Jump to content

Recommended Posts

I have followed a couple of other uninstall guides for Scorpion Saver from bleepingcomputer.  It seems as though I have gotten rid of the ads in my browsers, but when I try to uninstall it via revo,ccleaner, or windows uninstaller it gives me this error:

 

"The feature you are trying to use is on a network resource that is unavailable.  Click OK to try again, or enter an alternate path to a folder containing the installation package 'ScorpionSaver.msi' in the box below. Use source c:\\temp\\ Browse" 

 

When I try browsing for an alternate folder that contains the msi file, none of the folders contain the installation package.  When I try closing out of the error message, this is the response I get.

 

"The installation source for this product is not available. Verify that the source exists and that you can access it."

 

I saw the topic https://forums.malwarebytes.org/index.php?showtopic=137526

and here are my posts:

 

also.... when I run Farbar it crashes and the only report i get is the FRST.txt.  I searched my computer for Addition.txt to no avail.

the error was

AutoIt Error

Line 9537 (file "C\Users\mrvitamin\desktop\vir removal\frst64.exe"):

Error=Variable used without bring declared.

AdwCleanerS0new.txt

mbam-log-2013-12-07 (18-06-02).txt

FRST.txt

Link to post
Share on other sites

 this is the adwcleaner log i meant to post,  afterwards is one I just ran.  That is all of the FRST log I have, it seems to crash and not give me the other addition.txt log mentioned in other posts.  I also ran systemlook the log is the very last one.

 
# AdwCleaner v3.014 - Report created 07/12/2013 at 17:40:02
# Updated 01/12/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : mrvitamin - MRVITAMIN-PC
# Running from : C:\Users\mrvitamin\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\Splashtop
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AppGraffiti
Folder Deleted : C:\Program Files (x86)\Inbox Toolbar
Folder Deleted : C:\Program Files\Level Quality Watcher
Folder Deleted : C:\Users\mrvitamin\AppData\Local\Babylon
Folder Deleted : C:\Users\mrvitamin\AppData\Local\Conduit
Folder Deleted : C:\Users\mrvitamin\AppData\Local\PackageAware
Folder Deleted : C:\Users\mrvitamin\AppData\LocalLow\AppGraffiti
Folder Deleted : C:\Users\mrvitamin\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\mrvitamin\AppData\Roaming\digitalsite
Folder Deleted : C:\Users\mrvitamin\AppData\Roaming\Splashtop
Folder Deleted : C:\Users\mrvitamin\AppData\Roaming\Systweak
Folder Deleted : C:\Users\mrvitamin\AppData\Roaming\Mozilla\Firefox\Profiles\gm7dyqpn.default\ConduitCommon
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Users\mrvitamin\AppData\Roaming\Mozilla\Firefox\Profiles\gm7dyqpn.default\user.js
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\angobeimajilfhlcpeiccndaifchnppl
Key Deleted : HKLM\SOFTWARE\Classes\AppGraffiti.AppGraffitiJS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC99A798-FD3D-4AB4-969E-6071612524F9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FFE66D00-A56A-4F7F-81D7-4A28C5816D6C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{D3D233D5-9F6D-436C-B6C7-E63F77503B30}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : HKCU\Software\AppGraffiti
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\Toolbar
Key Deleted : HKLM\Software\AppGraffiti
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\systweak
Key Deleted : HKLM\Software\Uniblue
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16428
 
 
-\\ Mozilla Firefox v25.0.1 (en-US)
 
[ File : C:\Users\mrvitamin\AppData\Roaming\Mozilla\Firefox\Profiles\gm7dyqpn.default\prefs.js ]
 
Line Deleted : user_pref("CT3015261..clientLogIsEnabled", false);
Line Deleted : user_pref("CT3015261.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Line Deleted : user_pref("CT3015261.AppTrackingLastCheckTime", "Tue Jan 17 2012 07:02:51 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT3015261.BrowserCompStateIsOpen_129958911685785597", true);
Line Deleted : user_pref("CT3015261.BrowserCompStateIsOpen_1367165901000", true);
Line Deleted : user_pref("CT3015261.CTID", "CT3015261");
Line Deleted : user_pref("CT3015261.CurrentServerDate", "19-8-2013");
Line Deleted : user_pref("CT3015261.DialogsAlignMode", "LTR");
Line Deleted : user_pref("CT3015261.DialogsGetterLastCheckTime", "Wed Aug 14 2013 10:23:29 GMT-0400 (Eastern Standard Time)");
Line Deleted : user_pref("CT3015261.DownloadReferralCookieData", "");
Line Deleted : user_pref("CT3015261.EMailNotifierPollDate", "Sat Feb 18 2012 12:58:08 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT3015261.FirstServerDate", "13-8-2011");
Line Deleted : user_pref("CT3015261.FirstTime", true);
Line Deleted : user_pref("CT3015261.FirstTimeFF3", true);
Line Deleted : user_pref("CT3015261.FixPageNotFoundErrors", true);
Line Deleted : user_pref("CT3015261.GroupingServerCheckInterval", 1440);
Line Deleted : user_pref("CT3015261.HasUserGlobalKeys", true);
Line Deleted : user_pref("CT3015261.HomePageProtectorEnabled", false);
Line Deleted : user_pref("CT3015261.Initialize", true);
Line Deleted : user_pref("CT3015261.InitializeCommonPrefs", true);
Line Deleted : user_pref("CT3015261.InstallationAndCookieDataSentCount", 3);
Line Deleted : user_pref("CT3015261.InstallationId", "CT3015261_ZoneAlarm_Security_Suite.exe");
Line Deleted : user_pref("CT3015261.InstallationType", "ConduitIntegration");
Line Deleted : user_pref("CT3015261.InstalledDate", "Sat Aug 13 2011 10:38:54 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT3015261.IsAlertDBUpdated", true);
Line Deleted : user_pref("CT3015261.IsGrouping", false);
Line Deleted : user_pref("CT3015261.IsInitSetupIni", true);
Line Deleted : user_pref("CT3015261.IsMulticommunity", false);
Line Deleted : user_pref("CT3015261.IsOpenThankYouPage", false);
Line Deleted : user_pref("CT3015261.IsOpenUninstallPage", false);
Line Deleted : user_pref("CT3015261.LanguagePackLastCheckTime", "Mon Aug 19 2013 15:31:53 GMT-0400 (Eastern Standard Time)");
Line Deleted : user_pref("CT3015261.LanguagePackReloadIntervalMM", 1440);
Line Deleted : user_pref("CT3015261.LastLogin_3.12.2.3", "Sun Jun 03 2012 17:07:18 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT3015261.LastLogin_3.13.0.6", "Sun Jul 15 2012 17:30:14 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT3015261.LastLogin_3.14.1.0", "Wed Aug 22 2012 18:46:05 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT3015261.LastLogin_3.15.1.0", "Tue Nov 06 2012 19:36:08 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT3015261.LastLogin_3.16.0.3", "Mon Feb 11 2013 11:01:19 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT3015261.LastLogin_3.18.0.7", "Wed Jul 17 2013 08:48:13 GMT-0400 (Eastern Standard Time)");
Line Deleted : user_pref("CT3015261.LastLogin_3.19.0.3", "Mon Aug 19 2013 15:31:55 GMT-0400 (Eastern Standard Time)");
Line Deleted : user_pref("CT3015261.LastLogin_3.5.1.1", "Sat Aug 20 2011 14:53:29 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT3015261.LastLogin_3.6.0.10", "Fri Sep 30 2011 13:46:37 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT3015261.LastLogin_3.7.0.6", "Thu Nov 10 2011 10:51:49 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT3015261.LastLogin_3.8.0.8", "Tue Dec 06 2011 19:29:49 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT3015261.LastLogin_3.8.1.0", "Sun Jan 15 2012 23:11:23 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT3015261.LastLogin_3.9.0.3", "Sat Feb 18 2012 12:17:54 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT3015261.LatestVersion", "3.19.0.3");
Line Deleted : user_pref("CT3015261.Locale", "en");
Line Deleted : user_pref("CT3015261.MCDetectTooltipHeight", "83");
Line Deleted : user_pref("CT3015261.MCDetectTooltipWidth", "295");
Line Deleted : user_pref("CT3015261.MyStuffEnabledAtInstallation", true);
Line Deleted : user_pref("CT3015261.OriginalFirstVersion", "3.5.1.1");
Line Deleted : user_pref("CT3015261.SHRINK_TOOLBAR", 1);
Line Deleted : user_pref("CT3015261.SearchEngineBeforeUnload", "Inbox Search");
Line Deleted : user_pref("CT3015261.SearchFromAddressBarIsInit", true);
Line Deleted : user_pref("CT3015261.SearchInNewTabEnabled", true);
Line Deleted : user_pref("CT3015261.SearchInNewTabIntervalMM", 1440);
Line Deleted : user_pref("CT3015261.SearchInNewTabLastCheckTime", "Mon Aug 19 2013 15:31:53 GMT-0400 (Eastern Standard Time)");
Line Deleted : user_pref("CT3015261.SearchProtectorEnabled", false);
Line Deleted : user_pref("CT3015261.SearchProtectorToolbarDisabled", false);
Line Deleted : user_pref("CT3015261.ServiceMapLastCheckTime", "Mon Aug 19 2013 15:31:53 GMT-0400 (Eastern Standard Time)");
Line Deleted : user_pref("CT3015261.SettingsLastCheckTime", "Mon Aug 19 2013 15:31:53 GMT-0400 (Eastern Standard Time)");
Line Deleted : user_pref("CT3015261.SettingsLastUpdate", "1376897201");
Line Deleted : user_pref("CT3015261.ThirdPartyComponentsInterval", 504);
Line Deleted : user_pref("CT3015261.ThirdPartyComponentsLastCheck", "Fri Feb 10 2012 17:40:13 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT3015261.ThirdPartyComponentsLastUpdate", "1312887586");
Line Deleted : user_pref("CT3015261.ToolbarShrinkedFromSetup", false);
Line Deleted : user_pref("CT3015261.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCity[...]
Line Deleted : user_pref("CT3015261.UserID", "UN15574412649713276");
Line Deleted : user_pref("CT3015261.ValidationData_Search", 1);
Line Deleted : user_pref("CT3015261.ValidationData_Toolbar", 2);
Line Deleted : user_pref("CT3015261.alertChannelId", "1406927");
Line Deleted : user_pref("CT3015261.globalFirstTimeInfoLastCheckTime", "Thu Feb 09 2012 20:47:32 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT3015261.homepageProtectorEnableByLogin", true);
Line Deleted : user_pref("CT3015261.initDone", true);
Line Deleted : user_pref("CT3015261.isAppTrackingManagerOn", true);
Line Deleted : user_pref("CT3015261.myStuffEnabled", true);
Line Deleted : user_pref("CT3015261.myStuffPublihserMinWidth", 400);
Line Deleted : user_pref("CT3015261.myStuffServiceIntervalMM", 1440);
Line Deleted : user_pref("CT3015261.oldAppsList", "129506578324945315,129506578325335957,111,129506578326068408,129506578326556709,129506578328734533,1000080,129533670857631562,1000034,129506578327572375,12950657832[...]
Line Deleted : user_pref("CT3015261.revertSettingsEnabled", false);
Line Deleted : user_pref("CT3015261.searchProtectorDialogDelayInSec", 10);
Line Deleted : user_pref("CT3015261.searchProtectorEnableByLogin", true);
Line Deleted : user_pref("CT3015261.testingCtid", "");
Line Deleted : user_pref("CT3015261.toolbarAppMetaDataLastCheckTime", "Mon Aug 19 2013 15:31:53 GMT-0400 (Eastern Standard Time)");
Line Deleted : user_pref("CT3015261.toolbarContextMenuLastCheckTime", "Sun Feb 12 2012 20:53:58 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT3015261.usagesFlag", 2);
Line Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.9.0.3");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT3015261");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT3015261");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT3015261");
Line Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Sat Feb 18 2012 12:17:42 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CommunityToolbar.globalUserId", "4dc27ef4-5ef3-425a-9e59-9998c54c46ab");
Line Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Line Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Line Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3015261");
Line Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Thu Feb 16 2012 18:20:34 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 60);
Line Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Sat Feb 18 2012 12:17:50 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CommunityToolbar.notifications.locale", "");
Line Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 0);
Line Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Sat Feb 18 2012 12:38:08 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "");
Line Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Line Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Line Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Line Deleted : user_pref("CommunityToolbar.notifications.userId", "d17edef6-6b89-4907-a97e-c59c47a57da6");
Line Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Line Deleted : user_pref("browser.search.order.1", "Ask.com");
Line Deleted : user_pref("ibxcomtb.defs", "<buttons>\n<button id=\"mail_plugin\" position=\"3002\" default=\"1\" type=\"simple\" dynamic=\"true\" action=\"ADD\" acttype=\"call\" ver=\"1.0.0.2\">  \n  <caption>Email [...]
Line Deleted : user_pref("ibxcomtb.dynamicBtnCache", "<buttons><button id=\"mail_plugin\" position=\"3002\" default=\"1\" type=\"dropdown\" dynamic=\"true\" ver=\"1.0.0.2\">  \n  <icoinfo/>\n  \n  <caption>Email Not[...]
 
