Jump to content

Infected with Scorpion Saver


Recommended Posts

Hi There. I was infected with Scorpion Saver last weekend. I downloaded a photo editing software program from cnet and this lovely gem came along with it. My Norton Anti-Virus popped up and I stopped the install but some weird stuff was already installed.

 

I ran a full Norton scan, ran a Malwarebytes scan, uninstalled with Revo and, and deleted all other traces I could find in the folders. I thought it was gone, but about a day later, it's back. Showing up in my programs list and throwing pop up ads everywhere.

 

Please help! Here is the DDS logs as requested.

 

Thank you in advance for any help.

Dan

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16736  BrowserJavaVersion: 10.25.2
Run by Dan at 20:56:36 on 2013-11-26
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3894.1648 [GMT -5:00]
.
AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ScorpionSaver Services\AdpeakProxy.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\ccSvcHst.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\ccSvcHst.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe
C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Users\Dan\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicator.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
C:\Program Files\Realtek\RtVOsd\RtVOsd.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\Macromed\Flash\FlashUtil64_11_7_700_224_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.

mWinlogon: Userinit = userinit.exe,
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\ips\ipsbho.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\coieplg.dll
uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [HP Deskjet 3520 series (NET)] "C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN29115HSG05SY:NW" -scfn "HP Deskjet 3520 series (NET)" -AutoStart 1
mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Dan\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Dan\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AUDIBL~1.LNK - C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
LSP: C:\Windows\System32\AdpeakProxy.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{E602CCBB-7ECD-4EF1-8517-1C0E31C07474} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{E602CCBB-7ECD-4EF1-8517-1C0E31C07474}\2416C6C602E4564777F627B6D27657563747 : DHCPNameServer = 68.87.71.230 68.87.73.246
TCP: Interfaces\{E602CCBB-7ECD-4EF1-8517-1C0E31C07474}\26467716279637E6564713 : DHCPNameServer = 68.87.71.230 68.87.73.246
TCP: Interfaces\{E602CCBB-7ECD-4EF1-8517-1C0E31C07474}\35F65747865627E61465F51405 : DHCPNameServer = 12.127.16.67 12.127.17.71
TCP: Interfaces\{E602CCBB-7ECD-4EF1-8517-1C0E31C07474}\36F6D666F6274796E6E6 : DHCPNameServer = 10.61.32.1 1.1.1.1
TCP: Interfaces\{E602CCBB-7ECD-4EF1-8517-1C0E31C07474}\36F6D666F6274796E6E6D2131383 : DHCPNameServer = 10.61.32.1 1.1.1.1
TCP: Interfaces\{E602CCBB-7ECD-4EF1-8517-1C0E31C07474}\C696E6B6379737 : DHCPNameServer = 209.18.47.61 209.18.47.62
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden
x64-Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.



x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\a2dt91bk.default\

FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_3_6\components\coFFPlgn.dll
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-11-23 14:40; {7e8a1050-cf67-4575-92df-dcc60e7d952d}; C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\a2dt91bk.default\extensions\{7e8a1050-cf67-4575-92df-dcc60e7d952d}
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.claro.tlbrSrchUrl -
FF - user.js: extensions.claro.id - 2e109f21000000000000c0cb3839c78b
FF - user.js: extensions.claro.appId - {C3110516-8EFC-49D6-8B72-69354F332062}
FF - user.js: extensions.claro.instlDay - 15657
FF - user.js: extensions.claro.vrsn - 1.8.3.10
FF - user.js: extensions.claro.vrsni - 1.8.3.10
FF - user.js: extensions.claro_i.vrsnTs - 1.8.3.1021:46:22
FF - user.js: extensions.claro.prtnrId - claro
FF - user.js: extensions.claro.prdct - claro
FF - user.js: extensions.claro.aflt - babsst
FF - user.js: extensions.claro_i.smplGrp - none
FF - user.js: extensions.claro.tlbrId - claro
FF - user.js: extensions.claro.instlRef - sst
FF - user.js: extensions.claro.dfltLng - en
FF - user.js: extensions.claro.excTlbr - false
FF - user.js: extensions.claro.admin - false
.
.
.
.
.
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\1404000.028\symds64.sys [2013-7-20 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\1404000.028\symefa64.sys [2013-7-20 1139800]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20131114.001\BHDrvx64.sys [2013-11-18 1524824]
R1 ccSet_N360;Norton Security Suite Settings Manager;C:\Windows\System32\drivers\N360x64\1404000.028\ccsetx64.sys [2013-7-20 169048]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20131126.001\IDSviA64.sys [2013-11-26 521816]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\1404000.028\ironx64.sys [2013-7-20 224416]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\1404000.028\symnets.sys [2013-7-20 433752]
R2 AdpeakProxy;AdpeakProxy;C:\Program Files\ScorpionSaver Services\AdpeakProxy.exe [2013-10-16 3688448]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-10-27 98208]
R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-5-21 140272]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-6-18 103992]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-7-2 27192]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-10-27 13336]
R2 Level Quality Watcher;Level Quality Watcher;C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe run options=01110010000000000000000000000000 sourceguid=F5D333A8-C748-4686-AE0A-9E008F670C22 --> C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe run options=01110010000000000000000000000000 sourceguid=F5D333A8-C748-4686-AE0A-9E008F670C22 [?]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-11-23 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-11-23 701512]
R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\ccsvchst.exe [2013-7-20 144368]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 RtVOsdService;RtVOsdService Installer;C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [2010-6-17 315392]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-27 2320920]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-11-21 137648]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-17 56344]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-2-3 271872]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-11-23 25928]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-10-27 225280]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-3 160944]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-10-27 333928]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-5-25 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-12-25 1255736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
.
=============== Created Last 30 ================
.
2013-11-26 00:09:57 -------- d-----w- C:\Program Files\ScorpionSaver Services
2013-11-24 19:54:38 439296 ----a-w- C:\Windows\System32\AdpeakProxy64.dll
2013-11-24 19:54:35 338944 ----a-w- C:\Windows\SysWow64\AdpeakProxy.dll
2013-11-23 22:17:49 -------- d-----w- C:\Program Files (x86)\VS Revo Group
2013-11-23 21:30:00 -------- d-----w- C:\Users\Dan\AppData\Roaming\Malwarebytes
2013-11-23 21:29:44 -------- d-----w- C:\ProgramData\Malwarebytes
2013-11-23 21:29:43 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-11-23 21:29:43 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-23 21:29:29 -------- d-----w- C:\Users\Dan\AppData\Local\Programs
2013-11-23 19:42:51 -------- d-----w- C:\temp
2013-11-23 19:42:30 -------- d-----w- C:\Program Files\Level Quality Watcher
2013-11-23 19:40:57 -------- d-----w- C:\Program Files (x86)\Conduit
2013-11-23 19:40:40 -------- d-----w- C:\ProgramData\Conduit
2013-11-13 23:34:12 1474048 ----a-w- C:\Windows\System32\crypt32.dll
2013-11-13 23:34:12 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-11-13 23:34:05 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-11-13 23:34:04 197120 ----a-w- C:\Windows\System32\credui.dll
2013-11-13 23:34:04 1930752 ----a-w- C:\Windows\System32\authui.dll
2013-11-13 23:34:04 190464 ----a-w- C:\Windows\System32\SmartcardCredentialProvider.dll
2013-11-13 23:34:04 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
2013-11-13 23:34:04 168960 ----a-w- C:\Windows\SysWow64\credui.dll
2013-11-13 23:34:04 152576 ----a-w- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
2013-11-03 01:38:42 273304 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updater.exe
.
==================== Find3M  ====================
.
2013-10-26 04:27:03 0 ----a-w- C:\Windows\SysWow64\shoAA86.tmp
2013-10-12 08:45:20 2241536 ----a-w- C:\Windows\System32\wininet.dll
2013-10-12 08:43:37 3959808 ----a-w- C:\Windows\System32\jscript9.dll
2013-10-12 08:43:32 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-10-12 08:43:32 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-10-12 07:03:50 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-10-12 07:02:33 2877952 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-10-12 07:02:29 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-10-12 07:02:29 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-10-12 06:35:26 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-10-12 06:08:58 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-10-12 05:44:38 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-10-12 05:15:39 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-10-12 02:30:42 830464 ----a-w- C:\Windows\System32\nshwfp.dll
2013-10-12 02:29:21 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
2013-10-12 02:29:08 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2013-10-12 02:03:08 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2013-10-12 02:01:25 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2013-10-03 02:23:48 404480 ----a-w- C:\Windows\System32\gdi32.dll
2013-10-03 02:00:44 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2013-09-25 02:26:40 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2013-09-25 02:26:40 154560 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2013-09-25 02:23:33 28672 ----a-w- C:\Windows\System32\sspisrv.dll
2013-09-25 02:23:33 135680 ----a-w- C:\Windows\System32\sspicli.dll
2013-09-25 02:23:01 28160 ----a-w- C:\Windows\System32\secur32.dll
2013-09-25 02:22:59 340992 ----a-w- C:\Windows\System32\schannel.dll
2013-09-25 02:21:50 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2013-09-25 02:21:07 1447936 ----a-w- C:\Windows\System32\lsasrv.dll
2013-09-25 01:58:17 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2013-09-25 01:57:26 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2013-09-25 01:57:24 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2013-09-25 01:56:42 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2013-09-25 01:03:24 30720 ----a-w- C:\Windows\System32\lsass.exe
2013-09-15 05:25:25 0 ----a-w- C:\Windows\SysWow64\sho1BA7.tmp
2013-09-09 07:57:00 829264 ----a-w- C:\Windows\System32\msvcr100.dll
2013-09-09 07:57:00 608080 ----a-w- C:\Windows\System32\msvcp100.dll
2013-09-08 02:30:37 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-09-08 02:27:14 327168 ----a-w- C:\Windows\System32\mswsock.dll
2013-09-08 02:03:58 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll
2013-09-04 12:12:11 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2013-09-04 12:11:51 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2013-09-04 12:11:49 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2013-09-04 12:11:43 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2013-09-04 12:11:43 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2013-09-04 12:11:42 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2013-09-04 12:11:40 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2013-08-29 02:17:48 5549504 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-08-29 02:16:35 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-08-29 02:16:28 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-08-29 02:16:14 859648 ----a-w- C:\Windows\System32\tdh.dll
2013-08-29 02:13:28 878080 ----a-w- C:\Windows\System32\advapi32.dll
.
============= FINISH: 21:30:45.93 ===============

