Jump to content

Scorpion Saver - Tried Numerous Removal Methods Still Infected


enders7

Recommended Posts

So I've  been infected with Scorpion Saver and have tried numerous ways to get it off of my computer, but the sucker is still popping up. I need someone to help me beat this. I spent 6 hours on Saturday and another 3 hours tonight and I can't get this thing to get off my computer. HELP!!!! :(

Link to post
Share on other sites

Welcome to the forum, first.....try to uninstall it from your add/remove programs.

Then........

Lets clean out any adware/spyware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

Make sure you click on download buttons that look similar to this, not "sponsored ad links":

bleep-crop.jpg

  • Double click on AdwCleaner.exe to run the tool.

    Vista/Windows 7/8 users right-click and select Run As Administrator

  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
Next..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Next........

Clean out temp files by using disk cleanup or.........

Download, install and run CCleaner free to clean out temp files.

Here's a Tutorial if needed.

You may want to uncheck "cookies" and please stay away from the registry cleaner.

Last......

Please download Farbar Recovery Scan Tool and save it to a folder. (use correct version for your system.....Which system am I using?)

Please make sure you click download buttons that look similar to this, not "sponsored ad links":

bleep-crop.jpg

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
  • MrC
Link to post
Share on other sites

Ran the AdwCleaner tool and the following is the log I received:

 

 AdwCleaner v3.015 - Report created 11/12/2013 at 22:32:50
# Updated 10/12/2013 by Xplode
# Operating System : Windows Vista Home Premium  (32 bits)
# Username : Ryan - HOME-PC
# Running from : C:\Users\Ryan\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\Program Files\Level Quality Watcher
Folder Deleted : C:\Program Files\MyPC Backup
Folder Deleted : C:\Program Files\Common Files\Software Update Utility
File Deleted : C:\END
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKCU\Software\Adpeak, Inc.
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Scorpion Saver
Key Deleted : HKLM\Software\InfoAtoms
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.6001.18904
 
 
-\\ Google Chrome v31.0.1650.63
 
[ File : C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [5160 octets] - [11/12/2013 22:30:37]
AdwCleaner[s0].txt - [5189 octets] - [11/12/2013 22:32:50]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [5249 octets] ##########
Link to post
Share on other sites

OK here is the "Frst.txt" from Farbar:

 

can result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-12-2013
Ran by Ryan (administrator) on HOME-PC on 11-12-2013 22:55:00
Running from C:\Users\Ryan\Downloads
Microsoft® Windows Vista™ Home Premium  (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
 
==================== Processes (Whitelisted) ===================
 
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
(CyberLink Corp.) C:\Program Files\Dell\MediaDirect\PCMService.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtcmd.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(AOL LLC) C:\Program Files\AIM\aim.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Avanquest Software ) C:\Program Files\Digital Line Detect\DLG.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\2.1.121\SSScheduler.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Andrea Electronics Corporation) C:\Windows\System32\AEstSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files\Norton 360\Engine\5.2.2.3\ccsvchst.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtsvc.exe
(IDT, Inc.) C:\Windows\System32\stacsv.exe
(Symantec Corporation) C:\Program Files\Norton 360\Engine\5.2.2.3\ccsvchst.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1006264 2008-05-02] (Microsoft Corporation)
HKLM\...\Run: [ECenter] - C:\DELL\E-Center\EULALauncher.exe [17920 2008-02-28] ( )
HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [159744 2007-09-24] (Alps Electric Co., Ltd.)
HKLM\...\Run: [sigmatelSysTrayApp] - C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe [405504 2008-01-01] (IDT, Inc.)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [Google Desktop Search] - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-08-31] (Google)
HKLM\...\Run: [PCMService] - C:\Program Files\Dell\MediaDirect\PCMService.exe [184320 2007-12-21] (CyberLink Corp.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [417792 2009-11-10] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [141600 2009-11-12] (Apple Inc.)
HKLM\...\Run: [DellSupportCenter] - "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
HKLM\...\Run: [dscactivate] - C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [16384 2008-03-11] ( )
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-06-06] (Adobe Systems Incorporated)
HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\hpwuschd2.exe [49208 2011-03-24] (Hewlett-Packard)
HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Winlogon: [shell]  [x ] () <=== ATTENTION
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
HKCU\...\Run: [DellSupportCenter] - "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
HKCU\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2008-05-02] (Google Inc.)
HKCU\...\Run: [Aim] - C:\Program Files\AIM\aim.exe [3634024 2009-10-01] (AOL LLC)
HKCU\...\Run: [HP Photosmart 5510 series (NET)] - C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe [1801064 2011-05-25] (Hewlett-Packard Co.)
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [125440 2006-11-02] (Microsoft Corporation)
HKCU\...\Run: [GoogleChromeAutoLaunch_530306471311B0DB2757A99884EC74AF] - C:\Program Files\Google\Chrome\Application\chrome.exe [863184 2013-12-03] (Google Inc.)
MountPoints2: {eba51b7e-a9ba-11e2-8dbe-001d09da0e7e} - F:\Ferrari_California.exe
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
AppInit_DLLs: C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [ 2010-08-31] (Google)
Startup: C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 5510 series (Network).lnk
ShortcutTarget: Monitor Ink Alerts - HP Photosmart 5510 series (Network).lnk -> C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {345C0030-7A07-44BB-973C-D98A2BA71A09} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=1C210C96-53D9-4F5A-BA79-CA067FFC0340&apn_sauid=4DE9EDC5-5FBD-4892-8417-DD64CB0D00DF
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\5.2.2.3\ips\ipsbho.dll (Symantec Corporation)
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [147456] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
Chrome: 
=======
CHR DefaultSearchKeyword: google.com
CHR DefaultSearchProvider: Google
CHR DefaultSearchURL: {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultNewTabURL: {google:baseURL}_/chrome/newtab?{google:RLZ}{google:instantExtendedEnabledParameter}{google:ntpIsThemedParameter}ie={inputEncoding}
CHR Extension: (Google Docs) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Google Wallet) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_1
CHR Extension: (Gmail) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
 
