Jump to content

Another dllhost.exe and COM surrogate problem


CodeMonk

Recommended Posts

System is running REALLY slow.

I check Task Manager and have between 22 - 30  instances of Syswow64/dllhost.exe running a COM surrogate.

 

I have also noticed in the last few days a DOS box (CMD.EXE) open and close really fast.

A few times the system was running so slow it stayed open long enough for me to read the contents : "NOT SANDBOXED" (Google was no help there).

Have also noticed in Task Manager 2 instances of the command line "Powershell.exe iex $env:a" which I have not noticed before.

 

On a previous Malwarebytes scan it showed a registry entry as a malware entry.

(I have log attached from the last few days).

 

Also under :

[HKEY_USERS\S-1-5-21-1495987867-2284170166-2213606179-1001\Software\Microsoft\Windows\CurrentVersion\Run]

I had this odd entry:

"qtzeqffsaqcx"="rundll32.exe \"C:\\Users\\Rob\\AppData\\Local\\Temp\\qtzeqffsaqcx.dll\",DllRegisterServer"

When I viewed the properties of that  component it showed as "Borland TeeChart for QuickReport Component" and modified on 09/09/2014

 

And in that  C:\\Users\\Rob\\AppData\\Local\\Temp directory, nearly 4,000 folders have been created just in the last few days. Ransom names like 1aB, 1aC, 1aD, etc.

 

And the attached image (Hint: read the middle part backwards :)  )shows up every time I go to view ANY "Run" registry key although it doesn't deny me access to any of those keys

 

I currently have FRST running on my system (using my mom's desktop ATM) but from the looks of it. its going to take a several hours.

 

 

Thanks for your time

 

 

post-151966-0-77328400-1410942467_thumb.

protection-log-2014-09-10.xml

protection-log-2014-09-11.xml

protection-log-2014-09-12.xml

protection-log-2014-09-14.xml

protection-log-2014-09-16.xml

Link to post
Share on other sites

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.


Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Next,

 

Please download RogueKiller and save it to your desktop from the following link: http://www.bleepingcomputer.com/download/roguekiller/

 


Quit all running programs.
For Windows XP, double-click to start.
For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
Read and accept the EULA (End User Licene Agreement)
Click Scan to scan the system.
When the scan completes select "Report" save to desktop. Close the program > Don't Fix anything!
Post back the report which should be located on your desktop.

 

Let me see those logs in your next reply...

 

Kevin

Link to post
Share on other sites

Ok...here we go.

When running FRST it froze, but also I got this message from MalwareBytes:

 

 

So I rebooted and let Malware bytes do its thing.

Attached is the log from that as well as FRST.txt and the report for Rouguekiller

 

 

I do see some very suspicious entries listed by Rouguekiller. like who the hell ligitimately

gives a valid file name like [some GUID ].exe

 

Rouguekiller killed the dllhost processes, but they started back up again a few minutes later.

 

So whats the next step?

 

Thanks

post-151966-0-80730900-1411021454_thumb.

FRST.txt

RKreport_SCN_09172014_225321.log

protection-log-2014-09-17.xml

Link to post
Share on other sites

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

Open Malwarebytes Anti-Malware, from the Dashboard please Check for Updates by clicking the Update Now... link

When the update completes select > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.

 

 

Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.

 

When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.

 

 

In most cases, a restart will be required.

 

 

Wait for the prompt to restart the computer to appear, then click on Yes.

 

 

Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.

 

Next,

 

Run FRST one more time, under the "White list" box ensure all boxes ar checkmarked. Also under  "Optional Scan" box ensure to checkmark "Addition.txt"

 

Select the "Scan" tab. FRST will produce 2 logs "FRST.txt" and Addition.txt" let me see both in your reply.

 

Post all logs from above in your next reply....

 

Kevin...

fixlist.txt

Link to post
Share on other sites

Ok all scanned etc.

I'm hoping you mean to attach file as opposed to post contents a they that would be a lot of text, so here goes.

Except the Addition.txt which you specified top copy to clipboard and post.

 

BTW, the files named if the Fixlog.txt call MyPw.exe, MyPw.dat and MyPw-backup.dat are parts of a program I wrote to keep track of my passwords, not malware.

 

Things seem to be workign ok for now though.

Am I good to go or is there more i need to do?

 

