Jump to content

Need Assistance Removing Scorpion Saver


Recommended Posts

Welcome to the forum, first.....try to uninstall it from your add/remove programs.

Then........

Lets clean out any adware/spyware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

Make sure you click on download buttons that look similar to this, not "sponsored ad links":

bleep-crop.jpg

  • Double click on AdwCleaner.exe to run the tool.

    Vista/Windows 7/8 users right-click and select Run As Administrator

  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
Next..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Last......

Please download Farbar Recovery Scan Tool and save it to a folder. (use correct version for your system.....Which system am I using?)

Please make sure you click download buttons that look similar to this, not "sponsored ad links":

bleep-crop.jpg

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
  • MrC
Link to post
Share on other sites

# AdwCleaner v3.014 - Report created 01/12/2013 at 21:46:32
# Updated 01/12/2013 by Xplode
# Operating System : Windows Vista Ultimate Service Pack 2 (64 bits)
# Username : Michelle - BEHEMOTH
# Running from : C:\Users\Michelle\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

[!] Folder Deleted : C:\ProgramData\Ask
[!] Folder Deleted : C:\ProgramData\DealPlyLive
[!] Folder Deleted : C:\Program Files (x86)\Ask.com
[!] Folder Deleted : C:\Program Files (x86)\Babylon
[!] Folder Deleted : C:\Program Files (x86)\Conduit
[!] Folder Deleted : C:\Program Files (x86)\DealPly
[!] Folder Deleted : C:\Program Files (x86)\DealPlyLive
[!] Folder Deleted : C:\Program Files (x86)\MyPC Backup
[!] Folder Deleted : C:\Program Files (x86)\Object
[!] Folder Deleted : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
[!] Folder Deleted : C:\Program Files\Babylon
[!] Folder Deleted : C:\Program Files\Level Quality Watcher
[!] Folder Deleted : C:\Users\Michelle\AppData\Local\Conduit
[!] Folder Deleted : C:\Users\Michelle\AppData\Local\DealPlyLive
[!] Folder Deleted : C:\Users\Michelle\AppData\LocalLow\AskToolbar
[!] Folder Deleted : C:\Users\Michelle\AppData\LocalLow\Conduit
[!] Folder Deleted : C:\Users\Michelle\AppData\LocalLow\uTorrentControl_v2
[!] Folder Deleted : C:\Users\Michelle\AppData\Roaming\DealPly
[!] Folder Deleted : C:\Users\Michelle\AppData\Roaming\Search Protection
[!] Folder Deleted : C:\Users\Michelle\AppData\Roaming\Systweak
[!] Folder Deleted : C:\Users\Michelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly
[!] Folder Deleted : C:\Users\Michelle\Documents\Tutorials
[!] Folder Deleted : C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl
[!] Folder Deleted : C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\kincjchfokkeneeofpeefomkikfkiedl
[!] Folder Deleted : C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\tfwcekbk.default\searchplugins\Askcom.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\Babylon.xml
File Deleted : C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\tfwcekbk.default\searchplugins\Conduit.xml
File Deleted : C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\tfwcekbk.default\user.js
File Deleted : C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage
File Deleted : C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage-journal
File Deleted : C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineCore.job
File Deleted : C:\Windows\System32\Tasks\DealPlyLiveUpdateTaskMachineCore
File Deleted : C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineUA.job
File Deleted : C:\Windows\System32\Tasks\DealPlyLiveUpdateTaskMachineUA
File Deleted : C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{EB132DB0-A4CA-11DF-9732-0E29E0D72085}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{EB132DB0-A4CA-11DF-9732-0E29E0D72085}]
Key Deleted : HKCU\Software\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl
Key Deleted : HKCU\Software\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BabylonHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dealplylive.exe
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\DealPlyLive.OneClickCtrl.9
Key Deleted : HKLM\SOFTWARE\Classes\DealPlyLive.OneClickProcessLauncherMachine
Key Deleted : HKLM\SOFTWARE\Classes\DealPlyLive.OneClickProcessLauncherMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\DealPlyLive.Update3WebControl.3
Key Deleted : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.CoCreateAsync
Key Deleted : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.CoCreateAsync.1.0
Key Deleted : HKLM\SOFTWARE\Classes\dealplyliveupdate.coreclass
Key Deleted : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.CoreClass.1
Key Deleted : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.CoreMachineClass
Key Deleted : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.CoreMachineClass.1
Key Deleted : HKLM\SOFTWARE\Classes\dealplyliveupdate.credentialdialogmachine
Key Deleted : HKLM\SOFTWARE\Classes\dealplyliveupdate.credentialdialogmachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\dealplyliveupdate.ondemandcomclassmachine
Key Deleted : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.OnDemandCOMClassMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\dealplyliveupdate.ondemandcomclassmachinefallback
Key Deleted : HKLM\SOFTWARE\Classes\dealplyliveupdate.ondemandcomclassmachinefallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.OnDemandCOMClassSvc
Key Deleted : HKLM\SOFTWARE\Classes\dealplyliveupdate.ondemandcomclasssvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.ProcessLauncher
Key Deleted : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.ProcessLauncher.1.0
Key Deleted : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.Update3COMClassService
Key Deleted : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.Update3COMClassService.1.0
Key Deleted : HKLM\SOFTWARE\Classes\dealplyliveupdate.update3webmachine
Key Deleted : HKLM\SOFTWARE\Classes\dealplyliveupdate.update3webmachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\dealplyliveupdate.update3webmachinefallback
Key Deleted : HKLM\SOFTWARE\Classes\dealplyliveupdate.update3webmachinefallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\dealplyliveupdate.update3websvc
Key Deleted : HKLM\SOFTWARE\Classes\dealplyliveupdate.update3websvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dealplylive.exe
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@tools.dpliveupdate.com/DealPlyLive Update;version=3
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@tools.dpliveupdate.com/DealPlyLive Update;version=9
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3220468
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{80FABB17-63AF-4655-9F07-B6509EE37AF2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{F48FC5B2-094A-44C7-B48C-289738C9582D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0D89DE71-3D99-4288-84DC-F18F1047A7D8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1E0C9B2A-6447-452C-B012-2314A0C29412}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{34A8CEB6-89BB-49F1-B5E4-0D0D6C21F3B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3A4DBD3A-98CC-41CE-AD21-352D42B6F754}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4F8A50F6-69DE-4BE3-A33A-A1079B9AC0DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{501CB57A-D4E2-4855-96AD-EDB0A9083395}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64B00DAC-870D-4E6A-8D34-3A6E3E427A30}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6FF2C4DD-77A4-4BB5-BA4C-B42DEFBF9137}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7473B6BD-4691-4744-A82B-7854EB3D70B6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80FABB17-63AF-4655-9F07-B6509EE37AF2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{83ABA270-8390-4CA6-AE48-FC089F55629E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8B218A5F-1A3D-4347-94EF-A79575EB8094}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9BDB5E09-4BBA-4422-8C2B-529B281C32B8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE48ED75-5A56-4C5F-BBCE-6F1AC3875F66}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C536F080-57B7-46D6-8894-C647553F2889}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA5D945F-E738-4D0B-A0B5-25AC51C64659}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F48FC5B2-094A-44C7-B48C-289738C9582D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F7698761-4ABA-45C2-A5BB-D2163922C725}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FFCC53E6-2655-47FC-A89B-54E8D7F305D1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{537F4F0B-3542-4C7D-A3E5-CF121482696C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{37425600-CB21-49A0-8659-476FBAB0F8E8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{431FB0E5-2CBB-4602-9FE6-F1D64488ADD7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5C9A230D-70A5-11D5-AFB0-0050DAC67890}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8911483C-C00A-4183-9FBC-6C9C00946C15}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C3F058A9-407D-4CD1-8F66-B75605B54B69}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{5C9A2304-70A5-11D5-AFB0-0050DAC67890}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7473B6BD-4691-4744-A82B-7854EB3D70B6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE48ED75-5A56-4C5F-BBCE-6F1AC3875F66}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7473B6BD-4691-4744-A82B-7854EB3D70B6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7473B6BD-4691-4744-A82B-7854EB3D70B6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{537F4F0B-3542-4C7D-A3E5-CF121482696C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C536F080-57B7-46D6-8894-C647553F2889}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DACE14EB-ACD2-4300-9DE9-1EE2380C7AD9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B9870544-D89C-435B-98B2-7FCC163A81CA}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{7473B6BD-4691-4744-A82B-7854EB3D70B6}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{7473B6BD-4691-4744-A82B-7854EB3D70B6}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{7473B6BD-4691-4744-A82B-7854EB3D70B6}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{64B00DAC-870D-4E6A-8D34-3A6E3E427A30}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DealPly
Key Deleted : HKCU\Software\DealPlyLive
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\StartSearch
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\uTorrentControl_v2
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DealPly
Key Deleted : HKLM\Software\DealPlyLive
Key Deleted : HKLM\Software\systweak
Key Deleted : HKLM\Software\TENCENT
Key Deleted : HKLM\Software\uTorrentControl_v2
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\facetheme
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentControl_v2 Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\facetheme
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\uTorrentControl_v2 Toolbar
Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16520


