Need help with removing ScorpionSaver

[Gina0381]

Hi,

 

After downloading a program from cnet, I acquired ScorpionSaver.  I ran AdwCleaner and removed all of the infected files.  My computer seemed to operate properly for approximately 2 days and then the lovely ScorpionSaver appeared again.  After further research I found that I needed to remove a key from the registry.  This also seemed to help, but I continue to get stuck with the uninstall by receiving this message:

Could not delete key

\software\wow6432node\microsoft\windows\currentversion\policies\ext\clsid

Verify that you have sufficient access to that key, or contact your support personnel.

 

I have located that file in my registry but I am hesitant to delete it.  Any advice would be much appreciated!

 

[MrCharlie]

Welcome to the forum, please start HERE

Post back the 2 logs here.....DDS.txt and Attach.txt

(please don't put logs in code or quotes and use the default font)

General P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

<====><====><====><====><====><====><====><====>

Next................

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes and use the default font)

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

[Gina0381]

below are the two logs:

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 12/26/2008 7:55:59 AM
System Uptime: 11/26/2013 1:05:20 PM (33 hours ago)
.
Motherboard: Dell Inc. |  | 0RY007
Processor: Pentium® Dual-Core  CPU      E5200  @ 2.50GHz | Socket 775 | 2000/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 451 GiB total, 81.789 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 8.212 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1976: 10/19/2013 5:17:04 AM - Windows Update
RP1977: 10/23/2013 2:22:56 AM - Windows Update
RP1978: 10/23/2013 3:25:26 AM - Installed MozyHome
RP1979: 10/26/2013 8:43:06 AM - Windows Update
RP1980: 10/30/2013 2:34:59 AM - Windows Update
RP1981: 11/3/2013 1:17:50 AM - Windows Update
RP1982: 11/6/2013 2:00:53 AM - Windows Update
RP1983: 11/9/2013 2:15:08 AM - Windows Update
RP1984: 11/13/2013 9:26:30 AM - Windows Update
RP1985: 11/14/2013 3:00:15 AM - Windows Update
RP1986: 11/18/2013 2:14:23 AM - Windows Update
RP1987: 11/19/2013 3:00:13 AM - Windows Update
RP1988: 11/19/2013 1:03:40 PM - Removed ScorpionSaver
RP1989: 11/19/2013 1:39:38 PM - Removed ScorpionSaver
RP1990: 11/25/2013 4:06:48 PM - Removed ScorpionSaver
RP1991: 11/25/2013 4:19:03 PM - Removed ScorpionSaver Services
RP1992: 11/25/2013 4:26:33 PM - Removed ScorpionSaver
RP1993: 11/26/2013 1:46:27 AM - Windows Update
RP1994: 11/26/2013 1:10:29 PM - Removed ScorpionSaver
RP1995: 11/26/2013 11:06:26 PM - Removed ScorpionSaver
RP1996: 11/27/2013 9:33:35 PM - Removed ScorpionSaver
.
==== Installed Programs ======================
.
 Update for Microsoft Office 2007 (KB2508958)
ABBYY FineReader for ScanSnap 3.0
Acrobat.com
Adobe Acrobat  8 Standard - English, Français, Deutsch
Adobe Acrobat 8.1.6 - CPSID_49167
Adobe Acrobat 8.1.6 Standard
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4)
Akamai NetSession Interface
Akamai NetSession Interface Service
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Mobile Device Support
Apple Software Update
BlackBerry Desktop Software 4.5
Bonjour
Browser Address Error Redirector
BufferChm
CardMinder V3.2
Compatibility Pack for the 2007 Office system
Conexant D850 PCI V.92 Modem
Cozi
CustomerResearchQFolder
Dell-eBay
Dell Best of Web
Dell Dock
Dell Getting Started Guide
Destinations
DeviceManagementQFolder
Digital Line Detect
DocProc
DocProcQFolder
doPDF 7.1 printer
Dropbox
EDocs
EPSON NX100 Series Printer Uninstall
EPSON Scan
eSupportQFolder
FastStone Photo Resizer 2.8
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Color LaserJet CM1015/CM1017 MFP 2.0
HP Customer Participation Program 8.0
HP Imaging Device Functions 8.0
HP OCR Software 8.0
HP Product Assistant
HP Solution Center 8.0
HP Update
hppCLJCM1017
hppFonts
hppIOFiles
hppManualsCM1017
HPProductAssistant
hppscanCM1017
hppScanTo
hppTLBXFXCM1017
hppusgCM1017
hpzTLBXFX
iLinc Client
Ingram Media Manager
iTunes
Java 6 Update 11
Java 6 Update 7
Keratron Scout
Malwarebytes Anti-Malware version 1.75.0.1300
MarketResearch
McAfee Security Scan Plus
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
MobileMe Control Panel
Modem Diagnostic Tool
Mozilla Firefox 25.0.1 (x86 en-US)
Mozilla Maintenance Service
MozyHome
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
NetWaiting
OnWaveII
Picasa 3
Product_Full_QFolder
Product_Min_QFolder
Quicken 2007
Quicken 2010
QuickTime
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Media Manager
Roxio Update Manager
Safari
Scan
ScanSnap Manager
ScanSnap Organizer
ScorpionSaver
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827329) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2827330) 32-Bit Edition
SolutionCenter
Sony Picture Utility
TrayApp
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VZAccess Manager for RIM
Wave
WebReg
Windows Media Player Firefox Plugin
WinZip 17.0
YTD Toolbar v8.2
.
==== Event Viewer Messages From Past Week ========
.
11/26/2013 1:03:27 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Akamai service.
11/25/2013 4:23:42 PM, Error: Service Control Manager [7034]  - The AdpeakProxy service terminated unexpectedly.  It has done this 1 time(s).
.
==== End Of File ===========================
 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16520
Run by Pooks at 22:23:48 on 2013-11-27
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.4084.1118 [GMT -5:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RAVCpl64.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Pooks\AppData\Local\Akamai\netsession_win.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\Digital Line Detect\DLG.exe
C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\MozyHome\mozystat.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Users\Pooks\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\WinZip\WZQKPICK32.EXE
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Users\Pooks\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe
C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Java\jre6\bin\jucheck.exe
C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\notepad.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.

uWindow Title = Internet Explorer provided by Dell


mWinlogon: Userinit = userinit.exe,
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files (x86)\Dell\BAE\BAE.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
uRun: [sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
uRun: [Akamai NetSession Interface] "C:\Users\Pooks\AppData\Local\Akamai\netsession_win.exe"
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
mRun: [ToolBoxFX] "C:\Program Files (x86)\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /systrayIcon:on /fl:on /fr:on /appData:on
mRun: [HP Software Update] "C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe"
mRun: [HPUsageTracking] "C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe" "C:\Program Files (x86)\HP\HP UT\"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRunOnce: [Malwarebytes Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent
StartupFolder: C:\Users\Pooks\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe
StartupFolder: C:\Users\Pooks\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Pooks\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Pooks\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\PICTUR~1.LNK - C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DIGITA~1.LNK - C:\Program Files (x86)\Digital Line Detect\DLG.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MOZYHO~1.LNK - C:\Program Files\MozyHome\mozystat.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WINZIP~1.LNK - C:\Program Files\WinZip\WZQKPICK32.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
Trusted Zone: advancedmd.com
Trusted Zone: advancedmd.com




TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{881C82E5-5B9B-49BF-8DD3-5BD01C847A98} : DHCPNameServer = 209.18.47.61 209.18.47.62
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
x64-Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
x64-Run: [RtHDVCpl] "C:\Windows\RAVCpl64.exe"
x64-Run: [skytel] Skytel.exe
x64-Run: [igfxTray] "C:\Windows\System32\igfxtray.exe"
x64-Run: [HotKeysCmds] "C:\Windows\System32\hkcmd.exe"
x64-Run: [Persistence] "C:\Windows\System32\igfxpers.exe"
x64-mPolicies-Explorer: NoActiveDesktop = dword:1
x64-mPolicies-Explorer: NoActiveDesktopChanges = dword:1
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-System: EnableLUA = dword:0
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
x64-Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - LocalServer32 - <no file>
x64-Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Pooks\AppData\Roaming\Mozilla\Firefox\Profiles\gh9cst72.default-1373908533789\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Motive\npMotive.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMSS.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
FF - plugin: C:\Users\Pooks\AppData\Roaming\Mozilla\Firefox\Profiles\gh9cst72.default-1373908533789\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2008-12-26 53488]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2008-1-20 27648]
R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
R2 Level Quality Watcher;Level Quality Watcher;C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe run options=01110010000000000000000000000000 sourceguid=F5D333A8-C748-4686-AE0A-9E008F670C22 --> C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe run options=01110010000000000000000000000000 sourceguid=F5D333A8-C748-4686-AE0A-9E008F670C22 [?]
R2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2011-8-10 517632]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-3-6 39056]
R3 CAXHWBS2;CAXHWBS2;C:\Windows\System32\drivers\CAXHWBS2.sys [2008-12-26 411136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [2013-9-6 288776]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-7-20 1022632]
S4 AERTFilters;Andrea RT Filters Service;C:\Windows\System32\AERTSr64.exe [2008-12-26 86016]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-18 89920]
S4 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-9-23 155648]
.
=============== File Associations ===============
.
FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
.
==================== Find3M  ====================
.
2013-11-14 08:01:24    82896128    ----a-w-    C:\Windows\System32\mrt.exe
2013-11-11 10:50:16    267936    ------w-    C:\Windows\System32\MpSigStub.exe
2013-10-23 07:25:23    13294808    ----a-w-    C:\ProgramData\Tempmozy-manualupdate-b6ef32f74275da3b7074b1f807e71343.exe
2013-10-16 15:18:44    338944    ----a-w-    C:\Windows\SysWow64\AdpeakProxy.dll
2013-10-13 15:58:41    17847296    ----a-w-    C:\Windows\System32\mshtml.dll
2013-10-13 15:09:57    10926080    ----a-w-    C:\Windows\System32\ieframe.dll
2013-10-13 14:55:42    2334720    ----a-w-    C:\Windows\System32\jscript9.dll
2013-10-13 14:48:43    1346560    ----a-w-    C:\Windows\System32\urlmon.dll
2013-10-13 14:47:43    1392128    ----a-w-    C:\Windows\System32\wininet.dll
2013-10-13 14:46:53    1494528    ----a-w-    C:\Windows\System32\inetcpl.cpl
2013-10-13 14:46:27    237056    ----a-w-    C:\Windows\System32\url.dll
2013-10-13 14:44:28    85504    ----a-w-    C:\Windows\System32\jsproxy.dll
2013-10-13 14:42:38    816640    ----a-w-    C:\Windows\System32\jscript.dll
2013-10-13 14:42:36    173056    ----a-w-    C:\Windows\System32\ieUnatt.exe
2013-10-13 14:42:11    599040    ----a-w-    C:\Windows\System32\vbscript.dll
2013-10-13 14:39:50    2147840    ----a-w-    C:\Windows\System32\iertutil.dll
2013-10-13 14:38:57    729088    ----a-w-    C:\Windows\System32\msfeeds.dll
2013-10-13 14:36:11    96768    ----a-w-    C:\Windows\System32\mshtmled.dll
2013-10-13 14:35:12    2382848    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-10-13 14:29:31    248320    ----a-w-    C:\Windows\System32\ieui.dll
2013-10-13 10:42:12    12344832    ----a-w-    C:\Windows\SysWow64\mshtml.dll
2013-10-13 10:08:04    9739264    ----a-w-    C:\Windows\SysWow64\ieframe.dll
2013-10-13 09:48:06    1806848    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-10-13 09:37:03    1104896    ----a-w-    C:\Windows\SysWow64\urlmon.dll
2013-10-13 09:35:52    1427968    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2013-10-13 09:35:38    1129472    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-10-13 09:33:57    231936    ----a-w-    C:\Windows\SysWow64\url.dll
2013-10-13 09:32:00    65024    ----a-w-    C:\Windows\SysWow64\jsproxy.dll
2013-10-13 09:30:20    717824    ----a-w-    C:\Windows\SysWow64\jscript.dll
2013-10-13 09:30:14    142848    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2013-10-13 09:29:02    420864    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2013-10-13 09:27:43    607744    ----a-w-    C:\Windows\SysWow64\msfeeds.dll
2013-10-13 09:27:40    1796096    ----a-w-    C:\Windows\SysWow64\iertutil.dll
2013-10-13 09:26:08    73216    ----a-w-    C:\Windows\SysWow64\mshtmled.dll
2013-10-13 09:25:39    2382848    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-10-13 09:20:51    176640    ----a-w-    C:\Windows\SysWow64\ieui.dll
2013-10-11 04:23:42    462848    ----a-w-    C:\Windows\System32\IKEEXT.DLL
2013-10-11 04:23:21    781824    ----a-w-    C:\Windows\System32\FWPUCLNT.DLL
2013-10-11 02:07:57    596480    ----a-w-    C:\Windows\SysWow64\FWPUCLNT.DLL
2013-10-09 04:21:39    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-09 04:21:39    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-10-03 15:03:41    389632    ----a-w-    C:\Windows\System32\gdi32.dll
2013-10-03 15:02:58    1278976    ----a-w-    C:\Windows\System32\crypt32.dll
2013-10-03 12:46:36    304128    ----a-w-    C:\Windows\SysWow64\gdi32.dll
2013-10-03 12:45:45    993792    ----a-w-    C:\Windows\SysWow64\crypt32.dll
2013-09-04 02:31:51    404992    ----a-w-    C:\Windows\System32\drivers\afd.sys
.
============= FINISH: 22:24:27.07 ===============
 

[Gina0381]

RogueKiller report:

 

RogueKiller V8.7.9 _x64_ [Nov 25 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User : Pooks [Admin rights]
Mode : Scan -- Date : 11/27/2013 22:34:07
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 6 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> FOUND
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤
-> D:\windows\system32\config\SYSTEM | DRVINFO [Drv - D:] | SYSTEMINFO [sys - x:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]
-> D:\windows\system32\config\SOFTWARE | DRVINFO [Drv - D:] | SYSTEMINFO [sys - x:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]
-> D:\windows\system32\config\SECURITY | DRVINFO [Drv - D:] | SYSTEMINFO [sys - x:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]
-> D:\windows\system32\config\SAM | DRVINFO [Drv - D:] | SYSTEMINFO [sys - x:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]
-> D:\windows\system32\config\DEFAULT | DRVINFO [Drv - D:] | SYSTEMINFO [sys - x:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]
-> D:\Users\Default\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [sys - x:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1       localhost
::1             localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST3500620AS ATA Device +++++
--- User ---
[MBR] d89defc4de576e6eaabb424104fbf126
[bSP] 1e4684d63451b32f45f798adc9b15b17 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 461899 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_11272013_223407.txt >>



 

[MrCharlie]

OK, we have to use a different tool to remove it all:

Please download Farbar Recovery Scan Tool and save it to a folder. (use correct version for your system.....Which system am I using?)

Please make sure you click download buttons that look similar to this, not "sponsored ad links":

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

MrC

[Gina0381]

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-11-2013 01
Ran by Pooks (administrator) on PC on 27-11-2013 22:38:35
Running from C:\Users\Pooks\Downloads
Windows Vista Home Premium Service Pack 2 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Realtek Semiconductor) C:\Windows\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Akamai Technologies, Inc.) C:\Users\Pooks\AppData\Local\Akamai\netsession_win.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Avanquest Software ) C:\Program Files (x86)\Digital Line Detect\DLG.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Mozy, Inc.) C:\Program Files\MozyHome\mozystat.exe
(Akamai Technologies, Inc.) C:\Users\Pooks\AppData\Local\Akamai\netsession_win.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WZQKPICK32.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Java\jre6\bin\jusched.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
(HP) C:\Program Files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
( ) C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
(Dropbox, Inc.) C:\Users\Pooks\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Sony Corporation) C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
() C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Macrovision Europe Ltd.) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(Mozy, Inc.) C:\Program Files\MozyHome\mozybackup.exe
(Mozy, Inc.) C:\Program Files\MozyHome\mozybackup.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Java\jre6\bin\jucheck.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RAVCpl64.exe [6453760 2008-07-17] (Realtek Semiconductor)
HKLM\...\Run: [skytel] - Skytel.exe
HKLM\...\Run: [HotKeysCmds] - "C:\Windows\system32\hkcmd.exe"
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] - "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\Pooks\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [MobileDocuments] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [138240 2008-01-20] (Microsoft Corporation)
MountPoints2: {cf42a443-3bde-11e3-820b-00219b17008b} - F:\VZW_Software_upgrade_assistant.exe
MountPoints2: {f0d0118d-f959-11dd-8d16-00219b17008b} - G:\LaunchU3.exe -a
HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Java\jre6\bin\jusched.exe [136600 2009-01-25] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [623992 2008-10-14] (Adobe Systems Inc.)
HKLM-x32\...\Run: [ToolBoxFX] - C:\Program Files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe [53248 2007-05-17] (HP)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe [49152 2006-12-10] (Hewlett-Packard Co.)
HKLM-x32\...\Run: [HPUsageTracking] - C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe [36864 2006-06-14] ( )
HKLM-x32\...\Run: [AppleSyncNotifier] - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-11-02] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [295512 2013-05-11] (RealNetworks, Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [] - [x]
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Pooks\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Pooks\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Pooks\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Pooks\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk
ShortcutTarget: Picture Motion Browser Media Check Tool.lnk -> C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5081226
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages =
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {CB5E4E49-1423-4737-AB4C-FBEDC83055B8} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3310511&CUI=UN88671357315583804&UM=2
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files (x86)\Dell\BAE\BAE.dll (Dell Inc.)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {E0FEE963-BB53-4215-81AD-B28C77384644} https://pattcw.att.motive.com/wizlet/DSLActivation/static/installer/ATTInternetInstaller64.cab
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} -  No File
Handler-x32: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

