Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93084 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Removing Scorpion Saver Adware/Malware [Solved]

Started by flyforever01 , Dec 14 2013 02:51 PM
scorpion savermalwarevirus PUP removal adware Adpeak help

  • This topic is locked This topic is locked
43 replies to this topic

#16 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 20 December 2013 - 06:40 AM

C:\Classified\Cal and Me  <<  That folder does not exist??? 


Posted Image
 
 

    Advertisements

Register to Remove

#17 flyforever01

flyforever01

    Authentic Member

  • Authentic Member
  • PipPip
  • 22 posts

Posted 20 December 2013 - 03:05 PM

Yes, that is correct. The file does not exist. I searched my computer. The only place the pictures are located are under C:\Qoobox\Quarantine\C\Classified\Cal and Me, as jpg.vir files.


#18 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 20 December 2013 - 08:07 PM

Hi,
 
Sorry for any confusion with this....I was lucky enough to have one of the Experts clarify something for me.  :)
 
We will come back to your pictures ok?
 
ComboFix

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
     
     

    ClearJavaCache::

    DDS::
    uStart Page = hxxp://search.findwide.com/?guid={CB53F4A3-220D-404C-A77A-C705DF790135}&serpv=22
    uInternet Settings,ProxyOverride = *.local;192.168.*.*

    File::
    c:\windows\system32\AdpeakProxy64.dll
    c:\windows\SysWow64\AdpeakProxy.dll

    Folder::
    c:\program files\ScorpionSaver Services

    Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

  • CFScriptB-4.gif
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
----------
 
81mYIKe.jpg  AdwCleaner

Double click on AdwCleaner.exe to run the tool again.

  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
  • This time, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

------------
 
 
Post the new ComboFix and AdwCleaner logs and then let me know how your system is running.  :)


Posted Image
 
 

#19 flyforever01

flyforever01

    Authentic Member

  • Authentic Member
  • PipPip
  • 22 posts

Posted 21 December 2013 - 01:19 AM

Hey Jeff,

 

Here's the results from the ComboFix program:

 

