Jump to content

Build Theme!
  •  
  • Infected?

big grin WE'RE SURE THAT YOU'LL LOVE US!

We invite you to ask questions, share experiences, and learn. It's 100% free. Did we mention that it's free. It is. It's free. Join 91521 other members! Anybody can ask, anybody can answer. Consistently helpful members with best answers are invited to staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Scorpion Saver Virus [Solved]


  • This topic is locked This topic is locked
74 replies to this topic

#46 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 23 November 2013 - 01:45 PM

Hi jhurst,

You're welcome, have a great day! :thumbup:


OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.

    Advertisements

Register to Remove


#47 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 23 November 2013 - 01:45 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please follow the instructions here http://forums.whatth...ed_t106388.html
and start a New Topic.
OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#48 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 01 December 2013 - 11:47 AM

re-opened at OP's request
 
Hi jhurst,

bullseye_zpse9eaf36e.gif Download Farbar Recovery Scan Tool and save to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click and select "Run as Administrator" to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run.
  • The first time the tool is run, it makes also another log (Addition.txt).
=========================

In your next post please provide the following:
  • FRST.txt
  • Addition.txt

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#49 jhurst

jhurst

    Authentic Member

  • Authentic Member
  • PipPip
  • 112 posts

Posted 01 December 2013 - 12:13 PM

Thank you for your reply.  We will try to remove again before the re-installation.  The Adware that seems to be creating the problems is the Scorpion Saver published by Adpeak and also GetSavin whichdisplays in IE while surfing and creates IE to stop working.  Both seem to have populated my registry again and Scorpion Saver is present as a folder in my Program Files directory.  I have not deleted anything since re-discovering again this morning.

 

I have posted the results of Farbar below:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-12-2013
Ran by JOHN (administrator) on HURST on 01-12-2013 13:01:11
Running from C:\Users\JOHN\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Adpeak, Inc.) C:\Program Files\ScorpionSaver Services\AdpeakProxy.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CrashPlan) C:\Program Files\CrashPlan\CrashPlanService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
() C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToMeeting\1216\g2mstart.exe
(Apple Inc.) C:\iCloud\iCloudServices.exe
(Apple Inc.) C:\iCloud\ApplePhotoStreams.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Code 42 Software, Inc.) C:\Program Files\CrashPlan\CrashPlanTray.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
() C:\Program Files (x86)\Microtek\ScanWizard 5\ScannerFinder.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dropbox, Inc.) C:\Users\JOHN\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\iCloud\APSDaemon.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToMeeting\1216\g2mcomm.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToMeeting\1216\g2mlauncher.exe
(Apple Inc.) C:\iCloud\ApplePhotoStreamsDownloader.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\N360.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\N360.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_117_ActiveX.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13192848 2012-08-20] (Realtek Semiconductor)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM-x32\...\Winlogon: [Userinit] C:\Windows\sysWOW64\userinit.exe [26624 2010-11-20] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [GoToMeeting] - C:\Program Files (x86)\Citrix\GoToMeeting\1216\g2mstart.exe [40816 2013-10-09] (Citrix Online, a division of Citrix Systems, Inc.)
HKCU\...\Run: [iCloudServices] - C:\iCloud\iCloudServices.exe [59720 2013-09-14] (Apple Inc.)
HKCU\...\Run: [ApplePhotoStreams] - C:\iCloud\ApplePhotoStreams.exe [59720 2013-09-15] (Apple Inc.)
HKCU\...\Run: [GoogleChromeAutoLaunch_E00AD99494FD4D55D8194B6473F2B641] - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [863184 2013-11-14] (Google Inc.)
MountPoints2: {64ca0cbb-f880-11e2-825c-4c72b9d1af79} - "F:\WD SmartWare.exe" autoplay=true
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [ConnectionCenter] - C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [305088 2011-04-25] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
AppInit_DLLs:   [ ] ()
Startup: C:\Users\JOHN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\JOHN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\JOHN\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
BHO-x32: ScorpionSaver - {10AD2C61-0898-4348-8600-14A342F22AC3} - C:\Program Files (x86)\ScorpionSaver\IECore.dll ()
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\IPS\IPSBHO.dll (Symantec Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab
DPF: HKLM-x32 {62AEFF80-16AD-4AC4-B812-E70EB5F37301} http://www.zenfolio....-ie-win-x86.cab
DPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnime...veX_Control.cab
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Winsock: Catalog9 01 C:\Windows\SysWOW64\AdpeakProxy.dll [338944] (Adpeak, Inc.)
Winsock: Catalog9 02 C:\Windows\SysWOW64\AdpeakProxy.dll [338944] (Adpeak, Inc.)
Winsock: Catalog9 03 C:\Windows\SysWOW64\AdpeakProxy.dll [338944] (Adpeak, Inc.)
Winsock: Catalog9 04 C:\Windows\SysWOW64\AdpeakProxy.dll [338944] (Adpeak, Inc.)
Winsock: Catalog9 15 C:\Windows\SysWOW64\AdpeakProxy.dll [338944] (Adpeak, Inc.)
Winsock: Catalog9-x64 01 C:\Windows\system32\AdpeakProxy64.dll [439296] (Adpeak, Inc.)
Winsock: Catalog9-x64 02 C:\Windows\system32\AdpeakProxy64.dll [439296] (Adpeak, Inc.)
Winsock: Catalog9-x64 03 C:\Windows\system32\AdpeakProxy64.dll [439296] (Adpeak, Inc.)
Winsock: Catalog9-x64 04 C:\Windows\system32\AdpeakProxy64.dll [439296] (Adpeak, Inc.)
Winsock: Catalog9-x64 15 C:\Windows\system32\AdpeakProxy64.dll [439296] (Adpeak, Inc.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Nero Kwik Media Helper) - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U17) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Extension: (Google Docs) - C:\Users\JOHN\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\JOHN\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\JOHN\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\JOHN\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Norton Identity Protection) - C:\Users\JOHN\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.6.0.27_0
CHR Extension: (Google Wallet) - C:\Users\JOHN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Gmail) - C:\Users\JOHN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\Exts\Chrome.crx

==================== Services (Whitelisted) =================

R2 AdpeakProxy; C:\Program Files\ScorpionSaver Services\AdpeakProxy.exe [3688448 2013-10-16] (Adpeak, Inc.)
R2 CrashPlanService; C:\Program Files\CrashPlan\CrashPlanService.exe [222720 2013-02-21] (CrashPlan)
R2 Level Quality Watcher; C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe [512504 2013-11-25] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\N360.exe [264360 2013-10-18] (Symantec Corporation)

