ScorpionSaver/DealSlider

[MLM25]

[kevinf80]

You have posted a blank sheet...

[MLM25]

Drat.  Hope this one goes through.

 

.DDS (Ver_2012-11-20.01) - NTFS_AMD64 

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8
Boot Device: \Device\HarddiskVolume2
Install Date: 8/8/2013 6:00:04 PM
System Uptime: 12/13/2013 2:17:30 PM (24 hours ago)
.
Motherboard: Hewlett-Packard | | 188B
Processor: AMD E2-1800 APU with Radeon HD Graphics | Socket FT1 | 1700/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 443 GiB total, 388.43 GiB free.
D: is FIXED (NTFS) - 22 GiB total, 2.72 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP24: 11/26/2013 12:44:35 PM - Norton_Power_Eraser_20131126094430089
RP25: 12/3/2013 10:00:16 AM - Removed ScorpionSaver Services
RP26: 12/11/2013 7:54:00 PM - Removed ScorpionSaver
.
==== Installed Programs ======================
.
4 Elements II
4500_Help
64 Bit HP CIO Components Installer
Adobe Shockwave Player 11.6
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Fuel
AMD Quick Stream
AMD VISION Engine Control Center
Bejeweled 3
Bing Bar
Bonjour
bpd_scan
BPDSoftware
BPDSoftware_Ini
BufferChm
Build-a-lot 4 - Power Source
Canon MX870 series MP Drivers
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Cradle Of Egypt Collector's Edition
Cradle of Rome 2
CyberLink Media Suite 10
CyberLink Power2Go 8
CyberLink PowerDVD
CyberLink YouCam
D3DX10
Destinations
DeviceDiscovery
DocProc
Energy Star
Epson Connect
Epson Customer Participation
Epson Download Navigator
Epson Event Manager
Epson FAX Utility
Epson PC-FAX Driver
EPSON Scan
EPSON WorkForce 545 Series Printer Uninstall
EpsonNet Print
Facebook Video Calling 1.2.0.287
Farm Frenzy
FATE: The Cursed King
Fax
Final Drive Fury
Gardenscapes: Mansion Makeover
Google Chrome
Google Earth
Google Update Helper
Governor of Poker 2 Premium Edition
GPBaseService2
Hewlett-Packard ACLM.NET v1.2.1.1
House of 1000 Doors: Family Secrets
Hoyle Card Games
HP Connected Remote
HP Customer Experience Enhancements
HP Customer Participation Program 14.0
HP Documentation
HP Games
HP Imaging Device Functions 14.0
HP MyRoom
HP Officejet J4500 Series 14.0 Rel. 6
HP Postscript Converter
HP Quick Launch
HP Recovery Manager
HP Registration Service
HP Solution Center 14.0
HP Support Assistant
HP Update
HP Utility Center
HP Wireless Button Driver
HPProductAssistant
HPSSupply
J4500
Java 7 Update 45
Java Auto Updater
Jewel Match 3
John Deere Drive Green
Luxor Evolved
Mahjongg Dimensions Deluxe: Tiles in Time
Malwarebytes Anti-Malware version 1.75.0.1300
MarketResearch
Microsoft Application Error Reporting
Microsoft Mouse and Keyboard Center
Microsoft Office
Microsoft Silverlight
Microsoft SkyDrive
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Compact 3.5 SP2 x64 ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Mortimer Beckett and the Crimson Thief Premium Edition
Movie Maker
MSVCRT
MSVCRT110
MSVCRT110_amd64
Mystery P.I. - Curious Case of Counterfeit Cove
Neat
Neat ADF Scanner 2008 Driver
Neat ADF Scanner Driver
Neat Core Files
Neat Mobile Scanner (Silver) Driver
Neat Mobile Scanner 2008 Driver
Neat Mobile Scanner Driver
Norton Internet Security
OCR Software by I.R.I.S. 14.0
OpenOffice 4.0.1
Peggle Nights
Penguins!
Photo Common
Photo Gallery
Picasa 3
PicasaAlbumDownloader
Polar Bowler
Polar Golfer
ProductContext
Qualcomm Atheros Driver Installation Program
QuickBooks
QuickBooks Pro 2013
Quicken 2012
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek PCIE Card Reader
Roads of Rome 3
Royal Envoy 2 Collector's Edition
SAMSUNG USB Driver for Mobile Phones
Scan
ScorpionSaver
Send To Neat
Shop for HP Supplies
SolutionCenter
Status
swMSM
Synaptics Pointing Device Driver
Tales of Lagoona
Toolbox
TrayApp
Update Installer for WildTangent Games App
WebReg
WildTangent Games
WildTangent Games App
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Youda Jewel Shop
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
12/13/2013 2:20:54 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service.
12/13/2013 2:18:29 PM, Error: Service Control Manager [7000] - The Util BrowseFox service failed to start due to the following error: The system cannot find the file specified.
12/13/2013 2:11:32 PM, Error: Service Control Manager [7034] - The HPWMISVC service terminated unexpectedly. It has done this 1 time(s).
12/11/2013 11:05:42 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the hpqwmiex service.
12/11/2013 11:05:10 PM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
.
==== End Of File ===========================

[MLM25]

More...

[MLM25]

[MLM25]

[MLM25]

I'm sorry and also apologize for the blank posts.  My pasting is not sticking to the page.  The log appears on my screen but isn't posting to the forum.

[kevinf80]

When you use "Browse" to find and open the specific file also use the "Attach this File" tab to complete the action. I see you hhave the dreaded Sorpion Saver installed, please try the following:

 

See if you can Uninstall Scorpion Saver, if it does not complete try with RevoUninstaller:

 

Please download and install Revo Uninstaller Free

 

• Double click Revo Uninstaller to run it.
  
• From the list of programs double click on The Program to remove
  
• When prompted if you want to uninstall click Yes.
  
• Be sure the Moderate option is selected then click Next.
  
• The program will run, If prompted again click Yes
  
• When the built-in uninstaller is finished click on Next.
  
• Once the program has searched for leftovers click Next.
  
• Check/tick the bolded items only on the list then click Delete
  
• When prompted click on Yes and then on next.
  
• Put a check on any folders that are found and select delete
  
• When prompted select yes then on next
  
• Once done click Finish.
  

 

If still unsuccesssful just continue:

 

Run Malwarebytes,  Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Full scan

Make sure that everything is checked, and click Remove Selected on any found items.

 

Post the produced log,

 

Next,

 

Download AdwCleaner by Xplode from here: http://www.bleepingcomputer.com/download/adwcleaner/ and save to your Desktop.

 

• Double click on AdwCleaner.exe to run the tool.
  
• Vista/Windows 7/8 users right-click and select Run As Administrator
  
• Click on the Scan button.
  
• AdwCleaner will begin...be patient as the scan may take some time to complete.
  
• When it's done you'll see: Pending: Uncheck any elements you don't want removed.
  
• Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  
• Look over the log especially under Files/Folders for any program you want to save.
  
• If there's a program you want to save, just uncheck it from AdwCleaner.
  
• If you're not sure, post the log for review.
  
• If you're ready to clean it all up.....click the Clean button.
  
• After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  
• Copy and paste the contents of that logfile in your next reply.
  
• A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  
• Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  
• To restore an item that has been deleted (if necessary):
  
• Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
  

 

Next,

 

Please download SystemLook from the following link below and save it to your Desktop. Use the correct version 32bit or 64bit.

 

http://jpshortstuff.247fixes.com/SystemLook_x64.exe      <<-   64 bit….

 

http://images.malwareremoval.com/jpshortstuff/SystemLook.exe  <<-  32 bit

 

• 
  

Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:
 

:filefind*adpeak*Adpeak.**Scorpion*Scopion.*:folderfind*Scorpion**adpeak*:regfind*Scorpion*Scorpion*adpeak*adpeak

 
Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

 

Post those logs....

 

Thanks,

 

Kevin

[MLM25]

RevoUninstaller was unable to uninstall ScorpionSaver.

 

# AdwCleaner v3.015 - Report created 15/12/2013 at 17:57:13
# Updated 10/12/2013 by Xplode
# Operating System : Windows 8 (64 bits)
# Username : MaryLou - HOME
# Running from : C:\Users\MaryLou\Downloads\AdwCleaner (1).exe
# Option : Scan

***** [ Services ] *****

 

SystemLook 30.07.11 by jpshortstuff

Log created at 18:12 on 15/12/2013 by MaryLou

Administrator - Elevation successful

 

========== filefind ==========

 

Searching for "*adpeak*"

No files found.

 

Searching for "Adpeak.*"

No files found.

 

Searching for "*Scorpion*"

C:\Users\MaryLou\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.scorpionsaver.com_0.localstorage --a---- 2691072 bytes [17:47 10/12/2013] [19:23 10/12/2013] 27416CEB4C2FAF2A346FE79E9497524F

C:\Users\MaryLou\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.scorpionsaver.com_0.localstorage-journal --a---- 16384 bytes [17:47 10/12/2013] [19:23 10/12/2013] 6A8902A9C903D0390A9547F7D0DD5E07

 

Searching for "Scopion.*"

No files found.

 

========== folderfind ==========

 

Searching for "*Scorpion*"

No folders found.

 

Searching for "*adpeak*"

No folders found.

 

========== regfind ==========

 

Searching for "*Scorpion*"

No data found.

 

Searching for "Scorpion"

[HKEY_CURRENT_USER\Software\AppDataLow\Software\ScorpionSaver]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\3A9F56B942D9A2546BFE41756DE52495]

"ProductName"="ScorpionSaver"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\3A9F56B942D9A2546BFE41756DE52495\SourceList]

"PackageName"="ScorpionSaver.msi"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]

"c:\Program Files (x86)\ScorpionSaver\"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1C19AC53289098045B06B0DD1D37CBAB]

"3A9F56B942D9A2546BFE41756DE52495"="c:\Program Files (x86)\ScorpionSaver\ff_bootstrap.js"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23D9E9D21B4E77E41B9F50DD22F24E20]

"3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23EEA1F105A7F45449974D9B95E7AC89]

"3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\26982796A8AFD1246B95E00265A95BF9]

"3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\42D92D0D75AFEF74297E03876C8D9D33]

"3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50FFE845C555A6E4BADB7CB7A145BFEB]

"3A9F56B942D9A2546BFE41756DE52495"="c:\Program Files (x86)\ScorpionSaver\SendJson.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\715A3348920B6534690067594BB69F60]

"3A9F56B942D9A2546BFE41756DE52495"="c:\Program Files (x86)\ScorpionSaver\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7B7B13B037A7C2A42AC3E3EAF14D7107]

"3A9F56B942D9A2546BFE41756DE52495"="c:\Program Files (x86)\ScorpionSaver\background.js"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7D05B2942E9CC80499F397F6114DFB35]

"3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8591B8948E1C4A04F90505B3CDEE8555]

"3A9F56B942D9A2546BFE41756DE52495"="c:\Program Files (x86)\ScorpionSaver\CustomActionInstall"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8D841C5FEC311624CB88D49DB3884FA7]

"3A9F56B942D9A2546BFE41756DE52495"="c:\Program Files (x86)\ScorpionSaver\IECore.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AD746BF3B3B3FD8409B86604BA85982A]

"3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F355F0DB7A2E3A14B8E7A568FBA25937]

"3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3A9F56B942D9A2546BFE41756DE52495\InstallProperties]

"DisplayName"="ScorpionSaver"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9B65F9A3-9D24-452A-B6EF-1457D65E4259}]

"DisplayName"="ScorpionSaver"

[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Scorpion Saver]

[HKEY_USERS\S-1-5-21-3734144309-4116549082-540705525-1002\Software\AppDataLow\Software\ScorpionSaver]

[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Scorpion Saver]

 

Searching for "*adpeak*"

No data found.

 

Searching for "adpeak"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23D9E9D21B4E77E41B9F50DD22F24E20]

"3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23EEA1F105A7F45449974D9B95E7AC89]

"3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\26982796A8AFD1246B95E00265A95BF9]

"3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\42D92D0D75AFEF74297E03876C8D9D33]

"3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7D05B2942E9CC80499F397F6114DFB35]

"3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AD746BF3B3B3FD8409B86604BA85982A]

"3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F355F0DB7A2E3A14B8E7A568FBA25937]

"3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3A9F56B942D9A2546BFE41756DE52495\InstallProperties]

"HelpLink"="http://www.adpeak.com/"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3A9F56B942D9A2546BFE41756DE52495\InstallProperties]

"Publisher"="Adpeak, Inc."

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9B65F9A3-9D24-452A-B6EF-1457D65E4259}]

"HelpLink"="http://www.adpeak.com/"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9B65F9A3-9D24-452A-B6EF-1457D65E4259}]

"Publisher"="Adpeak, Inc."

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\AdpeakWFP]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AdpeakWFP]

 

-= EOF =-

***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16537


-\\ Google Chrome v31.0.1650.63

[ File : C:\Users\MaryLou\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found : icon_url
Found : search_url
Found : keyword
Found : search_url
Found : search_url

*************************

AdwCleaner[R0].txt - [8736 octets] - [29/11/2013 14:02:22]
AdwCleaner[R1].txt - [952 octets] - [29/11/2013 14:19:15]
AdwCleaner[R2].txt - [2123 octets] - [13/12/2013 10:05:12]
AdwCleaner[R3].txt - [877 octets] - [15/12/2013 17:57:13]
AdwCleaner[s0].txt - [8435 octets] - [29/11/2013 14:03:39]
AdwCleaner[s1].txt - [978 octets] - [29/11/2013 14:22:03]
AdwCleaner[s2].txt - [1980 octets] - [13/12/2013 10:12:19]

########## EOF - C:\AdwCleaner\AdwCleaner[R3].txt - [1115 octets] ##########

[kevinf80]

Download OTM from either of the following links and save to your Desktop: (If your security alerts to OTM, either accept the alert or turn off security to allow OTM to run)

http://oldtimer.geekstogo.com/OTM.exe.
http://www.itxassociates.com/OT-Tools/OTM.com
http://www.itxassociates.com/OT-Tools/OTM.exe  

Double click OTM.exe to start the tool. Vista or Windows 7 users accepy UAC alert. Be aware all processes will be stopped during run, also Desktop will disappear, this will be put back on completion.... If your security alerts to OTM either, accept the alert or turn off security until OTM completes...

• Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy). Ensure to start with and include the colon before Reg like so: :Reg
  
  

  :Reg[-HKEY_CURRENT_USER\Software\AppDataLow\Software\ScorpionSaver][-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\3A9F56B942D9A2546BFE41756DE52495][-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\3A9F56B942D9A2546BFE41756DE52495][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]"c:\Program Files (x86)\ScorpionSaver\"=-[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1C19AC53289098045B06B0DD1D37CBAB][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50FFE845C555A6E4BADB7CB7A145BFEB][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\715A3348920B6534690067594BB69F60][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7B7B13B037A7C2A42AC3E3EAF14D7107][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8591B8948E1C4A04F90505B3CDEE8555][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8D841C5FEC311624CB88D49DB3884FA7][-HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Scorpion Saver][-HKEY_USERS\S-1-5-21-3734144309-4116549082-540705525-1002\Software\AppDataLow\Software\ScorpionSaver][-HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Scorpion Saver][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23D9E9D21B4E77E41B9F50DD22F24E20][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23EEA1F105A7F45449974D9B95E7AC89][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\26982796A8AFD1246B95E00265A95BF9][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\42D92D0D75AFEF74297E03876C8D9D33][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7D05B2942E9CC80499F397F6114DFB35][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AD746BF3B3B3FD8409B86604BA85982A][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F355F0DB7A2E3A14B8E7A568FBA25937][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3A9F56B942D9A2546BFE41756DE52495][-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9B65F9A3-9D24-452A-B6EF-1457D65E4259}][-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\AdpeakWFP][-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AdpeakWFP]:FilesC:\Users\MaryLou\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.scorpionsaver.com_0.localstorageC:\Users\MaryLou\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.scorpionsaver.com_0.localstorage-journalc:\Program Files (x86)\ScorpionSaver:Commands[EmptyTemp]

• Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
• Click the red button.
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
• Close OTM
  

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.

 

Next,

 

Run Malwarebytes,  Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Full scan

Make sure that everything is checked, and click Remove Selected on any found items.

 

Post the produced logs in next reply....

[MLM25]

All processes killed

Error: Unable to interpret <:Reg[-HKEY_CURRENT_USER\Software\AppDataLow\Software\ScorpionSaver][-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\3A9F56B942D9A2546BFE41756DE52495][-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\3A9F56B942D9A2546BFE41756DE52495][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]"c:\Program Files (x86)\ScorpionSaver\"=-[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1C19AC53289098045B06B0DD1D37CBAB][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50FFE845C555A6E4BADB7CB7A145BFEB][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\715A3348920B6534690067594BB69F60][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7B7B13B037A7C2A42AC3E3EAF14D7107][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\> in the current context!

Error: Unable to interpret <S-1-5-18\Components\8591B8948E1C4A04F90505B3CDEE8555][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8D841C5FEC311624CB88D49DB3884FA7][-HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Scorpion Saver][-HKEY_USERS\S-1-5-21-3734144309-4116549082-540705525-1002\Software\AppDataLow\Software\ScorpionSaver][-HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Scorpion Saver][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23D9E9D21B4E77E41B9F50DD22F24E20][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23EEA1F105A7F45449974D9B95E7AC89][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\26982796A8AFD1246B95E00265A95BF9][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\42D92D0D75AFEF74297E03876C8D9D33][-HKEY_LOCAL_MACHINE\SOFTWA> in the current context!

Error: Unable to interpret <RE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7D05B2942E9CC80499F397F6114DFB35][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AD746BF3B3B3FD8409B86604BA85982A][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F355F0DB7A2E3A14B8E7A568FBA25937][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3A9F56B942D9A2546BFE41756DE52495][-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9B65F9A3-9D24-452A-B6EF-1457D65E4259}][-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\AdpeakWFP][-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AdpeakWFP]:FilesC:\Users\MaryLou\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.scorpionsaver.com_0.localstorageC:\Users\MaryLou\AppData\Local\Google\Chrome\User Data\Default\Local > in the current context!

Error: Unable to interpret <Storage\http_static.scorpionsaver.com_0.localstorage-journalc:\Program Files (x86)\ScorpionSaver:Commands[EmptyTemp]> in the current context!

 

OTM by OldTimer - Version 3.1.21.0 log created on 12162013_080100

[MLM25]

C:\ProgramData\MalwareBytes'Anti-Malware\Logs\protection-log-2013-12-16.txt

 

2#0#1#3#/#1#2#/#1#6# #0#7#:#3#6#:#5#4# #-#0#7#0#0#    #H#O#M#E#    #M#a#r#y#L#o#u#    #M#E#S#S#A#G#E#    #S#t#a#r#t#i#n#g# #p#r#o#t#e#c#t#i#o#n#

[kevinf80]

It would appear the you put the script for System Look as a sentence and not a list, hence the error that was produced and you post....

 

Double click OTM.exe to start the tool. Vista or Windows 7 users accepy UAC alert. Be aware all processes will be stopped during run, also Desktop will disappear, this will be put back on completion.... If your security alerts to OTM either, accept the alert or turn off security until OTM completes...

• Copy the text from the code box below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy). Ensure to start with and include the colon before Reg as such :Reg The script must be put into the text field as a List, not a sentence. The list must start with :Reg
  
  

  :Reg[-HKEY_CURRENT_USER\Software\AppDataLow\Software\ScorpionSaver][-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\3A9F56B942D9A2546BFE41756DE52495][-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\3A9F56B942D9A2546BFE41756DE52495][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]"c:\Program Files (x86)\ScorpionSaver\"=-[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1C19AC53289098045B06B0DD1D37CBAB][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50FFE845C555A6E4BADB7CB7A145BFEB][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\715A3348920B6534690067594BB69F60][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7B7B13B037A7C2A42AC3E3EAF14D7107][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8591B8948E1C4A04F90505B3CDEE8555][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8D841C5FEC311624CB88D49DB3884FA7][-HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Scorpion Saver][-HKEY_USERS\S-1-5-21-3734144309-4116549082-540705525-1002\Software\AppDataLow\Software\ScorpionSaver][-HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Scorpion Saver][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23D9E9D21B4E77E41B9F50DD22F24E20][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23EEA1F105A7F45449974D9B95E7AC89][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\26982796A8AFD1246B95E00265A95BF9][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\42D92D0D75AFEF74297E03876C8D9D33][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7D05B2942E9CC80499F397F6114DFB35][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AD746BF3B3B3FD8409B86604BA85982A][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F355F0DB7A2E3A14B8E7A568FBA25937][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3A9F56B942D9A2546BFE41756DE52495][-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9B65F9A3-9D24-452A-B6EF-1457D65E4259}][-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\AdpeakWFP][-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AdpeakWFP]:FilesC:\Users\MaryLou\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.scorpionsaver.com_0.localstorageC:\Users\MaryLou\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.scorpionsaver.com_0.localstorage-journalc:\Program Files (x86)\ScorpionSaver:Commands[EmptyTemp]:Commands[EmptyTemp]

• Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
• Click the red button.
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
• Close OTM
  

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.

 

Regarding Malwarebytes, I have absolutely no idea what you`ve done to produce a log that you posted... Can you run a Full scan once more and post the produced log..

[MLM25]

All processes killed

========== REGISTRY ==========

Registry key HKEY_CURRENT_USER\Software\AppDataLow\Software\ScorpionSaver\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\3A9F56B942D9A2546BFE41756DE52495\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\3A9F56B942D9A2546BFE41756DE52495\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1C19AC53289098045B06B0DD1D37CBAB\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50FFE845C555A6E4BADB7CB7A145BFEB\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\715A3348920B6534690067594BB69F60\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7B7B13B037A7C2A42AC3E3EAF14D7107\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8591B8948E1C4A04F90505B3CDEE8555\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8D841C5FEC311624CB88D49DB3884FA7\ not found.

Registry key HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Scorpion Saver\ deleted successfully.

Registry key HKEY_USERS\S-1-5-21-3734144309-4116549082-540705525-1002\Software\AppDataLow\Software\ScorpionSaver\ not found.

Registry key HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Scorpion Saver\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23D9E9D21B4E77E41B9F50DD22F24E20\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23EEA1F105A7F45449974D9B95E7AC89\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\26982796A8AFD1246B95E00265A95BF9\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\42D92D0D75AFEF74297E03876C8D9D33\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7D05B2942E9CC80499F397F6114DFB35\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AD746BF3B3B3FD8409B86604BA85982A\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F355F0DB7A2E3A14B8E7A568FBA25937\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3A9F56B942D9A2546BFE41756DE52495\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9B65F9A3-9D24-452A-B6EF-1457D65E4259}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9B65F9A3-9D24-452A-B6EF-1457D65E4259}\ not found.

Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\AdpeakWFP\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AdpeakWFP\ not found.

========== FILES ==========

C:\Users\MaryLou\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.scorpionsaver.com_0.localstorage moved successfully.

C:\Users\MaryLou\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.scorpionsaver.com_0.localstorage-journal moved successfully.

File/Folder c:\Program Files (x86)\ScorpionSaver not found.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: MaryLou

->Temp folder emptied: 1102391 bytes

->Temporary Internet Files folder emptied: 18647185 bytes

->Java cache emptied: 0 bytes

->Google Chrome cache emptied: 90582895 bytes

->Flash cache emptied: 492 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 382955 bytes

%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 106.00 mb

 

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: MaryLou

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 128 bytes

->Java cache emptied: 0 bytes

->Google Chrome cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 3965 bytes

%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 0.00 mb

 

 

OTM by OldTimer - Version 3.1.21.0 log created on 12162013_131435

 

Files moved on Reboot...

C:\Users\MaryLou\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

C:\Windows\temp\UploadUI.log moved successfully.

C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

 

Registry entries deleted on Reboot...

[kevinf80]

That is better, did you also run Malwarebytes and produce a log?

[MLM25]

Malwarebytes Anti-Malware (PRO) 1.75.0.1300

www.malwarebytes.org

 

Database version: v2013.12.16.08

 

Windows 8 x64 NTFS

Internet Explorer 10.0.9200.16750

MaryLou :: HOME [administrator]

 

Protection: Enabled

 

12/16/2013 3:18:32 PM

mbam-log-2013-12-16 (15-18-32).txt

 

Scan type: Full scan (C:\|D:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 423933

Time elapsed: 1 hour(s), 45 minute(s), 30 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)

[kevinf80]

How is your system responding now, any remaining issues or concerns..

[MLM25]

screenshot 1.txt

 

I'm still getting DealSlider ads down the side of my screen as in the first screen shot and those little green circles with arrows indicating a link in the text.

 

My computer is much better.  The popups seem to have subsided.

screenshot 1.txt

[kevinf80]

mmm, you cannot save a screen shot as a text (.txt) file. That`s the wrong format.... Run the following:

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
  
• Press Scan button.
  
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
  

 

Kevin...

[MLM25]

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-12-2013 01

Ran by MaryLou (administrator) on HOME on 17-12-2013 11:52:22

Running from C:\Users\MaryLou\Downloads

Windows 8 (X64) OS Language: English(US)

Internet Explorer Version 10

Boot Mode: Normal

 

==================== Processes (Whitelisted) =================

 

(Two Pilots) C:\Windows\VPDAgent_x64.exe

(AMD) C:\Windows\System32\atiesrxx.exe

(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Microsoft Corporation) C:\Windows\System32\dasHost.exe

(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe

(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

(The Neat Company) C:\Program Files (x86)\Neat\exec\NeatStartupService.exe

(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\nis.exe

(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe

(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.EXE

(AMD) C:\Windows\System32\atieclxx.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe

(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\nis.exe

(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIHWA.EXE

(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe

(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe

(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe

(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe

(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.exe

(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.bin

(Microsoft Corporation) C:\Windows\splwow64.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\System32\msdt.exe

(Microsoft Corporation) C:\Windows\System32\sdiagnhost.exe

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor)

HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2013-12-12] (Hewlett-Packard)

HKCU\...\Run: [Facebook Update] - C:\Users\MaryLou\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-09-13] (Facebook Inc.)

HKCU\...\Run: [EPLTarget\P0000000000000000] - C:\Windows\System32\spool\drivers\x64\3\E_YATIHWA.EXE [241280 2012-07-12] (SEIKO EPSON CORPORATION)

HKCU\...\Runonce: [uninstall C:\Users\MaryLou\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\MaryLou\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64"

HKCU\...\Policies\Explorer: [NofolderOptions] 0

HKLM-x32\...\Run: [startCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-09-12] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [CLVirtualDrive] - C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491632 2012-09-10] (CyberLink Corp.)

HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)

HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)

HKLM-x32\...\Run: [intuit SyncManager] - C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [2786104 2013-05-23] (Intuit Inc. All rights reserved.)

HKLM-x32\...\Run: [EEventManager] - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)

HKLM-x32\...\Run: [FUFAXRCV] - C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [495616 2011-03-09] (SEIKO EPSON CORPORATION)

HKLM-x32\...\Run: [FUFAXSTM] - C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [856064 2011-03-09] (SEIKO EPSON CORPORATION)

HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [49208 2011-10-28] (Hewlett-Packard)

HKLM-x32\...\Run: [] - [x]

AppInit_DLLs: c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll [ ] ()

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/hpnot13/1

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1

SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CPNTDFJS

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CPNTDFJS

SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}

SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}

SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = 

BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\coieplg.dll (Symantec Corporation)

BHO: Deal Slider BHO - {E4607B39-174A-44BA-AB08-8892366ECA13} - C:\Program Files (x86)\Deal Slider\FrameworkBHO64.dll No File

BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)

BHO-x32: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)

BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coieplg.dll (Symantec Corporation)

BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\ips\ipsbho.dll (Symantec Corporation)

BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)

Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\coieplg.dll (Symantec Corporation)

Toolbar: HKLM - Deal Slider - {E13BF069-886E-416B-B532-6B14242CC508} - C:\Program Files (x86)\Deal Slider\FrameworkBHO64.dll No File

Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coieplg.dll (Symantec Corporation)

Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)

DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab

Handler: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} -  No File

Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -  No File

Handler-x32: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - C:\Program Files (x86)\Intuit\QuickBooks 2013\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)

Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.3.25

 

Chrome: 

=======

CHR DefaultSearchKeyword: babylon.com

CHR DefaultSearchProvider: Search the web (Babylon)

CHR DefaultSearchURL: http://isearch.babylon.com/?q={searchTerms}&babsrc=SP_ssbtis1&mntrId=0CB716FD52106739&affID=119557&tt=180813_206&tsp=4980

CHR DefaultNewTabURL: 

CHR Extension: (Deal Slider ) - C:\Users\MaryLou\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilfmkkncnbolkneogaadokmfjoihepgm\1.0_0

CHR Extension: (Norton Identity Protection) - C:\Users\MaryLou\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.6.2.3_0

CHR Extension: (Google Wallet) - C:\Users\MaryLou\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_1

CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\Exts\Chrome.crx

 

==================== Services (Whitelisted) =================

 

R2 Agent; C:\Windows\VPDAgent_x64.exe [148480 2013-06-25] (Two Pilots)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-09-12] (Advanced Micro Devices, Inc.)

