Jump to content

Need advice on what to get rid of after scan please


Tomlr92
 Share

Recommended Posts

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

   

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

All of the entries in that log need to go, Scorpion Saver is nasty adware that can be difficult to remove. Do the following, exactly as written...

 

Run Malwarebytes,  Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Full scan

Make sure that everything is checked, and click Remove Selected on any found items.

 

Next,

 

Download AdwCleaner by Xplode from here: http://www.bleepingcomputer.com/download/adwcleaner/ and save to your Desktop.

 

  • Double click on AdwCleaner.exe to run the tool.
  • Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Uncheck any elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review.
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted (if necessary):
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

 

Next,

 

Please download SystemLook from the following link below and save it to your Desktop. Use the correct version 32bit or 64bit.

 

http://jpshortstuff.247fixes.com/SystemLook_x64.exe      <<-   64 bit….

 

http://images.malwareremoval.com/jpshortstuff/SystemLook.exe  <<-  32 bit

 


Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:
 
:filefind*adpeak*Adpeak.**Scorpion*Scopion.*:folderfind*Scorpion**adpeak*:regfind*Scorpion*Scorpion*adpeak*adpeak
 
Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

 

Post the produced logs..

 

Kevin

Link to post
Share on other sites

Ok Everything cleaned and here is the report. I also attached the system look and pasted it here.

 

Thank you so much for the help

Tomlr92

 

 

# AdwCleaner v3.015 - Report created 13/12/2013 at 08:25:46
# Updated 10/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : TomandLisa - TOMANDLISA-PC
# Running from : C:\Users\TomandLisa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZXWDEQYQ\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\AVG Security Toolbar
[#] Folder Deleted : C:\ProgramData\BitGuard
[#] Folder Deleted : C:\ProgramData\Browser Manager
[#] Folder Deleted : C:\ProgramData\BrowserProtect
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\Program Files (x86)\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\Dealio Toolbar
Folder Deleted : C:\Program Files (x86)\iWin
Folder Deleted : C:\Program Files (x86)\MyPC Backup
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\Common Files\Spigot
Folder Deleted : C:\Program Files\Level Quality Watcher
Folder Deleted : C:\Users\TomandLisa\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\TomandLisa\AppData\Local\AVG Security Toolbar
Folder Deleted : C:\Users\TomandLisa\AppData\Local\Conduit
Folder Deleted : C:\Users\TomandLisa\AppData\Local\iWin
Folder Deleted : C:\Users\TomandLisa\AppData\Local\torch
Folder Deleted : C:\Users\TomandLisa\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\TomandLisa\AppData\LocalLow\AVG Security Toolbar
Folder Deleted : C:\Users\TomandLisa\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\TomandLisa\AppData\LocalLow\Dealio
Folder Deleted : C:\Users\TomandLisa\AppData\LocalLow\iWin
Folder Deleted : C:\Users\TomandLisa\AppData\LocalLow\Search Settings
Folder Deleted : C:\Users\TomandLisa\AppData\Roaming\Mozilla\Firefox\Profiles\kf1zhoy5.default\Conduit
Folder Deleted : C:\Users\TomandLisa\AppData\Roaming\Mozilla\Firefox\Profiles\kf1zhoy5.default\ConduitEngine
Folder Deleted : C:\Users\TomandLisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
File Deleted : C:\Users\TomandLisa\AppData\Roaming\Mozilla\Firefox\Profiles\kf1zhoy5.default\searchplugins\Ask.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\Ask.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\Ask.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml
File Deleted : C:\Users\TomandLisa\AppData\Roaming\Mozilla\Firefox\Profiles\kf1zhoy5.default\searchplugins\Conduit.xml
File Deleted : C:\Users\TomandLisa\AppData\Roaming\Mozilla\Firefox\Profiles\kf1zhoy5.default\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKCU\Software\Classes\iLivid.torrent
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366126655}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3D86A75B-CB6B-4764-885D-CA6336F04BA2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{3D86A75B-CB6B-4764-885D-CA6336F04BA2}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366126655}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\installedbrowserextensions
Key Deleted : HKCU\Software\torch
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\AVG Security Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\Scorpion Saver
Key Deleted : HKCU\Software\AppDataLow\Software\Toolbar
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\GamesBarSetup
Key Deleted : HKLM\Software\ImInstaller
Key Deleted : HKLM\Software\torch
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : [x64] HKLM\SOFTWARE\Scorpion Saver
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [start Page]

