]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-4-16 1255736]
.
=============== Created Last 30 ================
.
2013-11-20 00:33:47    --------    d-----w-    C:\Program Files (x86)\ScorpionSaver
2013-11-19 09:46:04    75888    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0C1EFCEA-A757-481B-9757-8DAC62813A96}\offreg.dll
2013-11-19 09:45:02    10285968    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0C1EFCEA-A757-481B-9757-8DAC62813A96}\mpengine.dll
2013-11-18 17:09:50    439296    ----a-w-    C:\Windows\System32\AdpeakProxy64.dll
2013-11-18 17:09:42    338944    ----a-w-    C:\Windows\SysWow64\AdpeakProxy.dll
2013-11-16 22:01:43    --------    d-----w-    C:\Program Files\CCleaner
2013-11-16 02:06:01    --------    d-----w-    C:\Users\Gateway\AppData\Local\WhiteListing
2013-11-16 02:06:01    --------    d-----w-    C:\Users\Gateway\AppData\Local\TBHostSupport
2013-11-16 02:04:07    --------    d-----w-    C:\Users\Gateway\AppData\Local\Wisdom-soft
2013-11-16 02:00:18    --------    d-----w-    C:\Program Files (x86)\MyPC Backup
2013-11-16 01:58:51    --------    d-----w-    C:\Program Files\Level Quality Watcher
2013-11-16 01:51:30    --------    d-----w-    C:\ProgramData\Oracle
2013-11-16 01:51:18    96168    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-11-16 01:48:41    --------    d-----w-    C:\ProgramData\Conduit
2013-11-16 01:48:30    --------    d-----w-    C:\Users\Gateway\AppData\Local\NativeMessaging
2013-11-16 01:48:28    --------    d-----w-    C:\Users\Gateway\AppData\Local\Conduit
2013-11-16 01:48:27    --------    d-----w-    C:\Users\Gateway\AppData\Local\CRE
2013-11-16 01:48:27    --------    d-----w-    C:\Program Files (x86)\Conduit
2013-11-16 01:48:18    --------    d-----w-    C:\Users\Gateway\AppData\Roaming\SearchProtect
2013-11-13 09:27:55    1474048    ----a-w-    C:\Windows\System32\crypt32.dll
2013-11-09 15:17:33    --------    d-----w-    C:\Users\Gateway\AppData\Roaming\ViberPC
2013-11-09 15:16:59    --------    d-----w-    C:\Users\Gateway\AppData\Local\Viber
2013-11-07 13:13:20    --------    d-----w-    C:\Program Files\iPod
2013-11-07 13:13:19    --------    d-----w-    C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-11-07 13:13:19    --------    d-----w-    C:\Program Files\iTunes
2013-11-07 13:13:19    --------    d-----w-    C:\Program Files (x86)\iTunes
2013-10-26 14:25:25    --------    d-----w-    C:\Users\Gateway\AppData\Roaming\com.amazon.music.uploader
2013-10-26 14:25:09    --------    d-----w-    C:\Program Files (x86)\Amazon
.
==================== Find3M  ====================
.
2013-11-16 02:09:09    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-16 02:09:09    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-10-12 02:30:42    830464    ----a-w-    C:\Windows\System32\nshwfp.dll
2013-10-12 02:29:21    859648    ----a-w-    C:\Windows\System32\IKEEXT.DLL
2013-10-12 02:29:08    324096    ----a-w-    C:\Windows\System32\FWPUCLNT.DLL
2013-10-12 02:03:08    656896    ----a-w-    C:\Windows\SysWow64\nshwfp.dll
2013-10-12 02:01:25    216576    ----a-w-    C:\Windows\SysWow64\FWPUCLNT.DLL
2013-10-08 13:51:05    873384    ----a-w-    C:\Windows\SysWow64\npDeployJava1.dll
2013-10-08 13:51:00    796072    ----a-w-    C:\Windows\SysWow64\deployJava1.dll
2013-10-05 19:57:25    1168384    ----a-w-    C:\Windows\SysWow64\crypt32.dll
2013-10-04 02:28:31    190464    ----a-w-    C:\Windows\System32\SmartcardCredentialProvider.dll
2013-10-04 02:25:17    197120    ----a-w-    C:\Windows\System32\credui.dll
2013-10-04 02:24:49    1930752    ----a-w-    C:\Windows\System32\authui.dll
2013-10-04 01:58:50    152576    ----a-w-    C:\Windows\SysWow64\SmartcardCredentialProvider.dll
2013-10-04 01:56:25    168960    ----a-w-    C:\Windows\SysWow64\credui.dll
2013-10-04 01:56:00    1796096    ----a-w-    C:\Windows\SysWow64\authui.dll
2013-10-03 02:23:48    404480    ----a-w-    C:\Windows\System32\gdi32.dll
2013-10-03 02:00:44    311808    ----a-w-    C:\Windows\SysWow64\gdi32.dll
2013-09-28 01:09:10    497152    ----a-w-    C:\Windows\System32\drivers\afd.sys
2013-09-25 02:26:40    95680    ----a-w-    C:\Windows\System32\drivers\ksecdd.sys
2013-09-25 02:26:40    154560    ----a-w-    C:\Windows\System32\drivers\ksecpkg.sys
2013-09-25 02:23:33    28672    ----a-w-    C:\Windows\System32\sspisrv.dll
2013-09-25 02:23:33    135680    ----a-w-    C:\Windows\System32\sspicli.dll
2013-09-25 02:23:01    28160    ----a-w-    C:\Windows\System32\secur32.dll
2013-09-25 02:22:59    340992    ----a-w-    C:\Windows\System32\schannel.dll
2013-09-25 02:21:50    307200    ----a-w-    C:\Windows\System32\ncrypt.dll
2013-09-25 02:21:07    1447936    ----a-w-    C:\Windows\System32\lsasrv.dll
2013-09-25 01:58:17    96768    ----a-w-    C:\Windows\SysWow64\sspicli.dll