-\\ Mozilla Firefox v25.0.1 (en-US)

[ File : C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\tfwcekbk.default\prefs.js ]

Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "");
Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "uTorrentControl_v2 Customized Web Search");


Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3220468");
Line Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Line Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Line Deleted : user_pref("browser.search.defaultenginename,S", "S,S,S,S,S,Search the web (Babylon)");
Line Deleted : user_pref("browser.search.order.1", "Ask.com");
Line Deleted : user_pref("extensions.asktb.InstallDir", "C:\\Program Files (x86)\\Ask.com\\");
Line Deleted : user_pref("extensions.asktb.abar-war-timeout", "4000");
Line Deleted : user_pref("extensions.asktb.cbid", "TV");
Line Deleted : user_pref("extensions.asktb.config-updated", false);
Line Deleted : user_pref("extensions.asktb.crumb", "2012.08.24+07.01.26-toolbar012iad-US-TGFzIFZlZ2FzLE5WLFVuaXRlZCBTdGF0ZXM%3D");

Line Deleted : user_pref("extensions.asktb.dtid", "OSJ000YYUS");
Line Deleted : user_pref("extensions.asktb.dyn-weather-do-locid-lookup-weatherWidget", false);
Line Deleted : user_pref("extensions.asktb.dyn-weather-locid-weatherWidget", "USNV0049");
Line Deleted : user_pref("extensions.asktb.dyn-weather-tempunit-weatherWidget", "F");

Line Deleted : user_pref("extensions.asktb.fresh-install", false);
Line Deleted : user_pref("extensions.asktb.guid", "650CF628-1C79-4DD8-99B8-CD7B0E3A571F");

Line Deleted : user_pref("extensions.asktb.if", "first");
Line Deleted : user_pref("extensions.asktb.l", "dis");
Line Deleted : user_pref("extensions.asktb.last-config-req", "1345821898170");
Line Deleted : user_pref("extensions.asktb.locale", "en_US");
Line Deleted : user_pref("extensions.asktb.location", "Las Vegas,NV,United States");
Line Deleted : user_pref("extensions.asktb.new-tab-enabled", true);
Line Deleted : user_pref("extensions.asktb.o", "100000031");
Line Deleted : user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
Line Deleted : user_pref("extensions.asktb.qsrc", "2871");
Line Deleted : user_pref("extensions.asktb.r", "8");
Line Deleted : user_pref("extensions.asktb.sa", "YES");
Line Deleted : user_pref("extensions.asktb.saguid", "AD5F8C78-DA23-49A7-89FF-A5CDF5716AAC");

Line Deleted : user_pref("extensions.asktb.search-suggestions-enabled", true);
Line Deleted : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false);
Line Deleted : user_pref("extensions.asktb.socialmini-first", true);
Line Deleted : user_pref("extensions.asktb.socialmini-interval", "1200000");
Line Deleted : user_pref("extensions.asktb.socialmini-max-char-ticker", "33");
Line Deleted : user_pref("extensions.asktb.socialmini-max-items", "30");
Line Deleted : user_pref("extensions.asktb.socialmini-native-on", true);
Line Deleted : user_pref("extensions.asktb.socialmini-speed", "5000");
Line Deleted : user_pref("extensions.asktb.socialmini-transition-first-open", false);
Line Deleted : user_pref("extensions.asktb.themeid", "");
Line Deleted : user_pref("extensions.asktb.to", "");
Line Deleted : user_pref("extensions.asktb.version", "5.12.5.17640");
Line Deleted : user_pref("extensions.helperbar.DockingPositionDown", false);
Line Deleted : user_pref("extensions.helperbar.SmartbarDisabled", false);
Line Deleted : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
Line Deleted : user_pref("extensions.helperbar.Visibility", false);
Line Deleted : user_pref("extensions.helperbar.countryiso", "us");
Line Deleted : user_pref("extensions.helperbar.downloadprovider", "ry_707");
Line Deleted : user_pref("extensions.helperbar.installationid", "2b247529-4d53-41d3-e3ce-96b7bfe6f1d7");
Line Deleted : user_pref("extensions.helperbar.installdate", "25/11/2013");
Line Deleted : user_pref("extensions.helperbar.publisher", "quickobrw");


-\\ Google Chrome v

[ File : C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [24155 octets] - [01/12/2013 21:12:18]
AdwCleaner[R1].txt - [23884 octets] - [01/12/2013 21:35:07]
AdwCleaner[R2].txt - [24005 octets] - [01/12/2013 21:45:44]
AdwCleaner[s0].txt - [2274 octets] - [01/12/2013 21:16:46]
AdwCleaner[s1].txt - [1899 octets] - [01/12/2013 21:36:48]
AdwCleaner[s2].txt - [21115 octets] - [01/12/2013 21:46:32]

########## EOF - C:\AdwCleaner\AdwCleaner[s2].txt - [21176 octets] ##########
 

Link to post
Share on other sites

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.02.02

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Michelle :: BEHEMOTH [administrator]

Protection: Enabled

12/1/2013 9:57:21 PM
MBAM-log-2013-12-01 (22-03-08).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 231620
Time elapsed: 4 minute(s), 33 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10AD2C61-0898-4348-8600-14A342F22AC3} (PUP.Optional.ScorpionSaver) -> No action taken.
HKCR\TypeLib\{DCABB943-792E-44C4-9029-ECBEE6265AF9} (PUP.Optional.Smart) -> No action taken.
HKCR\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534} (PUP.Optional.Smart) -> No action taken.
HKCR\AppID\AdpeakProxy.exe (PUP.Optional.Adpeak) -> No action taken.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 5
C:\Users\Michelle\AppData\Local\Temp\DownloadManager.exe (PUP.Optional.Smart) -> No action taken.
C:\Users\Michelle\AppData\Local\Temp\RegClean10.exe (PUP.Optional.RegCleanerPro) -> No action taken.
C:\Users\Michelle\Downloads\InstallRARFileOpenKnife(1).exe (PUP.Optional.OpenCandy) -> No action taken.
C:\Users\Michelle\Downloads\InstallRARFileOpenKnife.exe (PUP.Optional.OpenCandy) -> No action taken.
C:\Users\Michelle\Downloads\mkvtomp4_setup.exe (PUP.Optional.Smart) -> No action taken.

