Scorpionsaver...please helps!

[thedemogoblin]

Hi everyone!

I am in need of help removing scorpionsaver, I have tried to delete it many times but it keeps coming back...please help me!

[MrCharlie]

@melixx28, please start your own topic by using the .....

button


@thedemogoblin, please do this......

Lets clean out any adware/spyware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

Make sure you click on download buttons that look similar to this, not "sponsored ad links":

• Double click on AdwCleaner.exe to run the tool.
  Vista/Windows 7/8 users right-click and select Run As Administrator
• Click on the Scan button.
• AdwCleaner will begin...be patient as the scan may take some time to complete.
• When it's done you'll see: Pending: Please uncheck elements you don't want removed.
• Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
• Look over the log especially under Files/Folders for any program you want to save.
• If there's a program you may want to save, just uncheck it from AdwCleaner.
• If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
• If you're ready to clean it all up.....click the Clean button.
• After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
• Copy and paste the contents of that logfile in your next reply.
• A copy of that logfile will also be saved in the C:\AdwCleaner folder.
• Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
• To restore an item that has been deleted:
• Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Last..........

Please download Farbar Recovery Scan Tool and save it to a folder. (use correct version for your system.....Which system am I using?)

Please make sure you click download buttons that look similar to this, not "sponsored ad links":

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
• MrC

[thedemogoblin]

here is the adwcleaner report:

 

# AdwCleaner v3.013 - Report created 29/11/2013 at 15:38:43

# Updated 24/11/2013 by Xplode

# Operating System : Windows 8.1  (64 bits)

# Username : braun_000 - BRAUNRODMAN

# Running from : C:\Users\braun_000\Desktop\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v11.0.9600.16384

 

 

-\\ Google Chrome v31.0.1650.57

 

[ File : C:\Users\braun_000\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [2034 octets] - [27/11/2013 22:38:53]

AdwCleaner[R1].txt - [870 octets] - [27/11/2013 23:12:20]

AdwCleaner[R2].txt - [988 octets] - [27/11/2013 23:27:17]

AdwCleaner[R3].txt - [1108 octets] - [28/11/2013 00:05:51]

AdwCleaner[R4].txt - [1276 octets] - [29/11/2013 15:02:16]

AdwCleaner[R5].txt - [1348 octets] - [29/11/2013 15:37:57]

AdwCleaner[s0].txt - [2145 octets] - [27/11/2013 22:39:52]

AdwCleaner[s1].txt - [930 octets] - [27/11/2013 23:13:01]

AdwCleaner[s2].txt - [1048 octets] - [27/11/2013 23:27:44]

AdwCleaner[s3].txt - [1170 octets] - [28/11/2013 00:06:34]

AdwCleaner[s4].txt - [1342 octets] - [29/11/2013 15:03:01]

AdwCleaner[s5].txt - [1270 octets] - [29/11/2013 15:38:43]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s5].txt - [1330 octets] ##########

 

going to run malwarebytes now

[thedemogoblin]

Malwarebytes Anti-Malware (Trial) 1.75.0.1300

www.malwarebytes.org

 

Database version: v2013.11.26.13

 

Windows 8 x64 NTFS

Internet Explorer 11.0.9600.16438

braun_000 :: BRAUNRODMAN [administrator]

 

Protection: Enabled

 

11/29/2013 3:43:26 PM

mbam-log-2013-11-29 (15-43-26).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 209444

Time elapsed: 4 minute(s), 8 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 3

HKCR\CLSID\{10AD2C61-0898-4348-8600-14A342F22AC3} (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10AD2C61-0898-4348-8600-14A342F22AC3} (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\ScorpionSaver (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 1

C:\Program Files (x86)\ScorpionSaver (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.

 

Files Detected: 92

C:\Program Files (x86)\ScorpionSaver\IECore.dll (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.

C:\Program Files (x86)\ScorpionSaver\ff_addonkit_page-mod.js (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.

C:\Program Files (x86)\ScorpionSaver\CustomActionInstall (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.

C:\Program Files (x86)\ScorpionSaver\CustomActionUninstall (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.

C:\Program Files (x86)\ScorpionSaver\ff_addonkit_private-browsing.js (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.

C:\Program Files (x86)\ScorpionSaver\ff_addonkit_request.js (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.

C:\Program Files (x86)\ScorpionSaver\ff_addonkit_windows.js (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.

C:\Program Files (x86)\ScorpionSaver\ff_addon_runner.js (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.

C:\Program Files (x86)\ScorpionSaver\ff_base_api-utils.js (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.

C:\Program Files (x86)\ScorpionSaver\ff_base_base64.js (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.

C:\Program Files (x86)\ScorpionSaver\ff_base_byte-streams.js (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.

C:\Program Files (x86)\ScorpionSaver\ff_base_collection.js (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.

C:\Program Files (x86)\ScorpionSaver\ff_base_content.js (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.

C:\Program Files (x86)\ScorpionSaver\ff_base_cortex.js (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.

C:\Program Files (x86)\ScorpionSaver\ff_base_cuddlefish.js (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.

C:\Program Files (x86)\ScorpionSaver\ff_base_deprecate.js (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.

C:\Program Files (x86)\ScorpionSaver\ff_base_environment.js (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.

C:\Program Files (x86)\ScorpionSaver\ff_base_errors.js (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.

C:\Program Files (x86)\ScorpionSaver\ff_base_events.js (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.

C:\Program Files (x86)\ScorpionSaver\ff_base_file.js (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.

C:\Program Files (x86)\ScorpionSaver\ff_base_functional.js (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.

C:\Program Files (x86)\ScorpionSaver\ff_base_globals.js (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.

C:\Program Files (x86)\ScorpionSaver\ff_base_heritage.js (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.

C:\Program Files (x86)\ScorpionSaver\ff_base_hidden-frame.js (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.

C:\Program Files (x86)\ScorpionSaver\ff_base_light-traits.js (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.

C:\Program Files (x86)\ScorpionSaver\ff_base_list.js (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.

C:\Program Files (x86)\ScorpionSaver\ff_base_loader.js (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.

C:\Program Files (x86)\ScorpionSaver\ff_base_match-pattern.js (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.

C:\Program Files (x86)\ScorpionSaver\ff_base_memory.js (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.

C:\Program Files (x86)\ScorpionSaver\ff_base_namespace.js (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.

C:\Program Files (x86)\ScorpionSaver\ff_base_observer-service.js (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.

C:\Program Files (x86)\ScorpionSaver\ff_base_plain-text-console.js (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.

C:\Program Files (x86)\ScorpionSaver\ff_base_preferences-service.js (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.

C:\Program Files (x86)\ScorpionSaver\ff_base_promise.js (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.

C:\Program Files (x86)\ScorpionSaver\ff_base_querystring.js (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.

C:\Program Files (x86)\ScorpionSaver\ff_base_runtime.js (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.

C:\Program Files (x86)\ScorpionSaver\ff_base_sandbox.js (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.

C:\Program Files (x86)\ScorpionSaver\ff_base_self.js (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.

C:\Program Files (x86)\ScorpionSaver\ff_base_system.js (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.

C:\Program Files (x86)\ScorpionSaver\ff_base_text-streams.js (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.

C:\Program Files (x86)\ScorpionSaver\ff_base_timer.js (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.

C:\Program Files (x86)\ScorpionSaver\ff_base_traceback.js (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.

C:\Program Files (x86)\ScorpionSaver\ff_base_traits.js (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.

C:\Program Files (x86)\ScorpionSaver\ff_base_unload.js (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.

C:\Program Files (x86)\ScorpionSaver\ff_base_url.js (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.

C:\Program Files (x86)\ScorpionSaver\ff_base_uuid.js (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.

C:\Program Files (x86)\ScorpionSaver\ff_base_window-utils.js (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.

C:\Program Files (x86)\ScorpionSaver\ff_base_xhr.js (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.

C:\Program Files (x86)\ScorpionSaver\ff_base_xpcom.js (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.

C:\Program Files (x86)\ScorpionSaver\ff_base_xul-app.js (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.

C:\Program Files (x86)\ScorpionSaver\ff_bootstrap.js (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.

C:\Program Files (x86)\ScorpionSaver\ff_content_content-proxy.js (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.

C:\Program Files (x86)\ScorpionSaver\ff_content_content-worker.js (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.

C:\Program Files (x86)\ScorpionSaver\ff_content_loader.js (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.

C:\Program Files (x86)\ScorpionSaver\ff_content_symbiont.js (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.

C:\Program Files (x86)\ScorpionSaver\ff_content_worker.js (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.

C:\Program Files (x86)\ScorpionSaver\ff_dom_events.js (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.

C:\Program Files (x86)\ScorpionSaver\ff_events_assembler.js (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.

C:\Program Files (x86)\ScorpionSaver\ff_event_core.js (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.

C:\Program Files (x86)\ScorpionSaver\ff_event_target.js (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.

C:\Program Files (x86)\ScorpionSaver\ff_harness-options.json (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.

C:\Program Files (x86)\ScorpionSaver\ff_icon.png (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.