R2 HPConnectedRemote; C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35744 2012-10-12] (Hewlett-Packard)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

R2 Neat Startup Service; C:\Program Files (x86)\Neat\exec\NeatStartupService.exe [5632 2013-06-26] (The Neat Company)

R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe [275696 2013-10-08] (Symantec Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-01] (Microsoft Corporation)

S2 Util BrowseFox; "C:\Program Files (x86)\BrowseFox\bin\utilBrowseFox.exe" [x]

 

==================== Drivers (Whitelisted) ====================

 

R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [199008 2012-06-23] (AppEx Networks Corporation)

R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [91648 2012-08-22] (Advanced Micro Devices)

R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.1.3\Definitions\BASHDefs\20131203.001\BHDrvx64.sys [1526488 2013-12-03] (Symantec Corporation)

R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1501000.012\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)

R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)

R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-20] (Symantec Corporation)

R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-20] (Symantec Corporation)

R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.1.3\Definitions\IPSDefs\20131216.001\IDSvia64.sys [521944 2013-12-13] (Symantec Corporation)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.1.3\Definitions\VirusDefs\20131216.038\ENG64.SYS [126040 2013-12-10] (Symantec Corporation)

R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.1.3\Definitions\VirusDefs\20131216.038\EX64.SYS [2099288 2013-12-10] (Symantec Corporation)

R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [273040 2012-08-08] (Realtek Semiconductor Corp.)

S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-25] (Synaptics Incorporated)

S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-25] (Synaptics Incorporated)

R1 SRTSP; C:\Windows\System32\Drivers\NISx64\1501000.012\SRTSP64.SYS [858200 2013-09-26] (Symantec Corporation)

R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1501000.012\SRTSPX64.SYS [36952 2013-07-30] (Symantec Corporation)

R0 SymDS; C:\Windows\System32\drivers\NISx64\1501000.012\SYMDS64.SYS [493656 2013-07-31] (Symantec Corporation)

R0 SymEFA; C:\Windows\System32\drivers\NISx64\1501000.012\SYMEFA64.SYS [1147480 2013-09-26] (Symantec Corporation)

S0 SymELAM; C:\Windows\System32\drivers\NISx64\1501000.012\SymELAM.sys [23568 2013-07-31] (Symantec Corporation)

R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-09-03] (Symantec Corporation)

R1 SymIRON; C:\Windows\system32\drivers\NISx64\1501000.012\Ironx64.SYS [264280 2013-07-30] (Symantec Corporation)

R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1501000.012\SYMNETS.SYS [590936 2013-09-25] (Symantec Corporation)

R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2013-12-17 11:52 - 2013-12-17 11:56 - 00016908 _____ C:\Users\MaryLou\Downloads\FRST.txt

2013-12-17 11:51 - 2013-12-17 11:51 - 00000000 ____D C:\FRST

2013-12-17 11:47 - 2013-12-17 11:47 - 01928078 _____ (Farbar) C:\Users\MaryLou\Downloads\FRST64.exe

2013-12-17 07:34 - 2013-12-17 07:34 - 00000006 _____ C:\Users\MaryLou\Downloads\screenshot 1 (1).txt

2013-12-17 07:33 - 2013-12-17 07:33 - 00000006 _____ C:\Users\MaryLou\Downloads\screenshot 1.txt

2013-12-17 07:28 - 2013-12-17 07:28 - 00000104 ____H C:\Users\MaryLou\Documents\.~lock.screenshot 1.txt#

2013-12-17 07:28 - 2013-12-17 07:28 - 00000006 _____ C:\Users\MaryLou\Documents\screenshot 1.txt

2013-12-17 07:25 - 2013-12-17 07:25 - 00730669 _____ C:\Users\MaryLou\Documents\screenshot 1.odt

2013-12-16 11:05 - 2013-12-16 11:06 - 00382384 _____ C:\Windows\Minidump\121613-46644-01.dmp

2013-12-16 11:05 - 2013-12-16 11:05 - 716293887 _____ C:\Windows\MEMORY.DMP

2013-12-16 11:05 - 2013-12-16 11:05 - 00000000 ____D C:\Windows\Minidump

2013-12-15 18:27 - 2013-12-15 18:27 - 00018037 _____ C:\Users\MaryLou\Documents\AdWareCleaner Log.odt

2013-12-15 09:53 - 2013-12-15 09:53 - 00001264 _____ C:\Users\MaryLou\Desktop\Revo Uninstaller.lnk

2013-12-15 09:53 - 2013-12-15 09:53 - 00000000 ____D C:\Program Files (x86)\VS Revo Group

2013-12-15 09:52 - 2013-12-15 09:52 - 10031224 _____ (VS Revo Group                                               ) C:\Users\MaryLou\Downloads\RevoUninProSetup.exe

2013-12-15 09:51 - 2013-12-15 09:51 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\MaryLou\Downloads\revosetup.exe

2013-12-14 14:12 - 2013-12-14 14:23 - 00006395 _____ C:\Users\MaryLou\Desktop\attach.txt

2013-12-14 14:12 - 2013-12-14 14:11 - 00023966 _____ C:\Users\MaryLou\Desktop\dds.txt

2013-12-14 14:11 - 2013-12-14 14:20 - 00000000 ____D C:\Users\MaryLou\Downloads\Misc Photos

2013-12-14 14:09 - 2013-12-14 14:09 - 00688992 ____R (Swearware) C:\Users\MaryLou\Downloads\dds.com

2013-12-14 14:01 - 2013-12-14 14:01 - 00000000 ____D C:\Users\MaryLou\Documents\Screen Shots

2013-12-14 11:41 - 2013-12-14 11:42 - 00000000 ____D C:\Users\MaryLou\Documents\Receipts

2013-12-14 09:33 - 2013-12-14 09:33 - 00001236 _____ C:\Users\MaryLou\Documents\ESET Report.txt

2013-12-13 14:11 - 2013-12-13 14:11 - 00000000 ____D C:\_OTM

2013-12-13 14:08 - 2013-12-13 14:08 - 00522240 _____ (OldTimer Tools) C:\Users\MaryLou\Downloads\OTM.exe

2013-12-13 13:55 - 2013-12-15 18:21 - 00014798 _____ C:\Users\MaryLou\Downloads\SystemLook.txt

2013-12-13 13:54 - 2013-12-13 13:54 - 00165376 _____ C:\Users\MaryLou\Downloads\SystemLook_x64.exe

2013-12-13 10:15 - 2013-12-13 10:15 - 00323200 _____ C:\Windows\system32\FNTCACHE.DAT

2013-12-13 10:02 - 2013-12-13 10:02 - 01226802 _____ C:\Users\MaryLou\Downloads\AdwCleaner (1).exe

2013-12-12 01:14 - 2013-10-24 23:19 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-12-12 01:14 - 2013-10-24 23:19 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-12-12 01:14 - 2013-10-24 23:18 - 19271168 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-12-12 01:14 - 2013-10-24 23:18 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2013-12-12 01:14 - 2013-10-24 23:17 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-12-12 01:14 - 2013-10-24 23:17 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2013-12-12 01:14 - 2013-10-24 21:45 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-12-12 01:14 - 2013-10-24 21:44 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-12-12 01:14 - 2013-10-24 21:43 - 13761536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-12-12 01:14 - 2013-10-24 21:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-12-12 01:14 - 2013-10-10 02:32 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe

2013-12-12 01:14 - 2013-10-10 02:30 - 00162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrobj.dll

2013-12-12 01:14 - 2013-10-10 02:30 - 00156160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll

2013-12-12 01:14 - 2013-10-10 02:24 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx

2013-12-12 01:14 - 2013-10-10 02:23 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe

2013-12-12 01:14 - 2013-10-10 02:22 - 00222720 _____ (Microsoft Corporation) C:\Windows\system32\scrobj.dll

2013-12-12 01:14 - 2013-10-10 02:22 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll

2013-12-12 01:13 - 2013-10-24 23:17 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-12-12 01:12 - 2013-10-24 23:19 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll

2013-12-12 01:12 - 2013-10-24 23:19 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2013-12-12 01:12 - 2013-10-24 23:17 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2013-12-12 01:12 - 2013-10-24 21:44 - 14356992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-12-12 01:12 - 2013-10-24 21:43 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-12-12 01:12 - 2013-10-24 21:43 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-12-12 01:12 - 2013-10-24 21:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-12-12 01:11 - 2013-10-18 22:45 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll

2013-12-12 01:11 - 2013-10-18 21:04 - 00059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll

2013-12-12 01:10 - 2013-10-08 18:33 - 00059416 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe

2013-12-12 01:10 - 2013-10-08 15:30 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll

2013-12-12 01:10 - 2013-10-08 15:30 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll

2013-12-12 01:10 - 2013-10-08 15:30 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll

2013-12-12 01:10 - 2013-10-08 15:30 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe

2013-12-12 01:10 - 2013-10-08 15:28 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe

2013-12-12 01:10 - 2013-10-08 15:27 - 03279872 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll

2013-12-12 01:10 - 2013-10-08 15:27 - 01622016 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll

2013-12-12 01:10 - 2013-10-08 15:27 - 00773120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll

2013-12-12 01:10 - 2013-10-08 15:27 - 00252928 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll

2013-12-12 01:10 - 2013-10-08 15:27 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll

2013-12-12 01:10 - 2013-10-08 15:27 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll

2013-12-12 01:10 - 2013-10-08 15:27 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll

2013-12-12 01:10 - 2013-10-04 23:10 - 00285016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys

2013-12-12 01:10 - 2013-10-03 15:09 - 00385528 _____ C:\Windows\system32\ApnDatabase.xml

2013-12-12 01:10 - 2013-10-01 19:50 - 00447320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS

2013-12-12 01:10 - 2013-09-27 22:48 - 00778752 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll

2013-12-12 01:10 - 2013-09-27 20:58 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll

2013-12-12 01:10 - 2013-09-19 00:32 - 01455448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys

2013-12-12 01:10 - 2013-08-29 22:19 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\resutils.dll

2013-12-12 01:10 - 2013-08-29 22:18 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\clusapi.dll

2013-12-12 01:10 - 2013-08-29 16:48 - 00488960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\resutils.dll

2013-12-12 01:10 - 2013-08-29 16:47 - 00302080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clusapi.dll

2013-12-12 01:09 - 2013-11-22 23:43 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll

2013-12-12 01:09 - 2013-11-22 22:05 - 00368640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll

2013-12-12 01:09 - 2013-11-06 16:18 - 04036608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2013-12-12 01:08 - 2013-10-31 22:38 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll

2013-12-12 01:08 - 2013-10-31 20:49 - 00273408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll

2013-12-12 01:08 - 2013-09-27 20:35 - 00288768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys

2013-12-11 20:24 - 2013-12-11 20:24 - 00000000 ____D C:\Users\MaryLou\AppData\Roaming\Malwarebytes

2013-12-11 20:23 - 2013-12-11 20:23 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-12-11 20:23 - 2013-12-11 20:23 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-12-11 20:22 - 2013-12-11 20:23 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-12-11 20:22 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2013-12-11 20:21 - 2013-12-11 20:21 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\MaryLou\Downloads\mbam-setup-1.75.0.1300.exe

2013-12-10 09:35 - 2013-12-10 09:35 - 00002212 _____ C:\Users\Public\Desktop\Google Earth.lnk

2013-12-07 20:32 - 2013-12-07 20:32 - 00000000 ____D C:\Users\MaryLou\Desktop\Thu

2013-12-05 22:53 - 2013-12-05 22:53 - 00002323 _____ C:\Users\Public\Desktop\Add a Device - Officejet J4500 Series.lnk

2013-12-05 17:48 - 2013-12-13 09:00 - 00000000 ____D C:\Users\MaryLou\AppData\Roaming\HpUpdate

2013-12-05 17:47 - 2013-12-05 17:47 - 00001315 _____ C:\Users\Public\Desktop\HP Solution Center.lnk

2013-12-05 17:47 - 2013-12-05 17:47 - 00000000 ____D C:\ProgramData\HP Product Assistant

2013-12-05 17:46 - 2013-12-05 17:46 - 00000000 ____D C:\Windows\SysWOW64\spool

2013-12-05 17:41 - 2013-12-13 08:46 - 00000000 ____D C:\Program Files (x86)\HP

2013-12-05 17:34 - 2013-12-05 22:53 - 00182532 _____ C:\Windows\hpwins19.dat

2013-12-05 17:34 - 2013-12-05 22:53 - 00000359 _____ C:\ProgramData\hpzinstall.log

2013-12-05 17:34 - 2012-09-27 13:32 - 00000633 ____N C:\Windows\hpwmdl19.dat

2013-12-05 17:33 - 2013-12-05 17:47 - 00000000 ____D C:\ProgramData\HP

2013-12-05 16:02 - 2013-12-05 16:16 - 291513352 _____ C:\Users\MaryLou\Downloads\OJ_AIO_J4500_Full_Win_WW_140_404.exe

2013-12-04 09:49 - 2013-12-04 09:49 - 05485920 _____ (Symantec Corporation) C:\Users\MaryLou\Downloads\SymHelp.exe