 

Link to post
Share on other sites

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 11/26/2010 2:20:01 PM
System Uptime: 11/26/2013 8:47:42 PM (1 hours ago)
.
Motherboard: Hewlett-Packard | | 1439
Processor: Intel® Core i3 CPU M 370 @ 2.40GHz | CPU | 2399/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 448 GiB total, 116.134 GiB free.
D: is FIXED (NTFS) - 17 GiB total, 2.459 GiB free.
E: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP120: 10/6/2013 5:33:40 PM - Scheduled Checkpoint
RP121: 10/10/2013 12:07:44 AM - Windows Update
RP122: 11/3/2013 6:23:55 PM - Scheduled Checkpoint
RP123: 11/13/2013 11:24:56 PM - Windows Update
RP124: 11/23/2013 2:48:26 PM - Removed ScorpionSaver
RP125: 11/23/2013 2:49:51 PM - Removed ScorpionSaver
RP126: 11/23/2013 3:11:57 PM - Removed ScorpionSaver
RP127: 11/23/2013 4:41:03 PM - Removed ScorpionSaver
RP128: 11/23/2013 5:19:44 PM - Revo Uninstaller's restore point - ScorpionSaver
RP129: 11/23/2013 5:20:35 PM - Removed ScorpionSaver
RP130: 11/24/2013 6:53:17 PM - Removed ScorpionSaver Services
RP131: 11/24/2013 7:18:49 PM - Removed ScorpionSaver
RP132: 11/24/2013 7:20:09 PM - Revo Uninstaller's restore point - ScorpionSaver
RP133: 11/24/2013 7:20:25 PM - Removed ScorpionSaver
.
==== Installed Programs ======================
.
µTorrent
Acrobat.com
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop Lightroom 4.1 64-bit
Adobe Reader XI (11.0.05)
Adobe Shockwave Player 11.5
Adobe Shockwave Player 12.0
Any Video Converter 3.3.9
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audible Download Manager
Bejeweled 2 Deluxe
Bing Bar
Blackhawk Striker 2
Bonjour
Broadcom 802.11 Wireless LAN Adapter
Build-a-lot 2
Chuzzle Deluxe
CinemaNow Media Manager
CopyTrans Suite Remove Only
CyberLink DVD Suite
CyberLink MediaShow
CyberLink PowerDVD 9
CyberLink YouCam
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Diner Dash 2 Restaurant Rescue
DIY Layout Creator 1.23
Dora's Carnival Adventure
Dropbox
Energy Star Digital Logo
Escape Rosecliff Island
ESU for Microsoft Windows 7
FATE
FileZilla Client 3.7.0.2
Final Drive Nitro
Flvto Youtube Downloader
Google Earth Plug-in
Google Update Helper
Heroes of Hellas 2 - Olympia
HP Advisor
HP Customer Experience Enhancements
HP Deskjet 3520 series Basic Device Software
HP Deskjet 3520 series Setup Guide
HP Documentation
HP Game Console
HP Games
HP MediaSmart CinemaNow 2.0
HP Photo Creations
HP Power Manager
HP Quick Launch
HP Setup
HP Software Framework
HP Support Assistant
HP Wireless Assistant
HPAsset component for HP Active Support Library
Intel® Control Center
Intel® Graphics Media Accelerator Driver
Intel® Management Engine Components
Intel® Rapid Storage Technology
iTunes
Java 7 Update 25
Java Auto Updater
Java 6 Update 20 (64-bit)
JavaFX 2.1.1
Jewel Quest 3
Jewel Quest Solitaire 2
Junk Mail filter update
LabelPrint
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Default Manager
Microsoft IntelliPoint 7.1
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft WSE 3.0 Runtime
Mozilla Firefox 24.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Norton Online Backup
Norton Security Suite
Penguins!
PhotoNow!
Plants vs. Zombies
Poker Superstars III
Polar Bowler
Polar Golfer
Power2Go
PowerDirector
QuickTime
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Recovery Manager
Revo Uninstaller 1.95
Roxio CinemaNow 2.0
RtVOsd
ScorpionSaver Services
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2760781) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition
Security Update for Microsoft Outlook 2010 (KB2837597) 32-Bit Edition
Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition
Skype™ 5.10
Spybot - Search & Destroy
swMSM
Synaptics Pointing Device Driver
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update for Microsoft Word 2010 (KB2827323) 32-Bit Edition
Virtual Families
Virtual Villagers - The Secret City
VLC media player 1.1.5
Wheel of Fortune 2
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
11/26/2013 7:35:32 PM, Error: Service Control Manager [7034] - The HPWMISVC service terminated unexpectedly. It has done this 1 time(s).
11/26/2013 7:35:13 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service.
11/25/2013 7:10:42 PM, Error: Service Control Manager [7034] - The AdpeakProxy service terminated unexpectedly. It has done this 1 time(s).
11/24/2013 7:49:43 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
11/24/2013 6:54:52 PM, Error: Service Control Manager [7034] - The AdpeakProxy service terminated unexpectedly. It has done this 2 time(s).
11/24/2013 2:14:35 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Norton Online Backup service to connect.
11/24/2013 2:14:35 PM, Error: Service Control Manager [7000] - The Norton Online Backup service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/23/2013 5:28:14 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Spooler service.
11/23/2013 2:45:11 PM, Error: Service Control Manager [7031] - The Update outobox service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
11/19/2013 7:10:37 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the iphlpsvc service.
11/19/2013 7:06:01 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
11/19/2013 7:05:31 PM, Error: Service Control Manager [7000] - The IPsec Policy Agent service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/19/2013 7:05:29 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the IPsec Policy Agent service to connect.
.
==== End Of File ===========================

Link to post
Share on other sites

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

 

 

   

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Next,

 

Uninstall ScorpionSaver, maybe listed as ScorpionSaver Services. Use the following program:

 

Please download and install Revo Uninstaller Free

 

 

  •  

     

  • Double click Revo Uninstaller to run it.

     

     

  • From the list of programs double click on The Program to remove

     

     

  • When prompted if you want to uninstall click Yes.

     

     

  • Be sure the Moderate option is selected then click Next.

     

     

  • The program will run, If prompted again click Yes

     

     

  • When the built-in uninstaller is finished click on Next.

     

     

  • Once the program has searched for leftovers click Next.

     

     

  • Check/tick the bolded items only on the list then click Delete

     

     

  • When prompted click on Yes and then on next.

     

     

  • Put a check on any folders that are found and select delete

     

     

  • When prompted select yes then on next

     

     

  • Once done click Finish.

     

     

 

 

Next,

 

Download AdwCleaner by Xplode from here: http://www.bleepingcomputer.com/download/adwcleaner/ and save to your Desktop.

 

 

  •  

     

  • Double click on AdwCleaner.exe to run the tool.

     

     

  • Vista/Windows 7/8 users right-click and select Run As Administrator

     

     

  • Click on the Scan button.

     

     

  • AdwCleaner will begin...be patient as the scan may take some time to complete.

     

     

  • When it's done you'll see: Pending: Uncheck any elements you don't want removed.

     

     

  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.

     

     

  • Look over the log especially under Files/Folders for any program you want to save.

     

     

  • If there's a program you want to save, just uncheck it from AdwCleaner.

     

     

  • If you're not sure, post the log for review.

     

     

  • If you're ready to clean it all up.....click the Clean button.

     

     

  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.

     

     

  • Copy and paste the contents of that logfile in your next reply.

     

     

  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

     

     

  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine

     

     

  • To restore an item that has been deleted (if necessary):

     

     

  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

     

     

 

 

Next,

 

Run Malwarebytes,  Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware,

Make sure that everything is checked, and click Remove Selected on any found items.

 

Finally:

 

Please download SystemLook from the following link below and save it to your Desktop. Use the correct version 32bit or 64bit.

 

 http://jpshortstuff.247fixes.com/SystemLook_x64.exe  32bit

 

http://images.malwareremoval.com/jpshortstuff/SystemLook.exe  64bit

 

 

  •  

     

  • Double-click SystemLook.exe to run it.

     

     

  • Copy the content of the following codebox into the main textfield:
    :filefind*Scorpion*:folderfind*Scorpion*:regfind*Scorpion*Scorpion 
  • Click the Look button to start the scan.

     

     

  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

     

     

 

 

Post logs in next reply....

 

Kevin

Link to post
Share on other sites

Here is the initial log/report from adwcleaner. Should any of this be kept before I move to the next step?

 

# AdwCleaner v3.013 - Report created 27/11/2013 at 19:10:20
# Updated 24/11/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Dan - HP-G72-DAN
# Running from : C:\Users\Dan\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Found : C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\a2dt91bk.default\searchplugins\MyStart Search.xml
File Found : C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\a2dt91bk.default\user.js
Folder Found : C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Folder Found : C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\a2dt91bk.default\Extensions\{7e8a1050-cf67-4575-92df-dcc60e7d952d}
Folder Found C:\Program Files (x86)\Conduit
Folder Found C:\ProgramData\Browser Manager
Folder Found C:\ProgramData\Conduit
Folder Found C:\Users\Dan\AppData\LocalLow\Claro LTD
Folder Found C:\Users\Dan\AppData\LocalLow\Conduit
Folder Found C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\a2dt91bk.default\CT3310511

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\5953dfd9bd6aee40
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\IM
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
Key Found : [x64] HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\SOFTWARE\5953dfd9bd6aee40
Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3310511
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16736

-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\a2dt91bk.default\prefs.js ]

