Jump to content

ScorpionSaver, Cannot get rid of Program


Recommended Posts

Hello, 

 

I have been trying on my own to get rid of ScorpionSaver on my computer to remove the unwanted ads/pop ups on Google Chrome to no avail. I have run malware bytes after trying to uninstall the program directly from the list and have managed to remove the ads for the time being but I cannot remove the program itself. I am running Windows 7 and I'm not sure what steps to take next. Any help is greatly appreciated! 

 

Link to post
Share on other sites

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

   

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Next,

 

Download AdwCleaner by Xplode from here: http://www.bleepingcomputer.com/download/adwcleaner/ and save to your Desktop.

 

  • Double click on AdwCleaner.exe to run the tool.
  • Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Uncheck any elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review.
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted (if necessary):
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

 

Next,

 

Run Malwarebytes,  Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Full scan

Make sure that everything is checked, and click Remove Selected on any found items.

 

Next,

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Post the produced logs...

 

Kevin

Link to post
Share on other sites

# AdwCleaner v3.014 - Report created 09/12/2013 at 11:16:16

# Updated 01/12/2013 by Xplode

# Operating System : Windows 7 Professional Service Pack 1 (64 bits)

# Username : Alex - ALEX-HP

# Running from : C:\Users\Alex\Downloads\AdwCleaner (1).exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v10.0.9200.16736

 

 

-\\ Mozilla Firefox v23.0.1 (en-US)

 

[ File : C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\iuvtyb9q.default\prefs.js ]

 

 

-\\ Google Chrome v31.0.1650.63

 

[ File : C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [3971 octets] - [09/12/2013 01:48:07]

AdwCleaner[R1].txt - [1018 octets] - [09/12/2013 11:14:25]

AdwCleaner[s0].txt - [3913 octets] - [09/12/2013 02:02:35]

AdwCleaner[s1].txt - [941 octets] - [09/12/2013 11:16:16]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [1000 octets] ##########

 

 


Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-12-2013 03

Ran by Alex (administrator) on ALEX-HP on 09-12-2013 11:19:12

Running from C:\Users\Alex\Downloads

Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 10

Boot Mode: Normal

 

==================== Processes (Whitelisted) =================

 

(HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe

(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe

(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe

(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe

() C:\Program Files (x86)\Polar\Daemon\polard.exe

(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin\ccSvcHst.exe

(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin64\Smc.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

(AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe

() C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe

(Spotify Ltd) C:\Users\Alex\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

(Akamai Technologies, Inc.) C:\Users\Alex\AppData\Local\Akamai\netsession_win.exe

() C:\Program Files (x86)\Polar\WebSync\WebSync.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

(Dropbox, Inc.) C:\Users\Alex\AppData\Roaming\Dropbox\bin\Dropbox.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe

(Facebook) C:\Users\Alex\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE

() C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe

(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Akamai Technologies, Inc.) C:\Users\Alex\AppData\Local\Akamai\netsession_win.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin\ccSvcHst.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()

HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-13] (Synaptics Incorporated)

HKLM\...\Run: [setDefault] - C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [44880 2011-12-20] (Hewlett-Packard Development Company, L.P.)

HKLM\...\Run: [sysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1425408 2013-09-07] (IDT, Inc.)

HKLM\...\Run: [Autodesk Sync] - C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [415680 2012-02-05] (Autodesk, Inc.)

HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2013-11-27] (Hewlett-Packard)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKCU\...\Run: [spotify Web Helper] - C:\Users\Alex\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1168896 2013-12-06] (Spotify Ltd)

HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\Alex\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)

HKCU\...\Run: [Facebook Update] - C:\Users\Alex\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-10-20] (Facebook Inc.)

HKCU\...\Run: [Freedom Session] - "C:\Program Files (x86)\Freedom\session\FreedomSession.exe"

HKCU\...\Policies\Explorer: [] 

MountPoints2: {35351fa0-1a26-11e3-a5c2-a0b3cc5277f4} - G:\TL-Bootstrap.exe

HKLM-x32\...\Run: [uSB3MON] - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291096 2011-12-05] (Intel Corporation)

HKLM-x32\...\Run: [HPOSD] - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)

HKLM-x32\...\Run: [HP CoolSense] - C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.)

HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)

HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)

HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)

HKLM-x32\...\Run: [VMM Mode Selection] - C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe [43520 2011-02-14] ()

HKLM-x32\...\Run: [] - [x]

HKLM-x32\...\Run: [HPConnectionManager] - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [103992 2011-09-13] (Hewlett-Packard Development Company L.P.)

HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

AppInit_DLLs: C:\Program Files [0 2013-12-09] ()

AppInit_DLLs-x32: C:\Program Files [0 2013-12-09] ()

Startup: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\Alex\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

Startup: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk

ShortcutTarget: Facebook Messenger.lnk -> C:\Users\Alex\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (Facebook)

Startup: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk

ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1

SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS

SearchScopes: HKLM - {63C54822-9FAC-4288-8044-FF293686EB6E} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}

SearchScopes: HKLM-x32 - {63C54822-9FAC-4288-8044-FF293686EB6E} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}

SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS

SearchScopes: HKCU - {63C54822-9FAC-4288-8044-FF293686EB6E} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}

BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)

BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)

Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File

Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1

 

FireFox:

========

FF ProfilePath: C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\iuvtyb9q.default

FF Keyword.URL: user_pref("keyword.URL", "");

FF Plugin: @microsoft.com/GENUINE - disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office\Office15\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @authentec.com/ffwloplugin - C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll ( HP)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE - disabled No File

FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files (x86)\Microsoft Office\Office15\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: facebook.com/fbDesktopPlugin - C:\Users\Alex\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)

FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Data\IPSFF

FF Extension: Symantec Vulnerability Protection - C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Data\IPSFF

FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt

FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt

 

Chrome: 

=======



CHR DefaultSearchKeyword: google.com

CHR DefaultSearchProvider: Google

CHR DefaultSearchURL: {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}

CHR DefaultSuggestURL: {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}

CHR Extension: (Angry Birds) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0

CHR Extension: (Google Docs) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0

CHR Extension: (Google Drive) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1

CHR Extension: (YouTube) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1

CHR Extension: (Adblock Plus) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.6.1_0

CHR Extension: (Google Search) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1

CHR Extension: (Google Calendar) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0

CHR Extension: (MagicScroll eBook Reader) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgnmgfdoiplfmhgghbmlphanpfmjble\3.0_0

CHR Extension: (Google Wallet) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_1

CHR Extension: (My Chrome Theme) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic\2.0_0

CHR Extension: (Cute Christmas Pixel Snowflakes) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\onchgdodaomcncmlbkinhjcbamcpdche\1.1_0

CHR Extension: (Gmail) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2

CHR HKLM-x32\...\Chrome\Extension: [kanflfepiobnpjbljmngfgegijhdpljm] - C:\Program Files (x86)\HP SimplePass\tschrome.crx

CHR HKLM-x32\...\Chrome\Extension: [pbmbgangfmfbhnngbdgkplhjnfoaeihd] - C:\Program Files (x86)\i-beta\Extensions\Chrome\i-beta.crx

 

==================== Services (Whitelisted) =================

 

R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [19232 2012-01-31] (Autodesk, Inc.)

R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641768 2013-06-07] (HP)

R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2011-12-16] ()

R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)

R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)

R2 Polar Daemon; C:\Program Files (x86)\Polar\Daemon\polard.exe [419536 2012-12-12] ()

R2 SepMasterService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin\ccSvcHst.exe [144368 2013-05-25] (Symantec Corporation)

R3 SmcService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin64\Smc.exe [2316184 2013-05-25] (Symantec Corporation)

S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin64\snac64.exe [334736 2013-05-25] (Symantec Corporation)

S3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401856 2013-01-07] (AuthenTec, Inc.)

 

==================== Drivers (Whitelisted) ====================

 

R1 BHDrvx64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Data\Definitions\BASHDefs\20131114.011\BHDrvx64.sys [1524824 2013-10-21] (Symantec Corporation)

R1 ccSettings_{E1A40A89-2B89-44FA-9E96-395B7D7F03AC}; C:\Windows\System32\Drivers\SEP\0C010BB9\00A5.105\x64\ccSetx64.sys [169048 2013-05-25] (Symantec Corporation)

R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-20] (Symantec Corporation)

R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-20] (Symantec Corporation)

R1 IDSVia64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Data\Definitions\IPSDefs\20131206.011\IDSvia64.sys [521816 2013-10-15] (Symantec Corporation)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

R3 NAVENG; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Data\Definitions\VirusDefs\20131207.008\ENG64.SYS [126040 2013-10-16] (Symantec Corporation)

R3 NAVEX15; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Data\Definitions\VirusDefs\20131207.008\EX64.SYS [2099288 2013-10-16] (Symantec Corporation)

S3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [259688 2011-10-27] (Realtek Semiconductor Corp.)

