This topic is lockedHi jhurst,
You're welcome, have a great day! 
WE'RE SURE THAT YOU'LL LOVE US!
Hey there! 
Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. 
Join 93084 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.
Try What the Tech -- It's free!
Scorpion Saver Virus [Solved]
Started by
jhurst
, Nov 05 2013 07:50 PM
74 replies to this topic
#46
OCD
-
- Malware Team
-
- 5,574 posts
SuperHelper
Posted 23 November 2013 - 01:45 PM
OCD
Proud Graduate of WTT Classroom
Member of UNITE
Threads will be closed if no response after 5 days
Proud Graduate of WTT Classroom
Member of UNITE
Threads will be closed if no response after 5 days
If you are satisfied with the help you have received, please consider making a donation.
Register to Remove
#47
OCD
-
- Malware Team
-
- 5,574 posts
SuperHelper
Posted 23 November 2013 - 01:45 PM
Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please follow the instructions here http://forums.whatth...ed_t106388.html
and start a New Topic.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please follow the instructions here http://forums.whatth...ed_t106388.html
and start a New Topic.
OCD
Proud Graduate of WTT Classroom
Member of UNITE
Threads will be closed if no response after 5 days
Proud Graduate of WTT Classroom
Member of UNITE
Threads will be closed if no response after 5 days
If you are satisfied with the help you have received, please consider making a donation.
#48
OCD
-
- Malware Team
-
- 5,574 posts
SuperHelper
Posted 01 December 2013 - 11:47 AM
re-opened at OP's request
Hi jhurst,
Download Farbar Recovery Scan Tool and save to your desktop.
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
In your next post please provide the following:
Hi jhurst,
Download Farbar Recovery Scan Tool and save to your desktop.Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
- Right click and select "Run as Administrator" to run it. When the tool opens click Yes to disclaimer.
- Press Scan button.
- It will make a log (FRST.txt) in the same directory the tool is run.
- The first time the tool is run, it makes also another log (Addition.txt).
In your next post please provide the following:
- FRST.txt
- Addition.txt
OCD
Proud Graduate of WTT Classroom
Member of UNITE
Threads will be closed if no response after 5 days
Proud Graduate of WTT Classroom
Member of UNITE
Threads will be closed if no response after 5 days
If you are satisfied with the help you have received, please consider making a donation.
#49
jhurst
-
- Authentic Member
-
- 112 posts
Authentic Member
Posted 01 December 2013 - 12:13 PM
Thank you for your reply. We will try to remove again before the re-installation. The Adware that seems to be creating the problems is the Scorpion Saver published by Adpeak and also GetSavin whichdisplays in IE while surfing and creates IE to stop working. Both seem to have populated my registry again and Scorpion Saver is present as a folder in my Program Files directory. I have not deleted anything since re-discovering again this morning.
I have posted the results of Farbar below:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-12-2013
Ran by JOHN (administrator) on HURST on 01-12-2013 13:01:11
Running from C:\Users\JOHN\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Adpeak, Inc.) C:\Program Files\ScorpionSaver Services\AdpeakProxy.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CrashPlan) C:\Program Files\CrashPlan\CrashPlanService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
() C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToMeeting\1216\g2mstart.exe
(Apple Inc.) C:\iCloud\iCloudServices.exe
(Apple Inc.) C:\iCloud\ApplePhotoStreams.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Code 42 Software, Inc.) C:\Program Files\CrashPlan\CrashPlanTray.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
() C:\Program Files (x86)\Microtek\ScanWizard 5\ScannerFinder.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dropbox, Inc.) C:\Users\JOHN\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\iCloud\APSDaemon.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToMeeting\1216\g2mcomm.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToMeeting\1216\g2mlauncher.exe
(Apple Inc.) C:\iCloud\ApplePhotoStreamsDownloader.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\N360.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\N360.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_117_ActiveX.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13192848 2012-08-20] (Realtek Semiconductor)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM-x32\...\Winlogon: [Userinit] C:\Windows\sysWOW64\userinit.exe [26624 2010-11-20] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [GoToMeeting] - C:\Program Files (x86)\Citrix\GoToMeeting\1216\g2mstart.exe [40816 2013-10-09] (Citrix Online, a division of Citrix Systems, Inc.)
HKCU\...\Run: [iCloudServices] - C:\iCloud\iCloudServices.exe [59720 2013-09-14] (Apple Inc.)
HKCU\...\Run: [ApplePhotoStreams] - C:\iCloud\ApplePhotoStreams.exe [59720 2013-09-15] (Apple Inc.)
HKCU\...\Run: [GoogleChromeAutoLaunch_E00AD99494FD4D55D8194B6473F2B641] - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [863184 2013-11-14] (Google Inc.)
MountPoints2: {64ca0cbb-f880-11e2-825c-4c72b9d1af79} - "F:\WD SmartWare.exe" autoplay=true
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [ConnectionCenter] - C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [305088 2011-04-25] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
AppInit_DLLs: [ ] ()
Startup: C:\Users\JOHN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\JOHN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\JOHN\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
BHO-x32: ScorpionSaver - {10AD2C61-0898-4348-8600-14A342F22AC3} - C:\Program Files (x86)\ScorpionSaver\IECore.dll ()
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\IPS\IPSBHO.dll (Symantec Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab
DPF: HKLM-x32 {62AEFF80-16AD-4AC4-B812-E70EB5F37301} http://www.zenfolio....-ie-win-x86.cab
DPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnime...veX_Control.cab
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Winsock: Catalog9 01 C:\Windows\SysWOW64\AdpeakProxy.dll [338944] (Adpeak, Inc.)
Winsock: Catalog9 02 C:\Windows\SysWOW64\AdpeakProxy.dll [338944] (Adpeak, Inc.)
Winsock: Catalog9 03 C:\Windows\SysWOW64\AdpeakProxy.dll [338944] (Adpeak, Inc.)
Winsock: Catalog9 04 C:\Windows\SysWOW64\AdpeakProxy.dll [338944] (Adpeak, Inc.)
Winsock: Catalog9 15 C:\Windows\SysWOW64\AdpeakProxy.dll [338944] (Adpeak, Inc.)
Winsock: Catalog9-x64 01 C:\Windows\system32\AdpeakProxy64.dll [439296] (Adpeak, Inc.)
Winsock: Catalog9-x64 02 C:\Windows\system32\AdpeakProxy64.dll [439296] (Adpeak, Inc.)
Winsock: Catalog9-x64 03 C:\Windows\system32\AdpeakProxy64.dll [439296] (Adpeak, Inc.)
Winsock: Catalog9-x64 04 C:\Windows\system32\AdpeakProxy64.dll [439296] (Adpeak, Inc.)
Winsock: Catalog9-x64 15 C:\Windows\system32\AdpeakProxy64.dll [439296] (Adpeak, Inc.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Nero Kwik Media Helper) - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U17) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Extension: (Google Docs) - C:\Users\JOHN\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\JOHN\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\JOHN\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\JOHN\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Norton Identity Protection) - C:\Users\JOHN\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.6.0.27_0
CHR Extension: (Google Wallet) - C:\Users\JOHN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Gmail) - C:\Users\JOHN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\Exts\Chrome.crx
==================== Services (Whitelisted) =================
R2 AdpeakProxy; C:\Program Files\ScorpionSaver Services\AdpeakProxy.exe [3688448 2013-10-16] (Adpeak, Inc.)
R2 CrashPlanService; C:\Program Files\CrashPlan\CrashPlanService.exe [222720 2013-02-21] (CrashPlan)
R2 Level Quality Watcher; C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe [512504 2013-11-25] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\N360.exe [264360 2013-10-18] (Symantec Corporation)
==================== Drivers (Whitelisted) ====================
S2 ASPI32; No ImagePath
R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20131114.001\BHDrvx64.sys [1524824 2013-11-01] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1501000.012\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28216 2012-09-01] (Intel Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20131128.001\IDSvia64.sys [521816 2013-11-28] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20131129.001\ENG64.SYS [126040 2013-11-29] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20131129.001\EX64.SYS [2099288 2013-11-29] (Symantec Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1501000.012\SRTSP64.SYS [858200 2013-09-26] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1501000.012\SRTSPX64.SYS [36952 2013-09-09] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1501000.012\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1501000.012\SYMEFA64.SYS [1147480 2013-09-26] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-30] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1501000.012\Ironx64.SYS [264280 2013-09-26] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1501000.012\SYMNETS.SYS [590936 2013-09-25] (Symantec Corporation)
S1 AntiLog32; \??\C:\Windows\system32\drivers\AntiLog64.sys [x]
S3 keycrypt; system32\DRIVERS\KeyCrypt64.sys [x]
U5 terminpt; C:\Windows\System32\Drivers\terminpt.sys [29696 2012-08-23] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-12-01 13:01 - 2013-12-01 13:01 - 00019250 _____ C:\Users\JOHN\Desktop\FRST.txt
2013-12-01 13:01 - 2013-12-01 13:01 - 00000000 ____D C:\FRST
2013-12-01 12:59 - 2013-12-01 12:59 - 01959184 _____ (Farbar) C:\Users\JOHN\Desktop\FRST64.exe
2013-12-01 08:37 - 2013-12-01 08:37 - 00000000 ____D C:\Windows\System32\Tasks\Norton Security Suite
2013-12-01 08:25 - 2013-12-01 08:25 - 00000000 ____D C:\Program Files\ScorpionSaver Services
2013-11-30 16:01 - 2013-11-30 16:01 - 01978880 _____ C:\Users\JOHN\Downloads\ppt.survey.islam.fall13.ppt
2013-11-30 15:49 - 2013-12-01 08:29 - 00002447 _____ C:\Users\Public\Desktop\Norton Security Suite.lnk
2013-11-29 21:13 - 2013-11-29 21:13 - 00000000 ____D C:\Program Files (x86)\ScorpionSaver
2013-11-27 18:34 - 2013-12-01 12:19 - 00000000 ____D C:\AdwCleaner
2013-11-27 18:33 - 2013-11-27 18:33 - 01091882 _____ C:\Users\JOHN\Desktop\AdwCleaner.exe