==================== Drivers (Whitelisted) ====================

S2 ASPI32; No ImagePath
R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20131114.001\BHDrvx64.sys [1524824 2013-11-01] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1501000.012\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28216 2012-09-01] (Intel Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20131128.001\IDSvia64.sys [521816 2013-11-28] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20131129.001\ENG64.SYS [126040 2013-11-29] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20131129.001\EX64.SYS [2099288 2013-11-29] (Symantec Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1501000.012\SRTSP64.SYS [858200 2013-09-26] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1501000.012\SRTSPX64.SYS [36952 2013-09-09] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1501000.012\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1501000.012\SYMEFA64.SYS [1147480 2013-09-26] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-30] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1501000.012\Ironx64.SYS [264280 2013-09-26] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1501000.012\SYMNETS.SYS [590936 2013-09-25] (Symantec Corporation)
S1 AntiLog32; \??\C:\Windows\system32\drivers\AntiLog64.sys [x]
S3 keycrypt; system32\DRIVERS\KeyCrypt64.sys [x]
U5 terminpt; C:\Windows\System32\Drivers\terminpt.sys [29696 2012-08-23] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-12-01 13:01 - 2013-12-01 13:01 - 00019250 _____ C:\Users\JOHN\Desktop\FRST.txt
2013-12-01 13:01 - 2013-12-01 13:01 - 00000000 ____D C:\FRST
2013-12-01 12:59 - 2013-12-01 12:59 - 01959184 _____ (Farbar) C:\Users\JOHN\Desktop\FRST64.exe
2013-12-01 08:37 - 2013-12-01 08:37 - 00000000 ____D C:\Windows\System32\Tasks\Norton Security Suite
2013-12-01 08:25 - 2013-12-01 08:25 - 00000000 ____D C:\Program Files\ScorpionSaver Services
2013-11-30 16:01 - 2013-11-30 16:01 - 01978880 _____ C:\Users\JOHN\Downloads\ppt.survey.islam.fall13.ppt
2013-11-30 15:49 - 2013-12-01 08:29 - 00002447 _____ C:\Users\Public\Desktop\Norton Security Suite.lnk
2013-11-29 21:13 - 2013-11-29 21:13 - 00000000 ____D C:\Program Files (x86)\ScorpionSaver
2013-11-27 18:34 - 2013-12-01 12:19 - 00000000 ____D C:\AdwCleaner
2013-11-27 18:33 - 2013-11-27 18:33 - 01091882 _____ C:\Users\JOHN\Desktop\AdwCleaner.exe
2013-11-27 16:50 - 2013-10-16 10:18 - 00439296 _____ (Adpeak, Inc.) C:\Windows\system32\AdpeakProxy64.dll
2013-11-27 16:50 - 2013-10-16 10:18 - 00338944 _____ (Adpeak, Inc.) C:\Windows\SysWOW64\AdpeakProxy.dll
2013-11-27 10:42 - 2013-11-27 10:46 - 00000000 ____D C:\Users\JOHN\Documents\recipes
2013-11-27 07:47 - 2013-11-27 10:42 - 00000000 ____D C:\Users\JOHN\Documents\Kids Action Lists
2013-11-26 15:51 - 2013-11-26 15:51 - 00000000 ____D C:\Program Files\Level Quality Watcher
2013-11-25 16:45 - 2013-11-25 16:45 - 00040960 _____ C:\Users\JOHN\Desktop\Employment Application Office Creations.xls
2013-11-25 16:24 - 2013-11-25 16:24 - 00060416 _____ C:\Users\JOHN\Downloads\job-application-form.xls
2013-11-22 22:19 - 2013-11-22 22:19 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-11-22 22:19 - 2013-11-22 22:19 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-11-22 22:19 - 2013-11-22 22:19 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-11-22 22:19 - 2013-11-22 22:19 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-11-22 22:19 - 2013-11-22 22:19 - 00000000 ____D C:\ProgramData\Oracle
2013-11-22 22:19 - 2013-11-22 22:19 - 00000000 ____D C:\Program Files (x86)\Java
2013-11-22 15:46 - 2013-11-26 03:40 - 00000000 ____D C:\Users\JOHN\Documents\Fortiline Resumes
2013-11-22 10:12 - 2013-11-24 23:24 - 04877312 _____ C:\Users\JOHN\Documents\KSHurst UPS.ppt
2013-11-18 22:42 - 2013-11-18 22:42 - 00000207 _____ C:\Windows\tweaking.com-regbackup-HURST-Microsoft-Windows-7-Home-Premium-(64-bit).dat
2013-11-18 22:41 - 2013-11-18 22:41 - 00000000 ____D C:\RegBackup
2013-11-14 17:40 - 2013-11-14 17:40 - 00014848 _____ C:\Users\JOHN\Documents\KSHurst non profit.xls
2013-11-14 03:03 - 2013-10-13 10:58 - 17847296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-14 03:03 - 2013-10-13 10:09 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-14 03:03 - 2013-10-13 09:55 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-14 03:03 - 2013-10-13 09:48 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-14 03:03 - 2013-10-13 09:47 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-14 03:03 - 2013-10-13 09:46 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-14 03:03 - 2013-10-13 09:46 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-14 03:03 - 2013-10-13 09:44 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-14 03:03 - 2013-10-13 09:42 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-14 03:03 - 2013-10-13 09:42 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-14 03:03 - 2013-10-13 09:42 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-14 03:03 - 2013-10-13 09:39 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-14 03:03 - 2013-10-13 09:38 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-14 03:03 - 2013-10-13 09:36 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-14 03:03 - 2013-10-13 09:35 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-14 03:03 - 2013-10-13 09:29 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-14 03:03 - 2013-10-13 05:42 - 12344832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-14 03:03 - 2013-10-13 05:08 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-14 03:03 - 2013-10-13 04:48 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-14 03:03 - 2013-10-13 04:37 - 01104896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-14 03:03 - 2013-10-13 04:35 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-14 03:03 - 2013-10-13 04:35 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-14 03:03 - 2013-10-13 04:33 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-11-14 03:03 - 2013-10-13 04:32 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-14 03:03 - 2013-10-13 04:30 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-14 03:03 - 2013-10-13 04:30 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-11-14 03:03 - 2013-10-13 04:29 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-11-14 03:03 - 2013-10-13 04:27 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-14 03:03 - 2013-10-13 04:27 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-14 03:03 - 2013-10-13 04:26 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-11-14 03:03 - 2013-10-13 04:25 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-14 03:03 - 2013-10-13 04:20 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-13 20:34 - 2013-10-05 15:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-13 20:34 - 2013-10-05 14:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-13 20:34 - 2013-10-03 21:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-13 20:34 - 2013-10-03 21:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-13 20:34 - 2013-10-03 21:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-13 20:34 - 2013-10-03 20:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-13 20:34 - 2013-10-03 20:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-13 20:34 - 2013-10-03 20:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-13 20:34 - 2013-09-27 20:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-13 20:33 - 2013-10-11 21:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-13 20:33 - 2013-10-11 21:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-13 20:33 - 2013-10-11 21:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-13 20:33 - 2013-10-11 21:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-13 20:33 - 2013-10-11 21:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-13 20:33 - 2013-10-02 21:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-13 20:33 - 2013-10-02 21:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-13 20:33 - 2013-09-24 21:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-13 20:33 - 2013-09-24 21:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-13 20:33 - 2013-09-24 21:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-13 20:33 - 2013-09-24 21:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-13 20:33 - 2013-09-24 21:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-13 20:33 - 2013-09-24 21:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-13 20:33 - 2013-09-24 21:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-13 20:33 - 2013-09-24 21:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-13 20:33 - 2013-09-24 20:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-13 20:33 - 2013-09-24 20:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-13 20:33 - 2013-09-24 20:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-13 20:33 - 2013-09-24 20:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-13 20:33 - 2013-09-24 20:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-13 20:33 - 2013-07-04 07:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-12 20:25 - 2013-11-12 20:26 - 02347384 _____ (ESET) C:\Users\JOHN\Downloads\esetsmartinstaller_enu.exe
2013-11-12 20:06 - 2013-11-12 20:06 - 00001120 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-12 20:06 - 2013-11-12 20:06 - 00000000 ____D C:\Users\JOHN\AppData\Roaming\Malwarebytes
2013-11-12 20:06 - 2013-11-12 20:06 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-12 20:06 - 2013-11-12 20:06 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-12 20:06 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-11-10 14:37 - 2013-11-10 14:37 - 00000000 ____D C:\Windows\ERUNT
2013-11-08 15:31 - 2013-11-08 17:05 - 00000000 ____D C:\Users\JOHN\Documents\Weekly Introductions
2013-11-06 18:26 - 2013-11-21 17:11 - 00000000 ____D C:\Users\JOHN\Documents\BGCA Job Descriptions
2013-11-06 15:42 - 2013-11-06 15:42 - 00005360 _____ C:\Windows\SysWOW64\AdpeakProxy.ini
2013-11-06 15:42 - 2013-11-06 15:42 - 00005360 _____ C:\Windows\system32\AdpeakProxy.ini
2013-11-06 15:32 - 2013-11-06 15:32 - 00002312 _____ C:\Windows\SysWOW64\AdpeakProxyOff.ini
2013-11-06 15:32 - 2013-11-06 15:32 - 00002312 _____ C:\Windows\system32\AdpeakProxyOff.ini
2013-11-05 20:41 - 2013-11-05 20:41 - 00003136 _____ C:\Windows\System32\Tasks\{CEA6DBCE-EE85-4522-BAD8-57C2B648FADE}
2013-11-05 18:44 - 2013-11-05 19:19 - 00003196 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3611002179-1742434191-2402041160-1002
2013-11-05 09:30 - 2013-11-05 09:30 - 00172854 _____ C:\Users\JOHN\Desktop\untitled.bmp
2013-11-04 17:29 - 2013-11-04 17:29 - 00000000 ____D C:\ProgramData\McAfee
2013-11-04 16:53 - 2013-11-05 16:53 - 00000258 __RSH C:\Users\JOHN\ntuser.pol
2013-11-04 16:52 - 2013-11-05 19:20 - 00000000 ____D C:\Users\JOHN\AppData\Local\WordOv
2013-11-04 16:52 - 2013-11-04 17:10 - 00000000 ____D C:\Users\JOHN\AppData\Roaming\Google
2013-11-04 16:51 - 2013-11-05 19:23 - 00000000 ____D C:\Users\JOHN\AppData\Roaming\RealNetworks
2013-11-04 16:51 - 2013-11-05 19:19 - 00003332 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3611002179-1742434191-2402041160-1002
2013-11-04 16:50 - 2013-11-05 19:31 - 00000000 ____D C:\Program Files\Google
2013-11-04 16:50 - 2013-11-04 16:50 - 00000000 ____D C:\ProgramData\RealNetworks
2013-11-04 16:49 - 2013-11-05 19:23 - 00000000 ____D C:\Users\JOHN\AppData\Roaming\Real
2013-11-04 16:49 - 2013-11-05 19:23 - 00000000 ____D C:\Program Files (x86)\Real
2013-11-04 16:48 - 2013-11-05 19:23 - 00000000 ____D C:\ProgramData\Real
2013-11-02 11:22 - 2013-11-22 16:12 - 00000000 ____D C:\Users\JOHN\Documents\sue's contact list
2013-11-02 11:22 - 2013-11-07 17:22 - 00038441 _____ C:\Users\JOHN\AppData\Roaming\Microsoft Excel.ADR
2013-11-02 11:17 - 2013-11-02 11:17 - 00000000 ____D C:\Users\JOHN\Documents\Mailchimp Power of Networking
2013-11-01 09:40 - 2013-11-14 10:02 - 00000000 ____D C:\Users\JOHN\Documents\NOVEMBER 14 EVENT