(end)
 

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-12-2013
Ran by Michelle (administrator) on BEHEMOTH on 01-12-2013 22:23:56
Running from C:\Users\Michelle\Downloads
Windows Vista Ultimate Service Pack 2 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Basics\Service\SyncServicesBasics.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Prolific Technology Inc.) C:\Windows\SysWOW64\IoctlSvc.exe
(Western Digital) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Western Digital ) C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe
(Western Digital ) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Dropbox, Inc.) C:\Users\Michelle\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Farbar) C:\Users\Michelle\Downloads\FRST64(2).exe

==================== Registry (Whitelisted) ==================

HKLM-x32\...\Winlogon: [userinit] C:\Windows\sysWOW64\userinit.exe [25088 2008-01-18] (Microsoft Corporation)
HKCU\...\Run: [AdobeBridge] - [x]
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [138240 2008-01-19] (Microsoft Corporation)
HKCU\...\Run: [Google Update] - C:\Users\Michelle\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2010-08-31] (Google Inc.)
HKCU\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2011-06-20] (Hewlett-Packard Company)
HKCU\...\Run: [HP Officejet Pro 8600 (NET)] - C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-09] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [WD Quick View] - C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5237256 2012-12-20] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Mcx1\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Mcx1\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [138240 2008-01-19] (Microsoft Corporation)
HKU\Mcx1\...\Winlogon: [shell] C:\Windows\eHome\McrMgr.exe [196608 2009-04-10] (Microsoft Corporation) <==== ATTENTION
Startup: C:\Users\Michelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Michelle\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Michelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\Michelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk
ShortcutTarget: Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
BootExecute: autocheck autochk /p \??\I:autocheck autochk *

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo.com?type=714647&fr=spigot-yhp-ie
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xBD3C12301328CE01
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {8D44BDD5-86DA-4BAE-A69E-92205043AE90} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3220468
SearchScopes: HKCU - {9065EEB4-48ED-46E0-998D-D035B9B7B4B2} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms}
SearchScopes: HKCU - {CC933A5E-88E6-4DA1-8A59-06BF9AEBEA8F} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000031&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=650CF628-1C79-4DD8-99B8-CD7B0E3A571F&apn_sauid=AD5F8C78-DA23-49A7-89FF-A5CDF5716AAC
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Facetheme - {cbc5b60a-aa4d-45f6-84c2-d086f320299a} - C:\Program Files (x86)\Object\bho_project.dll No File
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/15116/CTPID.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\tfwcekbk.default
FF NewTab: about:blank
FF Homepage: https://www.google.com/

FF NetworkProxy: "no_proxies_on", "*.local"
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Michelle\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Michelle\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\tfwcekbk.default\searchplugins\firefox-add-ons.xml
FF SearchPlugin: C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\tfwcekbk.default\searchplugins\flickr-tags.xml
FF SearchPlugin: C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\tfwcekbk.default\searchplugins\imdb.xml
FF Extension: Evernote Web Clipper - C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\tfwcekbk.default\Extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}
FF Extension: amznUWL2 - C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\tfwcekbk.default\Extensions\amznUWL2@amazon.com.xpi
FF Extension: info - C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\tfwcekbk.default\Extensions\info@priceblink.com.xpi
FF Extension: readable - C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\tfwcekbk.default\Extensions\readable@evernote.com.xpi
FF Extension: defaults - C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\tfwcekbk.default\Extensions\{677a8f98-fd64-40b0-a883-b8c95d0cbf17}.xpi
FF Extension: Anti-Banner - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF Extension: Content Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com

Chrome:
=======


CHR DefaultSearchURL: (Yahoo!) - http://search.yahoo.com/search?fr=chr-greentree_gc&ei=utf-8&ilc=12&type=714647&p={searchTerms}
CHR DefaultSuggestURL: (Yahoo!) - http://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Users\Michelle\AppData\Local\Google\Chrome\Application\31.0.1650.57\gcswf32.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Michelle\AppData\Local\Google\Chrome\Application\31.0.1650.57\pdf.dll ()
CHR Plugin: (Chrome NaCl) - C:\Users\Michelle\AppData\Local\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Google Gears 0.5.33.0) - C:\Users\Michelle\AppData\Local\Google\Chrome\Application\31.0.1650.57\gears.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Google Update) - C:\Users\Michelle\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (Entanglement Web App) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\3.4.9_0
CHR Extension: (Kaspersky URL Advisor) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0
CHR Extension: (Virtual Keyboard) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0
CHR Extension: (Poppit) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0
CHR Extension: (Google Wallet) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Anti-Banner) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\content_blocker_chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx

==================== Services (Whitelisted) =================

R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-09] (Kaspersky Lab ZAO)
R2 Basics Service; C:\Program Files (x86)\Seagate\Basics\Service\SyncServicesBasics.exe [124280 2007-10-09] (Seagate Technology LLC)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [275752 2008-01-22] (Nero AG)
R2 PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1155088 2012-12-20] (Western Digital )
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [248840 2012-12-20] (Western Digital)
R2 WDRulesService; C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [1178128 2012-12-20] (Western Digital )