2013-11-27 16:50 - 2013-10-16 10:18 - 00439296 _____ (Adpeak, Inc.) C:\Windows\system32\AdpeakProxy64.dll
2013-11-27 16:50 - 2013-10-16 10:18 - 00338944 _____ (Adpeak, Inc.) C:\Windows\SysWOW64\AdpeakProxy.dll
2013-11-27 10:42 - 2013-11-27 10:46 - 00000000 ____D C:\Users\JOHN\Documents\recipes
2013-11-27 07:47 - 2013-11-27 10:42 - 00000000 ____D C:\Users\JOHN\Documents\Kids Action Lists
2013-11-26 15:51 - 2013-11-26 15:51 - 00000000 ____D C:\Program Files\Level Quality Watcher
2013-11-25 16:45 - 2013-11-25 16:45 - 00040960 _____ C:\Users\JOHN\Desktop\Employment Application Office Creations.xls
2013-11-25 16:24 - 2013-11-25 16:24 - 00060416 _____ C:\Users\JOHN\Downloads\job-application-form.xls
2013-11-22 22:19 - 2013-11-22 22:19 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-11-22 22:19 - 2013-11-22 22:19 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-11-22 22:19 - 2013-11-22 22:19 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-11-22 22:19 - 2013-11-22 22:19 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-11-22 22:19 - 2013-11-22 22:19 - 00000000 ____D C:\ProgramData\Oracle
2013-11-22 22:19 - 2013-11-22 22:19 - 00000000 ____D C:\Program Files (x86)\Java
2013-11-22 15:46 - 2013-11-26 03:40 - 00000000 ____D C:\Users\JOHN\Documents\Fortiline Resumes
2013-11-22 10:12 - 2013-11-24 23:24 - 04877312 _____ C:\Users\JOHN\Documents\KSHurst UPS.ppt
2013-11-18 22:42 - 2013-11-18 22:42 - 00000207 _____ C:\Windows\tweaking.com-regbackup-HURST-Microsoft-Windows-7-Home-Premium-(64-bit).dat
2013-11-18 22:41 - 2013-11-18 22:41 - 00000000 ____D C:\RegBackup
2013-11-14 17:40 - 2013-11-14 17:40 - 00014848 _____ C:\Users\JOHN\Documents\KSHurst non profit.xls
2013-11-14 03:03 - 2013-10-13 10:58 - 17847296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-14 03:03 - 2013-10-13 10:09 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-14 03:03 - 2013-10-13 09:55 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-14 03:03 - 2013-10-13 09:48 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-14 03:03 - 2013-10-13 09:47 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-14 03:03 - 2013-10-13 09:46 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-14 03:03 - 2013-10-13 09:46 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-14 03:03 - 2013-10-13 09:44 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-14 03:03 - 2013-10-13 09:42 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-14 03:03 - 2013-10-13 09:42 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-14 03:03 - 2013-10-13 09:42 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-14 03:03 - 2013-10-13 09:39 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-14 03:03 - 2013-10-13 09:38 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-14 03:03 - 2013-10-13 09:36 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-14 03:03 - 2013-10-13 09:35 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-14 03:03 - 2013-10-13 09:29 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-14 03:03 - 2013-10-13 05:42 - 12344832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-14 03:03 - 2013-10-13 05:08 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-14 03:03 - 2013-10-13 04:48 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-14 03:03 - 2013-10-13 04:37 - 01104896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-14 03:03 - 2013-10-13 04:35 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-14 03:03 - 2013-10-13 04:35 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-14 03:03 - 2013-10-13 04:33 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-11-14 03:03 - 2013-10-13 04:32 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-14 03:03 - 2013-10-13 04:30 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-14 03:03 - 2013-10-13 04:30 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-11-14 03:03 - 2013-10-13 04:29 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-11-14 03:03 - 2013-10-13 04:27 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-14 03:03 - 2013-10-13 04:27 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-14 03:03 - 2013-10-13 04:26 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-11-14 03:03 - 2013-10-13 04:25 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-14 03:03 - 2013-10-13 04:20 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-13 20:34 - 2013-10-05 15:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-13 20:34 - 2013-10-05 14:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-13 20:34 - 2013-10-03 21:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-13 20:34 - 2013-10-03 21:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-13 20:34 - 2013-10-03 21:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-13 20:34 - 2013-10-03 20:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-13 20:34 - 2013-10-03 20:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-13 20:34 - 2013-10-03 20:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-13 20:34 - 2013-09-27 20:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-13 20:33 - 2013-10-11 21:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-13 20:33 - 2013-10-11 21:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-13 20:33 - 2013-10-11 21:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-13 20:33 - 2013-10-11 21:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-13 20:33 - 2013-10-11 21:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-13 20:33 - 2013-10-02 21:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-13 20:33 - 2013-10-02 21:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-13 20:33 - 2013-09-24 21:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-13 20:33 - 2013-09-24 21:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-13 20:33 - 2013-09-24 21:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-13 20:33 - 2013-09-24 21:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-13 20:33 - 2013-09-24 21:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-13 20:33 - 2013-09-24 21:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-13 20:33 - 2013-09-24 21:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-13 20:33 - 2013-09-24 21:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-13 20:33 - 2013-09-24 20:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-13 20:33 - 2013-09-24 20:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-13 20:33 - 2013-09-24 20:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-13 20:33 - 2013-09-24 20:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-13 20:33 - 2013-09-24 20:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-13 20:33 - 2013-07-04 07:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-12 20:25 - 2013-11-12 20:26 - 02347384 _____ (ESET) C:\Users\JOHN\Downloads\esetsmartinstaller_enu.exe
2013-11-12 20:06 - 2013-11-12 20:06 - 00001120 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-12 20:06 - 2013-11-12 20:06 - 00000000 ____D C:\Users\JOHN\AppData\Roaming\Malwarebytes
2013-11-12 20:06 - 2013-11-12 20:06 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-12 20:06 - 2013-11-12 20:06 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-12 20:06 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-11-10 14:37 - 2013-11-10 14:37 - 00000000 ____D C:\Windows\ERUNT
2013-11-08 15:31 - 2013-11-08 17:05 - 00000000 ____D C:\Users\JOHN\Documents\Weekly Introductions
2013-11-06 18:26 - 2013-11-21 17:11 - 00000000 ____D C:\Users\JOHN\Documents\BGCA Job Descriptions
2013-11-06 15:42 - 2013-11-06 15:42 - 00005360 _____ C:\Windows\SysWOW64\AdpeakProxy.ini
2013-11-06 15:42 - 2013-11-06 15:42 - 00005360 _____ C:\Windows\system32\AdpeakProxy.ini
2013-11-06 15:32 - 2013-11-06 15:32 - 00002312 _____ C:\Windows\SysWOW64\AdpeakProxyOff.ini
2013-11-06 15:32 - 2013-11-06 15:32 - 00002312 _____ C:\Windows\system32\AdpeakProxyOff.ini
2013-11-05 20:41 - 2013-11-05 20:41 - 00003136 _____ C:\Windows\System32\Tasks\{CEA6DBCE-EE85-4522-BAD8-57C2B648FADE}
2013-11-05 18:44 - 2013-11-05 19:19 - 00003196 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3611002179-1742434191-2402041160-1002
2013-11-05 09:30 - 2013-11-05 09:30 - 00172854 _____ C:\Users\JOHN\Desktop\untitled.bmp
2013-11-04 17:29 - 2013-11-04 17:29 - 00000000 ____D C:\ProgramData\McAfee
2013-11-04 16:53 - 2013-11-05 16:53 - 00000258 __RSH C:\Users\JOHN\ntuser.pol
2013-11-04 16:52 - 2013-11-05 19:20 - 00000000 ____D C:\Users\JOHN\AppData\Local\WordOv
2013-11-04 16:52 - 2013-11-04 17:10 - 00000000 ____D C:\Users\JOHN\AppData\Roaming\Google
2013-11-04 16:51 - 2013-11-05 19:23 - 00000000 ____D C:\Users\JOHN\AppData\Roaming\RealNetworks
2013-11-04 16:51 - 2013-11-05 19:19 - 00003332 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3611002179-1742434191-2402041160-1002
2013-11-04 16:50 - 2013-11-05 19:31 - 00000000 ____D C:\Program Files\Google
2013-11-04 16:50 - 2013-11-04 16:50 - 00000000 ____D C:\ProgramData\RealNetworks
2013-11-04 16:49 - 2013-11-05 19:23 - 00000000 ____D C:\Users\JOHN\AppData\Roaming\Real
2013-11-04 16:49 - 2013-11-05 19:23 - 00000000 ____D C:\Program Files (x86)\Real
2013-11-04 16:48 - 2013-11-05 19:23 - 00000000 ____D C:\ProgramData\Real
2013-11-02 11:22 - 2013-11-22 16:12 - 00000000 ____D C:\Users\JOHN\Documents\sue's contact list
2013-11-02 11:22 - 2013-11-07 17:22 - 00038441 _____ C:\Users\JOHN\AppData\Roaming\Microsoft Excel.ADR
2013-11-02 11:17 - 2013-11-02 11:17 - 00000000 ____D C:\Users\JOHN\Documents\Mailchimp Power of Networking
2013-11-01 09:40 - 2013-11-14 10:02 - 00000000 ____D C:\Users\JOHN\Documents\NOVEMBER 14 EVENT
==================== One Month Modified Files and Folders =======
2099-12-31 23:00 - 2013-04-06 13:38 - 00047354 _____ C:\Users\JOHN\Documents\message.wav
2013-12-01 13:01 - 2013-12-01 13:01 - 00019250 _____ C:\Users\JOHN\Desktop\FRST.txt
2013-12-01 13:01 - 2013-12-01 13:01 - 00000000 ____D C:\FRST
2013-12-01 12:59 - 2013-12-01 12:59 - 01959184 _____ (Farbar) C:\Users\JOHN\Desktop\FRST64.exe
2013-12-01 12:55 - 2013-04-03 11:03 - 01889911 _____ C:\Windows\WindowsUpdate.log
2013-12-01 12:47 - 2013-04-03 09:43 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-01 12:19 - 2013-11-27 18:34 - 00000000 ____D C:\AdwCleaner
2013-12-01 12:09 - 2012-06-27 09:46 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-01 11:57 - 2013-07-22 11:46 - 00000000 ____D C:\Users\JOHN\AppData\Roaming\Dropbox
2013-12-01 08:37 - 2013-12-01 08:37 - 00000000 ____D C:\Windows\System32\Tasks\Norton Security Suite
2013-12-01 08:36 - 2013-08-09 10:41 - 00003910 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{5C497AA6-8DA4-4F51-9231-255D2BE41896}