-\\ Google Chrome v
 
[ File : C:\Users\mrvitamin\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [23230 octets] - [07/12/2013 17:37:37]
AdwCleaner[s0].txt - [23416 octets] - [07/12/2013 17:40:02]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [23477 octets] ##########
 
 
 
most recent log from adwcleaner:
 
# AdwCleaner v3.014 - Report created 08/12/2013 at 14:04:46
# Updated 01/12/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : mrvitamin - MRVITAMIN-PC
# Running from : C:\Users\mrvitamin\Desktop\vir removal\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16428
 
 
-\\ Mozilla Firefox v25.0.1 (en-US)
 
[ File : C:\Users\mrvitamin\AppData\Roaming\Mozilla\Firefox\Profiles\gm7dyqpn.default\prefs.js ]
 
 
-\\ Google Chrome v
 
[ File : C:\Users\mrvitamin\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [23230 octets] - [07/12/2013 17:37:37]
AdwCleaner[R1].txt - [1039 octets] - [08/12/2013 14:01:30]
AdwCleaner[s0].txt - [23574 octets] - [07/12/2013 17:40:02]
AdwCleaner[s1].txt - [962 octets] - [08/12/2013 14:04:46]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [1021 octets] ##########
 
 
 
 
 
SystemLook Log
 
SystemLook 30.07.11 by jpshortstuff
Log created at 18:28 on 07/12/2013 by mrvitamin
Administrator - Elevation successful
 
========== filefind ==========
 
Searching for "*Scorpion*"
C:\Windows\Prefetch\SCORPIONSAVER.EXE-66AEE977.pf --a---- 27688 bytes [15:47 03/12/2013] [21:08 03/12/2013] 5907240E6B702CE75A4D8C8F64E9BB89
 
Searching for "Scopion.*"
No files found.
 
========== folderfind ==========
 
Searching for "*Scorpion*"
No folders found.
 
========== regfind ==========
 
Searching for "*Scorpion*"
No data found.
 
Searching for "Scorpion"
[HKEY_CURRENT_USER\Software\Adpeak, Inc.\ScorpionSaver]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Scorpion Saver]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\ScorpionSaver]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\3A9F56B942D9A2546BFE41756DE52495]
"ProductName"="ScorpionSaver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\3A9F56B942D9A2546BFE41756DE52495\SourceList]
"PackageName"="ScorpionSaver.msi"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SOFTWARE\Wow6432Node\CLSID\B4AECD8C-1CA3-44B5-9E51-3F6B4DA032AD]
@="ScorpionSaver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SOFTWARE\Wow6432Node\CLSID\B4AECD8C-1CA3-44B5-9E51-3F6B4DA032AD\InProcServer32]
@="C:\Program Files(x86)\ScorpionSaver\IECore.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1C19AC53289098045B06B0DD1D37CBAB]
"3A9F56B942D9A2546BFE41756DE52495"="c:\Program Files (x86)\ScorpionSaver\ff_bootstrap.js"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23D9E9D21B4E77E41B9F50DD22F24E20]
"3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23EEA1F105A7F45449974D9B95E7AC89]
"3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\26982796A8AFD1246B95E00265A95BF9]
"3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\42D92D0D75AFEF74297E03876C8D9D33]
"3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50FFE845C555A6E4BADB7CB7A145BFEB]
"3A9F56B942D9A2546BFE41756DE52495"="c:\Program Files (x86)\ScorpionSaver\SendJson.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\715A3348920B6534690067594BB69F60]
"3A9F56B942D9A2546BFE41756DE52495"="c:\Program Files (x86)\ScorpionSaver\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7B7B13B037A7C2A42AC3E3EAF14D7107]
"3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7D05B2942E9CC80499F397F6114DFB35]
"3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8591B8948E1C4A04F90505B3CDEE8555]
"3A9F56B942D9A2546BFE41756DE52495"="c:\Program Files (x86)\ScorpionSaver\CustomActionInstall"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8D841C5FEC311624CB88D49DB3884FA7]
"3A9F56B942D9A2546BFE41756DE52495"="c:\Program Files (x86)\ScorpionSaver\IECore.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AD746BF3B3B3FD8409B86604BA85982A]
"3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F355F0DB7A2E3A14B8E7A568FBA25937]
"3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3A9F56B942D9A2546BFE41756DE52495\InstallProperties]
"DisplayName"="ScorpionSaver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Scorpion Saver]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9B65F9A3-9D24-452A-B6EF-1457D65E4259}]
"DisplayName"="ScorpionSaver"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Scorpion Saver]
[HKEY_USERS\S-1-5-21-1372494754-2668011297-891389686-1000\Software\Adpeak, Inc.\ScorpionSaver]
[HKEY_USERS\S-1-5-21-1372494754-2668011297-891389686-1000\Software\AppDataLow\Software\Scorpion Saver]
[HKEY_USERS\S-1-5-21-1372494754-2668011297-891389686-1000\Software\AppDataLow\Software\ScorpionSaver]
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Scorpion Saver]
 