Line Found : user_pref("CT3310511.FF19Solved", "true");
Line Found : user_pref("CT3310511.UserID", "UN34068345823228531");
Line Found : user_pref("CT3310511.browser.search.defaultthis.engineName", "true");
Line Found : user_pref("CT3310511.fullUserID", "UN34068345823228531.IN.20131123144005");
Line Found : user_pref("CT3310511.installDate", "23/11/2013 14:40:06");
Line Found : user_pref("CT3310511.installSessionId", "{B8F6EA79-BFA3-4ABF-84E1-8A06A0825582}");
Line Found : user_pref("CT3310511.installSp", "TRUE");
Line Found : user_pref("CT3310511.installerVersion", "1.8.1.4");
Line Found : user_pref("CT3310511.keyword", "true");
Line Found : user_pref("CT3310511.originalHomepage", "about:home");
Line Found : user_pref("CT3310511.originalSearchAddressUrl", "");
Line Found : user_pref("CT3310511.originalSearchEngine", "");
Line Found : user_pref("CT3310511.originalSearchEngineName", "");
Line Found : user_pref("CT3310511.searchRevert", "false");
Line Found : user_pref("CT3310511.searchUninstallUserMode", "2");
Line Found : user_pref("CT3310511.searchUserMode", "2");
Line Found : user_pref("CT3310511.smartbar.homepage", "true");
Line Found : user_pref("CT3310511.toolbarInstallDate", "23-11-2013 14:40:05");
Line Found : user_pref("CT3310511.versionFromInstaller", "10.22.5.10");
Line Found : user_pref("CT3310511.xpeMode", "0");
Line Found : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Line Found : user_pref("browser.search.defaultenginename", "SweetPacks Customized Web Search");
Line Found : user_pref("browser.search.defaultthis.engineName", "SweetPacks Customized Web Search");

Line Found : user_pref("extensions.BabylonToolbar_i.newTab", true);

Line Found : user_pref("extensions.claro.admin", false);
Line Found : user_pref("extensions.claro.aflt", "babsst");
Line Found : user_pref("extensions.claro.appId", "{C3110516-8EFC-49D6-8B72-69354F332062}");
Line Found : user_pref("extensions.claro.dfltLng", "en");
Line Found : user_pref("extensions.claro.excTlbr", false);
Line Found : user_pref("extensions.claro.id", "2e109f21000000000000c0cb3839c78b");
Line Found : user_pref("extensions.claro.instlDay", "15657");
Line Found : user_pref("extensions.claro.instlRef", "sst");
Line Found : user_pref("extensions.claro.prdct", "claro");
Line Found : user_pref("extensions.claro.prtnrId", "claro");
Line Found : user_pref("extensions.claro.tlbrId", "claro");
Line Found : user_pref("extensions.claro.tlbrSrchUrl", "");
Line Found : user_pref("extensions.claro.vrsn", "1.8.3.10");
Line Found : user_pref("extensions.claro.vrsni", "1.8.3.10");
Line Found : user_pref("extensions.claro_i.smplGrp", "none");
Line Found : user_pref("extensions.claro_i.vrsnTs", "1.8.3.1021:46:22");
Line Found : user_pref("extensions.crossrider.bic", "13af7ac65724e7d5550cff6379ab9e6b");
Line Found : user_pref("smartbar.addressBarOwnerCTID", "CT3310511");


Line Found : user_pref("smartbar.defaultSearchOwnerCTID", "CT3310511");
Line Found : user_pref("smartbar.homePageOwnerCTID", "CT3310511");
Line Found : user_pref("smartbar.machineId", "LJ3V+ZZE/2VATE3C9KRNXAGJ+L7KR+CEFWFBRKRA9L75XND/UAMP3MBSV5ZQCBETTCLDGSH2SZHDWG+TVENTUQ");

*************************

AdwCleaner[R0].txt - [7180 octets] - [27/11/2013 19:10:20]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [7240 octets] ##########

Link to post
Share on other sites

Yes, that one worked. Thank You. Here are the logs. First, the adwcleaner:

 

 

# AdwCleaner v3.013 - Report created 27/11/2013 at 20:10:47
# Updated 24/11/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Dan - HP-G72-DAN
# Running from : C:\Users\Dan\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Browser Manager
Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Users\Dan\AppData\LocalLow\Claro LTD
Folder Deleted : C:\Users\Dan\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\a2dt91bk.default\CT3310511
Folder Deleted : C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\a2dt91bk.default\Extensions\{7e8a1050-cf67-4575-92df-dcc60e7d952d}
Folder Deleted : C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Deleted : C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\a2dt91bk.default\searchplugins\MyStart Search.xml
File Deleted : C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\a2dt91bk.default\user.js

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKCU\Software\5953dfd9bd6aee40
Key Deleted : HKLM\SOFTWARE\5953dfd9bd6aee40
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3310511
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\Conduit

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16736

-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\a2dt91bk.default\prefs.js ]

Line Deleted : user_pref("CT3310511.FF19Solved", "true");
Line Deleted : user_pref("CT3310511.UserID", "UN34068345823228531");
Line Deleted : user_pref("CT3310511.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3310511.fullUserID", "UN34068345823228531.IN.20131123144005");
Line Deleted : user_pref("CT3310511.installDate", "23/11/2013 14:40:06");
Line Deleted : user_pref("CT3310511.installSessionId", "{B8F6EA79-BFA3-4ABF-84E1-8A06A0825582}");
Line Deleted : user_pref("CT3310511.installSp", "TRUE");
Line Deleted : user_pref("CT3310511.installerVersion", "1.8.1.4");
Line Deleted : user_pref("CT3310511.keyword", "true");
Line Deleted : user_pref("CT3310511.originalHomepage", "about:home");
Line Deleted : user_pref("CT3310511.originalSearchAddressUrl", "");
Line Deleted : user_pref("CT3310511.originalSearchEngine", "");
Line Deleted : user_pref("CT3310511.originalSearchEngineName", "");
Line Deleted : user_pref("CT3310511.searchRevert", "false");
Line Deleted : user_pref("CT3310511.searchUninstallUserMode", "2");
Line Deleted : user_pref("CT3310511.searchUserMode", "2");
Line Deleted : user_pref("CT3310511.smartbar.homepage", "true");
Line Deleted : user_pref("CT3310511.toolbarInstallDate", "23-11-2013 14:40:05");
Line Deleted : user_pref("CT3310511.versionFromInstaller", "10.22.5.10");
Line Deleted : user_pref("CT3310511.xpeMode", "0");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Line Deleted : user_pref("browser.search.defaultenginename", "SweetPacks Customized Web Search");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "SweetPacks Customized Web Search");

Line Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true);

Line Deleted : user_pref("extensions.claro.admin", false);
Line Deleted : user_pref("extensions.claro.aflt", "babsst");
Line Deleted : user_pref("extensions.claro.appId", "{C3110516-8EFC-49D6-8B72-69354F332062}");
Line Deleted : user_pref("extensions.claro.dfltLng", "en");
Line Deleted : user_pref("extensions.claro.excTlbr", false);
Line Deleted : user_pref("extensions.claro.id", "2e109f21000000000000c0cb3839c78b");
Line Deleted : user_pref("extensions.claro.instlDay", "15657");
Line Deleted : user_pref("extensions.claro.instlRef", "sst");
Line Deleted : user_pref("extensions.claro.prdct", "claro");
Line Deleted : user_pref("extensions.claro.prtnrId", "claro");
Line Deleted : user_pref("extensions.claro.tlbrId", "claro");
Line Deleted : user_pref("extensions.claro.tlbrSrchUrl", "");
Line Deleted : user_pref("extensions.claro.vrsn", "1.8.3.10");
Line Deleted : user_pref("extensions.claro.vrsni", "1.8.3.10");
Line Deleted : user_pref("extensions.claro_i.smplGrp", "none");
Line Deleted : user_pref("extensions.claro_i.vrsnTs", "1.8.3.1021:46:22");
Line Deleted : user_pref("extensions.crossrider.bic", "13af7ac65724e7d5550cff6379ab9e6b");
Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3310511");


Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3310511");
Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3310511");
Line Deleted : user_pref("smartbar.machineId", "LJ3V+ZZE/2VATE3C9KRNXAGJ+L7KR+CEFWFBRKRA9L75XND/UAMP3MBSV5ZQCBETTCLDGSH2SZHDWG+TVENTUQ");

*************************

AdwCleaner[R0].txt - [7336 octets] - [27/11/2013 19:10:20]
AdwCleaner[s0].txt - [7192 octets] - [27/11/2013 20:10:47]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [7252 octets] ##########

Link to post
Share on other sites

mbam log:

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.11.28.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16736
Dan :: HP-G72-DAN [administrator]

Protection: Enabled

11/27/2013 8:22:37 PM
mbam-log-2013-11-27 (20-22-37).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 206460
Time elapsed: 6 minute(s), 8 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCR\CLSID\{10AD2C61-0898-4348-8600-14A342F22AC3} (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\$Recycle.Bin\S-1-5-21-1279983707-131282063-3389478783-1000\$RRAGGSL.exe (PUP.Optional.InstallIQ) -> Quarantined and deleted successfully.

(end)

 

 

 

 

System Look:

 

SystemLook 30.07.11 by jpshortstuff
Log created at 20:36 on 27/11/2013 by Dan
Administrator - Elevation successful