==================== One Month Modified Files and Folders =======

2099-12-31 23:00 - 2013-04-06 13:38 - 00047354 _____ C:\Users\JOHN\Documents\message.wav
2013-12-01 13:01 - 2013-12-01 13:01 - 00019250 _____ C:\Users\JOHN\Desktop\FRST.txt
2013-12-01 13:01 - 2013-12-01 13:01 - 00000000 ____D C:\FRST
2013-12-01 12:59 - 2013-12-01 12:59 - 01959184 _____ (Farbar) C:\Users\JOHN\Desktop\FRST64.exe
2013-12-01 12:55 - 2013-04-03 11:03 - 01889911 _____ C:\Windows\WindowsUpdate.log
2013-12-01 12:47 - 2013-04-03 09:43 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-01 12:19 - 2013-11-27 18:34 - 00000000 ____D C:\AdwCleaner
2013-12-01 12:09 - 2012-06-27 09:46 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-01 11:57 - 2013-07-22 11:46 - 00000000 ____D C:\Users\JOHN\AppData\Roaming\Dropbox
2013-12-01 08:37 - 2013-12-01 08:37 - 00000000 ____D C:\Windows\System32\Tasks\Norton Security Suite
2013-12-01 08:36 - 2013-08-09 10:41 - 00003910 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{5C497AA6-8DA4-4F51-9231-255D2BE41896}
2013-12-01 08:36 - 2009-07-13 23:45 - 00029120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-01 08:36 - 2009-07-13 23:45 - 00029120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-01 08:30 - 2013-07-22 11:51 - 00000000 ___RD C:\Users\JOHN\Dropbox
2013-12-01 08:30 - 2013-04-06 16:50 - 00000000 ____D C:\Windows\system32\Drivers\N360x64
2013-12-01 08:29 - 2013-11-30 15:49 - 00002447 _____ C:\Users\Public\Desktop\Norton Security Suite.lnk
2013-12-01 08:29 - 2013-04-06 16:50 - 00003228 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2013-12-01 08:28 - 2013-04-03 09:43 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-01 08:28 - 2010-11-20 22:47 - 00366396 _____ C:\Windows\PFRO.log
2013-12-01 08:28 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-01 08:28 - 2009-07-13 23:51 - 00055686 _____ C:\Windows\setupact.log
2013-12-01 08:25 - 2013-12-01 08:25 - 00000000 ____D C:\Program Files\ScorpionSaver Services
2013-11-30 16:01 - 2013-11-30 16:01 - 01978880 _____ C:\Users\JOHN\Downloads\ppt.survey.islam.fall13.ppt
2013-11-30 15:49 - 2013-04-06 16:50 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2013-11-30 15:49 - 2013-04-06 16:50 - 00008222 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2013-11-30 15:48 - 2013-04-06 16:29 - 00000000 ____D C:\ProgramData\Norton
2013-11-30 01:10 - 2013-04-06 16:50 - 00000000 ____D C:\Program Files (x86)\Norton Security Suite
2013-11-30 01:08 - 2013-04-06 16:29 - 00000000 ____D C:\Users\Public\Downloads\Norton
2013-11-29 21:13 - 2013-11-29 21:13 - 00000000 ____D C:\Program Files (x86)\ScorpionSaver
2013-11-28 19:29 - 2013-04-06 13:38 - 00000000 ____D C:\Users\JOHN\Documents\KSHurst files
2013-11-28 18:42 - 2013-04-03 09:43 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-11-28 18:42 - 2013-04-03 09:43 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-11-27 22:56 - 2013-07-03 20:15 - 00000000 ____D C:\Users\JOHN\AppData\Local\CrashDumps
2013-11-27 18:33 - 2013-11-27 18:33 - 01091882 _____ C:\Users\JOHN\Desktop\AdwCleaner.exe
2013-11-27 17:26 - 2009-07-14 00:13 - 00732348 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-27 10:46 - 2013-11-27 10:42 - 00000000 ____D C:\Users\JOHN\Documents\recipes
2013-11-27 10:42 - 2013-11-27 07:47 - 00000000 ____D C:\Users\JOHN\Documents\Kids Action Lists
2013-11-26 15:51 - 2013-11-26 15:51 - 00000000 ____D C:\Program Files\Level Quality Watcher
2013-11-26 03:40 - 2013-11-22 15:46 - 00000000 ____D C:\Users\JOHN\Documents\Fortiline Resumes
2013-11-26 03:40 - 2013-10-18 16:29 - 00000000 ____D C:\Users\JOHN\Documents\KSHurst UPS
2013-11-26 03:39 - 2013-10-30 15:51 - 00000000 ____D C:\Users\JOHN\Documents\Next Steps
2013-11-25 16:45 - 2013-11-25 16:45 - 00040960 _____ C:\Users\JOHN\Desktop\Employment Application Office Creations.xls
2013-11-25 16:24 - 2013-11-25 16:24 - 00060416 _____ C:\Users\JOHN\Downloads\job-application-form.xls
2013-11-24 23:24 - 2013-11-22 10:12 - 04877312 _____ C:\Users\JOHN\Documents\KSHurst UPS.ppt
2013-11-23 16:25 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2013-11-23 08:12 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-11-22 22:19 - 2013-11-22 22:19 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-11-22 22:19 - 2013-11-22 22:19 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-11-22 22:19 - 2013-11-22 22:19 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-11-22 22:19 - 2013-11-22 22:19 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-11-22 22:19 - 2013-11-22 22:19 - 00000000 ____D C:\ProgramData\Oracle
2013-11-22 22:19 - 2013-11-22 22:19 - 00000000 ____D C:\Program Files (x86)\Java
2013-11-22 16:12 - 2013-11-02 11:22 - 00000000 ____D C:\Users\JOHN\Documents\sue's contact list
2013-11-22 11:41 - 2013-04-07 20:18 - 00000000 ____D C:\Users\JOHN\AppData\Local\Citrix
2013-11-21 17:11 - 2013-11-06 18:26 - 00000000 ____D C:\Users\JOHN\Documents\BGCA Job Descriptions
2013-11-18 22:42 - 2013-11-18 22:42 - 00000207 _____ C:\Windows\tweaking.com-regbackup-HURST-Microsoft-Windows-7-Home-Premium-(64-bit).dat
2013-11-18 22:41 - 2013-11-18 22:41 - 00000000 ____D C:\RegBackup
2013-11-18 20:49 - 2013-05-04 10:21 - 00000000 ____D C:\Blue Screen
2013-11-14 17:40 - 2013-11-14 17:40 - 00014848 _____ C:\Users\JOHN\Documents\KSHurst non profit.xls
2013-11-14 16:07 - 2013-04-03 09:43 - 00002190 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-11-14 10:02 - 2013-11-01 09:40 - 00000000 ____D C:\Users\JOHN\Documents\NOVEMBER 14 EVENT
2013-11-14 03:05 - 2009-07-13 21:34 - 00000526 _____ C:\Windows\win.ini
2013-11-14 03:03 - 2013-08-15 02:12 - 00000000 ____D C:\Windows\system32\MRT
2013-11-14 03:01 - 2012-04-24 11:48 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-13 20:26 - 2009-07-14 00:08 - 00032546 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-11-12 20:26 - 2013-11-12 20:25 - 02347384 _____ (ESET) C:\Users\JOHN\Downloads\esetsmartinstaller_enu.exe
2013-11-12 20:06 - 2013-11-12 20:06 - 00001120 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-12 20:06 - 2013-11-12 20:06 - 00000000 ____D C:\Users\JOHN\AppData\Roaming\Malwarebytes
2013-11-12 20:06 - 2013-11-12 20:06 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-12 20:06 - 2013-11-12 20:06 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-12 11:19 - 2013-10-29 12:47 - 00000000 ____D C:\Users\JOHN\Documents\KSHurst Office Creations
2013-11-10 20:00 - 2012-11-30 14:36 - 00745354 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-11-10 14:37 - 2013-11-10 14:37 - 00000000 ____D C:\Windows\ERUNT
2013-11-08 17:05 - 2013-11-08 15:31 - 00000000 ____D C:\Users\JOHN\Documents\Weekly Introductions
2013-11-07 17:22 - 2013-11-02 11:22 - 00038441 _____ C:\Users\JOHN\AppData\Roaming\Microsoft Excel.ADR
2013-11-06 15:42 - 2013-11-06 15:42 - 00005360 _____ C:\Windows\SysWOW64\AdpeakProxy.ini
2013-11-06 15:42 - 2013-11-06 15:42 - 00005360 _____ C:\Windows\system32\AdpeakProxy.ini
2013-11-06 15:32 - 2013-11-06 15:32 - 00002312 _____ C:\Windows\SysWOW64\AdpeakProxyOff.ini
2013-11-06 15:32 - 2013-11-06 15:32 - 00002312 _____ C:\Windows\system32\AdpeakProxyOff.ini
2013-11-05 20:41 - 2013-11-05 20:41 - 00003136 _____ C:\Windows\System32\Tasks\{CEA6DBCE-EE85-4522-BAD8-57C2B648FADE}
2013-11-05 20:29 - 2013-04-06 14:49 - 00090232 _____ C:\Users\JOHN\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-05 20:28 - 2009-07-13 23:45 - 00364616 _____ C:\Windows\system32\FNTCACHE.DAT
2013-11-05 19:31 - 2013-11-04 16:50 - 00000000 ____D C:\Program Files\Google
2013-11-05 19:31 - 2013-04-03 09:43 - 00000000 ____D C:\Program Files (x86)\Google
2013-11-05 19:23 - 2013-11-04 16:51 - 00000000 ____D C:\Users\JOHN\AppData\Roaming\RealNetworks
2013-11-05 19:23 - 2013-11-04 16:49 - 00000000 ____D C:\Users\JOHN\AppData\Roaming\Real
2013-11-05 19:23 - 2013-11-04 16:49 - 00000000 ____D C:\Program Files (x86)\Real
2013-11-05 19:23 - 2013-11-04 16:48 - 00000000 ____D C:\ProgramData\Real
2013-11-05 19:23 - 2013-04-06 13:26 - 00000000 ____D C:\Users\JOHN\AppData\Local\Google
2013-11-05 19:20 - 2013-11-04 16:52 - 00000000 ____D C:\Users\JOHN\AppData\Local\WordOv
2013-11-05 19:19 - 2013-11-05 18:44 - 00003196 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3611002179-1742434191-2402041160-1002
2013-11-05 19:19 - 2013-11-04 16:51 - 00003332 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3611002179-1742434191-2402041160-1002
2013-11-05 16:53 - 2013-11-04 16:53 - 00000258 __RSH C:\Users\JOHN\ntuser.pol
2013-11-05 16:53 - 2013-04-06 13:12 - 00000000 ____D C:\Users\JOHN
2013-11-05 09:30 - 2013-11-05 09:30 - 00172854 _____ C:\Users\JOHN\Desktop\untitled.bmp
2013-11-04 17:29 - 2013-11-04 17:29 - 00000000 ____D C:\ProgramData\McAfee
2013-11-04 17:10 - 2013-11-04 16:52 - 00000000 ____D C:\Users\JOHN\AppData\Roaming\Google
2013-11-04 16:53 - 2009-07-13 22:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2013-11-04 16:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2013-11-04 16:50 - 2013-11-04 16:50 - 00000000 ____D C:\ProgramData\RealNetworks
2013-11-02 16:24 - 2013-07-22 11:51 - 00001019 _____ C:\Users\JOHN\Desktop\Dropbox.lnk
2013-11-02 16:24 - 2013-07-22 11:48 - 00000000 ____D C:\Users\JOHN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-11-02 16:24 - 2013-04-06 13:12 - 00000000 ___RD C:\Users\JOHN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-02 11:17 - 2013-11-02 11:17 - 00000000 ____D C:\Users\JOHN\Documents\Mailchimp Power of Networking
2013-11-01 16:03 - 2013-10-31 10:23 - 00000000 ____D C:\Users\JOHN\Documents\christopher heard

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-11-30 16:36

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-12-2013
Ran by JOHN at 2013-12-01 13:01:56
Running from C:\Users\JOHN\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Norton Security Suite (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security Suite (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Security Suite (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

Adobe AIR (x32 Version: 3.6.0.6090)
Adobe Common File Installer (x32 Version: 1.00.002)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Help Center 2.1 (x32 Version: 2.1)
Adobe Photoshop Elements 2.0 (x32 Version: 2.0)
Adobe Premiere Elements 3.0 (x32 Version: 3.0.0)
Adobe Premiere Elements 3.0 Templates (x32 Version: 1.0.0)
Adobe Reader XI (11.0.02) (x32 Version: 11.0.02)
Adobe Shockwave Player 12.0 (x32 Version: 12.0.0.112)
Apple Application Support (x32 Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
Base CRM For Outlook 1.1.0.1 [JOHN] (HKCU Version: 1.1.0.1)
Bonjour (Version: 3.0.0.10)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (x32 Version: 1.7.2.11)
Canon Internet Library for ZoomBrowser EX (x32 Version: 1.6.3.9)
Canon MOV Decoder (x32 Version: 1.5.0.7)
Canon MOV Encoder (x32 Version: 1.3.1.3)
Canon MovieEdit Task for ZoomBrowser EX (x32 Version: 3.4.1.9)
Canon Utilities Digital Photo Professional 3.8 (x32 Version: 3.8.1.0)
Canon Utilities EOS Utility (x32 Version: 2.8.1.0)
Canon Utilities PhotoStitch (x32 Version: 3.1.22.46)
Canon Utilities Picture Style Editor (x32 Version: 1.7.0.0)
Canon Utilities WFT Utility (x32 Version: 3.5.1.1)
Canon Utilities ZoomBrowser EX (x32 Version: 6.5.1.15)
Canon ZoomBrowser EX Memory Card Utility (x32 Version: 1.3.0.4)
Citrix Online Launcher (x32 Version: 1.0.141)
Citrix online plug-in - web (x32 Version: 12.1.44.1)
Citrix online plug-in (DV) (x32 Version: 12.1.44.1)
Citrix online plug-in (HDX) (x32 Version: 12.1.44.1)
Citrix online plug-in (USB) (x32 Version: 12.1.44.1)
Citrix online plug-in (Web) (x32 Version: 12.1.44.1)
Compatibility Pack for the 2007 Office system (x32 Version: 12.0.6612.1000)
CrashPlan (Version: 3.5.2)
Dropbox (HKCU Version: 2.4.6)
Google Chrome (x32 Version: 65.96.32811)
Google Earth Plug-in (x32 Version: 7.1.1.1888)
Google Update Helper (x32 Version: 1.3.22.3)
GoToMeeting 6.0.0.1259 (HKCU Version: 6.0.0.1259)
High-Definition Video Playback (x32 Version: 7.3.10900.8.0)
iCloud (Version: 3.0.2.163)
Intel® Network Connections 17.4.95.0 (Version: 17.4.95.0)
Intel® Processor Graphics (x32 Version: 9.17.10.2932)
iTunes (Version: 11.0.5.5)
Java 7 Update 45 (x32 Version: 7.0.450)
Java Auto Updater (x32 Version: 2.1.9.8)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Professional Edition 2003 (x32 Version: 11.0.8173.0)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40303)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40308)
Mozilla Firefox 20.0 (x86 en-US) (x32 Version: 20.0)
Mozilla Maintenance Service (x32 Version: 20.0)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Nero 10 Menu TemplatePack Basic (x32 Version: 10.6.10000.0.0)
Nero 10 Movie ThemePack Basic (x32 Version: 10.6.10000.1.0)
Nero BurnRights 10 (x32 Version: 4.4.10300.1.100)
Nero Control Center 10 (x32 Version: 10.6.13000.0.11)
Nero ControlCenter 10 Help (CHM) (x32 Version: 10.5.10000)
Nero Core Components 10 (x32 Version: 2.0.19800.9.10)
Nero CoverDesigner 10 (x32 Version: 5.6.10500.3.100)
Nero DiscSpeed 10 (x32 Version: 6.4.10400.0.100)
Nero Express 10 (x32 Version: 10.6.10600.4.100)
Nero InfoTool 10 (x32 Version: 7.4.10200.0.100)
Nero Kwik Media (x32 Version: 1.6.16800.75.100)
Nero Multimedia Suite 10 Essentials (x32 Version: 10.5.10400)
Nero Recode 10 (x32 Version: 4.10.10600.4.100)
Nero StartSmart 10 (x32 Version: 10.6.10400.2.100)
Nero Update (x32 Version: 11.0.10022.15.0)
Nero Vision 10 (x32 Version: 7.4.10800.7.100)
NirSoft BlueScreenView (x32)
Norton Security Suite (x32 Version: 21.1.0.18)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6710)
ScanWizard 5 (x32)
ScorpionSaver (x32 Version: 1.0.0.0) <==== ATTENTION
ScorpionSaver Services (Version: 1.0.0.0) <==== ATTENTION
SES Driver (Version: 1.0.0)
swMSM (x32 Version: 12.0.0.1)
TSST OEM Content (x32 Version: 10.0.10300.0.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
WebInterpoint (x32 Version: 8.2.1)
Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM  (01/19/2011 1.0.0009.0) (Version: 01/19/2011 1.0.0009.0)
Zenfolio Uploader (x32)