ComboFix 13-12-20.01 - Sierra Larson 12/21/2013   1:54.6.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3894.1167 [GMT -5:00]
Running from: c:\users\Sierra Larson\Desktop\ComboFix.exe
Command switches used :: c:\users\Sierra Larson\Desktop\CFScript.txt
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\AdpeakProxy64.dll"
"c:\windows\SysWow64\AdpeakProxy.dll"
.
.
(((((((((((((((((((((((((   Files Created from 2013-11-21 to 2013-12-21  )))))))))))))))))))))))))))))))
.
.
2013-12-21 07:11 . 2013-12-21 07:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-12-17 05:07 . 2013-12-17 05:10 -------- d-----w- C:\AdwCleaner
2013-12-17 04:57 . 2013-12-17 04:57 -------- d-----w- c:\program files (x86)\OpenIt
2013-12-15 18:03 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2013-12-15 18:03 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe
2013-12-15 18:03 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2013-12-15 18:03 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
2013-12-15 18:03 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll
2013-12-15 05:13 . 2013-10-30 02:32 335360 ----a-w- c:\windows\system32\msieftp.dll
2013-12-15 05:13 . 2013-10-30 02:19 301568 ----a-w- c:\windows\SysWow64\msieftp.dll
2013-12-15 05:13 . 2013-10-30 01:24 3155968 ----a-w- c:\windows\system32\win32k.sys
2013-12-15 05:11 . 2013-11-23 18:26 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-12-15 05:11 . 2013-11-23 17:47 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-12-15 05:08 . 2013-10-19 02:18 81408 ----a-w- c:\windows\system32\imagehlp.dll
2013-12-15 05:08 . 2013-10-19 01:36 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2013-12-15 05:03 . 2013-11-12 02:23 2048 ----a-w- c:\windows\system32\tzres.dll
2013-12-15 05:03 . 2013-11-12 02:07 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-12-15 05:03 . 2013-10-04 02:16 116736 ----a-w- c:\windows\system32\drivers\drmk.sys
2013-12-15 05:03 . 2013-10-04 01:36 230400 ----a-w- c:\windows\system32\drivers\portcls.sys
2013-12-15 04:57 . 2013-10-12 02:32 150016 ----a-w- c:\windows\system32\wshom.ocx
2013-12-15 04:57 . 2013-10-12 02:31 202752 ----a-w- c:\windows\system32\scrrun.dll
2013-12-15 04:57 . 2013-10-12 02:04 121856 ----a-w- c:\windows\SysWow64\wshom.ocx
2013-12-15 04:57 . 2013-10-12 01:33 156160 ----a-w- c:\windows\system32\cscript.exe
2013-12-15 04:57 . 2013-10-12 02:03 163840 ----a-w- c:\windows\SysWow64\scrrun.dll
2013-12-15 04:57 . 2013-10-12 01:33 168960 ----a-w- c:\windows\system32\wscript.exe
2013-12-15 04:57 . 2013-10-12 01:15 141824 ----a-w- c:\windows\SysWow64\wscript.exe
2013-12-15 04:57 . 2013-10-12 01:15 126976 ----a-w- c:\windows\SysWow64\cscript.exe
2013-12-14 20:30 . 2013-12-15 13:39 -------- d-----w- c:\programdata\TubeDimmer
2013-12-11 05:12 . 2009-07-14 01:14 1397248 ----a-w- c:\windows\SysWow64\win_utilman.exe
2013-12-11 05:12 . 2013-12-11 05:12 -------- d-----w- c:\users\Sierra Larson\AppData\Roaming\_MDLogs
2013-11-30 01:46 . 2013-10-14 23:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
2013-11-30 01:41 . 2013-11-30 01:41 977408 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-11-27 05:37 . 2013-11-27 05:37 -------- d-----w- c:\program files\Level Quality Watcher
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-12 02:30 . 2013-11-13 22:18 830464 ----a-w- c:\windows\system32\nshwfp.dll
2013-10-12 02:29 . 2013-11-13 22:18 859648 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-10-12 02:29 . 2013-11-13 22:18 324096 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2013-10-12 02:03 . 2013-11-13 22:18 656896 ----a-w- c:\windows\SysWow64\nshwfp.dll
2013-10-12 02:01 . 2013-11-13 22:18 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL
2013-10-05 20:25 . 2013-11-14 01:23 1474048 ----a-w- c:\windows\system32\crypt32.dll
2013-10-05 19:57 . 2013-11-14 01:23 1168384 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-10-04 02:28 . 2013-11-14 01:13 190464 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll
2013-10-04 02:25 . 2013-11-14 01:13 197120 ----a-w- c:\windows\system32\credui.dll
2013-10-04 02:24 . 2013-11-14 01:13 1930752 ----a-w- c:\windows\system32\authui.dll
2013-10-04 01:58 . 2013-11-14 01:13 152576 ----a-w- c:\windows\SysWow64\SmartcardCredentialProvider.dll
2013-10-04 01:56 . 2013-11-14 01:13 168960 ----a-w- c:\windows\SysWow64\credui.dll
2013-10-04 01:56 . 2013-11-14 01:13 1796096 ----a-w- c:\windows\SysWow64\authui.dll
2013-10-03 02:23 . 2013-11-13 22:19 404480 ----a-w- c:\windows\system32\gdi32.dll
2013-10-03 02:00 . 2013-11-13 22:19 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2013-09-28 01:09 . 2013-11-14 00:03 497152 ----a-w- c:\windows\system32\drivers\afd.sys
2013-09-25 02:26 . 2013-11-14 00:38 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2013-09-25 02:26 . 2013-11-14 00:38 154560 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-09-25 02:23 . 2013-11-14 00:38 28672 ----a-w- c:\windows\system32\sspisrv.dll
2013-09-25 02:23 . 2013-11-14 00:38 135680 ----a-w- c:\windows\system32\sspicli.dll
2013-09-25 02:23 . 2013-11-14 00:38 28160 ----a-w- c:\windows\system32\secur32.dll
2013-09-25 02:22 . 2013-11-14 00:38 340992 ----a-w- c:\windows\system32\schannel.dll
2013-09-25 02:21 . 2013-11-14 00:38 307200 ----a-w- c:\windows\system32\ncrypt.dll
2013-09-25 02:21 . 2013-11-14 00:38 1447936 ----a-w- c:\windows\system32\lsasrv.dll