==================== Drivers (Whitelisted) ====================

R3 AX88178; C:\Windows\System32\DRIVERS\ax88178.sys [58368 2010-11-24] (ASIX Electronics Corp.)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [7717984 2013-10-09] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [626272 2013-10-09] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [28504 2012-08-02] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-10-09] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-09] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-06-20] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-04-24] (Kaspersky Lab ZAO)
R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2013-03-14] (CACE Technologies, Inc.)
R3 Spyder3; C:\Windows\System32\DRIVERS\Spyder3.sys [15360 2010-03-30] ()
R3 xcbdaNtsc; C:\Windows\System32\DRIVERS\xcbdaNVx64.sys [206504 2007-03-15] (ViXS Systems Inc.)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [90208 2013-04-24] (Kaspersky Lab ZAO)
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-01 22:20 - 2013-12-01 22:22 - 01959184 _____ (Farbar) C:\Users\Michelle\Downloads\FRST64(2).exe
2013-12-01 22:18 - 2013-12-01 22:19 - 01959184 _____ (Farbar) C:\Users\Michelle\Downloads\FRST64(1).exe
2013-12-01 22:08 - 2013-12-01 22:09 - 00009575 _____ C:\Users\Michelle\Downloads\Addition.txt
2013-12-01 22:07 - 2013-12-01 22:25 - 00023746 _____ C:\Users\Michelle\Downloads\FRST.txt
2013-12-01 22:07 - 2013-12-01 22:07 - 00000000 ____D C:\FRST
2013-12-01 22:05 - 2013-12-01 22:05 - 01959184 _____ (Farbar) C:\Users\Michelle\Downloads\FRST64.exe
2013-12-01 21:55 - 2013-12-01 21:55 - 00000948 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-01 21:55 - 2013-12-01 21:55 - 00000000 ____D C:\Users\Michelle\AppData\Roaming\Malwarebytes
2013-12-01 21:55 - 2013-12-01 21:55 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-01 21:55 - 2013-12-01 21:55 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-01 21:55 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-12-01 21:53 - 2013-12-01 21:54 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Michelle\Downloads\mbam-setup-1.75.0.1300.exe
2013-12-01 21:11 - 2013-12-01 21:46 - 00000000 ____D C:\AdwCleaner
2013-12-01 21:09 - 2013-12-01 21:09 - 01110034 _____ C:\Users\Michelle\Downloads\AdwCleaner.exe
2013-11-28 10:42 - 2013-11-28 10:42 - 00000000 _____ C:\Users\Michelle\Downloads\afs
2013-11-27 08:12 - 2013-10-16 10:18 - 00338944 _____ (Adpeak, Inc.) C:\Windows\SysWOW64\AdpeakProxy.dll
2013-11-26 13:16 - 2013-11-26 13:19 - 53672960 _____ C:\Users\Michelle\Downloads\calibre-1.12.0.msi
2013-11-26 13:15 - 2013-11-26 13:15 - 00000000 ____D C:\Users\Michelle\Downloads\Veronica Roth - Divergent Trilogy [EPUB, MOBI, PDF]
2013-11-26 11:13 - 2013-11-26 11:13 - 00001304 _____ C:\Users\Michelle\Documents\cc_20131126_111346.reg
2013-11-26 10:50 - 2013-11-26 10:51 - 00459400 _____ C:\Windows\dd_vcredistMSI602E.txt
2013-11-26 10:50 - 2013-11-26 10:51 - 00013782 _____ C:\Windows\dd_vcredistUI602E.txt
2013-11-26 07:35 - 2013-11-26 07:35 - 00000000 ____D C:\ProgramData\VS Revo Group
2013-11-26 07:04 - 2013-12-01 22:10 - 00133742 _____ C:\Windows\PFRO.log
2013-11-25 18:57 - 2013-11-25 19:01 - 00050790 _____ C:\Users\Michelle\Documents\cc_20131125_185747.reg
2013-11-25 18:30 - 2013-11-25 18:31 - 00000000 ____D C:\Users\Michelle\Desktop\CST
2013-11-25 18:24 - 2013-11-25 18:24 - 00317584 _____ C:\Users\Michelle\Documents\cc_20131125_182400.reg
2013-11-25 18:20 - 2013-11-25 18:20 - 00002778 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-11-25 18:20 - 2013-11-25 18:20 - 00000000 ____D C:\Program Files\CCleaner
2013-11-25 18:19 - 2013-11-25 18:19 - 04618136 _____ (Piriform Ltd) C:\Users\Michelle\Downloads\ccsetup408.exe
2013-11-25 17:55 - 2013-11-25 17:55 - 00000000 ____D C:\Users\Michelle\AppData\Roaming\Convert Audio Free
2013-11-25 17:54 - 2013-11-25 17:56 - 00355336 _____ C:\Users\Michelle\AppData\Local\dd_vcredistMSI5653.txt
2013-11-25 17:54 - 2013-11-25 17:56 - 00014650 _____ C:\Users\Michelle\AppData\Local\dd_vcredistUI5653.txt
2013-11-24 00:34 - 2013-11-24 00:34 - 01071224 _____ (Solid State Networks) C:\Users\Michelle\Downloads\install_flashplayer11x32au_mssd_aaa_aih(1).exe
2013-11-17 10:09 - 2013-11-19 11:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-15 13:07 - 2013-11-15 13:07 - 01071224 _____ (Solid State Networks) C:\Users\Michelle\Downloads\install_flashplayer11x32au_mssd_aaa_aih.exe
2013-11-14 09:25 - 2013-10-13 07:58 - 17847296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-14 09:25 - 2013-10-13 07:09 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-14 09:25 - 2013-10-13 06:55 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-14 09:25 - 2013-10-13 06:48 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-14 09:25 - 2013-10-13 06:47 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-14 09:25 - 2013-10-13 06:46 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-14 09:25 - 2013-10-13 06:46 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-14 09:25 - 2013-10-13 06:44 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-14 09:25 - 2013-10-13 06:42 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-14 09:25 - 2013-10-13 06:42 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-14 09:25 - 2013-10-13 06:42 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-14 09:25 - 2013-10-13 06:39 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-14 09:25 - 2013-10-13 06:38 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-14 09:25 - 2013-10-13 06:36 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-14 09:25 - 2013-10-13 06:35 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-14 09:25 - 2013-10-13 06:29 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-14 09:25 - 2013-10-13 02:42 - 12344832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-14 09:25 - 2013-10-13 02:08 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-14 09:25 - 2013-10-13 01:48 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-14 09:25 - 2013-10-13 01:37 - 01104896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-14 09:25 - 2013-10-13 01:35 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-14 09:25 - 2013-10-13 01:35 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-14 09:25 - 2013-10-13 01:33 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-11-14 09:25 - 2013-10-13 01:32 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-14 09:25 - 2013-10-13 01:30 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-14 09:25 - 2013-10-13 01:30 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-11-14 09:25 - 2013-10-13 01:29 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-11-14 09:25 - 2013-10-13 01:27 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-14 09:25 - 2013-10-13 01:27 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-14 09:25 - 2013-10-13 01:26 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-11-14 09:25 - 2013-10-13 01:25 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-14 09:25 - 2013-10-13 01:20 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-13 12:36 - 2013-10-10 20:23 - 00781824 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-13 12:36 - 2013-10-10 20:23 - 00462848 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-13 12:36 - 2013-10-10 18:29 - 00217074 _____ C:\Windows\system32\WFP.TMF
2013-11-13 12:36 - 2013-10-10 18:07 - 00596480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-13 12:36 - 2013-10-03 07:02 - 01278976 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-13 12:36 - 2013-10-03 04:45 - 00993792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-13 12:35 - 2013-10-03 07:03 - 00389632 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-13 12:35 - 2013-10-03 04:46 - 00304128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-13 12:35 - 2013-09-03 18:31 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-08 08:44 - 2013-11-08 08:44 - 00001694 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-11-08 08:43 - 2013-11-08 08:44 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-11-08 08:43 - 2013-11-08 08:44 - 00000000 ____D C:\Program Files\iTunes
2013-11-08 08:43 - 2013-11-08 08:44 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-11-08 08:43 - 2013-11-08 08:43 - 00000000 ____D C:\Program Files\iPod