FireFox:
========
FF ProfilePath: C:\Users\Pooks\AppData\Roaming\Mozilla\Firefox\Profiles\gh9cst72.default-1373908533789
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 - C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF Plugin-x32: @real.com/nppl3260;version=16.0.1.18 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.1.18 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: LogMeIn, Inc. Remote Access Plugin - C:\Users\Pooks\AppData\Roaming\Mozilla\Firefox\Profiles\gh9cst72.default-1373908533789\Extensions\LogMeInClient@logmein.com
FF HKLM\...\Firefox\Extensions: [{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}] - C:\Program Files\Updater By SweetPacks\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM-x32\...\Firefox\Extensions: [{DAC3F861-B30D-40dd-9166-F4E75327FAC7}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\

Chrome:
=======
CHR Extension: (YouTube) - C:\Users\Pooks\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\Pooks\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (Ebay Shopping Assistant by Spigot) - C:\Users\Pooks\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj\1.0_0
CHR Extension: (Domain Error Assistant) - C:\Users\Pooks\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj\1.1_0
CHR Extension: (RealDownloader) - C:\Users\Pooks\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.1_0
CHR Extension: (Savings-Slider) - C:\Users\Pooks\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.3_0
CHR Extension: (GreatArcadeHits Add-on) - C:\Users\Pooks\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0
CHR Extension: (Scorpion Saver) - C:\Users\Pooks\AppData\Local\Google\Chrome\User Data\Default\Extensions\oclgomenfkljhfkfflghppidonpkljjg\5.0_0
CHR Extension: (Amazon Shopping Assistant by Spigot) - C:\Users\Pooks\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp\1.0_0
CHR Extension: (Gmail) - C:\Users\Pooks\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.1.crx
CHR HKLM-x32\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files (x86)\Common Files\Spigot\GC\ErrorAssistant_1.2.crx
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx
CHR HKLM-x32\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Program Files (x86)\Common Files\Spigot\GC\coupons_2.4.crx
CHR HKLM-x32\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx

==================== Services (Whitelisted) =================

S4 AERTFilters; C:\Windows\system32\AERTSr64.exe [86016 2008-07-17] (Andrea Electronics Corporation)
R2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.)
R2 Level Quality Watcher; C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe [511480 2013-10-31] ()
R2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2010-04-30] (Alcatel-Lucent)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
R2 mozybackup; C:\Program Files\MozyHome\mozybackup.exe [54040 2011-08-04] (Mozy, Inc.)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-03-06] ()
S3 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [x]

==================== Drivers (Whitelisted) ====================

R1 mozyFilter; C:\Windows\System32\DRIVERS\mozy.sys [67808 2013-05-21] (Mozy, Inc.)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-04-30] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-04-30] (Printing Communications Assoc., Inc. (PCAUSA))
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2008-05-20] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [30336 2007-01-18] (Research in Motion Ltd)
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [x]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-27 22:38 - 2013-11-27 22:38 - 01958850 _____ (Farbar) C:\Users\Pooks\Downloads\FRST64.exe
2013-11-27 22:38 - 2013-11-27 22:38 - 00017130 _____ C:\Users\Pooks\Downloads\FRST.txt
2013-11-27 22:38 - 2013-11-27 22:38 - 00000000 ____D C:\FRST
2013-11-27 22:34 - 2013-11-27 22:34 - 00002771 _____ C:\Users\Pooks\Desktop\RKreport[0]_S_11272013_223407.txt
2013-11-27 22:31 - 2013-11-27 22:36 - 00000000 ____D C:\Users\Pooks\Desktop\RK_Quarantine
2013-11-27 22:31 - 2013-11-27 22:31 - 04172288 _____ C:\Users\Pooks\Downloads\RogueKillerX64.exe
2013-11-27 22:24 - 2013-11-27 22:26 - 00017357 _____ C:\Users\Pooks\Desktop\dds.txt
2013-11-27 22:24 - 2013-11-27 22:25 - 00010760 _____ C:\Users\Pooks\Desktop\attach.txt
2013-11-27 22:19 - 2013-11-27 22:19 - 00688992 _____ (Swearware) C:\Users\Pooks\Downloads\dds.com
2013-11-27 21:35 - 2013-11-27 21:36 - 00688992 _____ (Swearware) C:\Users\Pooks\Downloads\dds(1).scr
2013-11-27 16:27 - 2013-11-27 16:27 - 00688992 ____R (Swearware) C:\Users\Pooks\Downloads\dds.scr
2013-11-27 16:16 - 2013-11-27 16:16 - 00000950 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-27 16:16 - 2013-11-27 16:16 - 00000000 ____D C:\Users\Pooks\AppData\Roaming\Malwarebytes
2013-11-27 16:16 - 2013-11-27 16:16 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-27 16:16 - 2013-11-27 16:16 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-27 16:16 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-11-27 16:12 - 2013-11-27 16:12 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Pooks\Downloads\mbam-setup-1.75.0.1300.exe
2013-11-26 09:53 - 2013-11-27 09:54 - 00002948 _____ C:\Windows\System32\Tasks\ReclaimerUpdateXML_Pooks
2013-11-26 09:53 - 2013-11-27 09:54 - 00000366 _____ C:\Windows\Tasks\ReclaimerUpdateXML_Pooks.job
2013-11-26 09:53 - 2013-11-26 13:05 - 00000376 _____ C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Pooks.job
2013-11-26 09:53 - 2013-11-26 13:05 - 00000370 _____ C:\Windows\Tasks\ReclaimerUpdateFiles_Pooks.job
2013-11-26 09:53 - 2013-11-26 09:53 - 00003514 _____ C:\Windows\System32\Tasks\RNUpgradeHelperResumePrompt_Pooks
2013-11-26 09:53 - 2013-11-26 09:53 - 00002952 _____ C:\Windows\System32\Tasks\ReclaimerUpdateFiles_Pooks
2013-11-26 09:53 - 2013-11-26 09:53 - 00002656 _____ C:\Windows\System32\Tasks\RNUpgradeHelperLogonPrompt_Pooks
2013-11-20 17:39 - 2013-10-16 10:18 - 00338944 _____ (Adpeak, Inc.) C:\Windows\SysWOW64\AdpeakProxy.dll
2013-11-19 22:39 - 2013-11-23 16:06 - 00000000 ____D C:\AdwCleaner
2013-11-19 22:38 - 2013-11-19 22:38 - 01085542 _____ C:\Users\Pooks\Downloads\adwcleaner.exe
2013-11-19 13:36 - 2013-11-26 13:05 - 00003328 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-523217745-2204991375-1422280855-1000
2013-11-19 13:36 - 2013-11-26 13:05 - 00003194 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-523217745-2204991375-1422280855-1000
2013-11-19 12:56 - 2013-11-19 12:56 - 00347136 _____ C:\Users\Pooks\Downloads\IPCamera.exe
2013-11-19 12:49 - 2013-11-19 12:49 - 00000258 __RSH C:\Users\Pooks\ntuser.pol
2013-11-19 12:48 - 2013-11-27 16:31 - 00000000 ____D C:\Program Files (x86)\ScorpionSaver
2013-11-19 12:47 - 2013-11-19 12:47 - 00000000 ____D C:\Program Files\Level Quality Watcher
2013-11-19 12:43 - 2013-11-19 12:43 - 00894600 _____ (CNET Download.com) C:\Users\Pooks\Downloads\cbsidlm-cbsi134-IP_Camera_Viewer-SEO-75609217.exe
2013-11-17 21:45 - 2013-11-17 21:45 - 00460738 _____ C:\Users\Pooks\Documents\SS_LoanCalculator_TP103561001.xlsm
2013-11-17 16:56 - 2013-11-17 21:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-14 03:05 - 2013-10-13 10:58 - 17847296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-14 03:05 - 2013-10-13 10:09 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-14 03:05 - 2013-10-13 09:55 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-14 03:05 - 2013-10-13 09:48 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-14 03:05 - 2013-10-13 09:47 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-14 03:05 - 2013-10-13 09:46 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-14 03:05 - 2013-10-13 09:46 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-14 03:05 - 2013-10-13 09:44 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-14 03:05 - 2013-10-13 09:42 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-14 03:05 - 2013-10-13 09:42 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-14 03:05 - 2013-10-13 09:42 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-14 03:05 - 2013-10-13 09:39 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-14 03:05 - 2013-10-13 09:38 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-14 03:05 - 2013-10-13 09:36 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-14 03:05 - 2013-10-13 09:35 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-14 03:05 - 2013-10-13 09:29 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-14 03:05 - 2013-10-13 05:42 - 12344832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-14 03:05 - 2013-10-13 05:08 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-14 03:05 - 2013-10-13 04:48 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-14 03:05 - 2013-10-13 04:37 - 01104896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-14 03:05 - 2013-10-13 04:35 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-14 03:05 - 2013-10-13 04:35 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-14 03:05 - 2013-10-13 04:33 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-11-14 03:05 - 2013-10-13 04:32 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-14 03:05 - 2013-10-13 04:30 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-14 03:05 - 2013-10-13 04:30 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-11-14 03:05 - 2013-10-13 04:29 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-11-14 03:05 - 2013-10-13 04:27 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-14 03:05 - 2013-10-13 04:27 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-14 03:05 - 2013-10-13 04:26 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-11-14 03:05 - 2013-10-13 04:25 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-14 03:05 - 2013-10-13 04:20 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-13 09:30 - 2013-10-10 23:23 - 00781824 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-13 09:30 - 2013-10-10 23:23 - 00462848 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-13 09:30 - 2013-10-10 21:29 - 00217074 _____ C:\Windows\system32\WFP.TMF
2013-11-13 09:30 - 2013-10-10 21:07 - 00596480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-13 09:30 - 2013-10-03 10:03 - 00389632 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-13 09:30 - 2013-10-03 07:46 - 00304128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-13 09:29 - 2013-10-03 10:02 - 01278976 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-13 09:29 - 2013-10-03 07:45 - 00993792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-13 09:26 - 2013-09-03 21:31 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-07 22:39 - 2013-11-07 22:40 - 00091213 _____ C:\Users\Pooks\Downloads\recelebratewithus.zip