2013-12-01 08:36 - 2009-07-13 23:45 - 00029120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-01 08:36 - 2009-07-13 23:45 - 00029120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-01 08:30 - 2013-07-22 11:51 - 00000000 ___RD C:\Users\JOHN\Dropbox
2013-12-01 08:30 - 2013-04-06 16:50 - 00000000 ____D C:\Windows\system32\Drivers\N360x64
2013-12-01 08:29 - 2013-11-30 15:49 - 00002447 _____ C:\Users\Public\Desktop\Norton Security Suite.lnk
2013-12-01 08:29 - 2013-04-06 16:50 - 00003228 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2013-12-01 08:28 - 2013-04-03 09:43 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-01 08:28 - 2010-11-20 22:47 - 00366396 _____ C:\Windows\PFRO.log
2013-12-01 08:28 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-01 08:28 - 2009-07-13 23:51 - 00055686 _____ C:\Windows\setupact.log
2013-12-01 08:25 - 2013-12-01 08:25 - 00000000 ____D C:\Program Files\ScorpionSaver Services
2013-11-30 16:01 - 2013-11-30 16:01 - 01978880 _____ C:\Users\JOHN\Downloads\ppt.survey.islam.fall13.ppt
2013-11-30 15:49 - 2013-04-06 16:50 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2013-11-30 15:49 - 2013-04-06 16:50 - 00008222 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2013-11-30 15:48 - 2013-04-06 16:29 - 00000000 ____D C:\ProgramData\Norton
2013-11-30 01:10 - 2013-04-06 16:50 - 00000000 ____D C:\Program Files (x86)\Norton Security Suite
2013-11-30 01:08 - 2013-04-06 16:29 - 00000000 ____D C:\Users\Public\Downloads\Norton
2013-11-29 21:13 - 2013-11-29 21:13 - 00000000 ____D C:\Program Files (x86)\ScorpionSaver
2013-11-28 19:29 - 2013-04-06 13:38 - 00000000 ____D C:\Users\JOHN\Documents\KSHurst files
2013-11-28 18:42 - 2013-04-03 09:43 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-11-28 18:42 - 2013-04-03 09:43 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-11-27 22:56 - 2013-07-03 20:15 - 00000000 ____D C:\Users\JOHN\AppData\Local\CrashDumps
2013-11-27 18:33 - 2013-11-27 18:33 - 01091882 _____ C:\Users\JOHN\Desktop\AdwCleaner.exe
2013-11-27 17:26 - 2009-07-14 00:13 - 00732348 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-27 10:46 - 2013-11-27 10:42 - 00000000 ____D C:\Users\JOHN\Documents\recipes
2013-11-27 10:42 - 2013-11-27 07:47 - 00000000 ____D C:\Users\JOHN\Documents\Kids Action Lists
2013-11-26 15:51 - 2013-11-26 15:51 - 00000000 ____D C:\Program Files\Level Quality Watcher
2013-11-26 03:40 - 2013-11-22 15:46 - 00000000 ____D C:\Users\JOHN\Documents\Fortiline Resumes
2013-11-26 03:40 - 2013-10-18 16:29 - 00000000 ____D C:\Users\JOHN\Documents\KSHurst UPS
2013-11-26 03:39 - 2013-10-30 15:51 - 00000000 ____D C:\Users\JOHN\Documents\Next Steps
2013-11-25 16:45 - 2013-11-25 16:45 - 00040960 _____ C:\Users\JOHN\Desktop\Employment Application Office Creations.xls
2013-11-25 16:24 - 2013-11-25 16:24 - 00060416 _____ C:\Users\JOHN\Downloads\job-application-form.xls
2013-11-24 23:24 - 2013-11-22 10:12 - 04877312 _____ C:\Users\JOHN\Documents\KSHurst UPS.ppt
2013-11-23 16:25 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2013-11-23 08:12 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-11-22 22:19 - 2013-11-22 22:19 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-11-22 22:19 - 2013-11-22 22:19 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-11-22 22:19 - 2013-11-22 22:19 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-11-22 22:19 - 2013-11-22 22:19 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-11-22 22:19 - 2013-11-22 22:19 - 00000000 ____D C:\ProgramData\Oracle
2013-11-22 22:19 - 2013-11-22 22:19 - 00000000 ____D C:\Program Files (x86)\Java
2013-11-22 16:12 - 2013-11-02 11:22 - 00000000 ____D C:\Users\JOHN\Documents\sue's contact list
2013-11-22 11:41 - 2013-04-07 20:18 - 00000000 ____D C:\Users\JOHN\AppData\Local\Citrix
2013-11-21 17:11 - 2013-11-06 18:26 - 00000000 ____D C:\Users\JOHN\Documents\BGCA Job Descriptions
2013-11-18 22:42 - 2013-11-18 22:42 - 00000207 _____ C:\Windows\tweaking.com-regbackup-HURST-Microsoft-Windows-7-Home-Premium-(64-bit).dat
2013-11-18 22:41 - 2013-11-18 22:41 - 00000000 ____D C:\RegBackup
2013-11-18 20:49 - 2013-05-04 10:21 - 00000000 ____D C:\Blue Screen
2013-11-14 17:40 - 2013-11-14 17:40 - 00014848 _____ C:\Users\JOHN\Documents\KSHurst non profit.xls
2013-11-14 16:07 - 2013-04-03 09:43 - 00002190 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-11-14 10:02 - 2013-11-01 09:40 - 00000000 ____D C:\Users\JOHN\Documents\NOVEMBER 14 EVENT
2013-11-14 03:05 - 2009-07-13 21:34 - 00000526 _____ C:\Windows\win.ini
2013-11-14 03:03 - 2013-08-15 02:12 - 00000000 ____D C:\Windows\system32\MRT
2013-11-14 03:01 - 2012-04-24 11:48 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-13 20:26 - 2009-07-14 00:08 - 00032546 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-11-12 20:26 - 2013-11-12 20:25 - 02347384 _____ (ESET) C:\Users\JOHN\Downloads\esetsmartinstaller_enu.exe
2013-11-12 20:06 - 2013-11-12 20:06 - 00001120 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-12 20:06 - 2013-11-12 20:06 - 00000000 ____D C:\Users\JOHN\AppData\Roaming\Malwarebytes
2013-11-12 20:06 - 2013-11-12 20:06 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-12 20:06 - 2013-11-12 20:06 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-12 11:19 - 2013-10-29 12:47 - 00000000 ____D C:\Users\JOHN\Documents\KSHurst Office Creations
2013-11-10 20:00 - 2012-11-30 14:36 - 00745354 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-11-10 14:37 - 2013-11-10 14:37 - 00000000 ____D C:\Windows\ERUNT
2013-11-08 17:05 - 2013-11-08 15:31 - 00000000 ____D C:\Users\JOHN\Documents\Weekly Introductions
2013-11-07 17:22 - 2013-11-02 11:22 - 00038441 _____ C:\Users\JOHN\AppData\Roaming\Microsoft Excel.ADR
2013-11-06 15:42 - 2013-11-06 15:42 - 00005360 _____ C:\Windows\SysWOW64\AdpeakProxy.ini
2013-11-06 15:42 - 2013-11-06 15:42 - 00005360 _____ C:\Windows\system32\AdpeakProxy.ini
2013-11-06 15:32 - 2013-11-06 15:32 - 00002312 _____ C:\Windows\SysWOW64\AdpeakProxyOff.ini
2013-11-06 15:32 - 2013-11-06 15:32 - 00002312 _____ C:\Windows\system32\AdpeakProxyOff.ini
2013-11-05 20:41 - 2013-11-05 20:41 - 00003136 _____ C:\Windows\System32\Tasks\{CEA6DBCE-EE85-4522-BAD8-57C2B648FADE}
2013-11-05 20:29 - 2013-04-06 14:49 - 00090232 _____ C:\Users\JOHN\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-05 20:28 - 2009-07-13 23:45 - 00364616 _____ C:\Windows\system32\FNTCACHE.DAT
2013-11-05 19:31 - 2013-11-04 16:50 - 00000000 ____D C:\Program Files\Google
2013-11-05 19:31 - 2013-04-03 09:43 - 00000000 ____D C:\Program Files (x86)\Google
2013-11-05 19:23 - 2013-11-04 16:51 - 00000000 ____D C:\Users\JOHN\AppData\Roaming\RealNetworks
2013-11-05 19:23 - 2013-11-04 16:49 - 00000000 ____D C:\Users\JOHN\AppData\Roaming\Real
2013-11-05 19:23 - 2013-11-04 16:49 - 00000000 ____D C:\Program Files (x86)\Real
2013-11-05 19:23 - 2013-11-04 16:48 - 00000000 ____D C:\ProgramData\Real
2013-11-05 19:23 - 2013-04-06 13:26 - 00000000 ____D C:\Users\JOHN\AppData\Local\Google
2013-11-05 19:20 - 2013-11-04 16:52 - 00000000 ____D C:\Users\JOHN\AppData\Local\WordOv
2013-11-05 19:19 - 2013-11-05 18:44 - 00003196 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3611002179-1742434191-2402041160-1002
2013-11-05 19:19 - 2013-11-04 16:51 - 00003332 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3611002179-1742434191-2402041160-1002
2013-11-05 16:53 - 2013-11-04 16:53 - 00000258 __RSH C:\Users\JOHN\ntuser.pol
2013-11-05 16:53 - 2013-04-06 13:12 - 00000000 ____D C:\Users\JOHN
2013-11-05 09:30 - 2013-11-05 09:30 - 00172854 _____ C:\Users\JOHN\Desktop\untitled.bmp
2013-11-04 17:29 - 2013-11-04 17:29 - 00000000 ____D C:\ProgramData\McAfee
2013-11-04 17:10 - 2013-11-04 16:52 - 00000000 ____D C:\Users\JOHN\AppData\Roaming\Google
2013-11-04 16:53 - 2009-07-13 22:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2013-11-04 16:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2013-11-04 16:50 - 2013-11-04 16:50 - 00000000 ____D C:\ProgramData\RealNetworks
2013-11-02 16:24 - 2013-07-22 11:51 - 00001019 _____ C:\Users\JOHN\Desktop\Dropbox.lnk
2013-11-02 16:24 - 2013-07-22 11:48 - 00000000 ____D C:\Users\JOHN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-11-02 16:24 - 2013-04-06 13:12 - 00000000 ___RD C:\Users\JOHN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-02 11:17 - 2013-11-02 11:17 - 00000000 ____D C:\Users\JOHN\Documents\Mailchimp Power of Networking
2013-11-01 16:03 - 2013-10-31 10:23 - 00000000 ____D C:\Users\JOHN\Documents\christopher heard
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-11-30 16:36
==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-12-2013
Ran by JOHN at 2013-12-01 13:01:56
Running from C:\Users\JOHN\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Norton Security Suite (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security Suite (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Security Suite (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
==================== Installed Programs ======================
Adobe AIR (x32 Version: 3.6.0.6090)
Adobe Common File Installer (x32 Version: 1.00.002)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Help Center 2.1 (x32 Version: 2.1)
Adobe Photoshop Elements 2.0 (x32 Version: 2.0)
Adobe Premiere Elements 3.0 (x32 Version: 3.0.0)
Adobe Premiere Elements 3.0 Templates (x32 Version: 1.0.0)
Adobe Reader XI (11.0.02) (x32 Version: 11.0.02)
Adobe Shockwave Player 12.0 (x32 Version: 12.0.0.112)
Apple Application Support (x32 Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
Base CRM For Outlook 1.1.0.1 [JOHN] (HKCU Version: 1.1.0.1)
Bonjour (Version: 3.0.0.10)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (x32 Version: 1.7.2.11)
Canon Internet Library for ZoomBrowser EX (x32 Version: 1.6.3.9)
Canon MOV Decoder (x32 Version: 1.5.0.7)
Canon MOV Encoder (x32 Version: 1.3.1.3)
Canon MovieEdit Task for ZoomBrowser EX (x32 Version: 3.4.1.9)
Canon Utilities Digital Photo Professional 3.8 (x32 Version: 3.8.1.0)
Canon Utilities EOS Utility (x32 Version: 2.8.1.0)
Canon Utilities PhotoStitch (x32 Version: 3.1.22.46)
Canon Utilities Picture Style Editor (x32 Version: 1.7.0.0)
Canon Utilities WFT Utility (x32 Version: 3.5.1.1)
Canon Utilities ZoomBrowser EX (x32 Version: 6.5.1.15)
Canon ZoomBrowser EX Memory Card Utility (x32 Version: 1.3.0.4)
Citrix Online Launcher (x32 Version: 1.0.141)
Citrix online plug-in - web (x32 Version: 12.1.44.1)
Citrix online plug-in (DV) (x32 Version: 12.1.44.1)
Citrix online plug-in (HDX) (x32 Version: 12.1.44.1)
Citrix online plug-in (USB) (x32 Version: 12.1.44.1)
Citrix online plug-in (Web) (x32 Version: 12.1.44.1)
Compatibility Pack for the 2007 Office system (x32 Version: 12.0.6612.1000)
CrashPlan (Version: 3.5.2)
Dropbox (HKCU Version: 2.4.6)
Google Chrome (x32 Version: 65.96.32811)
Google Earth Plug-in (x32 Version: 7.1.1.1888)