2013-09-25 01:58 . 2013-11-14 00:38 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2013-09-25 01:57 . 2013-11-14 00:38 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2013-09-25 01:57 . 2013-11-14 00:38 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2013-09-25 01:56 . 2013-11-14 00:38 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2013-09-25 01:03 . 2013-11-14 00:38 30720 ----a-w- c:\windows\system32\lsass.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{10AD2C61-0898-4348-8600-14A342F22AC3}]
c:\program files (x86)\ScorpionSaver\IECore.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{7C8D4A29-2DC9-4970-83B8-1E51B961E00F}"= "c:\users\Sierra Larson\AppData\Local\TNT2\Profiles\10743\passport.dll" [2013-11-04 11520]
.
[HKEY_CLASSES_ROOT\clsid\{7c8d4a29-2dc9-4970-83b8-1e51b961e00f}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-11-15 20588704]
"Updater"="c:\programdata\Updater\updater.exe" [2013-09-25 297336]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-01-13 283160]
"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-02-15 94264]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-03-05 578944]
"FaxCenterServer"="c:\program files (x86)\Lexmark Fax Solutions\fm3032.exe" [2007-06-11 312240]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"Updater"="c:\programdata\Updater\Updater.exe" [2013-09-25 297336]
.
c:\users\Sierra Larson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 228552]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~3\BitGuard\271832~1.68\{C16C1~1\BitGuard.dll
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxddserv.exe;c:\windows\SYSNATIVE\spool\DRIVERS\x64\3\\lxddserv.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys;c:\windows\SYSNATIVE\DRIVERS\motfilt.sys [x]
R3 ExpressInvoiceService;Express Invoice;c:\program files (x86)\NCH Software\ExpressInvoice\expressinvoice.exe;c:\program files (x86)\NCH Software\ExpressInvoice\expressinvoice.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys;c:\windows\SYSNATIVE\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys;c:\windows\SYSNATIVE\DRIVERS\motccgpfl.sys [x]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys;c:\windows\SYSNATIVE\DRIVERS\Motousbnet.sys [x]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys;c:\windows\SYSNATIVE\DRIVERS\motusbdevice.sys [x]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1207020.003\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1207020.003\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20130502.001\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20130502.001\BHDrvx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20130505.002\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20130505.002\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1207020.003\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1207020.003\SYMNETS.SYS [x]
S2 BitGuard;BitGuard;c:\programdata\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe;c:\programdata\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe [x]
S2 DeviceMonitorService;DeviceMonitorService;c:\program files (x86)\Motorola Media Link\Lite\NServiceEntry.exe;c:\program files (x86)\Motorola Media Link\Lite\NServiceEntry.exe [x]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe;c:\windows\SYSNATIVE\ezSharedSvcHost.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe;c:\windows\SYSNATIVE\lxddcoms.exe [x]
S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [x]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe;c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [x]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 hpCMSrv;HP Connection Manager 4.0 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-11 04:32 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-25 01:20]
.
2013-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-25 01:20]
.
2013-12-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1565193607-854521613-1741241799-1001Core.job
- c:\users\Sierra Larson\AppData\Local\Google\Update\GoogleUpdate.exe [2013-04-03 01:20]
.
2013-12-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1565193607-854521613-1741241799-1001UA.job
- c:\users\Sierra Larson\AppData\Local\Google\Update\GoogleUpdate.exe [2013-04-03 01:20]
.
2013-12-19 c:\windows\Tasks\HPCeeScheduleForSIERRALARSON-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7C8D4A29-2DC9-4970-83B8-1E51B961E00F}"= "c:\users\Sierra Larson\AppData\Local\TNT2\Profiles\10743\passport64.dll" [2013-11-04 12032]
.
[HKEY_CLASSES_ROOT\CLSID\{7C8D4A29-2DC9-4970-83B8-1E51B961E00F}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-21 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-21 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-01-21 418328]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-02-15 1128448]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"lxddmon.exe"="c:\program files (x86)\Lexmark 2500 Series\lxddmon.exe" [2007-06-11 291760]
"lxddamon"="c:\program files (x86)\Lexmark 2500 Series\lxddamon.exe" [2007-04-30 20480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.254.254
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-12-21  02:17:24
ComboFix-quarantined-files.txt  2013-12-21 07:17
ComboFix2.txt  2013-12-20 03:56
ComboFix3.txt  2013-12-20 03:25
ComboFix4.txt  2013-12-19 16:07
ComboFix5.txt  2013-12-21 06:51
.
Pre-Run: 387,686,285,312 bytes free
Post-Run: 387,198,124,032 bytes free
.
- - End Of File - - 6EE82D6BFB8C542062703E4BD6FB6030