========================== Services (Whitelisted) =================
 
R2 Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [144672 2009-08-28] (Apple Inc.)
S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-08-31] (Google)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\2.1.121\McCHSvc.exe [227232 2010-09-03] (McAfee, Inc.)
R2 N360; C:\Program Files\Norton 360\Engine\5.2.2.3\diMaster.dll [262584 2011-03-31] (Symantec Corporation)
R2 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968 2008-08-14] (SupportSoft, Inc.)
 
==================== Drivers (Whitelisted) ====================
 
R1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20131203.001\BHDrvx86.sys [1098968 2013-12-03] (Symantec Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-11-21] (Symantec Corporation)
R1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20131210.001\IDSvix86.sys [393816 2013-10-29] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2013-12-11] (Malwarebytes Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20131207.008\NAVENG.SYS [93272 2013-12-03] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20131207.008\NAVEX15.SYS [1612376 2013-12-03] (Symantec Corporation)
R0 SMR410; C:\Windows\System32\drivers\SMR410.SYS [98392 2013-12-11] (Symantec Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\N360\0502020.003\SRTSP.SYS [516216 2011-03-30] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360\0502020.003\SRTSPX.SYS [50168 2011-03-30] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360\0502020.003\SYMDS.SYS [340088 2011-01-27] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360\0502020.003\SYMEFA.SYS [744568 2011-03-14] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [126584 2012-02-14] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360\0502020.003\Ironx86.SYS [136312 2011-01-27] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\System32\Drivers\N360\0502020.003\SYMTDIV.SYS [331384 2011-04-20] (Symantec Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 SYMFW; \SystemRoot\System32\Drivers\N360\0308030.006\SYMFW.SYS [x]
S3 SYMNDISV; \SystemRoot\System32\Drivers\N360\0308030.006\SYMNDISV.SYS [x]
S3 vna_ap; system32\DRIVERS\vnaap.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-12-11 22:55 - 2013-12-11 22:55 - 00014757 _____ C:\Users\Ryan\Downloads\FRST.txt
2013-12-11 22:54 - 2013-12-11 22:54 - 00000000 ____D C:\FRST
2013-12-11 22:52 - 2013-12-11 22:52 - 01060135 _____ (Farbar) C:\Users\Ryan\Downloads\FRST.exe
2013-12-11 22:37 - 2013-12-11 22:38 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2013-12-11 22:29 - 2013-12-11 22:32 - 00000000 ____D C:\AdwCleaner
2013-12-11 22:28 - 2013-12-11 22:28 - 01226802 _____ C:\Users\Ryan\Downloads\AdwCleaner.exe
2013-12-11 22:15 - 2013-12-11 22:22 - 00000000 ____D C:\Users\Ryan\AppData\Local\NPE
2013-12-11 22:15 - 2013-12-11 22:15 - 00098392 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SMR410.SYS
2013-12-11 22:15 - 2013-12-11 22:15 - 00000000 ____D C:\ProgramData\SMR410
2013-12-11 22:14 - 2013-12-11 22:15 - 03053496 ____N (Symantec Corporation) C:\Users\Ryan\Downloads\NPE.exe
2013-12-08 20:22 - 2013-12-08 20:22 - 04618136 _____ (Piriform Ltd) C:\Users\Ryan\Downloads\ccsetup408.exe
2013-12-08 20:22 - 2013-12-08 20:22 - 00000806 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-12-08 20:22 - 2013-12-08 20:22 - 00000000 ____D C:\Program Files\CCleaner
2013-12-08 20:09 - 2013-12-08 20:09 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\Ryan\Downloads\rkill (1).com
2013-12-08 20:08 - 2013-12-08 20:08 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\Ryan\Downloads\iExplore (1).exe
2013-12-08 20:07 - 2013-12-08 20:08 - 00666568 _____ (Zip Opener Technologies) C:\Users\Ryan\Downloads\ZipOpenerSetup.exe
2013-12-08 20:04 - 2013-12-08 20:05 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\Ryan\Downloads\rkill.exe
2013-12-08 19:43 - 2013-12-08 19:45 - 10284816 _____ (Malwarebytes Corporation                                    ) C:\Users\Ryan\Downloads\mbam-setup.exe
2013-12-08 19:42 - 2013-12-08 19:42 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\Ryan\Downloads\rkill.com
2013-12-08 19:37 - 2013-12-08 20:10 - 00002840 _____ C:\Users\Ryan\Desktop\Rkill.txt
2013-12-08 19:36 - 2013-12-08 19:37 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\Ryan\Downloads\iExplore.exe
2013-12-08 14:27 - 2013-12-08 19:46 - 00000908 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-08 14:27 - 2013-12-08 19:46 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-12-08 14:27 - 2013-12-08 14:27 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Malwarebytes
2013-12-08 14:27 - 2013-12-08 14:27 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-08 14:27 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-12-08 14:26 - 2013-12-08 14:26 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Ryan\Downloads\mbam-setup-1.75.0.1300.exe
2013-12-05 22:13 - 2013-12-05 22:13 - 00011062 _____ C:\Users\Ryan\Desktop\Transaction - Explorer.xlsx
2013-12-04 22:04 - 2013-12-04 22:04 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Tific
2013-12-04 22:04 - 2013-12-04 22:04 - 00000000 ____D C:\Users\Ryan\AppData\Local\Symantec
2013-12-02 20:19 - 2013-12-08 10:55 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-12-02 20:19 - 2013-12-02 20:19 - 00000000 ____D C:\ProgramData\Oracle
2013-12-02 20:19 - 2013-12-02 20:19 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2013-12-02 20:19 - 2013-10-08 07:50 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-12-02 20:19 - 2013-10-08 07:46 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-12-02 20:19 - 2013-10-08 07:46 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-12-02 20:19 - 2013-10-08 07:46 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-12-02 20:18 - 2013-12-02 20:19 - 00005509 _____ C:\Windows\system32\jupdate-1.7.0_45-b18.log
2013-11-21 21:11 - 2013-11-21 21:30 - 00000000 ____D C:\Users\Ryan\Desktop\Wedding Finalists
2013-11-21 21:08 - 2013-11-21 21:10 - 00008991 _____ C:\Users\Ryan\Documents\Wedding Photo Numbered.xlsx
2013-11-18 21:08 - 2013-12-04 21:39 - 00001973 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-11-18 21:06 - 2013-11-18 21:06 - 00819176 _____ (Google Inc.) C:\Users\Ryan\Downloads\ChromeSetup.exe
2013-11-17 22:50 - 2013-11-17 22:50 - 00894600 _____ (CNET Download.com) C:\Users\Ryan\Downloads\cbsidlm-cbsi134-Free_MKV_Player-SEO-75914004 (1).exe
2013-11-17 22:48 - 2013-11-17 22:48 - 08273920 _____ C:\Users\Ryan\Downloads\freemkvplayer-setup.msi
2013-11-17 22:47 - 2013-11-17 22:47 - 00894600 _____ (CNET Download.com) C:\Users\Ryan\Downloads\cbsidlm-cbsi134-Free_MKV_Player-SEO-75914004.exe
2013-11-17 22:32 - 2010-12-01 20:51 - 2455347200 _____ C:\Users\Ryan\Desktop\Despicable Me (2010).avi
2013-11-17 22:23 - 2013-11-17 22:30 - 00000000 ____D C:\Users\Ryan\Desktop\Insanity
 