R3 SmbDrv; C:\Windows\system32\drivers\Smb_driver.sys [20016 2011-10-13] (Synaptics Incorporated)

R1 SRTSP; C:\Windows\System32\Drivers\SEP\0C010BB9\00A5.105\x64\SRTSP64.SYS [796760 2013-05-25] (Symantec Corporation)

R1 SRTSPX; C:\Windows\System32\Drivers\SEP\0C010BB9\00A5.105\x64\SRTSPX64.SYS [36952 2013-05-25] (Symantec Corporation)

S3 SyDvCtrl; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin64\SyDvCtrl64.sys [34800 2013-05-25] (Symantec Corporation)

R0 SymDS; C:\Windows\System32\Drivers\SEP\0C010BB9\00A5.105\x64\SYMDS64.SYS [493656 2013-05-25] (Symantec Corporation)

R0 SymEFA; C:\Windows\System32\Drivers\SEP\0C010BB9\00A5.105\x64\SYMEFA64.SYS [1139800 2013-05-25] (Symantec Corporation)

R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-09-06] (Symantec Corporation)

R1 SymIRON; C:\Windows\System32\Drivers\SEP\0C010BB9\00A5.105\x64\Ironx64.SYS [224416 2013-05-25] (Symantec Corporation)

R1 SYMNETS; C:\Windows\System32\Drivers\SEP\0C010BB9\00A5.105\x64\SYMNETS.SYS [433752 2013-05-25] (Symantec Corporation)

R1 SysPlant; C:\Windows\System32\Drivers\SysPlant.sys [159472 2013-09-06] (Symantec Corporation)

R1 Teefer2; C:\Windows\System32\DRIVERS\Teefer.sys [91944 2013-05-25] (Symantec Corporation)

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2013-12-09 11:19 - 2013-12-09 11:19 - 00022991 _____ C:\Users\Alex\Downloads\FRST.txt

2013-12-09 11:19 - 2013-12-09 11:19 - 00000000 ____D C:\FRST

2013-12-09 11:18 - 2013-12-09 11:18 - 01927998 _____ (Farbar) C:\Users\Alex\Downloads\FRST64.exe

2013-12-09 11:17 - 2013-12-09 11:17 - 01110034 _____ C:\Users\Alex\Downloads\AdwCleaner (2).exe

2013-12-09 11:14 - 2013-12-09 11:14 - 01110034 _____ C:\Users\Alex\Downloads\AdwCleaner (1).exe

2013-12-09 01:48 - 2013-12-09 11:16 - 00000000 ____D C:\AdwCleaner

2013-12-09 01:47 - 2013-12-09 01:47 - 01110034 _____ C:\Users\Alex\Downloads\AdwCleaner.exe

2013-12-09 00:14 - 2013-12-09 00:14 - 01034531 _____ (Thisisu) C:\Users\Alex\Downloads\JRT.exe

2013-12-09 00:12 - 2013-12-09 00:12 - 00001137 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-12-09 00:12 - 2013-12-09 00:12 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-12-09 00:12 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2013-12-09 00:08 - 2013-12-09 00:09 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Alex\Downloads\mbam-setup-1.75.0.1300 (1).exe

2013-12-08 12:03 - 2013-12-08 12:03 - 04109312 _____ C:\Users\Alex\Downloads\Lect4_BMS501_13.ppt

2013-12-07 21:33 - 2013-12-07 21:33 - 00088695 _____ C:\Users\Alex\Downloads\Novel Highly Porous Metal Technology in Artificial Hip and Knee Replacement  Processing Methodologies and Clinical Applications - Springer.htm

2013-12-07 21:33 - 2013-12-07 21:33 - 00000000 ____D C:\Users\Alex\Downloads\Novel Highly Porous Metal Technology in Artificial Hip and Knee Replacement  Processing Methodologies and Clinical Applications - Springer_files

2013-12-07 20:26 - 2013-12-07 20:55 - 12729858 _____ C:\Users\Alex\Downloads\Data12052013_12072013.lvm

2013-12-06 20:49 - 2013-12-06 20:49 - 00002311 _____ C:\Users\Alex\Desktop\Chrome App Launcher.lnk

2013-12-06 20:49 - 2013-12-06 20:49 - 00002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2013-12-06 20:49 - 2013-12-06 20:49 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome

2013-12-06 20:45 - 2013-12-09 11:17 - 00000890 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-12-06 20:45 - 2013-12-09 11:12 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-12-06 20:45 - 2013-12-08 10:45 - 00003890 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2013-12-06 20:45 - 2013-12-08 10:45 - 00003638 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2013-12-01 23:37 - 2013-12-01 23:37 - 00000000 ____D C:\Users\Alex\AppData\OICE_15_974FA576_32C1D314_15C

2013-12-01 23:36 - 2013-12-01 23:37 - 11575758 _____ C:\Users\Alex\Downloads\Lect2_BMS501_13(1).pptx

2013-11-30 10:03 - 2013-10-16 10:18 - 00439296 _____ (Adpeak, Inc.) C:\Windows\system32\AdpeakProxy64.dll

2013-11-27 14:40 - 2013-11-27 14:40 - 10079744 _____ C:\Users\Alex\Downloads\AcademicOverview-Spring2013.ppt

2013-11-27 14:38 - 2013-11-27 14:38 - 00273109 _____ C:\Users\Alex\Downloads\the-power-of-the-syllabus-2010-08-18.pptx

2013-11-27 12:14 - 2013-11-27 12:15 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Alex\Downloads\mbam-setup-1.75.0.1300.exe

2013-11-27 12:10 - 2012-07-25 12:03 - 00016896 _____ C:\Windows\system32\sasnative64.exe

2013-11-27 10:10 - 2013-11-27 10:10 - 06222336 _____ C:\Users\Alex\Downloads\Lect1_BMS501_13.ppt

2013-11-25 22:01 - 2013-11-27 09:21 - 00012014 _____ C:\Users\Alex\Downloads\BE GSA E-Mail.xlsx

2013-11-24 23:32 - 2013-11-24 23:32 - 00000000 ____D C:\Users\Public\Documents\Autodesk

2013-11-23 17:47 - 2013-11-23 17:49 - 00000000 ____D C:\Users\Alex\Documents\New folder

2013-11-23 17:11 - 2013-11-23 17:11 - 00002091 _____ C:\Users\Public\Desktop\Inventor Fusion 2013.lnk

2013-11-23 16:54 - 2013-11-23 16:58 - 00002106 _____ C:\Users\Public\Desktop\AutoCAD 2013 - English.lnk

2013-11-23 16:29 - 2013-11-23 16:29 - 00000000 ____D C:\Program Files (x86)\Autodesk

2013-11-23 16:06 - 2013-11-23 16:08 - 09699080 _____ C:\Users\Alex\Downloads\AutoCAD_2013_English_Win_32_64bit_wi_en-US_Setup1 (1).exe

2013-11-23 15:56 - 2013-11-23 15:56 - 00000000 ____D C:\Users\Alex\Documents\Inventor Server x64 AutoCAD 2012 Language Pack - English

2013-11-23 15:52 - 2013-11-23 16:58 - 00000000 ____D C:\Program Files\Common Files\Autodesk Shared

2013-11-23 14:07 - 2013-11-23 15:10 - 1283456912 _____ C:\Users\Alex\Downloads\AutoCAD_2012_English_Win_64bit.exe

2013-11-23 13:53 - 2013-11-23 13:53 - 09699080 _____ C:\Users\Alex\Downloads\AutoCAD_2013_English_Win_32_64bit_wi_en-US_Setup1.exe

2013-11-23 00:58 - 2013-11-23 00:58 - 00000000 ____D C:\Users\Alex\Downloads\live_at_eddies_attic

2013-11-22 23:33 - 2013-11-22 23:33 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2013-11-22 23:33 - 2013-11-22 23:33 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2013-11-22 23:33 - 2013-11-22 23:33 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2013-11-22 23:33 - 2013-11-22 23:33 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2013-11-22 23:33 - 2013-11-22 23:33 - 00000000 ____D C:\ProgramData\Sun

2013-11-22 23:33 - 2013-11-22 23:33 - 00000000 ____D C:\ProgramData\Oracle

2013-11-22 23:33 - 2013-11-22 23:33 - 00000000 ____D C:\Program Files (x86)\Java

2013-11-22 23:30 - 2013-11-22 23:30 - 00915368 _____ (Oracle Corporation) C:\Users\Alex\Downloads\chromeinstall-7u45.exe

2013-11-22 22:31 - 2013-11-22 22:31 - 00000000 ____D C:\Users\Alex\Downloads\burn_for_free

2013-11-22 22:31 - 2013-11-22 22:31 - 00000000 ____D C:\Users\Alex\Downloads\autumn_eu_uk_tour_ep

2013-11-22 22:30 - 2013-11-22 22:30 - 00000000 ____D C:\Users\Alex\Downloads\remix_ep

2013-11-22 22:23 - 2013-11-22 22:23 - 00000000 ____D C:\Users\Alex\Downloads\a_bit_of_bronze

2013-11-22 22:18 - 2013-11-22 22:18 - 00000000 ____D C:\Users\Alex\Downloads\a_lil_more_christmas

2013-11-22 22:16 - 2013-11-22 22:33 - 74495742 _____ C:\Users\Alex\Downloads\live_at_eddies_attic.zip

2013-11-22 22:15 - 2013-11-22 23:28 - 363138594 _____ C:\Users\Alex\Downloads\aint_no_trip_to_cleveland_vol_1.zip

2013-11-22 22:15 - 2013-11-22 22:25 - 35439692 _____ C:\Users\Alex\Downloads\autumn_eu_uk_tour_ep.zip

2013-11-22 22:15 - 2013-11-22 22:22 - 19256872 _____ C:\Users\Alex\Downloads\burn_for_free.zip

2013-11-22 22:08 - 2013-11-22 22:22 - 52392216 _____ C:\Users\Alex\Downloads\remix_ep.zip

2013-11-22 22:08 - 2013-11-22 22:21 - 50934175 _____ C:\Users\Alex\Downloads\a_bit_of_bronze.zip