2013-12-03 10:25 - 2013-12-03 10:25 - 00003106 _____ C:\Windows\System32\Tasks\{CCE351FB-B417-4C20-85E1-42A3E5F14BE1}

2013-11-29 14:02 - 2013-12-15 18:11 - 00000000 ____D C:\AdwCleaner

2013-11-29 14:01 - 2013-11-29 14:01 - 01091882 _____ C:\Users\MaryLou\Downloads\AdwCleaner.exe

2013-11-26 16:49 - 2013-11-26 16:49 - 00000000 ____D C:\Program Files\SAMSUNG

2013-11-26 16:48 - 2013-11-26 16:48 - 00000000 ____D C:\ProgramData\Samsung

2013-11-26 16:46 - 2013-11-26 16:47 - 24178176 _____ (SAMSUNG Electronics Co., Ltd.) C:\Users\MaryLou\Downloads\Samsung_USB_Driver_for_Mobile_Phones_v1.5.14.0.exe

2013-11-26 12:31 - 2013-11-26 16:34 - 00000000 ____D C:\Users\MaryLou\AppData\Local\NPE

2013-11-25 13:03 - 2013-11-25 13:03 - 00000000 ____D C:\Users\MaryLou\Downloads\2013-11-25

2013-11-25 12:51 - 2013-11-25 12:59 - 48401212 _____ C:\Users\MaryLou\Downloads\2013-11-25.zip

2013-11-24 00:51 - 2013-11-25 13:41 - 01828352 ___SH C:\Users\MaryLou\Downloads\Thumbs.db

2013-11-23 17:22 - 2013-11-23 17:22 - 00001494 _____ C:\Users\MaryLou\Downloads\cbsidlm-cbsi145-Costco_Photo_Center-SEO-75811015 - Shortcut.lnk

2013-11-23 17:13 - 2013-11-23 17:13 - 00923784 _____ (CNET Download.com) C:\Users\MaryLou\Desktop\cbsidlm-cbsi145-Costco_Photo_Center-SEO-75811015.exe

2013-11-23 16:21 - 2013-11-23 16:21 - 00000000 ____D C:\Windows\en

2013-11-23 16:17 - 2010-06-02 07:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll

2013-11-23 16:17 - 2010-06-02 07:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll

2013-11-23 16:17 - 2010-06-02 07:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll

2013-11-23 16:17 - 2010-06-02 07:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll

2013-11-23 16:17 - 2010-05-26 14:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll

2013-11-23 16:17 - 2010-05-26 14:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll

2013-11-23 16:17 - 2010-05-26 14:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll

2013-11-23 16:17 - 2010-05-26 14:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll

2013-11-23 16:17 - 2009-09-04 20:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll

2013-11-23 16:17 - 2009-09-04 20:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll

2013-11-23 16:16 - 2006-11-29 16:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll

2013-11-23 16:16 - 2006-11-29 16:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll

2013-11-20 14:07 - 2013-11-20 14:09 - 00004608 _____ C:\Users\MaryLou\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

 

==================== One Month Modified Files and Folders =======

 

2013-12-17 11:56 - 2013-12-17 11:52 - 00016908 _____ C:\Users\MaryLou\Downloads\FRST.txt

2013-12-17 11:51 - 2013-12-17 11:51 - 00000000 ____D C:\FRST

2013-12-17 11:47 - 2013-12-17 11:47 - 01928078 _____ (Farbar) C:\Users\MaryLou\Downloads\FRST64.exe

2013-12-17 11:34 - 2013-08-15 18:19 - 00000910 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-12-17 11:00 - 2012-07-26 01:12 - 00000000 ____D C:\Windows\system32\sru

2013-12-17 10:45 - 2013-09-13 19:40 - 00000946 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3734144309-4116549082-540705525-1002UA.job

2013-12-17 07:34 - 2013-12-17 07:34 - 00000006 _____ C:\Users\MaryLou\Downloads\screenshot 1 (1).txt

2013-12-17 07:33 - 2013-12-17 07:33 - 00000006 _____ C:\Users\MaryLou\Downloads\screenshot 1.txt

2013-12-17 07:28 - 2013-12-17 07:28 - 00000104 ____H C:\Users\MaryLou\Documents\.~lock.screenshot 1.txt#

2013-12-17 07:28 - 2013-12-17 07:28 - 00000006 _____ C:\Users\MaryLou\Documents\screenshot 1.txt

2013-12-17 07:25 - 2013-12-17 07:25 - 00730669 _____ C:\Users\MaryLou\Documents\screenshot 1.odt

2013-12-17 07:07 - 2013-08-15 18:19 - 00000906 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-12-16 19:45 - 2013-08-08 17:05 - 00003918 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{9EFAFB1E-C4BA-4F62-AF85-A060F251D5D6}

2013-12-16 16:45 - 2013-09-13 19:40 - 00000924 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3734144309-4116549082-540705525-1002Core.job

2013-12-16 13:17 - 2012-07-26 00:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-12-16 13:16 - 2012-07-25 22:26 - 00524288 ___SH C:\Windows\system32\config\BBI

2013-12-16 11:12 - 2012-07-26 01:12 - 00000000 ____D C:\Windows\system32\FxsTmp

2013-12-16 11:06 - 2013-12-16 11:05 - 00382384 _____ C:\Windows\Minidump\121613-46644-01.dmp

2013-12-16 11:05 - 2013-12-16 11:05 - 716293887 _____ C:\Windows\MEMORY.DMP

2013-12-16 11:05 - 2013-12-16 11:05 - 00000000 ____D C:\Windows\Minidump

2013-12-15 18:27 - 2013-12-15 18:27 - 00018037 _____ C:\Users\MaryLou\Documents\AdWareCleaner Log.odt

2013-12-15 18:21 - 2013-12-13 13:55 - 00014798 _____ C:\Users\MaryLou\Downloads\SystemLook.txt

2013-12-15 18:21 - 2013-08-08 17:00 - 01092364 _____ C:\Windows\WindowsUpdate.log

2013-12-15 18:11 - 2013-11-29 14:02 - 00000000 ____D C:\AdwCleaner

2013-12-15 18:06 - 2012-07-25 22:26 - 00262144 ___SH C:\Windows\system32\config\ELAM

2013-12-15 12:08 - 2013-08-13 22:24 - 00000000 ____D C:\Windows\system32\MRT

2013-12-15 12:00 - 2013-08-12 17:46 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2013-12-15 09:53 - 2013-12-15 09:53 - 00001264 _____ C:\Users\MaryLou\Desktop\Revo Uninstaller.lnk

2013-12-15 09:53 - 2013-12-15 09:53 - 00000000 ____D C:\Program Files (x86)\VS Revo Group

2013-12-15 09:52 - 2013-12-15 09:52 - 10031224 _____ (VS Revo Group                                               ) C:\Users\MaryLou\Downloads\RevoUninProSetup.exe

2013-12-15 09:51 - 2013-12-15 09:51 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\MaryLou\Downloads\revosetup.exe

2013-12-14 14:23 - 2013-12-14 14:12 - 00006395 _____ C:\Users\MaryLou\Desktop\attach.txt

2013-12-14 14:20 - 2013-12-14 14:11 - 00000000 ____D C:\Users\MaryLou\Downloads\Misc Photos

2013-12-14 14:11 - 2013-12-14 14:12 - 00023966 _____ C:\Users\MaryLou\Desktop\dds.txt

2013-12-14 14:09 - 2013-12-14 14:09 - 00688992 ____R (Swearware) C:\Users\MaryLou\Downloads\dds.com

2013-12-14 14:01 - 2013-12-14 14:01 - 00000000 ____D C:\Users\MaryLou\Documents\Screen Shots

2013-12-14 11:42 - 2013-12-14 11:41 - 00000000 ____D C:\Users\MaryLou\Documents\Receipts

2013-12-14 09:33 - 2013-12-14 09:33 - 00001236 _____ C:\Users\MaryLou\Documents\ESET Report.txt

2013-12-13 21:54 - 2013-08-09 22:29 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log

2013-12-13 21:52 - 2013-08-09 22:29 - 00000000 _____ C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt

2013-12-13 14:11 - 2013-12-13 14:11 - 00000000 ____D C:\_OTM

2013-12-13 14:08 - 2013-12-13 14:08 - 00522240 _____ (OldTimer Tools) C:\Users\MaryLou\Downloads\OTM.exe

2013-12-13 13:54 - 2013-12-13 13:54 - 00165376 _____ C:\Users\MaryLou\Downloads\SystemLook_x64.exe

2013-12-13 10:15 - 2013-12-13 10:15 - 00323200 _____ C:\Windows\system32\FNTCACHE.DAT

2013-12-13 10:02 - 2013-12-13 10:02 - 01226802 _____ C:\Users\MaryLou\Downloads\AdwCleaner (1).exe

2013-12-13 09:00 - 2013-12-05 17:48 - 00000000 ____D C:\Users\MaryLou\AppData\Roaming\HpUpdate

2013-12-13 08:47 - 2012-07-26 01:12 - 00000000 ____D C:\Windows\AUInstallAgent

2013-12-13 08:46 - 2013-12-05 17:41 - 00000000 ____D C:\Program Files (x86)\HP

2013-12-13 08:45 - 2013-04-29 01:20 - 00000000 ____D C:\Windows\Hewlett-Packard

2013-12-12 08:43 - 2012-07-26 01:12 - 00000000 ____D C:\Windows\rescache

2013-12-12 08:20 - 2012-07-26 00:28 - 00941178 _____ C:\Windows\system32\PerfStringBackup.INI

2013-12-12 08:14 - 2012-08-03 15:23 - 00272662 _____ C:\Windows\PFRO.log

2013-12-12 08:10 - 2012-07-26 01:12 - 00000000 ____D C:\Windows\system32\SecureBootUpdates

2013-12-12 01:11 - 2012-07-25 22:38 - 00000000 ____D C:\Windows\system32\oobe

2013-12-12 01:09 - 2013-08-08 17:13 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3734144309-4116549082-540705525-1002

2013-12-11 20:24 - 2013-12-11 20:24 - 00000000 ____D C:\Users\MaryLou\AppData\Roaming\Malwarebytes

2013-12-11 20:23 - 2013-12-11 20:23 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-12-11 20:23 - 2013-12-11 20:23 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-12-11 20:23 - 2013-12-11 20:22 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-12-11 20:21 - 2013-12-11 20:21 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\MaryLou\Downloads\mbam-setup-1.75.0.1300.exe

2013-12-10 12:21 - 2013-09-29 01:17 - 00000000 ____D C:\Users\MaryLou\AppData\Local\CrashDumps

2013-12-10 09:35 - 2013-12-10 09:35 - 00002212 _____ C:\Users\Public\Desktop\Google Earth.lnk

2013-12-10 09:35 - 2013-08-15 18:19 - 00000000 ____D C:\Program Files (x86)\Google

2013-12-07 20:32 - 2013-12-07 20:32 - 00000000 ____D C:\Users\MaryLou\Desktop\Thu

2013-12-07 14:20 - 2012-07-26 01:12 - 00000000 ____D C:\Windows\system32\NDF

2013-12-05 22:53 - 2013-12-05 22:53 - 00002323 _____ C:\Users\Public\Desktop\Add a Device - Officejet J4500 Series.lnk

2013-12-05 22:53 - 2013-12-05 17:34 - 00182532 _____ C:\Windows\hpwins19.dat

2013-12-05 22:53 - 2013-12-05 17:34 - 00000359 _____ C:\ProgramData\hpzinstall.log

2013-12-05 22:29 - 2013-08-15 18:19 - 00003882 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2013-12-05 22:29 - 2013-08-15 18:19 - 00003646 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2013-12-05 17:47 - 2013-12-05 17:47 - 00001315 _____ C:\Users\Public\Desktop\HP Solution Center.lnk

2013-12-05 17:47 - 2013-12-05 17:47 - 00000000 ____D C:\ProgramData\HP Product Assistant

2013-12-05 17:47 - 2013-12-05 17:33 - 00000000 ____D C:\ProgramData\HP

2013-12-05 17:46 - 2013-12-05 17:46 - 00000000 ____D C:\Windows\SysWOW64\spool

2013-12-05 16:16 - 2013-12-05 16:02 - 291513352 _____ C:\Users\MaryLou\Downloads\OJ_AIO_J4500_Full_Win_WW_140_404.exe

2013-12-05 15:38 - 2013-08-15 18:21 - 00002181 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2013-12-04 09:49 - 2013-12-04 09:49 - 05485920 _____ (Symantec Corporation) C:\Users\MaryLou\Downloads\SymHelp.exe

2013-12-03 19:43 - 2012-07-26 00:21 - 00036257 _____ C:\Windows\setupact.log

2013-12-03 17:53 - 2013-11-13 22:08 - 00694240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2013-12-03 17:53 - 2013-11-13 22:08 - 00078304 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2013-12-03 10:25 - 2013-12-03 10:25 - 00003106 _____ C:\Windows\System32\Tasks\{CCE351FB-B417-4C20-85E1-42A3E5F14BE1}

2013-11-29 14:01 - 2013-11-29 14:01 - 01091882 _____ C:\Users\MaryLou\Downloads\AdwCleaner.exe

2013-11-26 16:49 - 2013-11-26 16:49 - 00000000 ____D C:\Program Files\SAMSUNG

2013-11-26 16:48 - 2013-11-26 16:48 - 00000000 ____D C:\ProgramData\Samsung

2013-11-26 16:47 - 2013-11-26 16:46 - 24178176 _____ (SAMSUNG Electronics Co., Ltd.) C:\Users\MaryLou\Downloads\Samsung_USB_Driver_for_Mobile_Phones_v1.5.14.0.exe

2013-11-26 16:34 - 2013-11-26 12:31 - 00000000 ____D C:\Users\MaryLou\AppData\Local\NPE

2013-11-26 12:31 - 2013-04-29 01:54 - 00000000 ____D C:\ProgramData\Norton

2013-11-26 09:55 - 2013-08-08 17:05 - 00000000 ___RD C:\Users\MaryLou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2013-11-25 13:41 - 2013-11-24 00:51 - 01828352 ___SH C:\Users\MaryLou\Downloads\Thumbs.db

2013-11-25 13:03 - 2013-11-25 13:03 - 00000000 ____D C:\Users\MaryLou\Downloads\2013-11-25