==================== One Month Modified Files and Folders =======

2013-11-27 22:38 - 2013-11-27 22:38 - 01958850 _____ (Farbar) C:\Users\Pooks\Downloads\FRST64.exe
2013-11-27 22:38 - 2013-11-27 22:38 - 00017130 _____ C:\Users\Pooks\Downloads\FRST.txt
2013-11-27 22:38 - 2013-11-27 22:38 - 00000000 ____D C:\FRST
2013-11-27 22:36 - 2013-11-27 22:31 - 00000000 ____D C:\Users\Pooks\Desktop\RK_Quarantine
2013-11-27 22:34 - 2013-11-27 22:34 - 00002771 _____ C:\Users\Pooks\Desktop\RKreport[0]_S_11272013_223407.txt
2013-11-27 22:31 - 2013-11-27 22:31 - 04172288 _____ C:\Users\Pooks\Downloads\RogueKillerX64.exe
2013-11-27 22:26 - 2013-11-27 22:24 - 00017357 _____ C:\Users\Pooks\Desktop\dds.txt
2013-11-27 22:25 - 2013-11-27 22:24 - 00010760 _____ C:\Users\Pooks\Desktop\attach.txt
2013-11-27 22:21 - 2012-07-09 20:29 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-27 22:20 - 2008-12-26 07:53 - 01998925 _____ C:\Windows\WindowsUpdate.log
2013-11-27 22:19 - 2013-11-27 22:19 - 00688992 _____ (Swearware) C:\Users\Pooks\Downloads\dds.com
2013-11-27 21:36 - 2013-11-27 21:35 - 00688992 _____ (Swearware) C:\Users\Pooks\Downloads\dds(1).scr
2013-11-27 21:06 - 2006-11-02 10:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-27 21:06 - 2006-11-02 10:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-27 17:16 - 2011-03-02 09:03 - 00000000 ____D C:\Users\Pooks\AppData\Roaming\Dropbox
2013-11-27 16:31 - 2013-11-19 12:48 - 00000000 ____D C:\Program Files (x86)\ScorpionSaver
2013-11-27 16:27 - 2013-11-27 16:27 - 00688992 ____R (Swearware) C:\Users\Pooks\Downloads\dds.scr
2013-11-27 16:16 - 2013-11-27 16:16 - 00000950 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-27 16:16 - 2013-11-27 16:16 - 00000000 ____D C:\Users\Pooks\AppData\Roaming\Malwarebytes
2013-11-27 16:16 - 2013-11-27 16:16 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-27 16:16 - 2013-11-27 16:16 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-27 16:12 - 2013-11-27 16:12 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Pooks\Downloads\mbam-setup-1.75.0.1300.exe
2013-11-27 09:54 - 2013-11-26 09:53 - 00002948 _____ C:\Windows\System32\Tasks\ReclaimerUpdateXML_Pooks
2013-11-27 09:54 - 2013-11-26 09:53 - 00000366 _____ C:\Windows\Tasks\ReclaimerUpdateXML_Pooks.job
2013-11-27 03:22 - 2011-09-12 09:18 - 00003248 _____ C:\Windows\mozy.blk
2013-11-27 03:22 - 2011-09-12 09:18 - 00001806 _____ C:\Windows\mozy.flt
2013-11-26 13:13 - 2006-11-02 07:46 - 00721590 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-26 13:07 - 2011-03-02 09:06 - 00000000 ___RD C:\Users\Pooks\Dropbox
2013-11-26 13:05 - 2013-11-26 09:53 - 00000376 _____ C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Pooks.job
2013-11-26 13:05 - 2013-11-26 09:53 - 00000370 _____ C:\Windows\Tasks\ReclaimerUpdateFiles_Pooks.job
2013-11-26 13:05 - 2013-11-19 13:36 - 00003328 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-523217745-2204991375-1422280855-1000
2013-11-26 13:05 - 2013-11-19 13:36 - 00003194 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-523217745-2204991375-1422280855-1000
2013-11-26 13:05 - 2006-11-02 10:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-26 13:03 - 2006-11-02 10:42 - 00032652 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-11-26 09:53 - 2013-11-26 09:53 - 00003514 _____ C:\Windows\System32\Tasks\RNUpgradeHelperResumePrompt_Pooks
2013-11-26 09:53 - 2013-11-26 09:53 - 00002952 _____ C:\Windows\System32\Tasks\ReclaimerUpdateFiles_Pooks
2013-11-26 09:53 - 2013-11-26 09:53 - 00002656 _____ C:\Windows\System32\Tasks\RNUpgradeHelperLogonPrompt_Pooks
2013-11-23 16:06 - 2013-11-19 22:39 - 00000000 ____D C:\AdwCleaner
2013-11-19 22:38 - 2013-11-19 22:38 - 01085542 _____ C:\Users\Pooks\Downloads\adwcleaner.exe
2013-11-19 13:33 - 2012-05-15 06:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-19 13:33 - 2008-01-20 22:26 - 00065222 _____ C:\Windows\PFRO.log
2013-11-19 13:03 - 2011-02-27 20:22 - 00001945 _____ C:\Windows\epplauncher.mif
2013-11-19 12:56 - 2013-11-19 12:56 - 00347136 _____ C:\Users\Pooks\Downloads\IPCamera.exe
2013-11-19 12:49 - 2013-11-19 12:49 - 00000258 __RSH C:\Users\Pooks\ntuser.pol
2013-11-19 12:49 - 2009-01-25 20:32 - 00000000 ____D C:\Users\Pooks
2013-11-19 12:49 - 2006-11-02 08:34 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2013-11-19 12:49 - 2006-11-02 08:34 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2013-11-19 12:47 - 2013-11-19 12:47 - 00000000 ____D C:\Program Files\Level Quality Watcher
2013-11-19 12:43 - 2013-11-19 12:43 - 00894600 _____ (CNET Download.com) C:\Users\Pooks\Downloads\cbsidlm-cbsi134-IP_Camera_Viewer-SEO-75609217.exe
2013-11-17 21:49 - 2013-11-17 16:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-17 21:45 - 2013-11-17 21:45 - 00460738 _____ C:\Users\Pooks\Documents\SS_LoanCalculator_TP103561001.xlsm
2013-11-17 16:40 - 2009-02-03 21:36 - 00000000 ____D C:\Users\Pooks\Documents\ScanSnap
2013-11-16 00:31 - 2013-10-11 22:13 - 00001877 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2013-11-16 00:31 - 2013-10-11 22:12 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-11-14 03:43 - 2006-11-02 08:33 - 00000000 ____D C:\Windows\rescache
2013-11-14 03:07 - 2009-01-25 21:38 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-14 03:04 - 2013-07-15 02:10 - 00000000 ____D C:\Windows\system32\MRT
2013-11-14 03:01 - 2006-11-02 07:35 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-11-11 05:50 - 2009-10-02 18:40 - 00267936 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-11-09 21:10 - 2011-09-26 06:49 - 00000000 ____D C:\Users\Pooks\Desktop\Mom
2013-11-07 22:40 - 2013-11-07 22:39 - 00091213 _____ C:\Users\Pooks\Downloads\recelebratewithus.zip
2013-10-28 16:25 - 2010-09-16 13:38 - 00014980 _____ C:\Windows\setupact.log