2013-09-25 01:57:26    22016    ----a-w-    C:\Windows\SysWow64\secur32.dll
2013-09-25 01:57:24    247808    ----a-w-    C:\Windows\SysWow64\schannel.dll
2013-09-25 01:56:42    220160    ----a-w-    C:\Windows\SysWow64\ncrypt.dll
2013-09-25 01:03:24    30720    ----a-w-    C:\Windows\System32\lsass.exe
2013-09-09 23:26:34    57584    ----a-w-    C:\Windows\System32\iolobtdfg.exe
2013-09-09 23:26:24    26184    ----a-w-    C:\Windows\System32\smrgdf.exe
2013-09-09 23:08:10    2155152    ----a-w-    C:\Windows\System32\Incinerator64.dll
2013-09-09 23:08:08    2097984    ----a-w-    C:\Windows\SysWow64\Incinerator32.dll
2013-09-08 02:30:37    1903552    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2013-09-08 02:27:14    327168    ----a-w-    C:\Windows\System32\mswsock.dll
2013-09-08 02:03:58    231424    ----a-w-    C:\Windows\SysWow64\mswsock.dll
2013-09-04 12:12:11    343040    ----a-w-    C:\Windows\System32\drivers\usbhub.sys
2013-09-04 12:11:51    325120    ----a-w-    C:\Windows\System32\drivers\usbport.sys
2013-09-04 12:11:49    99840    ----a-w-    C:\Windows\System32\drivers\usbccgp.sys
2013-09-04 12:11:43    52736    ----a-w-    C:\Windows\System32\drivers\usbehci.sys
2013-09-04 12:11:43    30720    ----a-w-    C:\Windows\System32\drivers\usbuhci.sys
2013-09-04 12:11:42    25600    ----a-w-    C:\Windows\System32\drivers\usbohci.sys
2013-09-04 12:11:40    7808    ----a-w-    C:\Windows\System32\drivers\usbd.sys
2013-09-03 19:35:10    278800    ------w-    C:\Windows\System32\MpSigStub.exe
2013-08-30 07:48:10    72016    ----a-w-    C:\Windows\System32\drivers\aswRdr2.sys
2013-08-30 07:48:10    65336    ----a-w-    C:\Windows\System32\drivers\aswRvrt.sys
2013-08-30 07:48:10    204880    ----a-w-    C:\Windows\System32\drivers\aswVmm.sys
2013-08-30 07:48:10    1030952    ----a-w-    C:\Windows\System32\drivers\aswSnx.sys
2013-08-30 07:48:09    80816    ----a-w-    C:\Windows\System32\drivers\aswMonFlt.sys
2013-08-30 07:47:40    41664    ----a-w-    C:\Windows\avastSS.scr
2013-08-29 02:17:48    5549504    ----a-w-    C:\Windows\System32\ntoskrnl.exe
2013-08-29 02:16:35    1732032    ----a-w-    C:\Windows\System32\ntdll.dll
2013-08-29 02:16:28    243712    ----a-w-    C:\Windows\System32\wow64.dll
2013-08-29 02:16:14    859648    ----a-w-    C:\Windows\System32\tdh.dll
2013-08-29 02:13:28    878080    ----a-w-    C:\Windows\System32\advapi32.dll
2013-08-29 01:51:45    3969472    ----a-w-    C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51:45    3914176    ----a-w-    C:\Windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50:31    5120    ----a-w-    C:\Windows\SysWow64\wow32.dll
2013-08-29 01:50:30    1292192    ----a-w-    C:\Windows\SysWow64\ntdll.dll
2013-08-29 01:50:16    619520    ----a-w-    C:\Windows\SysWow64\tdh.dll
2013-08-29 01:48:17    640512    ----a-w-    C:\Windows\SysWow64\advapi32.dll
2013-08-29 01:48:15    44032    ----a-w-    C:\Windows\apppatch\acwow64.dll
2013-08-29 00:49:53    25600    ----a-w-    C:\Windows\SysWow64\setup16.exe
2013-08-29 00:49:52    7680    ----a-w-    C:\Windows\SysWow64\instnm.exe
2013-08-29 00:49:52    14336    ----a-w-    C:\Windows\SysWow64\ntvdm64.dll
2013-08-29 00:49:49    2048    ----a-w-    C:\Windows\SysWow64\user.exe
2013-08-28 01:21:06    3155968    ----a-w-    C:\Windows\System32\win32k.sys
2013-08-28 01:12:33    461312    ----a-w-    C:\Windows\System32\scavengeui.dll
2013-04-16 16:09:25    11286528    ----a-w-    C:\Program Files\Seagate Manager Installer.msi
.
============= FINISH: 19:40:17.39 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 4/15/2013 7:38:03 PM
System Uptime: 11/19/2013 6:31:39 PM (1 hours ago)
.
Motherboard: Gateway |  | SX2800-01
Processor: Intel® Core2 Quad CPU    Q8200  @ 2.33GHz | CPU 1 | 2336/333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 125.843 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is FIXED (NTFS) - 298 GiB total, 58.573 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
Description: Microsoft PS/2 Mouse
Device ID: ACPI\PNP0F03\4&1D01FCF&0
Manufacturer: Microsoft
Name: Microsoft PS/2 Mouse
PNP Device ID: ACPI\PNP0F03\4&1D01FCF&0
Service: i8042prt
.
==== System Restore Points ===================
.
RP189: 11/18/2013 12:00:02 AM - Scheduled Checkpoint
RP190: 11/19/2013 6:25:23 PM - Removed ScorpionSaver Services
RP191: 11/19/2013 6:26:04 PM - Removed ScorpionSaver
.
==== Installed Programs ======================
.
4Team Sync2
4Team vCardWizard
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.05)
Amazon Cloud Drive
Amazon Cloud Player
Amazon Music Importer
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AT&T Troubleshoot & Resolve Tool
ATT Management Agent
avast! Ad Blocker
avast! Free Antivirus
Awesome Duplicate Photo Finder v. 1.1