-\\ Mozilla Firefox v25.0.1 (en-US)

[ File : C:\Users\TomandLisa\AppData\Roaming\Mozilla\Firefox\Profiles\kf1zhoy5.default\prefs.js ]

Line Deleted : user_pref("CT2866295..clientLogIsEnabled", true);



Line Deleted : user_pref("CT2866295.CT2866295", "CT2866295");
Line Deleted : user_pref("CT2866295.CurrentServerDate", "16-1-2011");
Line Deleted : user_pref("CT2866295.DialogsAlignMode", "LTR");
Line Deleted : user_pref("CT2866295.DialogsGetterLastCheckTime", "Sat Jan 15 2011 21:34:22 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT2866295.DownloadReferralCookieData", "");
Line Deleted : user_pref("CT2866295.EnableSearchHistory", false);
Line Deleted : user_pref("CT2866295.EnableSearchSuggest", false);
Line Deleted : user_pref("CT2866295.ExternalComponentPollDate129363730260381540", "Sat Jan 15 2011 21:34:21 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT2866295.FirstServerDate", "16-1-2011");
Line Deleted : user_pref("CT2866295.FirstTime", true);
Line Deleted : user_pref("CT2866295.FirstTimeFF3", true);
Line Deleted : user_pref("CT2866295.FixPageNotFoundErrors", false);
Line Deleted : user_pref("CT2866295.GroupingServerCheckInterval", 1440);

Line Deleted : user_pref("CT2866295.HasUserGlobalKeys", true);
Line Deleted : user_pref("CT2866295.Initialize", true);
Line Deleted : user_pref("CT2866295.InitializeCommonPrefs", true);
Line Deleted : user_pref("CT2866295.InstallationAndCookieDataSentCount", 1);
Line Deleted : user_pref("CT2866295.InstalledDate", "Sat Jan 15 2011 21:34:22 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT2866295.IsGrouping", false);
Line Deleted : user_pref("CT2866295.IsMulticommunity", false);
Line Deleted : user_pref("CT2866295.IsOpenThankYouPage", true);
Line Deleted : user_pref("CT2866295.IsOpenUninstallPage", true);
Line Deleted : user_pref("CT2866295.LanguagePackLastCheckTime", "Sat Jan 15 2011 21:34:22 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT2866295.LanguagePackReloadIntervalMM", 1440);

Line Deleted : user_pref("CT2866295.LastLogin_3.3.0.19", "Sat Jan 15 2011 21:34:21 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT2866295.LatestVersion", "3.2.5.2");
Line Deleted : user_pref("CT2866295.Locale", "en");
Line Deleted : user_pref("CT2866295.MCDetectTooltipHeight", "83");
Line Deleted : user_pref("CT2866295.MCDetectTooltipShow", false);

Line Deleted : user_pref("CT2866295.MCDetectTooltipWidth", "295");
Line Deleted : user_pref("CT2866295.SearchFromAddressBarIsInit", true);

Line Deleted : user_pref("CT2866295.SearchInNewTabEnabled", true);
Line Deleted : user_pref("CT2866295.SearchInNewTabIntervalMM", 1440);
Line Deleted : user_pref("CT2866295.SearchInNewTabLastCheckTime", "Sat Jan 15 2011 21:34:21 GMT-0500 (Eastern Standard Time)");


Line Deleted : user_pref("CT2866295.ServiceMapLastCheckTime", "Sat Jan 15 2011 21:34:21 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT2866295.SettingsLastCheckTime", "Sat Jan 15 2011 21:34:21 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT2866295.SettingsLastUpdate", "1294239661");
Line Deleted : user_pref("CT2866295.ThirdPartyComponentsInterval", 504);
Line Deleted : user_pref("CT2866295.ThirdPartyComponentsLastCheck", "Sat Jan 15 2011 21:34:21 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT2866295.ThirdPartyComponentsLastUpdate", "1246790578");