==================== Restore Points  =========================

23-11-2013 13:11:58 Scheduled Checkpoint
27-11-2013 23:13:03 Removed ScorpionSaver Services
27-11-2013 23:16:28 Removed ScorpionSaver Services

==================== Hosts content: ==========================

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {15D29794-9AD0-46FC-BA68-674B582CC66C} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\WSCStub.exe [2013-10-08] (Symantec Corporation)
Task: {258725AD-02D8-45E1-BC98-923810489535} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3611002179-1742434191-2402041160-1002 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {29F1C5C0-EB8A-4CF0-9009-75659D50938E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-03] (Google Inc.)
Task: {99472DFF-A36A-446C-B029-BEA74AEE669D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-03] (Google Inc.)
Task: {AF670B7C-BBFC-4FAA-BE5D-F0D614B2C72E} - System32\Tasks\Norton Security Suite\Norton Error Analyzer => C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\symerr.exe [2013-08-01] (Symantec Corporation)
Task: {D4E9F944-D613-4EAF-92DD-21C8AADDF670} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3611002179-1742434191-2402041160-1002 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {E1C4B35F-1964-48F2-B08F-63A88D71E816} - System32\Tasks\Norton Security Suite\Norton Error Processor => C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\symerr.exe [2013-08-01] (Symantec Corporation)
Task: {E62C6273-1ED6-439B-BD0E-D608D1889B37} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-08] (Adobe Systems Incorporated)
Task: {FC7D4F21-04D1-4204-8958-3569CEC50018} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-04-24 14:04 - 2011-08-09 06:44 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-11-06 15:44 - 2013-11-06 15:44 - 00059904 _____ () c:\program files\scorpionsaver services\pcproxydll.dll
2013-01-28 12:08 - 2013-01-28 12:08 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-01-28 12:08 - 2013-01-28 12:08 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-14 00:51 - 2013-09-14 00:51 - 00087952 _____ () C:\iCloud\zlib1.dll
2013-09-14 00:50 - 2013-09-14 00:50 - 01242952 _____ () C:\iCloud\libxml2.dll
2013-08-23 14:01 - 2013-08-23 14:01 - 25100288 _____ () C:\Users\JOHN\AppData\Roaming\Dropbox\bin\libcef.dll
2013-11-14 16:07 - 2013-11-14 06:28 - 00702416 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\libglesv2.dll
2013-11-14 16:07 - 2013-11-14 06:28 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\libegl.dll
2013-11-14 16:07 - 2013-11-14 06:29 - 04055504 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\pdf.dll
2013-11-14 16:07 - 2013-11-14 06:29 - 00399312 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll
2013-11-14 16:07 - 2013-11-14 06:28 - 01619408 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ffmpegsumo.dll
2013-11-07 13:54 - 2013-11-07 13:54 - 00087560 _____ () C:\Program Files (x86)\ScorpionSaver\IECore.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\JOHN\Documents\Alexis Healthcare.nws:OECustomProperty
AlternateDataStreams: C:\Users\JOHN\Documents\GSA Newsletter 2.nws:OECustomProperty
AlternateDataStreams: C:\Users\JOHN\Documents\GSA Newsletter July.nws:OECustomProperty
AlternateDataStreams: C:\Users\JOHN\Documents\GSA Newsletter summer.nws:OECustomProperty
AlternateDataStreams: C:\Users\JOHN\Documents\GSA Newsletter.nws:OECustomProperty
AlternateDataStreams: C:\Users\JOHN\Documents\GSA Newsletterfinal.nws:OECustomProperty
AlternateDataStreams: C:\Users\JOHN\Documents\GSA Winter.nws:OECustomProperty

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AdpeakProxy => ""="service"

==================== Faulty Device Manager Devices =============

Name: AntiLog32
Description: AntiLog32
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: AntiLog32
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================

Application errors:
==================
Error: (12/01/2013 00:52:44 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13026

Error: (12/01/2013 00:52:44 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13026

Error: (12/01/2013 00:52:44 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/01/2013 00:52:43 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12012

Error: (12/01/2013 00:52:43 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12012

Error: (12/01/2013 00:52:43 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/01/2013 00:52:42 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11014

Error: (12/01/2013 00:52:42 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11014

Error: (12/01/2013 00:52:42 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/01/2013 00:52:41 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10016

System errors:
=============
Error: (12/01/2013 08:28:45 AM) (Source: Service Control Manager) (User: )
Description: The ASPI32 service failed to start due to the following error:
%%2

Error: (12/01/2013 08:25:19 AM) (Source: Service Control Manager) (User: )
Description: The AdpeakProxy service terminated unexpectedly.  It has done this 1 time(s).

Error: (11/29/2013 06:03:54 PM) (Source: Service Control Manager) (User: )
Description: The ASPI32 service failed to start due to the following error:
%%2

Error: (11/29/2013 05:53:08 PM) (Source: DCOM) (User: HURST)
Description: application-specificLocalActivation{D3DCB472-7261-43CE-924B-0704BD730D5F}{D3DCB472-7261-43CE-924B-0704BD730D5F}HURSTJOHNS-1-5-21-3611002179-1742434191-2402041160-1002LocalHost (Using LRPC)

Error: (11/29/2013 05:53:08 PM) (Source: DCOM) (User: HURST)
Description: application-specificLocalActivation{145B4335-FE2A-4927-A040-7C35AD3180EF}{145B4335-FE2A-4927-A040-7C35AD3180EF}HURSTJOHNS-1-5-21-3611002179-1742434191-2402041160-1002LocalHost (Using LRPC)

Error: (11/29/2013 10:35:45 AM) (Source: Service Control Manager) (User: )
Description: The ASPI32 service failed to start due to the following error:
%%2

Error: (11/29/2013 10:29:20 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 107.

Error: (11/29/2013 10:29:20 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

Error: (11/29/2013 10:29:20 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 107.

Error: (11/29/2013 10:29:20 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

Microsoft Office Sessions:
=========================
Error: (12/01/2013 00:52:44 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13026

Error: (12/01/2013 00:52:44 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13026

Error: (12/01/2013 00:52:44 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/01/2013 00:52:43 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12012

Error: (12/01/2013 00:52:43 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12012

Error: (12/01/2013 00:52:43 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/01/2013 00:52:42 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11014

Error: (12/01/2013 00:52:42 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11014

Error: (12/01/2013 00:52:42 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/01/2013 00:52:41 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10016



#50 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 01 December 2013 - 01:14 PM

Hi jhurst,

bullseye_zpse9eaf36e.gif Uninstall via Programs and Features

Click Start > Control Panel > Programs and Features. Locate and select the following that are present on the list and click the Remove button:
  • ScorpionSaver (x32 Version: 1.0.0.0)
  • ScorpionSaver Services (Version: 1.0.0.0)
=========================

bullseye_zpse9eaf36e.gif FRST Fix Script

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the desktop as fixlist.txt


(Adpeak, Inc.) C:\Program Files\ScorpionSaver Services\AdpeakProxy.exe
() C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: ScorpionSaver - {10AD2C61-0898-4348-8600-14A342F22AC3} - C:\Program Files (x86)\ScorpionSaver\IECore.dll ()
Winsock: Catalog9 01 C:\Windows\SysWOW64\AdpeakProxy.dll [338944] (Adpeak, Inc.)
Winsock: Catalog9 02 C:\Windows\SysWOW64\AdpeakProxy.dll [338944] (Adpeak, Inc.)
Winsock: Catalog9 03 C:\Windows\SysWOW64\AdpeakProxy.dll [338944] (Adpeak, Inc.)
Winsock: Catalog9 04 C:\Windows\SysWOW64\AdpeakProxy.dll [338944] (Adpeak, Inc.)
Winsock: Catalog9 15 C:\Windows\SysWOW64\AdpeakProxy.dll [338944] (Adpeak, Inc.)
Winsock: Catalog9-x64 01 C:\Windows\system32\AdpeakProxy64.dll [439296] (Adpeak, Inc.)
Winsock: Catalog9-x64 02 C:\Windows\system32\AdpeakProxy64.dll [439296] (Adpeak, Inc.)
Winsock: Catalog9-x64 03 C:\Windows\system32\AdpeakProxy64.dll [439296] (Adpeak, Inc.)
Winsock: Catalog9-x64 04 C:\Windows\system32\AdpeakProxy64.dll [439296] (Adpeak, Inc.)
Winsock: Catalog9-x64 15 C:\Windows\system32\AdpeakProxy64.dll [439296] (Adpeak, Inc.)
R2 AdpeakProxy; C:\Program Files\ScorpionSaver Services\AdpeakProxy.exe [3688448 2013-10-16] (Adpeak, Inc.)
R2 Level Quality Watcher; C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe [512504 2013-11-25] ()
2013-11-29 21:13 - 2013-11-29 21:13 - 00000000 ____D C:\Program Files (x86)\ScorpionSaver
2013-11-27 16:50 - 2013-10-16 10:18 - 00439296 _____ (Adpeak, Inc.) C:\Windows\system32\AdpeakProxy64.dll
2013-11-27 16:50 - 2013-10-16 10:18 - 00338944 _____ (Adpeak, Inc.) C:\Windows\SysWOW64\AdpeakProxy.dll
2013-11-26 15:51 - 2013-11-26 15:51 - 00000000 ____D C:\Program Files\Level Quality Watcher
2013-11-06 15:42 - 2013-11-06 15:42 - 00005360 _____ C:\Windows\SysWOW64\AdpeakProxy.ini
2013-11-06 15:42 - 2013-11-06 15:42 - 00005360 _____ C:\Windows\system32\AdpeakProxy.ini
2013-11-06 15:32 - 2013-11-06 15:32 - 00002312 _____ C:\Windows\SysWOW64\AdpeakProxyOff.ini
2013-11-06 15:32 - 2013-11-06 15:32 - 00002312 _____ C:\Windows\system32\AdpeakProxyOff.ini
2013-12-01 08:25 - 2013-12-01 08:25 - 00000000 ____D C:\Program Files\ScorpionSaver Services
ScorpionSaver (x32 Version: 1.0.0.0) <==== ATTENTION
ScorpionSaver Services (Version: 1.0.0.0) <==== ATTENTION
2013-11-06 15:44 - 2013-11-06 15:44 - 00059904 _____ () c:\program files\scorpionsaver services\pcproxydll.dll
2013-11-07 13:54 - 2013-11-07 13:54 - 00087560 _____ () C:\Program Files (x86)\ScorpionSaver\IECore.dll
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AdpeakProxy => ""="service"