Either way, THANKS

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-09-2014
Ran by Rob at 2014-09-18 07:31:38
Running from C:\Users\Rob\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: ZoneAlarm Antivirus (Enabled - Out of date) {DE038A5B-9EDD-18A9-2361-FF7D98D43730}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ZoneAlarm Anti-Spyware (Enabled - Out of date) {65626BBF-B8E7-1727-19D1-C40FE3537D8D}
FW: ZoneAlarm Firewall (Enabled) {E6380B7E-D4B2-19F1-083E-56486607704B}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden
Adobe Digital Editions 3.0 (HKLM-x32\...\Adobe Digital Editions 3.0) (Version: 3.0 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.8.800.94 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.8.800.94 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
Any Video Converter 3.5.5 (HKLM-x32\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
ATT Management Agent (HKLM-x32\...\ATT-ATT Management Agent) (Version: 8.3.1.7 - ATT)
Backup Manager Basic (x32 Version: 2.0.0.63 - NewTech Infosystems) Hidden
Belkin Setup and Router Monitor (HKLM-x32\...\Belkin Setup and Router Monitor_is1) (Version:  - )
Belkin USB Print and Storage Center (HKLM\...\Belkin USB Print and Storage Center) (Version: 1.0.0 - Belkin International, Inc.)
Best Buy pc app (Version: 3.0.0.0 - Best Buy) Hidden
Beyond Compare 3.3.10 (HKLM-x32\...\BeyondCompare3_is1) (Version: 3.3.10.17762 - Scooter Software)
BitTorrent (HKCU\...\BitTorrent) (Version: 7.9.2.33498 - BitTorrent Inc.)
BitTorrent (HKLM-x32\...\BitTorrent) (Version: 7.6.1 - BitTorrent Inc.)
Borland Delphi 6 (HKLM-x32\...\{B7886D87-ADA4-46A0-8A8D-02AB16B9F95A}) (Version: 6.0 - Borland Software Corporation)
Broadcom Gigabit NetLink Controller (HKLM\...\{A84DB02B-9C2B-4272-9D2D-A80E00A56513}) (Version: 14.0.2.3 - Broadcom Corporation)
Canon MP470 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP470_series) (Version:  - )
CDex - Open Source Digital Audio CD Extractor (HKLM-x32\...\CDex) (Version: 1.70.4.2009 - Georgy Berdyshev)
Cole2k Media - Codec Pack (Advanced) 8.0.2 (HKLM-x32\...\Cole2k Media - Codec Pack) (Version: 8.0.2 - Cole2k Media)
CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.3814.50 - CyberLink Corp.)
CyberLink PowerDVD 9 (x32 Version: 9.0.3814.50 - CyberLink Corp.) Hidden
DirectVobSub 2.41.5887 (64-bit) (HKLM\...\vsfilter64_is1) (Version: 2.41.5887 - MPC-HC Team)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version:  - DVD Shrink)
DVDVideoMedia Free Audio Converter 2.1 (HKLM-x32\...\{20A8C891-B2B6-434B-8EF9-33DF289626FD}}_is1) (Version: 2.1 - DVDVideoMedia, Inc.)
EAGLE 6.1.0 (HKLM-x32\...\EAGLE 6.1.0) (Version: 6.1.0 - CadSoft Computer GmbH)
EAGLE 6.3.0 (HKLM-x32\...\EAGLE 6.3.0) (Version: 6.3.0 - CadSoft Computer GmbH)
EAGLE 6.4.0 (HKLM-x32\...\EAGLE 6.4.0) (Version: 6.4.0 - CadSoft Computer GmbH)
EditPad Lite 7.1.1 (HKLM\...\EditPad Lite) (Version: 7.1.1 - Just Great Software)
ePub Reader for Windows version 4.1 (HKLM-x32\...\{BFBA7F3A-1F10-4754-ADEC-A8CFBB4F925B}_is1) (Version: 4.1 - HANSoft, Inc.)
ePub to PDF Converter 2.0.4 (HKLM-x32\...\ePub to PDF Converter_is1) (Version:  - DONGSOFT Company, Inc.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
ETDWare PS/2-x64 7.0.6.5_WHQL (HKLM\...\Elantech) (Version: 7.0.6.5 - ELAN Microelectronics Corp.)
ExactFile 1.0.0.15 (HKLM-x32\...\ExactFile_is1) (Version:  - StudyLamp Software LLC)
File Identifier version 1.0.3 (HKLM-x32\...\File Identifier_is1) (Version: 1.0.3 - )
File Viewer version 1.0.2 (HKLM-x32\...\{C8B24B83-920A-446E-B027-38F72C9D8898}_is1) (Version: 1.0.2 - Sharpened Productions)
Fontlist (HKLM-x32\...\Fontlist) (Version:  - Edwin Martin)
Gateway InfoCentre (HKLM-x32\...\Gateway InfoCentre) (Version: 3.02.3000 - Gateway Incorporated)
Gateway MyBackup (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.63 - NewTech Infosystems)
Gateway Power Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3005 - Gateway Incorporated)
Gateway Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Gateway Incorporated)
Gateway Registration (HKLM-x32\...\Gateway Registration) (Version: 1.03.3003 - Gateway Incorporated)
Gateway ScreenSaver (HKLM-x32\...\Gateway Screensaver) (Version: 1.1.0121.2010 - Gateway Incorporated)
Gateway Social Networks (HKLM-x32\...\InstallShield_{64EF903E-D00A-414C-94A4-FBA368FFCDC9}) (Version: 1.0.1901 - CyberLink Corp.)
Gateway Social Networks (x32 Version: 1.0.1901 - CyberLink Corp.) Hidden
Gateway Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3001 - Gateway Incorporated)
Geekbench 2.4 (HKLM-x32\...\Geekbench 2.4) (Version:  - Primate Labs)
Google Chrome (HKCU\...\Google Chrome) (Version: 37.0.2062.120 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
HTML-Kit 292 (HKLM-x32\...\HTMLKit_is1) (Version: 1.0 - HTMLKit.com)
HxD Hex Editor version 1.7.7.0 (HKLM-x32\...\HxD Hex Editor_is1) (Version: 1.7.7.0 - Maël Hörz)
Icon Searcher 3.90 (HKLM-x32\...\Icon Searcher_is1) (Version:  - SoftPlus)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Gateway Incorporated)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Inkscape 0.48.2 (HKLM-x32\...\Inkscape) (Version: 0.48.2 - )
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2182 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation)
InterBase (HKLM-x32\...\InterBase) (Version:  - )
Jasc Paint Shop Pro 9 (HKLM-x32\...\{F843C6A3-224D-4615-94F8-3C461BD9AEA0}) (Version: 9.00.0000 - Jasc Software Inc)
Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
KODAK Share Button App (HKLM-x32\...\{C3F0CF4C-0A8C-42F1-A585-2EF7886D6039}) (Version: 4.03.0000.0000 - Eastman Kodak Company)
Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.12 - Gateway)
LTspice IV (HKLM-x32\...\LTspice IV) (Version:  - )
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mass Effect™ 3 Demo (HKLM-x32\...\{A1683CA7-4850-4A21-982B-C6D853C79AF7}) (Version: 1.0.0.0 - Electronic Arts)
McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.139 - McAfee, Inc.)
McAfee Virtual Technician (HKLM-x32\...\McAfee Virtual Technician) (Version: 6.5.0.2101 - McAfee, Inc.)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM-x32\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
mIRC (HKLM-x32\...\mIRC) (Version: 7.29 - mIRC Co. Ltd.)
Mozilla Firefox 26.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 26.0 (x86 en-US)) (Version: 26.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 26.0 - Mozilla)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 9 Essentials (HKLM-x32\...\{c52c2553-9ad9-428e-a241-fc42cc06b991}) (Version:  - Nero AG)
Nero ControlCenter (x32 Version: 9.0.0.1 - Nero AG) Hidden
Nero DiscSpeed (x32 Version: 5.4.13.100 - Nero AG) Hidden
Nero DiscSpeed Help (x32 Version: 5.4.4.100 - Nero AG) Hidden
Nero DriveSpeed (x32 Version: 4.4.12.100 - Nero AG) Hidden
Nero DriveSpeed Help (x32 Version: 4.4.4.100 - Nero AG) Hidden
Nero Express Help (x32 Version: 9.4.37.100 - Nero AG) Hidden
Nero InfoTool (x32 Version: 6.4.12.100 - Nero AG) Hidden
Nero InfoTool Help (x32 Version: 6.4.4.100 - Nero AG) Hidden
Nero Installer (x32 Version: 4.4.9.0 - Nero AG) Hidden
Nero Online Upgrade (x32 Version: 1.3.0.0 - Nero AG) Hidden
Nero StartSmart (x32 Version: 9.4.37.100 - Nero AG) Hidden
Nero StartSmart Help (x32 Version: 9.4.27.100 - Nero AG) Hidden
Nero StartSmart OEM (x32 Version: 9.4.10.100 - Nero AG) Hidden
NeroExpress (x32 Version: 9.4.37.100 - Nero AG) Hidden
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
NETGEAR Print Server Software (HKLM-x32\...\NETGEAR Print Server Software) (Version:  - )
NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
OpenOffice.org 3.3 (HKLM-x32\...\{3E171899-0175-47CC-84C4-562ACDD4C021}) (Version: 3.3.9567 - OpenOffice.org)
Origin (HKLM-x32\...\Origin) (Version: 8.6.0.357 - Electronic Arts, Inc.)
Paint Shop Pro 7 (HKLM-x32\...\{D6DE02C7-1F47-11D4-9515-00105AE4B89A}) (Version: 7.0.2.0000 - Jasc Software Inc)
PitchPerfect Musical Instrument Tuner (HKLM-x32\...\PitchPerfect) (Version:  - NCH Software)
Project64 1.6 (HKLM-x32\...\{9559F7CA-5E34-4237-A2D9-D856464AD727}) (Version: 1.6 - Project64)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6141 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30121 - Realtek Semiconductor Corp.)
REAPER (HKLM-x32\...\REAPER) (Version:  - )
ReValver HP (HKLM-x32\...\ReValver HP_is1) (Version:  - )
ScorpionSaver (HKLM-x32\...\{9B65F9A3-9D24-452A-B6EF-1457D65E4259}) (Version: 1.0.0.0 - Adpeak, Inc.) <==== ATTENTION
SequoiaView (HKLM-x32\...\SequoiaView) (Version:  - )
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
System Checkup 3.4 (HKLM-x32\...\{4AC7B4E7-59B7-4E48-A60D-263C486FC33A}_is1) (Version: 3.4.2.18 - iolo technologies, LLC)
Tahoe Techs DriveInfo 1.0 (HKLM-x32\...\Tahoe Techs DriveInfo_is1) (Version: 1.0 - )
TransistorAmp (HKLM-x32\...\{1257A96C-3976-4BC8-9B7E-C5C7C746A3F5}) (Version: 1.1.3 - Stefan Bayer)
Video Web Camera (HKLM-x32\...\{83299633-1261-47A3-84F3-6F02B4B8CDB1}) (Version: 2.0.5.0 - liteon)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Welcome Center (HKLM-x32\...\Gateway Welcome Center) (Version: 1.02.3002 - Gateway Incorporated)
Winamp (HKLM-x32\...\Winamp) (Version: 5.623  - Nullsoft, Inc)
Winamp Detector Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
WinDjView 2.0.2 (HKLM\...\WinDjView) (Version: 2.0.2 - Andrew Zhezherun)
Windows 7 Codec Pack 4.0.3 (HKLM-x32\...\Windows 7 - Codec Pack) (Version: 4.0.3 - Windows 7 Codec Pack)
Windows Driver Package - Eastman Kodak KODAK Digital Camera (01/29/2010 1.4.1.0) (HKLM\...\3D970B9F930E7AAE23C06D39A1AC98548C90B442) (Version: 01/29/2010 1.4.1.0 - Eastman Kodak)
Windows Live Call (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 14.0.8091.0730 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 14.0.8081.709 - Microsoft Corporation) Hidden
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
WinRAR 4.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH)
WinX DVD Ripper 5.5.14 (HKLM-x32\...\WinX DVD Ripper_is1) (Version:  - Digiarty Software, Inc.)
Xirrus Wi-Fi Inspector (HKLM-x32\...\{BBB21AB1-2C45-435D-A05A-B563072E7B9B}) (Version: 1.2.1.4 - Xirrus)
YTD Video Downloader 4.8.1 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 4.8.1 - GreenTree Applications SRL)
ZoneAlarm Antivirus (x32 Version: 13.1.211.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Firewall (x32 Version: 13.1.211.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Antivirus + Firewall (HKLM-x32\...\ZoneAlarm Free Antivirus + Firewall) (Version: 13.1.211.000 - Check Point)
ZoneAlarm Security (x32 Version: 13.1.211.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Security Toolbar  (HKCU\...\zonealarm) (Version: 1.8.29.17 - Check Point Software Technologies LTD)
ZoneAlarm Security Toolbar  (HKLM-x32\...\zonealarm) (Version: 1.8.29.17 - Check Point Software Technologies LTD)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1495987867-2284170166-2213606179-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Rob\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1495987867-2284170166-2213606179-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Rob\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1495987867-2284170166-2213606179-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Rob\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1495987867-2284170166-2213606179-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Rob\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1495987867-2284170166-2213606179-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rob\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1495987867-2284170166-2213606179-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rob\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1495987867-2284170166-2213606179-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rob\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1495987867-2284170166-2213606179-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rob\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1495987867-2284170166-2213606179-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rob\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1495987867-2284170166-2213606179-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rob\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1495987867-2284170166-2213606179-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rob\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1495987867-2284170166-2213606179-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rob\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1495987867-2284170166-2213606179-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Rob\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
 