Files to move or delete:
====================
C:\Users\Pooks\AppData\Roaming\desktop.ini
C:\ProgramData\Tempmozy-autoupdate-0e8b147b53a66c327947fed57aa1d313.exe
C:\ProgramData\Tempmozy-autoupdate-4a89cedd164c5f5e19189bfd5deb26c7.exe
C:\ProgramData\Tempmozy-autoupdate-82af9a609219353256cb533e636b9416.exe
C:\ProgramData\Tempmozy-autoupdate-864934ef6e2b54a6f5dcfa6e472922e2.exe
C:\ProgramData\Tempmozy-autoupdate-c0261ff8012aad585d55140a9b6ddcb9.exe
C:\ProgramData\Tempmozy-autoupdate-fd378831154aecd3ff93f99a8cbdcdea.exe
C:\ProgramData\Tempmozy-manualupdate-8262dfa079e3ea66519693899238bbfb.exe
C:\ProgramData\Tempmozy-manualupdate-b2dc44eb185732ade88416784fadbd67.exe
C:\ProgramData\Tempmozy-manualupdate-b6ef32f74275da3b7074b1f807e71343.exe
C:\ProgramData\Tempmozy-manualupdate-c0261ff8012aad585d55140a9b6ddcb9.exe
C:\ProgramData\Tempmozy-update-1f7fe3012a1778a4fc7c5075f2f61812.exe
C:\ProgramData\Tempmozy-update-a31217e595a1463492ad999467f8f0a1.exe


Some content of TEMP:
====================
C:\Users\Pooks\AppData\Local\Temp\GenericUninstall.exe
C:\Users\Pooks\AppData\Local\Temp\hsbing_717_active.exe
C:\Users\Pooks\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Pooks\AppData\Local\Temp\lowproc.exe
C:\Users\Pooks\AppData\Local\Temp\lpok4pba.dll
C:\Users\Pooks\AppData\Local\Temp\ntdll_dump.dll
C:\Users\Pooks\AppData\Local\Temp\ose00000.exe
C:\Users\Pooks\AppData\Local\Temp\Quarantine.exe
C:\Users\Pooks\AppData\Local\Temp\SpOrder.dll
C:\Users\Pooks\AppData\Local\Temp\stubhelper.dll
C:\Users\Pooks\AppData\Local\Temp\tbSwee.dll
C:\Users\Pooks\AppData\Local\Temp\uninstaller.exe
C:\Users\Pooks\AppData\Local\Temp\_is10D9.exe
C:\Users\Pooks\AppData\Local\Temp\_is41CB.exe
C:\Users\Pooks\AppData\Local\Temp\_is5714.exe
C:\Users\Pooks\AppData\Local\Temp\_is58F1.exe
C:\Users\Pooks\AppData\Local\Temp\_is81E6.exe
C:\Users\Pooks\AppData\Local\Temp\_isA756.exe
C:\Users\Pooks\AppData\Local\Temp\_isB25D.exe
C:\Users\Pooks\AppData\Local\Temp\_isBC10.exe
C:\Users\Pooks\AppData\Local\Temp\_isCBB9.exe
C:\Users\Pooks\AppData\Local\Temp\_isD541.exe
C:\Users\Pooks\AppData\Local\Temp\_isDD5C.exe
C:\Users\Pooks\AppData\Local\Temp\_isF5FA.exe
C:\Users\Pooks\AppData\Local\Temp\_isFE0F.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-27 13:44

==================== End Of Log ============================

[Gina0381]