2013-11-22 22:06 - 2013-11-22 22:13 - 27056451 _____ C:\Users\Alex\Downloads\a_lil_more_christmas.zip

2013-11-19 23:55 - 2013-11-19 23:55 - 00000000 ____D C:\Users\Alex\Desktop\GodMode.{ED7BA470-8E54-465E-825C-99712043E01C}

2013-11-17 23:42 - 2013-11-17 23:43 - 00000000 ____D C:\Users\Alex\AppData\OICE_15_974FA576_32C1D314_FC3

2013-11-17 23:41 - 2013-11-17 23:42 - 07985664 _____ C:\Users\Alex\Downloads\Cell cycle checkpoints_2013.ppt

2013-11-17 21:43 - 2013-11-17 21:43 - 00001138 _____ C:\Users\Alex\Downloads\2pheh2o.pdb

2013-11-14 18:24 - 2013-10-12 03:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-11-14 18:24 - 2013-10-12 03:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-11-14 18:24 - 2013-10-12 03:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2013-11-14 18:24 - 2013-10-12 03:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-11-14 18:24 - 2013-10-12 03:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-11-14 18:24 - 2013-10-12 03:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2013-11-14 18:24 - 2013-10-12 03:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-11-14 18:24 - 2013-10-12 03:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2013-11-14 18:24 - 2013-10-12 03:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2013-11-14 18:24 - 2013-10-12 03:43 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2013-11-14 18:24 - 2013-10-12 03:43 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2013-11-14 18:24 - 2013-10-12 03:43 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2013-11-14 18:24 - 2013-10-12 03:43 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2013-11-14 18:24 - 2013-10-12 03:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2013-11-14 18:24 - 2013-10-12 02:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-11-14 18:24 - 2013-10-12 02:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-11-14 18:24 - 2013-10-12 02:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-11-14 18:24 - 2013-10-12 02:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-11-14 18:24 - 2013-10-12 02:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-11-14 18:24 - 2013-10-12 02:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-11-14 18:24 - 2013-10-12 02:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-11-14 18:24 - 2013-10-12 02:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-11-14 18:24 - 2013-10-12 02:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-11-14 18:24 - 2013-10-12 02:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2013-11-14 18:24 - 2013-10-12 02:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2013-11-14 18:24 - 2013-10-12 02:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-11-14 18:24 - 2013-10-12 02:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2013-11-14 18:24 - 2013-10-12 01:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2013-11-14 18:24 - 2013-10-12 01:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-11-14 18:24 - 2013-10-12 00:44 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe

2013-11-14 18:24 - 2013-10-12 00:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2013-11-13 08:27 - 2013-10-11 21:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll

2013-11-13 08:27 - 2013-10-11 21:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL

2013-11-13 08:27 - 2013-10-11 21:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL

2013-11-13 08:27 - 2013-10-11 21:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll

2013-11-13 08:27 - 2013-10-11 21:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL

2013-11-13 08:27 - 2013-10-05 15:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll

2013-11-13 08:27 - 2013-10-05 14:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll

2013-11-13 08:27 - 2013-10-03 21:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll

2013-11-13 08:27 - 2013-10-03 21:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll

2013-11-13 08:27 - 2013-10-03 21:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll

2013-11-13 08:27 - 2013-10-03 20:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll

2013-11-13 08:27 - 2013-10-03 20:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll

2013-11-13 08:27 - 2013-10-03 20:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll

2013-11-13 08:27 - 2013-10-02 21:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2013-11-13 08:27 - 2013-10-02 21:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll

2013-11-13 08:27 - 2013-09-27 20:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys

2013-11-13 08:27 - 2013-09-24 21:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys

2013-11-13 08:27 - 2013-09-24 21:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys

2013-11-13 08:27 - 2013-09-24 21:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll

2013-11-13 08:27 - 2013-09-24 21:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll

2013-11-13 08:27 - 2013-09-24 21:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll

2013-11-13 08:27 - 2013-09-24 21:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2013-11-13 08:27 - 2013-09-24 21:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2013-11-13 08:27 - 2013-09-24 21:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll

2013-11-13 08:27 - 2013-09-24 20:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2013-11-13 08:27 - 2013-09-24 20:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2013-11-13 08:27 - 2013-09-24 20:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2013-11-13 08:27 - 2013-09-24 20:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2013-11-13 08:27 - 2013-09-24 20:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe

2013-11-13 08:27 - 2013-07-04 07:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys

2013-11-10 14:16 - 2013-11-10 14:16 - 00002318 _____ C:\Users\Alex\Downloads\10.1002%2Fjbm.a.32081.enw

2013-11-10 13:12 - 2013-11-10 13:12 - 00002321 _____ C:\Users\Alex\Downloads\10.1111%2Fj.1525-1594.2011.01297.x.enw

2013-11-10 09:55 - 2013-12-06 20:44 - 00000000 ____D C:\Program Files (x86)\Freedom

2013-11-10 09:55 - 2013-11-10 09:55 - 00000000 ____D C:\ProgramData\Eighty Percent Solutions Corporation

2013-11-10 09:53 - 2013-11-10 09:53 - 04711128 _____ (Eighty Percent Solutions Corporation) C:\Users\Alex\Downloads\Installer.exe

2013-11-10 09:47 - 2013-11-10 09:47 - 01606103 _____ (RescueTime, Inc.                                            ) C:\Users\Alex\Downloads\RescueTimeInstaller.exe

2013-11-09 16:10 - 2013-11-09 17:02 - 00000000 ____D C:\Users\Alex\Downloads\The Heat (2013)

2013-11-09 15:13 - 2013-11-09 15:13 - 00001816 _____ C:\Users\Alex\Downloads\science (5).RIS

 

==================== One Month Modified Files and Folders =======

 

2013-12-09 11:19 - 2013-12-09 11:19 - 00022991 _____ C:\Users\Alex\Downloads\FRST.txt

2013-12-09 11:19 - 2013-12-09 11:19 - 00000000 ____D C:\FRST

2013-12-09 11:19 - 2013-09-06 20:20 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Dropbox

2013-12-09 11:18 - 2013-12-09 11:18 - 01927998 _____ (Farbar) C:\Users\Alex\Downloads\FRST64.exe

2013-12-09 11:17 - 2013-12-09 11:17 - 01110034 _____ C:\Users\Alex\Downloads\AdwCleaner (2).exe

2013-12-09 11:17 - 2013-12-06 20:45 - 00000890 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-12-09 11:17 - 2013-09-06 20:21 - 00000000 ___RD C:\Users\Alex\Dropbox

2013-12-09 11:17 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-12-09 11:17 - 2009-07-13 23:51 - 00012777 _____ C:\Windows\setupact.log

2013-12-09 11:16 - 2013-12-09 01:48 - 00000000 ____D C:\AdwCleaner

2013-12-09 11:16 - 2013-09-06 14:51 - 01601795 _____ C:\Windows\WindowsUpdate.log

2013-12-09 11:14 - 2013-12-09 11:14 - 01110034 _____ C:\Users\Alex\Downloads\AdwCleaner (1).exe

2013-12-09 11:14 - 2009-07-14 00:13 - 00778834 _____ C:\Windows\system32\PerfStringBackup.INI

2013-12-09 11:12 - 2013-12-06 20:45 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-12-09 11:12 - 2013-10-20 21:47 - 00000924 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-936287634-1733484053-4269857232-1000UA.job

2013-12-09 11:12 - 2013-05-15 18:20 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-12-09 02:10 - 2009-07-13 23:45 - 00036624 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-12-09 02:10 - 2009-07-13 23:45 - 00036624 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-12-09 01:47 - 2013-12-09 01:47 - 01110034 _____ C:\Users\Alex\Downloads\AdwCleaner.exe

2013-12-09 01:43 - 2010-11-20 22:47 - 00929450 _____ C:\Windows\PFRO.log

2013-12-09 01:42 - 2013-10-15 15:29 - 00000000 ____D C:\Users\Alex\Documents\BMA501

2013-12-09 01:21 - 2013-05-15 18:20 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater

2013-12-09 00:14 - 2013-12-09 00:14 - 01034531 _____ (Thisisu) C:\Users\Alex\Downloads\JRT.exe

2013-12-09 00:12 - 2013-12-09 00:12 - 00001137 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-12-09 00:12 - 2013-12-09 00:12 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-12-09 00:09 - 2013-12-09 00:08 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Alex\Downloads\mbam-setup-1.75.0.1300 (1).exe

2013-12-09 00:02 - 2013-09-14 18:24 - 00000328 _____ C:\Windows\Tasks\HPCeeScheduleForAlex.job

2013-12-08 23:56 - 2013-10-26 21:39 - 00000000 ____D C:\Users\Alex\AppData\Roaming\BitTorrent

2013-12-08 22:52 - 2013-10-20 21:47 - 00000902 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-936287634-1733484053-4269857232-1000Core.job

2013-12-08 12:03 - 2013-12-08 12:03 - 04109312 _____ C:\Users\Alex\Downloads\Lect4_BMS501_13.ppt

2013-12-08 11:07 - 2013-09-06 14:56 - 00003918 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{525220A1-21DC-4600-9573-2DB094BC6088}

2013-12-08 10:45 - 2013-12-06 20:45 - 00003890 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2013-12-08 10:45 - 2013-12-06 20:45 - 00003638 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2013-12-07 21:54 - 2013-09-06 14:59 - 00000000 ____D C:\Users\Alex\Documents\Youcam