========== filefind ==========

Searching for "*Scorpion*"
C:\Users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0A5EXVFY\unable-to-fully-remove-scorpion-saver[1].htm --a---- 146801 bytes [00:41 28/11/2013] [00:41 28/11/2013] D934F03C102A35A58C89B466C2529DFC
C:\Users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2N723IB3\Scorpion-Saver-Firefox-extensions[1].jpg --a---- 25025 bytes [06:15 26/11/2013] [06:15 26/11/2013] 9C0C4339E5CCDC60CF609D34978394F6
C:\Users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AXWAKI9U\Scorpion-Saver-Ads[1].jpg --a---- 51488 bytes [06:15 26/11/2013] [06:15 26/11/2013] 32A62E588393EE456B50E1C2080A6FDB
C:\Users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AXWAKI9U\Scorpion-Saver-Chrome-extensions[1].jpg --a---- 32883 bytes [06:15 26/11/2013] [06:15 26/11/2013] 8303A4A8C9E0555328077D36C6070C83
C:\Users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AXWAKI9U\Scorpion-Saver-uninstall[1].jpg --a---- 37224 bytes [06:15 26/11/2013] [06:15 26/11/2013] A7D150A57463C176789140F02694BF97
C:\Users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AXWAKI9U\scorpion-saver[1].png --a---- 1342 bytes [06:11 26/11/2013] [06:11 26/11/2013] C51DCB4776983987646A297AF0F32917
C:\Users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AXWAKI9U\scorpion-saver_1[1].png --a---- 206434 bytes [06:11 26/11/2013] [06:11 26/11/2013] E4B3DED31FE89CF8A7DE68C0D6B9BF03
C:\Users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PWPR6J5P\scorpion-saver-removal[1].htm --a---- 50873 bytes [06:15 26/11/2013] [06:15 26/11/2013] 4D69F8154549CDABD5A3497D048BB8AC
C:\Users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PWPR6J5P\scorpion-saver-removal[2].htm --a---- 17 bytes [00:58 27/11/2013] [00:58 27/11/2013] D54D7B54552E6042D993070960D49E66
C:\Users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PWPR6J5P\Scorpion-Saver-virus[1].jpg --a---- 75200 bytes [06:15 26/11/2013] [06:15 26/11/2013] 1E534421E00DAF6496C47663B4FFDD86
C:\Users\Dan\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\4OHD9248\f.scorpionsaverjs[1].xml --a---- 13 bytes [00:47 27/11/2013] [00:57 27/11/2013] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\Users\Dan\Favorites\Remove Scorpion Saver pop-up ads (Virus Removal Guide).url --a---- 4057 bytes [06:19 26/11/2013] [06:19 26/11/2013] D0AB194617D3DF9D922A294E250CE16E
C:\Users\Dan\Music\iTunes\iTunes Media\Music\Lucy Kaplansky\Flesh And Bone\01 Scorpion.m4a --a---- 3774307 bytes [18:04 15/01/2011] [00:51 13/10/2007] 0BA6F8BB0C335F410CBCF262298DBA9B

========== folderfind ==========

Searching for "*Scorpion*"
C:\Users\Dan\Music\iTunes\iTunes Media\Music\Scorpions d------ [02:39 12/01/2011]
C:\Users\Dan\Music\New Music from Scott\Music\Scorpions d------ [18:32 09/01/2011]

========== regfind ==========

Searching for "*Scorpion*"
No data found.

Searching for "Scorpion"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\scorpionsaverjs.info]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SOFTWARE\Wow6432Node\CLSID\F5D333A8-C748-4686-AE0A-9E008F670C22]
@="ScorpionSaver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SOFTWARE\Wow6432Node\CLSID\F5D333A8-C748-4686-AE0A-9E008F670C22\InProcServer32]
@="C:\Program Files(x86)\ScorpionSaver\IECore.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Scorpion Saver]
[HKEY_USERS\S-1-5-21-1279983707-131282063-3389478783-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\scorpionsaverjs.info]

-= EOF =-

Link to post
Share on other sites

Download OTM from either of the following links and save to your Desktop: (If your security alerts to OTM, either accept the alert or turn off security to allow OTM to run)

http://oldtimer.geekstogo.com/OTM.exe.
http://www.itxassociates.com/OT-Tools/OTM.com
http://www.itxassociates.com/OT-Tools/OTM.exe  

Double click OTM.exe to start the tool. Vista or Windows 7 users accepy UAC alert. Be aware all processes will be stopped during run, also Desktop will disappear, this will be put back on completion.... If your security alerts to OTM either, accept the alert or turn off security until OTM completes...

  • Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy). Ensure to start with and include the colon before Reg :Reg

    :Reg[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\scorpionsaverjs.info][-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SOFTWARE\Wow6432Node\CLSID\F5D333A8-C748-4686-AE0A-9E008F670C22][-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SOFTWARE\Wow6432Node\CLSID\F5D333A8-C748-4686-AE0A-9E008F670C22\InProcServer32][-HKEY_LOCAL_MACHINE\SOFTWARE\Scorpion Saver][-HKEY_USERS\S-1-5-21-1279983707-131282063-3389478783-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\scorpionsaverjs.info]:FilesC:\Users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0A5EXVFY\unable-to-fully-remove-scorpion-saver[1].htmC:\Users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2N723IB3\Scorpion-Saver-Firefox-extensions[1].jpgC:\Users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AXWAKI9U\Scorpion-Saver-Ads[1].jpgC:\Users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AXWAKI9U\Scorpion-Saver-Chrome-extensions[1].jpgC:\Users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AXWAKI9U\Scorpion-Saver-uninstall[1].jpgC:\Users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AXWAKI9U\scorpion-saver[1].pngC:\Users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AXWAKI9U\scorpion-saver_1[1].pngC:\Users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PWPR6J5P\scorpion-saver-removal[1].htmC:\Users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PWPR6J5P\scorpion-saver-removal[2].htmC:\Users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PWPR6J5P\Scorpion-Saver-virus[1].jpgC:\Users\Dan\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\4OHD9248\f.scorpionsaverjs[1].xmlC:\Users\Dan\Favorites\Remove Scorpion Saver pop-up ads (Virus Removal Guide).url:Commands[EmptyTemp]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red btnmoveit.png button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM


Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.

 

Post that log, let me know if there are any remaining issues or concerns....

 

Kevin

Link to post
Share on other sites

I downloaded and installed the otm utility and ran it as you instructed. It finished in a minute or two, and told me to reboot, which I did.

Upon rebooting, I just have a black screen and a cursor (no desktop). You mentioned this would happen but from your description, I expected it before the reboot? Is this normal? It's been like this for some time now and nothing is happening. Am I just being impatient?

Link to post
Share on other sites

Upon restart, this is the log I got. I went to the "uninstall programs" list on both Windows and Revo, and Scorpion Saver is still listed in both.

 

Should I rerun these processes again?

 

 

All processes killed
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\scorpionsaverjs.info\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SOFTWARE\Wow6432Node\CLSID\F5D333A8-C748-4686-AE0A-9E008F670C22\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SOFTWARE\Wow6432Node\CLSID\F5D333A8-C748-4686-AE0A-9E008F670C22\InProcServer32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Scorpion Saver\ not found.
Registry key HKEY_USERS\S-1-5-21-1279983707-131282063-3389478783-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\scorpionsaverjs.info\ not found.
========== FILES ==========
File/Folder C:\Users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0A5EXVFY\unable-to-fully-remove-scorpion-saver[1].htm not found.
C:\Users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2N723IB3\Scorpion-Saver-Firefox-extensions[1].jpg moved successfully.
C:\Users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AXWAKI9U\Scorpion-Saver-Ads[1].jpg moved successfully.
C:\Users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AXWAKI9U\Scorpion-Saver-Chrome-extensions[1].jpg moved successfully.
C:\Users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AXWAKI9U\Scorpion-Saver-uninstall[1].jpg moved successfully.
C:\Users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AXWAKI9U\scorpion-saver[1].png moved successfully.
C:\Users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AXWAKI9U\scorpion-saver_1[1].png moved successfully.
C:\Users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PWPR6J5P\scorpion-saver-removal[1].htm moved successfully.
File/Folder C:\Users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PWPR6J5P\scorpion-saver-removal[2].htm not found.
C:\Users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PWPR6J5P\Scorpion-Saver-virus[1].jpg moved successfully.
C:\Users\Dan\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\4OHD9248\f.scorpionsaverjs[1].xml moved successfully.
C:\Users\Dan\Favorites\Remove Scorpion Saver pop-up ads (Virus Removal Guide).url moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Dan
->Temp folder emptied: 1932969 bytes
->Temporary Internet Files folder emptied: 233640838 bytes
->Java cache emptied: 705954 bytes
->FireFox cache emptied: 160449975 bytes
->Flash cache emptied: 26165 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4091173 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33298 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 753 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42369124 bytes
RecycleBin emptied: 168617 bytes
 
Total Files Cleaned = 423.00 mb
 
 
OTM by OldTimer - Version 3.1.21.0 log created on 11282013_093800

Files moved on Reboot...
C:\Users\Dan\AppData\Local\Temp\Low\JavaDeployReg.log moved successfully.
C:\Users\Dan\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UCCXOGOX\index[4].htm moved successfully.
C:\Users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UCCXOGOX\postmessageRelay[2].htm moved successfully.
C:\Users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2YAQFINI\fastbutton[1].htm moved successfully.
C:\Users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2YAQFINI\like[5].htm moved successfully.
C:\Users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2YAQFINI\xd_arbiter[4].htm moved successfully.
C:\Users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\7A7E08C8-3FF5-45F2-873D-A84D669DC82F.dat moved successfully.
C:\Users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
C:\Users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

Registry entries deleted on Reboot...

Link to post
Share on other sites

Run the following to remove ScorpionSaver from the installed programs list:

 

Go to the following link and download MyUninstaller Open the link and scroll down below "Feedback" to find access to the d/l. Also read all of the available information at the link, specifically the section marked "Removing an Uninstall entry"

http://www.nirsoft.net/utils/myuninst.html

When you have the d/l unzip to your Desktop. Right click on the application and select "Run as Administrator" the program is a standalone executable so will not install.

When the program runs wait and the main interface will populate with an Installed Programs list.

Check through the list until you see an entry for ScorpionSaver. Below the menu bar are column headers, look under Obsolete and Uninstall If the word Yes is listed under Obsolete and not Uninstall against the ScorpionSaver entry it means we can safely delete that entry.

With ScorpionSaver Highlighted, either select > File > Delete Selected Entry or with ScorpionSaver selected (highlighted) click on the icon from the menu bar for "Delete selected entry". It looks like a red cross. I`ve also added a screen shot of the interface.

java.jpg

 

Next,

 

Do the following links to reset browsers to Default settings:

 

Internet Explorer  -  http://support.microsoft.com/kb/923737

 

FireFox                -  https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-most-problems

 

Chrome               -  https://support.google.com/chrome/answer/3296214?hl=en

 

Next,

 

Run Malwarebytes,  Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Full scan....

Make sure that everything is checked, and click Remove Selected on any found items.

 

Post the produced log, let me know if any remaining issues or concerns....

 

Kevin

Link to post
Share on other sites

I downloaded the MyUninstaller app and opened it. Scorpion Saver is listed and shows "NO" under Obsolete and "YES" under Uninstall. So I'm to assume the problem is still present?

 

My computer performance is getting worse. I just got home and fired it up to run this and it froze twice on rebooting. And then ironically, I got a pop up ad from Scorpion Saver for a service to remove Scorpion Saver. WTF?

 

I'm going to run Revo, adwcleaner, and MBAM again and post the logs...