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-11-2013 01
Ran by Pooks at 2013-11-27 22:39:08
Running from C:\Users\Pooks\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (x32)
ABBYY FineReader for ScanSnap 3.0 (x32 Version: 8.00.553.50218)
Acrobat.com (x32 Version: 0.0.0)
Acrobat.com (x32 Version: 1.1.377)
Adobe Acrobat  8 Standard - English, Français, Deutsch (x32 Version: 8.1.6)
Adobe Acrobat 8.1.6 - CPSID_49167 (x32)
Adobe Acrobat 8.1.6 Standard (x32 Version: 8.1.6)
Adobe AIR (x32 Version: 1.0.4990)
Adobe AIR (x32 Version: 1.0.8.4990)
Adobe Flash Player 10 ActiveX (x32 Version: 10.0.12.36)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Reader X (10.1.4) (x32 Version: 10.1.4)
Akamai NetSession Interface (HKCU)
Akamai NetSession Interface Service (x32)
AnswerWorks 5.0 English Runtime (x32 Version: 5.0.7)
Apple Application Support (x32 Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
BlackBerry Desktop Software 4.5 (x32 Version: 4.5.0.15)
Bonjour (Version: 3.0.0.10)
Browser Address Error Redirector (x32 Version: 1.00.0000)
Browser Address Error Redirector (x32)
BufferChm (x32 Version: 82.0.173.000)
CardMinder V3.2 (x32 Version: 3.2.10.1)
CardMinder V3.2 (x32 Version: V3.2L10)
Compatibility Pack for the 2007 Office system (x32 Version: 12.0.6612.1000)
Conexant D850 PCI V.92 Modem (Version: 7.74.00)
Cozi (x32 Version: 1.0.3220.15315)
CustomerResearchQFolder (x32 Version: 1.00.0000)
Dell Best of Web (x32 Version: 1.00.0000)
Dell Dock (Version: 1.0.0)
Dell Getting Started Guide (x32 Version: 1.00.0000)
Dell-eBay (x32 Version: 1.00.0000)
Destinations (x32 Version: 82.0.173.000)
DeviceManagementQFolder (x32 Version: 1.00.0000)
Digital Line Detect (x32 Version: 1.21)
DocProc (x32 Version: 8.1.0.0)
DocProcQFolder (x32 Version: 1.00.0000)
doPDF 7.1 printer
Dropbox (HKCU Version: 2.0.22)
EDocs (x32)
EPSON NX100 Series Printer Uninstall
EPSON Scan (x32)
eSupportQFolder (x32 Version: 1.00.0000)
FastStone Photo Resizer 2.8 (x32 Version: 2.8)
HP Color LaserJet CM1015/CM1017 MFP 2.0 (Version: 2.0)
HP Customer Participation Program 8.0 (Version: 8.0)
HP Imaging Device Functions 8.0 (Version: 8.0)
HP OCR Software 8.0 (Version: 8.0)
HP Product Assistant (x32 Version: 100.000.001.000)
HP Solution Center 8.0 (Version: 8.0)
HP Update (x32 Version: 5.005.000.002)
hppCLJCM1017 (x32 Version: 001.102.00042)
hppFonts (x32 Version: 000.001.00055)
hppIOFiles (x32 Version: 002.000.00030)
hppManualsCM1017 (x32 Version: 001.102.00039)
HPProductAssistant (x32 Version: 82.0.173.000)
hppscanCM1017 (x32 Version: 001.102.00046)
hppScanTo (x32 Version: 001.102.00042)
hppTLBXFXCM1017 (x32 Version: 001.003.00045)
hppusgCM1017 (x32 Version: 000.106.00100)
hpzTLBXFX (x32 Version: 002.006.00195)
iLinc Client (x32)
Ingram Media Manager (x32 Version: 1.0.6.2438)
iTunes (Version: 11.0.4.4)
Java 6 Update 11 (x32 Version: 6.0.110)
Java 6 Update 7 (x32 Version: 1.6.0.70)
Keratron Scout (x32 Version: 4.1.0)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
MarketResearch (x32 Version: 82.0.174.000)
McAfee Security Scan Plus (Version: 3.8.130.10)
Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322)
Microsoft .NET Framework 1.1 (x32)
Microsoft .NET Framework 1.1 Security Update (KB2698023) (x32)
Microsoft .NET Framework 1.1 Security Update (KB2833941) (x32)
Microsoft .NET Framework 1.1 Security Update (KB979906) (x32)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Silverlight (x32 Version: 5.1.20913.0)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Works (x32 Version: 9.7.0621)
MobileMe Control Panel (Version: 3.1.8.0)
Modem Diagnostic Tool (Version: 1.0.24.0)
Mozilla Firefox 25.0.1 (x86 en-US) (x32 Version: 25.0.1)
Mozilla Maintenance Service (x32 Version: 25.0.1)
MozyHome (Version: 2.22.2.334)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MSXML 4.0 SP2 and SOAP Toolkit 3.0 (x32 Version: 1.0.0.0)
NetWaiting (x32 Version: 2.5.53)
OnWaveII (x32)
Picasa 3 (x32 Version: 3.9)
Product_Full_QFolder (x32 Version: 1.00.0000)
Product_Min_QFolder (x32 Version: 1.00.0000)
Quicken 2007 (x32 Version: 16.1.2.25)
Quicken 2010 (x32 Version: 19.1.2.22)
QuickTime (x32 Version: 7.73.80.64)
RealDownloader (x32 Version: 1.3.1)
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0)
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0)
RealPlayer (x32 Version: 16.0.0)
Realtek High Definition Audio Driver (x32)
RealUpgrade 1.1 (x32 Version: 1.1.0)
Roxio Creator Audio (x32 Version: 3.7.0)
Roxio Creator Copy (x32 Version: 3.7.0)
Roxio Creator Data (x32 Version: 3.7.0)
Roxio Creator DE (x32 Version: 10.1)
Roxio Creator DE (x32 Version: 3.7.0)
Roxio Creator Tools (x32 Version: 3.7.0)
Roxio Express Labeler 3 (x32 Version: 3.2.1)
Roxio Media Manager (x32 Version: 9.4.023)
Roxio Update Manager (x32 Version: 6.0.0)
Safari (x32 Version: 5.34.57.2)
Scan (x32 Version: 8.1.0.0)
ScanSnap Manager (x32 Version: V4.2L14)
ScanSnap Organizer (x32 Version: 3.2.13.1)
ScanSnap Organizer (x32 Version: V3.2L13)
ScorpionSaver (x32 Version: 1.0.0.0) <==== ATTENTION
SolutionCenter (x32 Version: 82.0.188.000)
Sony Picture Utility (x32 Version: 3.0.00.11220)
TrayApp (x32 Version: 82.0.188.000)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update for Microsoft Office Excel 2007 Help (KB963678) (x32)
Update for Microsoft Office OneNote 2007 Help (KB963670) (x32)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update for Microsoft Office Script Editor Help (KB963671) (x32)
Update for Microsoft Office Word 2007 Help (KB963665) (x32)
VZAccess Manager for RIM (x32 Version: 6.9.0)
Wave (x32 Version: 7.1.0)
WebReg (x32 Version: 82.0.173.000)
Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8)
WinZip 17.0 (Version: 17.0.10283)
YTD Toolbar v8.2 (x32 Version: 8.2)

==================== Restore Points  =========================

19-10-2013 09:17:04 Windows Update
23-10-2013 06:22:56 Windows Update
23-10-2013 07:25:26 Installed MozyHome
26-10-2013 12:43:06 Windows Update
30-10-2013 06:34:59 Windows Update
03-11-2013 06:17:50 Windows Update
06-11-2013 07:00:53 Windows Update
09-11-2013 07:15:08 Windows Update
13-11-2013 14:26:30 Windows Update
14-11-2013 08:00:15 Windows Update
18-11-2013 07:14:23 Windows Update
19-11-2013 08:00:13 Windows Update
19-11-2013 18:03:40 Removed ScorpionSaver
19-11-2013 18:39:38 Removed ScorpionSaver
25-11-2013 21:06:48 Removed ScorpionSaver
25-11-2013 21:19:03 Removed ScorpionSaver Services
25-11-2013 21:26:33 Removed ScorpionSaver
26-11-2013 06:46:27 Windows Update
26-11-2013 18:10:29 Removed ScorpionSaver
27-11-2013 04:06:26 Removed ScorpionSaver
28-11-2013 02:33:35 Removed ScorpionSaver

==================== Hosts content: ==========================

2006-11-02 07:34 - 2011-08-25 07:47 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {12C6BA00-3995-4B50-8A71-AF1D5A689D10} - System32\Tasks\RNUpgradeHelperLogonPrompt_Pooks => C:\Users\Pooks\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.70\agent\rnupgagent.exe [2013-11-26] (RealNetworks, Inc.)
Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\System32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {2FFE4EFD-E295-4272-8542-0DAE617A0086} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-523217745-2204991375-1422280855-1000 => C:\Program Files (x86)\Real\RealUpgrade\realupgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: {3A44D634-E88E-4BE5-95AB-2FC82EC2700B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-08] (Adobe Systems Incorporated)
Task: {4622D421-6611-4486-AAA3-F64D21B74E71} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-523217745-2204991375-1422280855-1000 => C:\Program Files (x86)\Real\RealUpgrade\realupgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: {7B3313F2-3CB5-48FE-A985-389F4971DF02} - System32\Tasks\ReclaimerUpdateXML_Pooks => C:\Users\Pooks\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.70\agent\rnupgagent.exe [2013-11-26] (RealNetworks, Inc.)
Task: {7C638E5B-ECE5-4424-A7E5-2C913CA682E9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {8652D26E-5E93-49C8-ADFC-D40F628D5C19} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Pooks => C:\Program Files\Windows Calendar\WinCal.exe [2008-01-20] (Microsoft Corporation)
Task: {8C328CA8-0CC2-473E-9C8E-35655CE1EA6C} - System32\Tasks\ReclaimerUpdateFiles_Pooks => C:\Users\Pooks\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.70\agent\rnupgagent.exe [2013-11-26] (RealNetworks, Inc.)
Task: {AFD75EE1-CBAD-478B-ADAF-2EEE7A7BA8C2} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {D0200578-A84C-4973-917E-C470CB16B1ED} - System32\Tasks\RNUpgradeHelperResumePrompt_Pooks => C:\Users\Pooks\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.70\agent\rnupgagent.exe [2013-11-26] (RealNetworks, Inc.)
Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\System32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\ReclaimerUpdateFiles_Pooks.job => C:\Users\Pooks\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.70\agent\rnupgagent.exe
Task: C:\Windows\Tasks\ReclaimerUpdateXML_Pooks.job => C:\Users\Pooks\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.70\agent\rnupgagent.exe
Task: C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Pooks.job => C:\Users\Pooks\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.70\agent\rnupgagent.exe

==================== Loaded Modules (whitelisted) =============

2013-08-15 02:58 - 2013-08-15 02:58 - 00472576 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_64\VistaBridgeLibrary\13e2de9fd35acaf7fcb4ea5b44cafef3\VistaBridgeLibrary.ni.dll
2011-09-27 06:23 - 2011-09-27 06:23 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 06:22 - 2011-09-27 06:22 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-07-10 02:18 - 2013-07-10 02:18 - 03391488 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_2ae1a405\mscorlib.dll
2013-07-10 02:17 - 2013-07-10 02:17 - 03035136 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_b5d07357\system.windows.forms.dll
2013-07-10 02:17 - 2013-07-10 02:17 - 01966080 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_eea2a208\system.dll
2013-07-10 02:17 - 2013-07-10 02:17 - 02088960 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_80da7965\system.xml.dll
2013-07-10 02:17 - 2013-07-10 02:17 - 00843776 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_31f2e869\system.drawing.dll
2013-03-13 15:48 - 2013-03-13 15:48 - 24978944 _____ () C:\Users\Pooks\AppData\Roaming\Dropbox\bin\libcef.dll
2013-11-17 16:56 - 2013-11-17 16:56 - 03363952 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-10-08 23:21 - 2013-10-08 23:21 - 16233864 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/27/2013 09:34:23 PM) (Source: MsiInstaller) (User: PC)
Description: Product: ScorpionSaver -- Error 1404. Could not delete key \Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID.  System error .  Verify that you have sufficient access to that key, or contact your support personnel.