2013-12-07 21:33 - 2013-12-07 21:33 - 00088695 _____ C:\Users\Alex\Downloads\Novel Highly Porous Metal Technology in Artificial Hip and Knee Replacement  Processing Methodologies and Clinical Applications - Springer.htm

2013-12-07 21:33 - 2013-12-07 21:33 - 00000000 ____D C:\Users\Alex\Downloads\Novel Highly Porous Metal Technology in Artificial Hip and Knee Replacement  Processing Methodologies and Clinical Applications - Springer_files

2013-12-07 20:55 - 2013-12-07 20:26 - 12729858 _____ C:\Users\Alex\Downloads\Data12052013_12072013.lvm

2013-12-07 20:42 - 2013-09-06 19:14 - 00000000 ____D C:\ProgramData\Symantec

2013-12-07 19:47 - 2013-09-14 18:24 - 00003180 _____ C:\Windows\System32\Tasks\HPCeeScheduleForAlex

2013-12-07 19:47 - 2013-09-07 17:55 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log

2013-12-07 19:46 - 2013-09-21 17:48 - 00000000 _____ C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt

2013-12-07 09:37 - 2013-09-06 21:16 - 00000000 ____D C:\Users\Alex\AppData\Local\CrashDumps

2013-12-07 00:39 - 2013-09-10 08:15 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Spotify

2013-12-06 20:49 - 2013-12-06 20:49 - 00002311 _____ C:\Users\Alex\Desktop\Chrome App Launcher.lnk

2013-12-06 20:49 - 2013-12-06 20:49 - 00002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2013-12-06 20:49 - 2013-12-06 20:49 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome

2013-12-06 20:49 - 2013-09-06 15:31 - 00000000 ____D C:\Program Files (x86)\Google

2013-12-06 20:45 - 2013-09-06 15:31 - 00000000 ____D C:\Users\Alex\AppData\Local\Deployment

2013-12-06 20:44 - 2013-11-10 09:55 - 00000000 ____D C:\Program Files (x86)\Freedom

2013-12-06 20:25 - 2013-09-10 08:16 - 00000000 ____D C:\Users\Alex\AppData\Local\Spotify

2013-12-03 12:18 - 2013-09-06 21:07 - 00000000 ____D C:\Users\Alex\Documents\BE403 - TA

2013-12-01 23:37 - 2013-12-01 23:37 - 00000000 ____D C:\Users\Alex\AppData\OICE_15_974FA576_32C1D314_15C

2013-12-01 23:37 - 2013-12-01 23:36 - 11575758 _____ C:\Users\Alex\Downloads\Lect2_BMS501_13(1).pptx

2013-11-27 14:40 - 2013-11-27 14:40 - 10079744 _____ C:\Users\Alex\Downloads\AcademicOverview-Spring2013.ppt

2013-11-27 14:38 - 2013-11-27 14:38 - 00273109 _____ C:\Users\Alex\Downloads\the-power-of-the-syllabus-2010-08-18.pptx

2013-11-27 12:15 - 2013-11-27 12:14 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Alex\Downloads\mbam-setup-1.75.0.1300.exe

2013-11-27 11:56 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache

2013-11-27 10:10 - 2013-11-27 10:10 - 06222336 _____ C:\Users\Alex\Downloads\Lect1_BMS501_13.ppt

2013-11-27 09:21 - 2013-11-25 22:01 - 00012014 _____ C:\Users\Alex\Downloads\BE GSA E-Mail.xlsx

2013-11-26 19:42 - 2013-09-27 11:56 - 00000000 ____D C:\Users\Alex\AppData\Local\cache

2013-11-26 19:42 - 2013-09-27 11:39 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Autodesk

2013-11-26 19:42 - 2013-09-27 11:39 - 00000000 ____D C:\ProgramData\Autodesk

2013-11-24 23:32 - 2013-11-24 23:32 - 00000000 ____D C:\Users\Public\Documents\Autodesk

2013-11-24 15:28 - 2013-09-06 20:37 - 00000000 ____D C:\Users\Alex\Documents\BMS501

2013-11-23 17:49 - 2013-11-23 17:47 - 00000000 ____D C:\Users\Alex\Documents\New folder

2013-11-23 17:16 - 2013-09-06 14:57 - 00143536 _____ C:\Users\Alex\AppData\Local\GDIPFONTCACHEV1.DAT

2013-11-23 17:15 - 2009-07-13 23:45 - 00515808 _____ C:\Windows\system32\FNTCACHE.DAT

2013-11-23 17:11 - 2013-11-23 17:11 - 00002091 _____ C:\Users\Public\Desktop\Inventor Fusion 2013.lnk

2013-11-23 17:11 - 2013-09-27 11:46 - 00000000 ____D C:\Program Files\Autodesk

2013-11-23 16:58 - 2013-11-23 16:54 - 00002106 _____ C:\Users\Public\Desktop\AutoCAD 2013 - English.lnk

2013-11-23 16:58 - 2013-11-23 15:52 - 00000000 ____D C:\Program Files\Common Files\Autodesk Shared

2013-11-23 16:29 - 2013-11-23 16:29 - 00000000 ____D C:\Program Files (x86)\Autodesk

2013-11-23 16:19 - 2013-05-15 18:29 - 00010787 _____ C:\Windows\DirectX.log

2013-11-23 16:08 - 2013-11-23 16:06 - 09699080 _____ C:\Users\Alex\Downloads\AutoCAD_2013_English_Win_32_64bit_wi_en-US_Setup1 (1).exe

2013-11-23 16:06 - 2013-09-27 11:47 - 00000000 ____D C:\Users\Alex\AppData\Local\Autodesk

2013-11-23 15:56 - 2013-11-23 15:56 - 00000000 ____D C:\Users\Alex\Documents\Inventor Server x64 AutoCAD 2012 Language Pack - English

2013-11-23 15:45 - 2013-09-22 18:44 - 00000000 ____D C:\Autodesk

2013-11-23 15:10 - 2013-11-23 14:07 - 1283456912 _____ C:\Users\Alex\Downloads\AutoCAD_2012_English_Win_64bit.exe

2013-11-23 13:53 - 2013-11-23 13:53 - 09699080 _____ C:\Users\Alex\Downloads\AutoCAD_2013_English_Win_32_64bit_wi_en-US_Setup1.exe

2013-11-23 01:51 - 2013-09-06 23:43 - 00000000 ____D C:\Users\Alex\Documents\Research

2013-11-23 00:58 - 2013-11-23 00:58 - 00000000 ____D C:\Users\Alex\Downloads\live_at_eddies_attic

2013-11-22 23:33 - 2013-11-22 23:33 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2013-11-22 23:33 - 2013-11-22 23:33 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2013-11-22 23:33 - 2013-11-22 23:33 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2013-11-22 23:33 - 2013-11-22 23:33 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2013-11-22 23:33 - 2013-11-22 23:33 - 00000000 ____D C:\ProgramData\Sun

2013-11-22 23:33 - 2013-11-22 23:33 - 00000000 ____D C:\ProgramData\Oracle

2013-11-22 23:33 - 2013-11-22 23:33 - 00000000 ____D C:\Program Files (x86)\Java

2013-11-22 23:30 - 2013-11-22 23:30 - 00915368 _____ (Oracle Corporation) C:\Users\Alex\Downloads\chromeinstall-7u45.exe

2013-11-22 23:28 - 2013-11-22 22:15 - 363138594 _____ C:\Users\Alex\Downloads\aint_no_trip_to_cleveland_vol_1.zip

2013-11-22 22:33 - 2013-11-22 22:16 - 74495742 _____ C:\Users\Alex\Downloads\live_at_eddies_attic.zip

2013-11-22 22:31 - 2013-11-22 22:31 - 00000000 ____D C:\Users\Alex\Downloads\burn_for_free

2013-11-22 22:31 - 2013-11-22 22:31 - 00000000 ____D C:\Users\Alex\Downloads\autumn_eu_uk_tour_ep

2013-11-22 22:30 - 2013-11-22 22:30 - 00000000 ____D C:\Users\Alex\Downloads\remix_ep

2013-11-22 22:25 - 2013-11-22 22:15 - 35439692 _____ C:\Users\Alex\Downloads\autumn_eu_uk_tour_ep.zip

2013-11-22 22:23 - 2013-11-22 22:23 - 00000000 ____D C:\Users\Alex\Downloads\a_bit_of_bronze

2013-11-22 22:22 - 2013-11-22 22:15 - 19256872 _____ C:\Users\Alex\Downloads\burn_for_free.zip

2013-11-22 22:22 - 2013-11-22 22:08 - 52392216 _____ C:\Users\Alex\Downloads\remix_ep.zip

2013-11-22 22:21 - 2013-11-22 22:08 - 50934175 _____ C:\Users\Alex\Downloads\a_bit_of_bronze.zip

2013-11-22 22:18 - 2013-11-22 22:18 - 00000000 ____D C:\Users\Alex\Downloads\a_lil_more_christmas

2013-11-22 22:13 - 2013-11-22 22:06 - 27056451 _____ C:\Users\Alex\Downloads\a_lil_more_christmas.zip

2013-11-19 23:55 - 2013-11-19 23:55 - 00000000 ____D C:\Users\Alex\Desktop\GodMode.{ED7BA470-8E54-465E-825C-99712043E01C}

2013-11-17 23:43 - 2013-11-17 23:42 - 00000000 ____D C:\Users\Alex\AppData\OICE_15_974FA576_32C1D314_FC3

