Jump to content

Scorpion Saver etc


midas68
 Share

Recommended Posts

Hi, My computer has acted funny for about a month now. I think Scorpion Saver maybe be the, or one of the problems.  I tried system restore but it does not let me do so. I did notice PUP.Optional.Adpeak and Conduit files that Mbam Quarantined and Deleted from my System Volue INformation Restore etc dll.

 

The odd thing is my computer is making kinda a lazer buzz sound when I go to most sites now. Which has me worried.   we did recently get uverse and I have wireless in my room with the router in another(not sure if that is a problem)

 

Can you help me out please.

Link to post
Share on other sites

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

   

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Next,

 

Run Malwarebytes,  Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Full scan

Make sure that everything is checked, and click Remove Selected on any found items.

 

Post the produced log

 

Next,

 

Download AdwCleaner by Xplode from here: http://www.bleepingcomputer.com/download/adwcleaner/ and save to your Desktop.

 

  • Double click on AdwCleaner.exe to run the tool.
  • Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Uncheck any elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review.
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted (if necessary):
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

 

Next,

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Post those logs in next reply...

 

Thanks,

 

Kevin

Link to post
Share on other sites

Hi, Thanks for Helping me.

 

I didn't see much in the virus scans, as I did when I did them yesterday(if you need those let me know)  I think I attached the additional file but I am not for sure as I did not click the add to post as it just puts the info of whats in the folder up here and I don't think thats what you wanted. So I just clicked the attach files button.

 

Also The Laser sound does it on almost every site but not every one.

 

Thanks Again!!!!!

 

Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.12.18.01 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Administrator :: OWNER-C1F3A9834 [administrator] 12/18/2013 1:16:20 PM mbam-log-2013-12-18 (13-16-20).txt Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 517972 Time elapsed: 3 hour(s), 42 minute(s), 18 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) # AdwCleaner v3.015 - Report created 18/12/2013 at 17:13:56 # Updated 10/12/2013 by Xplode # Operating System : Microsoft Windows XP Service Pack 3 (32 bits) # Username : Administrator - OWNER-C1F3A9834 # Running from : C:\Documents and Settings\Administrator\My Documents\Downloads\AdwCleaner(1).exe # Option : Scan ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** ***** [ Browsers ] ***** -\\ Internet Explorer v8.0.6001.18702 -\\ Mozilla Firefox v18.0.1 (en-US) [ File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4qpw0jt8.default\prefs.js ] [ File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kz1rp507.default-1371607602468\prefs.js ] ************************* AdwCleaner[R0].txt - [9934 octets] - [18/12/2013 00:53:59] AdwCleaner[R1].txt - [914 octets] - [18/12/2013 17:13:56] AdwCleaner[s0].txt - [10122 octets] - [18/12/2013 01:00:28] ########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [1034 octets] ########## Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 18-12-2013 05 Ran by Administrator (administrator) on OWNER-C1F3A9834 on 18-12-2013 17:43:54 Running from C:\Documents and Settings\Administrator\My Documents\Downloads Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US) Internet Explorer Version 8 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe (Secunia) C:\Program Files\Secunia\PSI\psia.exe (Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (SigmaTel, Inc.) C:\WINDOWS\stsystra.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe (Microsoft Corporation) C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Dropbox, Inc.) C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Yahoo! Inc.) C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe (Secunia) C:\Program Files\Secunia\PSI\sua.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [sigmatelSysTrayApp] - C:\WINDOWS\stsystra.exe [282624 2006-03-20] (SigmaTel, Inc.) HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated) HKLM\...\Run: [KernelFaultCheck] - %systemroot%\system32\dumprep 0 -k HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-10-23] (Apple Inc.) HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKCU\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation) HKCU\...\Run: [Messenger (Yahoo!)] - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [6591800 2012-02-22] (Yahoo! Inc.) HKCU\...\Run: [sUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5717272 2013-11-05] (SUPERAntiSpyware) MountPoints2: {89f3d4f5-994f-11e1-8b4d-c41559140745} - E:\hbcd\wintools\autorun.exe Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk ShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch URLSearchHook: HKCU - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No File SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - {BA24F46C-581A-4F76-AD44-15E8DE18782A} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3306061&CUI=UN24825691989186118&UM=2 SearchScopes: HKCU - {EDB7F7B6-7195-4911-B3AF-72C6BC9CF975} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000031&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=7B95B668-040B-450D-B9AD-1E980B3645C9&apn_sauid=6E61C5DF-95D9-491F-A64B-2610E74606AB BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1336510646171 ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation) ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com) Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 FireFox: ======== FF ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kz1rp507.default-1371607602468 FF Homepage: about:home FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll () FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.0.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @yahoo.com/BrowserPlus,version=2.9.8 - C:\Documents and Settings\Administrator\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.) FF Extension: WOT - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kz1rp507.default-1371607602468\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} FF Extension: WOT - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kz1rp507.default-1371607602468\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}(2) FF Extension: Consciousness Bell - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kz1rp507.default-1371607602468\Extensions\cbell-owner@mozdev.org.xpi FF Extension: Simple Timer - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kz1rp507.default-1371607602468\Extensions\simpletimer@grbradt.org.xpi FF Extension: NoScript - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kz1rp507.default-1371607602468\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi FF Extension: Download YouTube Videos as MP4 - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kz1rp507.default-1371607602468\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi FF Extension: Adblock Plus - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kz1rp507.default-1371607602468\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ========================== Services (Whitelisted) ================= R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [120088 2013-10-10] (SUPERAntiSpyware.com) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation) R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1225312 2012-11-26] (Secunia) R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [659040 2012-11-26] (Secunia) S3 SMServer; C:\WINDOWS\system32\snmvtsvc.exe [245760 2009-05-28] (SMServer) R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf" ==================== Drivers (Whitelisted) ==================== S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\mbamswissarmy.sys [40776 2013-12-18] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation) R1 MpKsle9ff1b27; C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{27C2013D-9485-4E1D-88A7-0C92BEA2CF53}\MpKsle9ff1b27.sys [40392 2013-12-18] (Microsoft Corporation) R3 PSI; C:\Windows\System32\DRIVERS\psi_mf.sys [15544 2010-09-01] (Secunia) R3 rt2870; C:\Windows\System32\DRIVERS\Drt2870.sys [724736 2010-02-02] (Ralink Technology, Corp.) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R3 STHDA; C:\Windows\System32\drivers\sthda.sys [1156808 2006-05-25] (SigmaTel, Inc.) S0 cerc6; No ImagePath S4 IntelIde; No ImagePath ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-12-18 17:43 - 2013-12-18 17:43 - 00000000 ____D C:\FRST 2013-12-18 17:14 - 2013-12-18 17:24 - 00000000 ____D C:\Documents and Settings\Administrator\Desktop\Scorpion virus scan results 2013-12-18 13:15 - 2013-12-18 13:15 - 00040776 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2013-12-18 00:52 - 2013-12-18 17:26 - 00000000 ____D C:\AdwCleaner 2013-12-17 16:12 - 2013-12-17 16:19 - 00000000 ____D C:\Documents and Settings\Administrator\Desktop\New from freds 2013-12-16 20:27 - 2013-12-16 20:28 - 00000000 ____D C:\Documents and Settings\Administrator\Desktop\Cliive Barker - First Tales 2013-12-13 00:43 - 2013-12-13 00:43 - 00000403 _____ C:\Documents and Settings\Administrator\Desktop\Moms crazy talk.txt 2013-12-10 15:01 - 2013-12-10 15:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2904266$ 2013-12-10 15:01 - 2013-12-10 15:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2898715$ 2013-12-10 14:59 - 2013-12-10 14:59 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893984$ 2013-12-10 14:59 - 2013-12-10 14:59 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893294$ 2013-12-10 14:59 - 2013-12-10 14:59 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2892075$ 2013-12-09 17:21 - 2010-02-02 20:45 - 00724736 ____R (Ralink Technology, Corp.) C:\WINDOWS\system32\Drivers\Drt2870.sys 2013-12-09 17:21 - 2010-02-02 20:44 - 00221184 ____R (Ralink Technology, Inc.) C:\WINDOWS\system32\RaCoInst.dll 2013-12-09 17:21 - 2010-02-02 20:44 - 00013931 ____R C:\WINDOWS\system32\RaCoInst.dat 2013-12-07 21:27 - 2013-12-07 21:27 - 00000000 ____D C:\WINDOWS\CSC 2013-12-05 04:00 - 2013-12-05 04:00 - 00010767 _____ C:\Documents and Settings\Administrator\Desktop\TiniToolBox Result. that may have changed a few settingstxt.txt 2013-12-04 17:40 - 2013-12-04 17:40 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com 2013-12-04 17:39 - 2013-12-04 17:40 - 00000000 ____D C:\Program Files\SUPERAntiSpyware 2013-12-04 17:39 - 2013-12-04 17:39 - 00001678 _____ C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk 2013-12-04 17:39 - 2013-12-04 17:39 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware 2013-12-04 17:39 - 2013-12-04 17:39 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2013-11-19 17:48 - 2013-11-19 17:48 - 00044806 _____ C:\Documents and Settings\Administrator\Desktop\Robin 3.jpeg 2013-11-19 17:48 - 2013-11-19 17:48 - 00040358 _____ C:\Documents and Settings\Administrator\Desktop\Robin 2.jpeg 2013-11-19 17:44 - 2013-11-19 17:44 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Sun 2013-11-19 13:45 - 2013-11-19 13:45 - 00075776 ____N C:\Documents and Settings\Administrator\Desktop\robin.jpeg 2013-11-19 10:28 - 2013-11-19 10:28 - 00000000 ____D C:\Program Files\Common Files\Java 2013-11-19 10:28 - 2013-11-19 10:27 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe 2013-11-19 10:28 - 2013-11-19 10:27 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl 2013-11-19 10:27 - 2013-11-19 10:27 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe 2013-11-19 10:27 - 2013-11-19 10:27 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe 2013-11-19 10:27 - 2013-11-19 10:27 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll 2013-11-19 10:27 - 2013-11-19 10:27 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Java 2013-11-18 16:48 - 2013-12-18 17:38 - 00000384 ____H C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job ==================== One Month Modified Files and Folders ======= 2013-12-18 17:43 - 2013-12-18 17:43 - 00000000 ____D C:\FRST 2013-12-18 17:38 - 2013-11-18 16:48 - 00000384 ____H C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job 2013-12-18 17:31 - 2012-08-19 15:22 - 00000000 ___RD C:\Documents and Settings\Administrator\My Documents\Dropbox 2013-12-18 17:31 - 2012-08-19 15:18 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Dropbox 2013-12-18 17:30 - 2008-04-14 01:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl 2013-12-18 17:29 - 2012-05-08 14:45 - 02038282 _____ C:\WINDOWS\WindowsUpdate.log 2013-12-18 17:28 - 2012-05-08 14:51 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2013-12-18 17:26 - 2013-12-18 00:52 - 00000000 ____D C:\AdwCleaner 2013-12-18 17:26 - 2012-05-08 14:51 - 00032406 _____ C:\WINDOWS\SchedLgU.Txt 2013-12-18 17:26 - 2012-05-08 14:51 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini 2013-12-18 17:24 - 2013-12-18 17:14 - 00000000 ____D C:\Documents and Settings\Administrator\Desktop\Scorpion virus scan results 2013-12-18 13:15 - 2013-12-18 13:15 - 00040776 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2013-12-18 02:44 - 2012-05-21 20:45 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\BitTorrent 2013-12-18 01:35 - 2012-05-08 14:51 - 00000000 ____D C:\Documents and Settings\Administrator 2013-12-18 01:27 - 2013-06-18 00:37 - 00000682 _____ C:\Documents and Settings\All Users\Desktop\CCleaner.lnk 2013-12-18 01:27 - 2012-05-09 07:05 - 00000000 ____D C:\Program