==================== One Month Modified Files and Folders =======

2013-12-01 22:25 - 2013-12-01 22:07 - 00023746 _____ C:\Users\Michelle\Downloads\FRST.txt
2013-12-01 22:22 - 2013-12-01 22:20 - 01959184 _____ (Farbar) C:\Users\Michelle\Downloads\FRST64(2).exe
2013-12-01 22:21 - 2012-04-08 16:01 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-01 22:19 - 2013-12-01 22:18 - 01959184 _____ (Farbar) C:\Users\Michelle\Downloads\FRST64(1).exe
2013-12-01 22:18 - 2006-11-02 04:46 - 00731710 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-01 22:15 - 2011-05-22 14:26 - 00000920 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-938033839-2590711077-2007656739-1000UA.job
2013-12-01 22:14 - 2012-07-26 21:19 - 00000000 ____D C:\Users\Michelle\AppData\Roaming\Dropbox
2013-12-01 22:13 - 2012-07-26 21:23 - 00000000 ___RD C:\Users\Michelle\Dropbox
2013-12-01 22:12 - 2012-09-21 09:24 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-01 22:12 - 2011-05-22 10:22 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-12-01 22:11 - 2011-05-22 11:12 - 00000000 _____ C:\Windows\system32\Drivers\lvuvc.hs
2013-12-01 22:11 - 2006-11-02 07:40 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-01 22:11 - 2006-11-02 07:21 - 00004832 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-01 22:11 - 2006-11-02 07:21 - 00004832 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-01 22:10 - 2013-11-26 07:04 - 00133742 _____ C:\Windows\PFRO.log
2013-12-01 22:09 - 2013-12-01 22:08 - 00009575 _____ C:\Users\Michelle\Downloads\Addition.txt
2013-12-01 22:09 - 2006-11-02 07:40 - 00032650 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-12-01 22:09 - 2006-11-02 07:26 - 01124466 _____ C:\Windows\WindowsUpdate.log
2013-12-01 22:07 - 2013-12-01 22:07 - 00000000 ____D C:\FRST
2013-12-01 22:05 - 2013-12-01 22:05 - 01959184 _____ (Farbar) C:\Users\Michelle\Downloads\FRST64.exe
2013-12-01 22:05 - 2012-09-21 09:24 - 00000902 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-01 21:59 - 2011-05-24 16:28 - 00000000 ____D C:\Users\Michelle\AppData\Local\Adobe
2013-12-01 21:55 - 2013-12-01 21:55 - 00000948 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-01 21:55 - 2013-12-01 21:55 - 00000000 ____D C:\Users\Michelle\AppData\Roaming\Malwarebytes
2013-12-01 21:55 - 2013-12-01 21:55 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-01 21:55 - 2013-12-01 21:55 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-01 21:54 - 2013-12-01 21:53 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Michelle\Downloads\mbam-setup-1.75.0.1300.exe
2013-12-01 21:46 - 2013-12-01 21:11 - 00000000 ____D C:\AdwCleaner
2013-12-01 21:15 - 2011-05-22 14:26 - 00000868 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-938033839-2590711077-2007656739-1000Core.job
2013-12-01 21:09 - 2013-12-01 21:09 - 01110034 _____ C:\Users\Michelle\Downloads\AdwCleaner.exe
2013-12-01 21:08 - 2011-05-22 14:27 - 00000000 ____D C:\Users\Michelle\AppData\Roaming\uTorrent
2013-11-28 12:09 - 2012-05-30 07:51 - 00000000 ____D C:\Users\Michelle\Documents\Calibre Library
2013-11-28 10:53 - 2011-05-22 14:13 - 00000000 ____D C:\Users\Michelle\Documents\Quicken
2013-11-28 10:42 - 2013-11-28 10:42 - 00000000 _____ C:\Users\Michelle\Downloads\afs
2013-11-28 05:00 - 2012-09-21 09:24 - 00003898 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-11-28 05:00 - 2012-09-21 09:24 - 00003646 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-11-26 13:24 - 2013-07-19 09:38 - 00000871 _____ C:\Users\Public\Desktop\calibre - E-book management.lnk
2013-11-26 13:24 - 2012-05-30 07:50 - 00000000 ____D C:\Program Files (x86)\Calibre2
2013-11-26 13:19 - 2013-11-26 13:16 - 53672960 _____ C:\Users\Michelle\Downloads\calibre-1.12.0.msi
2013-11-26 13:15 - 2013-11-26 13:15 - 00000000 ____D C:\Users\Michelle\Downloads\Veronica Roth - Divergent Trilogy [EPUB, MOBI, PDF]
2013-11-26 11:13 - 2013-11-26 11:13 - 00001304 _____ C:\Users\Michelle\Documents\cc_20131126_111346.reg
2013-11-26 10:51 - 2013-11-26 10:50 - 00459400 _____ C:\Windows\dd_vcredistMSI602E.txt
2013-11-26 10:51 - 2013-11-26 10:50 - 00013782 _____ C:\Windows\dd_vcredistUI602E.txt
2013-11-26 10:50 - 2006-11-02 05:33 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-11-26 07:35 - 2013-11-26 07:35 - 00000000 ____D C:\ProgramData\VS Revo Group
2013-11-25 19:01 - 2013-11-25 18:57 - 00050790 _____ C:\Users\Michelle\Documents\cc_20131125_185747.reg
2013-11-25 18:53 - 2011-05-31 19:22 - 00000000 ____D C:\Windows\Minidump
2013-11-25 18:53 - 2011-05-22 12:44 - 00000000 ____D C:\Users\Michelle\AppData\Local\MigWiz
2013-11-25 18:53 - 2011-05-22 10:31 - 00000000 ____D C:\Windows\Panther
2013-11-25 18:31 - 2013-11-25 18:30 - 00000000 ____D C:\Users\Michelle\Desktop\CST
2013-11-25 18:31 - 2013-05-01 15:23 - 00000000 ____D C:\Users\Michelle\Desktop\City of Las Vegas - Online Payments - Printer Friendly Page_files
2013-11-25 18:24 - 2013-11-25 18:24 - 00317584 _____ C:\Users\Michelle\Documents\cc_20131125_182400.reg
2013-11-25 18:20 - 2013-11-25 18:20 - 00002778 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-11-25 18:20 - 2013-11-25 18:20 - 00000000 ____D C:\Program Files\CCleaner
2013-11-25 18:19 - 2013-11-25 18:19 - 04618136 _____ (Piriform Ltd) C:\Users\Michelle\Downloads\ccsetup408.exe
2013-11-25 18:09 - 2011-05-22 09:47 - 00000000 ___RD C:\Users\Michelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-25 17:56 - 2013-11-25 17:54 - 00355336 _____ C:\Users\Michelle\AppData\Local\dd_vcredistMSI5653.txt
2013-11-25 17:56 - 2013-11-25 17:54 - 00014650 _____ C:\Users\Michelle\AppData\Local\dd_vcredistUI5653.txt
2013-11-25 17:55 - 2013-11-25 17:55 - 00000000 ____D C:\Users\Michelle\AppData\Roaming\Convert Audio Free
2013-11-25 17:34 - 2011-07-28 10:18 - 00000069 _____ C:\Windows\NeroDigital.ini
2013-11-24 00:34 - 2013-11-24 00:34 - 01071224 _____ (Solid State Networks) C:\Users\Michelle\Downloads\install_flashplayer11x32au_mssd_aaa_aih(1).exe
2013-11-21 09:54 - 2012-04-25 09:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-19 11:09 - 2013-11-17 10:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-15 13:07 - 2013-11-15 13:07 - 01071224 _____ (Solid State Networks) C:\Users\Michelle\Downloads\install_flashplayer11x32au_mssd_aaa_aih.exe
2013-11-14 19:27 - 2006-11-02 05:33 - 00000000 ____D C:\Windows\rescache
2013-11-14 09:27 - 2011-05-22 14:35 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-14 09:24 - 2013-08-14 10:57 - 00000000 ____D C:\Windows\system32\MRT
2013-11-14 09:22 - 2006-11-02 04:35 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-11-11 05:50 - 2011-05-22 10:23 - 00267936 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-11-08 08:44 - 2013-11-08 08:44 - 00001694 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-11-08 08:44 - 2013-11-08 08:43 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-11-08 08:44 - 2013-11-08 08:43 - 00000000 ____D C:\Program Files\iTunes
2013-11-08 08:44 - 2013-11-08 08:43 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-11-08 08:43 - 2013-11-08 08:43 - 00000000 ____D C:\Program Files\iPod

Some content of TEMP:
====================
C:\Users\Michelle\AppData\Local\Temp\6_Offer_17.exe
C:\Users\Michelle\AppData\Local\Temp\BackupSetup.exe
C:\Users\Michelle\AppData\Local\Temp\Quarantine.exe
C:\Users\Michelle\AppData\Local\Temp\SpOrder.dll
C:\Users\Michelle\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Michelle\AppData\Local\Temp\VSUSetup.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-01 22:17