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST and press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.

=========================

In your next post please provide the following:
  • Fixlog.txt

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#51 jhurst

jhurst

    Authentic Member

  • Authentic Member
  • PipPip
  • 112 posts

Posted 01 December 2013 - 04:27 PM

Hello,

 

After uninstalling the Scopion Saver programs my Outlook and IE and FRST did not work.  I rebooted my pc.  I was able to get FRST and IE working.  Outlook seems to be working at present.  The FRST fixlog.txt is below:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-12-2013
Ran by JOHN at 2013-12-01 17:22:23 Run:1
Running from C:\Users\JOHN\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
(Adpeak, Inc.) C:\Program Files\ScorpionSaver Services\AdpeakProxy.exe
() C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: ScorpionSaver - {10AD2C61-0898-4348-8600-14A342F22AC3} - C:\Program Files (x86)\ScorpionSaver\IECore.dll ()
Winsock: Catalog9 01 C:\Windows\SysWOW64\AdpeakProxy.dll [338944] (Adpeak, Inc.)
Winsock: Catalog9 02 C:\Windows\SysWOW64\AdpeakProxy.dll [338944] (Adpeak, Inc.)
Winsock: Catalog9 03 C:\Windows\SysWOW64\AdpeakProxy.dll [338944] (Adpeak, Inc.)
Winsock: Catalog9 04 C:\Windows\SysWOW64\AdpeakProxy.dll [338944] (Adpeak, Inc.)
Winsock: Catalog9 15 C:\Windows\SysWOW64\AdpeakProxy.dll [338944] (Adpeak, Inc.)
Winsock: Catalog9-x64 01 C:\Windows\system32\AdpeakProxy64.dll [439296] (Adpeak, Inc.)
Winsock: Catalog9-x64 02 C:\Windows\system32\AdpeakProxy64.dll [439296] (Adpeak, Inc.)
Winsock: Catalog9-x64 03 C:\Windows\system32\AdpeakProxy64.dll [439296] (Adpeak, Inc.)
Winsock: Catalog9-x64 04 C:\Windows\system32\AdpeakProxy64.dll [439296] (Adpeak, Inc.)
Winsock: Catalog9-x64 15 C:\Windows\system32\AdpeakProxy64.dll [439296] (Adpeak, Inc.)
R2 AdpeakProxy; C:\Program Files\ScorpionSaver Services\AdpeakProxy.exe [3688448 2013-10-16] (Adpeak, Inc.)
R2 Level Quality Watcher; C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe [512504 2013-11-25] ()
2013-11-29 21:13 - 2013-11-29 21:13 - 00000000 ____D C:\Program Files (x86)\ScorpionSaver
2013-11-27 16:50 - 2013-10-16 10:18 - 00439296 _____ (Adpeak, Inc.) C:\Windows\system32\AdpeakProxy64.dll
2013-11-27 16:50 - 2013-10-16 10:18 - 00338944 _____ (Adpeak, Inc.) C:\Windows\SysWOW64\AdpeakProxy.dll
2013-11-26 15:51 - 2013-11-26 15:51 - 00000000 ____D C:\Program Files\Level Quality Watcher
2013-11-06 15:42 - 2013-11-06 15:42 - 00005360 _____ C:\Windows\SysWOW64\AdpeakProxy.ini
2013-11-06 15:42 - 2013-11-06 15:42 - 00005360 _____ C:\Windows\system32\AdpeakProxy.ini
2013-11-06 15:32 - 2013-11-06 15:32 - 00002312 _____ C:\Windows\SysWOW64\AdpeakProxyOff.ini
2013-11-06 15:32 - 2013-11-06 15:32 - 00002312 _____ C:\Windows\system32\AdpeakProxyOff.ini
2013-12-01 08:25 - 2013-12-01 08:25 - 00000000 ____D C:\Program Files\ScorpionSaver Services
ScorpionSaver (x32 Version: 1.0.0.0) <==== ATTENTION
ScorpionSaver Services (Version: 1.0.0.0) <==== ATTENTION
2013-11-06 15:44 - 2013-11-06 15:44 - 00059904 _____ () c:\program files\scorpionsaver services\pcproxydll.dll
2013-11-07 13:54 - 2013-11-07 13:54 - 00087560 _____ () C:\Program Files (x86)\ScorpionSaver\IECore.dll
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AdpeakProxy => ""="service"

*****************

C:\Program Files\ScorpionSaver Services\AdpeakProxy.exe => No running process found
[1520] C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe => Process closed successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10AD2C61-0898-4348-8600-14A342F22AC3} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{10AD2C61-0898-4348-8600-14A342F22AC3} => Key deleted successfully.
Winsock: Catalog entry 000000000001 => Deleted successfully.
Winsock: Catalog entry 000000000002 => Deleted successfully.
Winsock: Catalog entry 000000000003 => Deleted successfully.
Winsock: Catalog entry 000000000004 => Deleted successfully.
Winsock: Catalog entry 000000000015 => Not found.
Winsock: Catalog entry 000000000001 => Deleted successfully.
Winsock: Catalog entry 000000000002 => Deleted successfully.
Winsock: Catalog entry 000000000003 => Deleted successfully.
Winsock: Catalog entry 000000000004 => Deleted successfully.
Winsock: Catalog entry 000000000015 => Not found.
AdpeakProxy => Service not found.
Level Quality Watcher => Service deleted successfully.
"C:\Program Files (x86)\ScorpionSaver" => File/Directory not found.
C:\Windows\system32\AdpeakProxy64.dll => Moved successfully.
C:\Windows\SysWOW64\AdpeakProxy.dll => Moved successfully.
C:\Program Files\Level Quality Watcher => Moved successfully.
"C:\Windows\SysWOW64\AdpeakProxy.ini" => File/Directory not found.
"C:\Windows\system32\AdpeakProxy.ini" => File/Directory not found.
"C:\Windows\SysWOW64\AdpeakProxyOff.ini" => File/Directory not found.
"C:\Windows\system32\AdpeakProxyOff.ini" => File/Directory not found.
"C:\Program Files\ScorpionSaver Services" => File/Directory not found.
"c:\program files\scorpionsaver services\pcproxydll.dll" => File/Directory not found.
"C:\Program Files (x86)\ScorpionSaver\IECore.dll" => File/Directory not found.
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\AdpeakProxy => Key not found.

==== End of Fixlog ====



#52 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 01 December 2013 - 07:27 PM

Hi jhurst,

How is the computer running?

Please re-run a scan with FRST. (no additions.txt will be produced)

In your next reply:
FRST.txt

 


OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#53 jhurst

jhurst

    Authentic Member

  • Authentic Member
  • PipPip
  • 112 posts

Posted 01 December 2013 - 08:31 PM

Hello - The computer seems to be running better than before.  I’ve included the FRST text below.

 

I did look in my C:\temp folder and see a couple of files still present that seem to be associated with the reinstallation of the Scorpion Saver:

 

Foo.txt

Lsp.txt

InstallServices64

ScorpionSaver

 

There are also references to Adpeak, Scorpion Saver, and GetSavin remaining in the registry.  I haven’t posted any of the keys here.

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-12-2013

Ran by JOHN (administrator) on HURST on 01-12-2013 21:25:44

Running from C:\Users\JOHN\Desktop

Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 9

Boot Mode: Normal

 

==================== Processes (Whitelisted) =================

 

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(CrashPlan) C:\Program Files\CrashPlan\CrashPlanService.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToMeeting\1216\g2mstart.exe

(Apple Inc.) C:\iCloud\iCloudServices.exe

(Apple Inc.) C:\iCloud\ApplePhotoStreams.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Code 42 Software, Inc.) C:\Program Files\CrashPlan\CrashPlanTray.exe

() C:\Program Files (x86)\Microtek\ScanWizard 5\ScannerFinder.exe

(Dropbox, Inc.) C:\Users\JOHN\AppData\Roaming\Dropbox\bin\Dropbox.exe

(Apple Inc.) C:\iCloud\APSDaemon.exe

(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToMeeting\1216\g2mcomm.exe

(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToMeeting\1216\g2mlauncher.exe

(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\N360.exe

(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\N360.exe

(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE

(Microsoft Corporation) C:\Windows\splwow64.exe

(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_117_ActiveX.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE

(Apple Inc.) C:\iCloud\ApplePhotoStreamsDownloader.exe

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13192848 2012-08-20] (Realtek Semiconductor)

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()

HKLM-x32\...\Winlogon: [Userinit] C:\Windows\sysWOW64\userinit.exe [26624 2010-11-20] (Microsoft Corporation)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKCU\...\Run: [GoToMeeting] - C:\Program Files (x86)\Citrix\GoToMeeting\1216\g2mstart.exe [40816 2013-10-09] (Citrix Online, a division of Citrix Systems, Inc.)

HKCU\...\Run: [iCloudServices] - C:\iCloud\iCloudServices.exe [59720 2013-09-14] (Apple Inc.)

HKCU\...\Run: [ApplePhotoStreams] - C:\iCloud\ApplePhotoStreams.exe [59720 2013-09-15] (Apple Inc.)

HKCU\...\Run: [GoogleChromeAutoLaunch_E00AD99494FD4D55D8194B6473F2B641] - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [863184 2013-11-14] (Google Inc.)