2013-11-17 23:42 - 2013-11-17 23:41 - 07985664 _____ C:\Users\Alex\Downloads\Cell cycle checkpoints_2013.ppt

2013-11-17 21:43 - 2013-11-17 21:43 - 00001138 _____ C:\Users\Alex\Downloads\2pheh2o.pdb

2013-11-17 17:29 - 2013-09-06 19:08 - 00000000 ____D C:\ProgramData\Microsoft Help

2013-11-15 20:29 - 2013-05-15 18:37 - 00000000 ____D C:\ProgramData\Hewlett-Packard

2013-11-15 20:27 - 2009-07-14 00:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD

2013-11-15 20:21 - 2013-09-06 21:40 - 00000000 ____D C:\Users\Public\Documents\EndNote

2013-11-14 18:24 - 2009-07-13 21:34 - 00000478 _____ C:\Windows\win.ini

2013-11-12 22:28 - 2013-11-07 23:17 - 00000000 ____D C:\Users\Alex\Documents\Resume

2013-11-10 14:16 - 2013-11-10 14:16 - 00002318 _____ C:\Users\Alex\Downloads\10.1002%2Fjbm.a.32081.enw

2013-11-10 13:12 - 2013-11-10 13:12 - 00002321 _____ C:\Users\Alex\Downloads\10.1111%2Fj.1525-1594.2011.01297.x.enw

2013-11-10 09:55 - 2013-11-10 09:55 - 00000000 ____D C:\ProgramData\Eighty Percent Solutions Corporation

2013-11-10 09:53 - 2013-11-10 09:53 - 04711128 _____ (Eighty Percent Solutions Corporation) C:\Users\Alex\Downloads\Installer.exe

2013-11-10 09:47 - 2013-11-10 09:47 - 01606103 _____ (RescueTime, Inc.                                            ) C:\Users\Alex\Downloads\RescueTimeInstaller.exe

2013-11-09 17:02 - 2013-11-09 16:10 - 00000000 ____D C:\Users\Alex\Downloads\The Heat (2013)

2013-11-09 15:13 - 2013-11-09 15:13 - 00001816 _____ C:\Users\Alex\Downloads\science (5).RIS

 

Some content of TEMP:

====================

C:\Users\Alex\AppData\Local\Temp\6_Offer_18.exe

C:\Users\Alex\AppData\Local\Temp\AcDeltree.exe

C:\Users\Alex\AppData\Local\Temp\AVG-Safeguard.exe

C:\Users\Alex\AppData\Local\Temp\BackupSetup.exe

C:\Users\Alex\AppData\Local\Temp\Extract.exe

C:\Users\Alex\AppData\Local\Temp\oi_{BE019C99-557B-4197-A1A7-CBEA4723F2BC}.exe

C:\Users\Alex\AppData\Local\Temp\Quarantine.exe

C:\Users\Alex\AppData\Local\Temp\Risweb32.exe

C:\Users\Alex\AppData\Local\Temp\SP56478.exe

C:\Users\Alex\AppData\Local\Temp\SP56929.exe

C:\Users\Alex\AppData\Local\Temp\SP57138.exe

C:\Users\Alex\AppData\Local\Temp\SP57698.exe

C:\Users\Alex\AppData\Local\Temp\SP57966.exe

C:\Users\Alex\AppData\Local\Temp\sp58915.exe

C:\Users\Alex\AppData\Local\Temp\SP60051.exe

C:\Users\Alex\AppData\Local\Temp\SP61037.exe

C:\Users\Alex\AppData\Local\Temp\SP62991.exe

C:\Users\Alex\AppData\Local\Temp\SP63224.exe

C:\Users\Alex\AppData\Local\Temp\SP63801.exe

C:\Users\Alex\AppData\Local\Temp\SpOrder.dll

C:\Users\Alex\AppData\Local\Temp\UninstallHPSA.exe

 

 

==================== Bamital & volsnap Check =================

 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

 

LastRegBack: 2013-11-30 16:40

 

==================== End Of Log ============================

 


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-12-2013 03

Ran by Alex at 2013-12-09 11:20:33

Running from C:\Users\Alex\Downloads

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

AV: Symantec Endpoint Protection (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Symantec Endpoint Protection (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Symantec Endpoint Protection (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

 

==================== Installed Programs ======================

 

Adobe AIR (x32 Version: 3.8.0.1280)

Adobe Flash Player 11 ActiveX 64-bit (Version: 11.2.202.160)

Adobe Reader XI (11.0.05) (x32 Version: 11.0.05)

Adobe Shockwave Player 11.6 (x32 Version: 11.6.3.633)

Akamai NetSession Interface (HKCU)

Apple Application Support (x32 Version: 2.3.4)

Apple Mobile Device Support (Version: 6.1.0.13)

Apple Software Update (x32 Version: 2.1.3.127)

Atheros Driver Installation Program (x32 Version: 9.2)

AuthenTec TrueAPI 64-bit (Version: 1.6.0.87)

AutoCAD 2013 - English (Version: 19.0.55.0)

AutoCAD 2013 Language Pack - English (Version: 19.0.55.0)

Autodesk Content Service (x32 Version: 3.0.84.0)

Autodesk Content Service Language Pack (x32 Version: 3.0.84.0)

Autodesk Inventor Fusion 2012 (Version: 1.0.0.79)

Autodesk Inventor Fusion 2012 Language Pack (Version: 1.0.0.79)

Autodesk Inventor Fusion 2013 (Version: 2.0.0.206)

Autodesk Inventor Fusion plug-in for AutoCAD 2012 (Version: 0.0.1.138)

Autodesk Inventor Fusion plug-in for AutoCAD 2013 (Version: 0.2.0.230)

Autodesk Inventor Fusion plug-in language pack for AutoCAD 2012 (Version: 0.0.1.138)

Autodesk Inventor Fusion plug-in language pack for AutoCAD 2013 (Version: 0.2.0.230)

Autodesk Material Library 2013 (x32 Version: 3.0.13)

Autodesk Material Library Base Resolution Image Library 2012 (x32 Version: 2.5.0.8)

Autodesk Material Library Base Resolution Image Library 2013 (x32 Version: 3.0.13)

Autodesk Sync (Version: 3.5.24.0)

Bejeweled 3 (x32 Version: 2.2.0.97)

Blackhawk Striker 2 (x32 Version: 2.2.0.95)

Bonjour (Version: 3.0.0.10)

Chuzzle Deluxe (x32 Version: 2.2.0.95)

Cisco EAP-FAST Module (x32 Version: 2.2.14)

Cisco LEAP Module (x32 Version: 1.0.19)

Cisco PEAP Module (x32 Version: 1.1.6)

Cradle of Rome 2 (x32 Version: 2.2.0.98)

CyberLink YouCam (x32 Version: 3.5.2.4725)

D3DX10 (x32 Version: 15.4.2368.0902)

Definition Update for Microsoft Office 2013 (KB2760587) 64-Bit Edition

Dora's World Adventure (x32 Version: 2.2.0.95)

Dropbox (HKCU Version: 2.4.6)

EndNote X7 (x32 Version: 17.0.0.7072)

ESU for Microsoft Windows 7 SP1 (x32 Version: 5.1.5)

Evernote v. 4.5.2 (x32 Version: 4.5.2.5904)

Facebook Messenger 2.1.4814.0 (x32 Version: 2.1.4814.0)

Farm Frenzy (x32 Version: 2.2.0.98)

Farmscapes (x32 Version: 2.2.0.98)

FARO LS 1.1.406.58 (x32 Version: 4.6.58.2)

FATE (x32 Version: 2.2.0.97)

Final Drive Fury (x32 Version: 2.2.0.95)

Gamry Software (x32 Version: 6.11)

Google Chrome (x32 Version: 31.0.1650.63)

Google Update Helper (x32 Version: 1.3.22.3)

Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000)

Hoyle Card Games (x32 Version: 2.2.0.95)

HP 3D DriveGuard (Version: 4.2.9.1)

HP Auto (Version: 1.0.12935.3667)

HP Client Services (Version: 1.1.12938.3539)

HP Connection Manager (x32 Version: 4.1.25.1)

HP CoolSense (x32 Version: 2.10.51)

HP Customer Experience Enhancements (x32 Version: 6.0.1.8)

HP Documentation (x32 Version: 1.2.0.0)

HP Games (x32 Version: 1.0.2.5)

HP Launch Box (Version: 1.1.5)

HP MovieStore (x32 Version: 2.1.096)

HP MovieStore (x32 Version: 2.1.21096.0)

HP On Screen Display (x32 Version: 1.3.5)

HP Power Manager (x32 Version: 1.4.7)

HP Quick Launch (x32 Version: 2.7.2)

HP Recovery Manager (x32 Version: 2.0.0)

HP Security Assistant (Version: 3.0.4)

HP Setup (x32 Version: 9.0.15109.3899)

HP Setup Manager (x32 Version: 1.2.14901.3869)

HP SimplePass (x32 Version: 6.0.100.276)

HP Software Framework (x32 Version: 4.5.12.1)

HP Support Assistant (x32 Version: 7.0.39.15)

IDT Audio (x32 Version: 1.0.6418.0)

Intel® Management Engine Components (x32 Version: 8.0.0.1351)

Intel® OpenCL CPU Runtime (x32)

Intel® Processor Graphics (x32 Version: 8.15.10.2626)

Intel® Rapid Storage Technology (x32 Version: 11.0.0.1032)

Intel® USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.0.199)