==================== One Month Modified Files and Folders =======
 
2013-12-11 22:55 - 2013-12-11 22:55 - 00014757 _____ C:\Users\Ryan\Downloads\FRST.txt
2013-12-11 22:54 - 2013-12-11 22:54 - 00000000 ____D C:\FRST
2013-12-11 22:52 - 2013-12-11 22:52 - 01060135 _____ (Farbar) C:\Users\Ryan\Downloads\FRST.exe
2013-12-11 22:38 - 2013-12-11 22:37 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2013-12-11 22:38 - 2008-05-02 02:13 - 02029902 ____N C:\Windows\WindowsUpdate.log
2013-12-11 22:34 - 2013-03-09 10:47 - 00000878 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-11 22:34 - 2006-11-02 08:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-11 22:34 - 2006-11-02 07:47 - 00003472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-11 22:34 - 2006-11-02 07:47 - 00003472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-11 22:33 - 2006-11-02 08:01 - 00032538 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-12-11 22:32 - 2013-12-11 22:29 - 00000000 ____D C:\AdwCleaner
2013-12-11 22:28 - 2013-12-11 22:28 - 01226802 _____ C:\Users\Ryan\Downloads\AdwCleaner.exe
2013-12-11 22:22 - 2013-12-11 22:15 - 00000000 ____D C:\Users\Ryan\AppData\Local\NPE
2013-12-11 22:19 - 2013-03-09 10:47 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-11 22:17 - 2012-09-11 19:14 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-11 22:15 - 2013-12-11 22:15 - 00098392 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SMR410.SYS
2013-12-11 22:15 - 2013-12-11 22:15 - 00000000 ____D C:\ProgramData\SMR410
2013-12-11 22:15 - 2013-12-11 22:14 - 03053496 ____N (Symantec Corporation) C:\Users\Ryan\Downloads\NPE.exe
2013-12-11 22:15 - 2011-02-12 08:52 - 00000000 ____D C:\ProgramData\Norton
2013-12-11 22:01 - 2012-03-04 10:54 - 00000254 _____ C:\Windows\Tasks\HP Photo Creations Messager.job
2013-12-11 22:00 - 2012-09-11 19:14 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-12-11 22:00 - 2012-09-11 19:14 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-12-08 20:32 - 2009-12-18 07:02 - 00000000 ____D C:\Windows\Minidump
2013-12-08 20:32 - 2006-11-10 08:22 - 00000000 ____D C:\Windows\Panther
2013-12-08 20:22 - 2013-12-08 20:22 - 04618136 _____ (Piriform Ltd) C:\Users\Ryan\Downloads\ccsetup408.exe
2013-12-08 20:22 - 2013-12-08 20:22 - 00000806 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-12-08 20:22 - 2013-12-08 20:22 - 00000000 ____D C:\Program Files\CCleaner
2013-12-08 20:10 - 2013-12-08 19:37 - 00002840 _____ C:\Users\Ryan\Desktop\Rkill.txt
2013-12-08 20:09 - 2013-12-08 20:09 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\Ryan\Downloads\rkill (1).com
2013-12-08 20:08 - 2013-12-08 20:08 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\Ryan\Downloads\iExplore (1).exe
2013-12-08 20:08 - 2013-12-08 20:07 - 00666568 _____ (Zip Opener Technologies) C:\Users\Ryan\Downloads\ZipOpenerSetup.exe
2013-12-08 20:05 - 2013-12-08 20:04 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\Ryan\Downloads\rkill.exe
2013-12-08 19:46 - 2013-12-08 14:27 - 00000908 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-08 19:46 - 2013-12-08 14:27 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-12-08 19:45 - 2013-12-08 19:43 - 10284816 _____ (Malwarebytes Corporation                                    ) C:\Users\Ryan\Downloads\mbam-setup.exe
2013-12-08 19:42 - 2013-12-08 19:42 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\Ryan\Downloads\rkill.com