2013-11-25 12:59 - 2013-11-25 12:51 - 48401212 _____ C:\Users\MaryLou\Downloads\2013-11-25.zip

2013-11-24 12:53 - 2013-09-03 22:41 - 00224768 ___SH C:\Users\MaryLou\Desktop\Thumbs.db

2013-11-23 22:45 - 2013-08-08 17:05 - 00000000 ____D C:\Users\MaryLou\AppData\Roaming\Adobe

2013-11-23 17:22 - 2013-11-23 17:22 - 00001494 _____ C:\Users\MaryLou\Downloads\cbsidlm-cbsi145-Costco_Photo_Center-SEO-75811015 - Shortcut.lnk

2013-11-23 17:13 - 2013-11-23 17:13 - 00923784 _____ (CNET Download.com) C:\Users\MaryLou\Desktop\cbsidlm-cbsi145-Costco_Photo_Center-SEO-75811015.exe

2013-11-23 16:21 - 2013-11-23 16:21 - 00000000 ____D C:\Windows\en

2013-11-23 16:18 - 2012-10-19 19:32 - 00000000 ____D C:\Program Files (x86)\Windows Live

2013-11-23 16:17 - 2012-10-19 19:32 - 00000547 _____ C:\Windows\DirectX.log

2013-11-23 16:11 - 2013-11-03 22:46 - 1042329780 _____ C:\Users\MaryLou\Downloads\Photos (7).zip

2013-11-23 16:02 - 2013-11-11 21:52 - 00000000 ____D C:\Users\MaryLou\AppData\Local\Windows Live

2013-11-22 23:43 - 2013-12-12 01:09 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll

2013-11-22 22:05 - 2013-12-12 01:09 - 00368640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll

2013-11-21 01:27 - 2013-08-08 16:58 - 00000000 ____D C:\Users\MaryLou

2013-11-20 14:09 - 2013-11-20 14:07 - 00004608 _____ C:\Users\MaryLou\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

 

==================== Bamital & volsnap Check =================

 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

 

LastRegBack: 2013-12-17 11:17

 

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-12-2013 01

Ran by MaryLou at 2013-12-17 11:57:34

Running from C:\Users\MaryLou\Downloads

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AV: Norton Internet Security (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Norton Internet Security (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Internet Security (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

 

==================== Installed Programs ======================

 

4 Elements II (x32 Version: 2.2.0.98)

4500_Help (x32 Version: 1.00.0000)

64 Bit HP CIO Components Installer (Version: 7.2.8)

Adobe Shockwave Player 11.6 (x32 Version: 11.6.6.636)

AMD APP SDK Runtime (Version: 10.0.938.2)

AMD Catalyst Install Manager (Version: 8.0.881.0)

AMD Fuel (Version: 2012.0912.1709.28839)

AMD Quick Stream (Version: 3.3.26.0)

AMD VISION Engine Control Center (x32 Version: 2012.0912.1709.28839)

Bejeweled 3 (x32 Version: 2.2.0.98)

Bing Bar (x32 Version: 7.2.241.0)

Bonjour (Version: 3.0.0.10)

bpd_scan (x32 Version: 3.00.0000)

BPDSoftware (x32 Version: 140.0.001.000)

BPDSoftware_Ini (x32 Version: 1.00.0000)

BufferChm (x32 Version: 140.0.298.000)

Build-a-lot 4 - Power Source (x32 Version: 2.2.0.98)

Canon MX870 series MP Drivers

Catalyst Control Center - Branding (x32 Version: 1.00.0000)

Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0912.1709.28839)

Catalyst Control Center InstallProxy (x32 Version: 2012.0912.1709.28839)

Catalyst Control Center Localization All (x32 Version: 2012.0912.1709.28839)

CCC Help Chinese Standard (x32 Version: 2012.0912.1708.28839)

CCC Help Chinese Traditional (x32 Version: 2012.0912.1708.28839)

CCC Help Czech (x32 Version: 2012.0912.1708.28839)

CCC Help Danish (x32 Version: 2012.0912.1708.28839)

CCC Help Dutch (x32 Version: 2012.0912.1708.28839)

CCC Help English (x32 Version: 2012.0912.1708.28839)

CCC Help Finnish (x32 Version: 2012.0912.1708.28839)

CCC Help French (x32 Version: 2012.0912.1708.28839)

CCC Help German (x32 Version: 2012.0912.1708.28839)

CCC Help Greek (x32 Version: 2012.0912.1708.28839)

CCC Help Hungarian (x32 Version: 2012.0912.1708.28839)

CCC Help Italian (x32 Version: 2012.0912.1708.28839)

CCC Help Japanese (x32 Version: 2012.0912.1708.28839)

CCC Help Korean (x32 Version: 2012.0912.1708.28839)

CCC Help Norwegian (x32 Version: 2012.0912.1708.28839)

CCC Help Polish (x32 Version: 2012.0912.1708.28839)

CCC Help Portuguese (x32 Version: 2012.0912.1708.28839)

CCC Help Russian (x32 Version: 2012.0912.1708.28839)

CCC Help Spanish (x32 Version: 2012.0912.1708.28839)

CCC Help Swedish (x32 Version: 2012.0912.1708.28839)

CCC Help Thai (x32 Version: 2012.0912.1708.28839)

CCC Help Turkish (x32 Version: 2012.0912.1708.28839)

ccc-utility64 (Version: 2012.0912.1709.28839)

Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.98)

Cradle of Rome 2 (x32 Version: 2.2.0.98)

CyberLink Media Suite 10 (x32 Version: 10.0.2.2114)

CyberLink Power2Go 8 (x32 Version: 8.0.2.2110)

CyberLink PowerDVD (x32 Version: 10.0.7.4528)

CyberLink YouCam (x32 Version: 3.5.5.5811)

D3DX10 (x32 Version: 15.4.2368.0902)

Destinations (x32 Version: 140.0.253.000)

DeviceDiscovery (x32 Version: 140.0.298.000)

DocProc (x32 Version: 140.0.185.000)

Energy Star (x32 Version: 1.0.9)

Epson Connect (x32)

Epson Customer Participation (Version: 1.0.0.0)

Epson Download Navigator (x32 Version: 1.0.1)

Epson Event Manager (x32 Version: 2.50.0001)

Epson FAX Utility (x32 Version: 1.20.00)

Epson PC-FAX Driver (x32)

EPSON Scan (x32)

EPSON WorkForce 545 Series Printer Uninstall

EpsonNet Print (x32 Version: 2.4j)

Facebook Video Calling 1.2.0.287 (x32 Version: 1.2.287)

Farm Frenzy (x32 Version: 2.2.0.98)

FATE: The Cursed King (x32 Version: 2.2.0.97)

Fax (x32 Version: 140.0.307.000)

Final Drive Fury (x32 Version: 2.2.0.95)

Gardenscapes: Mansion Makeover (x32 Version: 3.0.2.32)

Google Chrome (x32 Version: 31.0.1650.63)

Google Earth (x32 Version: 7.1.2.2041)

Google Update Helper (x32 Version: 1.3.22.3)

Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95)

GPBaseService2 (x32 Version: 140.0.297.000)

Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000)

House of 1000 Doors: Family Secrets (x32 Version: 2.2.0.98)

Hoyle Card Games (x32 Version: 2.2.0.95)

HP Connected Remote (x32 Version: 1.0.1218)

HP Customer Experience Enhancements (x32 Version: 6.0.1.7)

HP Customer Participation Program 14.0 (Version: 14.0)

HP Documentation (x32 Version: 1.2.0.0)

HP Games (x32 Version: 1.0.3.0)

HP Imaging Device Functions 14.0 (Version: 14.0)

HP MyRoom (x32 Version: 9.0.0.0)

HP Officejet J4500 Series 14.0 Rel. 6 (Version: 14.0)

HP Postscript Converter (Version: 3.1.3591)

HP Quick Launch (x32 Version: 3.0.6)

HP Recovery Manager (x32 Version: 8.00)

HP Registration Service (Version: 1.1.6232.4245)

HP Solution Center 14.0 (Version: 14.0)

HP Support Assistant (x32 Version: 7.0.39.15)

HP Update (x32 Version: 5.005.000.002)

HP Utility Center (x32 Version: 1.0.8)

HP Wireless Button Driver (x32 Version: 1.0.6.1)

HPProductAssistant (x32 Version: 140.0.298.000)

HPSSupply (x32 Version: 140.0.297.000)

J4500 (x32 Version: 140.0.001.000)

Java 7 Update 45 (x32 Version: 7.0.450)

Java Auto Updater (x32 Version: 2.1.9.8)

Jewel Match 3 (x32 Version: 2.2.0.98)

John Deere Drive Green (x32 Version: 2.2.0.95)

Luxor Evolved (x32 Version: 2.2.0.98)

Mahjongg Dimensions Deluxe: Tiles in Time (x32 Version: 2.2.0.98)

Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)

MarketResearch (x32 Version: 140.0.212.000)

Microsoft Application Error Reporting (Version: 12.0.6015.5000)

Microsoft Mouse and Keyboard Center (Version: 2.2.173.0)

Microsoft Office (x32 Version: 14.0.6120.5004)

Microsoft Silverlight (x32 Version: 5.1.20913.0)

Microsoft SkyDrive (HKCU Version: 17.0.2015.0811)

Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)

Microsoft SQL Server Compact 3.5 SP2 ENU (x32 Version: 3.5.8080.0)

Microsoft SQL Server Compact 3.5 SP2 x64 ENU (Version: 3.5.8080.0)

Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)

Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)

Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42)

Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319)

Mortimer Beckett and the Crimson Thief Premium Edition (x32 Version: 2.2.0.98)

Movie Maker (x32 Version: 16.4.3505.0912)

MSVCRT (x32 Version: 15.4.2862.0708)

MSVCRT110 (x32 Version: 16.4.1108.0727)

MSVCRT110_amd64 (Version: 16.4.1109.0912)

Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98)

Neat (x32 Version: 5.2.2.3)

Neat ADF Scanner 2008 Driver (Version: 2.0.1.5)

Neat ADF Scanner Driver (Version: 2.0.2.1)

Neat Core Files (x32 Version: 5.2.2.3)

Neat Mobile Scanner (Silver) Driver (Version: 2.0.1.5)

Neat Mobile Scanner 2008 Driver (Version: 2.0.1.4)

Neat Mobile Scanner Driver (Version: 2.0.1.2)

Norton Internet Security (x32 Version: 21.1.0.18)

OCR Software by I.R.I.S. 14.0 (Version: 14.0)

OpenOffice 4.0.1 (x32 Version: 4.01.9714)

Peggle Nights (x32 Version: 2.2.0.98)

Penguins! (x32 Version: 2.2.0.98)

Photo Gallery (x32 Version: 16.4.3505.0912)

Picasa 3 (x32 Version: 3.9)

PicasaAlbumDownloader (x32 Version: 1.0.0)

Polar Bowler (x32 Version: 2.2.0.97)

Polar Golfer (x32 Version: 2.2.0.98)

ProductContext (x32 Version: 140.0.001.000)

Qualcomm Atheros Driver Installation Program (x32 Version: 10.0)

QuickBooks (x32 Version: 23.0.4008.2305)

QuickBooks Pro 2013 (x32 Version: 23.0.4006.2305)

Quicken 2012 (x32 Version: 21.1.7.18)

Realtek Ethernet Controller Driver (x32 Version: 8.2.612.2012)

Realtek High Definition Audio Driver (x32 Version: 6.0.1.6662)

Realtek PCIE Card Reader (x32 Version: 6.2.8400.29034)

Revo Uninstaller 1.95 (x32 Version: 1.95)

Roads of Rome 3 (x32 Version: 2.2.0.98)

Royal Envoy 2 Collector's Edition (x32 Version: 3.0.2.32)

SAMSUNG USB Driver for Mobile Phones (Version: 1.5.14.0)

Scan (x32 Version: 140.0.253.000)

Send To Neat (Version: 1.1.0.0)

Shop for HP Supplies (Version: 14.0)

SolutionCenter (x32 Version: 140.0.299.000)

Status (x32 Version: 140.0.342.000)

swMSM (x32 Version: 12.0.0.1)

Synaptics Pointing Device Driver (Version: 16.6.1.3)

Tales of Lagoona (x32 Version: 2.2.0.110)

Toolbox (x32 Version: 140.0.596.000)

TrayApp (x32 Version: 140.0.297.000)

Update Installer for WildTangent Games App (x32)

WebReg (x32 Version: 140.0.297.017)

WildTangent Games (x32 Version: 1.0.3.0)

WildTangent Games App (x32 Version: 4.0.9.7)

Windows Live Communications Platform (x32 Version: 16.4.3505.0912)

Windows Live Essentials (x32 Version: 16.4.3505.0912)

Windows Live Installer (x32 Version: 16.4.3505.0912)

Windows Live Photo Common (x32 Version: 16.4.3505.0912)

Windows Live PIMT Platform (x32 Version: 16.4.3505.0912)

Windows Live SOXE (x32 Version: 16.4.3505.0912)

Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912)

Windows Live UX Platform (x32 Version: 16.4.3505.0912)

Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912)

Youda Jewel Shop (x32 Version: 3.0.2.32)

Zuma's Revenge (x32 Version: 2.2.0.98)

 

==================== Restore Points  =========================

 

03-12-2013 17:00:16 Removed ScorpionSaver Services

12-12-2013 02:54:00 Removed ScorpionSaver

15-12-2013 16:55:57 Revo Uninstaller's restore point - ScorpionSaver

 

==================== Hosts content: ==========================

 

2012-07-25 22:26 - 2012-07-25 22:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

 

==================== Scheduled Tasks (whitelisted) =============

 

Task: {115A30F5-9629-4E2E-993E-F2EF77734558} - System32\Tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange => Rundll32.exe bfe.dll,BfeOnServiceStartTypeChange

Task: {19A08E02-785C-4BB0-82A8-96E26E65BFB5} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)

Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask

Task: {1AD73C55-6B72-473D-A75F-008416D8979C} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\MouseKeyboardCenter.exe [2013-05-13] (Microsoft)

Task: {1CE5E7C2-112F-4B3F-AC7A-4A17594C5109} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\wscstub.exe [2013-10-08] (Symantec Corporation)

Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList

Task: {24A33188-FE98-45B3-8971-1F1803EA3456} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)

Task: {272BE9F1-710E-4053-A994-CD0750DC7C9B} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-10-12] (CyberLink)

Task: {307D8C75-FDA3-49D3-AA9F-DB79F405FB59} - System32\Tasks\Microsoft\Windows\Autochk\Proxy => Rundll32.exe /d acproxy.dll,PerformAutochkOperations

Task: {38579B1B-B002-4BAA-B506-970485B471EE} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\System32\NotificationUI.exe [2013-08-15] (Microsoft Corporation)

Task: {3FA523AC-271E-4DB5-AAAF-653AA97A52BD} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-05-16] (Synaptics Incorporated)

Task: {543CFAC7-896B-4582-9AB6-74AA62511742} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)

Task: {563C3C5A-73D7-4864-89D6-ABD97175BAD3} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)

Task: {5DE87850-2C97-42C3-B459-92CD70BCE6C7} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3734144309-4116549082-540705525-1002Core => C:\Users\MaryLou\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-09-13] (Facebook Inc.)