Bonjour
Canon Easy-PhotoPrint EX
Canon Easy-WebPrint EX
Canon IJ Network Scanner Selector EX
Canon IJ Network Tool
Canon MP Navigator EX 5.1
Canon MX430 series MP Drivers
Canon MX430 series On-screen Manual
Canon MX430 series User Registration
Canon My Printer
Canon Solution Menu EX
Canon Speed Dial Utility
CCleaner
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Google Chrome
Google Drive
Google Earth
Google Update Helper
Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
iolo technologies' System Mechanic
iSEEK AnswerWorks English Runtime
iSyncr
iTunes
Java 7 Update 25 (64-bit)
Java 7 Update 45
Java Auto Updater
Java 6 Update 3
K-Lite Codec Pack 9.3.0 (Basic)
Linksys EasyLink Advisor
Logitech Unifying Software 2.10
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft Corporation
Microsoft LifeCam
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2007
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Project MUI (English) 2010
Microsoft Office Project Professional 2010
Microsoft Office Proof (English) 2007
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2007
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing (English) 2010
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Visio 2007 Service Pack 3 (SP3)
Microsoft Office Visio MUI (English) 2007
Microsoft Office Visio Professional 2007
Microsoft Office Word MUI (English) 2010
Microsoft Project Professional 2010
Microsoft Sync Framework 2.1 Core Components (x86) ENU
Microsoft Sync Framework 2.1 Provider Services (x86) ENU
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 25.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2758694)
Music Manager
MyFreeCodec
Online Backup
Picasa 3
Pure Networks Platform
Quicken 2013
QuickShare
QuickTime
Samsung Kies
Samsung Story Album Viewer
SAMSUNG USB Driver for Mobile Phones
ScorpionSaver
Seagate Manager Installer
Secunia PSI (3.0.0.7011)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2760781) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition
Security Update for Microsoft Office Visio 2007 suites (KB2596595) 32-Bit Edition
Security Update for Microsoft Outlook 2010 (KB2837597) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Skype Click to Call
Skype™ 6.10
TeamViewer 8
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Visio 2007 Help (KB963666)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update for Microsoft Word 2010 (KB2827323) 32-Bit Edition
Viber
WeatherBug
WebEx Support Manager for Internet Explorer
.
==== Event Viewer Messages From Past Week ========
.
11/19/2013 6:44:09 AM, Error: Schannel [36888]  - The following fatal alert was generated: 43. The internal error state is 252.
11/19/2013 6:33:36 PM, Error: Service Control Manager [7031]  - The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
11/19/2013 6:33:35 PM, Error: Service Control Manager [7024]  - The Windows Search service terminated with service-specific error %%-1073473535.
11/19/2013 6:31:27 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ioloSystemService service.
11/19/2013 6:25:52 PM, Error: Service Control Manager [7034]  - The AdpeakProxy service terminated unexpectedly.  It has done this 1 time(s).
11/18/2013 11:26:32 AM, Error: Service Control Manager [7024]  - The Windows Search service terminated with service-specific error %%-2147218173.
11/18/2013 11:23:21 AM, Error: volmgr [46]  - Crash dump initialization failed!
11/17/2013 9:07:43 PM, Error: Service Control Manager [7034]  - The Pure Networks Platform Service service terminated unexpectedly.  It has done this 1 time(s).
11/17/2013 4:30:52 AM, Error: volsnap [36]  - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
11/16/2013 9:03:45 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
11/16/2013 11:52:35 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
11/16/2013 11:52:34 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
11/16/2013 11:52:34 AM, Error: Service Control Manager [7000]  - The Windows Search service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
11/16/2013 1:45:31 PM, Error: Service Control Manager [7022]  - The Windows Update service hung on starting.
11/15/2013 8:00:57 PM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Installer service, but this action failed with the following error:  An instance of the service is already running.
11/15/2013 7:58:57 PM, Error: Service Control Manager [7031]  - The Windows Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
11/15/2013 7:50:42 PM, Error: Service Control Manager [7034]  - The Linksys Updater service terminated unexpectedly.  It has done this 1 time(s).
11/14/2013 6:13:18 PM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:  An instance of the service is already running.
.
==== End Of File ===========================