-= EOF =-
Link to post
Share on other sites

I just got farbar to work by going into system repair on win7 and using command prompt here is the log:

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-12-2013 02
Ran by SYSTEM on MININT-DV55654 on 08-12-2013 15:12:33
Running from F:\
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11772520 2011-01-04] (Realtek Semiconductor)
HKLM\...\Run: [WrtMon.exe] - C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe [20480 2006-09-20] ()
HKLM\...\RunOnce: [RPMKickstart] - C:\Program Files\GIGABYTE\SMART6\Recovery\RPMKickstart.exe [2552320 2010-08-23] (Gigabyte Technology CO., LTD.)
HKLM-x32\...\RunOnce: [EasyTuneVI] - C:\Program Files (x86)\GIGABYTE\ET6\ETCall.exe [20480 2007-07-26] ()
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [iSUSScheduler] - C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-02-17] (InstallShield Software Corporation)
HKLM-x32\...\Run: [startCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-08-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ZoneAlarm] - C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [72336 2011-07-22] (Check Point Software Technologies LTD)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [sSBkgdUpdate] - C:\Program Files (x86)\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe [185896 2006-09-28] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [OpwareSE4] - C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpWareSE4.exe [75304 2006-10-11] (ScanSoft, Inc.)
HKLM-x32\...\Run: [EEventManager] - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [673616 2009-04-07] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [LifeCam] - C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)
HKU\mrvitamin\...\Run: [MoneyAgent] - C:\Program Files (x86)\Microsoft Money\System\mnyexpr.exe [200704 2003-06-18] (Microsoft Corp.)
Startup: C:\Users\mrvitamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Services (Whitelisted) =================
 
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
S2 DES2 Service; C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [68136 2009-06-17] ()
S2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [109352 2013-12-07] (SurfRight B.V.)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S2 Smart TimeLock; C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [114688 2009-10-13] (Gigabyte Technology CO., LTD.)
S2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [2413936 2011-07-22] (Check Point Software Technologies LTD)
 