Task: {6405F8F1-9876-4FD0-B722-45B9A83B913B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-15] (Google Inc.)

Task: {67229DF8-B971-4F31-933D-0FD466D45DE1} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe aepdu.dll,AePduRunUpdate

Task: {7D310CF1-0382-4A17-9849-D04BD2020D47} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\symerr.exe [2013-08-01] (Symantec Corporation)

Task: {9140BC77-8D6A-4769-BC3F-706FBF3B6483} - System32\Tasks\WPD\SqmUpload_S-1-5-21-3734144309-4116549082-540705525-1002 => Rundll32.exe portabledeviceapi.dll,#1

Task: {95910494-74FE-42BF-B162-E6E38E9D1E84} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe

Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing

Task: {A92ED75F-D21C-4AB4-B972-007FE6731950} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-07] (CyberLink)

Task: {B6A5EAD2-461D-4E3E-8902-EDB39E00343C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)

Task: {BEF2E280-C7B4-4519-A226-B62D912DD30B} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)

Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState

Task: {D08952E6-D64C-4569-9628-EAA6BCD69825} - \EPUpdater No Task File

Task: {D8BA9F4E-1BA1-4C45-9B53-94E1E74C6BEE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-15] (Google Inc.)

Task: {DCE4C1F2-B6D5-42FD-9966-443C9C4D8979} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\symerr.exe [2013-08-01] (Symantec Corporation)

Task: {E7B1763E-F5A7-4225-8261-F7CD1A60AFF9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-11-22] (Hewlett-Packard)

Task: {E9ED0144-07A9-436F-ABAD-CCA07A0078D5} - System32\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector => Rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART

Task: {EA1C51EE-128F-44A6-9302-D7FC9AD085CA} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3734144309-4116549082-540705525-1002UA => C:\Users\MaryLou\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-09-13] (Facebook Inc.)

Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask

Task: {F78C3C0C-6D6C-4C86-9AFE-E64816DD2778} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-11-22] (Hewlett-Packard)

Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3734144309-4116549082-540705525-1002Core.job => C:\Users\MaryLou\AppData\Local\Facebook\Update\FacebookUpdate.exe

Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3734144309-4116549082-540705525-1002UA.job => C:\Users\MaryLou\AppData\Local\Facebook\Update\FacebookUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

 

==================== Loaded Modules (whitelisted) =============

 

2013-08-12 16:24 - 2013-08-12 16:27 - 00176048 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll

2012-10-12 17:22 - 2012-10-12 17:22 - 00120224 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesModule.dll

2013-08-08 17:01 - 2013-08-08 17:01 - 00120224 _____ () C:\Users\MaryLou\AppData\Local\assembly\dl3\D691AXL8.A61\B2JXPM9P.K64\d4e7ec06\008b7bc6_d8a8cd01\HPItunesModule.DLL

2012-10-12 17:22 - 2012-10-12 17:22 - 00048544 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesProxy.dll

2012-10-12 17:22 - 2012-10-12 17:22 - 00180224 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\zxing.dll

2012-09-12 17:20 - 2012-09-12 17:20 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll

2012-09-12 17:07 - 2012-09-12 17:07 - 00369664 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll

2013-04-29 01:44 - 2012-06-07 20:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll

2012-06-08 11:34 - 2012-06-08 11:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll

2013-12-05 15:38 - 2013-12-03 19:47 - 00702416 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libglesv2.dll

2013-12-05 15:38 - 2013-12-03 19:47 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libegl.dll

2013-12-05 15:38 - 2013-12-03 19:48 - 04055504 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll

2013-12-05 15:38 - 2013-12-03 19:48 - 00399312 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll

2013-12-05 15:38 - 2013-12-03 19:47 - 01619408 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll

2013-12-05 15:38 - 2013-12-03 19:48 - 13586896 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll

2013-09-20 16:50 - 2013-09-20 16:50 - 00988160 _____ () C:\Program Files (x86)\OpenOffice 4\program\libxml2.dll

2013-09-17 07:54 - 2013-09-17 07:54 - 00170496 _____ () C:\Program Files (x86)\OpenOffice 4\program\libxslt.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

 

==================== Safe Mode (whitelisted) ===================

 

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (12/16/2013 10:34:40 AM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 284374

 

Error: (12/16/2013 10:34:40 AM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 284374

 

Error: (12/16/2013 10:34:40 AM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (12/16/2013 10:34:39 AM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 282830

 

Error: (12/16/2013 10:34:39 AM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 282830

 

Error: (12/16/2013 10:34:39 AM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (12/16/2013 10:34:37 AM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 281285

 

Error: (12/16/2013 10:34:37 AM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 281285

 

Error: (12/16/2013 10:34:37 AM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (12/16/2013 10:34:36 AM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 279694

 

 

System errors:

=============

Error: (12/16/2013 01:17:44 PM) (Source: Service Control Manager) (User: )

Description: The Util BrowseFox service failed to start due to the following error: 

%%2

 

Error: (12/16/2013 01:14:35 PM) (Source: Service Control Manager) (User: )

Description: The HPWMISVC service terminated unexpectedly.  It has done this 1 time(s).

 

Error: (12/16/2013 11:06:38 AM) (Source: Service Control Manager) (User: )

Description: The Util BrowseFox service failed to start due to the following error: 

%%2

 

Error: (12/16/2013 11:06:23 AM) (Source: BugCheck) (User: )

Description: 0x0000009f (0x0000000000000003, 0xfffffa8003f55060, 0xfffff802c3f27930, 0xfffffa8007b9e5a0)C:\Windows\MEMORY.DMP121613-46644-01

 

Error: (12/16/2013 11:05:53 AM) (Source: EventLog) (User: )

Description: The previous system shutdown at 10:32:32 AM on ‎12/‎16/‎2013 was unexpected.

 

Error: (12/16/2013 08:02:47 AM) (Source: Service Control Manager) (User: )

Description: The Util BrowseFox service failed to start due to the following error: 

%%2

 

Error: (12/16/2013 08:01:00 AM) (Source: Service Control Manager) (User: )

Description: The HPWMISVC service terminated unexpectedly.  It has done this 1 time(s).

 

Error: (12/16/2013 07:36:53 AM) (Source: Service Control Manager) (User: )

Description: The Util BrowseFox service failed to start due to the following error: 

%%2

 

Error: (12/16/2013 07:35:21 AM) (Source: Service Control Manager) (User: )

Description: The WerSvc service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: 

%%50

 

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

 

Error: (12/16/2013 07:35:02 AM) (Source: Service Control Manager) (User: )

Description: The HPWMISVC service terminated unexpectedly.  It has done this 1 time(s).

 

 

Microsoft Office Sessions:

=========================

Error: (12/16/2013 10:34:40 AM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 284374

 

Error: (12/16/2013 10:34:40 AM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: m->NextScheduledEvent 284374

 

Error: (12/16/2013 10:34:40 AM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (12/16/2013 10:34:39 AM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 282830

 

Error: (12/16/2013 10:34:39 AM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: m->NextScheduledEvent 282830

 

Error: (12/16/2013 10:34:39 AM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (12/16/2013 10:34:37 AM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 281285

 

Error: (12/16/2013 10:34:37 AM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: m->NextScheduledEvent 281285

 

Error: (12/16/2013 10:34:37 AM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (12/16/2013 10:34:36 AM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 279694

 

 

==================== Memory info =========================== 

 

Percentage of memory in use: 63%

Total physical RAM: 3682.26 MB

Available physical RAM: 1328.56 MB

Total Pagefile: 7394.26 MB

Available Pagefile: 4788.45 MB

Total Virtual: 8192 MB

Available Virtual: 8191.76 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:442.88 GB) (Free:386.66 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Drive d: (RECOVERY) (Fixed) (Total:22.11 GB) (Free:2.72 GB) NTFS ==>[system with boot components (obtained from reading drive)]

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (Size: 466 GB) (Disk ID: 1E1F4777)

 

Partition: GPT Partition Type

==================== End Of Log ============================

[kevinf80]

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Next,

 

Run Malwarebytes,  Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick scan

Make sure that everything is checked, and click Remove Selected on any found items.

 

Post the produced logs...

 

Let me know if any remaining issues or concerns...

 

fixlist.txt

[MLM25]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-12-2013 02

Ran by MaryLou at 2013-12-17 15:38:15 Run:1

Running from C:\Users\MaryLou\Downloads

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

Start

BHO: Deal Slider BHO - {E4607B39-174A-44BA-AB08-8892366ECA13} - C:\Program Files (x86)\Deal Slider\FrameworkBHO64.dll No File

C:\Program Files (x86)\Deal Slider

Toolbar: HKLM - Deal Slider - {E13BF069-886E-416B-B532-6B14242CC508} - C:\Program Files (x86)\Deal Slider\FrameworkBHO64.dll No File

CHR DefaultSearchKeyword: babylon.com

CHR DefaultSearchProvider: Search the web (Babylon)

CHR DefaultSearchURL: http://isearch.babylon.com/?q={searchTerms}&babsrc=SP_ssbtis1&mntrId=0CB716FD52106739&affID=119557&tt=180813_206&tsp=4980

CHR DefaultNewTabURL: 

CHR Extension: (Deal Slider ) - C:\Users\MaryLou\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilfmkkncnbolkneogaadokmfjoihepgm\1.0_0

End

 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300

www.malwarebytes.org

 

Database version: v2013.12.17.08

 

Windows 8 x64 NTFS

Internet Explorer 10.0.9200.16750

MaryLou :: HOME [administrator]

 

Protection: Enabled

 

12/17/2013 3:41:58 PM

mbam-log-2013-12-17 (15-41-58).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 208936

Time elapsed: 9 minute(s), 5 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)

 

 

 

*****************

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E4607B39-174A-44BA-AB08-8892366ECA13} => Key deleted successfully.

HKCR\CLSID\{E4607B39-174A-44BA-AB08-8892366ECA13} => Key deleted successfully.

"C:\Program Files (x86)\Deal Slider" => File/Directory not found.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{E13BF069-886E-416B-B532-6B14242CC508} => Value deleted successfully.

HKCR\CLSID\{E13BF069-886E-416B-B532-6B14242CC508} => Key deleted successfully.

CHR DefaultSearchKeyword: babylon.com ==> The Chrome "Settings" can be used to fix the entry.

CHR DefaultSearchProvider: Search the web (Babylon) ==> The Chrome "Settings" can be used to fix the entry.

CHR DefaultSearchURL: http://isearch.babylon.com/?q={searchTerms}&babsrc=SP_ssbtis1&mntrId=0CB716FD52106739&affID=119557&tt=180813_206&tsp=4980 ==> The Chrome "Settings" can be used to fix the entry.

C:\Users\MaryLou\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilfmkkncnbolkneogaadokmfjoihepgm => Moved successfully.

 

==== End of Fixlog ====

[kevinf80]

What is status of your system now, is deal slider gone? One more scan

 

Download Zoek.zip from here http://www.hijackthis.nl/smeenk/220813/zoek.zip and save that zip file to your Desktop.

 

Double click zip file and extract to your  Desktop:

 

 

 

 

you will now have 3 versions of the tool on the Desktop:

 

 

 

Before running Zoek make sure all Browsers are closed and Security is turned OFF. Check at the following link: http://www.techsupportforum.com/forums/f50/how-to-disable-your-security-applications-490111.html[/url

 

Double click on each in turn until one version of Zoek will run (accept UAC) The following window will open:

 

 

 

 

Copy and paste the following script from the code box and paste into the field.

 

 

standardsearch;autoruns;autoclean;emptyclsid;emptyalltemp;  

 

 

Select the "Run Script" tab. The following window will open:

 

 

 

 

 

 

Please be patient and do not use the PC when the scan is in progress.

 

When complete you maybe asked to re-boot your PC, if so please do

 

 

Post the produced log in your next reply…..

[MLM25]

 

Zoek.exe v5.0.0.0 Updated 16-December-2013

Tool run by MaryLou on Wed 12/18/2013 at  8:04:12.79.

Microsoft Windows 8 6.2.9200  x64

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\MaryLou\Downloads\zoek\zoek.exe [scan all users] [script inserted] 

 

==== System Restore Info ======================

 

12/18/2013 8:05:48 AM Zoek.exe System Restore Point Created Succesfully.

 

==== Deleting CLSID Registry Keys ======================

 

 

==== Deleting CLSID Registry Values ======================

 

 

==== Running Processes ======================

 

C:\Windows\SysWOW64\svchost.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Neat\exec\NeatStartupService.exe

C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe

C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe

C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe

C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe

C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe

C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

C:\Users\MaryLou\Downloads\zoek\zoek.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\SysWOW64\cmd.exe

 

==== Deleting Services ======================

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Util BrowseFox deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Util BrowseFox deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Update BrowseFox deleted successfully

 

==== Deleting Files \ Folders ======================

 

"c:\Windows\Installer\180e6.msi" not found

C:\extensions.sqlite deleted

C:\ProgramData\boost_interprocess deleted

C:\Users\MaryLou\AppData\Local\CRE deleted

C:\Users\MaryLou\AppData\Local\avgchrome deleted

C:\Windows\SysWow64\searchplugins deleted

C:\Windows\SysWow64\Extensions deleted

C:\Users\Public\Desktop\Picasa Album Downloader.lnk deleted

 

==== Registry Search Results for "standardsearch" ======================

 

No instances of string "standardsearch" found.