C:\Program Files (x86)\ScorpionSaver\ff_icon64.png (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.

C:\Program Files (x86)\ScorpionSaver\ff_install.rdf (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.

C:\Program Files (x86)\ScorpionSaver\ff_l10n_core.js (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.

C:\Program Files (x86)\ScorpionSaver\ff_l10n_html.js (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.

C:\Program Files (x86)\ScorpionSaver\ff_l10n_loader.js (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.

C:\Program Files (x86)\ScorpionSaver\ff_l10n_locale.js (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.

C:\Program Files (x86)\ScorpionSaver\ff_l10n_prefs.js (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.

C:\Program Files (x86)\ScorpionSaver\ff_locales.json (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.

C:\Program Files (x86)\ScorpionSaver\ff_main.js (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.

C:\Program Files (x86)\ScorpionSaver\ff_main.js.old (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.

C:\Program Files (x86)\ScorpionSaver\ff_prefs.js (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.

C:\Program Files (x86)\ScorpionSaver\ff_privatebrowsing_utils.js (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.

C:\Program Files (x86)\ScorpionSaver\ff_system_events.js (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.

C:\Program Files (x86)\ScorpionSaver\ff_tabs_events.js (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.

C:\Program Files (x86)\ScorpionSaver\ff_tabs_observer.js (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.

C:\Program Files (x86)\ScorpionSaver\ff_tabs_tab.js (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.

C:\Program Files (x86)\ScorpionSaver\ff_tabs_utils.js (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.

C:\Program Files (x86)\ScorpionSaver\ff_traits_core.js (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.

C:\Program Files (x86)\ScorpionSaver\ff_utils_data.js (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.

C:\Program Files (x86)\ScorpionSaver\ff_utils_object.js (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.

C:\Program Files (x86)\ScorpionSaver\ff_utils_registry.js (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.

C:\Program Files (x86)\ScorpionSaver\ff_utils_thumbnail.js (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.

C:\Program Files (x86)\ScorpionSaver\ff_windows_dom.js (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.

C:\Program Files (x86)\ScorpionSaver\ff_windows_loader.js (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.

C:\Program Files (x86)\ScorpionSaver\ff_windows_observer.js (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.

C:\Program Files (x86)\ScorpionSaver\ff_windows_tabs.js (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.

C:\Program Files (x86)\ScorpionSaver\ff_window_utils.js (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.

C:\Program Files (x86)\ScorpionSaver\Microsoft.Deployment.WindowsInstaller.dll (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.

C:\Program Files (x86)\ScorpionSaver\Microsoft.Deployment.WindowsInstaller.xml (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.

C:\Program Files (x86)\ScorpionSaver\SendJson.dll (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.

 

(end)

[thedemogoblin]

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-11-2013

Ran by braun_000 (administrator) on BRAUNRODMAN on 29-11-2013 15:54:17

Running from C:\Users\braun_000\Desktop

Windows 8.1 (X64) OS Language: English(US)

Internet Explorer Version 11

Boot Mode: Normal

 

==================== Processes (Whitelisted) =================

 

(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe

() C:\Program Files (x86)\ASUS\WebStorage\2.0.1.213\AsusWSWinService.exe

(Microsoft Corporation) C:\Windows\System32\dasHost.exe

(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe

() C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

(Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe

(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\nst.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe

(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe

(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe

(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe

(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\nst.exe

(Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe

(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe

(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe

(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe\livecomm.exe

(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe

(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe

(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\ismagent.exe

(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe

() C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\updateui.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe

(Spotify Ltd) C:\Users\braun_000\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe

(Dropbox, Inc.) C:\Users\braun_000\AppData\Roaming\Dropbox\bin\Dropbox.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe

(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe

(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe

(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [HotKeysCmds] - C:\WINDOWS\system32\hkcmd.exe [ ] ()

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13192848 2012-08-20] (Realtek Semiconductor)

HKLM\...\Run: [AuditSHD] - C:\Windows\System32\oobe\AuditShD.exe [29696 2013-08-22] (Microsoft Corporation)

HKLM\...\Run: [ACMON] - C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [107192 2012-08-24] (ASUS)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKCU\...\Run: [bitTorrent] - C:\Users\braun_000\AppData\Roaming\BitTorrent\BitTorrent.exe [884576 2013-08-14] (BitTorrent Inc.)

HKCU\...\Run: [spotify] - C:\Users\braun_000\AppData\Roaming\Spotify\spotify.exe [5955072 2013-11-21] (Spotify Ltd)

HKCU\...\Run: [spotify Web Helper] - C:\Users\braun_000\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1168896 2013-11-21] (Spotify Ltd)

HKCU\...\Run: [Google Update] - C:\Users\braun_000\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-08-24] (Google Inc.)

HKCU\...\Run: [GoogleChromeAutoLaunch_79123335584747788C79C4499DE89AE4] - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [863184 2013-11-14] (Google Inc.)

HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe [35736 2010-11-15] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-15] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [ASUSPRP] - C:\Program Files (x86)\ASUS\APRP\aprp.exe [3331312 2012-08-04] (ASUSTek Computer Inc.)

HKLM-x32\...\Run: [WebStorage] - C:\Program Files (x86)\ASUS\WebStorage\2.0.1.213\ASUSWSLoader.exe [56640 2013-06-26] ()

HKLM-x32\...\Run: [ConnectionCenter] - C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [380088 2012-07-27] (Citrix Systems, Inc.)

AppInit_DLLs:   [ ] ()

Startup: C:\Users\braun_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\braun_000\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus13.msn.com

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com

SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS

BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)

BHO: Norton Identity Protection - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.6.0.27\coieplg.dll (Symantec Corporation)

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)

BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\20.4.0.40\IPS\ipsbho.dll (Symantec Corporation)

BHO-x32: Norton Identity Protection - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\coieplg.dll (Symantec Corporation)

BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)

Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.6.0.27\coieplg.dll (Symantec Corporation)

Toolbar: HKLM-x32 - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\coieplg.dll (Symantec Corporation)

Toolbar: HKCU - Norton Identity Safe Toolbar - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.6.0.27\coieplg.dll (Symantec Corporation)

Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)

Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

 

Chrome: 

=======

CHR Extension: (Google Wallet) - C:\Users\BRAUN_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0

CHR Extension: (Norton Identity Protection) - C:\Users\BRAUN_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob\2014.6.0.27_0

CHR Extension: (Scorpion Saver) - C:\Users\BRAUN_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\oclgomenfkljhfkfflghppidonpkljjg\5.0_0

CHR HKLM-x32\...\Chrome\Extension: [dknkjnkhedbanphkkpbpcgoblmkbfhlf] - C:\Users\braun_000\AppData\Local\CRE\dknkjnkhedbanphkkpbpcgoblmkbfhlf.crx

CHR HKLM-x32\...\Chrome\Extension: [fdjaenghjglkbehempndjkdhnkhpnpae] - C:\Users\braun_000\AppData\Local\CRE\fdjaenghjglkbehempndjkdhnkhpnpae.crx

CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\Exts\Chrome.crx

 

==================== Services (Whitelisted) =================

 

R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)

R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.0.1.213\AsusWSWinService.exe [71680 2013-06-26] ()

R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)

R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)

R2 Level Quality Watcher; C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe [512504 2013-11-25] ()

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

R2 NAV; C:\Program Files (x86)\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-20] (Symantec Corporation)

R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\NST.exe [129424 2013-10-05] (Symantec Corporation)

R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-09-17] (Microsoft Corporation)

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)

S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)

S2 HOSTS Anti-PUPs; C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe -update [x]

 

==================== Drivers (Whitelisted) ====================

 

S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)

R2 AdpeakWFP; C:\WINDOWS\system32\Drivers\AdpeakWFP64.sys [41624 2013-09-26] (Adpeak, Inc.)