==================== Restore Points  =========================
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 19:34 - 2013-12-26 21:41 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {4784744C-24CD-4BAC-9B2A-7DD94B2A91FE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-24] (Google Inc.)
Task: {7FDB5109-87DC-4B06-A11B-00E978E6972E} - System32\Tasks\Gateway Registration - Data Sending task => C:\Program Files (x86)\Gateway\Registration\GREG.exe [2010-04-27] (Acer Incorporated)
Task: {98165738-23F7-4F43-B629-E963252E44EC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1495987867-2284170166-2213606179-1001Core1ce7f462d029345 => C:\Users\Rob\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-24] (Google Inc.)
Task: {BF24A55A-8923-4882-AFC0-D5CD2F6FFE60} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-10] (Adobe Systems Incorporated)
Task: {C5132146-927B-4130-B276-0D00964A8237} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1495987867-2284170166-2213606179-1001UA1cef25e44227421 => C:\Users\Rob\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-24] (Google Inc.)
Task: {C602C1A7-8AC3-44C0-8882-DDD0D389EBBA} - System32\Tasks\{10EF5062-FADE-4238-95E4-4EA61663B88F}-Kodak Share Button App Camera detect => C:\Program Files (x86)\Kodak\KODAK Share Button App\Listener.exe [2012-06-26] (Eastman Kodak Company)
Task: {F20BC767-E353-4DEB-99B3-C9F1546506EA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-24] (Google Inc.)
Task: {F8212C29-A9BE-4241-9AEA-E4C01822C72A} - \{5D3B976C-D017-491E-9791-71683DAF6135} No Task File <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Gateway Registration - Data Sending task.job => C:\Program Files (x86)\Gateway\Registration\GREG.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1495987867-2284170166-2213606179-1001Core1ce7f462d029345.job => C:\Users\Rob\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1495987867-2284170166-2213606179-1001UA1cef25e44227421.job => C:\Users\Rob\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-01-15 02:16 - 2010-02-17 19:25 - 00181760 ____N () C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
2013-01-15 02:16 - 2010-02-09 16:55 - 00055296 ____N () C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
2012-04-04 05:00 - 2012-02-17 20:55 - 00193536 _____ () C:\Program Files\WinRAR\rarext.dll
2013-01-15 02:16 - 2010-02-17 19:25 - 00149504 ____N () C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkLocalBackup.dll
2013-03-19 06:15 - 2013-03-19 06:15 - 00704008 _____ () C:\Windows\SysWOW64\C2MP\TrayMenu.exe
2013-05-23 00:28 - 2010-07-28 17:34 - 00022424 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinServicePS.dll
2013-03-06 18:26 - 2013-03-06 18:26 - 00241152 _____ () C:\Program Files (x86)\ATT\8.3.1.7\ma\node_modules\motive-activex-wrapper\build\Release\NodeActiveXWrapper.node
2013-03-06 18:26 - 2013-03-06 18:26 - 00264704 _____ () C:\Program Files (x86)\ATT\8.3.1.7\ma\node_modules\motive-osbridge\build\Release\MotiveOSBridgeNodeModule.node
2013-03-06 18:26 - 2013-03-06 18:26 - 00233984 _____ () C:\Program Files (x86)\ATT\8.3.1.7\ma\node_modules\motive-xmpps\build\Release\MotiveXMPPSNode.node
2012-07-12 16:37 - 2012-07-12 16:37 - 01380864 _____ () C:\Program Files (x86)\ATT\8.3.1.7\ma\node_modules\libxmljs\build\Release\libxmljs.node
2012-06-26 13:40 - 2012-06-26 13:40 - 00068096 _____ () C:\Program Files (x86)\ATT\8.3.1.7\ma\node_modules\dnode\node_modules\weak\build\Release\weakref.node
2014-09-18 06:59 - 2014-09-18 06:59 - 00043008 _____ () c:\users\rob\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp2psbb0.dll
2013-08-23 12:01 - 2013-08-23 12:01 - 25100288 _____ () C:\Users\Rob\AppData\Roaming\Dropbox\bin\libcef.dll
2010-05-24 17:16 - 2010-05-24 17:16 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\sqlite3.dll
2010-07-23 00:31 - 2009-05-19 23:02 - 00072200 _____ () C:\Program Files (x86)\Launch Manager\CdDirIo.dll
2013-05-23 00:27 - 2010-06-23 18:11 - 00325632 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtXml4.dll
2013-05-23 00:27 - 2010-06-23 18:11 - 01954304 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtCore4.dll
2013-05-23 00:27 - 2010-06-23 18:12 - 07187456 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtGui4.dll
2013-05-23 00:27 - 2010-06-23 18:11 - 00847360 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtNetwork4.dll
2013-05-23 00:27 - 2010-06-23 17:38 - 00119808 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll
2013-05-23 00:28 - 2010-07-28 17:02 - 00658432 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll
2011-01-17 17:19 - 2012-03-07 10:59 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2010-05-24 17:09 - 2010-05-24 17:09 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\ACE.dll
2014-09-04 18:22 - 2014-09-04 18:22 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\e28fdf645d0ce4b58b0ee3352e1de34c\IsdiInterop.ni.dll
2010-07-22 23:40 - 2010-04-13 09:52 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2014-09-12 05:53 - 2014-09-03 20:01 - 01098056 _____ () C:\Users\Rob\AppData\Local\Google\Chrome\Application\37.0.2062.120\libglesv2.dll
2014-09-12 05:53 - 2014-09-03 20:01 - 00174408 _____ () C:\Users\Rob\AppData\Local\Google\Chrome\Application\37.0.2062.120\libegl.dll
2014-09-12 05:53 - 2014-09-03 20:01 - 08577864 _____ () C:\Users\Rob\AppData\Local\Google\Chrome\Application\37.0.2062.120\pdf.dll
2014-09-12 05:53 - 2014-09-03 20:01 - 00331592 _____ () C:\Users\Rob\AppData\Local\Google\Chrome\Application\37.0.2062.120\ppGoogleNaClPluginChrome.dll
2014-09-12 05:53 - 2014-09-03 20:01 - 01660232 _____ () C:\Users\Rob\AppData\Local\Google\Chrome\Application\37.0.2062.120\ffmpegsumo.dll
2014-09-12 05:53 - 2014-09-03 20:01 - 14891848 _____ () C:\Users\Rob\AppData\Local\Google\Chrome\Application\37.0.2062.120\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/18/2014 07:15:25 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 12.9.2014.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 754
 