 

[MrCharlie]

ScorpionSaver <-----uninstall from add/remove programs.

Then.......Give this a try first:

Lets clean out any adware/spyware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

Make sure you click on download buttons that look like this, not "sponsored ad links":

• Double click on AdwCleaner.exe to run the tool.

  Vista/Windows 7/8 users right-click and select Run As Administrator

• Click on the Scan button.
• AdwCleaner will begin...be patient as the scan may take some time to complete.
• When it's done you'll see: Pending: Please uncheck elements you don't want removed.
• Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
• Look over the log especially under Files/Folders for any program you want to save.
• If there's a program you may want to save, just uncheck it from AdwCleaner.
• If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
• If you're ready to clean it all up.....click the Clean button.
• After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
• Copy and paste the contents of that logfile in your next reply.
• A copy of that logfile will also be saved in the C:\AdwCleaner folder.
• Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
• To restore an item that has been deleted:
• Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

[pdmayhew27]

I think maybe we got it.  Tell me what you think:

 

# AdwCleaner v3.012 - Report created 20/11/2013 at 18:50:12
# Updated 11/11/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Gateway - GATEWAY-PC
# Running from : C:\Users\Gateway\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\ProgramData\PC Optimizer Pro
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\myfree codec
Folder Deleted : C:\Program Files (x86)\MyPC Backup
Folder Deleted : C:\Users\Gateway\AppData\Local\Conduit
Folder Deleted : C:\Users\Gateway\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Gateway\AppData\LocalLow\Smartbar
Folder Deleted : C:\Users\Gateway\AppData\Roaming\Searchprotect
Folder Deleted : C:\Users\Gateway\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl
Folder Deleted : C:\Users\Gateway\AppData\Local\Google\Chrome\User Data\Default\Extensions\lipgolpfajiadodbcbljdpmbmbdmfcil
File Deleted : C:\END
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\adawaretb.xml
File Deleted : C:\Users\Gateway\AppData\Roaming\Mozilla\Firefox\Profiles\brg28snl.default-1369084727994\searchplugins\Conduit.xml

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Google\Chrome\Extensions\lipgolpfajiadodbcbljdpmbmbdmfcil
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lipgolpfajiadodbcbljdpmbmbdmfcil
Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD501041-8EBE-11CE-8183-00AA00577DA2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Myfree Codec
Key Deleted : HKCU\Software\pc optimizer pro
Key Deleted : HKCU\Software\smartbar
Key Deleted : HKCU\Software\smartbarbackup
Key Deleted : HKCU\Software\smartbarlog
Key Deleted : HKCU\Software\wecarereminder
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\smartbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Myfree Codec
Key Deleted : HKLM\Software\PIP
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
Key Deleted : [x64] HKLM\SOFTWARE\Updater By Sweetpacks

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v25.0.1 (en-US)

[ File : C:\Users\Gateway\AppData\Roaming\Mozilla\Firefox\Profiles\brg28snl.default-1369084727994\prefs.js ]

Line Deleted : user_pref("CT3306061_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1384638890338,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "");
Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "");
Line Deleted : user_pref("Smartbar.ConduitSearchUrlList", "");

Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3306061");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "Connect DLC 5 Customized Web Search");