Google Update Helper (x32 Version: 1.3.22.3)
GoToMeeting 6.0.0.1259 (HKCU Version: 6.0.0.1259)
High-Definition Video Playback (x32 Version: 7.3.10900.8.0)
iCloud (Version: 3.0.2.163)
Intel® Network Connections 17.4.95.0 (Version: 17.4.95.0)
Intel® Processor Graphics (x32 Version: 9.17.10.2932)
iTunes (Version: 11.0.5.5)
Java 7 Update 45 (x32 Version: 7.0.450)
Java Auto Updater (x32 Version: 2.1.9.8)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Professional Edition 2003 (x32 Version: 11.0.8173.0)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40303)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40308)
Mozilla Firefox 20.0 (x86 en-US) (x32 Version: 20.0)
Mozilla Maintenance Service (x32 Version: 20.0)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Nero 10 Menu TemplatePack Basic (x32 Version: 10.6.10000.0.0)
Nero 10 Movie ThemePack Basic (x32 Version: 10.6.10000.1.0)
Nero BurnRights 10 (x32 Version: 4.4.10300.1.100)
Nero Control Center 10 (x32 Version: 10.6.13000.0.11)
Nero ControlCenter 10 Help (CHM) (x32 Version: 10.5.10000)
Nero Core Components 10 (x32 Version: 2.0.19800.9.10)
Nero CoverDesigner 10 (x32 Version: 5.6.10500.3.100)
Nero DiscSpeed 10 (x32 Version: 6.4.10400.0.100)
Nero Express 10 (x32 Version: 10.6.10600.4.100)
Nero InfoTool 10 (x32 Version: 7.4.10200.0.100)
Nero Kwik Media (x32 Version: 1.6.16800.75.100)
Nero Multimedia Suite 10 Essentials (x32 Version: 10.5.10400)
Nero Recode 10 (x32 Version: 4.10.10600.4.100)
Nero StartSmart 10 (x32 Version: 10.6.10400.2.100)
Nero Update (x32 Version: 11.0.10022.15.0)
Nero Vision 10 (x32 Version: 7.4.10800.7.100)
NirSoft BlueScreenView (x32)
Norton Security Suite (x32 Version: 21.1.0.18)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6710)
ScanWizard 5 (x32)
ScorpionSaver (x32 Version: 1.0.0.0) <==== ATTENTION
ScorpionSaver Services (Version: 1.0.0.0) <==== ATTENTION
SES Driver (Version: 1.0.0)
swMSM (x32 Version: 12.0.0.1)
TSST OEM Content (x32 Version: 10.0.10300.0.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
WebInterpoint (x32 Version: 8.2.1)
Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM (01/19/2011 1.0.0009.0) (Version: 01/19/2011 1.0.0009.0)
Zenfolio Uploader (x32)
==================== Restore Points =========================
23-11-2013 13:11:58 Scheduled Checkpoint
27-11-2013 23:13:03 Removed ScorpionSaver Services
27-11-2013 23:16:28 Removed ScorpionSaver Services
==================== Hosts content: ==========================
2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {15D29794-9AD0-46FC-BA68-674B582CC66C} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\WSCStub.exe [2013-10-08] (Symantec Corporation)
Task: {258725AD-02D8-45E1-BC98-923810489535} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3611002179-1742434191-2402041160-1002 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {29F1C5C0-EB8A-4CF0-9009-75659D50938E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-03] (Google Inc.)
Task: {99472DFF-A36A-446C-B029-BEA74AEE669D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-03] (Google Inc.)
Task: {AF670B7C-BBFC-4FAA-BE5D-F0D614B2C72E} - System32\Tasks\Norton Security Suite\Norton Error Analyzer => C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\symerr.exe [2013-08-01] (Symantec Corporation)
Task: {D4E9F944-D613-4EAF-92DD-21C8AADDF670} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3611002179-1742434191-2402041160-1002 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {E1C4B35F-1964-48F2-B08F-63A88D71E816} - System32\Tasks\Norton Security Suite\Norton Error Processor => C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\symerr.exe [2013-08-01] (Symantec Corporation)
Task: {E62C6273-1ED6-439B-BD0E-D608D1889B37} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-08] (Adobe Systems Incorporated)
Task: {FC7D4F21-04D1-4204-8958-3569CEC50018} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2012-04-24 14:04 - 2011-08-09 06:44 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-11-06 15:44 - 2013-11-06 15:44 - 00059904 _____ () c:\program files\scorpionsaver services\pcproxydll.dll
2013-01-28 12:08 - 2013-01-28 12:08 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-01-28 12:08 - 2013-01-28 12:08 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-14 00:51 - 2013-09-14 00:51 - 00087952 _____ () C:\iCloud\zlib1.dll
2013-09-14 00:50 - 2013-09-14 00:50 - 01242952 _____ () C:\iCloud\libxml2.dll
2013-08-23 14:01 - 2013-08-23 14:01 - 25100288 _____ () C:\Users\JOHN\AppData\Roaming\Dropbox\bin\libcef.dll
2013-11-14 16:07 - 2013-11-14 06:28 - 00702416 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\libglesv2.dll
2013-11-14 16:07 - 2013-11-14 06:28 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\libegl.dll
2013-11-14 16:07 - 2013-11-14 06:29 - 04055504 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\pdf.dll
2013-11-14 16:07 - 2013-11-14 06:29 - 00399312 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll
2013-11-14 16:07 - 2013-11-14 06:28 - 01619408 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ffmpegsumo.dll
2013-11-07 13:54 - 2013-11-07 13:54 - 00087560 _____ () C:\Program Files (x86)\ScorpionSaver\IECore.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\Users\JOHN\Documents\Alexis Healthcare.nws:OECustomProperty
AlternateDataStreams: C:\Users\JOHN\Documents\GSA Newsletter 2.nws:OECustomProperty
AlternateDataStreams: C:\Users\JOHN\Documents\GSA Newsletter July.nws:OECustomProperty
AlternateDataStreams: C:\Users\JOHN\Documents\GSA Newsletter summer.nws:OECustomProperty
AlternateDataStreams: C:\Users\JOHN\Documents\GSA Newsletter.nws:OECustomProperty
AlternateDataStreams: C:\Users\JOHN\Documents\GSA Newsletterfinal.nws:OECustomProperty
AlternateDataStreams: C:\Users\JOHN\Documents\GSA Winter.nws:OECustomProperty
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AdpeakProxy => ""="service"
==================== Faulty Device Manager Devices =============
Name: AntiLog32
Description: AntiLog32
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: AntiLog32
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: =========================
Application errors:
==================
Error: (12/01/2013 00:52:44 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13026
Error: (12/01/2013 00:52:44 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13026
Error: (12/01/2013 00:52:44 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (12/01/2013 00:52:43 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12012
Error: (12/01/2013 00:52:43 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12012
Error: (12/01/2013 00:52:43 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (12/01/2013 00:52:42 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11014
Error: (12/01/2013 00:52:42 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11014
Error: (12/01/2013 00:52:42 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (12/01/2013 00:52:41 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10016
System errors:
=============
Error: (12/01/2013 08:28:45 AM) (Source: Service Control Manager) (User: )
Description: The ASPI32 service failed to start due to the following error:
%%2
Error: (12/01/2013 08:25:19 AM) (Source: Service Control Manager) (User: )
Description: The AdpeakProxy service terminated unexpectedly. It has done this 1 time(s).
Error: (11/29/2013 06:03:54 PM) (Source: Service Control Manager) (User: )
Description: The ASPI32 service failed to start due to the following error:
%%2
Error: (11/29/2013 05:53:08 PM) (Source: DCOM) (User: HURST)
Description: application-specificLocalActivation{D3DCB472-7261-43CE-924B-0704BD730D5F}{D3DCB472-7261-43CE-924B-0704BD730D5F}HURSTJOHNS-1-5-21-3611002179-1742434191-2402041160-1002LocalHost (Using LRPC)
Error: (11/29/2013 05:53:08 PM) (Source: DCOM) (User: HURST)
Description: application-specificLocalActivation{145B4335-FE2A-4927-A040-7C35AD3180EF}{145B4335-FE2A-4927-A040-7C35AD3180EF}HURSTJOHNS-1-5-21-3611002179-1742434191-2402041160-1002LocalHost (Using LRPC)
Error: (11/29/2013 10:35:45 AM) (Source: Service Control Manager) (User: )
Description: The ASPI32 service failed to start due to the following error:
%%2
Error: (11/29/2013 10:29:20 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 107.
Error: (11/29/2013 10:29:20 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
Error: (11/29/2013 10:29:20 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 107.
Error: (11/29/2013 10:29:20 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
Microsoft Office Sessions:
=========================
Error: (12/01/2013 00:52:44 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13026
Error: (12/01/2013 00:52:44 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13026
Error: (12/01/2013 00:52:44 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (12/01/2013 00:52:43 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12012
Error: (12/01/2013 00:52:43 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12012
Error: (12/01/2013 00:52:43 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (12/01/2013 00:52:42 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11014
Error: (12/01/2013 00:52:42 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11014
Error: (12/01/2013 00:52:42 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (12/01/2013 00:52:41 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10016
#50
OCD
-
- Malware Team
-
- 5,574 posts
SuperHelper
Posted 01 December 2013 - 01:14 PM
Hi jhurst,
Uninstall via Programs and Features
Click Start > Control Panel > Programs and Features. Locate and select the following that are present on the list and click the Remove button:
FRST Fix Script
Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the desktop as fixlist.txt
Run FRST and press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.
=========================
In your next post please provide the following:
Uninstall via Programs and FeaturesClick Start > Control Panel > Programs and Features. Locate and select the following that are present on the list and click the Remove button:
- ScorpionSaver (x32 Version: 1.0.0.0)
- ScorpionSaver Services (Version: 1.0.0.0)
FRST Fix ScriptOpen notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the desktop as fixlist.txt
(Adpeak, Inc.) C:\Program Files\ScorpionSaver Services\AdpeakProxy.exe
() C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: ScorpionSaver - {10AD2C61-0898-4348-8600-14A342F22AC3} - C:\Program Files (x86)\ScorpionSaver\IECore.dll ()
Winsock: Catalog9 01 C:\Windows\SysWOW64\AdpeakProxy.dll [338944] (Adpeak, Inc.)
Winsock: Catalog9 02 C:\Windows\SysWOW64\AdpeakProxy.dll [338944] (Adpeak, Inc.)