Error: (11/27/2013 04:40:27 PM) (Source: Application Hang) (User: )
Description: The program mbam.exe version 1.75.0.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 1b44
Start Time: 01ceebb60c5a8396
Termination Time: 16

Error: (11/26/2013 11:09:19 PM) (Source: MsiInstaller) (User: PC)
Description: Product: ScorpionSaver -- Error 1404. Could not delete key \Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID.  System error .  Verify that you have sufficient access to that key, or contact your support personnel.

Error: (11/26/2013 01:29:12 PM) (Source: MsiInstaller) (User: PC)
Description: Product: ScorpionSaver -- Error 1404. Could not delete key \Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID.  System error .  Verify that you have sufficient access to that key, or contact your support personnel.

Error: (11/26/2013 01:07:01 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/26/2013 00:48:07 PM) (Source: MsiInstaller) (User: PC)
Description: Product: ScorpionSaver -- Error 1402. Could not open key: HKEY_LOCAL_MACHINE32\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects.  System error 161.  Verify that you have sufficient access to that key, or contact your support personnel.

Error: (11/26/2013 00:47:56 PM) (Source: MsiInstaller) (User: PC)
Description: Product: ScorpionSaver -- Error 1404. Could not delete key \Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Ext.  System error .  Verify that you have sufficient access to that key, or contact your support personnel.

Error: (11/26/2013 00:47:56 PM) (Source: MsiInstaller) (User: PC)
Description: Product: ScorpionSaver -- Error 1404. Could not delete key \Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Ext.  System error .  Verify that you have sufficient access to that key, or contact your support personnel.

Error: (11/26/2013 00:47:55 PM) (Source: MsiInstaller) (User: PC)
Description: Product: ScorpionSaver -- Error 1404. Could not delete key \Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID.  System error .  Verify that you have sufficient access to that key, or contact your support personnel.

Error: (11/26/2013 00:47:54 PM) (Source: MsiInstaller) (User: PC)
Description: Product: ScorpionSaver -- Error 1404. Could not delete key \Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID.  System error .  Verify that you have sufficient access to that key, or contact your support personnel.


System errors:
=============
Error: (11/26/2013 01:03:27 PM) (Source: Service Control Manager) (User: )
Description: 30000Akamai

Error: (11/26/2013 01:03:17 PM) (Source: DCOM) (User: )
Description: {C2BFE331-6739-4270-86C9-493D9A04CD38}

Error: (11/25/2013 04:23:42 PM) (Source: Service Control Manager) (User: )
Description: AdpeakProxy1

Error: (11/19/2013 02:41:52 PM) (Source: Service Control Manager) (User: )
Description: McciCMService64%%1053

Error: (11/19/2013 02:41:52 PM) (Source: Service Control Manager) (User: )
Description: 30000McciCMService64

Error: (11/17/2013 08:15:39 PM) (Source: Service Control Manager) (User: )
Description: Windows Media Player Network Sharing Service%%1053

Error: (11/17/2013 08:15:39 PM) (Source: Service Control Manager) (User: )
Description: 30000Windows Media Player Network Sharing Service

Error: (11/17/2013 08:13:23 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 8:11:06 PM on 11/17/2013 was unexpected.

Error: (11/08/2013 08:33:43 AM) (Source: Service Control Manager) (User: )
Description: 30000Microsoft .NET Framework NGEN v4.0.30319_X64

Error: (11/07/2013 10:50:52 PM) (Source: DCOM) (User: )
Description: {C2BFE331-6739-4270-86C9-493D9A04CD38}


Microsoft Office Sessions:
=========================
Error: (02/10/2013 09:04:46 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 8395 seconds with 2880 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2013-10-16 03:02:16.520
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-16 03:02:16.212
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-16 03:02:15.833
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-16 03:02:15.492
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-16 03:01:47.099
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-16 03:01:46.697
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-16 03:01:46.387
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-16 03:01:46.007
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-16 03:01:45.614
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-16 03:01:45.306
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 75%
Total physical RAM: 4084.27 MB
Available physical RAM: 987.46 MB
Total Pagefile: 8379.82 MB
Available Pagefile: 5448.63 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:451.07 GB) (Free:81.61 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:8.21 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: E49667B6)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=451 GB) - (Type=07 NTFS)

==================== End Of Log ============================

[MrCharlie]

Download the attached fixlist.txt to the same folder as FRST.

Run FRST.exe and click Fix only once and wait

The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

Then......

Lets clean out any adware/spyware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

Make sure you click on download buttons that look similar to this, not "sponsored ad links":

• Double click on AdwCleaner.exe to run the tool.

  Vista/Windows 7/8 users right-click and select Run As Administrator

• Click on the Scan button.
• AdwCleaner will begin...be patient as the scan may take some time to complete.
• When it's done you'll see: Pending: Please uncheck elements you don't want removed.
• Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
• Look over the log especially under Files/Folders for any program you want to save.
• If there's a program you may want to save, just uncheck it from AdwCleaner.
• If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
• If you're ready to clean it all up.....click the Clean button.
• After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
• Copy and paste the contents of that logfile in your next reply.
• A copy of that logfile will also be saved in the C:\AdwCleaner folder.
• Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
• To restore an item that has been deleted:
• Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

[Gina0381]

Can you explain how to do this step:

 

Download the attached fixlist.txt to the same folder as FRST.

 

When I click to download the file, it does not give me the option to put it in the FRST folder.

[MrCharlie]

I'm sorry, I missed your response.

Just download it to where ever it downloads to, then copy and paste it into the FRST folder.

MrC

[Gina0381]

Thanks for clarifying.   I didn't post the reply with the log for frst and ran AdwCleaner which required the reboot.  Now I'm unable to find the Farbar program on my computer.  Below is the log for AdwCleaner:

# AdwCleaner v3.014 - Report created 01/12/2013 at 12:58:49
# Updated 01/12/2013 by Xplode
# Operating System : Windows Vista Home Premium Service Pack 2 (64 bits)
# Username : Pooks - PC
# Running from : C:\Users\Pooks\Downloads\AdwCleaner(1).exe
# Option : Clean

***** [ Services ] *****

Service Deleted : Level Quality Watcher

***** [ Files / Folders ] *****

[!] Folder Deleted : C:\Users\Pooks\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj
[!] Folder Deleted : C:\Users\Pooks\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
[!] Folder Deleted : C:\Users\Pooks\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
[!] Folder Deleted : C:\Users\Pooks\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16520


-\\ Mozilla Firefox v25.0.1 (en-US)

[ File : C:\Users\Pooks\AppData\Roaming\Mozilla\Firefox\Profiles\gh9cst72.default-1373908533789\prefs.js ]


-\\ Google Chrome v

[ File : C:\Users\Pooks\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [9716 octets] - [19/11/2013 22:39:28]
AdwCleaner[R1].txt - [1023 octets] - [23/11/2013 16:04:31]
AdwCleaner[R2].txt - [2011 octets] - [01/12/2013 12:56:26]
AdwCleaner[s0].txt - [9230 octets] - [19/11/2013 22:42:58]
AdwCleaner[s1].txt - [1085 octets] - [23/11/2013 16:06:01]
AdwCleaner[s2].txt - [1966 octets] - [01/12/2013 12:58:49]

########## EOF - C:\AdwCleaner\AdwCleaner[s2].txt - [2026 octets] ##########
 

[MrCharlie]

OK...How is it??????MrC

[Gina0381]

I haven't been on any websites yet that attracted ScorpionSaver. I just checked my programs and it is still installed.  Should I try to uninstall it now that the registry key has been deleted?