Line Deleted : user_pref("extensions.dynconff.cache.accounts.youtube.com.content", "<package expire=\"10800\" es=\"914\" pcdids=\"v51_1520_1169_607_1263_1482_1521\"><content id=\"MB_P1\">\r\n <newjs>\r\n <![CDATA[\r[...]
Line Deleted : user_pref("extensions.dynconff.cache.app.noproblemppc.com.content", "<package expire=\"10800\" es=\"914\" pcdids=\"v51_1520_1169_1263_1482_1521\"><content id=\"MB_P1\">\r\n <newjs>\r\n <![CDATA[\r\n\r[...]
Line Deleted : user_pref("extensions.dynconff.cache.best-offer.org.content", "<package expire=\"10800\" es=\"914\" pcdids=\"v51_1520_1169_1263_1482_1521\"><content id=\"MB_P1\">\r\n <newjs>\r\n <![CDATA[\r\n\r\n (fu[...]
Line Deleted : user_pref("extensions.dynconff.cache.docs.oracle.com.content", "<package expire=\"10800\" es=\"914\" pcdids=\"v51_1520_1169_1263_1482_1521\"><content id=\"MB_P1\">\r\n <newjs>\r\n <![CDATA[\r\n\r\n (f[...]
Line Deleted : user_pref("extensions.dynconff.cache.host1.medcohealth.com.content", "<package expire=\"10800\" es=\"914\" pcdids=\"v51_1520_1169_1263_1521\"><content id=\"MB_P1\">\r\n <newjs>\r\n <![CDATA[\r\n\r\n ([...]
Line Deleted : user_pref("extensions.dynconff.cache.mail.google.com.content", "<package expire=\"10800\" es=\"914\" pcdids=\"v51_1520_1169_1263_1482_1521\"><content id=\"MB_P1\">\r\n <newjs>\r\n <![CDATA[\r\n\r\n (f[...]
Line Deleted : user_pref("extensions.dynconff.cache.maps.google.com.content", "<package expire=\"10800\" es=\"914\" pcdids=\"v51_1520_1169_1263_1482_1521\"><content id=\"MB_P1\">\r\n <newjs>\r\n <![CDATA[\r\n\r\n (f[...]
Line Deleted : user_pref("extensions.dynconff.cache.server2.mediajmp.com.content", "<package expire=\"10800\" es=\"914\" pcdids=\"v51_1520_1169_1263_1482_1521\"><content id=\"MB_P1\">\r\n <newjs>\r\n <![CDATA[\r\n\r[...]
Line Deleted : user_pref("extensions.dynconff.cache.socialsurveycenter.com.content", "<package expire=\"10800\" es=\"914\" pcdids=\"v51_1520_1169_1263_1482_1521\"><content id=\"MB_P1\">\r\n <newjs>\r\n <![CDATA[\r\n[...]
Line Deleted : user_pref("extensions.dynconff.cache.strategicitstaffing.force.com.content", "<package expire=\"10800\" es=\"914\" pcdids=\"v51_1520_1169_1263_1482_1521\"><content id=\"MB_P1\">\r\n <newjs>\r\n <![CDA[...]
Line Deleted : user_pref("extensions.dynconff.cache.web1.secureinternetbank.com.content", "<package expire=\"10800\" es=\"914\" pcdids=\"v51_1520_1169_1263_1482_1521\"><content id=\"MB_P1\">\r\n <newjs>\r\n <![CDATA[...]
Line Deleted : user_pref("extensions.dynconff.cache.www.express-scripts.com.content", "<package expire=\"10800\" es=\"914\" pcdids=\"v51_1520_1169_1263_1521\"><content id=\"MB_P1\">\r\n <newjs>\r\n <![CDATA[\r\n\r\n[...]
Line Deleted : user_pref("extensions.dynconff.cache.www.google.com.content", "<package expire=\"10800\" es=\"914\" pcdids=\"v51_1520_1139_1137_1169_1263_1482_1521\"><content id=\"MB_P1\">\r\n <newjs>\r\n <![CDATA[\r[...]
Line Deleted : user_pref("extensions.dynconff.cache.www.guarantybanking.com.content", "<package expire=\"10800\" es=\"914\" pcdids=\"v51_1520_1169_1263_1482_1521\"><content id=\"MB_P1\">\r\n <newjs>\r\n <![CDATA[\r\[...]
Line Deleted : user_pref("extensions.dynconff.cache.www.holiday-promotion.net.content", "<package expire=\"10800\" es=\"914\" pcdids=\"v51_1520_1169_1263_1482_1521\"><content id=\"MB_P1\">\r\n <newjs>\r\n <![CDATA[\[...]
Line Deleted : user_pref("extensions.dynconff.cache.www.jsonline.com.content", "<package expire=\"10800\" es=\"914\" pcdids=\"v51_1520_1169_1263_1482_1521\"><content id=\"MB_P1\">\r\n <newjs>\r\n <![CDATA[\r\n\r\n ([...]
Line Deleted : user_pref("extensions.dynconff.cache.www.linkedin.com.content", "<package expire=\"10800\" es=\"914\" pcdids=\"v51_1520_1169_1263_1482_1521\"><content id=\"MB_P1\">\r\n <newjs>\r\n <![CDATA[\r\n\r\n ([...]
Line Deleted : user_pref("extensions.dynconff.cache.www.northwesternmutual.com.content", "<package expire=\"10800\" es=\"914\" pcdids=\"v51_1520_1169_1263_1482_1521\"><content id=\"MB_P1\">\r\n <newjs>\r\n <![CDATA[[...]
Line Deleted : user_pref("extensions.dynconff.cache.www.oyodomo.com.content", "<package expire=\"10800\" es=\"914\" pcdids=\"v51_1520_1169_1263_1482_1521\"><content id=\"MB_P1\">\r\n <newjs>\r\n <![CDATA[\r\n\r\n (f[...]
Line Deleted : user_pref("extensions.dynconff.cache.www.slideshare.net.content", "<package expire=\"10800\" es=\"914\" pcdids=\"v51_1520_1169_1263_1482_1521\"><content id=\"MB_P1\">\r\n <newjs>\r\n <![CDATA[\r\n\r\n[...]
Line Deleted : user_pref("extensions.dynconff.cache.www.walgreens.com.content", "<package expire=\"10800\" es=\"914\" pcdids=\"v51_1520_1169_1263_1482_1521\"><content id=\"MB_P1\">\r\n <newjs>\r\n <![CDATA[\r\n\r\n [...]
Line Deleted : user_pref("extensions.dynconff.cache.www2.netteller.com.content", "<package expire=\"10800\" es=\"914\" pcdids=\"v51_1520_1169_1263_1482_1521\"><content id=\"MB_P1\">\r\n <newjs>\r\n <![CDATA[\r\n\r\n[...]
Line Deleted : user_pref("extensions.helperbar.DockingPositionDown", false);
Line Deleted : user_pref("extensions.helperbar.SmartbarDisabled", false);
Line Deleted : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
Line Deleted : user_pref("extensions.helperbar.Visibility", false);
Line Deleted : user_pref("extensions.helperbar.countryiso", "us");
Line Deleted : user_pref("extensions.helperbar.downloadprovider", "quickobrw");
Line Deleted : user_pref("extensions.helperbar.installationid", "f0d4d00a-6798-4d90-a4e3-2625af15d1f4");
Line Deleted : user_pref("extensions.helperbar.installdate", "07/07/2013");
Line Deleted : user_pref("extensions.helperbar.publisher", "quickobrw");
Line Deleted : user_pref("plugin.state.npconduitfirefoxplugin", 0);
Line Deleted : user_pref("smartbar.machineId", "ANC8DMLH2QLQOHTPVLXK3P8VHWBRAAO+SUFT1R1GTZAJBM4NAQCX/KRIR6GU0CYOQJGS6F518D9MMEBU/ZP6CG");

-\\ Google Chrome v31.0.1650.57

[ File : C:\Users\Gateway\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : urls_to_restore_on_startup
Deleted : homepage

*************************

AdwCleaner[R0].txt - [12523 octets] - [20/11/2013 18:46:22]
AdwCleaner[s0].txt - [12196 octets] - [20/11/2013 18:50:12]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [12257 octets] ##########
 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.11.20.14

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16428
Gateway :: GATEWAY-PC [administrator]

Protection: Enabled

11/20/2013 8:21:06 PM
mbam-log-2013-11-20 (20-21-06).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 211179
Time elapsed: 7 minute(s), 31 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

[MrCharlie]

Were you able to uninstall it from your add/remove programs??