2013-12-08 19:37 - 2013-12-08 19:36 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\Ryan\Downloads\iExplore.exe
2013-12-08 16:07 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\Registration
2013-12-08 14:27 - 2013-12-08 14:27 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Malwarebytes
2013-12-08 14:27 - 2013-12-08 14:27 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-08 14:26 - 2013-12-08 14:26 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Ryan\Downloads\mbam-setup-1.75.0.1300.exe
2013-12-08 13:05 - 2009-11-18 16:27 - 00000000 ____D C:\Users\Ryan\AppData\Local\Adobe
2013-12-08 12:42 - 2013-07-13 11:04 - 00000000 ____D C:\Budget
2013-12-08 10:55 - 2013-12-02 20:19 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-12-08 10:50 - 2009-11-12 18:48 - 00002585 _____ C:\Users\Ryan\Desktop\Microsoft Office Excel 2007.lnk
2013-12-05 22:13 - 2013-12-05 22:13 - 00011062 _____ C:\Users\Ryan\Desktop\Transaction - Explorer.xlsx
2013-12-04 22:04 - 2013-12-04 22:04 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Tific
2013-12-04 22:04 - 2013-12-04 22:04 - 00000000 ____D C:\Users\Ryan\AppData\Local\Symantec
2013-12-04 21:39 - 2013-11-18 21:08 - 00001973 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-12-04 20:58 - 2010-07-12 19:54 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Skype
2013-12-02 20:32 - 2009-11-24 16:22 - 00000000 ____D C:\Users\Ryan\AppData\Local\Apple Computer
2013-12-02 20:19 - 2013-12-02 20:19 - 00000000 ____D C:\ProgramData\Oracle
2013-12-02 20:19 - 2013-12-02 20:19 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2013-12-02 20:19 - 2013-12-02 20:18 - 00005509 _____ C:\Windows\system32\jupdate-1.7.0_45-b18.log
2013-12-02 20:19 - 2008-05-02 02:21 - 00000000 ____D C:\Program Files\Java
2013-12-02 20:19 - 2008-05-02 02:21 - 00000000 ____D C:\Program Files\Common Files\Java
2013-11-21 21:30 - 2013-11-21 21:11 - 00000000 ____D C:\Users\Ryan\Desktop\Wedding Finalists
2013-11-21 21:10 - 2013-11-21 21:08 - 00008991 _____ C:\Users\Ryan\Documents\Wedding Photo Numbered.xlsx
2013-11-19 20:38 - 2009-11-12 16:41 - 00000000 ____D C:\Users\Ryan\AppData\Local\Google
2013-11-18 21:07 - 2008-05-02 02:33 - 00000000 ____D C:\Program Files\Google
2013-11-18 21:06 - 2013-11-18 21:06 - 00819176 _____ (Google Inc.) C:\Users\Ryan\Downloads\ChromeSetup.exe
2013-11-18 19:19 - 2006-11-02 06:18 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2013-11-18 19:01 - 2012-03-04 10:54 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Mozilla
2013-11-17 22:50 - 2013-11-17 22:50 - 00894600 _____ (CNET Download.com) C:\Users\Ryan\Downloads\cbsidlm-cbsi134-Free_MKV_Player-SEO-75914004 (1).exe
2013-11-17 22:48 - 2013-11-17 22:48 - 08273920 _____ C:\Users\Ryan\Downloads\freemkvplayer-setup.msi
2013-11-17 22:47 - 2013-11-17 22:47 - 00894600 _____ (CNET Download.com) C:\Users\Ryan\Downloads\cbsidlm-cbsi134-Free_MKV_Player-SEO-75914004.exe
2013-11-17 22:44 - 2009-11-12 19:29 - 00038912 _____ C:\Users\Ryan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-11-17 22:36 - 2006-11-02 07:37 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-11-17 22:34 - 2009-11-12 16:41 - 00000946 _____ C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2013-11-17 22:30 - 2013-11-17 22:23 - 00000000 ____D C:\Users\Ryan\Desktop\Insanity
2013-11-17 22:25 - 2006-11-02 05:33 - 00688776 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-17 15:18 - 2008-05-02 02:29 - 00000000 ____D C:\ProgramData\Microsoft Help
 