Line Deleted : user_pref("CT2866295.UserID", "UN39073908510161762");
Line Deleted : user_pref("CT2866295.ValidationData_Toolbar", 0);
Line Deleted : user_pref("CT2866295.alertChannelId", "1258292");
Line Deleted : user_pref("CT2866295.approveUntrustedApps", true);
Line Deleted : user_pref("CT2866295.globalFirstTimeInfoLastCheckTime", "Sat Jan 15 2011 21:34:22 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT2866295.isAppTrackingManagerOn", false);
Line Deleted : user_pref("CT2866295.myStuffEnabled", true);
Line Deleted : user_pref("CT2866295.myStuffPublihserMinWidth", 400);

Line Deleted : user_pref("CT2866295.myStuffServiceIntervalMM", 1440);

Line Deleted : user_pref("CT2866295.testingCtid", "");
Line Deleted : user_pref("CT2866295.toolbarAppMetaDataLastCheckTime", "Sat Jan 15 2011 21:34:21 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT2866295.toolbarContextMenuLastCheckTime", "Sat Jan 15 2011 21:34:22 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT2866295.usagesFlag", 2);
Line Deleted : user_pref("CommunityToolbar.CantToolbarBeEngineOwner", "");
Line Deleted : user_pref("CommunityToolbar.ConduitSearchList", "Coupons.com Customized Web Search");





















Line Deleted : user_pref("CommunityToolbar.EngineOwner", "CT2866295");
Line Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "{b9d63c58-90cc-428b-8d3b-cbb88eb07e7e}");
Line Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "elf_1.15");
Line Deleted : user_pref("CommunityToolbar.IsEngineShown", false);
Line Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);

Line Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.5.1.1");
Line Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2866295");
Line Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{b9d63c58-90cc-428b-8d3b-cbb88eb07e7e}");
Line Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "elf_1.15");

Line Deleted : user_pref("CommunityToolbar.ToolbarsList", "ConduitEngine,CT2866295");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2866295");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList4", "");
Line Deleted : user_pref("CommunityToolbar.alert.alertEnabled", false);
Line Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 60);
Line Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sat Jan 15 2011 21:34:28 GMT-0500 (Eastern Standard Time)");

Line Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Line Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Line Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sat Jan 22 2011 14:19:50 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1291052234");
Line Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);

Line Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Line Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Line Deleted : user_pref("CommunityToolbar.alert.userId", "9105452c-6488-455e-8a22-d4ea8b88f040");
Line Deleted : user_pref("CommunityToolbar.globalUserId", "184a01f4-7050-4ded-8a66-685b9e03fed8");
Line Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Line Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Line Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2559647");
Line Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sat Aug 06 2011 13:28:20 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 60);
Line Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Sat Aug 06 2011 13:28:28 GMT-0400 (Eastern Daylight Time)");

Line Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Line Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Line Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Sat Aug 06 2011 13:28:18 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1305622559");
Line Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);

Line Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Line Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Line Deleted : user_pref("CommunityToolbar.notifications.userId", "9651f126-b9c6-4d7b-8ea8-27e5e88d52d9");
Line Deleted : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Sat Jan 15 2011 21:34:23 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("ConduitEngine.FirstServerDate", "01/16/2011 05");
Line Deleted : user_pref("ConduitEngine.FirstTime", true);
Line Deleted : user_pref("ConduitEngine.FirstTimeFF3", true);
Line Deleted : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Line Deleted : user_pref("ConduitEngine.HideEngineAfterRestart", true);
Line Deleted : user_pref("ConduitEngine.Initialize", true);
Line Deleted : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Line Deleted : user_pref("ConduitEngine.InstalledDate", "Sat Jan 15 2011 21:34:23 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("ConduitEngine.IsMulticommunity", false);
Line Deleted : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Line Deleted : user_pref("ConduitEngine.IsOpenUninstallPage", true);
Line Deleted : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Sat Jan 15 2011 21:34:21 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("ConduitEngine.LastLogin_3.3.0.19", "Sat Jan 15 2011 21:34:21 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("ConduitEngine.PublisherContainerWidth", 0);
Line Deleted : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Line Deleted : user_pref("ConduitEngine.SettingsLastCheckTime", "Sat Jan 15 2011 21:34:21 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("ConduitEngine.UserID", "UN92532422627214385");
Line Deleted : user_pref("ConduitEngine.engineLocale", "en-US");
Line Deleted : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Sat Jan 15 2011 21:34:21 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Sat Jan 15 2011 21:34:21 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("ConduitEngine.initDone", true);
Line Deleted : user_pref("ConduitEngine.isAppTrackingManagerOn", false);
Line Deleted : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\12.2.5.34");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "Coupons.com Customized Web Search");