R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [61824 2012-10-31] (ASUS Corporation)

S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-12] (Windows ® Win 7 DDK provider)

R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.4.0.40\Definitions\BASHDefs\20131114.001\BHDrvx64.sys [1524824 2013-10-22] (Symantec Corporation)

R1 ccSet_NAV; C:\Windows\system32\drivers\NAVx64\1404000.028\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)

R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DE06000.01B\ccSetx64.sys [162392 2013-09-27] (Symantec Corporation)

R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-21] (Symantec Corporation)

R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-21] (Symantec Corporation)

S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)

S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)

S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-09] (Intel Corporation)

R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.4.0.40\Definitions\IPSDefs\20131128.001\IDSvia64.sys [521816 2013-10-28] (Symantec Corporation)

R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-10-08] (Microsoft Corporation)

R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-01] ( )

S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)

S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [91352 2013-11-28] (Malwarebytes Corporation)

R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.4.0.40\Definitions\VirusDefs\20131128.002\ENG64.SYS [126040 2013-10-05] (Symantec Corporation)

R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.4.0.40\Definitions\VirusDefs\20131128.002\EX64.SYS [2099288 2013-10-05] (Symantec Corporation)

R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)

S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)

S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)

S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146272 2013-08-22] (Microsoft Corporation)

R3 SRTSP; C:\Windows\system32\drivers\NAVx64\1404000.028\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)

R1 SRTSPX; C:\Windows\system32\drivers\NAVx64\1404000.028\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation)

S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)

R0 SymDS; C:\Windows\System32\drivers\NAVx64\1404000.028\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)

R0 SymEFA; C:\Windows\System32\drivers\NAVx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)

S0 SymELAM; C:\Windows\System32\drivers\NAVx64\1404000.028\SymELAM.sys [23448 2013-03-04] (Symantec Corporation)

R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-07-14] (Symantec Corporation)

R1 SymIRON; C:\Windows\system32\drivers\NAVx64\1404000.028\Ironx64.SYS [224416 2013-03-04] (Symantec Corporation)

R1 SymNetS; C:\Windows\system32\drivers\NAVx64\1404000.028\SYMNETS.SYS [433752 2013-04-24] (Symantec Corporation)

S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)

S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)

U5 AppMgmt; C:\Windows\system32\svchost.exe [37768 2013-08-22] (Microsoft Corporation)

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2013-11-29 15:54 - 2013-11-29 15:54 - 00020348 _____ C:\Users\braun_000\Desktop\FRST.txt

2013-11-29 15:54 - 2013-11-29 15:54 - 00000000 ____D C:\FRST

2013-11-29 15:53 - 2013-11-29 15:53 - 01959024 _____ (Farbar) C:\Users\braun_000\Desktop\FRST64.exe

2013-11-29 15:52 - 2013-11-29 15:53 - 01959024 _____ (Farbar) C:\Users\braun_000\Downloads\FRST64.exe

2013-11-29 14:59 - 2013-11-29 14:59 - 01091882 _____ C:\Users\braun_000\Downloads\AdwCleaner.exe

2013-11-29 14:59 - 2013-11-29 14:59 - 01091882 _____ C:\Users\braun_000\Desktop\AdwCleaner.exe

2013-11-29 14:32 - 2013-11-29 14:31 - 00602112 _____ (OldTimer Tools) C:\Users\braun_000\Desktop\OTL.com

2013-11-29 14:31 - 2013-11-29 14:31 - 00602112 _____ (OldTimer Tools) C:\Users\braun_000\Downloads\OTL.com

2013-11-29 14:24 - 2013-11-29 15:49 - 00024336 _____ C:\WINDOWS\PFRO.log

2013-11-29 11:28 - 2013-09-26 09:50 - 00041624 _____ (Adpeak, Inc.) C:\WINDOWS\system32\Drivers\AdpeakWFP64.sys

2013-11-28 21:26 - 2013-11-28 21:27 - 00000000 ____D C:\Users\braun_000\Desktop\Naw lens

2013-11-28 01:07 - 2013-11-29 15:49 - 00096520 _____ C:\WINDOWS\WindowsUpdate.log

2013-11-28 00:52 - 2013-11-28 00:52 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys

2013-11-28 00:27 - 2013-11-28 00:27 - 00001282 _____ C:\Users\braun_000\Desktop\Revo Uninstaller.lnk

2013-11-28 00:27 - 2013-11-28 00:27 - 00000000 ____D C:\Program Files (x86)\VS Revo Group

2013-11-27 23:46 - 2013-11-27 23:46 - 00000000 ____D C:\_OTL

2013-11-27 22:58 - 2013-11-27 23:02 - 00000000 ___SD C:\32788R22FWJFW

2013-11-27 22:58 - 2013-11-27 22:58 - 00000000 ____D C:\WINDOWS\erdnt

2013-11-27 22:47 - 2013-11-27 22:47 - 00000000 ____D C:\WINDOWS\ERUNT

2013-11-27 22:38 - 2013-11-29 15:38 - 00000000 ____D C:\AdwCleaner

2013-11-27 21:41 - 2013-11-29 11:31 - 00003954 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{8BC29D55-8B22-423D-9419-78921CE71151}

2013-11-26 21:07 - 2013-11-26 21:07 - 00004056 _____ C:\{5B73D386-8221-4258-8C20-C75E621D73D5}

2013-11-26 21:00 - 2013-11-26 21:00 - 00003600 _____ C:\{B0E69CAD-75CA-4AD6-AD27-D25DE7190DCB}

2013-11-26 20:32 - 2013-11-26 20:32 - 00001123 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-11-26 20:32 - 2013-11-26 20:32 - 00000000 ____D C:\Users\braun_000\AppData\Roaming\Malwarebytes

2013-11-26 20:32 - 2013-11-26 20:32 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-11-26 20:32 - 2013-11-26 20:32 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-11-26 20:32 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys

2013-11-26 20:01 - 2013-11-26 20:01 - 00000000 ____D C:\Program Files\Level Quality Watcher

2013-11-25 00:13 - 2013-11-25 00:19 - 00000000 ____D C:\Users\braun_000\Downloads\old phone

2013-11-24 01:57 - 2013-11-25 00:15 - 00000000 ____D C:\Users\braun_000\Downloads\The Flash

2013-11-18 19:09 - 2013-11-18 19:09 - 10193337 _____ C:\Users\braun_000\Downloads\Spark-Volume-III-All-Other-Readers.epub

2013-11-17 08:15 - 2013-11-05 15:21 - 21196664 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll

2013-11-17 08:15 - 2013-11-05 13:51 - 18642504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll

2013-11-17 08:15 - 2013-11-05 11:20 - 13925888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll

2013-11-17 08:15 - 2013-11-05 11:11 - 18577408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll

2013-11-17 08:15 - 2013-11-05 09:30 - 11674112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll

2013-11-17 08:15 - 2013-11-05 09:29 - 13176320 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll

2013-11-17 08:15 - 2013-10-11 08:04 - 02570240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll

2013-11-17 08:15 - 2013-10-10 11:23 - 03395920 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll

2013-11-17 08:15 - 2013-10-10 06:26 - 02801664 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll

2013-11-17 08:15 - 2013-10-10 06:05 - 01019392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll

2013-11-17 08:15 - 2013-10-10 05:34 - 01085952 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll

2013-11-17 08:15 - 2013-10-10 05:27 - 00869888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll

2013-11-17 08:15 - 2013-10-07 02:21 - 07399256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe

2013-11-17 08:15 - 2013-10-06 21:13 - 03532288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll

2013-11-17 08:15 - 2013-10-05 02:39 - 06639616 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll

2013-11-17 08:15 - 2013-10-05 02:32 - 05769728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll

2013-11-17 08:14 - 2013-10-23 06:29 - 00044936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll

2013-11-17 08:14 - 2013-10-23 06:21 - 00155480 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbccgp.sys

2013-11-17 08:14 - 2013-10-23 06:13 - 00171864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kd_02_8086.dll

2013-11-17 08:14 - 2013-10-23 00:27 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll

2013-11-17 08:14 - 2013-10-23 00:09 - 04104704 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll

2013-11-17 08:14 - 2013-10-23 00:04 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll

2013-11-17 08:14 - 2013-10-22 23:55 - 00839680 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll

2013-11-17 08:14 - 2013-10-22 23:46 - 00700928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll

2013-11-17 08:14 - 2013-10-22 03:18 - 01287064 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll

2013-11-17 08:14 - 2013-10-22 02:55 - 02328872 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe

2013-11-17 08:14 - 2013-10-22 01:03 - 02065448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe

2013-11-17 08:14 - 2013-10-22 00:15 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\apphelp.dll

2013-11-17 08:14 - 2013-10-21 23:04 - 00618496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apphelp.dll

2013-11-17 08:14 - 2013-10-21 23:02 - 01036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll

2013-11-17 08:14 - 2013-10-21 22:56 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersShell.dll

2013-11-17 08:14 - 2013-10-21 22:44 - 00761856 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll

2013-11-17 08:14 - 2013-10-21 21:38 - 01362944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll

2013-11-17 08:14 - 2013-10-21 21:22 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll

2013-11-17 08:14 - 2013-10-21 21:13 - 01704448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll

2013-11-17 08:14 - 2013-10-21 21:07 - 02617344 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll

2013-11-17 08:14 - 2013-10-21 20:53 - 01584128 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll

2013-11-17 08:14 - 2013-10-21 20:47 - 02295808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll

2013-11-17 08:14 - 2013-10-19 04:13 - 01530200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys

2013-11-17 08:14 - 2013-10-19 03:51 - 00481392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll

2013-11-17 08:14 - 2013-10-19 02:12 - 00380656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll

2013-11-17 08:14 - 2013-10-19 01:24 - 04190720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys

2013-11-17 08:14 - 2013-10-18 23:48 - 00607744 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll

2013-11-17 08:14 - 2013-10-18 23:03 - 00531968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll

2013-11-17 08:14 - 2013-10-18 22:57 - 02143744 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll

2013-11-17 08:14 - 2013-10-18 22:28 - 01765376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll

2013-11-17 08:14 - 2013-10-18 22:26 - 01231360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll

2013-11-17 08:14 - 2013-10-18 22:14 - 00888832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll

2013-11-17 08:14 - 2013-10-17 10:42 - 01399176 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll

2013-11-17 08:14 - 2013-10-17 10:42 - 01373872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll

2013-11-17 08:14 - 2013-10-17 09:04 - 01204968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll

2013-11-17 08:14 - 2013-10-16 04:34 - 00518656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe

2013-11-17 08:14 - 2013-10-16 04:33 - 00631296 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe

2013-11-17 08:14 - 2013-10-12 22:06 - 00258904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdyboost.sys

2013-11-17 08:14 - 2013-10-12 21:43 - 00708616 _____ (Microsoft Corporation) C:\WINDOWS\system32\iuilp.dll

2013-11-17 08:14 - 2013-10-11 10:11 - 01843712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Display.dll

2013-11-17 08:14 - 2013-10-11 09:22 - 01816576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Display.dll

2013-11-17 08:14 - 2013-10-11 08:24 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll

2013-11-17 08:14 - 2013-10-11 08:03 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll

2013-11-17 08:14 - 2013-10-10 11:44 - 00031064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ploptin.dll

2013-11-17 08:14 - 2013-10-10 11:26 - 00317616 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll

2013-11-17 08:14 - 2013-10-10 11:26 - 00104320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll

2013-11-17 08:14 - 2013-10-10 09:53 - 00235960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll

2013-11-17 08:14 - 2013-10-10 09:53 - 00088272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll

2013-11-17 08:14 - 2013-10-10 06:53 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll

2013-11-17 08:14 - 2013-10-10 06:38 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll

2013-11-17 08:14 - 2013-10-10 06:21 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll

2013-11-17 08:14 - 2013-10-10 05:40 - 01302528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll

2013-11-17 08:14 - 2013-10-10 05:19 - 00922624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll

2013-11-17 08:14 - 2013-10-09 00:40 - 00385528 _____ C:\WINDOWS\system32\ApnDatabase.xml

2013-11-17 08:14 - 2013-10-08 06:07 - 00039768 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys

2013-11-17 08:14 - 2013-10-08 05:28 - 00523096 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys

2013-11-17 08:14 - 2013-10-08 05:13 - 02551640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys

2013-11-17 08:14 - 2013-10-08 01:46 - 00113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\shsetup.dll

2013-11-17 08:14 - 2013-10-08 00:58 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shsetup.dll

2013-11-17 08:14 - 2013-10-08 00:50 - 00656384 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll

2013-11-17 08:14 - 2013-10-08 00:48 - 00255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll

2013-11-17 08:14 - 2013-10-08 00:15 - 00492544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll

2013-11-17 08:14 - 2013-10-08 00:09 - 01160704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll

2013-11-17 08:14 - 2013-10-07 23:50 - 00903168 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll

2013-11-17 08:14 - 2013-10-07 23:50 - 00762368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll

2013-11-17 08:14 - 2013-10-07 02:21 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe

2013-11-17 08:14 - 2013-10-05 10:25 - 00371032 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys

2013-11-17 08:14 - 2013-10-05 10:25 - 00057176 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys

2013-11-17 08:14 - 2013-10-05 09:21 - 00699840 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10level9.dll

2013-11-17 08:14 - 2013-10-05 07:05 - 00578952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10level9.dll

2013-11-17 08:14 - 2013-10-05 06:01 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys

2013-11-17 08:14 - 2013-10-05 04:36 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe

2013-11-17 08:14 - 2013-10-05 04:18 - 01011712 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll

2013-11-17 08:14 - 2013-10-05 04:07 - 00830464 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll

2013-11-17 08:14 - 2013-10-05 03:56 - 01147904 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll

2013-11-17 08:14 - 2013-10-05 03:55 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\miutils.dll

2013-11-17 08:14 - 2013-10-05 03:40 - 00795648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll

2013-11-17 08:14 - 2013-10-05 03:24 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\miutils.dll

2013-11-17 08:14 - 2013-10-05 03:21 - 00920064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll

2013-11-17 08:14 - 2013-10-05 03:15 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcsvDevice.dll

2013-11-17 08:14 - 2013-10-05 02:43 - 00578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll

2013-11-17 08:14 - 2013-10-05 02:35 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll

2013-11-17 08:14 - 2013-10-04 03:10 - 00533504 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll

2013-11-17 08:14 - 2013-09-19 00:04 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll

2013-11-17 08:14 - 2013-09-17 04:06 - 01067080 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll

2013-11-17 08:14 - 2013-09-17 04:06 - 00465960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll

2013-11-17 08:14 - 2013-09-17 01:31 - 00883184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll

2013-11-17 08:14 - 2013-09-17 01:31 - 00326024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll

2013-11-17 08:14 - 2013-09-16 23:37 - 00092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll

2013-11-17 08:14 - 2013-09-14 09:07 - 02134120 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll

2013-11-17 08:14 - 2013-09-14 09:00 - 00391512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsmf.dll

2013-11-17 08:14 - 2013-09-14 07:39 - 01799944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll

2013-11-17 08:14 - 2013-09-14 07:33 - 00345552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsmf.dll

2013-11-17 08:14 - 2013-09-14 05:05 - 00338944 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpclip.exe

2013-11-17 08:14 - 2013-09-14 04:11 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll

2013-11-17 08:14 - 2013-09-13 03:22 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ftp.exe

2013-11-17 08:14 - 2013-09-13 02:47 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ftp.exe

2013-11-17 08:14 - 2013-09-12 03:45 - 00101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappgnui.dll

2013-11-17 08:14 - 2013-09-12 03:08 - 00325120 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapp3hst.dll

2013-11-17 08:14 - 2013-09-12 03:08 - 00103424 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll

2013-11-17 08:14 - 2013-09-12 03:02 - 00093184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappgnui.dll

2013-11-17 08:14 - 2013-09-12 02:44 - 00331776 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapphost.dll

2013-11-17 08:14 - 2013-09-12 02:37 - 00245248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapp3hst.dll

2013-11-17 08:14 - 2013-09-12 02:37 - 00184832 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafWfdProvider.dll

2013-11-17 08:14 - 2013-09-12 02:21 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapphost.dll

2013-11-17 08:14 - 2013-09-12 02:16 - 00335360 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappcfg.dll

2013-11-17 08:14 - 2013-09-12 02:01 - 00272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappcfg.dll

2013-11-17 08:14 - 2013-09-11 07:46 - 00325464 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS

2013-11-17 08:14 - 2013-09-10 00:26 - 04599808 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll

2013-11-17 08:14 - 2013-09-09 23:52 - 00132608 _____ (Microsoft Corporation) C:\WINDOWS\system32\msched.dll

2013-11-17 08:14 - 2013-09-09 23:34 - 03934208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll

2013-11-14 20:37 - 2013-10-19 03:08 - 23212544 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll

2013-11-14 20:37 - 2013-10-19 01:37 - 17142784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll

2013-11-14 20:37 - 2013-10-19 01:02 - 02764288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll

2013-11-14 20:37 - 2013-10-19 00:37 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe

2013-11-14 20:37 - 2013-10-19 00:19 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe

2013-11-14 20:37 - 2013-10-19 00:10 - 05765120 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll

2013-11-14 20:37 - 2013-10-18 23:52 - 02166272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll

2013-11-14 20:37 - 2013-10-18 23:44 - 04240384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll

2013-11-14 20:37 - 2013-10-18 23:37 - 12995584 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll

2013-11-14 20:37 - 2013-10-18 23:31 - 01993728 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl

2013-11-14 20:37 - 2013-10-18 22:56 - 11220992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll

2013-11-14 20:37 - 2013-10-18 22:55 - 01926656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl

2013-11-14 20:37 - 2013-10-18 22:53 - 02332160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll

2013-11-14 20:37 - 2013-10-18 22:23 - 01394176 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll

2013-11-14 20:37 - 2013-10-18 22:09 - 01818112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll

2013-11-14 20:37 - 2013-10-18 22:02 - 01156608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll

2013-11-14 20:37 - 2013-10-12 21:48 - 00136536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys

2013-11-14 20:37 - 2013-10-12 16:48 - 00828416 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL

2013-11-14 20:37 - 2013-10-12 16:34 - 01104384 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL

2013-11-14 20:37 - 2013-10-05 09:21 - 01341288 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll

2013-11-14 20:37 - 2013-10-05 03:39 - 01067008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll

2013-11-14 20:36 - 2013-10-16 10:58 - 01943536 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll

2013-11-14 20:36 - 2013-10-16 08:54 - 01581968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll

2013-11-12 02:25 - 2013-11-17 19:37 - 00000000 ___DC C:\WINDOWS\Panther

2013-11-12 02:25 - 2013-11-12 02:25 - 00000000 __SHD C:\Recovery

2013-11-12 02:23 - 2013-11-12 02:23 - 00872840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll

2013-11-12 02:23 - 2013-11-12 02:23 - 00698232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll

2013-11-12 02:22 - 2013-11-12 02:22 - 02140888 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll

2013-11-12 02:22 - 2013-11-12 02:22 - 01765384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll

2013-11-12 02:22 - 2013-11-12 02:22 - 01286552 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll

2013-11-12 02:22 - 2013-11-12 02:22 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll

2013-11-12 02:22 - 2013-11-12 02:22 - 01018960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll

2013-11-12 02:22 - 2013-11-12 02:22 - 00977408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll

2013-11-12 02:22 - 2013-11-12 02:22 - 00516496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll

2013-11-12 02:22 - 2013-11-12 02:22 - 00406400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll

2013-11-12 02:22 - 2013-11-12 02:22 - 00382808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys

2013-11-12 02:22 - 2013-11-12 02:22 - 00294400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll

2013-11-12 02:22 - 2013-11-12 02:22 - 00262144 _____ C:\WINDOWS\system32\config\userdiff

2013-11-12 02:22 - 2013-11-12 02:22 - 00225792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll

2013-11-12 02:20 - 2013-11-12 02:20 - 00000000 ____D C:\Program Files\Reference Assemblies

2013-11-12 02:20 - 2013-11-12 02:20 - 00000000 ____D C:\Program Files\MSBuild

2013-11-12 02:20 - 2013-11-12 02:20 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies

2013-11-12 02:20 - 2013-11-11 23:36 - 00000000 ____D C:\Program Files (x86)\MSBuild

2013-11-12 02:20 - 2013-08-02 23:48 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll

2013-11-12 02:20 - 2013-08-02 23:48 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll

2013-11-12 02:20 - 2013-08-02 23:48 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe

2013-11-12 02:20 - 2013-08-02 23:41 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll

2013-11-12 02:20 - 2013-08-02 23:41 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll

2013-11-12 02:20 - 2013-08-02 23:41 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe

2013-11-12 01:02 - 2013-11-12 01:02 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton AntiVirus

2013-11-12 00:58 - 2013-11-29 15:51 - 00000000 __RDO C:\Users\braun_000\SkyDrive

2013-11-12 00:54 - 2013-11-12 00:54 - 00001444 _____ C:\Users\braun_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2013-11-12 00:53 - 2013-11-12 00:53 - 00000020 ___SH C:\Users\braun_000\ntuser.ini

2013-11-11 23:44 - 2013-11-11 23:44 - 00022744 _____ C:\WINDOWS\system32\emptyregdb.dat

2013-11-11 23:36 - 2013-11-11 23:36 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help

2013-11-11 23:36 - 2013-11-11 23:36 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help

2013-11-11 23:32 - 2013-11-11 23:32 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate

2013-11-11 23:31 - 2013-11-29 14:23 - 00000000 ____D C:\Users\braun_000

2013-11-11 23:31 - 2013-11-11 23:44 - 00026673 _____ C:\WINDOWS\diagwrn.xml

2013-11-11 23:31 - 2013-11-11 23:44 - 00026673 _____ C:\WINDOWS\diagerr.xml

2013-11-11 23:31 - 2013-11-11 23:32 - 00000000 ___RD C:\Users\braun_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools

2013-11-11 23:31 - 2013-08-22 10:36 - 00000000 ___RD C:\Users\braun_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

2013-11-11 23:31 - 2013-08-22 10:36 - 00000000 ___RD C:\Users\braun_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility

2013-11-11 23:31 - 2013-08-22 10:36 - 00000000 ____D C:\Users\braun_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

2013-11-11 23:27 - 2013-11-11 23:34 - 00000000 ____D C:\Program Files (x86)\Intel

2013-11-11 23:27 - 2013-11-11 23:27 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM

2013-11-11 23:27 - 2013-11-11 23:27 - 00000000 ____D C:\Program Files\Realtek

2013-11-10 18:21 - 2013-11-10 18:21 - 00002576 _____ C:\{8E315CD1-7ECB-467B-9FAA-F8DB7F751AB2}

2013-11-10 16:21 - 2013-11-10 16:21 - 00000021 _____ C:\Users\braun_000\AppData\Roaming\my_intel.sys

2013-11-10 13:54 - 2013-11-10 13:54 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_WinUSB_01007.Wdf

2013-11-10 13:52 - 2013-11-10 13:52 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf

2013-11-04 15:13 - 2013-11-04 15:14 - 00000000 ____D C:\Users\braun_000\AppData\Local\Citrix

2013-11-04 15:13 - 2013-11-04 15:14 - 00000000 ____D C:\ProgramData\Citrix

2013-11-04 15:13 - 2013-11-04 15:14 - 00000000 ____D C:\Program Files (x86)\Citrix

2013-11-04 15:13 - 2013-11-04 15:13 - 00000000 ____D C:\Users\braun_000\AppData\Roaming\ICAClient

 

==================== One Month Modified Files and Folders =======

 

2013-11-29 15:54 - 2013-11-29 15:54 - 00020348 _____ C:\Users\braun_000\Desktop\FRST.txt

2013-11-29 15:54 - 2013-11-29 15:54 - 00000000 ____D C:\FRST

2013-11-29 15:53 - 2013-11-29 15:53 - 01959024 _____ (Farbar) C:\Users\braun_000\Desktop\FRST64.exe

2013-11-29 15:53 - 2013-11-29 15:52 - 01959024 _____ (Farbar) C:\Users\braun_000\Downloads\FRST64.exe

2013-11-29 15:52 - 2013-07-15 07:06 - 00002205 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2013-11-29 15:51 - 2013-11-12 00:58 - 00000000 __RDO C:\Users\braun_000\SkyDrive

2013-11-29 15:51 - 2013-08-17 20:51 - 00000000 ____D C:\Users\braun_000\AppData\Local\CrashDumps

2013-11-29 15:51 - 2013-07-31 20:32 - 00000000 ____D C:\Users\braun_000\AppData\Roaming\Dropbox

2013-11-29 15:50 - 2013-07-31 20:35 - 00000000 ___RD C:\Users\braun_000\Dropbox

2013-11-29 15:50 - 2013-07-15 07:05 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2013-11-29 15:50 - 2013-07-14 22:10 - 00000408 _____ C:\Users\braun_000\AppData\Roaming\sp_data.sys

2013-11-29 15:50 - 2012-12-19 18:46 - 00000868 _____ C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job

2013-11-29 15:49 - 2013-11-29 14:24 - 00024336 _____ C:\WINDOWS\PFRO.log

2013-11-29 15:49 - 2013-11-28 01:07 - 00096520 _____ C:\WINDOWS\WindowsUpdate.log

2013-11-29 15:49 - 2013-08-22 09:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT

2013-11-29 15:49 - 2013-08-22 08:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI

2013-11-29 15:46 - 2013-07-14 22:18 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-251038213-2808898551-1881861744-1001

2013-11-29 15:38 - 2013-11-27 22:38 - 00000000 ____D C:\AdwCleaner

2013-11-29 15:27 - 2013-08-24 18:17 - 00000948 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-251038213-2808898551-1881861744-1001UA.job

2013-11-29 15:20 - 2013-07-15 07:05 - 00000928 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2013-11-29 15:09 - 2013-09-29 23:04 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI

2013-11-29 15:02 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\sru

2013-11-29 14:59 - 2013-11-29 14:59 - 01091882 _____ C:\Users\braun_000\Downloads\AdwCleaner.exe

2013-11-29 14:59 - 2013-11-29 14:59 - 01091882 _____ C:\Users\braun_000\Desktop\AdwCleaner.exe

2013-11-29 14:31 - 2013-11-29 14:32 - 00602112 _____ (OldTimer Tools) C:\Users\braun_000\Desktop\OTL.com

2013-11-29 14:31 - 2013-11-29 14:31 - 00602112 _____ (OldTimer Tools) C:\Users\braun_000\Downloads\OTL.com

2013-11-29 14:23 - 2013-11-11 23:31 - 00000000 ____D C:\Users\braun_000

2013-11-29 11:31 - 2013-11-27 21:41 - 00003954 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{8BC29D55-8B22-423D-9419-78921CE71151}

2013-11-28 21:27 - 2013-11-28 21:26 - 00000000 ____D C:\Users\braun_000\Desktop\Naw lens

2013-11-28 21:15 - 2013-07-15 07:05 - 00003900 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA

2013-11-28 21:15 - 2013-07-15 07:05 - 00003664 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore

2013-11-28 11:01 - 2012-12-19 18:46 - 00000870 _____ C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job

2013-11-28 10:27 - 2013-08-24 18:17 - 00000896 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-251038213-2808898551-1881861744-1001Core.job

2013-11-28 00:52 - 2013-11-28 00:52 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys

2013-11-28 00:27 - 2013-11-28 00:27 - 00001282 _____ C:\Users\braun_000\Desktop\Revo Uninstaller.lnk