Some content of TEMP:
====================
C:\Users\Ryan\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-12-11 22:41
 
==================== End Of Log ============================
Link to post
Share on other sites

Then the "Addition.txt" is as follows:

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-12-2013
Ran by Ryan at 2013-12-11 22:55:28
Running from C:\Users\Ryan\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
 
==================== Installed Programs ======================
 
 Update for Microsoft Office 2007 (KB2508958)
Adobe AIR (Version: 3.1.0.4880)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.170)
Adobe Flash Player 11 Plugin (Version: 11.9.900.152)
Adobe Reader X (10.1.1) (Version: 10.1.1)
AIM 7
AOL Install (Version: 1.0.0)
Apple Application Support (Version: 1.1.0)
Apple Mobile Device Support (Version: 2.6.0.32)
Apple Software Update (Version: 2.1.1.116)
Bonjour (Version: 1.0.106)
Broadcom Management Programs (Version: 10.15.03)
Browser Address Error Redirector (Version: 1.00.0000)
CCleaner (Version: 4.08)
Coupon Printer for Windows (Version: 5.0.0.0)
Dell DataSafe Online (Version: 1.0.21)
Dell Getting Started Guide (Version: 1.00.0000)
Dell Support Center (Support Software) (Version: 2.2.08335)
Dell Touchpad (Version: 7.1.102.7)
Digital Line Detect (Version: 1.21)
EarthLink Setup Files (Version: 2005.2.178.0.2.2)
Google Chrome (Version: 31.0.1650.63)
Google Desktop (Version: 5.9.1005.12335)
Google Drive (Version: 1.12.5329.1887)
Google Toolbar for Internet Explorer
Google Update Helper (Version: 1.3.22.3)
GoToAssist 8.0.0.514
HP Photo Creations (Version: 1.0.0.5192)
HP Photosmart 5510 series Basic Device Software (Version: 24.0.342.0)
HP Photosmart 5510 series Help (Version: 140.0.2.2)
HP Photosmart 5510 series Product Improvement Study (Version: 24.0.342.0)
HP Update (Version: 5.003.000.004)
Intel® PROSet/Wireless Software (Version: 11.01.0000)
Internet Service Offers Launcher (Version: 1.00.0000)
iTunes (Version: 9.0.2.25)
Java 7 Update 45 (Version: 7.0.450)
Java Auto Updater (Version: 2.1.9.8)
Java 6 Update 20 (Version: 6.0.200)
Java SE Runtime Environment 6 (Version: 1.6.0.0)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
McAfee Security Scan Plus (Version: 2.1.121.2)
mCore (Version: 9.24.0000)
MediaDirect (Version: 3.5)
mHelp (Version: 9.24.0000)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft VC9 runtime libraries (Version: 1.0.0)
mMHouse (Version: 9.24.0000)
Modem Diagnostic Tool (Version: 1.0.20.0)
Move Media Player
mPfMgr (Version: 9.24.0000)
Music, Photos & Videos Launcher (Version: 1.00.0000)
mWMI (Version: 9.24.0000)
NetWaiting (Version: 2.5.44)
NetZeroInstallers (Version: 1.0.0)
Norton 360 (Version: 5.2.2.3)
OutlookAddinSetup (Version: 1.0.0)
Product Documentation Launcher (Version: 1.00.0000)
QualxServ Service Agreement (Version: 1.11.0000)
QuickSet (Version: 8.2.14)
QuickTime (Version: 7.65.17.80)
Roxio Creator Audio (Version: 3.7.0)
Roxio Creator Copy (Version: 3.7.0)
Roxio Creator Data (Version: 3.7.0)
Roxio Creator DE (Version: 10.1)
Roxio Creator DE (Version: 3.7.0)
Roxio Creator Tools (Version: 3.7.0)
Roxio Express Labeler 3 (Version: 3.2.1)
Roxio Update Manager (Version: 6.0.0)
ScorpionSaver (Version: 1.0.0.0) <==== ATTENTION
Skype™ 6.3 (Version: 6.3.105)
Unity Web Player (HKCU Version: 2.6.1f3_31223)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
User's Guides
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
 