How is it??

MrC

[pdmayhew27]

I was able to remove it from Programs in Control Panel and don't seem to see any more evidence of it.  Thank you for your help.  Is there any residual that I should be on guard against?

[MrCharlie]

As long as it doesn't reinstall you'll be OK, lets check and see if it's all gone:

Please download Farbar Recovery Scan Tool and save it to a folder. (use correct version for your system.....Which system am I using?)

Please make sure you click download buttons that look like this, not "sponsored ad links":

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

MrC

[pdmayhew27]

I may have spoken too soon.  Came home from work and MBytes found it again.  Attached are the scan results you requested.  They were too long to cut and paste.

Addition.txt

FRST.txt

[MrCharlie]

Download the attached fixlist.txt to the same folder as FRST.

Run FRST.exe and click Fix only once and wait

The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

Then......

Lets clean out any adware/spyware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

Make sure you click on download buttons that look like this, not "sponsored ad links":

• Double click on AdwCleaner.exe to run the tool.

  Vista/Windows 7/8 users right-click and select Run As Administrator

• Click on the Scan button.
• AdwCleaner will begin...be patient as the scan may take some time to complete.
• When it's done you'll see: Pending: Please uncheck elements you don't want removed.
• Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
• Look over the log especially under Files/Folders for any program you want to save.
• If there's a program you may want to save, just uncheck it from AdwCleaner.
• If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
• If you're ready to clean it all up.....click the Clean button.
• After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
• Copy and paste the contents of that logfile in your next reply.
• A copy of that logfile will also be saved in the C:\AdwCleaner folder.
• Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
• To restore an item that has been deleted:
• Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

[pdmayhew27]

Well it looks like we may have gotten it cleaned, again.  Attached are the log files you requested, we'll see if it stays gone this time.

 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.11.23.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16428
Gateway :: GATEWAY-PC [administrator]

Protection: Enabled

11/22/2013 8:38:41 PM
mbam-log-2013-11-22 (20-38-41).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 219802
Time elapsed: 5 minute(s), 43 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

# AdwCleaner v3.012 - Report created 22/11/2013 at 20:34:12
# Updated 11/11/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Gateway - GATEWAY-PC
# Running from : C:\Users\Gateway\Downloads\AdwCleaner(1).exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Gateway\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl

***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v25.0.1 (en-US)

[ File : C:\Users\Gateway\AppData\Roaming\Mozilla\Firefox\Profiles\brg28snl.default-1369084727994\prefs.js ]


-\\ Google Chrome v31.0.1650.57

[ File : C:\Users\Gateway\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : urls_to_restore_on_startup
Deleted : homepage

*************************

AdwCleaner[R0].txt - [12523 octets] - [20/11/2013 18:46:22]
AdwCleaner[R1].txt - [1299 octets] - [22/11/2013 20:32:32]
AdwCleaner[s0].txt - [12382 octets] - [20/11/2013 18:50:12]
AdwCleaner[s1].txt - [1154 octets] - [22/11/2013 20:34:12]

########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [1214 octets] ##########
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-11-2013
Ran by Gateway at 2013-11-22 20:23:42 Run:1
Running from C:\Users\Gateway\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\ProgramData\uninstaller.exe
C:\Users\Gateway\BuEng.dll
C:\Users\Gateway\g2ax_customer_downloadhelper_win32_x86.exe
C:\Users\Gateway\xpiinstall.exe
C:\Users\Gateway\AppData\Local\Temp\Quarantine.exe
C:\Users\Gateway\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
C:\Program Files (x86)\ScorpionSaver
R2 Level Quality Watcher; C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe [
C:\Windows\system32\AdpeakProxy64.dll
C:\Windows\SysWOW64\AdpeakProxy.dll
C:\Program Files\Level Quality Watcher
FF Extension: ScorpionSaver - C:\Users\Gateway\AppData\Roaming\Mozilla\Firefox\Profiles\brg28snl.default-1369084727994\Extensions\ScorpionSaver@jetpack
CHR Extension: (Scorpion Saver) - C:\Users\Gateway\AppData\Local\Google\Chrome\User Data\Default\Extensions\oclgomenfkljhfkfflghppidonpkljjg\5.0_0

*****************

C:\ProgramData\uninstaller.exe => Moved successfully.
C:\Users\Gateway\BuEng.dll => Moved successfully.
C:\Users\Gateway\g2ax_customer_downloadhelper_win32_x86.exe => Moved successfully.
C:\Users\Gateway\xpiinstall.exe => Moved successfully.
C:\Users\Gateway\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Gateway\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll => Moved successfully.
"C:\Program Files (x86)\ScorpionSaver" => File/Directory not found.
Level Quality Watcher => Service deleted successfully.
C:\Windows\system32\AdpeakProxy64.dll => Moved successfully.
C:\Windows\SysWOW64\AdpeakProxy.dll => Moved successfully.
C:\Program Files\Level Quality Watcher => Moved successfully.
C:\Users\Gateway\AppData\Roaming\Mozilla\Firefox\Profiles\brg28snl.default-1369084727994\Extensions\ScorpionSaver@jetpack not found.
C:\Users\Gateway\AppData\Local\Google\Chrome\User Data\Default\Extensions\oclgomenfkljhfkfflghppidonpkljjg directory not found.