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-12-2013
Ran by Michelle at 2013-12-01 22:25:35
Running from C:\Users\Michelle\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Kaspersky Internet Security (Disabled - Up to date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
AS: Kaspersky Internet Security (Disabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Disabled) {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (x32)
@BIOS (x32 Version: 2.12)
µTorrent (HKCU Version: 3.3.2.30303)
ABC (remove only) (x32)
Adobe AIR (x32 Version: 3.3.0.3650)
Adobe Community Help (x32 Version: 3.4.980)
Adobe Digital Editions (x32)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Photoshop CS5.1 (x32 Version: 12.1)
Adobe Photoshop Lightroom 3.6 64-bit (Version: 3.6.1)
Adobe Photoshop Lightroom 5 Beta 64-bit (Version: 5.0.0)
Adobe Reader X (10.1.8) (x32 Version: 10.1.8)
Amazon Cloud Drive (x32 Version: 0.11.12.0)
AnswerWorks 5.0 English Runtime (x32 Version: 5.0.7)
Apple Application Support (x32 Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (x32 Version: 2.1.3.127)
Audacity 1.3.13 (Unicode) (x32)
AX88178 Vista Drivers (x32 Version: 1.0.1.0)
Bonjour (Version: 3.0.0.10)
calibre (x32 Version: 1.12.0)
CCleaner (Version: 4.08)
Click-N-Ship for Business® (x32 Version: 4.1.167.0)
CompanionLink (x32 Version: 5.00.5050)
Coupon Printer for Windows (x32 Version: 5.0.0.4)
Creative Audio Control Panel (x32 Version: 2.00)
Creative Software AutoUpdate (x32 Version: 1.40)
Creative Sound Blaster Properties x64 Edition (x32)
Drive Manager (x32 Version: 1.00.0012)
Dropbox (HKCU Version: 2.0.22)
DVDFab 8.2.2.0 (16/11/2012) Qt (x32)
Evernote v. 4.6.7 (x32 Version: 4.6.7.8409)
ffdshow [rev 1328] [2007-07-06] (Version: 1.0)
Flickr Uploadr 3.2.1 (x32)
Google Apps Migration For Microsoft Outlook® 2.3.14.36 (x32 Version: 2.3.14.36)
Google Chrome (HKCU Version: 31.0.1650.57)
Google Drive (x32 Version: 1.12.5329.1887)
Google Update Helper (x32 Version: 1.3.22.3)
HP Officejet Pro 8500 A910 Basic Device Software (Version: 22.50.231.0)
HP Officejet Pro 8500 A910 Help (x32 Version: 140.0.2.2)
HP Officejet Pro 8500 A910 Product Improvement Study (Version: 22.50.231.0)
HP Officejet Pro 8600 Basic Device Software (Version: 28.0.1315.0)
HP Officejet Pro 8600 Help (x32 Version: 28.0.0)
HP Officejet Pro 8600 Product Improvement Study (Version: 28.0.1315.0)
HP Update (x32 Version: 5.003.003.001)
HPDiagnosticAlert (x32 Version: 1.00.0000)
I.R.I.S. OCR (x32 Version: 12.3.4.0)
iCloud (Version: 2.1.2.8)
inSSIDer (x32 Version: 2.1.6)
iTunes (Version: 11.1.3.8)
Java 7 Update 25 (64-bit) (Version: 7.0.250)
Java 7 Update 45 (x32 Version: 7.0.450)
Java Auto Updater (x32 Version: 2.1.9.8)
Kaspersky Internet Security 2013 (x32 Version: 13.0.1.4190)
Kies Air Discovery Service (HKCU)
LEGO Digital Designer (x32)
LightScribe System Software (x32 Version: 1.18.24.1)
LightScribe Template Designs - Holiday Pack 1 (x32 Version: 1.10.16.1)
LightScribe Template Labeler (x32 Version: 1.18.24.1)
Logitech Vid HD (x32 Version: 7.2 (7248))
Logitech Webcam Software (Version: 12.10.1113)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Marketsplash Shortcuts (x32 Version: 1.0.1.7)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Standard 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Outlook Personal Folders Backup (x32 Version: 1.10.0.0)
Microsoft Silverlight (x32 Version: 5.1.20913.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86_x64 (Version: 1.00.0000)
MobileMe Control Panel (Version: 3.1.8.0)
Mozilla Firefox 25.0.1 (x86 en-US) (x32 Version: 25.0.1)
Mozilla Maintenance Service (x32 Version: 25.0.1)
MPEG2 Codec(libmpeg2/mad) (x32)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
My Sirius Studio (x32)
Nero 7 Ultra Edition (x32 Version: 7.03.1357)
neroxml (x32 Version: 1.0.0)
Netflix in Windows Media Center (x32 Version: 2.0.0.0)
OpenAL (x32)
Password Kernel 1.7 (x32 Version: 1.7)
PDF ePub DRM Removal (x32 Version: 1.4.1)
PDF Settings CS5 (x32 Version: 10.0)
Photomatix Pro version 4.1.1 (Version: 4.1.1)
Quicken 2011 (x32 Version: 20.1.8.6)
QuickTime (x32 Version: 7.74.80.86)
RAR File Open Knife - Free Opener (x32 Version: 3.00)
Recuva (Version: 1.40)
Revo Uninstaller Pro 3.0.7 (Version: 3.0.7)
Safari (x32 Version: 5.34.57.2)
ScorpionSaver (x32 Version: 1.0.0.0) <==== ATTENTION
Seagate Manager Installer (x32 Version: 2.01.0013)
Search Protection (HKCU Version: 7.5.0.1) <==== ATTENTION
ServiceProvider (x32)
Sirius Device Recovery (x32 Version: 1.00.0007)
Spyder3Pro (x32)
SpyderCheckr (x32)
SUPER © v2011.build.49 (July 1st, 2011) version v2011.build.49 (x32 Version: v2011.build.49)
TweetDeck (x32 Version: 0.38.1)
Ultimate Extras sounds from Microsoft® Tinker™
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update for Microsoft Office Excel 2007 Help (KB963678) (x32)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 Help (KB963677) (x32)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2825642) 32-Bit Edition (x32)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update for Microsoft Office Script Editor Help (KB963671) (x32)
Update for Microsoft Office Word 2007 Help (KB963665) (x32)
VLC media player 1.1.11 (x32 Version: 1.1.11)
VueScan (x32)
WD SmartWare (Version: 1.6.5.2)
WD Software Upgrader (x32 Version: 1.5.1)
Windows Installer Clean Up (x32 Version: 3.00.00.0000)
Windows Sound Schemes

==================== Restore Points  =========================

26-11-2013 09:50:26 Windows Update
26-11-2013 15:24:15 Removed ScorpionSaver
26-11-2013 15:36:15 Revo Uninstaller Pro's restore point - ScorpionSaver
26-11-2013 18:37:00 Removed ScorpionSaver
26-11-2013 18:47:03 Revo Uninstaller Pro's restore point - ScorpionSaver
26-11-2013 18:47:33 Removed ScorpionSaver
26-11-2013 18:50:35 Windows Update
26-11-2013 19:06:16 Removed ScorpionSaver
26-11-2013 19:09:25 Removed ScorpionSaver
26-11-2013 21:21:47 Installed calibre
27-11-2013 17:42:11 Scheduled Checkpoint
28-11-2013 08:00:01 Scheduled Checkpoint
30-11-2013 09:39:14 Windows Update
01-12-2013 23:38:51 Removed ScorpionSaver Services
01-12-2013 23:41:30 Removed ScorpionSaver
01-12-2013 23:44:04 Removed ScorpionSaver
01-12-2013 23:57:31 Removed ScorpionSaver