 

==== System Specs ======================

 

Operating System: Microsoft Windows 8 6.2.9200  64-bit

Manufacturer: Hewlett-Packard - Model: HP 2000 Notebook PC

Install Date: 8/8/2013 6:00:04 PM

Last Boot: 12/17/2013 8:18:46 PM

Processor: AMD E2-1800 APU with Radeon HD Graphics

Number of Processors: 2

Work Station

Bootmode: Normal boot

Total RAM: 3682 MB (free 2104 MB - 57)

Computername: HOME

Domain: WORKGROUP

User: MaryLou (Administrator account)

Local Disk:        C:\ - NTFS - 442 GB (free 386 GB)

Local Disk:        D:\ - NTFS - 22 GB (free 2 GB)

CD \ DVD Drive:    E:\ 

Bootdevice: \Device\HarddiskVolume2

Windows update: 

Country: United States 

Language: ENU 

 

==== System Specs (Software) ======================

 

Anti-Virus: Windows Defender On-access scanning disabled (Outdated)

Anti-Virus: Norton Internet Security On-access scanning disabled (Outdated)

Anti-Spyware: Windows Defender disabled (Outdated)

Anti-Spyware: Norton Internet Security disabled (Outdated)

Firewall: Norton Internet Security disabled

Default Browser: Google Chrome 31.0.1650.63

Internet Explorer Version: 10.0.9200.16750 

Google Chrome version: 31.0.1650.63

Sun Java version: 1.7.0_45 (32-bit) 

Shockwave Player version: 11.6.6r636

 

==== Files Recently Created / Modified ======================

 

====== C:\Windows ====

2013-12-16 18:05:25 3EDF4B6DB245F018596627A53A0E420D 716293887 ----a-w- C:\Windows\MEMORY.DMP

2013-12-06 00:34:24 DEFDDE8D1E14D5129A2E14F1027CF345 182532 ----a-w- C:\Windows\hpwins19.dat

2013-12-06 00:34:24 540D4364D814D8B67FC7524316DDDD1A 633 ------w- C:\Windows\hpwmdl19.dat

====== C:\Users\MaryLou\AppData\Local\Temp ====

====== Java Cache =====

====== C:\Windows\SysWOW64 =====

2013-12-12 08:14:30 55C7A599269BDC4772E795A1327ECFAA 156160 ----a-w- C:\Windows\SysWOW64\scrrun.dll

2013-12-12 08:14:29 6954431724A32132E8961D9BA2708786 115712 ----a-w- C:\Windows\SysWOW64\cscript.exe

2013-12-12 08:14:29 23D0BC752AB7539D9886D4E56BF8F69F 162304 ----a-w- C:\Windows\SysWOW64\scrobj.dll

2013-12-12 08:14:18 E88AA25060A1A9940298ED0A279D3D46 493056 ----a-w- C:\Windows\SysWOW64\msfeeds.dll

2013-12-12 08:14:18 D9DFD27BCCE44BEE511B744E3E7ADF45 1140736 ----a-w- C:\Windows\SysWOW64\urlmon.dll

2013-12-12 08:14:17 3AA6FD9B534F17CBD5D311DDC077973C 1767936 ----a-w- C:\Windows\SysWOW64\wininet.dll

2013-12-12 08:14:16 AAB1AAC2A837F11C23187FFE0F5D314E 13761536 ----a-w- C:\Windows\SysWOW64\ieframe.dll

2013-12-12 08:12:59 B5F3BF5CFCB13282ACD790D5CBE52B80 690688 ----a-w- C:\Windows\SysWOW64\jscript.dll

2013-12-12 08:12:59 AED28606A69169DF3D1142680AE8865A 2049024 ----a-w- C:\Windows\SysWOW64\iertutil.dll

2013-12-12 08:12:37 EC9B165452E1F9F021913868EEB729F2 2877952 ----a-w- C:\Windows\SysWOW64\jscript9.dll

2013-12-12 08:12:36 B8FAAC62ED026D87B3E743B339C92786 14356992 ----a-w- C:\Windows\SysWOW64\mshtml.dll

2013-12-12 08:11:01 6E3FE9ED37F6B3EE671AB3893DF8717A 59392 ----a-w- C:\Windows\SysWOW64\imagehlp.dll

2013-12-12 08:10:43 76260C0FC2B57D9B0CC225E373C3578F 628736 ----a-w- C:\Windows\SysWOW64\wuapi.dll

2013-12-12 08:10:42 ED2612731F5D9DA4F22E2C6B311F0506 488960 ----a-w- C:\Windows\SysWOW64\resutils.dll

2013-12-12 08:10:41 F3C7A2A76A5262B68A98009A71987D2E 302080 ----a-w- C:\Windows\SysWOW64\clusapi.dll

2013-12-12 08:10:40 2C1467A6FF34E6E13920D9E546D47E50 551424 ----a-w- C:\Windows\SysWOW64\oleaut32.dll

2013-12-12 08:10:38 745090E87A3EEA65AD1EFFCD2CFEC366 35328 ----a-w- C:\Windows\SysWOW64\wuapp.exe

2013-12-12 08:10:38 1C4BD0C76158F05A3FF34436461C22DA 126976 ----a-w- C:\Windows\SysWOW64\wuwebv.dll

2013-12-12 08:10:38 008AC9B51D8EC5AC16921358A84B8FD6 84992 ----a-w- C:\Windows\SysWOW64\wudriver.dll

2013-12-12 08:09:47 09246837DE0FB0AB51EF2CE4B17BDE83 368640 ----a-w- C:\Windows\SysWOW64\WMPhoto.dll

2013-12-12 08:08:47 E7CCBE84264E073BB307839E01A33BF7 273408 ----a-w- C:\Windows\SysWOW64\msieftp.dll

====== C:\Windows\SysWOW64\drivers =====

====== C:\Windows\Sysnative =====

2013-12-13 17:15:03 950CF4063CEAB931E3B93DE1DBE580A0 323200 ----a-w- C:\Windows\Sysnative\FNTCACHE.DAT

2013-12-12 08:14:30 F5BAFB32D8EC6286B96C23E27CEF2578 146944 ----a-w- C:\Windows\Sysnative\cscript.exe

2013-12-12 08:14:30 D890ECBF9D1BE08B81C7832690DD16B0 143872 ----a-w- C:\Windows\Sysnative\wshom.ocx

2013-12-12 08:14:30 C867433D5C96E4F616F0AEC2E0E46B5D 222720 ----a-w- C:\Windows\Sysnative\scrobj.dll

2013-12-12 08:14:30 907B7589463313452942F17297D8CDB7 194048 ----a-w- C:\Windows\Sysnative\scrrun.dll

2013-12-12 08:14:18 2DA75D0CC0A3CE775C7F823E6C2355DA 1365504 ----a-w- C:\Windows\Sysnative\urlmon.dll

2013-12-12 08:14:16 4398619B257439867B80E7F5239479F1 603136 ----a-w- C:\Windows\Sysnative\msfeeds.dll

2013-12-12 08:14:12 C1AD905DCD475A88802FA8C4A5283AA6 855552 ----a-w- C:\Windows\Sysnative\jscript.dll

2013-12-12 08:14:12 62608962D83846E12529032E56D97AC2 15404032 ----a-w- C:\Windows\Sysnative\ieframe.dll

2013-12-12 08:14:07 E7099336BF7531B6FCC920DCB5101259 2241536 ----a-w- C:\Windows\Sysnative\wininet.dll

2013-12-12 08:14:03 F164B9D9EB6AA4FED10AC2DA8CB4A89A 19271168 ----a-w- C:\Windows\Sysnative\mshtml.dll

2013-12-12 08:13:02 7A94C5BB4A430394B3C3800281CBD3D0 2648576 ----a-w- C:\Windows\Sysnative\iertutil.dll

2013-12-12 08:12:59 422EF1C2294F03C56F9639BAF837A4B4 3959808 ----a-w- C:\Windows\Sysnative\jscript9.dll

2013-12-12 08:12:34 69066C0F7E2BDF63462388390A5DFB2C 51712 ----a-w- C:\Windows\Sysnative\ie4uinit.exe

2013-12-12 08:12:33 51107DD3E8DF825ED09CF028F6C8B138 915968 ----a-w- C:\Windows\Sysnative\uxtheme.dll

2013-12-12 08:11:01 544A2EB9629532C6C8D4FE7DB9181FA4 62976 ----a-w- C:\Windows\Sysnative\imagehlp.dll

2013-12-12 08:10:45 311E5E1976E0BD9110A88B93158055D5 3279872 ----a-w- C:\Windows\Sysnative\wuaueng.dll

2013-12-12 08:10:44 C9549BC9C3E3DECD8BE81E527137B85F 773120 ----a-w- C:\Windows\Sysnative\wuapi.dll

2013-12-12 08:10:43 DE9FDB812157F77CA4EB46E3ABB40448 374784 ----a-w- C:\Windows\Sysnative\clusapi.dll

2013-12-12 08:10:43 D728042519B8FCBEE14EC250E3F050B8 626688 ----a-w- C:\Windows\Sysnative\resutils.dll

2013-12-12 08:10:42 BB1B37C53D09CA41E2A55DD9D6C1B32E 778752 ----a-w- C:\Windows\Sysnative\oleaut32.dll

2013-12-12 08:10:40 AAE63132AEE6A66A8DA6DADB7EC6C28F 59416 ----a-w- C:\Windows\Sysnative\wuauclt.exe

2013-12-12 08:10:40 A7045F139A9C3ABE4AA838E17D1DB8C7 1622016 ----a-w- C:\Windows\Sysnative\wucltux.dll

2013-12-12 08:10:39 D2096B322A5F8D9354B61B4BFDFA7132 385528 ----a-w- C:\Windows\Sysnative\ApnDatabase.xml

2013-12-12 08:10:39 8C30507C9EAA8F1E7D62D4388DC5330E 252928 ----a-w- C:\Windows\Sysnative\WUSettingsProvider.dll

2013-12-12 08:10:38 E6434F7D79D112FAB2EF83D340E06EE1 99328 ----a-w- C:\Windows\Sysnative\wudriver.dll

2013-12-12 08:10:38 E363AD0D35F79615E6596AE70184FEE2 40448 ----a-w- C:\Windows\Sysnative\wuapp.exe

2013-12-12 08:10:38 493C5728796ABBF760147CA38C3418E9 142848 ----a-w- C:\Windows\Sysnative\wuwebv.dll

2013-12-12 08:10:38 1D40913DA534B116B8F15CCC747918A3 175104 ----a-w- C:\Windows\Sysnative\storewuauth.dll

2013-12-12 08:09:47 6669946CF2CF5B5299A90B22C9189350 420864 ----a-w- C:\Windows\Sysnative\WMPhoto.dll

2013-12-12 08:09:36 A10B2CB810FF727328872C8D5673D491 4036608 ----a-w- C:\Windows\Sysnative\win32k.sys

2013-12-12 08:08:47 709AF101E72F2FB30B1A47B7EBD8034C 312320 ----a-w- C:\Windows\Sysnative\msieftp.dll

====== C:\Windows\Sysnative\drivers =====

2013-12-12 08:10:43 E6AF4DF1817953D73C519B17CF849756 1455448 ----a-w- C:\Windows\Sysnative\drivers\dxgkrnl.sys

2013-12-12 08:10:42 E5F7328B1D29BCE791862CD3C0DD382A 447320 ----a-w- C:\Windows\Sysnative\drivers\USBHUB3.SYS

2013-12-12 08:10:41 9110193D93960E38B8692E4519C75D72 285016 ----a-w- C:\Windows\Sysnative\drivers\spaceport.sys

2013-12-12 08:08:49 857433889008F86728E8C099C740729D 288768 ----a-w- C:\Windows\Sysnative\drivers\portcls.sys

2013-12-12 03:22:55 0BB97D43299910CBFBA59C461B99B910 25928 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys

====== C:\Windows\Tasks ======

2013-12-03 17:25:00 EED9ADCE1A1F6B01E2EAB90A664DA4DD 3106 ----a-w- C:\Windows\Sysnative\Tasks\{CCE351FB-B417-4C20-85E1-42A3E5F14BE1}

====== C:\Windows\Temp ======

======= C:\Program Files =====

2013-11-26 23:49:45 -------- d-----w- C:\Program Files\SAMSUNG

======= C:\PROGRA~2 =====

2013-12-15 16:53:27 -------- d-----w- C:\PROGRA~2\VS Revo Group

2013-12-06 00:49:16 -------- d-----w- C:\PROGRA~2\Microsoft

2013-12-06 00:43:36 -------- d-----w- C:\PROGRA~2\COMMON~1\HP

2013-12-06 00:43:34 -------- d-----w- C:\PROGRA~2\COMMON~1\Hewlett-Packard

2013-12-06 00:41:19 -------- d-----w- C:\PROGRA~2\HP

======= C: =====

====== C:\Users\MaryLou\AppData\Roaming ======

2013-12-15 16:53:28 -------- d-----w- C:\Users\MaryLou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller

2013-12-06 00:48:27 -------- d-----w- C:\Users\MaryLou\AppData\Roaming\HpUpdate

2013-11-26 19:31:21 -------- d-----w- C:\Users\MaryLou\AppData\Local\NPE

2013-11-24 04:24:28 -------- d-----w- C:\Users\MaryLou\AppData\Locallow\{E4607B39-174A-44BA-AB08-8892366ECA13}

2013-11-24 00:19:01 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Local\CrashDumps

2013-11-20 21:07:24 1BC91ABD737539300F3E758D35EF5B32 4608 ----a-w- C:\Users\MaryLou\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

====== C:\Users\MaryLou ======

2013-12-17 18:47:24 2AB4EE07A4D02FCC3273B11205A44C1F 1928214 ----a-w- C:\Users\MaryLou\Downloads\FRST64.exe

2013-12-15 16:52:24 9A457D1881309670E86337D2A99621FE 10031224 ----a-w- C:\Users\MaryLou\Downloads\RevoUninProSetup.exe