Line Deleted : user_pref("browser.search.order.1", "Ask.com");
Line Deleted : user_pref("extensions.crossrider.bic", "142e1b87f22b0e305e5605a6a4d8c4a7");
Line Deleted : user_pref("extensions.gamesbar.msnus.config.partner_logo", "iVBORw0KGgoAAAANSUhEUgAAAF8AAAAYCAYAAACcESEhAAAABGdBTUEAALGOfPtRkwAAACBjSFJNAACHDwAAjA8AAP1SAACBQAAAfXkAAOmLAAA85QAAGcxzPIV3AAAKOWlDQ1BQaG90[...]

-\\ Google Chrome v

[ File : C:\Users\TomandLisa\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : search_url

*************************

AdwCleaner[R0].txt - [29013 octets] - [12/12/2013 09:20:32]
AdwCleaner[R1].txt - [29074 octets] - [12/12/2013 20:53:19]
AdwCleaner[s0].txt - [28870 octets] - [13/12/2013 08:25:46]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [28931 octets] ##########

 

 

SystemLook 30.07.11 by jpshortstuff
Log created at 08:46 on 13/12/2013 by TomandLisa
Administrator - Elevation successful

Invalid Context: filefind*adpeak*Adpeak.**Scorpion*Scopion.*:folderfind*Scorpion**adpeak*:regfind*Scorpion*Scorpion*adpeak*adpeak

-= EOF =-
 

AdwCleanerS0.txt

SystemLook.txt

Link to post
Share on other sites

Did you run Malwarebytes? can you post that log.

 

System Look appears to have been scripted incorrectly, you must start with and include the colon before filefind, like so :filefind

 

So paste the following script into the text field one more time in System look:

:filefind*adpeak*Adpeak.**Scorpion*Scopion.*:folderfind*Scorpion**adpeak*:regfind*Scorpion*Scorpion*adpeak*adpeak

Make sure to include the colon before filefind. Post that log..

Link to post
Share on other sites

This is how I entered in system look    :filefind*adpeak*Adpeak.**Scorpion*Scorpion.*.folderfind*Scorpion**adpeak.regfind*Scorpion*Scorpion*adpeak*adpeak

 

Ok I will try again. here is the full scan from malwarebytes and system look

 

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.13.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
TomandLisa :: TOMANDLISA-PC [administrator]

Protection: Enabled

12/13/2013 4:30:55 PM
mbam-log-2013-12-13 (16-30-55).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 414088
Time elapsed: 1 hour(s), 27 minute(s), 2 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

 

SystemLook 30.07.11 by jpshortstuff
Log created at 21:13 on 13/12/2013 by TomandLisa
Administrator - Elevation successful

Invalid Context: filefind*adpeak*Adpeak.**Scorpion*Scorpion.*.folderfind*Scorpion**adpeak.regfind*Scorpion*Scorpion*adpeak*adpeak

-= EOF =-      I did put the colon before filefind but this is how it came out

 

Link to post
Share on other sites

Yo must either type or copy and paste the script as listed in the code box, do not put as a sentence, put as a list...

:filefind*adpeak*Adpeak.**Scorpion*Scopion.*:folderfind*Scorpion**adpeak*:regfind*Scorpion*Scorpion*adpeak*adpeak. 

So you will start with :filefind after that each following entry will go underneath so you finish with a list, not a sentence. Okey dokey..... ;)

Link to post
Share on other sites

Oooh ok got it. Here it is but when I click on something in my browser an ad pops up in a new tab or window.

 

 

 

 

SystemLook 30.07.11 by jpshortstuff
Log created at 09:16 on 14/12/2013 by TomandLisa
Administrator - Elevation successful

========== filefind ==========

Searching for "*adpeak*"
C:\Windows\System32\AdpeakProxy64.dll    --a---- 439296 bytes    [20:53 27/11/2013]    [15:18 16/10/2013] 78857BF5996E9BC8E82C1B671CBF85E6

Searching for "Adpeak.*"
No files found.