Link to post
Share on other sites

Ok, I have been running all these scans numerous times and have reset my browsers several times as well. Please not that I DO NOT have google chrome on my computer even though I see it listed in some of these scans. So here is where I'm at right now.

 

Scorpion Saver is not showing up in the "uninstall" lists on Windows or Revo, but clearly parts of it are still floating in my system. Please tell me what to try next.

 

 

 

My latest adwcleaner log. That one Firefox thing keeps coming back. No idea what it means.

 

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16736

-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\eslc864v.default-1385756225182\prefs.js ]

*************************

AdwCleaner[R0].txt - [7336 octets] - [27/11/2013 19:10:20]
AdwCleaner[R1].txt - [887 octets] - [28/11/2013 20:08:52]
AdwCleaner[R2].txt - [1005 octets] - [29/11/2013 10:42:13]
AdwCleaner[R3].txt - [1126 octets] - [29/11/2013 15:04:43]
AdwCleaner[R4].txt - [1260 octets] - [29/11/2013 15:34:40]
AdwCleaner[s0].txt - [7332 octets] - [27/11/2013 20:10:47]
AdwCleaner[s1].txt - [947 octets] - [28/11/2013 20:10:24]
AdwCleaner[s2].txt - [1066 octets] - [29/11/2013 10:43:13]
AdwCleaner[s3].txt - [1091 octets] - [29/11/2013 15:18:33]
AdwCleaner[s4].txt - [1182 octets] - [29/11/2013 15:50:31]

########## EOF - C:\AdwCleaner\AdwCleaner[s4].txt - [1242 octets] ##########

 

 

 

Here is my latest JRT Log. That one file listed also keeps returning.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by Dan on Fri 11/29/2013 at 15:37:56.10
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