Start Time: 01cfd34a45c2c26d
 
Termination Time: 25
 
Application Path: C:\Users\Rob\Desktop\FRST64.exe
 
Report Id:
 
Error: (09/18/2014 06:44:03 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: ieframe.dll, version: 9.0.8112.16540, time stamp: 0x53099a82
Exception code: 0xc0000005
Fault offset: 0x00000000000af8ba
Faulting process id: 0x189c
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3
 
Error: (09/18/2014 06:20:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: ieframe.dll, version: 9.0.8112.16540, time stamp: 0x53099a82
Exception code: 0xc0000005
Fault offset: 0x00000000000af8b7
Faulting process id: 0x1e18
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3
 
Error: (09/18/2014 06:12:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: ieframe.dll, version: 9.0.8112.16540, time stamp: 0x53099a82
Exception code: 0xc0000005
Fault offset: 0x00000000000af8b7
Faulting process id: 0x1ab8
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3
 
Error: (09/18/2014 05:12:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: MSHTML.dll, version: 9.0.8112.16540, time stamp: 0x53099d2f
Exception code: 0xc0000005
Fault offset: 0x000000000047b421
Faulting process id: 0x1b28
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3
 
Error: (09/18/2014 05:01:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: ieframe.dll, version: 9.0.8112.16540, time stamp: 0x53099a82
Exception code: 0xc0000005
Fault offset: 0x00000000000af8b7
Faulting process id: 0x194c
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3
 
Error: (09/18/2014 04:00:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: ieframe.dll, version: 9.0.8112.16540, time stamp: 0x53099a82
Exception code: 0xc0000005
Fault offset: 0x00000000000af8b7
Faulting process id: 0x1e04
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3
 