Winsock: Catalog9 03 C:\Windows\SysWOW64\AdpeakProxy.dll [338944] (Adpeak, Inc.)
Winsock: Catalog9 04 C:\Windows\SysWOW64\AdpeakProxy.dll [338944] (Adpeak, Inc.)
Winsock: Catalog9 15 C:\Windows\SysWOW64\AdpeakProxy.dll [338944] (Adpeak, Inc.)
Winsock: Catalog9-x64 01 C:\Windows\system32\AdpeakProxy64.dll [439296] (Adpeak, Inc.)
Winsock: Catalog9-x64 02 C:\Windows\system32\AdpeakProxy64.dll [439296] (Adpeak, Inc.)
Winsock: Catalog9-x64 03 C:\Windows\system32\AdpeakProxy64.dll [439296] (Adpeak, Inc.)
Winsock: Catalog9-x64 04 C:\Windows\system32\AdpeakProxy64.dll [439296] (Adpeak, Inc.)
Winsock: Catalog9-x64 15 C:\Windows\system32\AdpeakProxy64.dll [439296] (Adpeak, Inc.)
R2 AdpeakProxy; C:\Program Files\ScorpionSaver Services\AdpeakProxy.exe [3688448 2013-10-16] (Adpeak, Inc.)
R2 Level Quality Watcher; C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe [512504 2013-11-25] ()
2013-11-29 21:13 - 2013-11-29 21:13 - 00000000 ____D C:\Program Files (x86)\ScorpionSaver
2013-11-27 16:50 - 2013-10-16 10:18 - 00439296 _____ (Adpeak, Inc.) C:\Windows\system32\AdpeakProxy64.dll
2013-11-27 16:50 - 2013-10-16 10:18 - 00338944 _____ (Adpeak, Inc.) C:\Windows\SysWOW64\AdpeakProxy.dll
2013-11-26 15:51 - 2013-11-26 15:51 - 00000000 ____D C:\Program Files\Level Quality Watcher
2013-11-06 15:42 - 2013-11-06 15:42 - 00005360 _____ C:\Windows\SysWOW64\AdpeakProxy.ini
2013-11-06 15:42 - 2013-11-06 15:42 - 00005360 _____ C:\Windows\system32\AdpeakProxy.ini
2013-11-06 15:32 - 2013-11-06 15:32 - 00002312 _____ C:\Windows\SysWOW64\AdpeakProxyOff.ini
2013-11-06 15:32 - 2013-11-06 15:32 - 00002312 _____ C:\Windows\system32\AdpeakProxyOff.ini
2013-12-01 08:25 - 2013-12-01 08:25 - 00000000 ____D C:\Program Files\ScorpionSaver Services
ScorpionSaver (x32 Version: 1.0.0.0) <==== ATTENTION
ScorpionSaver Services (Version: 1.0.0.0) <==== ATTENTION
2013-11-06 15:44 - 2013-11-06 15:44 - 00059904 _____ () c:\program files\scorpionsaver services\pcproxydll.dll
2013-11-07 13:54 - 2013-11-07 13:54 - 00087560 _____ () C:\Program Files (x86)\ScorpionSaver\IECore.dll
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AdpeakProxy => ""="service"
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating systemRun FRST and press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.
=========================
In your next post please provide the following:
- Fixlog.txt
OCD
Proud Graduate of WTT Classroom
Member of UNITE
Threads will be closed if no response after 5 days
Proud Graduate of WTT Classroom
Member of UNITE
Threads will be closed if no response after 5 days
If you are satisfied with the help you have received, please consider making a donation.
#51
jhurst
-
- Authentic Member
-
- 112 posts
Authentic Member
Posted 01 December 2013 - 04:27 PM
Hello,
After uninstalling the Scopion Saver programs my Outlook and IE and FRST did not work. I rebooted my pc. I was able to get FRST and IE working. Outlook seems to be working at present. The FRST fixlog.txt is below:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-12-2013
Ran by JOHN at 2013-12-01 17:22:23 Run:1
Running from C:\Users\JOHN\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
(Adpeak, Inc.) C:\Program Files\ScorpionSaver Services\AdpeakProxy.exe
() C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: ScorpionSaver - {10AD2C61-0898-4348-8600-14A342F22AC3} - C:\Program Files (x86)\ScorpionSaver\IECore.dll ()
Winsock: Catalog9 01 C:\Windows\SysWOW64\AdpeakProxy.dll [338944] (Adpeak, Inc.)
Winsock: Catalog9 02 C:\Windows\SysWOW64\AdpeakProxy.dll [338944] (Adpeak, Inc.)
Winsock: Catalog9 03 C:\Windows\SysWOW64\AdpeakProxy.dll [338944] (Adpeak, Inc.)
Winsock: Catalog9 04 C:\Windows\SysWOW64\AdpeakProxy.dll [338944] (Adpeak, Inc.)
Winsock: Catalog9 15 C:\Windows\SysWOW64\AdpeakProxy.dll [338944] (Adpeak, Inc.)
Winsock: Catalog9-x64 01 C:\Windows\system32\AdpeakProxy64.dll [439296] (Adpeak, Inc.)
Winsock: Catalog9-x64 02 C:\Windows\system32\AdpeakProxy64.dll [439296] (Adpeak, Inc.)
Winsock: Catalog9-x64 03 C:\Windows\system32\AdpeakProxy64.dll [439296] (Adpeak, Inc.)
Winsock: Catalog9-x64 04 C:\Windows\system32\AdpeakProxy64.dll [439296] (Adpeak, Inc.)
Winsock: Catalog9-x64 15 C:\Windows\system32\AdpeakProxy64.dll [439296] (Adpeak, Inc.)
R2 AdpeakProxy; C:\Program Files\ScorpionSaver Services\AdpeakProxy.exe [3688448 2013-10-16] (Adpeak, Inc.)
R2 Level Quality Watcher; C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe [512504 2013-11-25] ()
2013-11-29 21:13 - 2013-11-29 21:13 - 00000000 ____D C:\Program Files (x86)\ScorpionSaver
2013-11-27 16:50 - 2013-10-16 10:18 - 00439296 _____ (Adpeak, Inc.) C:\Windows\system32\AdpeakProxy64.dll
2013-11-27 16:50 - 2013-10-16 10:18 - 00338944 _____ (Adpeak, Inc.) C:\Windows\SysWOW64\AdpeakProxy.dll
2013-11-26 15:51 - 2013-11-26 15:51 - 00000000 ____D C:\Program Files\Level Quality Watcher
2013-11-06 15:42 - 2013-11-06 15:42 - 00005360 _____ C:\Windows\SysWOW64\AdpeakProxy.ini
2013-11-06 15:42 - 2013-11-06 15:42 - 00005360 _____ C:\Windows\system32\AdpeakProxy.ini
2013-11-06 15:32 - 2013-11-06 15:32 - 00002312 _____ C:\Windows\SysWOW64\AdpeakProxyOff.ini
2013-11-06 15:32 - 2013-11-06 15:32 - 00002312 _____ C:\Windows\system32\AdpeakProxyOff.ini
2013-12-01 08:25 - 2013-12-01 08:25 - 00000000 ____D C:\Program Files\ScorpionSaver Services
ScorpionSaver (x32 Version: 1.0.0.0) <==== ATTENTION
ScorpionSaver Services (Version: 1.0.0.0) <==== ATTENTION
2013-11-06 15:44 - 2013-11-06 15:44 - 00059904 _____ () c:\program files\scorpionsaver services\pcproxydll.dll
2013-11-07 13:54 - 2013-11-07 13:54 - 00087560 _____ () C:\Program Files (x86)\ScorpionSaver\IECore.dll
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AdpeakProxy => ""="service"
*****************
C:\Program Files\ScorpionSaver Services\AdpeakProxy.exe => No running process found
[1520] C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe => Process closed successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10AD2C61-0898-4348-8600-14A342F22AC3} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{10AD2C61-0898-4348-8600-14A342F22AC3} => Key deleted successfully.
Winsock: Catalog entry 000000000001 => Deleted successfully.
Winsock: Catalog entry 000000000002 => Deleted successfully.
Winsock: Catalog entry 000000000003 => Deleted successfully.
Winsock: Catalog entry 000000000004 => Deleted successfully.
Winsock: Catalog entry 000000000015 => Not found.
Winsock: Catalog entry 000000000001 => Deleted successfully.
Winsock: Catalog entry 000000000002 => Deleted successfully.
Winsock: Catalog entry 000000000003 => Deleted successfully.
Winsock: Catalog entry 000000000004 => Deleted successfully.
Winsock: Catalog entry 000000000015 => Not found.
AdpeakProxy => Service not found.
Level Quality Watcher => Service deleted successfully.
"C:\Program Files (x86)\ScorpionSaver" => File/Directory not found.
C:\Windows\system32\AdpeakProxy64.dll => Moved successfully.
C:\Windows\SysWOW64\AdpeakProxy.dll => Moved successfully.
C:\Program Files\Level Quality Watcher => Moved successfully.
"C:\Windows\SysWOW64\AdpeakProxy.ini" => File/Directory not found.
"C:\Windows\system32\AdpeakProxy.ini" => File/Directory not found.
"C:\Windows\SysWOW64\AdpeakProxyOff.ini" => File/Directory not found.
"C:\Windows\system32\AdpeakProxyOff.ini" => File/Directory not found.
"C:\Program Files\ScorpionSaver Services" => File/Directory not found.
"c:\program files\scorpionsaver services\pcproxydll.dll" => File/Directory not found.
"C:\Program Files (x86)\ScorpionSaver\IECore.dll" => File/Directory not found.
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\AdpeakProxy => Key not found.
==== End of Fixlog ====
#52
OCD
-
- Malware Team
-
- 5,574 posts
SuperHelper
Posted 01 December 2013 - 07:27 PM
Hi jhurst,
How is the computer running?
Please re-run a scan with FRST. (no additions.txt will be produced)
In your next reply:
FRST.txt
OCD
Proud Graduate of WTT Classroom
Member of UNITE
Threads will be closed if no response after 5 days
Proud Graduate of WTT Classroom
Member of UNITE
Threads will be closed if no response after 5 days
If you are satisfied with the help you have received, please consider making a donation.
#53
jhurst
-
- Authentic Member
-
- 112 posts
Authentic Member
Posted 01 December 2013 - 08:31 PM
Hello - The computer seems to be running better than before. I’ve included the FRST text below.
I did look in my C:\temp folder and see a couple of files still present that seem to be associated with the reinstallation of the Scorpion Saver:
Foo.txt
Lsp.txt
InstallServices64
ScorpionSaver
There are also references to Adpeak, Scorpion Saver, and GetSavin remaining in the registry. I haven’t posted any of the keys here.