==================== Restore Points  =========================
 
15-09-2013 12:45:41 Windows Update
20-10-2013 13:18:25 Windows Update
21-10-2013 07:01:03 Windows Update
17-11-2013 20:17:28 Windows Update
18-11-2013 03:51:27 Installed Free MKV Player
19-11-2013 00:00:01 Removed Google Talk Plugin
19-11-2013 00:01:23 Removed ScorpionSaver
19-11-2013 00:04:05 Removed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
19-11-2013 00:16:14 Removed ScorpionSaver
19-11-2013 00:16:51 Removed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
03-12-2013 01:16:46 Installed Java 7 Update 45
05-12-2013 03:09:45 Removed ScorpionSaver Services
05-12-2013 03:10:34 Removed ScorpionSaver Services
05-12-2013 03:16:19 Removed Free MKV Player
05-12-2013 03:16:55 Removed ScorpionSaver
05-12-2013 03:19:05 Removed ScorpionSaver Services
05-12-2013 03:20:18 Removed Skype Call Recorder
08-12-2013 18:10:46 Removed ScorpionSaver
 
==================== Hosts content: ==========================
 
2006-11-02 05:23 - 2006-09-18 16:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {199B6D9D-3940-4BD0-A447-19AE1837CEE8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-03-09] (Google Inc.)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {277F90F2-396D-4492-9034-85DA8B4AFF0E} - System32\Tasks\HP Photo Creations Messager => C:\ProgramData\HP Photo Creations\MessageCheck.exe [2011-02-15] ()
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\System32\RacAgent.exe [2006-11-02] (Microsoft Corporation)
Task: {52699FB2-8A0A-4FC9-852F-E8FFAAC0F328} - System32\Tasks\Symantec\Norton Error Analyzer 5.2.2.3 => C:\Program Files\Norton 360\Engine\5.2.2.3\symerr.exe [2012-06-07] (Symantec Corporation)
Task: {7F3A7296-8AC2-4E7A-95BE-69E41D271938} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-03-09] (Google Inc.)
Task: {93A3647D-443B-4B80-8302-7F0C05508914} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Ryan => C:\Program Files\Windows Calendar\WinCal.exe [2008-05-02] (Microsoft Corporation)
Task: {9EB44560-63F6-4CA3-8294-048D3F7D340B} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {A728AE6B-5AB8-4223-AD3E-E6341441A01C} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => C:\Windows\System32\pla.dll [2006-11-02] (Microsoft Corporation)
Task: {A8DA03C8-CB77-4D1B-8588-3CAD866907B7} - System32\Tasks\Symantec\Norton Error Processor 5.2.2.3 => C:\Program Files\Norton 360\Engine\5.2.2.3\symerr.exe [2012-06-07] (Symantec Corporation)
Task: {AC451A62-B731-4F01-8884-142E3A821B2E} - System32\Tasks\HPCustParticipation HP Photosmart 5510 series => C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPCustPartic.exe [2011-05-25] (Hewlett-Packard Co.)
Task: {C8B71665-22DF-45FF-A7ED-40665EE1EB83} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-11-22] (Piriform Ltd)
Task: {E0756156-7B42-4B2D-BB77-AB7F1EDA61F6} - System32\Tasks\{F7341E99-9B4F-4DD8-895C-2FB6A6CB4423} => C:\Program Files\Skype\Phone\Skype.exe [2013-02-28] (Skype Technologies S.A.)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\System32\gatherWirelessInfo.vbs [2006-11-02] ()
Task: {F517890B-C9CB-4378-891B-670E41F93500} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11] (Adobe Systems Incorporated)
Task: {F801081C-D28B-4BA0-9FBC-CDBCB7786AF6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30] (Apple Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HP Photo Creations Messager.job => C:\ProgramData\HP Photo Creations\MessageCheck.exe
 