Error: (09/18/2014 02:30:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: ieframe.dll, version: 9.0.8112.16540, time stamp: 0x53099a82
Exception code: 0xc0000005
Fault offset: 0x00000000000af8ba
Faulting process id: 0xec0
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3
 
Error: (09/18/2014 01:11:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GREG.exe, version: 1.3.3003.0, time stamp: 0x4bd7a184
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x53159a86
Exception code: 0xe0434f4d
Fault offset: 0x0000c42d
Faulting process id: 0x39d4
Faulting application start time: 0xGREG.exe0
Faulting application path: GREG.exe1
Faulting module path: GREG.exe2
Report Id: GREG.exe3
 
Error: (09/17/2014 09:52:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: ieframe.dll, version: 9.0.8112.16540, time stamp: 0x53099a82
Exception code: 0xc0000005
Fault offset: 0x00000000000af8ba
Faulting process id: 0x1f58
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3
 
 
System errors:
=============
Error: (09/18/2014 06:59:05 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The vToolbarUpdater17.2.0 service failed to start due to the following error: 
%%2
 
Error: (09/18/2014 06:58:20 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MBAMService service failed to start due to the following error: 
%%1053
 
Error: (09/18/2014 06:58:20 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the MBAMService service to connect.
 
Error: (09/18/2014 01:42:10 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.
 
Error: (09/18/2014 01:39:24 AM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16398) (User: NT AUTHORITY)
Description: A new BITS job could not be created. The current job count for the user Rob-PC\Rob (60) is equal to or greater than the job limit (60) specified through group policy.  To correct the problem, complete or cancel the BITS jobs that haven't made progress by looking at the error, and restart the BITS service. If this error recurs, contact your system administrator and increate the per-user and per-computer Group Policy job limits.
 
Error: (09/18/2014 01:37:05 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (09/18/2014 01:36:03 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The ZoneAlarm Privacy Service service failed to start due to the following error: 
%%1053
 
Error: (09/18/2014 01:36:03 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the ZoneAlarm Privacy Service service to connect.
 
Error: (09/18/2014 01:35:23 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The vToolbarUpdater17.2.0 service failed to start due to the following error: 
%%2
 
Error: (09/18/2014 01:34:17 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 1:32:11 AM on ‎9/‎18/‎2014 was unexpected.
 
 
Microsoft Office Sessions:
=========================
Error: (09/18/2014 07:15:25 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FRST64.exe12.9.2014.075401cfd34a45c2c26d25C:\Users\Rob\Desktop\FRST64.exe
 
Error: (09/18/2014 06:44:03 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe6.1.7600.163854a5bc3c1ieframe.dll9.0.8112.1654053099a82c000000500000000000af8ba189c01cfd34363187b6eC:\Windows\System32\svchost.exeC:\Windows\System32\ieframe.dlld9d4a099-3f39-11e4-a1e2-88ae1d9f5735
 
Error: (09/18/2014 06:20:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe6.1.7600.163854a5bc3c1ieframe.dll9.0.8112.1654053099a82c000000500000000000af8b71e1801cfd34244be498eC:\Windows\System32\svchost.exeC:\Windows\System32\ieframe.dll99a51932-3f36-11e4-a1e2-88ae1d9f5735
 
Error: (09/18/2014 06:12:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe6.1.7600.163854a5bc3c1ieframe.dll9.0.8112.1654053099a82c000000500000000000af8b71ab801cfd339e19bd6a3C:\Windows\System32\svchost.exeC:\Windows\System32\ieframe.dll6cc04f20-3f35-11e4-a1e2-88ae1d9f5735
 
Error: (09/18/2014 05:12:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe6.1.7600.163854a5bc3c1MSHTML.dll9.0.8112.1654053099d2fc0000005000000000047b4211b2801cfd3387b7bf14aC:\Windows\System32\svchost.exeC:\Windows\System32\MSHTML.dll04a66cd8-3f2d-11e4-a1e2-88ae1d9f5735
 
Error: (09/18/2014 05:01:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe6.1.7600.163854a5bc3c1ieframe.dll9.0.8112.1654053099a82c000000500000000000af8b7194c01cfd3317d9ec064C:\Windows\System32\svchost.exeC:\Windows\System32\ieframe.dll95baa936-3f2b-11e4-a1e2-88ae1d9f5735
 
Error: (09/18/2014 04:00:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe6.1.7600.163854a5bc3c1ieframe.dll9.0.8112.1654053099a82c000000500000000000af8b71e0401cfd32be6b22f85C:\Windows\System32\svchost.exeC:\Windows\System32\ieframe.dllf2f9d9b0-3f22-11e4-a1e2-88ae1d9f5735
 
Error: (09/18/2014 02:30:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe6.1.7600.163854a5bc3c1ieframe.dll9.0.8112.1654053099a82c000000500000000000af8baec001cfd31bb12c945cC:\Windows\System32\svchost.exeC:\Windows\System32\ieframe.dll7ae48532-3f16-11e4-a1e2-88ae1d9f5735
 
Error: (09/18/2014 01:11:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: GREG.exe1.3.3003.04bd7a184KERNELBASE.dll6.1.7601.1840953159a86e0434f4d0000c42d39d401cfd3169125dc71C:\Program Files (x86)\Gateway\Registration\GREG.exeC:\Windows\syswow64\KERNELBASE.dll607fd525-3f0b-11e4-9e31-88ae1d9f5735
 
Error: (09/17/2014 09:52:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe6.1.7600.163854a5bc3c1ieframe.dll9.0.8112.1654053099a82c000000500000000000af8ba1f5801cfd2f88664870aC:\Windows\System32\svchost.exeC:\Windows\System32\ieframe.dll9fc33a99-3eef-11e4-9e31-88ae1d9f5735
 
 
==================== Memory info =========================== 
 
Processor: Intel® Pentium® CPU P6100 @ 2.00GHz
Percentage of memory in use: 81%
Total physical RAM: 2806.71 MB
Available physical RAM: 524.09 MB
Total Pagefile: 7013.89 MB
Available Pagefile: 3908.14 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
 
==================== Drives ================================
 
Drive c: (Gateway) (Fixed) (Total:298.09 GB) (Free:50.4 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (PEARL) (Removable) (Total:0.93 GB) (Free:0.68 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 8EA7706A)
Partition 1: (Active) - (Size=298.1 GB) - (Type=07 NTFS)
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 1.
 
==================== End Of Log ============================

Fixlog.txt

Addition.txt

FRST.txt

Link to post
Share on other sites

Oops, sorry thought I did that'Copied to clipboard and attached.