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-12-2013
Ran by JOHN (administrator) on HURST on 01-12-2013 21:25:44
Running from C:\Users\JOHN\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CrashPlan) C:\Program Files\CrashPlan\CrashPlanService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToMeeting\1216\g2mstart.exe
(Apple Inc.) C:\iCloud\iCloudServices.exe
(Apple Inc.) C:\iCloud\ApplePhotoStreams.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Code 42 Software, Inc.) C:\Program Files\CrashPlan\CrashPlanTray.exe
() C:\Program Files (x86)\Microtek\ScanWizard 5\ScannerFinder.exe
(Dropbox, Inc.) C:\Users\JOHN\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Apple Inc.) C:\iCloud\APSDaemon.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToMeeting\1216\g2mcomm.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToMeeting\1216\g2mlauncher.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\N360.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\N360.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_117_ActiveX.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE
(Apple Inc.) C:\iCloud\ApplePhotoStreamsDownloader.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13192848 2012-08-20] (Realtek Semiconductor)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM-x32\...\Winlogon: [Userinit] C:\Windows\sysWOW64\userinit.exe [26624 2010-11-20] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [GoToMeeting] - C:\Program Files (x86)\Citrix\GoToMeeting\1216\g2mstart.exe [40816 2013-10-09] (Citrix Online, a division of Citrix Systems, Inc.)
HKCU\...\Run: [iCloudServices] - C:\iCloud\iCloudServices.exe [59720 2013-09-14] (Apple Inc.)
HKCU\...\Run: [ApplePhotoStreams] - C:\iCloud\ApplePhotoStreams.exe [59720 2013-09-15] (Apple Inc.)
HKCU\...\Run: [GoogleChromeAutoLaunch_E00AD99494FD4D55D8194B6473F2B641] - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [863184 2013-11-14] (Google Inc.)
HKCU\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_117_ActiveX.exe -update activex [829832 2013-10-08] (Adobe Systems Incorporated)
MountPoints2: {64ca0cbb-f880-11e2-825c-4c72b9d1af79} - "F:\WD SmartWare.exe" autoplay=true
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [ConnectionCenter] - C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [305088 2011-04-25] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
AppInit_DLLs: [ ] ()
Startup: C:\Users\JOHN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\JOHN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\JOHN\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\IPS\IPSBHO.dll (Symantec Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab
DPF: HKLM-x32 {62AEFF80-16AD-4AC4-B812-E70EB5F37301} http://www.zenfolio....-ie-win-x86.cab
DPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnime...veX_Control.cab
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Nero Kwik Media Helper) - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U17) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Extension: (Google Docs) - C:\Users\JOHN\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\JOHN\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\JOHN\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\JOHN\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Norton Identity Protection) - C:\Users\JOHN\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.6.0.27_0
CHR Extension: (Google Wallet) - C:\Users\JOHN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Gmail) - C:\Users\JOHN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\Exts\Chrome.crx
==================== Services (Whitelisted) =================
R2 CrashPlanService; C:\Program Files\CrashPlan\CrashPlanService.exe [222720 2013-02-21] (CrashPlan)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\N360.exe [264360 2013-10-18] (Symantec Corporation)
==================== Drivers (Whitelisted) ====================
S2 ASPI32; No ImagePath
R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20131114.001\BHDrvx64.sys [1524824 2013-11-01] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1501000.012\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-12-01] (Symantec Corporation)
U3 EraserUtilDrv11312; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11312.sys [137648 2013-12-01] (Symantec Corporation)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28216 2012-09-01] (Intel Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20131128.001\IDSvia64.sys [521816 2013-11-28] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20131201.007\ENG64.SYS [126040 2013-12-01] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20131201.007\EX64.SYS [2099288 2013-12-01] (Symantec Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1501000.012\SRTSP64.SYS [858200 2013-09-26] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1501000.012\SRTSPX64.SYS [36952 2013-09-09] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1501000.012\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1501000.012\SYMEFA64.SYS [1147480 2013-09-26] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-30] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1501000.012\Ironx64.SYS [264280 2013-09-26] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1501000.012\SYMNETS.SYS [590936 2013-09-25] (Symantec Corporation)
U4 AdpeakProxy;
S1 AntiLog32; \??\C:\Windows\system32\drivers\AntiLog64.sys [x]
S3 keycrypt; system32\DRIVERS\KeyCrypt64.sys [x]
S4 Level Quality Watcher;
U5 terminpt; C:\Windows\System32\Drivers\terminpt.sys [29696 2012-08-23] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-12-01 13:01 - 2013-12-01 21:25 - 00017809 _____ C:\Users\JOHN\Desktop\FRST.txt
2013-12-01 13:01 - 2013-12-01 13:02 - 00017988 _____ C:\Users\JOHN\Desktop\Addition.txt
2013-12-01 13:01 - 2013-12-01 13:01 - 00000000 ____D C:\FRST
2013-12-01 12:59 - 2013-12-01 12:59 - 01959184 _____ (Farbar) C:\Users\JOHN\Desktop\FRST64.exe
2013-12-01 08:37 - 2013-12-01 08:37 - 00000000 ____D C:\Windows\System32\Tasks\Norton Security Suite
2013-11-30 16:01 - 2013-11-30 16:01 - 01978880 _____ C:\Users\JOHN\Downloads\ppt.survey.islam.fall13.ppt
2013-11-30 15:49 - 2013-12-01 08:29 - 00002447 _____ C:\Users\Public\Desktop\Norton Security Suite.lnk
2013-11-27 18:34 - 2013-12-01 12:19 - 00000000 ____D C:\AdwCleaner
2013-11-27 18:33 - 2013-11-27 18:33 - 01091882 _____ C:\Users\JOHN\Desktop\AdwCleaner.exe
2013-11-27 10:42 - 2013-11-27 10:46 - 00000000 ____D C:\Users\JOHN\Documents\recipes
2013-11-27 07:47 - 2013-11-27 10:42 - 00000000 ____D C:\Users\JOHN\Documents\Kids Action Lists
2013-11-25 16:45 - 2013-11-25 16:45 - 00040960 _____ C:\Users\JOHN\Desktop\Employment Application Office Creations.xls
2013-11-25 16:24 - 2013-11-25 16:24 - 00060416 _____ C:\Users\JOHN\Downloads\job-application-form.xls
2013-11-22 22:19 - 2013-11-22 22:19 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-11-22 22:19 - 2013-11-22 22:19 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-11-22 22:19 - 2013-11-22 22:19 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-11-22 22:19 - 2013-11-22 22:19 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-11-22 22:19 - 2013-11-22 22:19 - 00000000 ____D C:\ProgramData\Oracle
2013-11-22 22:19 - 2013-11-22 22:19 - 00000000 ____D C:\Program Files (x86)\Java
2013-11-22 15:46 - 2013-11-26 03:40 - 00000000 ____D C:\Users\JOHN\Documents\Fortiline Resumes
2013-11-22 10:12 - 2013-11-24 23:24 - 04877312 _____ C:\Users\JOHN\Documents\KSHurst UPS.ppt
2013-11-18 22:42 - 2013-11-18 22:42 - 00000207 _____ C:\Windows\tweaking.com-regbackup-HURST-Microsoft-Windows-7-Home-Premium-(64-bit).dat
2013-11-18 22:41 - 2013-11-18 22:41 - 00000000 ____D C:\RegBackup
2013-11-14 17:40 - 2013-11-14 17:40 - 00014848 _____ C:\Users\JOHN\Documents\KSHurst non profit.xls
2013-11-14 03:03 - 2013-10-13 10:58 - 17847296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-14 03:03 - 2013-10-13 10:09 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-14 03:03 - 2013-10-13 09:55 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-14 03:03 - 2013-10-13 09:48 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-14 03:03 - 2013-10-13 09:47 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-14 03:03 - 2013-10-13 09:46 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-14 03:03 - 2013-10-13 09:46 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-14 03:03 - 2013-10-13 09:44 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-14 03:03 - 2013-10-13 09:42 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-14 03:03 - 2013-10-13 09:42 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-14 03:03 - 2013-10-13 09:42 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-14 03:03 - 2013-10-13 09:39 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-14 03:03 - 2013-10-13 09:38 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-14 03:03 - 2013-10-13 09:36 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-14 03:03 - 2013-10-13 09:35 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-14 03:03 - 2013-10-13 09:29 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-14 03:03 - 2013-10-13 05:42 - 12344832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-14 03:03 - 2013-10-13 05:08 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-14 03:03 - 2013-10-13 04:48 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-14 03:03 - 2013-10-13 04:37 - 01104896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-14 03:03 - 2013-10-13 04:35 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-14 03:03 - 2013-10-13 04:35 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-14 03:03 - 2013-10-13 04:33 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-11-14 03:03 - 2013-10-13 04:32 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-14 03:03 - 2013-10-13 04:30 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-14 03:03 - 2013-10-13 04:30 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-11-14 03:03 - 2013-10-13 04:29 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-11-14 03:03 - 2013-10-13 04:27 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-14 03:03 - 2013-10-13 04:27 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-14 03:03 - 2013-10-13 04:26 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-11-14 03:03 - 2013-10-13 04:25 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-14 03:03 - 2013-10-13 04:20 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-13 20:34 - 2013-10-05 15:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-13 20:34 - 2013-10-05 14:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-13 20:34 - 2013-10-03 21:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-13 20:34 - 2013-10-03 21:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-13 20:34 - 2013-10-03 21:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-13 20:34 - 2013-10-03 20:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-13 20:34 - 2013-10-03 20:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-13 20:34 - 2013-10-03 20:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-13 20:34 - 2013-09-27 20:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-13 20:33 - 2013-10-11 21:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-13 20:33 - 2013-10-11 21:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-13 20:33 - 2013-10-11 21:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-13 20:33 - 2013-10-11 21:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-13 20:33 - 2013-10-11 21:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-13 20:33 - 2013-10-02 21:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-13 20:33 - 2013-10-02 21:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-13 20:33 - 2013-09-24 21:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-13 20:33 - 2013-09-24 21:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-13 20:33 - 2013-09-24 21:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-13 20:33 - 2013-09-24 21:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-13 20:33 - 2013-09-24 21:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-13 20:33 - 2013-09-24 21:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-13 20:33 - 2013-09-24 21:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-13 20:33 - 2013-09-24 21:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-13 20:33 - 2013-09-24 20:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-13 20:33 - 2013-09-24 20:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-13 20:33 - 2013-09-24 20:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-13 20:33 - 2013-09-24 20:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-13 20:33 - 2013-09-24 20:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-13 20:33 - 2013-07-04 07:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-12 20:25 - 2013-11-12 20:26 - 02347384 _____ (ESET) C:\Users\JOHN\Downloads\esetsmartinstaller_enu.exe