==================== Loaded Modules (whitelisted) =============
 
2008-05-02 10:06 - 2007-09-26 05:47 - 00249856 _____ () C:\Windows\system32\igfxTMM.dll
2009-11-03 15:51 - 2009-11-03 15:51 - 00039712 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll
2009-11-03 15:51 - 2009-11-03 15:51 - 00067872 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2009-10-01 15:16 - 2009-10-01 15:16 - 00176128 _____ () C:\Program Files\AIM\nssckbi.dll
2013-12-04 21:39 - 2013-12-03 21:48 - 04055504 _____ () C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll
2013-12-04 21:39 - 2013-12-03 21:48 - 00399312 _____ () C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
2013-12-04 21:39 - 2013-12-03 21:47 - 01619408 _____ () C:\Program Files\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/08/2013 08:35:38 PM) (Source: Application Hang) (User: )
Description: The program CCleaner.exe version 4.8.0.4428 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 1778
Start Time: 01cef47ed43c6908
Termination Time: 0
 
Error: (12/08/2013 07:34:12 PM) (Source: EventSystem) (User: )
Description: d:\vista_gdr\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
 
Error: (12/08/2013 01:15:18 PM) (Source: MsiInstaller) (User: Home-PC)
Description: Product: ScorpionSaver -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2318. The arguments are: c:\Program Files\ScorpionSaver\CustomActionInstall, ,
 
Error: (12/04/2013 10:21:01 PM) (Source: Microsoft-Windows-RestartManager) (User: Home-PC)
Description: 0C:\Program Files\SkypeCallRecorder\SkypeCallRecorder.exeSkypeCallRecorder0211725640
 
Error: (12/04/2013 10:19:44 PM) (Source: Microsoft-Windows-RestartManager) (User: Home-PC)
Description: 0AdpeakProxy.exeAdpeakProxy03026217839160
 
Error: (12/04/2013 10:19:33 PM) (Source: Microsoft-Windows-RestartManager) (User: Home-PC)
Description: 0AdpeakProxy.exeAdpeakProxy0302621613916463003A005C00570069006E0064006F00770073005C00730079007300740065006D00330032005C006D0073007600630072003100300030002E0064006C006C00000063003A005C00500072006F006700720061006D002000460069006C00650073005C00530063006F007200700069006F006E00530061007600650072002000530065007200760069006300650073005C0050004300500072006F007800790044004C004C002E0064006C006C00000063003A005C00500072006F006700720061006D002000460069006C00650073005C00530063006F007200700069006F006E00530061007600650072002000530065007200760069006300650073005C00410064007000650061006B00500072006F00780079002E00650078006500000063003A005C00570069006E0064006F00770073005C00730079007300740065006D00330032005C006D0073007600630070003100300030002E0064006C006C000000
 
Error: (12/03/2013 09:29:37 PM) (Source: Application Hang) (User: )
Description: The program Free MKV Player.exe version 1.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 1824
Start Time: 01cef096f2895bd7
Termination Time: 16
 
Error: (12/03/2013 09:17:11 PM) (Source: Application Hang) (User: )
Description: The program Free MKV Player.exe version 1.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 1c34
Start Time: 01cef091bbd94e17
Termination Time: 38
 
Error: (12/02/2013 08:47:36 PM) (Source: Application Hang) (User: )
Description: The program Skype.exe version 6.3.59.105 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 12e8
Start Time: 01ceefc98bbbb3b3
Termination Time: 109
 
Error: (12/02/2013 08:37:10 PM) (Source: Application Hang) (User: )
Description: The program Free MKV Player.exe version 1.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 233c
Start Time: 01ceefc7fdd12dd8
Termination Time: 12
 
 
System errors:
=============
Error: (12/08/2013 08:10:00 PM) (Source: Ntfs) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume OS.
 
Error: (12/08/2013 08:08:47 PM) (Source: Ntfs) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume OS.
 
Error: (12/08/2013 08:00:23 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 7:59:27 PM on 12/8/2013 was unexpected.
 
Error: (12/08/2013 07:34:51 PM) (Source: Service Control Manager) (User: )
Description: BHDrvx86
eeCtrl
IDSVix86
spldr
SRTSPX
SymIRON
SYMTDIv
Wanarpv6
 
Error: (12/08/2013 07:34:51 PM) (Source: Service Control Manager) (User: )
Description: Computer BrowserServer%%1068
 
Error: (12/08/2013 07:34:17 PM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}
 
Error: (12/08/2013 07:34:17 PM) (Source: DCOM) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
 
Error: (12/08/2013 07:34:14 PM) (Source: DCOM) (User: )
Description: 1068fdPHost{145B4335-FE2A-4927-A040-7C35AD3180EF}
 
Error: (12/08/2013 07:34:12 PM) (Source: DCOM) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error: (12/08/2013 07:34:05 PM) (Source: DCOM) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}
 
 
Microsoft Office Sessions:
=========================
Error: (02/05/2011 02:09:42 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2722 seconds with 2160 seconds of active time.  This session ended with a crash.
 