 

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 9/18/2014

Scan Time: 7:01:28 AM

Logfile: 

Administrator: Yes

 

Version: 2.00.2.1012

Malware Database: v2014.09.18.03

Rootkit Database: v2014.09.15.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled

 

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: Rob

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 357847

Time Elapsed: 25 min, 35 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 0

(No malicious items detected)

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

protection-log-2014-09-18.xml

Link to post
Share on other sites

Thanks for the logs, continue please;

 

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

We need to run an online AV scan to ensure there are no remnants of any infection left on your system that may have been missed. This scan is very thorough and well worth running, it can take several hours please be patient and let it complete:

 

Run Eset Online Scanner

 

**Note** You will need to use Internet explorer for this scan - Vista and Windows 7/8 right click on IE shortcut and run as admin.

 

(To run ESET Online Scanner in a browser other than Internet Explorer, you'll need to download ESET SMART  Installer during the process)

 

Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET.

 


Turn off the real time scanner of any existing antivirus program while performing the online scan
click on the Run ESET Online Scanner button
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the add/on to be installed
Click Start
Make sure that the option "Remove found threats"  is UNticked
Click on Advanced Settings, ensure the following options are checked:
 
Scan for potentially unsafe applications
Enable Anti-Stealth Technology
 
Click Scan
wait for the virus definitions to be downloaded
Wait for the scan to finish

 

When the scan is complete

 


If no threats were found
put a checkmark in "Uninstall application on close"
close program
report to me that nothing was found

 

If threats were found

 


click on "list of threats found"
click on "export to text file" and save it as ESET SCAN and save to the desktop
Click on back
put a checkmark in "Uninstall application on close"
click on finish

 

close program

 

Copy and paste the report in next reply.

 

Next,

 

I noticed ScorpianSaver by Adpeak in your installed list, we need to find and remove all traces....

 

Please download SystemLook from the following link below and save it to your Desktop. Use the correct version 32bit or 64bit.

http://jpshortstuff.247fixes.com/SystemLook_x64.exe      <<-   64 bit….

http://images.malwareremoval.com/jpshortstuff/SystemLook.exe  <<-  32 bit

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:

    :regfind*Scorpion*Scorpion*Scorpionsaver
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.


Note: The log can also be found on your Desktop entitled SystemLook.txt

 

Let me see those logs in your next reply, also give an update on any remaining issues or concerns...

 

Kevin
 

 

 

 

fixlist.txt

Link to post
Share on other sites

Oh boy, here we go...

(Files posted also attached)

 

 

ESET SCAN:

 

C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\PitchPerfect\pitchperfect.exe.vir a variant of Win32/Toolbar.Conduit.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\PitchPerfect\ppsetup_v2.05.exe.vir a variant of Win32/Toolbar.Conduit.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\PitchPerfect\uninst.exe.vir a variant of Win32/Toolbar.Conduit.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\MOVIES\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.1_0\background.html.vir JS/Adware.Yontoo.B application
C:\AdwCleaner\Quarantine\C\Users\MOVIES\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.1_0\yl.js.vir JS/Adware.Yontoo.A application
C:\Books\cbsidlm-cbsi134-ePub_to_PDF_Converter-SEO-75532612.exe a variant of Win32/CNETInstaller.B potentially unwanted application
C:\Config.Msi\15a86060.rbf a variant of Win32/Toolbar.Widgi potentially unwanted application
C:\Config.Msi\15a86089.rbf a variant of Win32/Toolbar.Widgi.A potentially unwanted application
C:\Downloads\cnet2_HKSetup_exe.exe a variant of Win32/InstallCore.D potentially unwanted application
C:\Downloads\cnet2_WnvHtmlToPdf_App-v8_0_zip.exe a variant of Win32/InstallCore.D potentially unwanted application
C:\Downloads\cnet2_WRCFree_exe.exe a variant of Win32/InstallCore.D potentially unwanted application
C:\Downloads\CuteWriter.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\Downloads\planner_setup.exe a variant of Win32/Multibar.AA potentially unwanted application
C:\Downloads\Guitar\ppsetup.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application
C:\Downloads\Multimedia\YTDSetup.exe a variant of Win32/Toolbar.Widgi.G potentially unwanted application
C:\Downloads\PDF\CuteWriter.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\Downloads\System\cole2k.media.-.codec.pack.v8.0.2.-advanced-.setup.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application
C:\Downloads\System\zafwSetupWeb_120_104_000.exe Win32/Toolbar.Conduit potentially unwanted application
C:\Downloads\System\zaSetupWeb_120_104_001.exe Win32/Toolbar.Conduit potentially unwanted application
C:\Downloads\System\AV\zaSetupWeb_131_211_000.exe Win32/Toolbar.Conduit potentially unwanted application
C:\Downloads\System\AV\zaSetupWeb_133_209_000.exe Win32/Toolbar.Conduit potentially unwanted application
C:\Downloads\System\Drives\SoftonicDownloader_for_sequoiaview.exe a variant of Win32/SoftonicDownloader.G potentially unwanted application
C:\Downloads_From_Moms_Computer\cbsidlm-tr1_8-Free_HTML_to_PDF_Converter-ORG2-10691753.exe Win32/DownloadAdmin.E potentially unwanted application
C:\Downloads_From_Moms_Computer\2\Downloads\cbsidlm-tr1_7-Acala_DVD_Ripper_Professional-SEO2-10784635.exe Win32/DownloadAdmin.D potentially unwanted application
C:\Downloads_From_Moms_Computer\2\Downloads\cbsidlm-tr1_7-Active_ISO_Burner-SEO2-10602452.exe Win32/DownloadAdmin.D potentially unwanted application
C:\Downloads_From_Moms_Computer\2\Downloads\cbsidlm-tr1_7-Free_ISO_Creator-SEO2-10902634.exe Win32/DownloadAdmin.D potentially unwanted application
C:\Downloads_From_Moms_Computer\2\Downloads\isobuster_all_lang.exe Win32/Toolbar.Conduit potentially unwanted application
C:\Downloads_From_Moms_Computer\Other\cbsidlm-tr1_8-Free_HTML_to_PDF_Converter-ORG2-10691753.exe Win32/DownloadAdmin.E potentially unwanted application
C:\FRST\Quarantine\C\Users\Rob\AppData\Local\Temp\dyqrltm.dll.xBAD Win32/TrojanDownloader.Tracur.AL trojan
C:\FRST\Quarantine\C\Users\Rob\AppData\Local\Temp\e.dll.xBAD Win32/TrojanDownloader.Agent.ASR trojan
C:\FRST\Quarantine\C\Users\Rob\AppData\Local\Temp\qtzeqffsaqcx.dll.xBAD Win32/TrojanDownloader.Tracur.AL trojan
C:\Guitar\DaltonJones\Effects\Caerbannog_Fuzz\Enclosures\Other\cbsidlm-tr1_8-Free_HTML_to_PDF_Converter-ORG2-10691753.exe Win32/DownloadAdmin.E potentially unwanted application
C:\Install\1\cbsidlm-tr1_7-Acala_DVD_Ripper_Professional-SEO2-10784635.exe Win32/DownloadAdmin.D potentially unwanted application
C:\Install\1\cbsidlm-tr1_7-Active_ISO_Burner-SEO2-10602452.exe Win32/DownloadAdmin.D potentially unwanted application
C:\Install\1\cbsidlm-tr1_7-Free_ISO_Creator-SEO2-10902634.exe Win32/DownloadAdmin.D potentially unwanted application
C:\Install\1\isobuster_all_lang.exe Win32/Toolbar.Conduit potentially unwanted application
C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.29.17\zonealarmApp.dll a variant of Win32/Toolbar.Montiera.A potentially unwanted application
C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.29.17\zonealarmEng.dll a variant of Win32/Toolbar.Montiera.A potentially unwanted application
C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.29.17\zonealarmsrv.exe a variant of Win32/Toolbar.Montiera.A potentially unwanted application
C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.29.17\bh\zonealarm.dll a variant of Win32/Toolbar.Escort.A potentially unwanted application
C:\Program Files (x86)\CheckPoint\Install\CUninstallerZA.exe Win32/Toolbar.Conduit potentially unwanted application
C:\Program Files (x86)\CheckPoint\Install\zatb.exe Win32/Toolbar.Montiera.I potentially unwanted application
C:\T0_DVD\DaltonJones\Effects\Caerbannog_Fuzz\Enclosures\Other\cbsidlm-tr1_8-Free_HTML_to_PDF_Converter-ORG2-10691753.exe Win32/DownloadAdmin.E potentially unwanted application
C:\Users\Rob\AppData\Roaming\Check Point Software Technologies LTD\zonealarm\1.8.29.17\uninstall.exe Win32/Toolbar.Montiera.B potentially unwanted application
C:\Users\Rob\AppData\Roaming\Check Point Software Technologies LTD\zonealarm\1.8.29.17\uninstall_d.exe Win32/Toolbar.Montiera.B potentially unwanted application
C:\Users\Rob\AppData\Roaming\Check Point Software Technologies LTD\zonealarm\1.8.29.17\zonealarm4ffx.exe Win32/Toolbar.Montiera.E potentially unwanted application
C:\Users\Rob\AppData\Roaming\TicnoTemp\multibar_setup.exe a variant of Win32/Multibar.AC potentially unwanted application
 