Successfully deleted: [File] C:\Windows\syswow64\sho7712.tmp

 

~~~ Folders

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 11/29/2013 at 15:46:36.80
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Link to post
Share on other sites

My latest System Look log. Notice that I added *adpeak* to the search.

 

 

SystemLook 30.07.11 by jpshortstuff
Log created at 16:48 on 29/11/2013 by Dan
Administrator - Elevation successful

========== filefind ==========

Searching for "*Scorpion*"
C:\temp\ScorpionSaver.msi --a---- 3182592 bytes [14:40 28/11/2013] [14:40 28/11/2013] 59A6501D0C16BD6C8E56A09DDA0CB4BD
C:\Users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FOYJXCNL\Scorpion-Saver-Chrome-extensions[1].jpg --a---- 32883 bytes [01:36 29/11/2013] [01:36 29/11/2013] 8303A4A8C9E0555328077D36C6070C83
C:\Users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FOYJXCNL\scorpion-saver-removal[1].htm --a---- 50697 bytes [01:36 29/11/2013] [01:36 29/11/2013] E9C81795A146FC62000194C8592C1BD5
C:\Users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\L9M3DKPV\Scorpion-Saver-Ads[1].jpg --a---- 51488 bytes [01:36 29/11/2013] [01:36 29/11/2013] 32A62E588393EE456B50E1C2080A6FDB
C:\Users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\L9M3DKPV\Scorpion-Saver-Firefox-extensions[1].jpg --a---- 25025 bytes [01:36 29/11/2013] [01:36 29/11/2013] 9C0C4339E5CCDC60CF609D34978394F6
C:\Users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XQ72FUV5\Scorpion-Saver-uninstall[1].jpg --a---- 37224 bytes [01:36 29/11/2013] [01:36 29/11/2013] A7D150A57463C176789140F02694BF97
C:\Users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XQ72FUV5\Scorpion-Saver-virus[1].jpg --a---- 75200 bytes [01:36 29/11/2013] [01:36 29/11/2013] 1E534421E00DAF6496C47663B4FFDD86
C:\Users\Dan\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\O0KDMSVC\static.scorpionsaver[1].xml --a---- 1076 bytes [16:28 28/11/2013] [01:01 29/11/2013] 7513E3C3C3698173C7C99B9CCCC8BA49
C:\Users\Dan\Music\iTunes\iTunes Media\Music\Lucy Kaplansky\Flesh And Bone\01 Scorpion.m4a --a---- 3774307 bytes [18:04 15/01/2011] [00:51 13/10/2007] 0BA6F8BB0C335F410CBCF262298DBA9B
C:\_OTM\MovedFiles\11282013_093800\C_Users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2N723IB3\Scorpion-Saver-Firefox-extensions[1].jpg --a---- 25025 bytes [06:15 26/11/2013] [06:15 26/11/2013] 9C0C4339E5CCDC60CF609D34978394F6
C:\_OTM\MovedFiles\11282013_093800\C_Users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AXWAKI9U\Scorpion-Saver-Ads[1].jpg --a---- 51488 bytes [06:15 26/11/2013] [06:15 26/11/2013] 32A62E588393EE456B50E1C2080A6FDB
C:\_OTM\MovedFiles\11282013_093800\C_Users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AXWAKI9U\Scorpion-Saver-Chrome-extensions[1].jpg --a---- 32883 bytes [06:15 26/11/2013] [06:15 26/11/2013] 8303A4A8C9E0555328077D36C6070C83
C:\_OTM\MovedFiles\11282013_093800\C_Users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AXWAKI9U\Scorpion-Saver-uninstall[1].jpg --a---- 37224 bytes [06:15 26/11/2013] [06:15 26/11/2013] A7D150A57463C176789140F02694BF97
C:\_OTM\MovedFiles\11282013_093800\C_Users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AXWAKI9U\scorpion-saver[1].png --a---- 1342 bytes [06:11 26/11/2013] [06:11 26/11/2013] C51DCB4776983987646A297AF0F32917
C:\_OTM\MovedFiles\11282013_093800\C_Users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AXWAKI9U\scorpion-saver_1[1].png --a---- 206434 bytes [06:11 26/11/2013] [06:11 26/11/2013] E4B3DED31FE89CF8A7DE68C0D6B9BF03
C:\_OTM\MovedFiles\11282013_093800\C_Users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PWPR6J5P\scorpion-saver-removal[1].htm --a---- 50873 bytes [06:15 26/11/2013] [06:15 26/11/2013] 4D69F8154549CDABD5A3497D048BB8AC
C:\_OTM\MovedFiles\11282013_093800\C_Users\Dan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PWPR6J5P\Scorpion-Saver-virus[1].jpg --a---- 75200 bytes [06:15 26/11/2013] [06:15 26/11/2013] 1E534421E00DAF6496C47663B4FFDD86
C:\_OTM\MovedFiles\11282013_093800\C_Users\Dan\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\4OHD9248\f.scorpionsaverjs[1].xml --a---- 13 bytes [00:47 27/11/2013] [00:57 27/11/2013] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\_OTM\MovedFiles\11282013_093800\C_Users\Dan\Favorites\Remove Scorpion Saver pop-up ads (Virus Removal Guide).url --a---- 4057 bytes [06:19 26/11/2013] [06:19 26/11/2013] D0AB194617D3DF9D922A294E250CE16E

Searching for "*adpeak*"
C:\Windows\System32\AdpeakProxy64.dll --a---- 439296 bytes [19:54 24/11/2013] [15:18 16/10/2013] 78857BF5996E9BC8E82C1B671CBF85E6
C:\Windows\SysWOW64\AdpeakProxy.dll --a---- 338944 bytes [19:54 24/11/2013] [15:18 16/10/2013] 85FB18C4B0665C24E6BAA502837011A5

========== folderfind ==========

Searching for "*Scorpion*"
C:\Users\Dan\Music\iTunes\iTunes Media\Music\Scorpions d------ [02:39 12/01/2011]
C:\Users\Dan\Music\New Music from Scott\Music\Scorpions d------ [18:32 09/01/2011]

Searching for "*adpeak*"
No folders found.

========== regfind ==========

Searching for "*Scorpion*"
No data found.

Searching for "*adpeak*"
No data found.

Searching for "Scorpion"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SOFTWARE\Wow6432Node\CLSID\F5D333A8-C748-4686-AE0A-9E008F670C22]
@="ScorpionSaver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SOFTWARE\Wow6432Node\CLSID\F5D333A8-C748-4686-AE0A-9E008F670C22\InProcServer32]
@="C:\Program Files(x86)\ScorpionSaver\IECore.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Scorpion Saver]

Searching for "adpeak"
No data found.

-= EOF =-

Link to post
Share on other sites

I notice some of the people here request a FRST scan and log, so if this helps...

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-11-2013
Ran by Dan (administrator) on HP-G72-DAN on 29-11-2013 16:48:06
Running from C:\Users\Dan\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CinemaNow, Inc.) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
() C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
() C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\ccsvchst.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\ccsvchst.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe
(Audible, Inc.) C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dropbox, Inc.) C:\Users\Dan\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicator.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsd.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_11_7_700_224_ActiveX.exe
() C:\Users\Dan\Desktop\SystemLook_x64.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2095400 2010-04-15] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6234144 2010-03-13] (Realtek Semiconductor)
HKLM\...\Run: [HPWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-06-18] (Hewlett-Packard Company)
HKLM\...\Run: [intelliPoint] - C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2320752 2009-11-05] (Microsoft Corporation)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [HP Deskjet 3520 series (NET)] - C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe [2551656 2012-01-31] (Hewlett-Packard Co.)
MountPoints2: F - F:\LaunchU3.exe -a
HKLM-x32\...\Run: [iAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [Microsoft Default Manager] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [288088 2009-11-11] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [602680 2010-07-02] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKU\Default\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [1712184 2010-02-09] ()
HKU\Default User\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [1712184 2010-02-09] ()
Startup: C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Dan\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x577A5027A3ECCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {C6533ACD-D0A7-4CF9-A492-323D09D8C0C1} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM - {CC77866D-83CC-476D-8B37-2891DEBF635B} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM - {D80DE8EC-0CAB-4066-A108-2DB20A43AC78} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {C6533ACD-D0A7-4CF9-A492-323D09D8C0C1} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 - {CC77866D-83CC-476D-8B37-2891DEBF635B} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {CC77866D-83CC-476D-8B37-2891DEBF635B} URL =
SearchScopes: HKCU - {D80DE8EC-0CAB-4066-A108-2DB20A43AC78} URL =
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\eslc864v.default-1385756225182
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=1.1.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn\
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFF

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (Norton Identity Protection) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.1.0.32
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\Exts\Chrome.crx

==================== Services (Whitelisted) =================

R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [27192 2010-07-02] ()
R2 Level Quality Watcher; C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe [511480 2013-10-31] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-20] (Symantec Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)

==================== Drivers (Whitelisted) ====================

R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20131114.001\BHDrvx64.sys [1524824 2013-10-22] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1404000.028\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-21] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-21] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20131128.001\IDSvia64.sys [521816 2013-11-13] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20131129.001\ENG64.SYS [126040 2013-11-15] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20131129.001\EX64.SYS [2099288 2013-11-15] (Symantec Corporation)
R3 RSUSBSTOR; C:\Windows\SysWow64\Drivers\RtsUStor.sys [225280 2009-09-22] (Realtek Semiconductor Corp.)
R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1404000.028\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1404000.028\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1404000.028\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1404000.028\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-07-20] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1404000.028\Ironx64.SYS [224416 2012-07-27] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1404000.028\SYMNETS.SYS [433752 2013-04-24] (Symantec Corporation)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-11-29 16:48 - 2013-11-29 16:50 - 00017485 _____ C:\Users\Dan\Desktop\FRST.txt
2013-11-29 16:47 - 2013-11-29 16:47 - 00000000 ____D C:\FRST
2013-11-29 16:34 - 2013-11-29 16:34 - 01959024 _____ (Farbar) C:\Users\Dan\Desktop\FRST64.exe
2013-11-29 15:46 - 2013-11-29 15:46 - 00000695 _____ C:\Users\Dan\Desktop\JRT.txt
2013-11-29 15:17 - 2013-11-29 15:17 - 00000000 ____D C:\Users\Dan\Desktop\Old Firefox Data
2013-11-28 20:38 - 2013-11-28 20:38 - 00000000 ____D C:\Windows\ERUNT
2013-11-28 20:37 - 2013-11-28 20:37 - 01034531 _____ (Thisisu) C:\Users\Dan\Desktop\JRT.exe
2013-11-28 19:59 - 2013-11-29 10:41 - 00000634 _____ C:\Users\Dan\Desktop\myuninst.cfg
2013-11-28 19:46 - 2013-11-28 19:46 - 00046124 _____ C:\Users\Dan\Desktop\myuninst.zip
2013-11-28 11:23 - 2013-11-28 11:23 - 00010046 _____ C:\Users\Dan\Desktop\11282013_093800.log
2013-11-28 09:38 - 2013-11-28 09:38 - 00000000 ____D C:\_OTM
2013-11-28 09:35 - 2013-11-28 09:35 - 00522240 _____ (OldTimer Tools) C:\Users\Dan\Desktop\OTM.exe
2013-11-27 20:36 - 2013-11-29 16:48 - 00000364 _____ C:\Users\Dan\Desktop\SystemLook.txt
2013-11-27 20:09 - 2013-11-27 20:09 - 00165376 _____ C:\Users\Dan\Desktop\SystemLook_x64.exe
2013-11-27 19:09 - 2013-11-29 15:50 - 00000000 ____D C:\AdwCleaner
2013-11-27 16:07 - 2013-11-27 16:07 - 01091882 _____ C:\Users\Dan\Desktop\AdwCleaner.exe
2013-11-26 21:31 - 2013-11-28 12:16 - 00024080 _____ C:\Users\Dan\Desktop\dds.txt
2013-11-26 21:31 - 2013-11-28 12:16 - 00014160 _____ C:\Users\Dan\Desktop\attach.txt
2013-11-26 20:47 - 2013-11-26 20:47 - 00000017 _____ C:\Windows\SysWOW64\shortcut_ex.dat
2013-11-26 20:33 - 2013-11-26 20:33 - 00688992 ____R (Swearware) C:\Users\Dan\Desktop\dds.scr
2013-11-24 14:54 - 2013-10-16 10:18 - 00439296 _____ (Adpeak, Inc.) C:\Windows\system32\AdpeakProxy64.dll
2013-11-24 14:54 - 2013-10-16 10:18 - 00338944 _____ (Adpeak, Inc.) C:\Windows\SysWOW64\AdpeakProxy.dll
2013-11-23 17:17 - 2013-11-23 17:17 - 00001264 _____ C:\Users\Dan\Desktop\Revo Uninstaller.lnk
2013-11-23 17:17 - 2013-11-23 17:17 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2013-11-23 16:30 - 2013-11-23 16:30 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Malwarebytes
2013-11-23 16:29 - 2013-11-23 16:29 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-23 16:29 - 2013-11-23 16:29 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-23 16:29 - 2013-11-23 16:29 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-23 16:29 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-11-23 14:53 - 2013-02-09 22:59 - 00445693 _____ C:\Windows\system32\Drivers\etc\hosts.20131123-145302.backup
2013-11-23 14:42 - 2013-11-23 14:42 - 00000000 ____D C:\Program Files\Level Quality Watcher