==================== Drivers (Whitelisted) ====================
 
S1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21104 2011-01-10] ()
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2013-12-08] ()
S0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [460888 2010-10-14] (Kaspersky Lab ZAO)
S1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [11864 2010-10-14] (Kaspersky Lab ZAO)
S1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [362072 2010-09-21] (Kaspersky Lab)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2013-11-26] ()
S3 VLAN; C:\Windows\System32\DRIVERS\RtVLAN60.sys [24064 2010-12-13] (Windows ® Codename Longhorn DDK provider)
S1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [454232 2011-05-07] (Check Point Software Technologies LTD)
S3 MSICDSetup; \??\D:\CDriver64.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-12-08 11:41 - 2013-12-08 11:40 - 01927772 _____ (Farbar) C:\Users\mrvitamin\Desktop\FRST64.exe
2013-12-08 11:40 - 2013-12-08 11:40 - 01927772 _____ (Farbar) C:\Users\mrvitamin\Downloads\FRST64 (1).exe
2013-12-08 11:40 - 2013-12-08 11:40 - 01060441 _____ (Farbar) C:\Users\mrvitamin\Downloads\FRST.exe
2013-12-08 11:36 - 2013-12-08 11:36 - 00011475 _____ C:\Users\mrvitamin\Downloads\FRST.txt
2013-12-08 11:35 - 2013-12-08 11:35 - 00000034 _____ C:\Users\mrvitamin\Downloads\fixlist (2).txt
2013-12-08 11:31 - 2013-12-08 11:31 - 00000035 _____ C:\Users\mrvitamin\Downloads\fixlist.txt
2013-12-08 11:31 - 2013-12-08 11:31 - 00000034 _____ C:\Users\mrvitamin\Downloads\fixlist (1).txt
2013-12-07 15:28 - 2013-12-07 15:29 - 00010060 _____ C:\Users\mrvitamin\Downloads\SystemLook.txt
2013-12-07 15:28 - 2013-12-07 15:28 - 00165376 _____ C:\Users\mrvitamin\Downloads\SystemLook_x64.exe
2013-12-07 15:17 - 2013-12-07 15:18 - 01927514 _____ (Farbar) C:\Users\mrvitamin\Downloads\FRST64(1).exe
2013-12-07 15:16 - 2013-12-07 15:16 - 00000000 ____D C:\FRST
2013-12-07 15:15 - 2013-12-07 15:15 - 01927514 _____ (Farbar) C:\Users\mrvitamin\Downloads\FRST64.exe
2013-12-07 15:03 - 2013-12-08 11:53 - 00000000 ____D C:\Users\mrvitamin\Desktop\vir removal
2013-12-07 14:37 - 2013-12-08 11:04 - 00000000 ____D C:\AdwCleaner
2013-12-07 14:36 - 2013-12-07 14:36 - 01110034 _____ C:\Users\mrvitamin\Downloads\AdwCleaner.exe
2013-12-07 14:19 - 2013-12-07 14:19 - 00000000 ____D C:\Users\mrvitamin\AppData\Local\VS Revo Group
2013-12-07 14:19 - 2013-12-07 14:19 - 00000000 ____D C:\ProgramData\VS Revo Group
2013-12-07 14:19 - 2013-12-07 14:19 - 00000000 ____D C:\Program Files\VS Revo Group
2013-12-07 14:19 - 2009-12-30 08:21 - 00031800 _____ (VS Revo Group) C:\Windows\System32\Drivers\revoflt.sys
2013-12-07 14:18 - 2013-12-07 14:18 - 10031224 _____ (VS Revo Group                                               ) C:\Users\mrvitamin\Downloads\RevoUninProSetup.exe
2013-12-07 14:09 - 2013-12-07 14:09 - 00110088 _____ C:\Users\mrvitamin\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-07 14:08 - 2013-12-08 11:06 - 00000448 _____ C:\Windows\setupact.log
2013-12-07 14:08 - 2013-12-07 14:08 - 00000000 _____ C:\Windows\setuperr.log
2013-12-07 14:07 - 2013-12-07 14:08 - 00424064 _____ C:\Windows\System32\FNTCACHE.DAT
2013-12-07 14:07 - 2013-12-07 14:07 - 00004120 _____ C:\Windows\PFRO.log
2013-12-07 14:03 - 2013-12-07 14:03 - 00222724 _____ C:\Users\mrvitamin\Documents\cc_20131207_170335.reg
2013-12-07 14:03 - 2013-12-07 14:03 - 00000082 _____ C:\Users\mrvitamin\Documents\cc_20131207_170350.reg
2013-12-07 13:57 - 2013-12-07 13:57 - 00000020 _____ C:\Windows\p÷X
2013-12-07 13:34 - 2013-12-07 13:34 - 00000000 ____D C:\Users\mrvitamin\AppData\Roaming\Kalydo
2013-12-07 13:14 - 2013-12-07 13:14 - 00000000 ____D C:\Windows\pss
2013-12-07 12:43 - 2013-12-07 12:28 - 00000975 _____ C:\Users\mrvitamin\Desktop\CCleaner.lnk
2013-12-07 11:44 - 2013-12-07 11:43 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\mrvitamin\Desktop\iExplore.exe
2013-12-07 11:43 - 2013-12-07 11:43 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\mrvitamin\Downloads\iExplore.exe
2013-12-07 11:42 - 2013-12-07 11:42 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\mrvitamin\Downloads\rkill.exe
2013-12-07 11:42 - 2013-12-07 11:42 - 01059064 _____ (Bleeping Computer, LLC) C:\Users\mrvitamin\Downloads\rkill64.exe
2013-12-07 10:54 - 2013-12-07 11:14 - 00000000 ____D C:\ProgramData\HitmanPro
2013-12-07 10:54 - 2013-12-07 10:54 - 10264904 _____ (SurfRight B.V.) C:\Users\mrvitamin\Downloads\HitmanPro_x64(2).exe
2013-12-07 10:54 - 2013-12-07 10:54 - 00000000 ____D C:\Program Files\HitmanPro
2013-12-07 10:53 - 2013-12-07 10:53 - 10264904 _____ (SurfRight B.V.) C:\Users\mrvitamin\Downloads\hitmanpro_x64(1).exe
2013-12-07 10:52 - 2013-12-07 10:53 - 10264904 _____ (SurfRight B.V.) C:\Users\mrvitamin\Downloads\hitmanpro_x64.exe
2013-12-07 10:51 - 2013-12-07 10:51 - 00000000 _____ C:\Users\mrvitamin\Downloads\HitmanPro35.exe
2013-12-06 10:37 - 2013-12-06 10:37 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-06 10:37 - 2013-04-04 11:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-12-06 10:31 - 2013-12-06 10:31 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\mrvitamin\Downloads\mbam-setup-1.75.0.1300.exe
2013-12-05 17:43 - 2013-12-05 17:45 - 00006821 _____ C:\Users\mrvitamin\Downloads\like(1).php
2013-12-02 18:21 - 2013-12-02 18:22 - 00000000 ____D C:\Users\mrvitamin\Downloads\twitter
2013-11-27 10:30 - 2013-10-16 07:18 - 00439296 _____ (Adpeak, Inc.) C:\Windows\System32\AdpeakProxy64.dll
2013-11-26 12:00 - 2013-11-26 12:00 - 00002780 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-11-26 11:59 - 2013-11-26 12:00 - 04618136 _____ (Piriform Ltd) C:\Users\mrvitamin\Downloads\ccsetup408.exe
2013-11-26 10:29 - 2013-11-26 10:33 - 00000000 ____D C:\Users\mrvitamin\AppData\Local\Mobogenie
2013-11-26 10:29 - 2013-11-26 10:29 - 00000000 ____D C:\Users\mrvitamin\Documents\Mobogenie
2013-11-26 10:29 - 2013-11-26 10:29 - 00000000 ____D C:\Users\mrvitamin\AppData\Local\cache
2013-11-26 10:29 - 2013-11-26 10:29 - 00000000 _____ C:\Users\mrvitamin\daemonprocess.txt
2013-11-26 10:27 - 2013-11-26 10:27 - 00000105 _____ C:\Users\mrvitamin\Documents\vrs.txt
2013-11-26 10:25 - 2013-11-26 10:25 - 00000000 ____D C:\Users\mrvitamin\AppData\Roaming\Malwarebytes
2013-11-26 10:25 - 2013-11-26 10:25 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-22 16:49 - 2013-11-22 16:49 - 00002029 _____ C:\Users\Public\Desktop\Microsoft LifeCam.lnk
2013-11-22 16:49 - 2013-11-22 16:49 - 00000000 ____D C:\Program Files\Microsoft LifeCam
2013-11-22 16:49 - 2013-11-22 16:49 - 00000000 ____D C:\Program Files (x86)\Microsoft LifeCam
2013-11-22 16:49 - 2009-09-04 14:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2013-11-22 16:49 - 2009-09-04 14:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2013-11-22 13:50 - 2013-09-04 04:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbhub.sys
2013-11-22 13:50 - 2013-09-04 04:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbport.sys
2013-11-22 13:50 - 2013-09-04 04:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbccgp.sys
2013-11-22 13:50 - 2013-09-04 04:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbehci.sys
2013-11-22 13:50 - 2013-09-04 04:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbuhci.sys
2013-11-22 13:50 - 2013-09-04 04:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbohci.sys
2013-11-22 13:50 - 2013-09-04 04:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbd.sys
2013-11-19 13:21 - 2013-12-08 11:53 - 00327680 _____ C:\Windows\System32\Ikeext.etl
2013-11-19 13:19 - 2013-11-19 13:26 - 00000443 _____ C:\Windows\System32\Drivers\etc\hosts.ics
2013-11-19 00:03 - 2013-10-14 15:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\System32\IEUDINIT.EXE
2013-11-19 00:02 - 2013-11-19 00:02 - 23212032 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 12995584 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 05765120 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 02764288 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-19 00:02 - 2013-11-19 00:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-11-19 00:02 - 2013-11-19 00:02 - 02332160 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 01993728 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-11-19 00:02 - 2013-11-19 00:02 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-19 00:02 - 2013-11-19 00:02 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 01394176 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 01228800 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00942592 _____ (Microsoft Corporation) C:\Windows\System32\jsIntl.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00940032 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-11-19 00:02 - 2013-11-19 00:02 - 00817664 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00774144 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00708608 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00626176 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-11-19 00:02 - 2013-11-19 00:02 - 00616104 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-11-19 00:02 - 2013-11-19 00:02 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00574976 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00548352 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00453120 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00413696 _____ (Microsoft Corporation) C:\Windows\System32\html.iec
2013-11-19 00:02 - 2013-11-19 00:02 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-11-19 00:02 - 2013-11-19 00:02 - 00296960 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00263376 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00247808 _____ (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00243200 _____ (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00235520 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00235008 _____ (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00218624 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-11-19 00:02 - 2013-11-19 00:02 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00167424 _____ (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-11-19 00:02 - 2013-11-19 00:02 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-11-19 00:02 - 2013-11-19 00:02 - 00147968 _____ (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00143872 _____ (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-11-19 00:02 - 2013-11-19 00:02 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-11-19 00:02 - 2013-11-19 00:02 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-11-19 00:02 - 2013-11-19 00:02 - 00135680 _____ (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00131072 _____ (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-11-19 00:02 - 2013-11-19 00:02 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2013-11-19 00:02 - 2013-11-19 00:02 - 00105984 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00101376 _____ (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00090112 _____ (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-11-19 00:02 - 2013-11-19 00:02 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00086016 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-11-19 00:02 - 2013-11-19 00:02 - 00084992 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00083968 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00081408 _____ (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00077312 _____ (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-11-19 00:02 - 2013-11-19 00:02 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-11-19 00:02 - 2013-11-19 00:02 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-19 00:02 - 2013-11-19 00:02 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-11-19 00:02 - 2013-11-19 00:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00052224 _____ (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00048128 _____ (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00040448 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00030208 _____ (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00013824 _____ (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-11-19 00:02 - 2013-11-19 00:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-11-19 00:02 - 2013-11-19 00:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-11-19 00:02 - 2013-11-19 00:02 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-11-19 00:02 - 2013-11-19 00:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2013-11-18 21:25 - 2013-11-18 21:25 - 00000000 ____D C:\Users\mrvitamin\AppData\Local\{9083BC5A-CFA4-403C-8F27-CD5205883358}
2013-11-18 06:53 - 2013-11-18 06:53 - 00000000 ____D C:\ProgramData\Oracle
2013-11-17 18:02 - 2013-11-17 18:02 - 00000000 __SHD C:\found.000
2013-11-13 05:19 - 2013-10-05 12:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-11-13 05:19 - 2013-10-05 11:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-13 05:18 - 2013-10-03 18:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\System32\SmartcardCredentialProvider.dll
2013-11-13 05:18 - 2013-10-03 18:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\System32\credui.dll
2013-11-13 05:18 - 2013-10-03 18:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-11-13 05:18 - 2013-10-03 17:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-13 05:18 - 2013-10-03 17:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-13 05:18 - 2013-10-03 17:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-13 05:18 - 2013-09-27 17:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2013-11-13 05:17 - 2013-10-11 18:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\System32\nshwfp.dll
2013-11-13 05:17 - 2013-10-11 18:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\System32\IKEEXT.DLL
2013-11-13 05:17 - 2013-10-11 18:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\System32\FWPUCLNT.DLL
2013-11-13 05:17 - 2013-10-11 18:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-13 05:17 - 2013-10-11 18:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-13 05:17 - 2013-10-02 18:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\System32\gdi32.dll
2013-11-13 05:17 - 2013-10-02 18:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-13 05:17 - 2013-09-24 18:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2013-11-13 05:17 - 2013-09-24 18:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2013-11-13 05:17 - 2013-09-24 18:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2013-11-13 05:17 - 2013-09-24 18:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2013-11-13 05:17 - 2013-09-24 18:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\System32\secur32.dll
2013-11-13 05:17 - 2013-09-24 18:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll
2013-11-13 05:17 - 2013-09-24 18:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2013-11-13 05:17 - 2013-09-24 18:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2013-11-13 05:17 - 2013-09-24 17:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-13 05:17 - 2013-09-24 17:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-13 05:17 - 2013-09-24 17:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-13 05:17 - 2013-09-24 17:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-13 05:17 - 2013-09-24 17:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\System32\lsass.exe
2013-11-13 05:17 - 2013-07-04 04:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
 