 
 
SYSTEMLOOK:
 
 
SystemLook 30.07.11 by jpshortstuff
Log created at 19:30 on 19/09/2014 by Rob
Administrator - Elevation successful
 
========== regfind ==========
 
Searching for "*Scorpion*"
No data found.
 
Searching for "Scorpion*"
No data found.
 
Searching for "Scorpionsaver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SOFTWARE\Wow6432Node\CLSID\F5D333A8-C748-4686-AE0A-9E008F670C22]
@="ScorpionSaver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SOFTWARE\Wow6432Node\CLSID\F5D333A8-C748-4686-AE0A-9E008F670C22\InProcServer32]
@="C:\Program Files(x86)\ScorpionSaver\IECore.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\Program Files (x86)\ScorpionSaver\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\Program Files\ScorpionSaver Services\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\070C83CAC0BBFE455B6212FB4397793C]
"6BA018E6E43F3A949AF3E90563067F81"="c:\Program Files\ScorpionSaver Services\AdpeakRegisterLSP.ini"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1C19AC53289098045B06B0DD1D37CBAB]
"3A9F56B942D9A2546BFE41756DE52495"="c:\Program Files (x86)\ScorpionSaver\ff_bootstrap.js"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23D9E9D21B4E77E41B9F50DD22F24E20]
"3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23EEA1F105A7F45449974D9B95E7AC89]
"3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\26982796A8AFD1246B95E00265A95BF9]
"3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\32DA746012E6D4F488AAD113D6FA4A44]
"6BA018E6E43F3A949AF3E90563067F81"="c:\Program Files\ScorpionSaver Services\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\382E585E62B6F595CB727CEBAB9E48A0]
"6BA018E6E43F3A949AF3E90563067F81"="c:\Program Files\ScorpionSaver Services\AdpeakRegisterLSP.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3B786268CB4A7F156A3BDF6701444F22]
"6BA018E6E43F3A949AF3E90563067F81"="c:\Program Files\ScorpionSaver Services\AdpeakProxy64.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3FB1AAC4382437047A03618BF727B859]
"6BA018E6E43F3A949AF3E90563067F81"="c:\Program Files\ScorpionSaver Services\Microsoft.Deployment.WindowsInstaller.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\42D92D0D75AFEF74297E03876C8D9D33]
"3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4D2EB987C8C8A46578D4943D5A9A1467]
"6BA018E6E43F3A949AF3E90563067F81"="c:\Program Files\ScorpionSaver Services\Installbat.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50FFE845C555A6E4BADB7CB7A145BFEB]
"3A9F56B942D9A2546BFE41756DE52495"="c:\Program Files (x86)\ScorpionSaver\SendJson.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6FB4398202577895B83B74B08F79C3A2]
"6BA018E6E43F3A949AF3E90563067F81"="c:\Program Files\ScorpionSaver Services\AdpeakProxy.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\715A3348920B6534690067594BB69F60]
"3A9F56B942D9A2546BFE41756DE52495"="c:\Program Files (x86)\ScorpionSaver\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7617C782A0FD4D15288CD4E4ECF84C67]
"6BA018E6E43F3A949AF3E90563067F81"="c:\Program Files\ScorpionSaver Services\InstallDLL.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7AB2AE85638F6255CA2F35481D3A8828]
"6BA018E6E43F3A949AF3E90563067F81"="c:\Program Files\ScorpionSaver Services\PCProxyDLL.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7B7B13B037A7C2A42AC3E3EAF14D7107]
"3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7D05B2942E9CC80499F397F6114DFB35]
"3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8591B8948E1C4A04F90505B3CDEE8555]
"3A9F56B942D9A2546BFE41756DE52495"="c:\Program Files (x86)\ScorpionSaver\CustomActionInstall"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8D841C5FEC311624CB88D49DB3884FA7]
"3A9F56B942D9A2546BFE41756DE52495"="c:\Program Files (x86)\ScorpionSaver\IECore.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9BBBCEE5468FF9C569B1F7A24F6ED3D8]
"6BA018E6E43F3A949AF3E90563067F81"="c:\Program Files\ScorpionSaver Services\InstallDLL64.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A1A8F5D2D938A495DBE3BC97E2BC5FA3]
"6BA018E6E43F3A949AF3E90563067F81"="c:\Program Files\ScorpionSaver Services\Installbat64.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AD746BF3B3B3FD8409B86604BA85982A]
"3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D2E5AC6B3591558529A290643010F81B]
"6BA018E6E43F3A949AF3E90563067F81"="c:\Program Files\ScorpionSaver Services\AdpeakProxy.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D5E8CD27C9B1C435AAB81D8619DCEFE3]
"6BA018E6E43F3A949AF3E90563067F81"="c:\Program Files\ScorpionSaver Services\AdpeakRegisterLSP64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F355F0DB7A2E3A14B8E7A568FBA25937]
"3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3A9F56B942D9A2546BFE41756DE52495\InstallProperties]
"DisplayName"="ScorpionSaver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6BA018E6E43F3A949AF3E90563067F81\InstallProperties]
"DisplayName"="ScorpionSaver Services"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9B65F9A3-9D24-452A-B6EF-1457D65E4259}]
"DisplayName"="ScorpionSaver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Swearware\backup\winsock2\Parameters\AppId_Catalog\049970F0]
"AppFullPath"="C:\Program Files\ScorpionSaver Services\AdpeakProxy.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\AppId_Catalog\049970F0]
"AppFullPath"="C:\Program Files\ScorpionSaver Services\AdpeakProxy.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\WinSock2\Parameters\AppId_Catalog\049970F0]
"AppFullPath"="C:\Program Files\ScorpionSaver Services\AdpeakProxy.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog\049970F0]
"AppFullPath"="C:\Program Files\ScorpionSaver Services\AdpeakProxy.exe"
 