2013-11-13 23:32 - 2013-10-12 03:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-13 23:32 - 2013-10-12 03:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-13 23:32 - 2013-10-12 03:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-13 23:32 - 2013-10-12 03:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-13 23:32 - 2013-10-12 03:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-13 23:32 - 2013-10-12 03:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-13 23:32 - 2013-10-12 03:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-13 23:32 - 2013-10-12 03:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-13 23:32 - 2013-10-12 03:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-13 23:32 - 2013-10-12 03:43 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-13 23:32 - 2013-10-12 03:43 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-13 23:32 - 2013-10-12 03:43 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-13 23:32 - 2013-10-12 03:43 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-13 23:32 - 2013-10-12 03:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-13 23:32 - 2013-10-12 02:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-13 23:32 - 2013-10-12 02:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-13 23:32 - 2013-10-12 02:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-13 23:32 - 2013-10-12 02:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-13 23:32 - 2013-10-12 02:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-13 23:32 - 2013-10-12 02:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-13 23:32 - 2013-10-12 02:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-13 23:32 - 2013-10-12 02:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-13 23:32 - 2013-10-12 02:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-13 23:32 - 2013-10-12 02:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-13 23:32 - 2013-10-12 02:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-13 23:32 - 2013-10-12 02:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-13 23:32 - 2013-10-12 02:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-13 23:32 - 2013-10-12 01:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-13 23:32 - 2013-10-12 01:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-13 23:32 - 2013-10-12 00:44 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-13 23:32 - 2013-10-12 00:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-13 18:34 - 2013-10-05 15:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-13 18:34 - 2013-10-05 14:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-13 18:34 - 2013-10-03 21:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-13 18:34 - 2013-10-03 21:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-13 18:34 - 2013-10-03 21:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-13 18:34 - 2013-10-03 20:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-13 18:34 - 2013-10-03 20:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-13 18:34 - 2013-10-03 20:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-13 18:34 - 2013-09-27 20:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-13 18:33 - 2013-10-11 21:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-13 18:33 - 2013-10-11 21:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-13 18:33 - 2013-10-11 21:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-13 18:33 - 2013-10-11 21:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-13 18:33 - 2013-10-11 21:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-13 18:33 - 2013-10-02 21:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-13 18:33 - 2013-10-02 21:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-13 18:33 - 2013-09-24 21:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-13 18:33 - 2013-09-24 21:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-13 18:33 - 2013-09-24 21:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-13 18:33 - 2013-09-24 21:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-13 18:33 - 2013-09-24 21:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-13 18:33 - 2013-09-24 21:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-13 18:33 - 2013-09-24 21:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-13 18:33 - 2013-09-24 21:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-13 18:33 - 2013-09-24 20:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-13 18:33 - 2013-09-24 20:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-13 18:33 - 2013-09-24 20:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-13 18:33 - 2013-09-24 20:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-13 18:33 - 2013-09-24 20:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-13 18:33 - 2013-07-04 07:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-02 20:38 - 2013-11-28 20:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2013-11-29 16:50 - 2013-11-29 16:48 - 00017485 _____ C:\Users\Dan\Desktop\FRST.txt
2013-11-29 16:48 - 2013-11-27 20:36 - 00000364 _____ C:\Users\Dan\Desktop\SystemLook.txt
2013-11-29 16:48 - 2009-07-13 23:45 - 00023248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-29 16:48 - 2009-07-13 23:45 - 00023248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-29 16:47 - 2013-11-29 16:47 - 00000000 ____D C:\FRST
2013-11-29 16:44 - 2010-10-27 23:28 - 02079504 _____ C:\Windows\WindowsUpdate.log
2013-11-29 16:39 - 2013-10-01 13:39 - 00000000 ___RD C:\Users\Dan\Dropbox
2013-11-29 16:39 - 2013-10-01 13:37 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Dropbox
2013-11-29 16:38 - 2013-10-18 22:13 - 00000888 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-29 16:38 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-29 16:38 - 2009-07-13 23:51 - 00103551 _____ C:\Windows\setupact.log
2013-11-29 16:34 - 2013-11-29 16:34 - 01959024 _____ (Farbar) C:\Users\Dan\Desktop\FRST64.exe
2013-11-29 16:18 - 2013-10-18 22:13 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-29 15:50 - 2013-11-27 19:09 - 00000000 ____D C:\AdwCleaner
2013-11-29 15:46 - 2013-11-29 15:46 - 00000695 _____ C:\Users\Dan\Desktop\JRT.txt
2013-11-29 15:17 - 2013-11-29 15:17 - 00000000 ____D C:\Users\Dan\Desktop\Old Firefox Data
2013-11-29 10:41 - 2013-11-28 19:59 - 00000634 _____ C:\Users\Dan\Desktop\myuninst.cfg
2013-11-28 20:55 - 2013-11-02 20:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-28 20:38 - 2013-11-28 20:38 - 00000000 ____D C:\Windows\ERUNT
2013-11-28 20:37 - 2013-11-28 20:37 - 01034531 _____ (Thisisu) C:\Users\Dan\Desktop\JRT.exe
2013-11-28 19:48 - 2011-06-20 01:44 - 00035840 _____ (NirSoft) C:\Users\Dan\Desktop\myuninst.exe
2013-11-28 19:46 - 2013-11-28 19:46 - 00046124 _____ C:\Users\Dan\Desktop\myuninst.zip
2013-11-28 12:16 - 2013-11-26 21:31 - 00024080 _____ C:\Users\Dan\Desktop\dds.txt
2013-11-28 12:16 - 2013-11-26 21:31 - 00014160 _____ C:\Users\Dan\Desktop\attach.txt
2013-11-28 11:23 - 2013-11-28 11:23 - 00010046 _____ C:\Users\Dan\Desktop\11282013_093800.log
2013-11-28 09:38 - 2013-11-28 09:38 - 00000000 ____D C:\_OTM
2013-11-28 09:35 - 2013-11-28 09:35 - 00522240 _____ (OldTimer Tools) C:\Users\Dan\Desktop\OTM.exe
2013-11-27 20:31 - 2010-11-26 21:15 - 00315744 _____ C:\Windows\PFRO.log
2013-11-27 20:09 - 2013-11-27 20:09 - 00165376 _____ C:\Users\Dan\Desktop\SystemLook_x64.exe
2013-11-27 16:07 - 2013-11-27 16:07 - 01091882 _____ C:\Users\Dan\Desktop\AdwCleaner.exe
2013-11-27 16:04 - 2012-06-06 18:16 - 00000000 ____D C:\Users\Dan\AppData\Roaming\uTorrent
2013-11-26 20:47 - 2013-11-26 20:47 - 00000017 _____ C:\Windows\SysWOW64\shortcut_ex.dat
2013-11-26 20:33 - 2013-11-26 20:33 - 00688992 ____R (Swearware) C:\Users\Dan\Desktop\dds.scr
2013-11-23 17:17 - 2013-11-23 17:17 - 00001264 _____ C:\Users\Dan\Desktop\Revo Uninstaller.lnk
2013-11-23 17:17 - 2013-11-23 17:17 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2013-11-23 16:30 - 2013-11-23 16:30 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Malwarebytes
2013-11-23 16:29 - 2013-11-23 16:29 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-23 16:29 - 2013-11-23 16:29 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-23 16:29 - 2013-11-23 16:29 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-23 14:42 - 2013-11-23 14:42 - 00000000 ____D C:\Program Files\Level Quality Watcher
2013-11-18 23:20 - 2012-05-07 18:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-17 23:56 - 2010-12-17 09:06 - 00000000 ____D C:\Users\Dan\AppData\Local\Mozilla
2013-11-17 12:55 - 2009-07-14 00:13 - 00733528 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-13 23:33 - 2013-09-25 21:19 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-13 23:31 - 2013-08-24 14:08 - 00000000 ____D C:\Windows\system32\MRT
2013-11-13 23:27 - 2010-12-25 12:41 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-13 19:00 - 2010-12-25 09:28 - 00003174 _____ C:\Windows\System32\Tasks\HPCeeScheduleForDan
2013-11-13 19:00 - 2010-12-25 09:28 - 00000324 _____ C:\Windows\Tasks\HPCeeScheduleForDan.job
2013-11-03 18:26 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2013-11-02 20:10 - 2013-10-01 13:39 - 00001013 _____ C:\Users\Dan\Desktop\Dropbox.lnk
2013-11-02 20:10 - 2013-10-01 13:37 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-11-02 20:10 - 2010-11-26 14:26 - 00000000 ___RD C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

Some content of TEMP:
====================
C:\Users\Dan\AppData\Local\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-11-03 17:20

==================== End Of Log ============================

Link to post
Share on other sites

And the Farbar "additional"

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-11-2013
Ran by Dan at 2013-11-29 16:50:47
Running from C:\Users\Dan\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Norton Security Suite (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security Suite (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Security Suite (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

Acrobat.com (x32 Version: 1.6.65)
ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.3)
Adobe AIR (x32 Version: 1.5.0.7220)
Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)
Adobe Photoshop Lightroom 4.1 64-bit (Version: 4.1.2)
Adobe Reader XI (11.0.05) (x32 Version: 11.0.05)
Adobe Shockwave Player 11.5 (x32 Version: 11.5.7.609)
Adobe Shockwave Player 12.0 (x32 Version: 12.0.2.122)
Any Video Converter 3.3.9 (x32)
Apple Application Support (x32 Version: 2.3.3)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
Audible Download Manager (x32 Version: 6.6.0.15)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95)
Bing Bar (x32 Version: 7.0.609.0)
Blackhawk Striker 2 (x32 Version: 2.2.0.95)
Bonjour (Version: 3.0.0.10)
Broadcom 802.11 Wireless LAN Adapter (Version: 5.60.350.6)
Build-a-lot 2 (x32 Version: 2.2.0.95)
Chuzzle Deluxe (x32 Version: 2.2.0.95)
CinemaNow Media Manager (x32 Version: 1.9.1.105)
CopyTrans Suite Remove Only (HKCU Version: 2.36)
CyberLink DVD Suite (x32 Version: 7.0.3003)
CyberLink MediaShow (x32 Version: 5.0.1616)
CyberLink PowerDVD 9 (x32 Version: 9.0.1.4217)
CyberLink YouCam (x32 Version: 3.0.2511)
D3DX10 (x32 Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95)
DIY Layout Creator 1.23 (x32)
Dora's Carnival Adventure (x32 Version: 2.2.0.95)
Dropbox (HKCU Version: 2.4.6)
Energy Star Digital Logo (x32 Version: 1.0.1)
Escape Rosecliff Island (x32 Version: 2.2.0.95)
ESU for Microsoft Windows 7 (x32 Version: 1.0.0)
FATE (x32 Version: 2.2.0.95)
FileZilla Client 3.7.0.2 (x32 Version: 3.7.0.2)
Final Drive Nitro (x32 Version: 2.2.0.95)
Flvto Youtube Downloader (x32 Version: 0.3.3)
Google Earth Plug-in (x32 Version: 7.1.1.1888)
Google Update Helper (x32 Version: 1.3.21.165)
Heroes of Hellas 2 - Olympia (x32 Version: 2.2.0.95)
HP Advisor (x32 Version: 3.4.10262.3295)
HP Customer Experience Enhancements (x32 Version: 6.0.1.4)
HP Deskjet 3520 series Basic Device Software (Version: 27.0.847.0)
HP Deskjet 3520 series Setup Guide (x32 Version: 27.0.0)
HP Documentation (x32 Version: 1.1.0.0)
HP Game Console (x32)
HP Games (x32 Version: 1.0.1.3)
HP MediaSmart CinemaNow 2.0 (x32 Version: 2.0)
HP Photo Creations (x32 Version: 1.0.0.3611)
HP Power Manager (x32 Version: 1.0.3)
HP Quick Launch (x32 Version: 2.1.5)
HP Setup (x32 Version: 8.1.4186.3400)
HP Software Framework (x32 Version: 3.5.23.1)
HP Support Assistant (x32 Version: 5.0.14.2)
HP Wireless Assistant (Version: 4.0.9.0)
HPAsset component for HP Active Support Library (x32 Version: 3.0.1.0)
Intel® Control Center (x32 Version: 1.2.1.1007)
Intel® Graphics Media Accelerator Driver (x32 Version: 8.15.10.2131)
Intel® Management Engine Components (x32 Version: 6.0.0.1179)
Intel® Rapid Storage Technology (x32 Version: 9.6.2.1001)
iTunes (Version: 11.0.2.26)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
Java 6 Update 20 (64-bit) (Version: 6.0.200)
JavaFX 2.1.1 (x32 Version: 2.1.1)
Jewel Quest 3 (x32 Version: 2.2.0.95)
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
LabelPrint (x32 Version: 2.5.2907)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Default Manager (x32 Version: 2.1.55.0)
Microsoft IntelliPoint 7.1 (Version: 7.10.344.0)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Home and Student 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0)
Mozilla Firefox 24.0 (x86 en-US) (x32 Version: 24.0)
Mozilla Maintenance Service (x32 Version: 24.0)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Norton Online Backup (x32 Version: 2.1.17869)
Norton Security Suite (x32 Version: 20.4.0.40)
Penguins! (x32 Version: 2.2.0.95)
PhotoNow! (x32 Version: 1.1.6904)
Plants vs. Zombies (x32 Version: 2.2.0.95)
Poker Superstars III (x32 Version: 2.2.0.95)
Polar Bowler (x32 Version: 2.2.0.95)
Polar Golfer (x32 Version: 2.2.0.95)
Power2Go (x32 Version: 6.1.4204)
PowerDirector (x32 Version: 8.0.3003)
QuickTime (x32 Version: 7.73.80.64)
Realtek Ethernet Controller Driver For Windows 7 (x32 Version: 7.21.531.2010)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6066)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30105)
Recovery Manager (x32 Version: 5.5.3023)
Revo Uninstaller 1.95 (x32 Version: 1.95)
Roxio CinemaNow 2.0 (x32 Version: 1.0.278)
RtVOsd (Version: 1.0.3)
Skype™ 5.10 (x32 Version: 5.10.116)
Spybot - Search & Destroy (x32 Version: 1.6.2)
swMSM (x32 Version: 12.0.0.1)