2013-12-15 16:51:44 4F99CAE27FFD46712E65C21444AACDFC 2623656 ----a-w- C:\Users\MaryLou\Downloads\revosetup.exe

2013-12-14 21:09:26 8B968045D75783A09592C3105F2865DA 688992 ------r- C:\Users\MaryLou\Downloads\dds.com

2013-12-13 21:08:52 ABE171BFF8277921FD92BF5DEC76F363 522240 ----a-w- C:\Users\MaryLou\Downloads\OTM.exe

2013-12-13 20:54:21 F783EC309D42813F74319EB776153B2B 165376 ----a-w- C:\Users\MaryLou\Downloads\SystemLook_x64.exe

2013-12-13 17:02:12 693E44D7B4F5FD5532DD2B47731C5F90 1226802 ----a-w- C:\Users\MaryLou\Downloads\AdwCleaner (1).exe

2013-12-12 03:21:13 683FDD3D773C58B262DC07CD0C6CE938 10285040 ----a-w- C:\Users\MaryLou\Downloads\mbam-setup-1.75.0.1300.exe

2013-12-06 00:47:21 -------- d-----w- C:\ProgramData\HP Product Assistant

2013-12-06 00:43:13 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP

2013-12-06 00:33:45 -------- d-----w- C:\ProgramData\HP

2013-12-05 23:02:37 0E7382372E946BE2BDC0B6F5ADAC076A 291513352 ----a-w- C:\Users\MaryLou\Downloads\OJ_AIO_J4500_Full_Win_WW_140_404.exe

2013-12-04 16:49:00 1EE758D4EF4AADE8A7BD32BA10FD7ED5 5485920 ----a-w- C:\Users\MaryLou\Downloads\SymHelp.exe

2013-12-03 21:02:30 -------- d-----w- C:\Windows\serviceprofiles\Localservice\winhttp

2013-11-26 23:48:39 -------- d-----w- C:\ProgramData\Samsung

 

====== C: exe-files ==

2013-12-17 22:17:48 2AB4EE07A4D02FCC3273B11205A44C1F 1928214 ----a-w- C:\Users\MaryLou\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SLIAPM33\FRST64[1].exe

2013-12-17 22:17:47 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\MaryLou\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WA0QZNJI\FRST64[1].exe

2013-12-17 18:47:24 3A09DC911885EC332EE3E6CC54016A1B 1928078 ----a-w- C:\Users\MaryLou\Downloads\FRST-OlderVersion\FRST64.exe

2013-12-17 18:47:24 2AB4EE07A4D02FCC3273B11205A44C1F 1928214 ----a-w- C:\Users\MaryLou\Downloads\FRST64.exe

2013-12-15 16:53:30 761102A9B90EC601E8B3071120063D74 87550 ----a-w- C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\uninst.exe

2013-12-15 16:52:24 9A457D1881309670E86337D2A99621FE 10031224 ----a-w- C:\Users\MaryLou\Downloads\RevoUninProSetup.exe

2013-12-15 16:51:44 4F99CAE27FFD46712E65C21444AACDFC 2623656 ----a-w- C:\Users\MaryLou\Downloads\revosetup.exe

2013-12-14 04:50:53 F4CCCAB03392ECA3BCB6EAB9DB2089E0 28888 ----a-w- C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\Detect_RecoveryDisc_NSPOS.exe

2013-12-14 04:50:53 F228ECDCDF7D094326F43ADF29A0DBD5 28888 ----a-w- C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\Detect_RecoveryDisc_EMEA.exe

2013-12-14 04:50:53 C7EC72A8673DD2CC88A8384CA6D00120 28888 ----a-w- C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\Detect_RecoveryDisc_US.exe

2013-12-14 04:50:53 5288FEC36ADB27C8A24623F6DB8858B8 72920 ----a-w- C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\Detection_toastNotify.exe

2013-12-13 21:08:52 ABE171BFF8277921FD92BF5DEC76F363 522240 ----a-w- C:\Users\MaryLou\Downloads\OTM.exe

2013-12-13 20:54:21 F783EC309D42813F74319EB776153B2B 165376 ----a-w- C:\Users\MaryLou\Downloads\SystemLook_x64.exe

2013-12-13 17:02:12 693E44D7B4F5FD5532DD2B47731C5F90 1226802 ----a-w- C:\Users\MaryLou\Downloads\AdwCleaner (1).exe

2013-12-12 08:12:34 A48AA87D52D2CC1D5E017A08D2409386 484352 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe

2013-12-12 08:12:33 407A04BA1AC87A2F40F592191B62F3D0 469504 ----a-w- C:\Program Files (x86)\Internet Explorer\ieinstal.exe

2013-12-12 03:21:13 683FDD3D773C58B262DC07CD0C6CE938 10285040 ----a-w- C:\Users\MaryLou\Downloads\mbam-setup-1.75.0.1300.exe

2013-12-12 02:44:25 292498C29B4D7FAA420C7FF1111E1467 11136160 ----a-w- C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0oemBingBarSetup-Partner.EXE

=== C: other files ==

2013-12-14 21:09:26 8B968045D75783A09592C3105F2865DA 688992 ------r- C:\Users\MaryLou\Downloads\dds.com

2013-12-12 08:10:43 E6AF4DF1817953D73C519B17CF849756 1455448 ----a-w- C:\Windows\System32\Drivers\dxgkrnl.sys

2013-12-12 08:10:42 E5F7328B1D29BCE791862CD3C0DD382A 447320 ----a-w- C:\Windows\System32\Drivers\USBHUB3.SYS

2013-12-12 08:10:41 9110193D93960E38B8692E4519C75D72 285016 ----a-w- C:\Windows\System32\Drivers\spaceport.sys

2013-12-12 08:09:36 A10B2CB810FF727328872C8D5673D491 4036608 ----a-w- C:\Windows\System32\win32k.sys

2013-12-12 08:08:49 857433889008F86728E8C099C740729D 288768 ----a-w- C:\Windows\System32\Drivers\portcls.sys

2013-12-12 03:22:55 0BB97D43299910CBFBA59C461B99B910 25928 ----a-w- C:\Windows\System32\Drivers\mbam.sys

 

==== Startup Registry Enabled ======================

 

[HKEY_USERS\S-1-5-21-3734144309-4116549082-540705525-1002\Software\Microsoft\Windows\CurrentVersion\Run]

"Facebook Update"="C:\Users\MaryLou\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver"

"EPLTarget\P0000000000000000"="C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHWA.EXE /EPT EPLTarget\P0000000000000000 /M WorkForce 545"

 

[HKEY_USERS\S-1-5-21-3734144309-4116549082-540705525-1002\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"Uninstall C:\Users\MaryLou\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\MaryLou\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun"

"CLVirtualDrive"="C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe /R"

"RemoteControl10"="C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"

"HP Quick Launch"="C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe"

"Intuit SyncManager"="C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe  startup"

"EEventManager"="C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"

"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

"HP Software Update"="C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe"

"FUFAXRCV"=""C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe""

"FUFAXSTM"=""C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe""

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Facebook Update"="C:\Users\MaryLou\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver"

"EPLTarget\P0000000000000000"="C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHWA.EXE /EPT EPLTarget\P0000000000000000 /M WorkForce 545"

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"Uninstall C:\Users\MaryLou\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\MaryLou\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64"

 

==== Startup Registry Enabled x64 ======================

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"NCPluginUpdater"="C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe Update"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"="c:\\progra~3\\bitguard\\271769~1.27\\{c16c1~1\\loader.dll"

 

==== Startup Folders ======================

 

2013-12-06 00:45:25 2099 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

2013-09-04 08:56:56 2221 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk

2013-09-04 08:56:58 2434 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk

2013-09-04 08:56:57 2030 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk

 

==== Task Scheduler Jobs ======================

 

C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3734144309-4116549082-540705525-1002Core.job --a-------- C:\Users\MaryLou\AppData\Local\Facebook\Update\FacebookUpdate.exe [09/13/2013 07:40 PM]

C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3734144309-4116549082-540705525-1002UA.job --a-------- C:\Users\MaryLou\AppData\Local\Facebook\Update\FacebookUpdate.exe [09/13/2013 07:40 PM]

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [08/15/2013 06:19 PM]

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [08/15/2013 06:19 PM]

 

==== Other Scheduled Tasks ======================

 

"C:\Windows\SysNative\tasks\CLMLSvc_P2G8" [C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe]

"C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-3734144309-4116549082-540705525-1002Core" [C:\Users\MaryLou\AppData\Local\Facebook\Update\FacebookUpdate.exe]

"C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-3734144309-4116549082-540705525-1002UA" [C:\Users\MaryLou\AppData\Local\Facebook\Update\FacebookUpdate.exe]

"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]

"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]

"C:\Windows\SysNative\tasks\MirageAgent" [C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe]

"C:\Windows\SysNative\tasks\Norton WSC Integration" ["C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\WSCStub.exe"]

"C:\Windows\SysNative\tasks\Synaptics TouchPad Enhancements" ["C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"]

"C:\Windows\SysNative\tasks\User_Feed_Synchronization-{9EFAFB1E-C4BA-4F62-AF85-A060F251D5D6}" [C:\Windows\system32\msfeedssync.exe]

"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]

"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]

"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\Update Check" [C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe]

"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe]

"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe]

"C:\Windows\SysNative\tasks\Norton Internet Security\Norton Error Analyzer" [C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\SymErr.exe]

"C:\Windows\SysNative\tasks\Norton Internet Security\Norton Error Processor" [C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\SymErr.exe]

 

==== Firefox Extensions Registry ======================

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]

"{BBDA0591-3099-440a-AA10-41764D9DB4DB}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.1.3\IPSFF" [10/09/2013 10:45 AM]

 

==== Chrome Look ======================

 

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

mkfokfffehpeedafpekjeddnmnjhmcmk - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\Exts\Chrome.crx[12/09/2013 02:38 AM]

 

Norton Identity Protection - MaryLou - Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk

Google Wallet - MaryLou - Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

 

==== Chrome Fix ======================

 

C:\Users\MaryLou\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_isearch.babylon.com_0.localstorage deleted successfully

C:\Users\MaryLou\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_isearch.babylon.com_0.localstorage-journal deleted successfully

C:\Users\MaryLou\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.consumersearch.com_0.localstorage deleted successfully

C:\Users\MaryLou\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.consumersearch.com_0.localstorage-journal deleted successfully

 

==== Set IE to Default ======================

 

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://g.msn.com/hpnot13/1"

"Search Page"="http://www.google.com"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]

@="http://www.google.com/search?q=%s"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]

"SearchAssistant"="http://www.google.com/ie"

"Default_Search_URL"="http://www.google.com/ie"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

No DefaultScope Set For HKCU

 

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Start Page"="http://g.msn.com/hpnot13/1"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]

"(Default)"="http://search.msn.com/results.asp?q=%s"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]

"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"

"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

 

==== All HKCU SearchScopes ======================

 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

{D944BB61-2E34-4DBF-A683-47E505C587DC} Unknown  Url="Not_Found"

 

==== Deleting CLSID Registry Keys ======================

 

HKEY_USERS\S-1-5-21-3734144309-4116549082-540705525-1002\Software\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC} deleted successfully

 

==== Deleting CLSID Registry Values ======================

 

 

==== Deleting Registry Keys ======================

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3A9F56B942D9A2546BFE41756DE52495 deleted successfully

 

==== HijackThis Entries ======================

 

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll

O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll

O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\IPS\IPSBHO.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll

O3 - Toolbar: Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll

O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [CLVirtualDrive] "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R

O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"

O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

O4 - HKLM\..\Run: [intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe  startup

O4 - HKLM\..\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"

O4 - HKLM\..\Run: [FUFAXRCV] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe"

O4 - HKLM\..\Run: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

O4 - HKCU\..\Run: [Facebook Update] "C:\Users\MaryLou\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

O4 - HKCU\..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHWA.EXE /EPT "EPLTarget\P0000000000000000" /M "WorkForce 545"

O4 - HKCU\..\RunOnce: [uninstall C:\Users\MaryLou\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\MaryLou\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64"

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Intuit Data Protect.lnk = C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe

O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

O4 - Global Startup: QuickBooks_Standard_21.lnk = C:\Program Files (x86)\Intuit\QuickBooks 2013\QBW32.EXE

O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab

O18 - Protocol: intu-help-qb6 - {6898B29B-BF49-43CB-A0B1-D0B9496AF491} - C:\Program Files (x86)\Intuit\QuickBooks 2013\HelpAsyncPluggableProtocol.dll

O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

O23 - Service: VPDAgent (Agent) - Two Pilots - C:\Windows\VPDAgent_x64.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: EpsonCustomerParticipation - SEIKO EPSON CORPORATION - C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

O23 - Service: HP Connected Remote Service (HPConnectedRemote) - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe

O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: Neat Startup Service - The Neat Company - C:\Program Files (x86)\Neat\exec\NeatStartupService.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe

O23 - Service: QBCFMonitorService - Intuit - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe

O23 - Service: QBIDPService (QBVSS) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

 

==== Empty IE Cache ======================

 

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\MaryLou\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

 

==== Empty FireFox Cache ======================

 

No FireFox Profiles found

 

==== Empty Chrome Cache ======================

 

C:\Users\MaryLou\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

 

==== Empty All Flash Cache ======================

 

No Flash Cache Found

 

==== Empty All Java Cache ======================

 

Java Cache cleared successfully

 

==== Empty Temp Folders ======================

 

C:\Users\Default\AppData\Local\Temp emptied successfully

C:\Users\Default User\AppData\Local\Temp emptied successfully

C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully

C:\Users\MaryLou\AppData\Local\Temp  will be emptied at reboot

C:\Windows\Temp will be emptied at reboot

 

==== After Reboot ======================

 

==== Empty Temp Folders ======================

 

C:\Windows\Temp successfully emptied

C:\Users\MaryLou\AppData\Local\Temp successfully emptied

 

==== Empty Recycle Bin ======================

 

C:\$RECYCLE.BIN successfully emptied

 

==== EOF on Wed 12/18/2013 at 10:07:29.42 ======================

[kevinf80]

What is the status of your system now, any remaining issues or concerns?....