HKCU\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_117_ActiveX.exe -update activex [829832 2013-10-08] (Adobe Systems Incorporated)

MountPoints2: {64ca0cbb-f880-11e2-825c-4c72b9d1af79} - "F:\WD SmartWare.exe" autoplay=true

HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-18] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)

HKLM-x32\...\Run: [ConnectionCenter] - C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [305088 2011-04-25] (Citrix Systems, Inc.)

HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)

HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

AppInit_DLLs:   [ ] ()

Startup: C:\Users\JOHN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk

ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

Startup: C:\Users\JOHN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\JOHN\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.1.0.18\CoIEPlg.dll (Symantec Corporation)

BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\CoIEPlg.dll (Symantec Corporation)

BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\IPS\IPSBHO.dll (Symantec Corporation)

Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.1.0.18\CoIEPlg.dll (Symantec Corporation)

Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\CoIEPlg.dll (Symantec Corporation)

DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab

DPF: HKLM-x32 {62AEFF80-16AD-4AC4-B812-E70EB5F37301} http://www.zenfolio....-ie-win-x86.cab

DPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnime...veX_Control.cab

Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File

Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

 

Chrome:

=======

CHR HomePage: hxxp://www.google.com/

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll ()

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\pdf.dll ()

CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (Nero Kwik Media Helper) - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File

CHR Plugin: (Java™ Platform SE 7 U17) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)

CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll No File

CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\Windows\SysWOW64\npDeployJava1.dll No File

CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File

CHR Extension: (Google Docs) - C:\Users\JOHN\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0

CHR Extension: (Google Drive) - C:\Users\JOHN\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0

CHR Extension: (YouTube) - C:\Users\JOHN\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0

CHR Extension: (Google Search) - C:\Users\JOHN\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0

CHR Extension: (Norton Identity Protection) - C:\Users\JOHN\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.6.0.27_0

CHR Extension: (Google Wallet) - C:\Users\JOHN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0

CHR Extension: (Gmail) - C:\Users\JOHN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\Exts\Chrome.crx

 

==================== Services (Whitelisted) =================

 

R2 CrashPlanService; C:\Program Files\CrashPlan\CrashPlanService.exe [222720 2013-02-21] (CrashPlan)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\N360.exe [264360 2013-10-18] (Symantec Corporation)

 

==================== Drivers (Whitelisted) ====================

 

S2 ASPI32; No ImagePath

R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20131114.001\BHDrvx64.sys [1524824 2013-11-01] (Symantec Corporation)

R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1501000.012\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)

R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-12-01] (Symantec Corporation)

U3 EraserUtilDrv11312; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11312.sys [137648 2013-12-01] (Symantec Corporation)

R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28216 2012-09-01] (Intel Corporation)

R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20131128.001\IDSvia64.sys [521816 2013-11-28] (Symantec Corporation)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

R3 NAVENG; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20131201.007\ENG64.SYS [126040 2013-12-01] (Symantec Corporation)

R3 NAVEX15; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20131201.007\EX64.SYS [2099288 2013-12-01] (Symantec Corporation)

R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1501000.012\SRTSP64.SYS [858200 2013-09-26] (Symantec Corporation)

R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1501000.012\SRTSPX64.SYS [36952 2013-09-09] (Symantec Corporation)

R0 SymDS; C:\Windows\System32\drivers\N360x64\1501000.012\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)

R0 SymEFA; C:\Windows\System32\drivers\N360x64\1501000.012\SYMEFA64.SYS [1147480 2013-09-26] (Symantec Corporation)

R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-30] (Symantec Corporation)

R1 SymIRON; C:\Windows\system32\drivers\N360x64\1501000.012\Ironx64.SYS [264280 2013-09-26] (Symantec Corporation)

R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1501000.012\SYMNETS.SYS [590936 2013-09-25] (Symantec Corporation)

U4 AdpeakProxy;

S1 AntiLog32; \??\C:\Windows\system32\drivers\AntiLog64.sys [x]

S3 keycrypt; system32\DRIVERS\KeyCrypt64.sys [x]

S4 Level Quality Watcher;

U5 terminpt; C:\Windows\System32\Drivers\terminpt.sys [29696 2012-08-23] (Microsoft Corporation)

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2013-12-01 13:01 - 2013-12-01 21:25 - 00017809 _____ C:\Users\JOHN\Desktop\FRST.txt

2013-12-01 13:01 - 2013-12-01 13:02 - 00017988 _____ C:\Users\JOHN\Desktop\Addition.txt

2013-12-01 13:01 - 2013-12-01 13:01 - 00000000 ____D C:\FRST

2013-12-01 12:59 - 2013-12-01 12:59 - 01959184 _____ (Farbar) C:\Users\JOHN\Desktop\FRST64.exe

2013-12-01 08:37 - 2013-12-01 08:37 - 00000000 ____D C:\Windows\System32\Tasks\Norton Security Suite

2013-11-30 16:01 - 2013-11-30 16:01 - 01978880 _____ C:\Users\JOHN\Downloads\ppt.survey.islam.fall13.ppt

2013-11-30 15:49 - 2013-12-01 08:29 - 00002447 _____ C:\Users\Public\Desktop\Norton Security Suite.lnk

2013-11-27 18:34 - 2013-12-01 12:19 - 00000000 ____D C:\AdwCleaner

2013-11-27 18:33 - 2013-11-27 18:33 - 01091882 _____ C:\Users\JOHN\Desktop\AdwCleaner.exe

2013-11-27 10:42 - 2013-11-27 10:46 - 00000000 ____D C:\Users\JOHN\Documents\recipes

2013-11-27 07:47 - 2013-11-27 10:42 - 00000000 ____D C:\Users\JOHN\Documents\Kids Action Lists

2013-11-25 16:45 - 2013-11-25 16:45 - 00040960 _____ C:\Users\JOHN\Desktop\Employment Application Office Creations.xls

2013-11-25 16:24 - 2013-11-25 16:24 - 00060416 _____ C:\Users\JOHN\Downloads\job-application-form.xls

2013-11-22 22:19 - 2013-11-22 22:19 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2013-11-22 22:19 - 2013-11-22 22:19 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2013-11-22 22:19 - 2013-11-22 22:19 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2013-11-22 22:19 - 2013-11-22 22:19 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2013-11-22 22:19 - 2013-11-22 22:19 - 00000000 ____D C:\ProgramData\Oracle

2013-11-22 22:19 - 2013-11-22 22:19 - 00000000 ____D C:\Program Files (x86)\Java

2013-11-22 15:46 - 2013-11-26 03:40 - 00000000 ____D C:\Users\JOHN\Documents\Fortiline Resumes

2013-11-22 10:12 - 2013-11-24 23:24 - 04877312 _____ C:\Users\JOHN\Documents\KSHurst UPS.ppt

2013-11-18 22:42 - 2013-11-18 22:42 - 00000207 _____ C:\Windows\tweaking.com-regbackup-HURST-Microsoft-Windows-7-Home-Premium-(64-bit).dat

2013-11-18 22:41 - 2013-11-18 22:41 - 00000000 ____D C:\RegBackup

2013-11-14 17:40 - 2013-11-14 17:40 - 00014848 _____ C:\Users\JOHN\Documents\KSHurst non profit.xls

2013-11-14 03:03 - 2013-10-13 10:58 - 17847296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-11-14 03:03 - 2013-10-13 10:09 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-11-14 03:03 - 2013-10-13 09:55 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2013-11-14 03:03 - 2013-10-13 09:48 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-11-14 03:03 - 2013-10-13 09:47 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-11-14 03:03 - 2013-10-13 09:46 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2013-11-14 03:03 - 2013-10-13 09:46 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll

2013-11-14 03:03 - 2013-10-13 09:44 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2013-11-14 03:03 - 2013-10-13 09:42 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2013-11-14 03:03 - 2013-10-13 09:42 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2013-11-14 03:03 - 2013-10-13 09:42 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2013-11-14 03:03 - 2013-10-13 09:39 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-11-14 03:03 - 2013-10-13 09:38 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2013-11-14 03:03 - 2013-10-13 09:36 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2013-11-14 03:03 - 2013-10-13 09:35 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2013-11-14 03:03 - 2013-10-13 09:29 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2013-11-14 03:03 - 2013-10-13 05:42 - 12344832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-11-14 03:03 - 2013-10-13 05:08 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-11-14 03:03 - 2013-10-13 04:48 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-11-14 03:03 - 2013-10-13 04:37 - 01104896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-11-14 03:03 - 2013-10-13 04:35 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2013-11-14 03:03 - 2013-10-13 04:35 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-11-14 03:03 - 2013-10-13 04:33 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2013-11-14 03:03 - 2013-10-13 04:32 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-11-14 03:03 - 2013-10-13 04:30 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-11-14 03:03 - 2013-10-13 04:30 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2013-11-14 03:03 - 2013-10-13 04:29 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2013-11-14 03:03 - 2013-10-13 04:27 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-11-14 03:03 - 2013-10-13 04:27 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-11-14 03:03 - 2013-10-13 04:26 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2013-11-14 03:03 - 2013-10-13 04:25 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-11-14 03:03 - 2013-10-13 04:20 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-11-13 20:34 - 2013-10-05 15:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll

2013-11-13 20:34 - 2013-10-05 14:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll

2013-11-13 20:34 - 2013-10-03 21:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll

2013-11-13 20:34 - 2013-10-03 21:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll

2013-11-13 20:34 - 2013-10-03 21:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll

2013-11-13 20:34 - 2013-10-03 20:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll

2013-11-13 20:34 - 2013-10-03 20:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll

2013-11-13 20:34 - 2013-10-03 20:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll

2013-11-13 20:34 - 2013-09-27 20:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys

2013-11-13 20:33 - 2013-10-11 21:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll

2013-11-13 20:33 - 2013-10-11 21:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL

2013-11-13 20:33 - 2013-10-11 21:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL

2013-11-13 20:33 - 2013-10-11 21:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll

2013-11-13 20:33 - 2013-10-11 21:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL

2013-11-13 20:33 - 2013-10-02 21:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2013-11-13 20:33 - 2013-10-02 21:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll

2013-11-13 20:33 - 2013-09-24 21:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys

2013-11-13 20:33 - 2013-09-24 21:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys

2013-11-13 20:33 - 2013-09-24 21:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll

2013-11-13 20:33 - 2013-09-24 21:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll

2013-11-13 20:33 - 2013-09-24 21:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll

2013-11-13 20:33 - 2013-09-24 21:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2013-11-13 20:33 - 2013-09-24 21:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2013-11-13 20:33 - 2013-09-24 21:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll

2013-11-13 20:33 - 2013-09-24 20:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2013-11-13 20:33 - 2013-09-24 20:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2013-11-13 20:33 - 2013-09-24 20:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2013-11-13 20:33 - 2013-09-24 20:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2013-11-13 20:33 - 2013-09-24 20:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe

2013-11-13 20:33 - 2013-07-04 07:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys

2013-11-12 20:25 - 2013-11-12 20:26 - 02347384 _____ (ESET) C:\Users\JOHN\Downloads\esetsmartinstaller_enu.exe