-= EOF =-
 
 
----------------------------------------------------------------------
 
Looks like I got a lot of crap there.
Although some of it is from Quarantine folders from FRST and others.
And a few of what I assume are false positives from ZoneAlarm software from the ESET scan.
And before you ask, yes, I downloaded the ZoneAlarm software from their site.
I've been using it for awhile but updated it last night (maybe I should have waited?)
 
 
And for future reference, the following can be ignored...
C:\Users\Rob\MyPw-backup.dat
C:\Users\Rob\MyPw.dat
C:\Users\Rob\MyPw.exe
 
The exe file and data files for a password database program I wrote.
I used to work as a software engineer and also did a some shareware and a lot of freeware apps, although this one I never released.
 
 
Thanks

Fixlog.txt

ESET SCAN.txt

SystemLook.txt

Link to post
Share on other sites

The ESET log is more or less ok, quarantined/zonealarm entries harmless. Entries in downloads/install folders are up to you, they are bundled with unwanted extras. Just be aware and do not use the default settings when running the installers.

 

Maybe install UnChecky, that will stop all bundled unwanted extras when installing certain freeware...

 

available here: http://unchecky.com/  have read of the information at the site...

Next,

 

Download OTM from either of the following links and save to your Desktop: (If your security alerts to OTM, either accept the alert or turn off security to allow OTM to run)

http://oldtimer.geekstogo.com/OTM.exe.
http://www.itxassociates.com/OT-Tools/OTM.com
http://www.itxassociates.com/OT-Tools/OTM.exe  

Double click OTM.exe to start the tool. Vista or Windows 7 users accepy UAC alert. Be aware all processes will be stopped during run, also Desktop will disappear, this will be put back on completion.... If your security alerts to OTM either, accept the alert or turn off security until OTM completes...

  • Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy). Ensure to start with and include the colon before Reg :Reg

    :Reg[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SOFTWARE\Wow6432Node\CLSID\F5D333A8-C748-4686-AE0A-9E008F670C22][HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9B65F9A3-9D24-452A-B6EF-1457D65E4259}]:FilesC:\Program Files(x86)\ScorpionSaverc:\Program Files\ScorpionSaver ServicesC:\Config.Msi\15a86060.rbfC:\Config.Msi\15a86089.rbf:Commands[EmptyTemp]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red btnmoveit.png button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM


Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.

 

post log from OTM, also give an update on any remaining issues or concerns...

 

Kevin..
 

Link to post
Share on other sites

OTM froze last night right after this section:

User: Rob
->Temp folder emptied: 455864 bytes
->Temporary Internet Files folder emptied: 76407 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 26007230 bytes
->Flash cache emptied: 0 bytes
 
So I ran it again this morning.
 
Results attached
 
09202014_035428.log is from last night 09202014_185919.log is from the rerun this morning

 

 

09202014_185919.log

09202014_035428.log

Link to post
Share on other sites

To clean up run the following;

 

Download "Delfix by Xplode" and save it to your desktop.

 

Or use the following if first link is down:

 

"Delfix link mirror"

 

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

 

Make Sure the following items are checked:

 


    Activate UAC
    Remove disinfection tools
    Create registry backup
    Purge System Restore
    Reset system settings

 

Now click on "Run" and wait patiently until the tool has completed.

 

The tool will create a log when it has completed. We don't need you to post this.

 

Part of the routine will be to create a registry back up with ERUNT,  the back up will be created here:

 

C:\Windows\ERUNT

 

When all is known to be well with your system you can delete that back up folder if you consider it as not needed...

 

Next,

 

Adobe Reader is outdated...

Visit http://get.adobe.com/uk/reader/otherversions/ and download the latest version of Acrobat Reader

 

Step 1 - Select your Operating System.

Step 2 - Select your Langauge.

Step 3 - Select latest version.

 

Untick the option for any security scanner or toolbar if offered.

 

Download and install.

 

Having the latest updates ensures there are no security vulnerabilities in your system.

 

Next,

 

Your Java javaicon.gif is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please follow these steps to remove older version of Java components and upgrade the application.

 

Upgrading Java:

 

Go to http://java.com/en/ and click on "Do I have Java"

It will check your current version and then offer to update to the latest version

Watch for and make sure you untick the box next to whatever free program they prompt you to install during the installation, unless you want it.

 

***Note: Check in Programs and Features (or Add/Remove Programs if you are an XP user) to make certain there are no old versions of Java still installed, if so - remove them. <<-- Very Important

 

If the above completes ok and there are no remaing issues or concerns are we ok to close out?

 

Read the following link to fully understand PC security and best practices, you may find it useful....

 

http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2316629

 

Thanks,

 

Kevin...

Link to post
Share on other sites

  • 2 months later...
  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.