Error: (10/07/2010 09:19:30 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6535.5002, Microsoft Office Version: 12.0.6425.1000. This session lasted 27 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (10/07/2010 09:18:19 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6535.5002, Microsoft Office Version: 12.0.6425.1000. This session lasted 5 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (10/07/2010 09:18:06 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6535.5002, Microsoft Office Version: 12.0.6425.1000. This session lasted 234 seconds with 180 seconds of active time.  This session ended with a crash.
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-12-11 22:41:35.407
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\ProgramData\SMR410\Archive\BHDrvx86.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-12-11 22:41:35.348
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\ProgramData\SMR410\Archive\BHDrvx86.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-12-11 22:41:35.284
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\ProgramData\SMR410\Archive\BHDrvx86.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-12-11 22:41:35.226
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\ProgramData\SMR410\Archive\BHDrvx86.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-12-11 22:41:35.168
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\ProgramData\SMR410\Archive\BHDrvx86.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-12-11 22:41:35.108
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\ProgramData\SMR410\Archive\BHDrvx86.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-12-11 22:41:14.234
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\ProgramData\SMR410\Archive\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-12-11 22:41:14.179
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\ProgramData\SMR410\Archive\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-12-11 22:41:14.122
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\ProgramData\SMR410\Archive\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-12-11 22:41:14.066
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\ProgramData\SMR410\Archive\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 50%
Total physical RAM: 3573.24 MB
Available physical RAM: 1772.14 MB
Total Pagefile: 7316.66 MB
Available Pagefile: 5708.33 MB
Total Virtual: 2047.88 MB
Available Virtual: 1932.22 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:220.3 GB) (Free:123.83 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:5.14 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 233 GB) (Disk ID: 30000000)
Partition 1: (Not Active) - (Size=86 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=220 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=3 GB) - (Type=OF Extended)
 
==================== End Of Log ============================
Link to post
Share on other sites

Did you run Malwarebytes??? Log??

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1

Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:

    :regfindScorpion
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

MrC

Link to post
Share on other sites

Here is the log using SystemLook:

 

SystemLook 30.07.11 by jpshortstuff
Log created at 20:32 on 12/12/2013 by Ryan
Administrator - Elevation successful
 
========== regfind ==========
 
Searching for "Scorpion"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\ScorpionSaver]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\3A9F56B942D9A2546BFE41756DE52495]
"ProductName"="ScorpionSaver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\3A9F56B942D9A2546BFE41756DE52495\SourceList]
"PackageName"="ScorpionSaver.msi"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SOFTWARE\Wow6432Node\CLSID\F5D333A8-C748-4686-AE0A-9E008F670C22]
@="ScorpionSaver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SOFTWARE\Wow6432Node\CLSID\F5D333A8-C748-4686-AE0A-9E008F670C22\InProcServer32]
@="C:\Program Files(x86)\ScorpionSaver\IECore.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1C19AC53289098045B06B0DD1D37CBAB]
"3A9F56B942D9A2546BFE41756DE52495"="c:\Program Files\ScorpionSaver\ff_bootstrap.js"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23D9E9D21B4E77E41B9F50DD22F24E20]
"3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23EEA1F105A7F45449974D9B95E7AC89]
"3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\26982796A8AFD1246B95E00265A95BF9]
"3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\42D92D0D75AFEF74297E03876C8D9D33]
"3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50FFE845C555A6E4BADB7CB7A145BFEB]
"3A9F56B942D9A2546BFE41756DE52495"="c:\Program Files\ScorpionSaver\SendJson.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\715A3348920B6534690067594BB69F60]
"3A9F56B942D9A2546BFE41756DE52495"="c:\Program Files\ScorpionSaver\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7B7B13B037A7C2A42AC3E3EAF14D7107]
"3A9F56B942D9A2546BFE41756DE52495"="c:\Program Files\ScorpionSaver\background.js"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7D05B2942E9CC80499F397F6114DFB35]
"3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8591B8948E1C4A04F90505B3CDEE8555]
"3A9F56B942D9A2546BFE41756DE52495"="c:\Program Files\ScorpionSaver\CustomActionInstall"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8D841C5FEC311624CB88D49DB3884FA7]
"3A9F56B942D9A2546BFE41756DE52495"="c:\Program Files\ScorpionSaver\IECore.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AD746BF3B3B3FD8409B86604BA85982A]
"3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F355F0DB7A2E3A14B8E7A568FBA25937]
"3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3A9F56B942D9A2546BFE41756DE52495\InstallProperties]
"DisplayName"="ScorpionSaver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9B65F9A3-9D24-452A-B6EF-1457D65E4259}]
"DisplayName"="ScorpionSaver"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Scorpion Saver]
[HKEY_USERS\S-1-5-21-3583694018-938941780-2236014919-1000\Software\AppDataLow\Software\ScorpionSaver]
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Scorpion Saver]
 
-= EOF =-
Link to post
Share on other sites

Was surprised the AdwCleaner didn't take care of this.

A lot of the entries may be unique to your computer.

Please backup the registry with ERUNT before continuing:

http://www.geekstogo.com/forum/topic/208859-backing-up-the-registry-using-erunt/

Now download and unzip enders.zip (enders.reg)

Now double click on it and allow it to merge into the registry.

Reboot and it should be gone.

MrC

Link to post
Share on other sites

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!
MrC
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.