Intel® Trusted Connect Service Client (Version: 1.23.216.0)

iTunes (Version: 11.0.5.5)

Java 7 Update 45 (x32 Version: 7.0.450)

Java Auto Updater (x32 Version: 2.1.9.8)

Jewel Match 3 (x32 Version: 2.2.0.98)

Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98)

John Deere Drive Green (x32 Version: 2.2.0.95)

Letters from Nowhere 2 (x32 Version: 2.2.0.97)

Luxor HD (x32 Version: 2.2.0.98)

Mah Jong Medley (x32 Version: 2.2.0.95)

Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)

Microsoft .NET Framework 4 Extended (Version: 4.0.30319)

Microsoft Access MUI (English) 2013 (Version: 15.0.4420.1017)

Microsoft Access Setup Metadata MUI (English) 2013 (Version: 15.0.4420.1017)

Microsoft Application Error Reporting (Version: 12.0.6015.5000)

Microsoft DCF MUI (English) 2013 (Version: 15.0.4420.1017)

Microsoft Excel MUI (English) 2013 (Version: 15.0.4420.1017)

Microsoft Groove MUI (English) 2013 (Version: 15.0.4420.1017)

Microsoft InfoPath MUI (English) 2013 (Version: 15.0.4420.1017)

Microsoft Lync MUI (English) 2013 (Version: 15.0.4420.1017)

Microsoft Office 32-bit Components 2013 (Version: 15.0.4420.1017)

Microsoft Office OSM MUI (English) 2013 (Version: 15.0.4420.1017)

Microsoft Office OSM UX MUI (English) 2013 (Version: 15.0.4420.1017)

Microsoft Office Professional Plus 2013 (Version: 15.0.4420.1017)

Microsoft Office Proofing (English) 2013 (Version: 15.0.4420.1017)

Microsoft Office Proofing Tools 2013 - English (Version: 15.0.4420.1017)

Microsoft Office Proofing Tools 2013 - Español (Version: 15.0.4420.1017)

Microsoft Office Shared 32-bit MUI (English) 2013 (Version: 15.0.4420.1017)

Microsoft Office Shared MUI (English) 2013 (Version: 15.0.4420.1017)

Microsoft Office Shared Setup Metadata MUI (English) 2013 (Version: 15.0.4420.1017)

Microsoft OneNote MUI (English) 2013 (Version: 15.0.4420.1017)

Microsoft Outlook MUI (English) 2013 (Version: 15.0.4420.1017)

Microsoft PowerPoint MUI (English) 2013 (Version: 15.0.4420.1017)

Microsoft Publisher MUI (English) 2013 (Version: 15.0.4420.1017)

Microsoft Silverlight (Version: 5.1.20913.0)

Microsoft SkyDrive (HKCU Version: 17.0.2015.0811)

Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)

Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)

Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)

Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)

Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)

Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)

Microsoft Word MUI (English) 2013 (Version: 15.0.4420.1017)

Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0)

Movie Maker (x32 Version: 16.4.3505.0912)

Mozilla Firefox 23.0.1 (x86 en-US) (x32 Version: 23.0.1)

Mozilla Maintenance Service (x32 Version: 23.0.1)

MSVCRT (x32 Version: 15.4.2862.0708)

MSVCRT110 (x32 Version: 16.4.1108.0727)

MSVCRT110_amd64 (Version: 16.4.1109.0912)

MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)

MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)

opensource (x32 Version: 1.0.14960.3876)

Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4420.1017)

Pandora (x32 Version: 2.0.8)

PDF Architect (x32 Version: 1.1.83.9982)

PDFCreator (x32 Version: 1.7.1)

Penguins! (x32 Version: 2.2.0.98)

Photo Gallery (x32 Version: 16.4.3505.0912)

Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98)

Poker Superstars III (x32 Version: 2.2.0.95)

Polar Bowler (x32 Version: 2.2.0.97)

Polar Daemon (x32 Version: 2.2.20000)

Polar Golfer (x32 Version: 2.2.0.98)

Polar WebSync (x32 Version: 2.8.10006)

Realtek Ethernet Controller Driver (x32 Version: 7.48.823.2011)

Realtek PCIE Card Reader (x32 Version: 6.1.7601.29005)

ResearchSoft Direct Export Helper (x32)

RollerCoaster Tycoon 3: Platinum (x32 Version: 2.2.0.98)

ScorpionSaver (x32 Version: 1.0.0.0) <==== ATTENTION

Secure Download Manager (x32 Version: 3.1.10)

SketchUp 8 (x32 Version: 3.0.16846)

Skype™ 5.10 (x32 Version: 5.10.116)

Spotify (HKCU Version: 0.9.6.81.gd359a796)

swMSM (x32 Version: 12.0.0.1)

Symantec Endpoint Protection (Version: 12.1.3001.165)

Synaptics Pointing Device Driver (Version: 15.3.29.0)

The Treasures of Mystery Island: The Ghost Ship (x32 Version: 2.2.0.98)

Torchlight (x32 Version: 2.2.0.98)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)

Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3)

Update for Microsoft Access 2013 (KB2768008) 64-Bit Edition

Update for Microsoft InfoPath 2013 (KB2752078) 64-Bit Edition

Update for Microsoft Lync 2013 (KB2817678) 64-Bit Edition

Update for Microsoft Lync 2013 (KB2825630) 64-Bit Edition

Update for Microsoft Office 2013 (KB2726954) 64-Bit Edition

Update for Microsoft Office 2013 (KB2726996) 64-Bit Edition

Update for Microsoft Office 2013 (KB2738038) 64-Bit Edition

Update for Microsoft Office 2013 (KB2760224) 64-Bit Edition

Update for Microsoft Office 2013 (KB2760242) 64-Bit Edition

Update for Microsoft Office 2013 (KB2760257) 64-Bit Edition

Update for Microsoft Office 2013 (KB2760267) 64-Bit Edition

Update for Microsoft Office 2013 (KB2760539) 64-Bit Edition

Update for Microsoft Office 2013 (KB2760553) 64-Bit Edition

Update for Microsoft Office 2013 (KB2760610) 64-Bit Edition

Update for Microsoft Office 2013 (KB2767845) 64-Bit Edition

Update for Microsoft Office 2013 (KB2768016) 64-Bit Edition

Update for Microsoft Office 2013 (KB2817309) 64-Bit Edition

Update for Microsoft Office 2013 (KB2817311) 64-Bit Edition

Update for Microsoft Office 2013 (KB2817314) 64-Bit Edition

Update for Microsoft Office 2013 (KB2817316) 64-Bit Edition

Update for Microsoft Office 2013 (KB2817490) 64-Bit Edition

Update for Microsoft Office 2013 (KB2817626) 64-Bit Edition

Update for Microsoft Office 2013 (KB2817640) 64-Bit Edition

Update for Microsoft Office 2013 (KB2827225) 64-Bit Edition

Update for Microsoft Office 2013 (KB2827230) 64-Bit Edition

Update for Microsoft Office 2013 (KB2827239) 64-Bit Edition

Update for Microsoft Office 2013 (KB2837643) 64-Bit Edition

Update for Microsoft Office 2013 (KB2837649) 64-Bit Edition

Update for Microsoft OneNote 2013 (KB2837642) 64-Bit Edition

Update for Microsoft PowerPoint 2013 (KB2726947) 64-Bit Edition

Update for Microsoft PowerPoint 2013 (KB2817625) 64-Bit Edition

Update for Microsoft Project 2013 (KB2767859) 64-Bit Edition

Update for Microsoft Publisher 2013 (KB2752097) 64-Bit Edition

Update for Microsoft SkyDrive Pro (KB2837652) 64-Bit Edition

Update for Microsoft Visio 2013 (KB2752018) 64-Bit Edition

Update for Microsoft Visio Viewer 2013 (KB2768338) 64-Bit Edition

Update for Microsoft Word 2013 (KB2817631) 64-Bit Edition

Update for Microsoft Word 2013 (KB2837630) 64-Bit Edition

Update Installer for WildTangent Games App (x32)

Validity Sensors DDK (Version: 3.1.374)

Validity WBF DDK (Version: 4.3.301.0)

Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98)

Visual Basic for Applications ® Core - English (x32 Version: 6.5.10.32)

Visual Basic for Applications ® Core (x32 Version: 6.5.10.32)

WildTangent Games App (HP Games) (x32 Version: 4.0.5.32)

Windows Live Communications Platform (x32 Version: 16.4.3505.0912)

Windows Live Essentials (x32 Version: 16.4.3505.0912)

Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)

Windows Live Installer (x32 Version: 16.4.3505.0912)

Windows Live Photo Common (x32 Version: 16.4.3505.0912)

Windows Live PIMT Platform (x32 Version: 16.4.3505.0912)

Windows Live SOXE (x32 Version: 16.4.3505.0912)

Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912)

Windows Live UX Platform (x32 Version: 16.4.3505.0912)

Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912)

WModem Driver Installer (x32 Version: 2.0.6.14)

Zuma's Revenge (x32 Version: 2.2.0.98)

 

==================== Restore Points  =========================

 

27-11-2013 17:16:01 Removed ScorpionSaver

27-11-2013 19:32:13 Removed ScorpionSaver

07-12-2013 01:44:27 Removed Freedom

09-12-2013 04:53:50 Removed ScorpionSaver Services

09-12-2013 04:56:47 Removed ScorpionSaver Services

 

==================== Hosts content: ==========================

 

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

 

==================== Scheduled Tasks (whitelisted) =============

 

Task: {074D281B-1488-4053-8BD9-4EEF7C699561} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-936287634-1733484053-4269857232-1000Core => C:\Users\Alex\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-10-20] (Facebook Inc.)