The system needs a manual reboot.

==== End of Fixlog ====

[MrCharlie]

OK..let me know, MrC

[pdmayhew27]

I have manually rebooted.  No sign of Scorpion in Control Panel/Programs and Mbytes quick scan shows:

 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.11.23.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16428
Gateway :: GATEWAY-PC [administrator]

Protection: Enabled

11/23/2013 10:28:27 AM
mbam-log-2013-11-23 (10-28-27).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 221687
Time elapsed: 5 minute(s), 18 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

  --Anything else I should do, or just be watchful?

[MrCharlie]

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• If you get Unsupported operating system. Aborting now, just reboot and try again.
• A Notepad document should open automatically called checkup.txt.
• Please Post the contents of that document.
• Do Not Attach It!!!

MrC

[MrCharlie]

How are we doing??

 

Do you still need help or can I close this post??

 

MrC

[pdmayhew27]

Well I thought it was gone but MBytes found the Conduit again.  There were four objects that I removed then I ran quick scan again, got two conduit objects, cleaned those and the last scan came up clean.  Should I just relax until it happens again or is there some better way to get rid of it?

 

[MrCharlie]

Can you post the logs from Malwarebytes that shows the items it found.

MrC

[pdmayhew27]

Here is the log file you requested before I posted.

 

 Results of screen317's Security Check version 0.99.77  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Secunia PSI (3.0.0.7011)   
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 7 Update 45  
 Adobe Flash Player 11.9.900.152  
 Adobe Reader XI  
 Mozilla Firefox (25.0.1)
 Google Chrome 30.0.1599.101  
 Google Chrome 31.0.1650.57  
 Google Chrome plugins...  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
 Online Backup OnlineBackup.exe   
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast AvastUI.exe  
 iolo Common Lib ioloServiceManager.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 

[pdmayhew27]

Here is today's MBytes Log:

 

2013/11/27 00:36:52 -0600    GATEWAY-PC    Gateway    MESSAGE    Executing scheduled update:  Flash Scan | Hourly | Silent
2013/11/27 00:36:53 -0600    GATEWAY-PC    Gateway    MESSAGE    Database already up-to-date
2013/11/27 01:57:05 -0600    GATEWAY-PC    Gateway    MESSAGE    Executing scheduled update:  Flash Scan | Hourly | Silent
2013/11/27 01:57:13 -0600    GATEWAY-PC    Gateway    MESSAGE    Scheduled update executed successfully:  database updated from version v2013.11.27.02 to version v2013.11.27.04
2013/11/27 01:57:13 -0600    GATEWAY-PC    Gateway    MESSAGE    Starting database refresh
2013/11/27 01:57:13 -0600    GATEWAY-PC    Gateway    MESSAGE    Stopping IP protection
2013/11/27 01:57:13 -0600    GATEWAY-PC    Gateway    MESSAGE    IP Protection stopped successfully
2013/11/27 01:57:16 -0600    GATEWAY-PC    Gateway    MESSAGE    Executing scheduled scan:  Flash Scan | -terminate
2013/11/27 01:57:16 -0600    GATEWAY-PC    Gateway    MESSAGE    Scheduled scan executed successfully
2013/11/27 01:57:17 -0600    GATEWAY-PC    Gateway    MESSAGE    Database refreshed successfully
2013/11/27 01:57:17 -0600    GATEWAY-PC    Gateway    MESSAGE    Starting IP protection
2013/11/27 01:57:23 -0600    GATEWAY-PC    Gateway    MESSAGE    IP Protection started successfully
2013/11/27 02:53:09 -0600    GATEWAY-PC    Gateway    MESSAGE    Executing scheduled update:  Flash Scan | Hourly | Silent
2013/11/27 02:53:11 -0600    GATEWAY-PC    Gateway    MESSAGE    Database already up-to-date
2013/11/27 03:00:00 -0600    GATEWAY-PC    Gateway    MESSAGE    Executing scheduled scan:  Quick Scan | Daily | Silent | -remove | -terminate | -reboot | -log
2013/11/27 03:00:00 -0600    GATEWAY-PC    Gateway    MESSAGE    Scheduled scan executed successfully
2013/11/27 03:58:52 -0600    GATEWAY-PC    Gateway    MESSAGE    Executing scheduled update:  Flash Scan | Hourly | Silent
2013/11/27 03:58:54 -0600    GATEWAY-PC    Gateway    MESSAGE    Database already up-to-date
2013/11/27 04:47:25 -0600    GATEWAY-PC    Gateway    MESSAGE    Executing scheduled update:  Flash Scan | Hourly | Silent
2013/11/27 04:47:26 -0600    GATEWAY-PC    Gateway    MESSAGE    Database already up-to-date
2013/11/27 05:56:04 -0600    GATEWAY-PC    Gateway    MESSAGE    Executing scheduled update:  Flash Scan | Hourly | Silent
2013/11/27 05:56:12 -0600    GATEWAY-PC    Gateway    MESSAGE    Scheduled update executed successfully:  database updated from version v2013.11.27.04 to version v2013.11.27.05
2013/11/27 05:56:12 -0600    GATEWAY-PC    Gateway    MESSAGE    Starting database refresh
2013/11/27 05:56:12 -0600    GATEWAY-PC    Gateway    MESSAGE    Stopping IP protection
2013/11/27 05:56:12 -0600    GATEWAY-PC    Gateway    MESSAGE    IP Protection stopped successfully
2013/11/27 05:56:15 -0600    GATEWAY-PC    Gateway    MESSAGE    Executing scheduled scan:  Flash Scan | -terminate
2013/11/27 05:56:15 -0600    GATEWAY-PC    Gateway    MESSAGE    Scheduled scan executed successfully
2013/11/27 05:56:15 -0600    GATEWAY-PC    Gateway    MESSAGE    Database refreshed successfully
2013/11/27 05:56:15 -0600    GATEWAY-PC    Gateway    MESSAGE    Starting IP protection
2013/11/27 05:56:21 -0600    GATEWAY-PC    Gateway    MESSAGE    IP Protection started successfully
2013/11/27 06:31:35 -0600    GATEWAY-PC    Gateway    MESSAGE    Executing scheduled update:  Flash Scan | Hourly | Silent
2013/11/27 06:31:36 -0600    GATEWAY-PC    Gateway    MESSAGE    Database already up-to-date
2013/11/27 06:54:58 -0600    GATEWAY-PC    Gateway    MESSAGE    Starting protection
2013/11/27 06:54:58 -0600    GATEWAY-PC    Gateway    MESSAGE    Protection started successfully
2013/11/27 06:54:58 -0600    GATEWAY-PC    Gateway    MESSAGE    Starting IP protection
2013/11/27 06:55:02 -0600    GATEWAY-PC    Gateway    MESSAGE    IP Protection started successfully
2013/11/27 07:42:58 -0600    GATEWAY-PC    Gateway    MESSAGE    Starting protection
2013/11/27 07:42:58 -0600    GATEWAY-PC    Gateway    MESSAGE    Protection started successfully
2013/11/27 07:42:58 -0600    GATEWAY-PC    Gateway    MESSAGE    Starting IP protection
2013/11/27 07:43:03 -0600    GATEWAY-PC    Gateway    MESSAGE    IP Protection started successfully
 