2013-11-12 20:06 - 2013-11-12 20:06 - 00001120 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-12 20:06 - 2013-11-12 20:06 - 00000000 ____D C:\Users\JOHN\AppData\Roaming\Malwarebytes
2013-11-12 20:06 - 2013-11-12 20:06 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-12 20:06 - 2013-11-12 20:06 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-12 20:06 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-11-10 14:37 - 2013-11-10 14:37 - 00000000 ____D C:\Windows\ERUNT
2013-11-08 15:31 - 2013-11-08 17:05 - 00000000 ____D C:\Users\JOHN\Documents\Weekly Introductions
2013-11-06 18:26 - 2013-11-21 17:11 - 00000000 ____D C:\Users\JOHN\Documents\BGCA Job Descriptions
2013-11-05 20:41 - 2013-11-05 20:41 - 00003136 _____ C:\Windows\System32\Tasks\{CEA6DBCE-EE85-4522-BAD8-57C2B648FADE}
2013-11-05 18:44 - 2013-11-05 19:19 - 00003196 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3611002179-1742434191-2402041160-1002
2013-11-05 09:30 - 2013-11-05 09:30 - 00172854 _____ C:\Users\JOHN\Desktop\untitled.bmp
2013-11-04 17:29 - 2013-11-04 17:29 - 00000000 ____D C:\ProgramData\McAfee
2013-11-04 16:53 - 2013-11-05 16:53 - 00000258 __RSH C:\Users\JOHN\ntuser.pol
2013-11-04 16:52 - 2013-11-05 19:20 - 00000000 ____D C:\Users\JOHN\AppData\Local\WordOv
2013-11-04 16:52 - 2013-11-04 17:10 - 00000000 ____D C:\Users\JOHN\AppData\Roaming\Google
2013-11-04 16:51 - 2013-11-05 19:23 - 00000000 ____D C:\Users\JOHN\AppData\Roaming\RealNetworks
2013-11-04 16:51 - 2013-11-05 19:19 - 00003332 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3611002179-1742434191-2402041160-1002
2013-11-04 16:50 - 2013-11-05 19:31 - 00000000 ____D C:\Program Files\Google
2013-11-04 16:50 - 2013-11-04 16:50 - 00000000 ____D C:\ProgramData\RealNetworks
2013-11-04 16:49 - 2013-11-05 19:23 - 00000000 ____D C:\Users\JOHN\AppData\Roaming\Real
2013-11-04 16:49 - 2013-11-05 19:23 - 00000000 ____D C:\Program Files (x86)\Real
2013-11-04 16:48 - 2013-11-05 19:23 - 00000000 ____D C:\ProgramData\Real
2013-11-02 11:22 - 2013-11-22 16:12 - 00000000 ____D C:\Users\JOHN\Documents\sue's contact list
2013-11-02 11:22 - 2013-11-07 17:22 - 00038441 _____ C:\Users\JOHN\AppData\Roaming\Microsoft Excel.ADR
2013-11-02 11:17 - 2013-11-02 11:17 - 00000000 ____D C:\Users\JOHN\Documents\Mailchimp Power of Networking
2013-11-01 09:40 - 2013-11-14 10:02 - 00000000 ____D C:\Users\JOHN\Documents\NOVEMBER 14 EVENT
==================== One Month Modified Files and Folders =======
2099-12-31 23:00 - 2013-04-06 13:38 - 00047354 _____ C:\Users\JOHN\Documents\message.wav
2013-12-01 21:25 - 2013-12-01 13:01 - 00017809 _____ C:\Users\JOHN\Desktop\FRST.txt
2013-12-01 21:09 - 2012-06-27 09:46 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-01 20:47 - 2013-04-03 09:43 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-01 19:01 - 2013-04-03 11:03 - 01938482 _____ C:\Windows\WindowsUpdate.log
2013-12-01 18:56 - 2013-04-03 09:43 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-01 17:26 - 2009-07-13 23:45 - 00029120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-01 17:26 - 2009-07-13 23:45 - 00029120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-01 17:20 - 2013-07-22 11:46 - 00000000 ____D C:\Users\JOHN\AppData\Roaming\Dropbox
2013-12-01 17:19 - 2013-07-22 11:51 - 00000000 ___RD C:\Users\JOHN\Dropbox
2013-12-01 17:18 - 2010-11-20 22:47 - 00372964 _____ C:\Windows\PFRO.log
2013-12-01 17:18 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-01 17:18 - 2009-07-13 23:51 - 00055742 _____ C:\Windows\setupact.log
2013-12-01 13:02 - 2013-12-01 13:01 - 00017988 _____ C:\Users\JOHN\Desktop\Addition.txt
2013-12-01 13:01 - 2013-12-01 13:01 - 00000000 ____D C:\FRST
2013-12-01 12:59 - 2013-12-01 12:59 - 01959184 _____ (Farbar) C:\Users\JOHN\Desktop\FRST64.exe
2013-12-01 12:19 - 2013-11-27 18:34 - 00000000 ____D C:\AdwCleaner
2013-12-01 08:37 - 2013-12-01 08:37 - 00000000 ____D C:\Windows\System32\Tasks\Norton Security Suite
2013-12-01 08:36 - 2013-08-09 10:41 - 00003910 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{5C497AA6-8DA4-4F51-9231-255D2BE41896}
2013-12-01 08:30 - 2013-04-06 16:50 - 00000000 ____D C:\Windows\system32\Drivers\N360x64
2013-12-01 08:29 - 2013-11-30 15:49 - 00002447 _____ C:\Users\Public\Desktop\Norton Security Suite.lnk
2013-12-01 08:29 - 2013-04-06 16:50 - 00003228 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2013-11-30 16:01 - 2013-11-30 16:01 - 01978880 _____ C:\Users\JOHN\Downloads\ppt.survey.islam.fall13.ppt
2013-11-30 15:49 - 2013-04-06 16:50 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2013-11-30 15:49 - 2013-04-06 16:50 - 00008222 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2013-11-30 15:48 - 2013-04-06 16:29 - 00000000 ____D C:\ProgramData\Norton
2013-11-30 01:10 - 2013-04-06 16:50 - 00000000 ____D C:\Program Files (x86)\Norton Security Suite
2013-11-30 01:08 - 2013-04-06 16:29 - 00000000 ____D C:\Users\Public\Downloads\Norton
2013-11-28 19:29 - 2013-04-06 13:38 - 00000000 ____D C:\Users\JOHN\Documents\KSHurst files
2013-11-28 18:42 - 2013-04-03 09:43 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-11-28 18:42 - 2013-04-03 09:43 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-11-27 22:56 - 2013-07-03 20:15 - 00000000 ____D C:\Users\JOHN\AppData\Local\CrashDumps
2013-11-27 18:33 - 2013-11-27 18:33 - 01091882 _____ C:\Users\JOHN\Desktop\AdwCleaner.exe
2013-11-27 17:26 - 2009-07-14 00:13 - 00732348 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-27 10:46 - 2013-11-27 10:42 - 00000000 ____D C:\Users\JOHN\Documents\recipes
2013-11-27 10:42 - 2013-11-27 07:47 - 00000000 ____D C:\Users\JOHN\Documents\Kids Action Lists
2013-11-26 03:40 - 2013-11-22 15:46 - 00000000 ____D C:\Users\JOHN\Documents\Fortiline Resumes
2013-11-26 03:40 - 2013-10-18 16:29 - 00000000 ____D C:\Users\JOHN\Documents\KSHurst UPS
2013-11-26 03:39 - 2013-10-30 15:51 - 00000000 ____D C:\Users\JOHN\Documents\Next Steps
2013-11-25 16:45 - 2013-11-25 16:45 - 00040960 _____ C:\Users\JOHN\Desktop\Employment Application Office Creations.xls
2013-11-25 16:24 - 2013-11-25 16:24 - 00060416 _____ C:\Users\JOHN\Downloads\job-application-form.xls
2013-11-24 23:24 - 2013-11-22 10:12 - 04877312 _____ C:\Users\JOHN\Documents\KSHurst UPS.ppt
2013-11-23 16:25 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2013-11-23 08:12 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-11-22 22:19 - 2013-11-22 22:19 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-11-22 22:19 - 2013-11-22 22:19 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-11-22 22:19 - 2013-11-22 22:19 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-11-22 22:19 - 2013-11-22 22:19 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-11-22 22:19 - 2013-11-22 22:19 - 00000000 ____D C:\ProgramData\Oracle
2013-11-22 22:19 - 2013-11-22 22:19 - 00000000 ____D C:\Program Files (x86)\Java
2013-11-22 16:12 - 2013-11-02 11:22 - 00000000 ____D C:\Users\JOHN\Documents\sue's contact list
2013-11-22 11:41 - 2013-04-07 20:18 - 00000000 ____D C:\Users\JOHN\AppData\Local\Citrix
2013-11-21 17:11 - 2013-11-06 18:26 - 00000000 ____D C:\Users\JOHN\Documents\BGCA Job Descriptions
2013-11-18 22:42 - 2013-11-18 22:42 - 00000207 _____ C:\Windows\tweaking.com-regbackup-HURST-Microsoft-Windows-7-Home-Premium-(64-bit).dat
2013-11-18 22:41 - 2013-11-18 22:41 - 00000000 ____D C:\RegBackup
2013-11-18 20:49 - 2013-05-04 10:21 - 00000000 ____D C:\Blue Screen
2013-11-14 17:40 - 2013-11-14 17:40 - 00014848 _____ C:\Users\JOHN\Documents\KSHurst non profit.xls
2013-11-14 16:07 - 2013-04-03 09:43 - 00002190 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-11-14 10:02 - 2013-11-01 09:40 - 00000000 ____D C:\Users\JOHN\Documents\NOVEMBER 14 EVENT
2013-11-14 03:05 - 2009-07-13 21:34 - 00000526 _____ C:\Windows\win.ini
2013-11-14 03:03 - 2013-08-15 02:12 - 00000000 ____D C:\Windows\system32\MRT
2013-11-14 03:01 - 2012-04-24 11:48 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-13 20:26 - 2009-07-14 00:08 - 00032546 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-11-12 20:26 - 2013-11-12 20:25 - 02347384 _____ (ESET) C:\Users\JOHN\Downloads\esetsmartinstaller_enu.exe
2013-11-12 20:06 - 2013-11-12 20:06 - 00001120 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-12 20:06 - 2013-11-12 20:06 - 00000000 ____D C:\Users\JOHN\AppData\Roaming\Malwarebytes
2013-11-12 20:06 - 2013-11-12 20:06 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-12 20:06 - 2013-11-12 20:06 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-12 11:19 - 2013-10-29 12:47 - 00000000 ____D C:\Users\JOHN\Documents\KSHurst Office Creations
2013-11-10 20:00 - 2012-11-30 14:36 - 00745354 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-11-10 14:37 - 2013-11-10 14:37 - 00000000 ____D C:\Windows\ERUNT
2013-11-08 17:05 - 2013-11-08 15:31 - 00000000 ____D C:\Users\JOHN\Documents\Weekly Introductions
2013-11-07 17:22 - 2013-11-02 11:22 - 00038441 _____ C:\Users\JOHN\AppData\Roaming\Microsoft Excel.ADR
2013-11-05 20:41 - 2013-11-05 20:41 - 00003136 _____ C:\Windows\System32\Tasks\{CEA6DBCE-EE85-4522-BAD8-57C2B648FADE}
2013-11-05 20:29 - 2013-04-06 14:49 - 00090232 _____ C:\Users\JOHN\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-05 20:28 - 2009-07-13 23:45 - 00364616 _____ C:\Windows\system32\FNTCACHE.DAT
2013-11-05 19:31 - 2013-11-04 16:50 - 00000000 ____D C:\Program Files\Google
2013-11-05 19:31 - 2013-04-03 09:43 - 00000000 ____D C:\Program Files (x86)\Google
2013-11-05 19:23 - 2013-11-04 16:51 - 00000000 ____D C:\Users\JOHN\AppData\Roaming\RealNetworks
2013-11-05 19:23 - 2013-11-04 16:49 - 00000000 ____D C:\Users\JOHN\AppData\Roaming\Real
2013-11-05 19:23 - 2013-11-04 16:49 - 00000000 ____D C:\Program Files (x86)\Real
2013-11-05 19:23 - 2013-11-04 16:48 - 00000000 ____D C:\ProgramData\Real
2013-11-05 19:23 - 2013-04-06 13:26 - 00000000 ____D C:\Users\JOHN\AppData\Local\Google
2013-11-05 19:20 - 2013-11-04 16:52 - 00000000 ____D C:\Users\JOHN\AppData\Local\WordOv
2013-11-05 19:19 - 2013-11-05 18:44 - 00003196 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3611002179-1742434191-2402041160-1002
2013-11-05 19:19 - 2013-11-04 16:51 - 00003332 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3611002179-1742434191-2402041160-1002
2013-11-05 16:53 - 2013-11-04 16:53 - 00000258 __RSH C:\Users\JOHN\ntuser.pol
2013-11-05 16:53 - 2013-04-06 13:12 - 00000000 ____D C:\Users\JOHN
2013-11-05 09:30 - 2013-11-05 09:30 - 00172854 _____ C:\Users\JOHN\Desktop\untitled.bmp
2013-11-04 17:29 - 2013-11-04 17:29 - 00000000 ____D C:\ProgramData\McAfee
2013-11-04 17:10 - 2013-11-04 16:52 - 00000000 ____D C:\Users\JOHN\AppData\Roaming\Google
2013-11-04 16:53 - 2009-07-13 22:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2013-11-04 16:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2013-11-04 16:50 - 2013-11-04 16:50 - 00000000 ____D C:\ProgramData\RealNetworks
2013-11-02 16:24 - 2013-07-22 11:51 - 00001019 _____ C:\Users\JOHN\Desktop\Dropbox.lnk
2013-11-02 16:24 - 2013-07-22 11:48 - 00000000 ____D C:\Users\JOHN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-11-02 16:24 - 2013-04-06 13:12 - 00000000 ___RD C:\Users\JOHN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-02 11:17 - 2013-11-02 11:17 - 00000000 ____D C:\Users\JOHN\Documents\Mailchimp Power of Networking
2013-11-01 16:03 - 2013-10-31 10:23 - 00000000 ____D C:\Users\JOHN\Documents\christopher heard
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-11-30 16:36
==================== End Of Log ============================
#54
OCD
-
- Malware Team
-
- 5,574 posts
SuperHelper
Posted 01 December 2013 - 08:40 PM
Hi jhurst, Empty Temp Folder
- Close all open applications.