 

Below is the log from the last Malwarebytes Scan/clean:

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.01.07

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Pooks :: PC [administrator]

12/1/2013 8:07:55 PM
mbam-log-2013-12-01 (20-07-55).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 220508
Time elapsed: 7 minute(s), 28 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 3
HKCR\AppID\AdpeakProxy.exe (PUP.Optional.Adpeak) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Adpeak, Inc. (PUP.Optional.Adpeak) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Wow6432Node\Adpeak, Inc. (PUP.Optional.Adpeak) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

[MrCharlie]

I just checked my programs and it is still installed.

It's really not, that's just a left over registry key that we have to delete.

If it's OK now......please do this:

Please download SystemLook from the link below and save it to your Desktop.
http://jpshortstuff.247fixes.com/SystemLook_x64.exe

• Double-click SystemLook.exe to run it.
• Copy the content of the following codebox into the main textfield:
  

  :regfindScorpion

• Click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt
MrC

[Gina0381]

My computer definitely seems to be running smoother. I did some browsing and did not come across ScorpionSaver.

 

Here's the log:

 

SystemLook 30.07.11 by jpshortstuff
Log created at 21:17 on 01/12/2013 by Pooks
Administrator - Elevation successful

========== regfind ==========

Searching for "Scorpion"
[HKEY_CURRENT_USER\Software\Adpeak, Inc.\ScorpionSaver]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\ScorpionSaver]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\3A9F56B942D9A2546BFE41756DE52495]
"ProductName"="ScorpionSaver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\3A9F56B942D9A2546BFE41756DE52495\SourceList]
"PackageName"="ScorpionSaver.msi"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SOFTWARE\CLSID\F5D333A8-C748-4686-AE0A-9E008F670C22]
@="ScorpionSaver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SOFTWARE\CLSID\F5D333A8-C748-4686-AE0A-9E008F670C22\InProcServer32]
@="C:\Program Files(x86)\ScorpionSaver\IECore.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SOFTWARE\Wow6432Node\CLSID\F5D333A8-C748-4686-AE0A-9E008F670C22]
@="ScorpionSaver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SOFTWARE\Wow6432Node\CLSID\F5D333A8-C748-4686-AE0A-9E008F670C22\InProcServer32]
@="C:\Program Files(x86)\ScorpionSaver\IECore.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\Program Files (x86)\ScorpionSaver\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1C19AC53289098045B06B0DD1D37CBAB]
"3A9F56B942D9A2546BFE41756DE52495"="c:\Program Files (x86)\ScorpionSaver\ff_bootstrap.js"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23D9E9D21B4E77E41B9F50DD22F24E20]
"3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23EEA1F105A7F45449974D9B95E7AC89]
"3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\26982796A8AFD1246B95E00265A95BF9]
"3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\42D92D0D75AFEF74297E03876C8D9D33]
"3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50FFE845C555A6E4BADB7CB7A145BFEB]
"3A9F56B942D9A2546BFE41756DE52495"="c:\Program Files (x86)\ScorpionSaver\SendJson.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\715A3348920B6534690067594BB69F60]
"3A9F56B942D9A2546BFE41756DE52495"="c:\Program Files (x86)\ScorpionSaver\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7B7B13B037A7C2A42AC3E3EAF14D7107]
"3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7D05B2942E9CC80499F397F6114DFB35]
"3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8591B8948E1C4A04F90505B3CDEE8555]
"3A9F56B942D9A2546BFE41756DE52495"="c:\Program Files (x86)\ScorpionSaver\CustomActionInstall"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8D841C5FEC311624CB88D49DB3884FA7]
"3A9F56B942D9A2546BFE41756DE52495"="c:\Program Files (x86)\ScorpionSaver\IECore.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AD746BF3B3B3FD8409B86604BA85982A]
"3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F355F0DB7A2E3A14B8E7A568FBA25937]
"3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3A9F56B942D9A2546BFE41756DE52495\InstallProperties]
"DisplayName"="ScorpionSaver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Scorpion Saver]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9B65F9A3-9D24-452A-B6EF-1457D65E4259}]
"DisplayName"="ScorpionSaver"
[HKEY_USERS\S-1-5-21-523217745-2204991375-1422280855-1000\Software\Adpeak, Inc.\ScorpionSaver]
[HKEY_USERS\S-1-5-21-523217745-2204991375-1422280855-1000\Software\AppDataLow\Software\ScorpionSaver]

-= EOF =-

[MrCharlie]

Please backup the registry with ERUNT before continuing:

http://www.geekstogo.com/forum/topic/208859-backing-up-the-registry-using-erunt/

Now download and unzip gina.zip (gina.reg)

Now double click on it and allow it to merge into the registry.

Reboot and it should be gone.

MrC

[Gina0381]

I backed up the registry, download the file, but my winzip trial has expired.  What do you recommend I use to unzip the file?

[MrCharlie]

Just double click on it and Windows will unzip it.

http://customize.org/help/How_To_Unzip_A_File

MrC

[Gina0381]

It worked! I don't see ScorpionSaver in my programs list and the computer seems to be working very nicely.  After I rebooted I did get an alert that regarding my security.  I attached a screen shot...let me know if you think I need to change anything. Thanks!

[MrCharlie]

Good.....Looks like Defender is considered an antispyware software not an anti-virus, you can ignore it and change the setting.

Change the way Security Center Alerts me ----> just uncheck the box for the anti-virus alert.

or install an anti-virus program like AVAST

http://www.avast.com/en-us/index

------------------------------------

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• If you get Unsupported operating system. Aborting now, just reboot and try again.
• A Notepad document should open automatically called checkup.txt.
• Please Post the contents of that document.
• Do Not Attach It!!!

MrC

[Gina0381]

checkup.txt below:

 

 Results of screen317's Security Check version 0.99.77  
 Windows Vista Service Pack 2 x64 (UAC is disabled!)  
 Internet Explorer 9  
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 6 Update 11  
 Java 6 Update 7  
 Java version out of Date!
 Adobe Flash Player 10 Flash Player out of Date!
 Adobe Flash Player     11.9.900.117  
 Adobe Reader 10.1.4 Adobe Reader out of Date!  
 Mozilla Firefox (25.0.1)
 Google Chrome 31.0.1650.57  
````````Process Check: objlist.exe by Laurent````````  
 Windows Defender MSASCui.exe
 Windows Defender MSASCui.exe   
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast avastUi.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 4 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 

[MrCharlie]

Out dated programs on the system are vulnerable to malware.
Please update or uninstall them:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please uninstall these and any other Java from your add/remove programs:
Java™ 6 Update 11
Java™ 6 Update 7

Java version out of Date! <-------Download and install the latest version (Java™ 7 Update 45) from Here. Uncheck the box to install the Ask toolbar!!! and any other free "stuff".

~~~~~~~~~~~~~~~~~~~~~~~~

Adobe Flash Player 10 Flash Player out of Date! <-------please uninstall
Adobe Flash Player 11.9.900.117 <-------- Check for an update if available
(should be 11,9,900,152)

-------------------------

Adobe Reader 10.1.4 Adobe Reader out of Date! <---please check for an update if available or uninstall and download and install Foxit Reader which is less vulnerable to malware and much better than Adobe. Don't install any toolbars that may come with it (ASK Toolbar).

~~~~~~~~~~~~~~~~~~~~~~~~~

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /



Then hit enter.
This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller)

---------------------------------

Please download OTC to your desktop. (This will clean up most of the tools and logs)
http://oldtimer.geekstogo.com/OTC.exe

Double-click OTC to run it. (Vista and up users, please right click on OTC and select "Run as an Administrator")
Click on the CleanUp! button and follow the prompts.
(If you get a warning from your firewall or other security programs regarding OTC attempting to contact the Internet, please allow the connection.)
You will be asked to reboot the machine to finish the Cleanup process, choose Yes.
After the reboot all the tools we used should be gone.
Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.

Any other programs or logs you can manually delete.
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, MBAR, etc....AdwCleaner > just run the program and click uninstall.

Note:
If you used FRST and can't delete the quarantine folder:
Download the fixlist.txt to the same folder as FRST.exe.
Run FRST.exe and click Fix only once and wait
That will delete the quarantine folder created by FRST.
The rest you can manually delete.

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.


Good Luck and Thanks for using the forum, MrC

[Maurice Naggar]

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.