2013-11-12 20:06 - 2013-11-12 20:06 - 00001120 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-11-12 20:06 - 2013-11-12 20:06 - 00000000 ____D C:\Users\JOHN\AppData\Roaming\Malwarebytes

2013-11-12 20:06 - 2013-11-12 20:06 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-11-12 20:06 - 2013-11-12 20:06 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-11-12 20:06 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2013-11-10 14:37 - 2013-11-10 14:37 - 00000000 ____D C:\Windows\ERUNT

2013-11-08 15:31 - 2013-11-08 17:05 - 00000000 ____D C:\Users\JOHN\Documents\Weekly Introductions

2013-11-06 18:26 - 2013-11-21 17:11 - 00000000 ____D C:\Users\JOHN\Documents\BGCA Job Descriptions

2013-11-05 20:41 - 2013-11-05 20:41 - 00003136 _____ C:\Windows\System32\Tasks\{CEA6DBCE-EE85-4522-BAD8-57C2B648FADE}

2013-11-05 18:44 - 2013-11-05 19:19 - 00003196 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3611002179-1742434191-2402041160-1002

2013-11-05 09:30 - 2013-11-05 09:30 - 00172854 _____ C:\Users\JOHN\Desktop\untitled.bmp

2013-11-04 17:29 - 2013-11-04 17:29 - 00000000 ____D C:\ProgramData\McAfee

2013-11-04 16:53 - 2013-11-05 16:53 - 00000258 __RSH C:\Users\JOHN\ntuser.pol

2013-11-04 16:52 - 2013-11-05 19:20 - 00000000 ____D C:\Users\JOHN\AppData\Local\WordOv

2013-11-04 16:52 - 2013-11-04 17:10 - 00000000 ____D C:\Users\JOHN\AppData\Roaming\Google

2013-11-04 16:51 - 2013-11-05 19:23 - 00000000 ____D C:\Users\JOHN\AppData\Roaming\RealNetworks

2013-11-04 16:51 - 2013-11-05 19:19 - 00003332 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3611002179-1742434191-2402041160-1002

2013-11-04 16:50 - 2013-11-05 19:31 - 00000000 ____D C:\Program Files\Google

2013-11-04 16:50 - 2013-11-04 16:50 - 00000000 ____D C:\ProgramData\RealNetworks

2013-11-04 16:49 - 2013-11-05 19:23 - 00000000 ____D C:\Users\JOHN\AppData\Roaming\Real

2013-11-04 16:49 - 2013-11-05 19:23 - 00000000 ____D C:\Program Files (x86)\Real

2013-11-04 16:48 - 2013-11-05 19:23 - 00000000 ____D C:\ProgramData\Real

2013-11-02 11:22 - 2013-11-22 16:12 - 00000000 ____D C:\Users\JOHN\Documents\sue's contact list

2013-11-02 11:22 - 2013-11-07 17:22 - 00038441 _____ C:\Users\JOHN\AppData\Roaming\Microsoft Excel.ADR

2013-11-02 11:17 - 2013-11-02 11:17 - 00000000 ____D C:\Users\JOHN\Documents\Mailchimp Power of Networking

2013-11-01 09:40 - 2013-11-14 10:02 - 00000000 ____D C:\Users\JOHN\Documents\NOVEMBER 14 EVENT

 

==================== One Month Modified Files and Folders =======

 

2099-12-31 23:00 - 2013-04-06 13:38 - 00047354 _____ C:\Users\JOHN\Documents\message.wav

2013-12-01 21:25 - 2013-12-01 13:01 - 00017809 _____ C:\Users\JOHN\Desktop\FRST.txt

2013-12-01 21:09 - 2012-06-27 09:46 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-12-01 20:47 - 2013-04-03 09:43 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-12-01 19:01 - 2013-04-03 11:03 - 01938482 _____ C:\Windows\WindowsUpdate.log

2013-12-01 18:56 - 2013-04-03 09:43 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-12-01 17:26 - 2009-07-13 23:45 - 00029120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-12-01 17:26 - 2009-07-13 23:45 - 00029120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-12-01 17:20 - 2013-07-22 11:46 - 00000000 ____D C:\Users\JOHN\AppData\Roaming\Dropbox

2013-12-01 17:19 - 2013-07-22 11:51 - 00000000 ___RD C:\Users\JOHN\Dropbox

2013-12-01 17:18 - 2010-11-20 22:47 - 00372964 _____ C:\Windows\PFRO.log

2013-12-01 17:18 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-12-01 17:18 - 2009-07-13 23:51 - 00055742 _____ C:\Windows\setupact.log

2013-12-01 13:02 - 2013-12-01 13:01 - 00017988 _____ C:\Users\JOHN\Desktop\Addition.txt

2013-12-01 13:01 - 2013-12-01 13:01 - 00000000 ____D C:\FRST

2013-12-01 12:59 - 2013-12-01 12:59 - 01959184 _____ (Farbar) C:\Users\JOHN\Desktop\FRST64.exe

2013-12-01 12:19 - 2013-11-27 18:34 - 00000000 ____D C:\AdwCleaner

2013-12-01 08:37 - 2013-12-01 08:37 - 00000000 ____D C:\Windows\System32\Tasks\Norton Security Suite

2013-12-01 08:36 - 2013-08-09 10:41 - 00003910 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{5C497AA6-8DA4-4F51-9231-255D2BE41896}

2013-12-01 08:30 - 2013-04-06 16:50 - 00000000 ____D C:\Windows\system32\Drivers\N360x64

2013-12-01 08:29 - 2013-11-30 15:49 - 00002447 _____ C:\Users\Public\Desktop\Norton Security Suite.lnk

2013-12-01 08:29 - 2013-04-06 16:50 - 00003228 _____ C:\Windows\System32\Tasks\Norton WSC Integration

2013-11-30 16:01 - 2013-11-30 16:01 - 01978880 _____ C:\Users\JOHN\Downloads\ppt.survey.islam.fall13.ppt

2013-11-30 15:49 - 2013-04-06 16:50 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS

2013-11-30 15:49 - 2013-04-06 16:50 - 00008222 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT

2013-11-30 15:48 - 2013-04-06 16:29 - 00000000 ____D C:\ProgramData\Norton

2013-11-30 01:10 - 2013-04-06 16:50 - 00000000 ____D C:\Program Files (x86)\Norton Security Suite

2013-11-30 01:08 - 2013-04-06 16:29 - 00000000 ____D C:\Users\Public\Downloads\Norton

2013-11-28 19:29 - 2013-04-06 13:38 - 00000000 ____D C:\Users\JOHN\Documents\KSHurst files

2013-11-28 18:42 - 2013-04-03 09:43 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2013-11-28 18:42 - 2013-04-03 09:43 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2013-11-27 22:56 - 2013-07-03 20:15 - 00000000 ____D C:\Users\JOHN\AppData\Local\CrashDumps

2013-11-27 18:33 - 2013-11-27 18:33 - 01091882 _____ C:\Users\JOHN\Desktop\AdwCleaner.exe

2013-11-27 17:26 - 2009-07-14 00:13 - 00732348 _____ C:\Windows\system32\PerfStringBackup.INI

2013-11-27 10:46 - 2013-11-27 10:42 - 00000000 ____D C:\Users\JOHN\Documents\recipes

2013-11-27 10:42 - 2013-11-27 07:47 - 00000000 ____D C:\Users\JOHN\Documents\Kids Action Lists

2013-11-26 03:40 - 2013-11-22 15:46 - 00000000 ____D C:\Users\JOHN\Documents\Fortiline Resumes

2013-11-26 03:40 - 2013-10-18 16:29 - 00000000 ____D C:\Users\JOHN\Documents\KSHurst UPS

2013-11-26 03:39 - 2013-10-30 15:51 - 00000000 ____D C:\Users\JOHN\Documents\Next Steps

2013-11-25 16:45 - 2013-11-25 16:45 - 00040960 _____ C:\Users\JOHN\Desktop\Employment Application Office Creations.xls

2013-11-25 16:24 - 2013-11-25 16:24 - 00060416 _____ C:\Users\JOHN\Downloads\job-application-form.xls

2013-11-24 23:24 - 2013-11-22 10:12 - 04877312 _____ C:\Users\JOHN\Documents\KSHurst UPS.ppt

2013-11-23 16:25 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache

2013-11-23 08:12 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\PolicyDefinitions

2013-11-22 22:19 - 2013-11-22 22:19 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2013-11-22 22:19 - 2013-11-22 22:19 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2013-11-22 22:19 - 2013-11-22 22:19 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2013-11-22 22:19 - 2013-11-22 22:19 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2013-11-22 22:19 - 2013-11-22 22:19 - 00000000 ____D C:\ProgramData\Oracle

2013-11-22 22:19 - 2013-11-22 22:19 - 00000000 ____D C:\Program Files (x86)\Java

2013-11-22 16:12 - 2013-11-02 11:22 - 00000000 ____D C:\Users\JOHN\Documents\sue's contact list

2013-11-22 11:41 - 2013-04-07 20:18 - 00000000 ____D C:\Users\JOHN\AppData\Local\Citrix

2013-11-21 17:11 - 2013-11-06 18:26 - 00000000 ____D C:\Users\JOHN\Documents\BGCA Job Descriptions

2013-11-18 22:42 - 2013-11-18 22:42 - 00000207 _____ C:\Windows\tweaking.com-regbackup-HURST-Microsoft-Windows-7-Home-Premium-(64-bit).dat

2013-11-18 22:41 - 2013-11-18 22:41 - 00000000 ____D C:\RegBackup

2013-11-18 20:49 - 2013-05-04 10:21 - 00000000 ____D C:\Blue Screen

2013-11-14 17:40 - 2013-11-14 17:40 - 00014848 _____ C:\Users\JOHN\Documents\KSHurst non profit.xls

2013-11-14 16:07 - 2013-04-03 09:43 - 00002190 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2013-11-14 10:02 - 2013-11-01 09:40 - 00000000 ____D C:\Users\JOHN\Documents\NOVEMBER 14 EVENT

2013-11-14 03:05 - 2009-07-13 21:34 - 00000526 _____ C:\Windows\win.ini

2013-11-14 03:03 - 2013-08-15 02:12 - 00000000 ____D C:\Windows\system32\MRT

2013-11-14 03:01 - 2012-04-24 11:48 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2013-11-13 20:26 - 2009-07-14 00:08 - 00032546 _____ C:\Windows\Tasks\SCHEDLGU.TXT

2013-11-12 20:26 - 2013-11-12 20:25 - 02347384 _____ (ESET) C:\Users\JOHN\Downloads\esetsmartinstaller_enu.exe

2013-11-12 20:06 - 2013-11-12 20:06 - 00001120 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-11-12 20:06 - 2013-11-12 20:06 - 00000000 ____D C:\Users\JOHN\AppData\Roaming\Malwarebytes

2013-11-12 20:06 - 2013-11-12 20:06 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-11-12 20:06 - 2013-11-12 20:06 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-11-12 11:19 - 2013-10-29 12:47 - 00000000 ____D C:\Users\JOHN\Documents\KSHurst Office Creations