2013-11-28 00:27 - 2013-11-28 00:27 - 00000000 ____D C:\Program Files (x86)\VS Revo Group

2013-11-27 23:46 - 2013-11-27 23:46 - 00000000 ____D C:\_OTL

2013-11-27 23:02 - 2013-11-27 22:58 - 00000000 ___SD C:\32788R22FWJFW

2013-11-27 22:58 - 2013-11-27 22:58 - 00000000 ____D C:\WINDOWS\erdnt

2013-11-27 22:47 - 2013-11-27 22:47 - 00000000 ____D C:\WINDOWS\ERUNT

2013-11-27 15:40 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\AppReadiness

2013-11-27 13:08 - 2013-10-29 13:58 - 00000000 ____D C:\Users\braun_000\Downloads\Superior Spider-Man (2013)

2013-11-26 21:41 - 2013-07-15 11:36 - 00000000 ____D C:\Users\braun_000\AppData\Roaming\BitTorrent

2013-11-26 21:39 - 2013-08-22 08:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM

2013-11-26 21:07 - 2013-11-26 21:07 - 00004056 _____ C:\{5B73D386-8221-4258-8C20-C75E621D73D5}

2013-11-26 21:00 - 2013-11-26 21:00 - 00003600 _____ C:\{B0E69CAD-75CA-4AD6-AD27-D25DE7190DCB}

2013-11-26 20:32 - 2013-11-26 20:32 - 00001123 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-11-26 20:32 - 2013-11-26 20:32 - 00000000 ____D C:\Users\braun_000\AppData\Roaming\Malwarebytes

2013-11-26 20:32 - 2013-11-26 20:32 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-11-26 20:32 - 2013-11-26 20:32 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-11-26 20:01 - 2013-11-26 20:01 - 00000000 ____D C:\Program Files\Level Quality Watcher

2013-11-25 00:19 - 2013-11-25 00:13 - 00000000 ____D C:\Users\braun_000\Downloads\old phone

2013-11-25 00:15 - 2013-11-24 01:57 - 00000000 ____D C:\Users\braun_000\Downloads\The Flash

2013-11-24 23:16 - 2013-07-15 06:39 - 00000000 ____D C:\Users\braun_000\Desktop\UNION COMICS

2013-11-22 00:37 - 2013-07-19 19:37 - 00000000 ____D C:\Users\braun_000\AppData\Roaming\Spotify

2013-11-21 23:23 - 2013-07-19 19:38 - 00000000 ____D C:\Users\braun_000\AppData\Local\Spotify

2013-11-18 19:13 - 2013-07-14 22:07 - 00000000 ____D C:\Users\braun_000\AppData\Local\Packages

2013-11-18 19:09 - 2013-11-18 19:09 - 10193337 _____ C:\Users\braun_000\Downloads\Spark-Volume-III-All-Other-Readers.epub

2013-11-18 15:12 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\rescache

2013-11-17 20:34 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\NDF

2013-11-17 20:12 - 2013-07-14 22:10 - 00000000 ___RD C:\Users\braun_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2013-11-17 20:12 - 2013-07-14 22:10 - 00000000 ___RD C:\Users\braun_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

2013-11-17 20:10 - 2013-08-22 09:44 - 00508952 _____ C:\WINDOWS\system32\FNTCACHE.DAT

2013-11-17 20:09 - 2012-07-26 03:12 - 00000000 ___HD C:\WINDOWS\ELAMBKUP

2013-11-17 20:08 - 2013-08-22 10:36 - 00000000 ___RD C:\WINDOWS\ToastData

2013-11-17 20:08 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\WinStore

2013-11-17 20:08 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\migwiz

2013-11-17 20:08 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions

2013-11-17 19:37 - 2013-11-12 02:25 - 00000000 ___DC C:\WINDOWS\Panther

2013-11-15 21:03 - 2013-09-26 01:02 - 00000000 ____D C:\ProgramData\Microsoft Help

2013-11-15 21:02 - 2013-07-20 13:37 - 00000000 ____D C:\Program Files\Microsoft Office 15

2013-11-14 23:43 - 2013-08-05 23:23 - 00000000 ____D C:\WINDOWS\system32\MRT

2013-11-14 23:41 - 2013-07-16 00:34 - 82896128 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2013-11-12 17:29 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\restore

2013-11-12 02:25 - 2013-11-12 02:25 - 00000000 __SHD C:\Recovery

2013-11-12 02:24 - 2013-08-22 10:36 - 00262144 _____ C:\WINDOWS\system32\config\BCD-Template

2013-11-12 02:23 - 2013-11-12 02:23 - 00872840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll

2013-11-12 02:23 - 2013-11-12 02:23 - 00698232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll

2013-11-12 02:22 - 2013-11-12 02:22 - 02140888 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll

2013-11-12 02:22 - 2013-11-12 02:22 - 01765384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll

2013-11-12 02:22 - 2013-11-12 02:22 - 01286552 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll

2013-11-12 02:22 - 2013-11-12 02:22 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll

2013-11-12 02:22 - 2013-11-12 02:22 - 01018960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll

2013-11-12 02:22 - 2013-11-12 02:22 - 00977408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll

2013-11-12 02:22 - 2013-11-12 02:22 - 00516496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll

2013-11-12 02:22 - 2013-11-12 02:22 - 00406400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll

2013-11-12 02:22 - 2013-11-12 02:22 - 00382808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys

2013-11-12 02:22 - 2013-11-12 02:22 - 00294400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll

2013-11-12 02:22 - 2013-11-12 02:22 - 00262144 _____ C:\WINDOWS\system32\config\userdiff

2013-11-12 02:22 - 2013-11-12 02:22 - 00225792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll

2013-11-12 02:22 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\Camera

2013-11-12 02:20 - 2013-11-12 02:20 - 00000000 ____D C:\Program Files\Reference Assemblies

2013-11-12 02:20 - 2013-11-12 02:20 - 00000000 ____D C:\Program Files\MSBuild

2013-11-12 02:20 - 2013-11-12 02:20 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies

2013-11-12 01:02 - 2013-11-12 01:02 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton AntiVirus

2013-11-12 00:58 - 2013-07-20 13:53 - 00000000 ___RD C:\Users\braun_000\SkyDrive.old

2013-11-12 00:54 - 2013-11-12 00:54 - 00001444 _____ C:\Users\braun_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2013-11-12 00:53 - 2013-11-12 00:53 - 00000020 ___SH C:\Users\braun_000\ntuser.ini

2013-11-12 00:53 - 2013-07-14 22:51 - 00003218 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration

2013-11-11 23:45 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\Registration

2013-11-11 23:44 - 2013-11-11 23:44 - 00022744 _____ C:\WINDOWS\system32\emptyregdb.dat

2013-11-11 23:44 - 2013-11-11 23:31 - 00026673 _____ C:\WINDOWS\diagwrn.xml

2013-11-11 23:44 - 2013-11-11 23:31 - 00026673 _____ C:\WINDOWS\diagerr.xml

2013-11-11 23:41 - 2013-08-22 10:36 - 00000000 __RSD C:\WINDOWS\Media

2013-11-11 23:41 - 2013-08-22 10:36 - 00000000 __RHD C:\Users\Public\Libraries

2013-11-11 23:36 - 2013-11-12 02:20 - 00000000 ____D C:\Program Files (x86)\MSBuild

2013-11-11 23:36 - 2013-11-11 23:36 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help

2013-11-11 23:36 - 2013-11-11 23:36 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help

2013-11-11 23:36 - 2013-09-29 22:51 - 00000000 ____D C:\WINDOWS\ShellNew

2013-11-11 23:36 - 2013-09-17 20:21 - 00000000 ____D C:\Users\braun_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR

2013-11-11 23:36 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\Sysprep

2013-11-11 23:36 - 2013-07-31 20:33 - 00000000 ____D C:\Users\braun_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

2013-11-11 23:36 - 2012-07-26 00:37 - 00000000 ____D C:\Users\Default.migrated

2013-11-11 23:35 - 2013-09-29 22:48 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN

2013-11-11 23:35 - 2013-09-29 22:48 - 00000000 ____D C:\WINDOWS\SysWOW64\sysprep

2013-11-11 23:35 - 2013-09-29 22:48 - 00000000 ____D C:\WINDOWS\system32\WCN

2013-11-11 23:35 - 2013-08-22 10:43 - 00000000 ____D C:\WINDOWS\DigitalLocker

2013-11-11 23:35 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI

2013-11-11 23:35 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\SysWOW64\migwiz

2013-11-11 23:35 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\SysWOW64\IME

2013-11-11 23:35 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns

2013-11-11 23:35 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\spool

2013-11-11 23:35 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\MUI

2013-11-11 23:35 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\IME

2013-11-11 23:35 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\IME

2013-11-11 23:35 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\Help

2013-11-11 23:35 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\SysWOW64\SMI