==================== One Month Modified Files and Folders =======
 
2013-12-08 11:53 - 2013-12-07 15:03 - 00000000 ____D C:\Users\mrvitamin\Desktop\vir removal
2013-12-08 11:53 - 2013-11-19 13:21 - 00327680 _____ C:\Windows\System32\Ikeext.etl
2013-12-08 11:53 - 2011-05-17 18:07 - 01666692 _____ C:\Windows\WindowsUpdate.log
2013-12-08 11:45 - 2009-07-13 21:13 - 00726444 _____ C:\Windows\System32\PerfStringBackup.INI
2013-12-08 11:40 - 2013-12-08 11:41 - 01927772 _____ (Farbar) C:\Users\mrvitamin\Desktop\FRST64.exe
2013-12-08 11:40 - 2013-12-08 11:40 - 01927772 _____ (Farbar) C:\Users\mrvitamin\Downloads\FRST64 (1).exe
2013-12-08 11:40 - 2013-12-08 11:40 - 01060441 _____ (Farbar) C:\Users\mrvitamin\Downloads\FRST.exe
2013-12-08 11:36 - 2013-12-08 11:36 - 00011475 _____ C:\Users\mrvitamin\Downloads\FRST.txt
2013-12-08 11:35 - 2013-12-08 11:35 - 00000034 _____ C:\Users\mrvitamin\Downloads\fixlist (2).txt
2013-12-08 11:31 - 2013-12-08 11:31 - 00000035 _____ C:\Users\mrvitamin\Downloads\fixlist.txt
2013-12-08 11:31 - 2013-12-08 11:31 - 00000034 _____ C:\Users\mrvitamin\Downloads\fixlist (1).txt
2013-12-08 11:13 - 2009-07-13 20:45 - 00022096 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-08 11:13 - 2009-07-13 20:45 - 00022096 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-08 11:07 - 2011-05-17 16:08 - 00030528 _____ C:\Windows\GVTDrv64.sys
2013-12-08 11:07 - 2011-05-17 16:08 - 00000004 _____ C:\Windows\SysWOW64\GVTunner.ref
2013-12-08 11:07 - 2011-05-17 16:07 - 00025640 _____ (Windows ® Server 2003 DDK provider) C:\Windows\gdrv.sys
2013-12-08 11:06 - 2013-12-07 14:08 - 00000448 _____ C:\Windows\setupact.log
2013-12-08 11:06 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-08 11:04 - 2013-12-07 14:37 - 00000000 ____D C:\AdwCleaner
2013-12-07 20:01 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\tracing
2013-12-07 15:29 - 2013-12-07 15:28 - 00010060 _____ C:\Users\mrvitamin\Downloads\SystemLook.txt
2013-12-07 15:28 - 2013-12-07 15:28 - 00165376 _____ C:\Users\mrvitamin\Downloads\SystemLook_x64.exe
2013-12-07 15:18 - 2013-12-07 15:17 - 01927514 _____ (Farbar) C:\Users\mrvitamin\Downloads\FRST64(1).exe
2013-12-07 15:16 - 2013-12-07 15:16 - 00000000 ____D C:\FRST
2013-12-07 15:15 - 2013-12-07 15:15 - 01927514 _____ (Farbar) C:\Users\mrvitamin\Downloads\FRST64.exe
2013-12-07 14:36 - 2013-12-07 14:36 - 01110034 _____ C:\Users\mrvitamin\Downloads\AdwCleaner.exe
2013-12-07 14:19 - 2013-12-07 14:19 - 00000000 ____D C:\Users\mrvitamin\AppData\Local\VS Revo Group
2013-12-07 14:19 - 2013-12-07 14:19 - 00000000 ____D C:\ProgramData\VS Revo Group
2013-12-07 14:19 - 2013-12-07 14:19 - 00000000 ____D C:\Program Files\VS Revo Group
2013-12-07 14:18 - 2013-12-07 14:18 - 10031224 _____ (VS Revo Group                                               ) C:\Users\mrvitamin\Downloads\RevoUninProSetup.exe
2013-12-07 14:09 - 2013-12-07 14:09 - 00110088 _____ C:\Users\mrvitamin\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-07 14:08 - 2013-12-07 14:08 - 00000000 _____ C:\Windows\setuperr.log
2013-12-07 14:08 - 2013-12-07 14:07 - 00424064 _____ C:\Windows\System32\FNTCACHE.DAT
2013-12-07 14:08 - 2012-04-30 10:23 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-07 14:07 - 2013-12-07 14:07 - 00004120 _____ C:\Windows\PFRO.log
2013-12-07 14:03 - 2013-12-07 14:03 - 00222724 _____ C:\Users\mrvitamin\Documents\cc_20131207_170335.reg
2013-12-07 14:03 - 2013-12-07 14:03 - 00000082 _____ C:\Users\mrvitamin\Documents\cc_20131207_170350.reg
2013-12-07 14:00 - 2011-05-30 12:25 - 00000000 ____D C:\Program Files (x86)\Windows Live
2013-12-07 14:00 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-12-07 13:57 - 2013-12-07 13:57 - 00000020 _____ C:\Windows\p÷X
2013-12-07 13:52 - 2013-01-23 07:42 - 00000000 ____D C:\Program Files (x86)\SocratesMedia
2013-12-07 13:50 - 2013-01-31 11:37 - 00000000 ____D C:\Users\Public\Documents\Audible
2013-12-07 13:50 - 2013-01-31 11:37 - 00000000 ____D C:\Users\mrvitamin\Documents\Audible
2013-12-07 13:40 - 2012-04-08 17:09 - 00000000 ____D C:\Program Files\InterActual
2013-12-07 13:39 - 2011-06-14 17:13 - 00000000 ____D C:\Users\mrvitamin\AppData\Roaming\Mozilla
2013-12-07 13:39 - 2011-06-10 10:18 - 00000000 ____D C:\Users\mrvitamin\AppData\Local\Google
2013-12-07 13:38 - 2013-01-29 11:39 - 00000000 ____D C:\Users\mrvitamin\AppData\Roaming\Google
2013-12-07 13:37 - 2013-08-31 10:54 - 00000000 ____D C:\Windows\pixtran
2013-12-07 13:37 - 2011-05-17 15:38 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-12-07 13:34 - 2013-12-07 13:34 - 00000000 ____D C:\Users\mrvitamin\AppData\Roaming\Kalydo
2013-12-07 13:32 - 2013-01-23 08:36 - 00000000 ____D C:\Program Files (x86)\naturalsoft
2013-12-07 13:24 - 2011-09-12 08:59 - 00000000 ____D C:\Users\mrvitamin\AppData\Local\Unity
2013-12-07 13:22 - 2012-04-30 10:23 - 00003770 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-07 13:14 - 2013-12-07 13:14 - 00000000 ____D C:\Windows\pss
2013-12-07 12:28 - 2013-12-07 12:43 - 00000975 _____ C:\Users\mrvitamin\Desktop\CCleaner.lnk
2013-12-07 12:28 - 2012-04-08 09:23 - 00000975 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-12-07 11:43 - 2013-12-07 11:44 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\mrvitamin\Desktop\iExplore.exe
2013-12-07 11:43 - 2013-12-07 11:43 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\mrvitamin\Downloads\iExplore.exe
2013-12-07 11:42 - 2013-12-07 11:42 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\mrvitamin\Downloads\rkill.exe
2013-12-07 11:42 - 2013-12-07 11:42 - 01059064 _____ (Bleeping Computer, LLC) C:\Users\mrvitamin\Downloads\rkill64.exe
2013-12-07 11:14 - 2013-12-07 10:54 - 00000000 ____D C:\ProgramData\HitmanPro
2013-12-07 10:54 - 2013-12-07 10:54 - 10264904 _____ (SurfRight B.V.) C:\Users\mrvitamin\Downloads\HitmanPro_x64(2).exe
2013-12-07 10:54 - 2013-12-07 10:54 - 00000000 ____D C:\Program Files\HitmanPro
2013-12-07 10:53 - 2013-12-07 10:53 - 10264904 _____ (SurfRight B.V.) C:\Users\mrvitamin\Downloads\hitmanpro_x64(1).exe
2013-12-07 10:53 - 2013-12-07 10:52 - 10264904 _____ (SurfRight B.V.) C:\Users\mrvitamin\Downloads\hitmanpro_x64.exe
2013-12-07 10:51 - 2013-12-07 10:51 - 00000000 _____ C:\Users\mrvitamin\Downloads\HitmanPro35.exe
2013-12-06 10:37 - 2013-12-06 10:37 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-06 10:31 - 2013-12-06 10:31 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\mrvitamin\Downloads\mbam-setup-1.75.0.1300.exe
2013-12-05 17:45 - 2013-12-05 17:43 - 00006821 _____ C:\Users\mrvitamin\Downloads\like(1).php
2013-12-02 18:22 - 2013-12-02 18:21 - 00000000 ____D C:\Users\mrvitamin\Downloads\twitter
2013-12-01 18:07 - 2011-09-04 16:16 - 00000000 ____D C:\Users\mrvitamin\Documents\PDF
2013-11-29 15:23 - 2011-11-16 11:50 - 00000000 ____D C:\Users\mrvitamin\AppData\Roaming\Canon
2013-11-27 16:41 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2013-11-26 12:07 - 2011-10-04 16:07 - 00000000 ____D C:\Windows\Minidump
2013-11-26 12:07 - 2011-06-10 11:30 - 00000000 ____D C:\Users\mrvitamin\AppData\Roaming\Skype
2013-11-26 12:07 - 2011-05-17 19:03 - 00000000 ____D C:\Windows\Panther
2013-11-26 12:00 - 2013-11-26 12:00 - 00002780 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-11-26 12:00 - 2013-11-26 11:59 - 04618136 _____ (Piriform Ltd) C:\Users\mrvitamin\Downloads\ccsetup408.exe
2013-11-26 12:00 - 2012-04-08 09:23 - 00000000 ____D C:\Program Files\CCleaner
2013-11-26 11:47 - 2013-11-07 10:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-26 11:46 - 2013-10-13 11:04 - 00000000 ____D C:\Program Files (x86)\DriverUpdate
2013-11-26 11:40 - 2013-04-04 15:31 - 00000000 ____D C:\Users\mrvitamin\Documents\Electrical Manuals
2013-11-26 11:13 - 2013-10-13 11:04 - 00016152 _____ C:\Windows\System32\Drivers\SWDUMon.sys
2013-11-26 10:33 - 2013-11-26 10:29 - 00000000 ____D C:\Users\mrvitamin\AppData\Local\Mobogenie
2013-11-26 10:29 - 2013-11-26 10:29 - 00000000 ____D C:\Users\mrvitamin\Documents\Mobogenie
2013-11-26 10:29 - 2013-11-26 10:29 - 00000000 ____D C:\Users\mrvitamin\AppData\Local\cache
2013-11-26 10:29 - 2013-11-26 10:29 - 00000000 _____ C:\Users\mrvitamin\daemonprocess.txt
2013-11-26 10:29 - 2011-05-17 15:16 - 00000000 ____D C:\users\mrvitamin
2013-11-26 10:27 - 2013-11-26 10:27 - 00000105 _____ C:\Users\mrvitamin\Documents\vrs.txt
2013-11-26 10:25 - 2013-11-26 10:25 - 00000000 ____D C:\Users\mrvitamin\AppData\Roaming\Malwarebytes
2013-11-26 10:25 - 2013-11-26 10:25 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-26 09:53 - 2013-09-11 11:47 - 00000000 ____D C:\Users\mrvitamin\AppData\Local\DoNotTrackPlus
2013-11-22 17:03 - 2011-05-30 12:21 - 00000000 ____D C:\Users\mrvitamin\AppData\Local\Windows Live
2013-11-22 16:49 - 2013-11-22 16:49 - 00002029 _____ C:\Users\Public\Desktop\Microsoft LifeCam.lnk
2013-11-22 16:49 - 2013-11-22 16:49 - 00000000 ____D C:\Program Files\Microsoft LifeCam
2013-11-22 16:49 - 2013-11-22 16:49 - 00000000 ____D C:\Program Files (x86)\Microsoft LifeCam
2013-11-19 13:26 - 2013-11-19 13:19 - 00000443 _____ C:\Windows\System32\Drivers\etc\hosts.ics
2013-11-19 00:57 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-11-19 00:19 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-11-19 00:02 - 2013-11-19 00:02 - 23212032 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 12995584 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 05765120 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 02764288 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-19 00:02 - 2013-11-19 00:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-11-19 00:02 - 2013-11-19 00:02 - 02332160 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 01993728 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-11-19 00:02 - 2013-11-19 00:02 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-19 00:02 - 2013-11-19 00:02 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 01394176 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 01228800 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00942592 _____ (Microsoft Corporation) C:\Windows\System32\jsIntl.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00940032 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-11-19 00:02 - 2013-11-19 00:02 - 00817664 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00774144 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00708608 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00626176 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-11-19 00:02 - 2013-11-19 00:02 - 00616104 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-11-19 00:02 - 2013-11-19 00:02 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00574976 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00548352 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00453120 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00413696 _____ (Microsoft Corporation) C:\Windows\System32\html.iec
2013-11-19 00:02 - 2013-11-19 00:02 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-11-19 00:02 - 2013-11-19 00:02 - 00296960 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00263376 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00247808 _____ (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00243200 _____ (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00235520 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00235008 _____ (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00218624 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-11-19 00:02 - 2013-11-19 00:02 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00167424 _____ (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-11-19 00:02 - 2013-11-19 00:02 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-11-19 00:02 - 2013-11-19 00:02 - 00147968 _____ (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00143872 _____ (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-11-19 00:02 - 2013-11-19 00:02 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-11-19 00:02 - 2013-11-19 00:02 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-11-19 00:02 - 2013-11-19 00:02 - 00135680 _____ (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00131072 _____ (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-11-19 00:02 - 2013-11-19 00:02 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2013-11-19 00:02 - 2013-11-19 00:02 - 00105984 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00101376 _____ (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00090112 _____ (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-11-19 00:02 - 2013-11-19 00:02 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00086016 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-11-19 00:02 - 2013-11-19 00:02 - 00084992 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00083968 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00081408 _____ (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00077312 _____ (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-11-19 00:02 - 2013-11-19 00:02 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-11-19 00:02 - 2013-11-19 00:02 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-19 00:02 - 2013-11-19 00:02 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-11-19 00:02 - 2013-11-19 00:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00052224 _____ (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00048128 _____ (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00040448 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00030208 _____ (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-11-19 00:02 - 2013-11-19 00:02 - 00013824 _____ (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-11-19 00:02 - 2013-11-19 00:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-11-19 00:02 - 2013-11-19 00:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-11-19 00:02 - 2013-11-19 00:02 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-11-19 00:02 - 2013-11-19 00:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2013-11-18 21:25 - 2013-11-18 21:25 - 00000000 ____D C:\Users\mrvitamin\AppData\Local\{9083BC5A-CFA4-403C-8F27-CD5205883358}
2013-11-18 06:53 - 2013-11-18 06:53 - 00000000 ____D C:\ProgramData\Oracle
2013-11-18 06:52 - 2013-07-16 12:11 - 00000000 ____D C:\Program Files (x86)\Java
2013-11-17 18:02 - 2013-11-17 18:02 - 00000000 __SHD C:\found.000
2013-11-16 15:36 - 2012-07-02 13:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-15 13:50 - 2013-04-29 13:49 - 00000000 ____D C:\Users\mrvitamin\AppData\Roaming\.oit
2013-11-14 00:04 - 2011-09-04 10:40 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-14 00:03 - 2013-08-14 19:22 - 00000000 ____D C:\Windows\System32\MRT
2013-11-14 00:02 - 2011-05-17 16:22 - 82896128 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-11-11 02:50 - 2010-11-20 19:27 - 00267936 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
 