==================== Hosts content: ==========================

2006-11-02 04:34 - 2006-09-18 13:37 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0F4827BB-40D8-48A5-9B6D-B5A420FF84C6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {5DAFD194-1AEF-4252-8A0C-593BE841B85F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-19] (Google Inc.)
Task: {7CFEE8B6-EA66-4977-884D-3F82129B895A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-938033839-2590711077-2007656739-1000UA => C:\Users\Michelle\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-31] (Google Inc.)
Task: {9475DD97-BB54-4FD8-A31A-032B4833F6AA} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {9FA94E21-3E13-46D8-9FF1-F6FC8F308CFA} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {AA105019-BFFB-4713-B627-81B47F4419F0} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {AB60156F-EB1A-4C54-9000-6C0D3335318B} - \DealPlyLiveUpdateTaskMachineCore No Task File
Task: {B1353C38-1627-4C7A-A24E-22A2216B0D1C} - System32\Tasks\AdobeAAMUpdater-1.0-Behemoth-Michelle => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2012-09-20] (Adobe Systems Incorporated)
Task: {B631F454-7CC1-4AD5-AC51-2604255B24DF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-11-22] (Piriform Ltd)
Task: {B8234318-6721-4C43-B7D9-CEF6BBBF3FDB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-19] (Google Inc.)
Task: {B8865CFE-39D8-4074-B014-77EB239AA357} - \DealPlyLiveUpdateTaskMachineUA No Task File
Task: {C1330C29-DD3A-4ABA-AA40-F4631D6CE77B} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {C24DDCE1-39FB-4B78-A1BD-14C68F1B5BBD} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-938033839-2590711077-2007656739-1000Core => C:\Users\Michelle\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-31] (Google Inc.)
Task: {C28278BF-1ABF-4595-BB2A-15201DDF25E3} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\System32\gatherWirelessInfo.vbs [2011-05-22] ()
Task: {C41E9FD5-A5DB-4DEF-9715-E4F7BAFEE730} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\System32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
Task: {D4B6CCFC-6912-4837-900B-B809899BE100} - System32\Tasks\HPCustParticipation HP Officejet Pro 8500 A910 => C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPCustPartic.exe [2010-11-16] (Hewlett-Packard Co.)
Task: {DE9E267D-6DE0-4FF1-8869-5EA153BA745D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-09] (Adobe Systems Incorporated)
Task: {EC70A6A4-A818-40A8-A11C-4D54F0EFCC6E} - \Scheduled Update for Ask Toolbar No Task File
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-938033839-2590711077-2007656739-1000Core.job => C:\Users\Michelle\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-938033839-2590711077-2007656739-1000UA.job => C:\Users\Michelle\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2006-11-02 04:41 - 2008-06-03 02:35 - 00116736 _____ () C:\Windows\system32\atitmm64.dll
2011-06-24 21:56 - 2011-06-24 21:56 - 00087328 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-06-24 21:56 - 2011-06-24 21:56 - 01241888 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-08-17 21:39 - 2012-12-21 11:13 - 01310136 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\kpcengine.2.2.dll
2011-06-17 11:46 - 2011-06-17 11:46 - 02408448 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
2011-06-17 11:46 - 2011-06-17 11:46 - 08626176 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
2011-06-17 11:46 - 2011-06-17 11:46 - 00212992 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2012-08-17 21:38 - 2012-08-17 21:38 - 00479160 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll
2013-03-13 12:48 - 2013-03-13 12:48 - 24978944 _____ () C:\Users\Michelle\AppData\Roaming\Dropbox\bin\libcef.dll
2012-09-08 12:16 - 2012-09-08 12:16 - 00433664 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
2012-09-08 12:16 - 2012-09-08 12:16 - 00315392 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
2013-11-17 10:09 - 2013-11-17 10:09 - 03363952 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-10-09 09:21 - 2013-10-09 09:21 - 16233864 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: Realtek RTL8168B/8111B Family PCI-E Gigabit Ethernet NIC (NDIS 6.0)
Description: Realtek RTL8168B/8111B Family PCI-E Gigabit Ethernet NIC (NDIS 6.0)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: RTL8169
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Universal Serial Bus (USB) Controller
Description: Universal Serial Bus (USB) Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: SM Bus Controller
Description: SM Bus Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/01/2013 10:21:24 PM) (Source: Application Hang) (User: )
Description: The program firefox.exe version 25.0.1.5064 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 11e4
Start Time: 01ceef25eca61268
Termination Time: 8

Error: (12/01/2013 09:41:09 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\MICHELLE\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\TFWCEKBK.DEFAULT\SAFEBROWSING-TO_DELETE> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (12/01/2013 09:41:08 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\MICHELLE\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\TFWCEKBK.DEFAULT\SAFEBROWSING> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (12/01/2013 09:41:08 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\MICHELLE\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\TFWCEKBK.DEFAULT\SAFEBROWSING> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (12/01/2013 09:41:07 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\MICHELLE\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\TFWCEKBK.DEFAULT\SAFEBROWSING-TO_DELETE> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (12/01/2013 09:41:07 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\MICHELLE\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\TFWCEKBK.DEFAULT\SAFEBROWSING> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (12/01/2013 09:41:07 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\MICHELLE\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\TFWCEKBK.DEFAULT\SAFEBROWSING> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (12/01/2013 09:41:06 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\MICHELLE\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\TFWCEKBK.DEFAULT\SAFEBROWSING-TO_DELETE> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (12/01/2013 09:41:06 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\MICHELLE\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\TFWCEKBK.DEFAULT\SAFEBROWSING> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (12/01/2013 09:41:06 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\MICHELLE\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\TFWCEKBK.DEFAULT\SAFEBROWSING> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)


System errors:
=============
Error: (12/01/2013 10:20:06 PM) (Source: Service Control Manager) (User: )
Description: Windows Update

Error: (12/01/2013 10:14:55 PM) (Source: Service Control Manager) (User: )
Description: 30000ShellHWDetection

Error: (12/01/2013 10:14:55 PM) (Source: Service Control Manager) (User: )
Description: 30000ShellHWDetection

Error: (12/01/2013 10:14:55 PM) (Source: Service Control Manager) (User: )
Description: Windows Media Player Network Sharing Service%%1053

Error: (12/01/2013 10:14:55 PM) (Source: Service Control Manager) (User: )
Description: 30000Windows Media Player Network Sharing Service

Error: (12/01/2013 10:12:45 PM) (Source: Service Control Manager) (User: )
Description: 30000Windows Media Center Scheduler Service

Error: (12/01/2013 10:12:45 PM) (Source: DCOM) (User: )
Description: 1053ehSched-Service{4B635ECB-0887-4015-8CA6-D621362F98D1}

Error: (12/01/2013 09:52:04 PM) (Source: Service Control Manager) (User: )
Description: 30000ShellHWDetection

Error: (12/01/2013 09:36:58 PM) (Source: Service Control Manager) (User: )
Description: Windows Media Center Receiver Service1100001Restart the service

Error: (12/01/2013 09:36:49 PM) (Source: Service Control Manager) (User: )
Description: Software Licensing11200001Restart the service


Microsoft Office Sessions:
=========================
Error: (08/31/2013 09:18:54 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 239 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (12/03/2012 08:21:18 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 87 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (02/02/2012 09:07:09 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 16 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (07/11/2011 09:46:42 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 41 seconds with 0 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2013-12-01 22:24:55.167
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\kl1.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-12-01 22:24:54.865
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\kl1.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-12-01 22:24:54.659
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\kl1.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-12-01 22:24:54.047
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\kl1.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-12-01 22:18:38.334
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\kl1.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-12-01 22:07:58.711
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\kl1.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-12-01 22:07:58.508
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\kl1.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-12-01 22:07:58.273
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\kl1.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-12-01 22:07:58.050
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\kl1.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-02 13:41:06.097
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Percentage of memory in use: 19%
Total physical RAM: 16374.52 MB
Available physical RAM: 13170.7 MB
Total Pagefile: 32555.89 MB
Available Pagefile: 29744.39 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.51 GB) (Free:392.86 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:931.51 GB) (Free:281.49 GB) NTFS
Drive g: (My Book) (Fixed) (Total:2794.49 GB) (Free:1410.18 GB) NTFS
Drive h: (FreeAgent Drive) (Fixed) (Total:465.76 GB) (Free:153.34 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 932 GB) (Disk ID: ED8BEE61)
Partition 1: (Active) - (Size=932 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 932 GB) (Disk ID: 7CCED9C2)
Partition 1: (Active) - (Size=932 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 466 GB) (Disk ID: A4B57300)
Partition 1: (Not Active) - (Size=466 GB) - (Type=07 NTFS)
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 7.