2013-11-11 23:35 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\oobe

2013-11-11 23:35 - 2012-12-19 18:48 - 00000000 ____D C:\WINDOWS\SysWOW64\sda

2013-11-11 23:35 - 2012-08-01 20:24 - 00000000 ____D C:\ProgramData\PRICache

2013-11-11 23:34 - 2013-11-11 23:27 - 00000000 ____D C:\Program Files (x86)\Intel

2013-11-11 23:34 - 2013-08-22 10:36 - 00000000 __SHD C:\Program Files\Windows Sidebar

2013-11-11 23:34 - 2013-08-22 10:36 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar

2013-11-11 23:34 - 2013-08-22 10:36 - 00000000 ____D C:\Program Files\Common Files\System

2013-11-11 23:34 - 2013-08-22 10:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared

2013-11-11 23:32 - 2013-11-11 23:32 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate

2013-11-11 23:32 - 2013-11-11 23:31 - 00000000 ___RD C:\Users\braun_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools

2013-11-11 23:32 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\Recovery

2013-11-11 23:27 - 2013-11-11 23:27 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM

2013-11-11 23:27 - 2013-11-11 23:27 - 00000000 ____D C:\Program Files\Realtek

2013-11-11 23:26 - 2013-08-22 08:36 - 00000000 __RHD C:\Users\Default

2013-11-11 22:20 - 2012-07-26 03:12 - 00000000 ____D C:\WINDOWS\AUInstallAgent

2013-11-11 21:28 - 2013-07-15 11:37 - 00000000 ____D C:\Users\braun_000\AppData\Roaming\Mozilla

2013-11-10 18:21 - 2013-11-10 18:21 - 00002576 _____ C:\{8E315CD1-7ECB-467B-9FAA-F8DB7F751AB2}

2013-11-10 16:21 - 2013-11-10 16:21 - 00000021 _____ C:\Users\braun_000\AppData\Roaming\my_intel.sys

2013-11-10 13:54 - 2013-11-10 13:54 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_WinUSB_01007.Wdf

2013-11-10 13:52 - 2013-11-10 13:52 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf

2013-11-08 17:47 - 2013-09-23 21:24 - 00000000 ____D C:\Users\braun_000\Desktop\CoC

2013-11-05 18:31 - 2013-08-22 10:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe

2013-11-05 18:31 - 2013-08-22 10:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

2013-11-05 15:21 - 2013-11-17 08:15 - 21196664 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll

2013-11-05 13:51 - 2013-11-17 08:15 - 18642504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll

2013-11-05 11:20 - 2013-11-17 08:15 - 13925888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll

2013-11-05 11:11 - 2013-11-17 08:15 - 18577408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll

2013-11-05 09:30 - 2013-11-17 08:15 - 11674112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll

2013-11-05 09:29 - 2013-11-17 08:15 - 13176320 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll

2013-11-04 15:14 - 2013-11-04 15:13 - 00000000 ____D C:\Users\braun_000\AppData\Local\Citrix

2013-11-04 15:14 - 2013-11-04 15:13 - 00000000 ____D C:\ProgramData\Citrix

2013-11-04 15:14 - 2013-11-04 15:13 - 00000000 ____D C:\Program Files (x86)\Citrix

2013-11-04 15:13 - 2013-11-04 15:13 - 00000000 ____D C:\Users\braun_000\AppData\Roaming\ICAClient

 

Some content of TEMP:

====================

C:\Users\braun_000\AppData\Local\Temp\Quarantine.exe

 

 

==================== Bamital & volsnap Check =================

 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

 

LastRegBack: 2013-11-29 15:22

 

==================== End Of Log ============================

 

thanks MrC...i'm not sure how to attach the other file tho

[MrCharlie]

To attach a log:

Bottom right corner of this page.

New window that comes up.

MrC

[thedemogoblin]

ah...thanks! here it is

Addition.txt

[MrCharlie]

Download the attached fixlist.txt to the same folder as FRST.

Run FRST.exe and click Fix only once and wait

The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

Then......

Re-scan with AdwCleaner and Malwarebytes.

That should clear it all out.

Let me know...MrC

[thedemogoblin]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-11-2013

Ran by braun_000 at 2013-11-29 16:19:54 Run:1

Running from C:\Users\braun_000\Desktop

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe

CHR Extension: (Scorpion Saver) - C:\Users\BRAUN_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\oclgomenfkljhfkfflghppidonpkljjg\5.0_0

R2 Level Quality Watcher; C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe [512504 2013-11-25] ()

R2 AdpeakWFP; C:\WINDOWS\system32\Drivers\AdpeakWFP64.sys [41624 2013-09-26] (Adpeak, Inc.)

C:\WINDOWS\system32\Drivers\AdpeakWFP64.sys

C:\Program Files\Level Quality Watcher

 

*****************

 

C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe => Moved successfully.

C:\Users\BRAUN_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\oclgomenfkljhfkfflghppidonpkljjg => Moved successfully.

Level Quality Watcher => Service deleted successfully.

AdpeakWFP => Service deleted successfully.

C:\WINDOWS\system32\Drivers\AdpeakWFP64.sys => Moved successfully.

C:\Program Files\Level Quality Watcher => Moved successfully.

 

 

The system needs a manual reboot. 

 

==== End of Fixlog ====

[thedemogoblin]

when I try to delete scorpionsaver from my programs list i get this attached message

[MrCharlie]

I didn't ask you to do that, re-scan with AdwCleaner and Malwarebytes.

MrC

[thedemogoblin]

yeah, sorry i did that. This was just a thing from earlier before you started helping me I rescanned and they didnt find anything

[MrCharlie]

Next.......

Please download SystemLook from the link below and save it to your Desktop.

http://jpshortstuff.247fixes.com/SystemLook_x64.exe

• Double-click SystemLook.exe to run it.
• Copy the content of the following codebox into the main textfield:

  :regfindScorpionSaver 

• Click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

MrC

[thedemogoblin]

here it is:

 

SystemLook 30.07.11 by jpshortstuff

Log created at 16:44 on 29/11/2013 by braun_000

Administrator - Elevation successful

 

========== regfind ==========

 

Searching for "ScorpionSaver "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{ED721A76-8160-4DA0-A18E-7FD7C4574774}\1.0\0\win32]

@="c:\Program Files\ScorpionSaver Services\AdpeakProxy.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{ED721A76-8160-4DA0-A18E-7FD7C4574774}\1.0\HELPDIR]

@="c:\Program Files\ScorpionSaver Services"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{ED721A76-8160-4DA0-A18E-7FD7C4574774}\1.0\0\win32]

@="c:\Program Files\ScorpionSaver Services\AdpeakProxy.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{ED721A76-8160-4DA0-A18E-7FD7C4574774}\1.0\HELPDIR]

@="c:\Program Files\ScorpionSaver Services"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Adpeak, Inc.\ScorpionSaver Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{ED721A76-8160-4DA0-A18E-7FD7C4574774}\1.0\0\win32]

@="c:\Program Files\ScorpionSaver Services\AdpeakProxy.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{ED721A76-8160-4DA0-A18E-7FD7C4574774}\1.0\HELPDIR]

@="c:\Program Files\ScorpionSaver Services"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\AppId_Catalog\049970F0]

"AppFullPath"="c:\Program Files\ScorpionSaver Services\AdpeakProxy.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\AppId_Catalog\049970F0]

"AppFullPath"="c:\Program Files\ScorpionSaver Services\AdpeakProxy.exe"

 

-= EOF =-

[MrCharlie]

I'm not seeing what I'm looking for, run it again with this code:
 

:regfindScorpion

MrC

[thedemogoblin]

SystemLook 30.07.11 by jpshortstuff

Log created at 16:52 on 29/11/2013 by braun_000

Administrator - Elevation successful

 

========== regfind ==========

 

Searching for "Scorpion"

[HKEY_CURRENT_USER\Software\Adpeak, Inc.\ScorpionSaver]

[HKEY_CURRENT_USER\Software\AppDataLow\Software\ScorpionSaver]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\3A9F56B942D9A2546BFE41756DE52495]

"ProductName"="ScorpionSaver"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\3A9F56B942D9A2546BFE41756DE52495\SourceList]

"PackageName"="ScorpionSaver.msi"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SOFTWARE\Wow6432Node\CLSID\422332B5]

@="ScorpionSaver"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SOFTWARE\Wow6432Node\CLSID\422332B5\InProcServer32]

@="C:\Program Files(x86)\ScorpionSaver\IECore.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{ED721A76-8160-4DA0-A18E-7FD7C4574774}\1.0\0\win32]

@="c:\Program Files\ScorpionSaver Services\AdpeakProxy.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{ED721A76-8160-4DA0-A18E-7FD7C4574774}\1.0\HELPDIR]

@="c:\Program Files\ScorpionSaver Services"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{ED721A76-8160-4DA0-A18E-7FD7C4574774}\1.0\0\win32]

@="c:\Program Files\ScorpionSaver Services\AdpeakProxy.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{ED721A76-8160-4DA0-A18E-7FD7C4574774}\1.0\HELPDIR]