Synaptics Pointing Device Driver (Version: 15.0.17.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553065) (x32)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2566458) (x32)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32)
Update for Microsoft Word 2010 (KB2827323) 32-Bit Edition (x32)
Virtual Families (x32 Version: 2.2.0.95)
Virtual Villagers - The Secret City (x32 Version: 2.2.0.95)
VLC media player 1.1.5 (x32 Version: 1.1.5)
Wheel of Fortune 2 (x32 Version: 2.2.0.95)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3502.0922)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Messenger (x32 Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3502.0922)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live Sync (x32 Version: 14.0.8117.416)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Zuma Deluxe (x32 Version: 2.2.0.95)

==================== Restore Points  =========================

03-11-2013 23:23:55 Scheduled Checkpoint
14-11-2013 04:24:56 Windows Update
23-11-2013 19:48:26 Removed ScorpionSaver
23-11-2013 19:49:51 Removed ScorpionSaver
23-11-2013 20:11:57 Removed ScorpionSaver
23-11-2013 21:41:03 Removed ScorpionSaver
23-11-2013 22:19:44 Revo Uninstaller's restore point - ScorpionSaver
23-11-2013 22:20:35 Removed ScorpionSaver
24-11-2013 23:53:17 Removed ScorpionSaver Services
25-11-2013 00:18:49 Removed ScorpionSaver
25-11-2013 00:20:09 Revo Uninstaller's restore point - ScorpionSaver
25-11-2013 00:20:25 Removed ScorpionSaver
28-11-2013 00:03:41 Removed ScorpionSaver Services
29-11-2013 01:02:19 Revo Uninstaller's restore point - ScorpionSaver
29-11-2013 01:03:13 Removed ScorpionSaver
29-11-2013 20:02:55 Removed ScorpionSaver Services

==================== Hosts content: ==========================

2009-07-13 21:34 - 2013-11-23 14:53 - 00450660 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 www.123moviedownload.com

There are 1000 more lines.

==================== Scheduled Tasks (whitelisted) =============

Task: {1EFCF2E2-F8EB-4633-87B4-E9D0BB9B187C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2013-04-02] (Microsoft)
Task: {253CA6C2-29EE-4D44-ACC1-38710675004E} - System32\Tasks\HPCeeScheduleForDan => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05] (Hewlett-Packard)
Task: {4992E0E0-27C6-4657-A47C-98623318FFE0} - System32\Tasks\Norton Security Suite\Norton Error Processor => C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\symerr.exe [2013-06-03] (Symantec Corporation)
Task: {698EA933-FCCF-413F-90AE-054724E2DBED} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()
Task: {703BC6DC-D7EE-4849-844F-4EC8AE5E4CF2} - System32\Tasks\Norton Security Suite\Norton Error Analyzer => C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\symerr.exe [2013-06-03] (Symantec Corporation)
Task: {970AB1BD-3E10-40AF-A4AA-D63240B1E405} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()
Task: {AEE4ED3D-B4C3-44CE-9378-566513B98C70} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {C7257B46-04E6-4C36-B1A1-0DAC88625B81} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {CF539BF8-CB38-4B8B-97C5-873DD8E77E52} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-18] (Google Inc.)
Task: {D648CA3D-A0B8-457C-BBA9-0DC052EA2CCB} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\wscstub.exe [2013-06-03] (Symantec Corporation)
Task: {F3775224-D337-4EEB-B8E3-923D0812FABF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-18] (Google Inc.)
Task: {F493C2AC-3BE6-4C50-8103-9A58046D5AE6} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2009-11-05] (Microsoft Corporation)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForDan.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2010-01-02 09:42 - 2010-01-02 09:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2010-06-18 18:26 - 2010-06-18 18:26 - 00030264 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_LogicLayer.dll
2010-06-18 18:26 - 2010-06-18 18:26 - 00052280 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HardwareAccess.dll
2010-06-18 18:26 - 2010-06-18 18:26 - 00267832 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPCommon.XmlSerializers.dll
2011-11-01 23:26 - 2011-11-01 23:26 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-11-01 23:26 - 2011-11-01 23:26 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-05-26 10:53 - 2013-05-26 10:53 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2013-07-20 19:20 - 2012-05-30 09:51 - 00699280 ____R () C:\PROGRAM FILES (X86)\NORTON SECURITY SUITE\ENGINE\20.4.0.40\wincfi39.dll
2013-08-23 14:01 - 2013-08-23 14:01 - 25100288 _____ () C:\Users\Dan\AppData\Roaming\Dropbox\bin\libcef.dll
2010-10-27 23:32 - 2010-04-13 11:52 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 53%
Total physical RAM: 3893.86 MB
Available physical RAM: 1795.02 MB
Total Pagefile: 7785.9 MB
Available Pagefile: 5449.95 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:448.45 GB) (Free:118.09 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:17.01 GB) (Free:2.46 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive f: (NIKON D5100) (Removable) (Total:7.39 GB) (Free:5.1 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 1D505CB8)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=448 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=17 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

========================================================
Disk: 1 (Size: 7 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=7 GB) - (Type=0B)

==================== End Of Log ============================

Link to post
Share on other sites

Finally, my last TWO mbam logs:

 

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.11.28.12

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16736
Dan :: HP-G72-DAN [administrator]

Protection: Enabled

11/29/2013 4:00:00 PM
mbam-log-2013-11-29 (16-00-00).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 206443
Time elapsed: 5 minute(s), 56 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 4
HKCR\AppID\AdpeakProxy.exe (PUP.Optional.Adpeak) -> Quarantined and deleted successfully.
HKCR\Wow6432Node\AppID\AdpeakProxy.exe (PUP.Optional.Adpeak) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Adpeak, Inc. (PUP.Optional.Adpeak) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Wow6432Node\Adpeak, Inc. (PUP.Optional.Adpeak) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 2
C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\oclgomenfkljhfkfflghppidonpkljjg (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.
C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\oclgomenfkljhfkfflghppidonpkljjg\5.0_0 (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.

Files Detected: 11
C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\oclgomenfkljhfkfflghppidonpkljjg\5.0_0\background.js (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.
C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\oclgomenfkljhfkfflghppidonpkljjg\5.0_0\bootstrap.js (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.
C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\oclgomenfkljhfkfflghppidonpkljjg\5.0_0\bootstrap.js.old (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.
C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\oclgomenfkljhfkfflghppidonpkljjg\5.0_0\icon128.png (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.
C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\oclgomenfkljhfkfflghppidonpkljjg\5.0_0\icon16.png (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.
C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\oclgomenfkljhfkfflghppidonpkljjg\5.0_0\icon32.png (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.
C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\oclgomenfkljhfkfflghppidonpkljjg\5.0_0\icon48.png (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.
C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\oclgomenfkljhfkfflghppidonpkljjg\5.0_0\icon64.png (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.
C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\oclgomenfkljhfkfflghppidonpkljjg\5.0_0\icon8.png (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.
C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\oclgomenfkljhfkfflghppidonpkljjg\5.0_0\manifest.json (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.
C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\oclgomenfkljhfkfflghppidonpkljjg\5.0_0\marcopolo.js (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.

(end)

 

 

 

 

Last One. Even though it shows things are clean, I can see all the files lurking in the temp folder just waiting to reactivate.

 

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.11.29.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16736
Dan :: HP-G72-DAN [administrator]

Protection: Enabled

11/29/2013 4:23:43 PM
mbam-log-2013-11-29 (16-23-43).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 206577
Time elapsed: 4 minute(s), 16 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Link to post
Share on other sites

Download and install CCleaner from here:

 

http://www.piriform.com/ccleaner/builds

 

Ensure to select Slim version. (No Toolbar)

 

Run CCleaner, from the main GUI select > Tools > Uninstall tab. The installed programs list will populate. Select "ScorpionSaver" (if present) then "delete entry"

 

Any issues with that step just continue with the following....

 

Next,

 

Select > Cleaner > Run Cleaner > all temp files and caches will be deleted/emptied

 

Next,

 

Select > Registry > "Scan for Issues" > with all found entries checked select > "Fix Selected Issues" follow prompts to make back up and remove all entries...

 

When CCleaner is finished reboot and check if this nuisance has finally gone.....

 

CCleaner is an excellent Utility and well worth keeping, bottom left hand corner of main interface is link "Online Help" use that link to get the full instructions for this very handy application.

Link to post
Share on other sites

adwcleaner log:

 

# AdwCleaner v3.013 - Report created 29/11/2013 at 19:34:58
# Updated 24/11/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Dan - HP-G72-DAN
# Running from : C:\Users\Dan\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16736

-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\eslc864v.default-1385756225182\prefs.js ]

*************************

AdwCleaner[R0].txt - [7336 octets] - [27/11/2013 19:10:20]
AdwCleaner[R1].txt - [887 octets] - [28/11/2013 20:08:52]
AdwCleaner[R2].txt - [1005 octets] - [29/11/2013 10:42:13]
AdwCleaner[R3].txt - [1126 octets] - [29/11/2013 15:04:43]
AdwCleaner[R4].txt - [1260 octets] - [29/11/2013 15:34:40]
AdwCleaner[R5].txt - [1380 octets] - [29/11/2013 19:34:03]
AdwCleaner[s0].txt - [7332 octets] - [27/11/2013 20:10:47]
AdwCleaner[s1].txt - [947 octets] - [28/11/2013 20:10:24]
AdwCleaner[s2].txt - [1066 octets] - [29/11/2013 10:43:13]
AdwCleaner[s3].txt - [1091 octets] - [29/11/2013 15:18:33]
AdwCleaner[s4].txt - [1322 octets] - [29/11/2013 15:50:31]
AdwCleaner[s5].txt - [1302 octets] - [29/11/2013 19:34:58]

########## EOF - C:\AdwCleaner\AdwCleaner[s5].txt - [1362 octets] ##########

 

 

 

mbam log:

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.11.29.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16736
Dan :: HP-G72-DAN [administrator]

Protection: Enabled

11/29/2013 7:27:08 PM
mbam-log-2013-11-29 (19-27-08).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 206522
Time elapsed: 5 minute(s), 9 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{10AD2C61-0898-4348-8600-14A342F22AC3} (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{10AD2C61-0898-4348-8600-14A342F22AC3} (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 2
C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\oclgomenfkljhfkfflghppidonpkljjg (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.
C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\oclgomenfkljhfkfflghppidonpkljjg\5.0_0 (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.

Files Detected: 11
C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\oclgomenfkljhfkfflghppidonpkljjg\5.0_0\background.js (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.
C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\oclgomenfkljhfkfflghppidonpkljjg\5.0_0\bootstrap.js (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.
C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\oclgomenfkljhfkfflghppidonpkljjg\5.0_0\bootstrap.js.old (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.
C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\oclgomenfkljhfkfflghppidonpkljjg\5.0_0\icon128.png (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.
C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\oclgomenfkljhfkfflghppidonpkljjg\5.0_0\icon16.png (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.
C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\oclgomenfkljhfkfflghppidonpkljjg\5.0_0\icon32.png (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.
C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\oclgomenfkljhfkfflghppidonpkljjg\5.0_0\icon48.png (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.
C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\oclgomenfkljhfkfflghppidonpkljjg\5.0_0\icon64.png (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.
C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\oclgomenfkljhfkfflghppidonpkljjg\5.0_0\icon8.png (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.
C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\oclgomenfkljhfkfflghppidonpkljjg\5.0_0\manifest.json (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.
C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\oclgomenfkljhfkfflghppidonpkljjg\5.0_0\marcopolo.js (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.

(end)

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.