[MrCharlie]

That's the protection log, I need to see the mbam-log.

MrC

[pdmayhew27]

I'm sorry but I'm not sure where to find that now.  Can you direct me?

[MrCharlie]

Open up Malwarebytes > Logs > look for MBAM-log (some numbers).txt

MrC

http://cdn.appstorm.net/windows.appstorm.net/files/2012/11/Malwarebytes-logs.png

[pdmayhew27]

Here is the first one:

 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.11.27.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16428
Gateway :: GATEWAY-PC [administrator]

Protection: Enabled

11/27/2013 5:56:22 AM
MBAM-log-2013-11-27 (06-38-22).txt

Scan type: Flash scan
Scan options enabled: Memory | Startup | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: Registry | File System | P2P
Objects scanned: 179398
Time elapsed: 1 minute(s), 24 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 1
C:\Users\Gateway\AppData\Local\TBHostSupport\TBHostSupport.dll (PUP.Optional.Conduit) -> No action taken.

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|TBHostSupport (PUP.Optional.Conduit) -> Data: "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Gateway\AppData\Local\TBHostSupport\TBHostSupport.dll",DLLRunTBHostSupportPlugin -> No action taken.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\Users\Gateway\AppData\Local\TBHostSupport (PUP.Optional.Conduit) -> No action taken.

Files Detected: 1
C:\Users\Gateway\AppData\Local\TBHostSupport\TBHostSupport.dll (PUP.Optional.Conduit) -> No action taken.

(end)
 

 

**HERE IS THE SECOND ONE**

 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.11.27.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16428
Gateway :: GATEWAY-PC [administrator]

Protection: Enabled

11/27/2013 7:00:27 AM
mbam-log-2013-11-27 (07-00-27).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 219739
Time elapsed: 6 minute(s), 30 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\Users\Gateway\AppData\Local\TBHostSupport (PUP.Optional.Conduit) -> Quarantined and deleted successfully.

Files Detected: 1
C:\Users\Gateway\AppData\Local\TBHostSupport\TBHostSupport.dll (PUP.Optional.Conduit) -> Quarantined and deleted successfully.

(end)
 

[MrCharlie]

They're probably left over items that weren't detected.

The data base for Malwarebytes is constantly update, that's most likely the reason.

Conduit doesn't have anything to do with your original infection.

MrC

[pdmayhew27]

**Got this this morning**

 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.11.28.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16428
Gateway :: GATEWAY-PC [administrator]

Protection: Enabled

11/28/2013 5:35:26 AM
mbam-log-2013-11-28 (05-35-26).txt

Scan type: Flash scan
Scan options enabled: Memory | Startup | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: Registry | File System | P2P
Objects scanned: 178428
Time elapsed: 53 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 3
HKCR\AppID\AdpeakProxy.exe (PUP.Optional.Adpeak) -> Quarantined and deleted successfully.
HKCR\Wow6432Node\AppID\AdpeakProxy.exe (PUP.Optional.Adpeak) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Wow6432Node\Adpeak, Inc. (PUP.Optional.Adpeak) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

[MrCharlie]

Those are leftover registry entries that were recently add to the data base and are harmless.

MrC

[gringo_pr]

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.