==================== End Of Log ============================

Link to post
Share on other sites

Download the attached fixlist.txt to the same folder as FRST.

Run FRST.exe and click Fix only once and wait

The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

Then......

Re-scan with AdwCleaner then update and re-scan with Malwarebytes.

Let me know how it is.....MrC

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-12-2013
Ran by Michelle at 2013-12-02 08:51:47 Run:1
Running from C:\Users\Michelle\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Windows\SysWOW64\AdpeakProxy.dll
C:\Users\Michelle\AppData\Local\Temp\6_Offer_17.exe
C:\Users\Michelle\AppData\Local\Temp\BackupSetup.exe
C:\Users\Michelle\AppData\Local\Temp\Quarantine.exe
C:\Users\Michelle\AppData\Local\Temp\SpOrder.dll
C:\Users\Michelle\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Michelle\AppData\Local\Temp\VSUSetup.exe


*****************

C:\Windows\SysWOW64\AdpeakProxy.dll => Moved successfully.
C:\Users\Michelle\AppData\Local\Temp\6_Offer_17.exe => Moved successfully.
C:\Users\Michelle\AppData\Local\Temp\BackupSetup.exe => Moved successfully.
C:\Users\Michelle\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Michelle\AppData\Local\Temp\SpOrder.dll => Moved successfully.
C:\Users\Michelle\AppData\Local\Temp\vcredist_x64.exe => Moved successfully.
C:\Users\Michelle\AppData\Local\Temp\VSUSetup.exe => Moved successfully.

==== End of Fixlog ====

Link to post
Share on other sites

This what I found with adwcleaner, wasn't sure if i should hit clean or not, please advise

 

# AdwCleaner v3.014 - Report created 02/12/2013 at 09:24:24
# Updated 01/12/2013 by Xplode
# Operating System : Windows Vista Ultimate Service Pack 2 (64 bits)
# Username : Michelle - BEHEMOTH
# Running from : C:\Users\Michelle\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16520


-\\ Mozilla Firefox v25.0.1 (en-US)

[ File : C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\tfwcekbk.default\prefs.js ]


-\\ Google Chrome v

[ File : C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [24155 octets] - [01/12/2013 21:12:18]
AdwCleaner[R1].txt - [23884 octets] - [01/12/2013 21:35:07]
AdwCleaner[R2].txt - [24005 octets] - [01/12/2013 21:45:44]
AdwCleaner[R3].txt - [1392 octets] - [02/12/2013 08:53:22]
AdwCleaner[R4].txt - [1512 octets] - [02/12/2013 09:23:11]
AdwCleaner[R5].txt - [1191 octets] - [02/12/2013 09:24:24]
AdwCleaner[s0].txt - [2274 octets] - [01/12/2013 21:16:46]
AdwCleaner[s1].txt - [1899 octets] - [01/12/2013 21:36:48]
AdwCleaner[s2].txt - [21208 octets] - [01/12/2013 21:46:32]
AdwCleaner[s3].txt - [1455 octets] - [02/12/2013 08:54:55]

########## EOF - C:\AdwCleaner\AdwCleaner[R5].txt - [1492 octets] ##########

Link to post
Share on other sites

Please download SystemLook from the link below and save it to your Desktop.
http://jpshortstuff.247fixes.com/SystemLook_x64.exe

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :regfindScorpion
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt
MrC

Link to post
Share on other sites

SystemLook 30.07.11 by jpshortstuff
Log created at 19:11 on 02/12/2013 by Michelle
Administrator - Elevation successful

========== regfind ==========

Searching for "Scorpion"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Scorpion Saver]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\ScorpionSaver]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\3A9F56B942D9A2546BFE41756DE52495]
"ProductName"="ScorpionSaver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\3A9F56B942D9A2546BFE41756DE52495\SourceList]
"PackageName"="ScorpionSaver.msi"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SOFTWARE\CLSID\B4AECD8C-1CA3-44B5-9E51-3F6B4DA032AD]
@="ScorpionSaver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SOFTWARE\CLSID\B4AECD8C-1CA3-44B5-9E51-3F6B4DA032AD\InProcServer32]
@="C:\Program Files(x86)\ScorpionSaver\IECore.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SOFTWARE\Wow6432Node\CLSID\B4AECD8C-1CA3-44B5-9E51-3F6B4DA032AD]
@="ScorpionSaver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SOFTWARE\Wow6432Node\CLSID\B4AECD8C-1CA3-44B5-9E51-3F6B4DA032AD\InProcServer32]
@="C:\Program Files(x86)\ScorpionSaver\IECore.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1C19AC53289098045B06B0DD1D37CBAB]
"3A9F56B942D9A2546BFE41756DE52495"="c:\Program Files (x86)\ScorpionSaver\ff_bootstrap.js"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23D9E9D21B4E77E41B9F50DD22F24E20]
"3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23EEA1F105A7F45449974D9B95E7AC89]
"3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\26982796A8AFD1246B95E00265A95BF9]
"3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\42D92D0D75AFEF74297E03876C8D9D33]
"3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50FFE845C555A6E4BADB7CB7A145BFEB]
"3A9F56B942D9A2546BFE41756DE52495"="c:\Program Files (x86)\ScorpionSaver\SendJson.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\715A3348920B6534690067594BB69F60]
"3A9F56B942D9A2546BFE41756DE52495"="c:\Program Files (x86)\ScorpionSaver\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7B7B13B037A7C2A42AC3E3EAF14D7107]
"3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7D05B2942E9CC80499F397F6114DFB35]
"3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8591B8948E1C4A04F90505B3CDEE8555]
"3A9F56B942D9A2546BFE41756DE52495"="c:\Program Files (x86)\ScorpionSaver\CustomActionInstall"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8D841C5FEC311624CB88D49DB3884FA7]
"3A9F56B942D9A2546BFE41756DE52495"="c:\Program Files (x86)\ScorpionSaver\IECore.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AD746BF3B3B3FD8409B86604BA85982A]
"3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F355F0DB7A2E3A14B8E7A568FBA25937]
"3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3A9F56B942D9A2546BFE41756DE52495\InstallProperties]
"DisplayName"="ScorpionSaver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9B65F9A3-9D24-452A-B6EF-1457D65E4259}]
"DisplayName"="ScorpionSaver"
[HKEY_USERS\S-1-5-21-938033839-2590711077-2007656739-1000\Software\AppDataLow\Software\Scorpion Saver]
[HKEY_USERS\S-1-5-21-938033839-2590711077-2007656739-1000\Software\AppDataLow\Software\ScorpionSaver]

-= EOF =-

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.