Searching for "*Scorpion*"
C:\Users\TomandLisa\AppData\Local\Programs\Google\MusicManager\Pink Floyd\Pink Floyd\04 Scorpions.mp3    --a---- 5949060 bytes    [19:24 28/01/2012]    [19:24 28/01/2012] 24E9EEC179B6EC0B1DC6CBD5888E2EA8
C:\Users\TomandLisa\Music\Pink Floyd\Pink Floyd\04 Scorpions.wma    --a---- 5987671 bytes    [22:27 15/01/2011]    [16:59 31/10/2009] 78C41F3C3E313B041820ECDE515348F2

Searching for "Scopion.*"
No files found.

========== folderfind ==========

Searching for "*Scorpion*"
C:\Users\TomandLisa\AppData\Local\Programs\Google\MusicManager\Scorpions    d------    [15:39 28/01/2012]
C:\Users\TomandLisa\AppData\Local\Programs\Google\MusicManager\Scorpions\Bad For Good_ The Very Best Of Scorpions    d------    [15:39 28/01/2012]
C:\Users\TomandLisa\Music\Scorpions    d------    [00:35 02/07/2011]

Searching for "*adpeak*"
No folders found.

========== regfind ==========

Searching for "*Scorpion*"
No data found.

Searching for "Scorpion"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\8BA5CD9129705784F8B198C6A5C96EEA\SourceList]
"PackageName"="scorpionsaver_20131010.msi"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SOFTWARE\Wow6432Node\CLSID\422332B5]
@="ScorpionSaver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SOFTWARE\Wow6432Node\CLSID\422332B5\InProcServer32]
@="C:\Program Files(x86)\ScorpionSaver\IECore.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SOFTWARE\Wow6432Node\CLSID\422332B5-F3A6-47F6-93EF-792299EF24DC]
@="ScorpionSaver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SOFTWARE\Wow6432Node\CLSID\422332B5-F3A6-47F6-93EF-792299EF24DC\InProcServer32]
@="C:\Program Files(x86)\ScorpionSaver\IECore.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CD07F81309AB63E4D8592E422645EB73]
"8BA5CD9129705784F8B198C6A5C96EEA"="01:\Software\AppDataLow\Software\ScorpionSaver\key"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Scorpion Saver]
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Scorpion Saver]

Searching for "*adpeak*"
No data found.

Searching for "adpeak"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8BA5CD9129705784F8B198C6A5C96EEA\InstallProperties]
"Publisher"="Adpeak, Inc."

-= EOF =-

Link to post
Share on other sites

Download OTM from either of the following links and save to your Desktop: (If your security alerts to OTM, either accept the alert or turn off security to allow OTM to run)

http://oldtimer.geekstogo.com/OTM.exe.
http://www.itxassociates.com/OT-Tools/OTM.com
http://www.itxassociates.com/OT-Tools/OTM.exe  

Double click OTM.exe to start the tool. Vista or Windows 7 users accepy UAC alert. Be aware all processes will be stopped during run, also Desktop will disappear, this will be put back on completion.... If your security alerts to OTM either, accept the alert or turn off security until OTM completes...

  • Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy). Ensure to start with and include the colon before Reg :Reg

    :Reg[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\8BA5CD9129705784F8B198C6A5C96EEA][-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SOFTWARE\Wow6432Node\CLSID\422332B5][-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SOFTWARE\Wow6432Node\CLSID\422332B5-F3A6-47F6-93EF-792299EF24DC][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CD07F81309AB63E4D8592E422645EB73]"8BA5CD9129705784F8B198C6A5C96EEA"=-[-HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Scorpion Saver][-HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Scorpion Saver][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8BA5CD9129705784F8B198C6A5C96EEA][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CD07F81309AB63E4D8592E422645EB73]:Filesipconfig /flushdns /cC:\Windows\System32\AdpeakProxy64.dllC:\Program Files(x86)\ScorpionSaver:Commands[EmptyTemp]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red btnmoveit.png button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM


Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.