2013-11-10 20:00 - 2012-11-30 14:36 - 00745354 _____ C:\Windows\SysWOW64\PerfStringBackup.INI

2013-11-10 14:37 - 2013-11-10 14:37 - 00000000 ____D C:\Windows\ERUNT

2013-11-08 17:05 - 2013-11-08 15:31 - 00000000 ____D C:\Users\JOHN\Documents\Weekly Introductions

2013-11-07 17:22 - 2013-11-02 11:22 - 00038441 _____ C:\Users\JOHN\AppData\Roaming\Microsoft Excel.ADR

2013-11-05 20:41 - 2013-11-05 20:41 - 00003136 _____ C:\Windows\System32\Tasks\{CEA6DBCE-EE85-4522-BAD8-57C2B648FADE}

2013-11-05 20:29 - 2013-04-06 14:49 - 00090232 _____ C:\Users\JOHN\AppData\Local\GDIPFONTCACHEV1.DAT

2013-11-05 20:28 - 2009-07-13 23:45 - 00364616 _____ C:\Windows\system32\FNTCACHE.DAT

2013-11-05 19:31 - 2013-11-04 16:50 - 00000000 ____D C:\Program Files\Google

2013-11-05 19:31 - 2013-04-03 09:43 - 00000000 ____D C:\Program Files (x86)\Google

2013-11-05 19:23 - 2013-11-04 16:51 - 00000000 ____D C:\Users\JOHN\AppData\Roaming\RealNetworks

2013-11-05 19:23 - 2013-11-04 16:49 - 00000000 ____D C:\Users\JOHN\AppData\Roaming\Real

2013-11-05 19:23 - 2013-11-04 16:49 - 00000000 ____D C:\Program Files (x86)\Real

2013-11-05 19:23 - 2013-11-04 16:48 - 00000000 ____D C:\ProgramData\Real

2013-11-05 19:23 - 2013-04-06 13:26 - 00000000 ____D C:\Users\JOHN\AppData\Local\Google

2013-11-05 19:20 - 2013-11-04 16:52 - 00000000 ____D C:\Users\JOHN\AppData\Local\WordOv

2013-11-05 19:19 - 2013-11-05 18:44 - 00003196 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3611002179-1742434191-2402041160-1002

2013-11-05 19:19 - 2013-11-04 16:51 - 00003332 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3611002179-1742434191-2402041160-1002

2013-11-05 16:53 - 2013-11-04 16:53 - 00000258 __RSH C:\Users\JOHN\ntuser.pol

2013-11-05 16:53 - 2013-04-06 13:12 - 00000000 ____D C:\Users\JOHN

2013-11-05 09:30 - 2013-11-05 09:30 - 00172854 _____ C:\Users\JOHN\Desktop\untitled.bmp

2013-11-04 17:29 - 2013-11-04 17:29 - 00000000 ____D C:\ProgramData\McAfee

2013-11-04 17:10 - 2013-11-04 16:52 - 00000000 ____D C:\Users\JOHN\AppData\Roaming\Google

2013-11-04 16:53 - 2009-07-13 22:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy

2013-11-04 16:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy

2013-11-04 16:50 - 2013-11-04 16:50 - 00000000 ____D C:\ProgramData\RealNetworks

2013-11-02 16:24 - 2013-07-22 11:51 - 00001019 _____ C:\Users\JOHN\Desktop\Dropbox.lnk

2013-11-02 16:24 - 2013-07-22 11:48 - 00000000 ____D C:\Users\JOHN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

2013-11-02 16:24 - 2013-04-06 13:12 - 00000000 ___RD C:\Users\JOHN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2013-11-02 11:17 - 2013-11-02 11:17 - 00000000 ____D C:\Users\JOHN\Documents\Mailchimp Power of Networking

2013-11-01 16:03 - 2013-10-31 10:23 - 00000000 ____D C:\Users\JOHN\Documents\christopher heard

 

==================== Bamital & volsnap Check =================

 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

 

LastRegBack: 2013-11-30 16:36

 

==================== End Of Log ============================



#54 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 01 December 2013 - 08:40 PM

Hi jhurst,

bullseye_zpse9eaf36e.gif Empty Temp Folder

  • Close all open applications.
  • Click the Start button.
  • In the Search programs and files box, enter Disk Cleanup and press Enter.
  • Locate Disk Cleanup in the list and double-click to open. Wait for the window to open.
  • Select (check) these choices.
    • Downloaded Program Files
    • Temporary Internet Files
    • Offline webpages
    • Recycle Bin
    • Temporary files
    • Thumbnails
    Note: Setup Log Files and System error memory dump files should be left un-checked.
  • Click OK. Click Delete Files.
  • The window will close when done.

=========================

What registry entries are still showing?


OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#55 jhurst

jhurst

    Authentic Member

  • Authentic Member
  • PipPip
  • 112 posts

Posted 02 December 2013 - 08:12 PM

Good evening - I followed your instructions above and have deleted the files from the temp file.

 

I also did a search in the Registry and located the following items:

 

When I search the Reg Edit using the text “Adpeak” the following keys/folders appear:

                                                                                   

HKEY_CLASSES_ROOT\AppID\AdpeakProxy.exe

HKEY_CLASSES_ROOT\Wow6432Node\AppID\AdpeakProxy.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\AdpeakProxy.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\AdpeakProxy.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Adpeak, Inc.

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\AdpeakProxy.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Wow6432Node\Adpeak, Inc.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AdpeakProxy

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AdpeakProxy

 

 

When I search the Reg Edit using the text “Scorpion” the following keys/folders appear.  In most cases the word ScorpionSaver is found with the folder identified below:

 

HKEY_CLASSES_ROOT\Software\Wow6432Node\CLSID\422332B5

HKEY_CLASSES_ROOT\Software\Wow6432Node\CLSID\422332B5\InProcServer32

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SOFTWARE\Wow6432Node\CLSID\422332B5

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SOFTWARE\Wow6432Node\CLSID\422332B5\InProcServer32

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Wow6432Node\Adpeak, Inc.\ScorpionSaver Services

HKEY_USERS\S-1-5-21-3611002179-1742434191-2402041160-1002\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit

 

 

When I search the Reg Edit using the text “Getsavin” the following keys/folders appear:

 

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\getsavinjs.info

HKEY_USERS\S-1-5-21-3611002179-1742434191-2402041160-1002\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\getsavinjs.info


    Advertisements

Register to Remove


#56 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 03 December 2013 - 12:14 AM

Hi jhurst,

bullseye_zpse9eaf36e.gif Tweaking.com Registry Backup

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.
  • Please download the installer for Registry Backup from here or here and save to your desktop.
  • Right-click on tweaking.com_registry_backup_setup.exe and select Run as Administrator >> Follow the prompts for a default installation
  • Ensure the option Open "Tweaking.com - Registry Backup" When Install Completes is selected >> Next >> Finish
  • Once the GUI (graphical user interface) has appeared/loaded:-
TCRB-1_zps767b9b43.jpg

Click on Backup Now >> once the process is complete the below will be displayed in the GUI:-

TBRB-2_zpsf0fd8682.jpg

Close Tweaking.com - Registry Backup

Note: There will now be a folder at the root of the Hard-Drive named C:\RegBackup, do not delete this as it is the actual backup just created.

=========================

Warning. Please note that this fix is specific for this poster and should not be used by anyone else:

Please do this:
  • Copy the contents of the Code Box below to Notepad.
  • Name the file as fix.reg
  • Change the Save as Type to All Files
  • and Save it on the desktop
Windows Registry Editor Version 5.00

[-HKEY_CLASSES_ROOT\AppID\AdpeakProxy.exe]
[-HKEY_CLASSES_ROOT\Wow6432Node\AppID\AdpeakProxy.exe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\AdpeakProxy.exe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\AdpeakProxy.exe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Adpeak, Inc.]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\AdpeakProxy.exe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Wow6432Node\Adpeak, Inc.]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AdpeakProxy]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AdpeakProxy]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\getsavinjs.info]
[-HKEY_USERS\S-1-5-21-3611002179-1742434191-2402041160-1002\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\getsavinjs.info]

Make sure there are NO blank lines before Windows Registry Editor Version 5.00

Then double-click on the fix.reg file, and when it prompts to merge say yes.

=========================

Check computer performance and status of Adpeak/Scorpion Saver issue.
OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#57 jhurst

jhurst

    Authentic Member

  • Authentic Member
  • PipPip
  • 112 posts

Posted 03 December 2013 - 06:58 PM

Good evening OCD,

 

I followed your Registry back-up instuctions before running script.  I then ran the recommended script and checked the Reg Edit.

 

Searching Adpeak retunred no entries

Searching Getsavin returned no entries

Searching Scorpion returned the following key entries in the folder section.  I also attemted to provide you with the contents of each folder also:

 

 

Folder

HKEY_CLASSES_ROOT\Software\Wow6432Node\CLSID\422332B5                                                                   

 

Name                            Type                 Data

(Default)                       REG_SZ           ScorpionSaver

 

 

 

Folder

HKEY_CLASSES_ROOT\Software\Wow6432Node\CLSID\422332B5\InProcServer32

 

Name                            Type                 Data

(Default)                       REG_SZ           C:\Program Files(x86)\ScorpionSaver\IECore.dll

Threading model           REG_SZ           Apartment

 

 

 

Folder

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SOFTWARE\Wow6432Node\CLSID\422332B5                             

 

Name                            Type                 Data

(Default)                       REG_SZ           ScorpionSaver 

 

 

 

Folder

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SOFTWARE\Wow6432Node\CLSID\422332B5\InProcServer32     

 

Name                            Type                 Data

(Default)                       REG_SZ           C:\Program Files(x86)\ScorpionSaver\IECore.dll

Threading model           REG_SZ           Apartment



#58 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 03 December 2013 - 10:33 PM

Hi jhurst,

Back-up the Registry again as outlined in my previous post before running this script.

=========================

Warning. Please note that this fix is specific for this poster and should not be used by anyone else:

Please do this:
  • Copy the contents of the Code Box below to Notepad.
  • Name the file as fix.reg
  • Change the Save as Type to All Files
  • and Save it on the desktop
Windows Registry Editor Version 5.00

[-HKEY_CLASSES_ROOT\Software\Wow6432Node\CLSID\422332B5]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SOFTWARE\Wow6432Node\CLSID\422332B5] 

Make sure there are NO blank lines before Windows Registry Editor Version 5.00

Then double-click on the fix.reg file, and when it prompts to merge say yes.

=========================

In your next post please provide the following:
  • Check status
  • Any remaining issues?

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#59 jhurst

jhurst

    Authentic Member

  • Authentic Member
  • PipPip
  • 112 posts

Posted 04 December 2013 - 06:06 PM

Hello -

 

Searching Adpeak returned no entries

Searching Getsavin returned no entries

Searching ScorpionSaver returned no entries.

 

Good news?



#60 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 04 December 2013 - 09:45 PM

Hi jhurst,

Why don't you test the computer for a day or two. If all is well, then we'll clean up and send you on your way. :adios:
OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users