Files to move or delete:
====================
C:\Users\mrvitamin\jagex_cl_loginapplet_LIVE.dat
C:\Users\mrvitamin\random.dat
 
 
Some content of TEMP:
====================
C:\Users\mrvitamin\AppData\Local\Temp\bpuninstall.exe
C:\Users\mrvitamin\AppData\Local\Temp\Quarantine.exe
 
 
==================== Known DLLs (Whitelisted) ================
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== EXE ASSOCIATION =====================
 
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
 
==================== Restore Points  =========================
 
24
Restore point made on: 2013-11-29 05:56:59
Restore point made on: 2013-12-02 13:08:48
Restore point made on: 2013-12-02 13:09:26
Restore point made on: 2013-12-02 13:11:01
Restore point made on: 2013-12-02 13:12:00
Restore point made on: 2013-12-02 13:14:09
Restore point made on: 2013-12-03 00:34:36
Restore point made on: 2013-12-06 05:03:00
Restore point made on: 2013-12-07 13:25:19
Restore point made on: 2013-12-07 13:28:06
Restore point made on: 2013-12-07 13:30:52
Restore point made on: 2013-12-07 13:32:16
Restore point made on: 2013-12-07 13:34:38
Restore point made on: 2013-12-07 13:36:18
Restore point made on: 2013-12-07 13:37:14
Restore point made on: 2013-12-07 13:39:04
Restore point made on: 2013-12-07 13:41:06
Restore point made on: 2013-12-07 13:47:05
Restore point made on: 2013-12-07 13:48:30
Restore point made on: 2013-12-07 13:50:38
Restore point made on: 2013-12-07 13:51:54
Restore point made on: 2013-12-07 13:53:26
Restore point made on: 2013-12-07 13:54:36
Restore point made on: 2013-12-07 14:20:38
 
==================== Memory info =========================== 
 
Percentage of memory in use: 10%
Total physical RAM: 8175.43 MB
Available physical RAM: 7341.84 MB
Total Pagefile: 8173.63 MB
Available Pagefile: 7339.14 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:1397.17 GB) (Free:1335.34 GB) NTFS
Drive f: () (Removable) (Total:7.45 GB) (Free:7.3 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397 GB) (Disk ID: C7EC925B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=-698828718080) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 7 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=7 GB) - (Type=0B)
 
 
LastRegBack: 2013-11-30 06:27
 
==================== End Of Log ============================
Link to post
Share on other sites

Save the attached file [color=red]fixlist.txt to your flash drive, same place as FRST.