Task: {38792EE3-9438-49D0-915D-E661732F4EA4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-06] (Google Inc.)

Task: {3C57DE68-6E06-4807-85D6-9327A50D2BDA} - \Advanced System Protector No Task File

Task: {3EB5F5C1-A1D8-46F1-9C63-B45C962BC91B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-10-15] (Hewlett-Packard)

Task: {686E5937-6385-457B-8C9A-E91875176A6A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {970E6463-BF53-4B11-BF8C-A7312804BF8F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis Install => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)

Task: {9BFEA415-E283-4794-AF38-B1BA34300553} - \Advanced System Protector_startup No Task File

Task: {A00F128A-66CE-4FA7-8561-B8FCA7D4DEC5} - System32\Tasks\HPCeeScheduleForAlex => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)

Task: {AA8C8626-97C2-47DF-B45B-DBE6F3337EA6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-06] (Google Inc.)

Task: {AF14FA4E-96D6-4741-B296-1820652F75DE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)

Task: {B403BD53-02F8-4F96-A118-AEFB04BD79D2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)

Task: {C2F07D94-BA70-48AC-8F14-E871E0EB5D3A} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-936287634-1733484053-4269857232-1000UA => C:\Users\Alex\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-10-20] (Facebook Inc.)

Task: {C5105E1E-FD9F-45B6-8957-430935DB92D8} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)

Task: {C56E8C42-5CB0-4A92-83A6-98028F51BEAA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)

Task: {E8C51D3C-F5A1-45E6-8E03-C6B859C689C1} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)

Task: {EA2276BD-6D50-410D-A9F1-A9908B6FC812} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-10-15] (Hewlett-Packard)

Task: {EA5734C9-90EB-44B5-8020-2AC03961F515} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-11-28] (CyberLink)

Task: {F6BF7CBC-48D6-4B5B-963F-F78F88310425} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-04-01] (Hewlett-Packard Company)

Task: {F9499F82-7B8D-45FA-86F4-160BA425ED68} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-15] (Adobe Systems Incorporated)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-936287634-1733484053-4269857232-1000Core.job => C:\Users\Alex\AppData\Local\Facebook\Update\FacebookUpdate.exe

Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-936287634-1733484053-4269857232-1000UA.job => C:\Users\Alex\AppData\Local\Facebook\Update\FacebookUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\HPCeeScheduleForAlex.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

 

==================== Loaded Modules (whitelisted) =============

 

2013-10-17 11:25 - 2013-10-17 11:25 - 08866472 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll

2013-08-29 11:25 - 2012-01-18 18:48 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll

2013-04-21 20:44 - 2013-04-21 20:44 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2013-04-21 20:44 - 2013-04-21 20:44 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2012-12-12 14:20 - 2012-12-12 14:20 - 03483856 _____ () C:\Program Files (x86)\Polar\Daemon\libpolar.dll

2013-02-26 15:59 - 2013-02-26 15:59 - 00110648 _____ () C:\Program Files (x86)\Polar\WebSync\PTransform.dll

2010-02-10 15:06 - 2010-02-10 15:06 - 00334848 _____ () C:\Program Files (x86)\Polar\WebSync\QtXml4.dll

2011-01-14 15:01 - 2011-01-14 15:01 - 02142720 _____ () C:\Program Files (x86)\Polar\WebSync\QtCore4.dll

2013-02-26 15:59 - 2013-02-26 15:59 - 03722296 _____ () C:\Program Files (x86)\Polar\WebSync\libpolar.dll

2010-02-10 15:22 - 2010-02-10 15:22 - 07971840 _____ () C:\Program Files (x86)\Polar\WebSync\QtGui4.dll

2010-02-10 15:07 - 2010-02-10 15:07 - 00929280 _____ () C:\Program Files (x86)\Polar\WebSync\QtNetwork4.dll

2010-02-10 17:45 - 2010-02-10 17:45 - 00025600 _____ () C:\Program Files (x86)\Polar\WebSync\imageformats\qgif4.dll

2010-02-10 17:45 - 2010-02-10 17:45 - 00119808 _____ () C:\Program Files (x86)\Polar\WebSync\imageformats\qjpeg4.dll

2013-08-23 14:01 - 2013-08-23 14:01 - 25100288 _____ () C:\Users\Alex\AppData\Roaming\Dropbox\bin\libcef.dll

2013-03-07 20:32 - 2013-03-07 20:32 - 00292272 _____ () C:\Users\Alex\AppData\Local\Facebook\Messenger\2.1.4814.0\CefSharp.dll

2013-03-07 20:32 - 2013-03-07 20:32 - 21014960 _____ () C:\Users\Alex\AppData\Local\Facebook\Messenger\2.1.4814.0\libcef.dll

2013-03-07 20:32 - 2013-03-07 20:32 - 00179632 _____ () C:\Users\Alex\AppData\Local\Facebook\Messenger\2.1.4814.0\CefSharp.WinForms.dll

2013-10-17 11:25 - 2013-10-17 11:25 - 08866472 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll

2013-12-06 20:49 - 2013-12-03 21:47 - 00702416 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libglesv2.dll

2013-12-06 20:49 - 2013-12-03 21:47 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libegl.dll

2013-12-06 20:49 - 2013-12-03 21:48 - 04055504 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll

2013-12-06 20:49 - 2013-12-03 21:48 - 00399312 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll

2013-12-06 20:49 - 2013-12-03 21:47 - 01619408 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll

2013-09-08 15:45 - 2013-09-08 15:45 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\991a8d378a3e64b31c0f4770ba9ae071\IsdiInterop.ni.dll

2013-08-29 11:28 - 2011-11-29 23:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll

2013-08-29 11:25 - 2011-12-16 13:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

2011-04-27 16:05 - 2011-04-27 16:05 - 00514570 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\sqlite3.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

 

==================== Safe Mode (whitelisted) ===================

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SepMasterService => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmcService => ""="Service"

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (12/09/2013 11:17:26 AM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (12/09/2013 11:12:08 AM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 10455046

 

Error: (12/09/2013 11:12:08 AM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 10455046

 

Error: (12/09/2013 11:12:08 AM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (12/09/2013 08:18:03 AM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 10062

 

Error: (12/09/2013 08:18:03 AM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 10062

 

Error: (12/09/2013 08:18:03 AM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (12/09/2013 08:18:02 AM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 9032

 

Error: (12/09/2013 08:18:02 AM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 9032

 

Error: (12/09/2013 08:18:02 AM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

 

System errors:

=============

Error: (12/09/2013 00:01:55 AM) (Source: EventLog) (User: )

Description: The previous system shutdown at 12:00:52 AM on ‎12/‎9/‎2013 was unexpected.

 

Error: (12/08/2013 11:57:13 PM) (Source: Service Control Manager) (User: )

Description: The AdpeakProxy service terminated unexpectedly.  It has done this 1 time(s).

 

Error: (12/08/2013 10:40:31 PM) (Source: Service Control Manager) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the hpCMSrv service.

 

Error: (12/08/2013 10:39:59 PM) (Source: Service Control Manager) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the hpCMSrv service.

 

Error: (12/08/2013 10:39:29 PM) (Source: Service Control Manager) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the hpCMSrv service.

 

Error: (12/08/2013 10:38:59 PM) (Source: Service Control Manager) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the hpCMSrv service.

 

Error: (12/08/2013 10:38:10 PM) (Source: Service Control Manager) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the hpCMSrv service.

 

Error: (12/08/2013 10:09:16 PM) (Source: Service Control Manager) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the hpCMSrv service.

 

Error: (12/08/2013 10:08:46 PM) (Source: Service Control Manager) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the hpCMSrv service.

 

Error: (12/08/2013 10:08:14 PM) (Source: Service Control Manager) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the hpCMSrv service.

 

 

Microsoft Office Sessions:

=========================

Error: (12/09/2013 11:17:26 AM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (12/09/2013 11:12:08 AM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 10455046

 

Error: (12/09/2013 11:12:08 AM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: m->NextScheduledEvent 10455046

 

Error: (12/09/2013 11:12:08 AM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (12/09/2013 08:18:03 AM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 10062

 

Error: (12/09/2013 08:18:03 AM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: m->NextScheduledEvent 10062

 

Error: (12/09/2013 08:18:03 AM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (12/09/2013 08:18:02 AM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 9032

 

Error: (12/09/2013 08:18:02 AM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: m->NextScheduledEvent 9032

 

Error: (12/09/2013 08:18:02 AM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

 

==================== Memory info =========================== 

 

Percentage of memory in use: 35%

Total physical RAM: 8087.31 MB

Available physical RAM: 5200.91 MB

Total Pagefile: 16172.8 MB

Available Pagefile: 12978.52 MB

Total Virtual: 8192 MB

Available Virtual: 8191.77 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:677.61 GB) (Free:494.88 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Drive d: (Recovery) (Fixed) (Total:20.73 GB) (Free:2.24 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.07 GB) FAT32

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: 3782AF8B)

Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=678 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=21 GB) - (Type=07 NTFS)

Partition 4: (Not Active) - (Size=102 MB) - (Type=0C)

 

==================== End Of Log ============================

 

 


 

 

Link to post
Share on other sites

Did you run Malwarebytes, if so can I see the log....

 

Next,

 

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.