Files\CCleaner 2013-12-18 00:33 - 2012-05-08 15:25 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2544893-v2$ 2013-12-17 22:48 - 2012-05-08 15:24 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2483185$ 2013-12-17 22:23 - 2012-05-21 07:46 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\vlc 2013-12-17 20:43 - 2013-10-16 14:38 - 00000719 _____ C:\Documents and Settings\All Users\Desktop\VLC media player.lnk 2013-12-17 16:19 - 2013-12-17 16:12 - 00000000 ____D C:\Documents and Settings\Administrator\Desktop\New from freds 2013-12-17 16:19 - 2013-10-18 16:55 - 00000000 ____D C:\Documents and Settings\Administrator\Desktop\New from fred 2013-12-16 23:01 - 2012-05-09 07:30 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2013-12-16 20:28 - 2013-12-16 20:27 - 00000000 ____D C:\Documents and Settings\Administrator\Desktop\Cliive Barker - First Tales 2013-12-16 00:01 - 2013-10-20 23:01 - 08699272 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe 2013-12-16 00:01 - 2012-05-09 07:30 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2013-12-16 00:01 - 2012-05-09 07:30 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2013-12-14 02:20 - 2012-05-24 16:18 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\DC++ 2013-12-14 02:20 - 2012-05-24 16:18 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\DC++ 2013-12-14 01:43 - 2012-05-24 15:49 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\DC++ 2013-12-13 23:57 - 2012-05-21 07:46 - 00087552 _____ C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-12-13 00:43 - 2013-12-13 00:43 - 00000403 _____ C:\Documents and Settings\Administrator\Desktop\Moms crazy talk.txt 2013-12-10 15:06 - 2012-05-08 09:37 - 00141240 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2013-12-10 15:01 - 2013-12-10 15:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2904266$ 2013-12-10 15:01 - 2013-12-10 15:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2898715$ 2013-12-10 15:01 - 2013-07-10 13:46 - 00000000 ____D C:\WINDOWS\system32\MRT 2013-12-10 15:01 - 2012-05-08 15:32 - 00000000 ____D C:\WINDOWS\ie8updates 2013-12-10 15:01 - 2012-05-08 15:25 - 00030170 _____ C:\WINDOWS\system32\TZLog.log 2013-12-10 14:59 - 2013-12-10 14:59 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893984$ 2013-12-10 14:59 - 2013-12-10 14:59 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893294$ 2013-12-10 14:59 - 2013-12-10 14:59 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2892075$ 2013-12-10 14:59 - 2012-05-08 15:30 - 88123800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2013-12-09 17:22 - 2012-05-08 09:38 - 00688966 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2013-12-07 23:30 - 2012-05-08 09:28 - 00000000 ____D C:\WINDOWS\ime 2013-12-07 21:27 - 2013-12-07 21:27 - 00000000 ____D C:\WINDOWS\CSC 2013-12-05 04:00 - 2013-12-05 04:00 - 00010767 _____ C:\Documents and Settings\Administrator\Desktop\TiniToolBox Result. that may have changed a few settingstxt.txt 2013-12-04 19:25 - 2012-06-05 15:11 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe 2013-12-04 19:12 - 2013-06-18 19:54 - 00002315 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk 2013-12-04 17:40 - 2013-12-04 17:40 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com 2013-12-04 17:40 - 2013-12-04 17:39 - 00000000 ____D C:\Program Files\SUPERAntiSpyware 2013-12-04 17:39 - 2013-12-04 17:39 - 00001678 _____ C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk 2013-12-04 17:39 - 2013-12-04 17:39 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware 2013-12-04 17:39 - 2013-12-04 17:39 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2013-11-29 19:07 - 2012-06-01 20:51 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\dvdcss 2013-11-22 19:16 - 2013-09-17 01:50 - 00000038 _____ C:\WINDOWS\AviSplitter.INI 2013-11-19 17:48 - 2013-11-19 17:48 - 00044806 _____ C:\Documents and Settings\Administrator\Desktop\Robin 3.jpeg 2013-11-19 17:48 - 2013-11-19 17:48 - 00040358 _____ C:\Documents and Settings\Administrator\Desktop\Robin 2.jpeg 2013-11-19 17:44 - 2013-11-19 17:44 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Sun 2013-11-19 17:36 - 2012-09-10 20:26 - 00000000 ____D C:\WINDOWS\ShellNew 2013-11-19 13:45 - 2013-11-19 13:45 - 00075776 ____N C:\Documents and Settings\Administrator\Desktop\robin.jpeg 2013-11-19 10:28 - 2013-11-19 10:28 - 00000000 ____D C:\Program Files\Common Files\Java 2013-11-19 10:27 - 2013-11-19 10:28 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe 2013-11-19 10:27 - 2013-11-19 10:28 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl 2013-11-19 10:27 - 2013-11-19 10:27 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe 2013-11-19 10:27 - 2013-11-19 10:27 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe 2013-11-19 10:27 - 2013-11-19 10:27 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll 2013-11-19 10:27 - 2013-11-19 10:27 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Java 2013-11-19 10:27 - 2012-05-21 17:09 - 00000000 ____D C:\Program Files\Java 2013-11-19 04:21 - 2012-05-09 07:10 - 00230048 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe 2013-11-18 16:38 - 2012-05-18 15:41 - 00001698 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk 2013-11-18 16:38 - 2012-05-09 07:08 - 00001945 _____ C:\WINDOWS\epplauncher.mif 2013-11-18 16:38 - 2012-05-09 07:07 - 00000000 ____D C:\Program Files\Microsoft Security Client 2013-11-18 02:21 - 2013-10-26 17:59 - 00000000 ____D C:\Documents and Settings\Administrator\Desktop\From BlindMamma Some content of TEMP: ==================== C:\Documents and Settings\Administrator\Local Settings\Temp\Quarantine.exe C:\Documents and Settings\Administrator\Local Settings\Temp\vlc-2.1.2-win32.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== End Of Log ============================