 

Now please enter System Recovery Options as you did to get the log.

 

Run FRST and press the Fix button just once and wait.

 

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

 

Next,

 

See if your system will boot to Normal mode, if so continue:

 

Run Malwarebytes,  Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Full scan

Make sure that everything is checked, and click Remove Selected on any found items.

 

Post the produced log...

 

Next,

 

Download AdwCleaner by Xplode from here: http://www.bleepingcomputer.com/download/adwcleaner/ and save to your Desktop.

 

 

  •  

     

  • Double click on AdwCleaner.exe to run the tool.

     

     

  • Vista/Windows 7/8 users right-click and select Run As Administrator

     

     

  • Click on the Scan button.

     

     

  • AdwCleaner will begin...be patient as the scan may take some time to complete.

     

     

  • When it's done you'll see: Pending: Uncheck any elements you don't want removed.

     

     

  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.

     

     

  • Look over the log especially under Files/Folders for any program you want to save.

     

     

  • If there's a program you want to save, just uncheck it from AdwCleaner.

     

     

  • If you're not sure, post the log for review.

     

     

  • If you're ready to clean it all up.....click the Clean button.

     

     

  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.

     

     

  • Copy and paste the contents of that logfile in your next reply.

     

     

  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

     

     

  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine

     

     

  • To restore an item that has been deleted (if necessary):

     

     

  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

     

     

 

 

Next,

 

Please download SystemLook from the following link below and save it to your Desktop. Use the correct version 32bit or 64bit.

 

http://jpshortstuff.247fixes.com/SystemLook_x64.exe      <<-   64 bit….

 

http://images.malwareremoval.com/jpshortstuff/SystemLook.exe  <<-  32 bit

 

 

  •  

     

  • Double-click SystemLook.exe to run it.

     

     

  • Copy the content of the following codebox into the main textfield:
    :filefind*adpeak*Adpeak.**Scorpion*Scopion.*:folderfind*Scorpion**adpeak*:regfind*Scorpion*Scorpion*adpeak*adpeak
  • Click the Look button to start the scan.

     

     

  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

     

     

 

Note: The log can also be found on your Desktop entitled SystemLook.txt

 

Kevin

fixlist.txt

Link to post
Share on other sites

here is the farbar log.....in the process of waiting for malwarebytes to finish.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-12-2013 02
Ran by SYSTEM at 2013-12-09 12:57:04 Run:1
Running from F:\
Boot Mode: Recovery
==============================================
 
Content of fixlist:
*****************
Start
2013-11-27 10:30 - 2013-10-16 07:18 - 00439296 _____ (Adpeak, Inc.) C:\Windows\System32\AdpeakProxy64.dll
C:\Windows\System32\AdpeakProxy64.dll
C:\Users\mrvitamin\jagex_cl_loginapplet_LIVE.dat
C:\Users\mrvitamin\random.dat
C:\Users\mrvitamin\AppData\Local\Temp\bpuninstall.exe
C:\Users\mrvitamin\AppData\Local\Temp\Quarantine.exe
End
 
 
 
*****************
 
C:\Windows\System32\AdpeakProxy64.dll => Moved successfully.
"C:\Windows\System32\AdpeakProxy64.dll" => File/Directory not found.
C:\Users\mrvitamin\jagex_cl_loginapplet_LIVE.dat => Moved successfully.
C:\Users\mrvitamin\random.dat => Moved successfully.
C:\Users\mrvitamin\AppData\Local\Temp\bpuninstall.exe => Moved successfully.
C:\Users\mrvitamin\AppData\Local\Temp\Quarantine.exe => Moved successfully.
 
==== End of Fixlog ====
Link to post
Share on other sites

Download OTM from either of the following links and save to your Desktop: (If your security alerts to OTM, either accept the alert or turn off security to allow OTM to run)

http://oldtimer.geekstogo.com/OTM.exe.
http://www.itxassociates.com/OT-Tools/OTM.com
http://www.itxassociates.com/OT-Tools/OTM.exe  

Double click OTM.exe to start the tool. Vista or Windows 7 users accepy UAC alert. Be aware all processes will be stopped during run, also Desktop will disappear, this will be put back on completion.... If your security alerts to OTM either, accept the alert or turn off security until OTM completes...

  • Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy). Ensure to start with and include the colon before Reg :Reg

    :Reg[-HKEY_CURRENT_USER\Software\Adpeak, Inc.][-HKEY_CURRENT_USER\Software\AppDataLow\Software\Scorpion Saver][-HKEY_CURRENT_USER\Software\AppDataLow\Software\ScorpionSaver][-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\3A9F56B942D9A2546BFE41756DE52495][-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SOFTWARE\Wow6432Node\CLSID\B4AECD8C-1CA3-44B5-9E51-3F6B4DA032AD][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1C19AC53289098045B06B0DD1D37CBAB][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23D9E9D21B4E77E41B9F50DD22F24E20][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23EEA1F105A7F45449974D9B95E7AC89][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\26982796A8AFD1246B95E00265A95BF9][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\42D92D0D75AFEF74297E03876C8D9D33][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50FFE845C555A6E4BADB7CB7A145BFEB][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\715A3348920B6534690067594BB69F60][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7B7B13B037A7C2A42AC3E3EAF14D7107][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7D05B2942E9CC80499F397F6114DFB35][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8591B8948E1C4A04F90505B3CDEE8555][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8D841C5FEC311624CB88D49DB3884FA7][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AD746BF3B3B3FD8409B86604BA85982A][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F355F0DB7A2E3A14B8E7A568FBA25937][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3A9F56B942D9A2546BFE41756DE52495][-HKEY_LOCAL_MACHINE\SOFTWARE\Scorpion Saver][-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9B65F9A3-9D24-452A-B6EF-1457D65E4259}][-HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Scorpion Saver][-HKEY_USERS\S-1-5-21-1372494754-2668011297-891389686-1000\Software\Adpeak, Inc.][-HKEY_USERS\S-1-5-21-1372494754-2668011297-891389686-1000\Software\AppDataLow\Software\Scorpion Saver][-HKEY_USERS\S-1-5-21-1372494754-2668011297-891389686-1000\Software\AppDataLow\Software\ScorpionSaver][-HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Scorpion Saver]:FilesC:\Windows\Prefetch\SCORPIONSAVER.EXE-66AEE977.pfc:\Program Files (x86)\ScorpionSaver:Commands[EmptyTemp]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red btnmoveit.png button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM


Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.

 

Next,

 

We need to run an online AV scan to ensure there are no remnants of any infection left on your system, this scan can take several hours to complete, it is very thorough and well worth running, please be patient and let it complete:

 

Run Eset Online Scanner

 

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

 

Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET.

 

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    Click Start
  • When asked, allow the add/on to be installed
    Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
  • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
    Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

 

When the scan is complete

 

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

 

If threats were found

 

  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish

 

close program

 

copy and paste the report in next reply

 

Kevin

Link to post
Share on other sites

Scorpion Saver is classed as adware that comes bundled with other free programs that you may download off of the Internet. Some free downloads do not disclose that other software will also be installed and you may find that you have installed Scorpion Saver without warning. Scorpion Saver is supposedly a program that displays coupons for sites you are visiting and competitive prices when you are viewing product pages from online shopping sites. That may actually appear to be a useful service, Unfortunately the program is very intrusive and will display ads whether you want them to or not. As you find out to your cost the program is very difficult, if not impossible to remove without using specialized tools or security programs.

 

Read the following link to fully understand PC security and best practices, you may find it useful....

 

http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2316629

 

My own security set up is :-

 

Windows own Firewall, Microsoft Security Essentials and Malwarebytes Pro. Windows FW and MSE are free, MB does also have a free version, however I prefer the pro version as it provides auto updates and realtime protection. Cost is about £20 for a lifetime license.

 

As an extra layer I also use WinPatrol, the free version is adeqaute for general home use. Available here: http://www.winpatrol.com/download.html

 

For my browser I use Firefox with these addons: Web of Trust, Adblock Plus, Flash Block, NoScipt, Ghostery. When Firefox is open select these keys together :- Ctrl - Shift - A that will access Addons manger, this gives access to find addons, use, start, stop or disable those features etc....

Before using NoScript read from this link http://noscript.net/ makes it easy to understand....