The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Next,

 

As Scorpion Saver shows in the installed programs list see if it will uninstall, try this:

 

Please download and install Revo Uninstaller Free

 

  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • When prompted click on Yes and then on next.
  • Put a check on any folders that are found and select delete
  • When prompted select yes then on next
  • Once done click Finish.

 

Next,

 

The uninstall may or may not work, still run the following:

 

Please download SystemLook from the following link below and save it to your Desktop. Use the correct version 32bit or 64bit.

 

http://jpshortstuff.247fixes.com/SystemLook_x64.exe      <<-   64 bit….

 

http://images.malwareremoval.com/jpshortstuff/SystemLook.exe  <<-  32 bit

 


Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:
 
:filefind*adpeak*Adpeak.**Scorpion*Scopion.*:folderfind*Scorpion**adpeak*:regfind*Scorpion*Scorpion*adpeak*adpeak
 
Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

 

fixlist.txt

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-12-2013

Ran by Alex at 2013-12-09 18:25:08 Run:1

Running from C:\Users\Alex\Downloads

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

Start

C:\Users\Alex\AppData\Local\Temp\6_Offer_18.exe

C:\Users\Alex\AppData\Local\Temp\AcDeltree.exe

C:\Users\Alex\AppData\Local\Temp\AVG-Safeguard.exe

C:\Users\Alex\AppData\Local\Temp\BackupSetup.exe

C:\Users\Alex\AppData\Local\Temp\Extract.exe

C:\Users\Alex\AppData\Local\Temp\oi_{BE019C99-557B-4197-A1A7-CBEA4723F2BC}.exe

C:\Users\Alex\AppData\Local\Temp\Quarantine.exe

C:\Users\Alex\AppData\Local\Temp\Risweb32.exe

C:\Users\Alex\AppData\Local\Temp\SP56478.exe

C:\Users\Alex\AppData\Local\Temp\SP56929.exe

C:\Users\Alex\AppData\Local\Temp\SP57138.exe

C:\Users\Alex\AppData\Local\Temp\SP57698.exe

C:\Users\Alex\AppData\Local\Temp\SP57966.exe

C:\Users\Alex\AppData\Local\Temp\sp58915.exe

C:\Users\Alex\AppData\Local\Temp\SP60051.exe

C:\Users\Alex\AppData\Local\Temp\SP61037.exe

C:\Users\Alex\AppData\Local\Temp\SP62991.exe

C:\Users\Alex\AppData\Local\Temp\SP63224.exe

C:\Users\Alex\AppData\Local\Temp\SP63801.exe

C:\Users\Alex\AppData\Local\Temp\SpOrder.dll

C:\Users\Alex\AppData\Local\Temp\UninstallHPSA.exe

End

 

 

 

*****************

 

C:\Users\Alex\AppData\Local\Temp\6_Offer_18.exe => Moved successfully.

C:\Users\Alex\AppData\Local\Temp\AcDeltree.exe => Moved successfully.

C:\Users\Alex\AppData\Local\Temp\AVG-Safeguard.exe => Moved successfully.

C:\Users\Alex\AppData\Local\Temp\BackupSetup.exe => Moved successfully.

C:\Users\Alex\AppData\Local\Temp\Extract.exe => Moved successfully.

C:\Users\Alex\AppData\Local\Temp\oi_{BE019C99-557B-4197-A1A7-CBEA4723F2BC}.exe => Moved successfully.

C:\Users\Alex\AppData\Local\Temp\Quarantine.exe => Moved successfully.

C:\Users\Alex\AppData\Local\Temp\Risweb32.exe => Moved successfully.

C:\Users\Alex\AppData\Local\Temp\SP56478.exe => Moved successfully.

C:\Users\Alex\AppData\Local\Temp\SP56929.exe => Moved successfully.

C:\Users\Alex\AppData\Local\Temp\SP57138.exe => Moved successfully.

C:\Users\Alex\AppData\Local\Temp\SP57698.exe => Moved successfully.

C:\Users\Alex\AppData\Local\Temp\SP57966.exe => Moved successfully.

C:\Users\Alex\AppData\Local\Temp\sp58915.exe => Moved successfully.

C:\Users\Alex\AppData\Local\Temp\SP60051.exe => Moved successfully.

C:\Users\Alex\AppData\Local\Temp\SP61037.exe => Moved successfully.

C:\Users\Alex\AppData\Local\Temp\SP62991.exe => Moved successfully.

C:\Users\Alex\AppData\Local\Temp\SP63224.exe => Moved successfully.

C:\Users\Alex\AppData\Local\Temp\SP63801.exe => Moved successfully.

C:\Users\Alex\AppData\Local\Temp\SpOrder.dll => Moved successfully.

C:\Users\Alex\AppData\Local\Temp\UninstallHPSA.exe => Moved successfully.

 

==== End of Fixlog ====

 


SystemLook 30.07.11 by jpshortstuff

Log created at 18:27 on 09/12/2013 by Alex

Administrator - Elevation successful

 

========== filefind ==========

 

Searching for "*adpeak*"

C:\Users\Alex\AppData\Local\Temp\AdpeakRegisterLSP.ini.log --a---- 8566 bytes [15:03 30/11/2013] [04:57 09/12/2013] BA91F2E93CC75879D3C900D4A71E6AE8

C:\Windows\System32\AdpeakProxy64.dll --a---- 439296 bytes [15:03 30/11/2013] [15:18 16/10/2013] 78857BF5996E9BC8E82C1B671CBF85E6

 

Searching for "Adpeak.*"

No files found.

 

Searching for "*Scorpion*"

C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.scorpionsaver.com_0.localstorage --a---- 2739200 bytes [03:16 03/12/2013] [04:53 09/12/2013] B4A749AAFDC23A20B9760023DEF15FD1

C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.scorpionsaver.com_0.localstorage-journal --a---- 16384 bytes [03:16 03/12/2013] [04:53 09/12/2013] 0E59CBCF177473D42593FCF0AD0D734C

 

Searching for "Scopion.*"

No files found.

 

========== folderfind ==========

 

Searching for "*Scorpion*"

C:\Users\Alex\AppData\Local\VS Revo Group\Revo Uninstaller Pro\BackUpsData\ScorpionSaver-09122013-182106 d------ [23:21 09/12/2013]

C:\Users\Alex\Music\Scorpions d------ [01:50 15/09/2013]

 

Searching for "*adpeak*"

No folders found.

 

========== regfind ==========

 

Searching for "*Scorpion*"

No data found.

 

Searching for "Scorpion"

[HKEY_CURRENT_USER\Software\AppDataLow\Software\Scorpion Saver]

[HKEY_CURRENT_USER\Software\AppDataLow\Software\ScorpionSaver]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SOFTWARE\Wow6432Node\CLSID\B4AECD8C-1CA3-44B5-9E51-3F6B4DA032AD]

@="ScorpionSaver"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SOFTWARE\Wow6432Node\CLSID\B4AECD8C-1CA3-44B5-9E51-3F6B4DA032AD\InProcServer32]

@="C:\Program Files(x86)\ScorpionSaver\IECore.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Scorpion Saver]

[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Scorpion Saver]

[HKEY_USERS\S-1-5-21-936287634-1733484053-4269857232-1000\Software\AppDataLow\Software\Scorpion Saver]

[HKEY_USERS\S-1-5-21-936287634-1733484053-4269857232-1000\Software\AppDataLow\Software\ScorpionSaver]

[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Scorpion Saver]

 

Searching for "*adpeak*"

No data found.

 

Searching for "adpeak"

No data found.

 

-= EOF =-

 

It seems to be off my computer. Thank you for your help. 

Link to post
Share on other sites

Yes just about done, some registry issues and remnant files to move....

 

Download OTM from either of the following links and save to your Desktop: (If your security alerts to OTM, either accept the alert or turn off security to allow OTM to run)

http://oldtimer.geekstogo.com/OTM.exe.
http://www.itxassociates.com/OT-Tools/OTM.com
http://www.itxassociates.com/OT-Tools/OTM.exe  

Double click OTM.exe to start the tool. Vista or Windows 7 users accepy UAC alert. Be aware all processes will be stopped during run, also Desktop will disappear, this will be put back on completion.... If your security alerts to OTM either, accept the alert or turn off security until OTM completes...

  • Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy). Ensure to start with and include the colon before Reg :Reg

    :Reg[-HKEY_CURRENT_USER\Software\AppDataLow\Software\Scorpion Saver][-HKEY_CURRENT_USER\Software\AppDataLow\Software\ScorpionSaver][-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SOFTWARE\Wow6432Node\CLSID\B4AECD8C-1CA3-44B5-9E51-3F6B4DA032AD][-HKEY_LOCAL_MACHINE\SOFTWARE\Scorpion Saver][-HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Scorpion Saver][-HKEY_USERS\S-1-5-21-936287634-1733484053-4269857232-1000\Software\AppDataLow\Software\Scorpion Saver][-HKEY_USERS\S-1-5-21-936287634-1733484053-4269857232-1000\Software\AppDataLow\Software\ScorpionSaver][-HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Scorpion Saver]:FilesC:\Users\Alex\AppData\Local\Temp\AdpeakRegisterLSP.ini.logC:\Windows\System32\AdpeakProxy64.dllC:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.scorpionsaver.com_0.localstorageC:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.scorpionsaver.com_0.localstorage-journalC:\Program Files(x86)\ScorpionSaver:Commands[EmptyTemp]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red btnmoveit.png button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM


Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.

 

We should be able to clean up and remove tools etc after OTM completes....

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.