Addition.txt

Link to post
Share on other sites

Not sure how you copy paste the logs, I cannot read them. As you`ve ran FRST from the following folder:

 

C:\Documents and Settings\Administrator\My Documents\Downloads

 

Can you navigate to that folder and attach the file FRST.txt maybe I can open that attachment and be able to read it better?

 

Reagarding Malwarebytes and AdwCleaner logs, not sure what you`ve done with those either, you`ve got all logs mixed up....

Link to post
Share on other sites

Hi, Sorry, I guess I will cut and paste them seperatly as I even made sure I added space between them but it all came together.

Here is the Mbam log

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.18.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: OWNER-C1F3A9834 [administrator]

12/18/2013 1:16:20 PM
mbam-log-2013-12-18 (13-16-20).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 517972
Time elapsed: 3 hour(s), 42 minute(s), 18 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

Link to post
Share on other sites

Heres the Adwcleaner log

 

 

# AdwCleaner v3.015 - Report created 18/12/2013 at 17:13:56
# Updated 10/12/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Administrator - OWNER-C1F3A9834
# Running from : C:\Documents and Settings\Administrator\My Documents\Downloads\AdwCleaner(1).exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v18.0.1 (en-US)

[ File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4qpw0jt8.default\prefs.js ]


[ File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kz1rp507.default-1371607602468\prefs.js ]


*************************

AdwCleaner[R0].txt - [9934 octets] - [18/12/2013 00:53:59]
AdwCleaner[R1].txt - [914 octets] - [18/12/2013 17:13:56]
AdwCleaner[s0].txt - [10122 octets] - [18/12/2013 01:00:28]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [1034 octets] ##########
 

Link to post
Share on other sites

I do not see Scorpion Saver in those logs, what makes you think it maybe on your system?

 

Do the following:

 

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.


The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Next,

 

We still need to run an online AV scan to ensure there are no remnants of any infection left on your system that we may have missed. This scan is very thorough and well worth running, it can take several hours please be patient and let it complete:

 

Run Eset Online Scanner

 

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

 

Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET.

 

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    Click Start
  • When asked, allow the add/on to be installed
    Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
  • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
    Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

 

When the scan is complete

 

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

 

If threats were found

 

  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish

 

close program

 

copy and paste the report in next reply

 

Next,

 

Download Security Check by screen317 from either of the following:

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

Save it to your Desktop. (If your security alerts either accept the alert, or turn the security off while Secuirity Check runs)

Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

Let me see those logs...

 

Kevin

 

fixlist.txt

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.