 

Understanding Windows 7 Firewall - http://windows.microsoft.com/en-GB/windows7/Understanding-Windows-Firewall-settings

 

Understanding Microsoft Security Essentials - http://www.microsoft.com/en-gb/security/pc-security/mse.aspx

 

Understanding Malwarebytes, how to create an exclusion in MSE - http://forums.malwarebytes.org/index.php?showtopic=10138&st=0&p=162100entry162100

 

Understanding WinPatrol - http://www.winpatrol.com/features.html

 

I also use the Professional version of Sandboxie, I believe there is also free version available. Visit this link http://www.sandboxie.com/ for access to d/l, also make sure to use the "Help and FAQ" option to understand its uses, specifically how to run your browser sandboxed!.

Link to post
Share on other sites

Navigate to and delete the following:

 

C:\Users\mrvitamin\Downloads\PDFCreator-1_6_2_setup.exe
C:\Users\mrvitamin\Downloads\Setup (3).exe
C:\Users\mrvitamin\Downloads\Setup (4).exe

 

The other entries from ESET are ok...

 

What is the status of your system now, any remaining issues or concerns?

Link to post
Share on other sites

here is the list from system look

 

C:\_OTM\MovedFiles\12092013_155817\C_Windows\Prefetch\SCORPIONSAVER.EXE-66AEE977.pf --a---- 27688 bytes [15:47 03/12/2013] [21:08 03/12/2013] 5907240E6B702CE75A4D8C8F64E9BB89
 
Searching for "Scopion.*"
No files found.
 
========== folderfind ==========
 
Searching for "*Scorpion*"
No folders found.
 
Searching for "*adpeak*"
No folders found.
 
========== regfind ==========
 
Searching for "*Scorpion*"
No data found.
 
Searching for "Scorpion"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1C19AC53289098045B06B0DD1D37CBAB]
"3A9F56B942D9A2546BFE41756DE52495"="c:\Program Files (x86)\ScorpionSaver\ff_bootstrap.js"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23D9E9D21B4E77E41B9F50DD22F24E20]
"3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23EEA1F105A7F45449974D9B95E7AC89]
"3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\26982796A8AFD1246B95E00265A95BF9]
"3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\42D92D0D75AFEF74297E03876C8D9D33]
"3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50FFE845C555A6E4BADB7CB7A145BFEB]
"3A9F56B942D9A2546BFE41756DE52495"="c:\Program Files (x86)\ScorpionSaver\SendJson.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\715A3348920B6534690067594BB69F60]
"3A9F56B942D9A2546BFE41756DE52495"="c:\Program Files (x86)\ScorpionSaver\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7B7B13B037A7C2A42AC3E3EAF14D7107]
"3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7D05B2942E9CC80499F397F6114DFB35]
"3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8591B8948E1C4A04F90505B3CDEE8555]
"3A9F56B942D9A2546BFE41756DE52495"="c:\Program Files (x86)\ScorpionSaver\CustomActionInstall"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8D841C5FEC311624CB88D49DB3884FA7]
"3A9F56B942D9A2546BFE41756DE52495"="c:\Program Files (x86)\ScorpionSaver\IECore.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AD746BF3B3B3FD8409B86604BA85982A]
"3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F355F0DB7A2E3A14B8E7A568FBA25937]
"3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3A9F56B942D9A2546BFE41756DE52495\InstallProperties]
"DisplayName"="ScorpionSaver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Scorpion Saver]
 
Searching for "*adpeak*"
No data found.
 
Searching for "adpeak"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23D9E9D21B4E77E41B9F50DD22F24E20]
"3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23EEA1F105A7F45449974D9B95E7AC89]
"3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\26982796A8AFD1246B95E00265A95BF9]
"3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\42D92D0D75AFEF74297E03876C8D9D33]
"3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7B7B13B037A7C2A42AC3E3EAF14D7107]
"3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7D05B2942E9CC80499F397F6114DFB35]
"3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AD746BF3B3B3FD8409B86604BA85982A]
"3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F355F0DB7A2E3A14B8E7A568FBA25937]
"3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3A9F56B942D9A2546BFE41756DE52495\InstallProperties]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3A9F56B942D9A2546BFE41756DE52495\InstallProperties]
"Publisher"="Adpeak, Inc."
 
-= EOF =-
Link to post
Share on other sites

Double click OTM.exe to start the tool. Vista or Windows 7 users accepy UAC alert. Be aware all processes will be stopped during run, also Desktop will disappear, this will be put back on completion.... If your security alerts to OTM either, accept the alert or turn off security until OTM completes...

  • Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy). Ensure to start with and include the colon before Reg :Reg

    :Reg[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1C19AC53289098045B06B0DD1D37CBAB]"3A9F56B942D9A2546BFE41756DE52495"=-[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23D9E9D21B4E77E41B9F50DD22F24E20]"3A9F56B942D9A2546BFE41756DE52495"=-[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23EEA1F105A7F45449974D9B95E7AC89]"3A9F56B942D9A2546BFE41756DE52495"=-[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\26982796A8AFD1246B95E00265A95BF9]"3A9F56B942D9A2546BFE41756DE52495"=-[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\42D92D0D75AFEF74297E03876C8D9D33]"3A9F56B942D9A2546BFE41756DE52495"=-[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50FFE845C555A6E4BADB7CB7A145BFEB]"3A9F56B942D9A2546BFE41756DE52495"=-[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\715A3348920B6534690067594BB69F60]"3A9F56B942D9A2546BFE41756DE52495"=-[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7B7B13B037A7C2A42AC3E3EAF14D7107]"3A9F56B942D9A2546BFE41756DE52495"=-[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7D05B2942E9CC80499F397F6114DFB35]"3A9F56B942D9A2546BFE41756DE52495"=-[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8591B8948E1C4A04F90505B3CDEE8555]"3A9F56B942D9A2546BFE41756DE52495"=-[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8D841C5FEC311624CB88D49DB3884FA7]"3A9F56B942D9A2546BFE41756DE52495"=-[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AD746BF3B3B3FD8409B86604BA85982A]"3A9F56B942D9A2546BFE41756DE52495"=-[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F355F0DB7A2E3A14B8E7A568FBA25937]"3A9F56B942D9A2546BFE41756DE52495"=-[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23D9E9D21B4E77E41B9F50DD22F24E20]"3A9F56B942D9A2546BFE41756DE52495"=-[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23EEA1F105A7F45449974D9B95E7AC89]"3A9F56B942D9A2546BFE41756DE52495"=-[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\26982796A8AFD1246B95E00265A95BF9]"3A9F56B942D9A2546BFE41756DE52495"=-[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\42D92D0D75AFEF74297E03876C8D9D33]"3A9F56B942D9A2546BFE41756DE52495"=-[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7B7B13B037A7C2A42AC3E3EAF14D7107]"3A9F56B942D9A2546BFE41756DE52495"=-[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7D05B2942E9CC80499F397F6114DFB35]"3A9F56B942D9A2546BFE41756DE52495"=-[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AD746BF3B3B3FD8409B86604BA85982A]"3A9F56B942D9A2546BFE41756DE52495"=-[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F355F0DB7A2E3A14B8E7A568FBA25937]"3A9F56B942D9A2546BFE41756DE52495"=-[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3A9F56B942D9A2546BFE41756DE52495\InstallProperties]"HelpLink"=-[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3A9F56B942D9A2546BFE41756DE52495\InstallProperties]"Publisher"=-[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3A9F56B942D9A2546BFE41756DE52495][-HKEY_LOCAL_MACHINE\SOFTWARE\Scorpion Saver]:Filesc:\Program Files (x86)\ScorpionSaver:Commands[EmptyTemp]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red btnmoveit.png button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.

Link to post
Share on other sites

Reg fix with OTM indicate entries not found, this unusual for sure...

 

Do this please, go to the following link and download MyUninstaller Open the link and scroll down below "Feedback" to find access to the d/l. Also read all of the available information at the link, specifically the section marked "Removing an Uninstall entry"

 

http://www.nirsoft.net/utils/myuninst.html

 

When you have the d/l unzip to your Desktop. Right click on the application and select "Run as Administrator" the program is a standalone executable so will not install.

 

When the program runs wait and the main interface will populate with an Installed Programs list.

 

Check through the list until you see an entry for ScorpionSaver. Below the menu bar are column headers, look under Obsolete and Uninstall If the word Yes is listed under Obsolete and not Uninstall against the ScorpionSaver entry it means we can safely delete that entry.

 

With ScorpionSaver Highlighted, either select > File > Delete Selected Entry or with ScorpionSaver selected (highlighted) click on the icon from the menu bar for "Delete selected entry". It looks like a red cross. I`ve also added a screen shot of the interface.

 

java.jpg

 

 

Please ensure only Scorpion Saver (if present) is selected (Highlighted) and no other entries.....

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.