@="c:\Program Files\ScorpionSaver Services"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]

"c:\Program Files (x86)\ScorpionSaver\"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1C19AC53289098045B06B0DD1D37CBAB]

"3A9F56B942D9A2546BFE41756DE52495"="c:\Program Files (x86)\ScorpionSaver\ff_bootstrap.js"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23D9E9D21B4E77E41B9F50DD22F24E20]

"3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23EEA1F105A7F45449974D9B95E7AC89]

"3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\26982796A8AFD1246B95E00265A95BF9]

"3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\42D92D0D75AFEF74297E03876C8D9D33]

"3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50FFE845C555A6E4BADB7CB7A145BFEB]

"3A9F56B942D9A2546BFE41756DE52495"="c:\Program Files (x86)\ScorpionSaver\SendJson.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\715A3348920B6534690067594BB69F60]

"3A9F56B942D9A2546BFE41756DE52495"="c:\Program Files (x86)\ScorpionSaver\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7B7B13B037A7C2A42AC3E3EAF14D7107]

"3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7D05B2942E9CC80499F397F6114DFB35]

"3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8591B8948E1C4A04F90505B3CDEE8555]

"3A9F56B942D9A2546BFE41756DE52495"="c:\Program Files (x86)\ScorpionSaver\CustomActionInstall"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8D841C5FEC311624CB88D49DB3884FA7]

"3A9F56B942D9A2546BFE41756DE52495"="c:\Program Files (x86)\ScorpionSaver\IECore.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AD746BF3B3B3FD8409B86604BA85982A]

"3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F355F0DB7A2E3A14B8E7A568FBA25937]

"3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3A9F56B942D9A2546BFE41756DE52495\InstallProperties]

"DisplayName"="ScorpionSaver"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Adpeak, Inc.\ScorpionSaver Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9B65F9A3-9D24-452A-B6EF-1457D65E4259}]

"DisplayName"="ScorpionSaver"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{ED721A76-8160-4DA0-A18E-7FD7C4574774}\1.0\0\win32]

@="c:\Program Files\ScorpionSaver Services\AdpeakProxy.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{ED721A76-8160-4DA0-A18E-7FD7C4574774}\1.0\HELPDIR]

@="c:\Program Files\ScorpionSaver Services"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\AppId_Catalog\049970F0]

"AppFullPath"="c:\Program Files\ScorpionSaver Services\AdpeakProxy.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\AppId_Catalog\049970F0]

"AppFullPath"="c:\Program Files\ScorpionSaver Services\AdpeakProxy.exe"

[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Scorpion Saver]

[HKEY_USERS\S-1-5-21-251038213-2808898551-1881861744-1001\Software\Adpeak, Inc.\ScorpionSaver]

[HKEY_USERS\S-1-5-21-251038213-2808898551-1881861744-1001\Software\AppDataLow\Software\ScorpionSaver]

[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Scorpion Saver]

 

-= EOF =-

[MrCharlie]

OK, download and unzip the attached sc.zip (sc.reg)

Now double click on it and allow it to merge into the registry.

Reboot and it should be gone from you add/remove programs.

let me know...MrC

[thedemogoblin]

it's still showing up in my add/remove programs...

[MrCharlie]

Re-scan using the same code.

MrC

[thedemogoblin]

SystemLook 30.07.11 by jpshortstuff

Log created at 17:36 on 29/11/2013 by braun_000

Administrator - Elevation successful

 

========== regfind ==========

 

Searching for "Scorpion"

[HKEY_CURRENT_USER\Software\Adpeak, Inc.\ScorpionSaver]

[HKEY_CURRENT_USER\Software\AppDataLow\Software\ScorpionSaver]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\3A9F56B942D9A2546BFE41756DE52495]

"ProductName"="ScorpionSaver"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\3A9F56B942D9A2546BFE41756DE52495\SourceList]

"PackageName"="ScorpionSaver.msi"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SOFTWARE\Wow6432Node\CLSID\422332B5]

@="ScorpionSaver"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SOFTWARE\Wow6432Node\CLSID\422332B5\InProcServer32]

@="C:\Program Files(x86)\ScorpionSaver\IECore.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{ED721A76-8160-4DA0-A18E-7FD7C4574774}\1.0\0\win32]

@="c:\Program Files\ScorpionSaver Services\AdpeakProxy.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{ED721A76-8160-4DA0-A18E-7FD7C4574774}\1.0\HELPDIR]

@="c:\Program Files\ScorpionSaver Services"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{ED721A76-8160-4DA0-A18E-7FD7C4574774}\1.0\0\win32]

@="c:\Program Files\ScorpionSaver Services\AdpeakProxy.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{ED721A76-8160-4DA0-A18E-7FD7C4574774}\1.0\HELPDIR]

@="c:\Program Files\ScorpionSaver Services"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]

"c:\Program Files (x86)\ScorpionSaver\"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1C19AC53289098045B06B0DD1D37CBAB]

"3A9F56B942D9A2546BFE41756DE52495"="c:\Program Files (x86)\ScorpionSaver\ff_bootstrap.js"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23D9E9D21B4E77E41B9F50DD22F24E20]

"3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23EEA1F105A7F45449974D9B95E7AC89]

"3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\26982796A8AFD1246B95E00265A95BF9]

"3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\42D92D0D75AFEF74297E03876C8D9D33]

"3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50FFE845C555A6E4BADB7CB7A145BFEB]

"3A9F56B942D9A2546BFE41756DE52495"="c:\Program Files (x86)\ScorpionSaver\SendJson.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\715A3348920B6534690067594BB69F60]

"3A9F56B942D9A2546BFE41756DE52495"="c:\Program Files (x86)\ScorpionSaver\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7B7B13B037A7C2A42AC3E3EAF14D7107]

"3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7D05B2942E9CC80499F397F6114DFB35]

"3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8591B8948E1C4A04F90505B3CDEE8555]

"3A9F56B942D9A2546BFE41756DE52495"="c:\Program Files (x86)\ScorpionSaver\CustomActionInstall"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8D841C5FEC311624CB88D49DB3884FA7]

"3A9F56B942D9A2546BFE41756DE52495"="c:\Program Files (x86)\ScorpionSaver\IECore.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AD746BF3B3B3FD8409B86604BA85982A]

"3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F355F0DB7A2E3A14B8E7A568FBA25937]

"3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Adpeak, Inc.\ScorpionSaver Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{ED721A76-8160-4DA0-A18E-7FD7C4574774}\1.0\0\win32]

@="c:\Program Files\ScorpionSaver Services\AdpeakProxy.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{ED721A76-8160-4DA0-A18E-7FD7C4574774}\1.0\HELPDIR]

@="c:\Program Files\ScorpionSaver Services"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\AppId_Catalog\049970F0]

"AppFullPath"="c:\Program Files\ScorpionSaver Services\AdpeakProxy.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\AppId_Catalog\049970F0]

"AppFullPath"="c:\Program Files\ScorpionSaver Services\AdpeakProxy.exe"

[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Scorpion Saver]

[HKEY_USERS\S-1-5-21-251038213-2808898551-1881861744-1001\Software\Adpeak, Inc.\ScorpionSaver]

[HKEY_USERS\S-1-5-21-251038213-2808898551-1881861744-1001\Software\AppDataLow\Software\ScorpionSaver]

[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Scorpion Saver]

 

-= EOF =-

[MrCharlie]

OK, it's going to take me a while to sort through all of this, I'll get back to you in the AM with a fix.

MrC

[MrCharlie]

Please backup the registry before continuing:

http://www.geekstogo.com/forum/topic/208859-backing-up-the-registry-using-erunt/

Then download and unzip the attached sc2.zip (sc2.reg)

Now double click on it and allow it to merge into the registry.

Reboot...let me know.

MrC

[thedemogoblin]

hey MrC!

It's no longer on add/remove programs! Am I out of the water?

[MrCharlie]

YES!

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• If you get Unsupported operating system. Aborting now, just reboot and try again.
• A Notepad document should open automatically called checkup.txt.
• Please Post the contents of that document.
• Do Not Attach It!!!

MrC

[thedemogoblin]

 Results of screen317's Security Check version 0.99.77  

   x64 (UAC is enabled)  

 Internet Explorer 11  

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Firewall Enabled!  

Windows Defender   

Norton AntiVirus   

 WMI entry may not exist for antivirus; attempting automatic update. 

`````````Anti-malware/Other Utilities Check:````````` 

 Malwarebytes Anti-Malware version 1.75.0.1300  

 Google Chrome 31.0.1650.48  

 Google Chrome 31.0.1650.57  

````````Process Check: objlist.exe by Laurent````````  

 Norton ccSvcHst.exe 

 Malwarebytes Anti-Malware mbamservice.exe  

 Malwarebytes Anti-Malware mbamgui.exe  

 Norton AntiVirus Engine 20.4.0.40 ccSvcHst.exe 

 Malwarebytes' Anti-Malware mbamscheduler.exe   

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C:  % 

````````````````````End of Log``````````````````````