- Click the Start button.
- In the Search programs and files box, enter Disk Cleanup and press Enter.
- Locate Disk Cleanup in the list and double-click to open. Wait for the window to open.
- Select (check) these choices.
- Downloaded Program Files
- Temporary Internet Files
- Offline webpages
- Recycle Bin
- Temporary files
- Thumbnails
- Click OK. Click Delete Files.
- The window will close when done.
=========================
What registry entries are still showing?
OCD
Proud Graduate of WTT Classroom
Member of UNITE
Threads will be closed if no response after 5 days
Proud Graduate of WTT Classroom
Member of UNITE
Threads will be closed if no response after 5 days
If you are satisfied with the help you have received, please consider making a donation.
#55
jhurst
-
- Authentic Member
-
- 112 posts
Authentic Member
Posted 02 December 2013 - 08:12 PM
Good evening - I followed your instructions above and have deleted the files from the temp file.
I also did a search in the Registry and located the following items:
When I search the Reg Edit using the text “Adpeak” the following keys/folders appear:
HKEY_CLASSES_ROOT\AppID\AdpeakProxy.exe
HKEY_CLASSES_ROOT\Wow6432Node\AppID\AdpeakProxy.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\AdpeakProxy.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\AdpeakProxy.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Adpeak, Inc.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\AdpeakProxy.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Wow6432Node\Adpeak, Inc.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AdpeakProxy
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AdpeakProxy
When I search the Reg Edit using the text “Scorpion” the following keys/folders appear. In most cases the word ScorpionSaver is found with the folder identified below:
HKEY_CLASSES_ROOT\Software\Wow6432Node\CLSID\422332B5
HKEY_CLASSES_ROOT\Software\Wow6432Node\CLSID\422332B5\InProcServer32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SOFTWARE\Wow6432Node\CLSID\422332B5
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SOFTWARE\Wow6432Node\CLSID\422332B5\InProcServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Wow6432Node\Adpeak, Inc.\ScorpionSaver Services
HKEY_USERS\S-1-5-21-3611002179-1742434191-2402041160-1002\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit
When I search the Reg Edit using the text “Getsavin” the following keys/folders appear:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\getsavinjs.info
HKEY_USERS\S-1-5-21-3611002179-1742434191-2402041160-1002\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\getsavinjs.info
Register to Remove
#56
OCD
-
- Malware Team
-
- 5,574 posts
SuperHelper
Posted 03 December 2013 - 12:14 AM
Hi jhurst,
Tweaking.com Registry Backup
Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.
Click on Backup Now >> once the process is complete the below will be displayed in the GUI:-
Close Tweaking.com - Registry Backup
Note: There will now be a folder at the root of the Hard-Drive named C:\RegBackup, do not delete this as it is the actual backup just created.
=========================
Warning. Please note that this fix is specific for this poster and should not be used by anyone else:
Please do this:
Then double-click on the fix.reg file, and when it prompts to merge say yes.
=========================
Check computer performance and status of Adpeak/Scorpion Saver issue.
Tweaking.com Registry BackupModifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.
- Please download the installer for Registry Backup from here or here and save to your desktop.
- Right-click on tweaking.com_registry_backup_setup.exe and select Run as Administrator >> Follow the prompts for a default installation
- Ensure the option Open "Tweaking.com - Registry Backup" When Install Completes is selected >> Next >> Finish
- Once the GUI (graphical user interface) has appeared/loaded:-
Click on Backup Now >> once the process is complete the below will be displayed in the GUI:-
Close Tweaking.com - Registry Backup
Note: There will now be a folder at the root of the Hard-Drive named C:\RegBackup, do not delete this as it is the actual backup just created.
=========================
Warning. Please note that this fix is specific for this poster and should not be used by anyone else:
Please do this:
- Copy the contents of the Code Box below to Notepad.
- Name the file as fix.reg
- Change the Save as Type to All Files
- and Save it on the desktop
Windows Registry Editor Version 5.00 [-HKEY_CLASSES_ROOT\AppID\AdpeakProxy.exe] [-HKEY_CLASSES_ROOT\Wow6432Node\AppID\AdpeakProxy.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\AdpeakProxy.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\AdpeakProxy.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Adpeak, Inc.] [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\AdpeakProxy.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Wow6432Node\Adpeak, Inc.] [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AdpeakProxy] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AdpeakProxy] [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\getsavinjs.info] [-HKEY_USERS\S-1-5-21-3611002179-1742434191-2402041160-1002\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\getsavinjs.info]Make sure there are NO blank lines before Windows Registry Editor Version 5.00
Then double-click on the fix.reg file, and when it prompts to merge say yes.
=========================
Check computer performance and status of Adpeak/Scorpion Saver issue.
OCD
Proud Graduate of WTT Classroom
Member of UNITE
Threads will be closed if no response after 5 days
Proud Graduate of WTT Classroom
Member of UNITE
Threads will be closed if no response after 5 days
If you are satisfied with the help you have received, please consider making a donation.
#57
jhurst
-
- Authentic Member
-
- 112 posts
Authentic Member
Posted 03 December 2013 - 06:58 PM
Good evening OCD,
I followed your Registry back-up instuctions before running script. I then ran the recommended script and checked the Reg Edit.
Searching Adpeak retunred no entries
Searching Getsavin returned no entries
Searching Scorpion returned the following key entries in the folder section. I also attemted to provide you with the contents of each folder also:
Folder
HKEY_CLASSES_ROOT\Software\Wow6432Node\CLSID\422332B5
Name Type Data
(Default) REG_SZ ScorpionSaver
Folder
HKEY_CLASSES_ROOT\Software\Wow6432Node\CLSID\422332B5\InProcServer32
Name Type Data
(Default) REG_SZ C:\Program Files(x86)\ScorpionSaver\IECore.dll
Threading model REG_SZ Apartment
Folder
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SOFTWARE\Wow6432Node\CLSID\422332B5
Name Type Data
(Default) REG_SZ ScorpionSaver
Folder
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SOFTWARE\Wow6432Node\CLSID\422332B5\InProcServer32
Name Type Data
(Default) REG_SZ C:\Program Files(x86)\ScorpionSaver\IECore.dll
Threading model REG_SZ Apartment
#58
OCD
-
- Malware Team
-
- 5,574 posts
SuperHelper
Posted 03 December 2013 - 10:33 PM
Hi jhurst,
Back-up the Registry again as outlined in my previous post before running this script.
=========================
Warning. Please note that this fix is specific for this poster and should not be used by anyone else:
Please do this:
Then double-click on the fix.reg file, and when it prompts to merge say yes.
=========================
In your next post please provide the following:
Back-up the Registry again as outlined in my previous post before running this script.
=========================
Warning. Please note that this fix is specific for this poster and should not be used by anyone else:
Please do this:
- Copy the contents of the Code Box below to Notepad.
- Name the file as fix.reg
- Change the Save as Type to All Files
- and Save it on the desktop
Windows Registry Editor Version 5.00 [-HKEY_CLASSES_ROOT\Software\Wow6432Node\CLSID\422332B5] [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SOFTWARE\Wow6432Node\CLSID\422332B5]Make sure there are NO blank lines before Windows Registry Editor Version 5.00
Then double-click on the fix.reg file, and when it prompts to merge say yes.
=========================
In your next post please provide the following:
- Check status
- Any remaining issues?
OCD
Proud Graduate of WTT Classroom
Member of UNITE
Threads will be closed if no response after 5 days
Proud Graduate of WTT Classroom
Member of UNITE
Threads will be closed if no response after 5 days
If you are satisfied with the help you have received, please consider making a donation.
#59
jhurst
-
- Authentic Member
-
- 112 posts
Authentic Member
Posted 04 December 2013 - 06:06 PM
Hello -
Searching Adpeak returned no entries
Searching Getsavin returned no entries
Searching ScorpionSaver returned no entries.
Good news?
#60
OCD
-
- Malware Team
-
- 5,574 posts
SuperHelper
Posted 04 December 2013 - 09:45 PM
Hi jhurst,
Why don't you test the computer for a day or two. If all is well, then we'll clean up and send you on your way.
Why don't you test the computer for a day or two. If all is well, then we'll clean up and send you on your way.
OCD
Proud Graduate of WTT Classroom
Member of UNITE
Threads will be closed if no response after 5 days
Proud Graduate of WTT Classroom
Member of UNITE
Threads will be closed if no response after 5 days
If you are satisfied with the help you have received, please consider making a donation.
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