#20 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 21 December 2013 - 09:10 AM

Good....when you get the log from AdwCleaner please post that as well.  :)


Posted Image
 
 

#21 flyforever01

flyforever01

    Authentic Member

  • Authentic Member
  • PipPip
  • 22 posts

Posted 21 December 2013 - 04:53 PM

Hi Jeff,

 

Here is the log report from AdwCleaner.

 

# AdwCleaner v3.015 - Report created 21/12/2013 at 12:48:31
# Updated 10/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Sierra Larson - SIERRALARSON-HP
# Running from : C:\Users\Sierra Larson\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
Service Deleted : BitGuard
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\AOL Toolbar
Folder Deleted : C:\ProgramData\Babylon
[!] Folder Deleted : C:\ProgramData\BitGuard
Folder Deleted : C:\ProgramData\Free Ride Games
Folder Deleted : C:\ProgramData\NCH Software
Folder Deleted : C:\ProgramData\PCFixSpeed
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\TubeDimmer
Folder Deleted : C:\ProgramData\Uniblue\DriverScanner
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RebateInformer
Folder Deleted : C:\Program Files (x86)\AOL Toolbar
Folder Deleted : C:\Program Files (x86)\AppGraffiti
Folder Deleted : C:\Program Files (x86)\Free Ride Games
Folder Deleted : C:\Program Files (x86)\Inbox Toolbar
Folder Deleted : C:\Program Files (x86)\Level Quality Watcher
Folder Deleted : C:\Program Files (x86)\NCH Software
Folder Deleted : C:\Program Files (x86)\openit
Folder Deleted : C:\Program Files (x86)\PCFixSpeed
Folder Deleted : C:\Program Files (x86)\Playbryte
Folder Deleted : C:\Program Files (x86)\RebateInformer
Folder Deleted : C:\Program Files (x86)\SearchYa!
Folder Deleted : C:\Program Files (x86)\SiteRanker
Folder Deleted : C:\Program Files (x86)\Uniblue\DriverScanner
Folder Deleted : C:\Program Files (x86)\Wajam
Folder Deleted : C:\Program Files (x86)\Solid Savings
Folder Deleted : C:\Program Files\Level Quality Watcher
Folder Deleted : C:\Users\Sierra Larson\AppData\Local\GameFlakeSA
Folder Deleted : C:\Users\Sierra Larson\AppData\Local\iLivid
Folder Deleted : C:\Users\Sierra Larson\AppData\Local\Wajam
Folder Deleted : C:\Users\Sierra Larson\AppData\Local\Solid Savings
Folder Deleted : C:\Users\Sierra Larson\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Sierra Larson\AppData\LocalLow\Delta
Folder Deleted : C:\Users\Sierra Larson\AppData\LocalLow\Inbox Toolbar
Folder Deleted : C:\Users\Sierra Larson\AppData\LocalLow\Playbryte
Folder Deleted : C:\Users\Sierra Larson\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Sierra Larson\AppData\Roaming\file scout
[x] Not Deleted : C:\Users\Sierra Larson\AppData\Roaming\NCH Software
Folder Deleted : C:\Users\Sierra Larson\AppData\Roaming\PCFixSpeed
Folder Deleted : C:\Users\Sierra Larson\AppData\Roaming\Uniblue\DriverScanner
Folder Deleted : C:\Users\Sierra Larson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
[x] Not Deleted : C:\Users\Public\Desktop\eBay.lnk
File Deleted : C:\Windows\SysWOW64\AdpeakProxy.ini
File Deleted : C:\Windows\SysWOW64\AdpeakProxyOff.ini
File Deleted : C:\Windows\System32\AdpeakProxy.ini
File Deleted : C:\Windows\System32\AdpeakProxyOff.ini
File Deleted : C:\Users\Sierra Larson\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage
File Deleted : C:\Users\Sierra Larson\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.delta-search.com_0.localstorage
File Deleted : C:\Users\Sierra Larson\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.delta-search.com_0.localstorage-journal
[x] Not Deleted : C:\Windows\System32\Tasks\NCH Software
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKLM\SOFTWARE\Classes\*\shell\filescout
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKCU\Software\5e6888ab06aed46
Key Deleted : HKLM\SOFTWARE\5e6888ab06aed46

#22 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 21 December 2013 - 05:09 PM

Good job.....How is your system running?  :)


Posted Image
 
 

#23 flyforever01

flyforever01

    Authentic Member

  • Authentic Member
  • PipPip
  • 22 posts

Posted 22 December 2013 - 12:50 AM

It's working better, but I still have this thing called "Friends Checker" that is underlining and linking words in my web pages. It's not an extension on my browser. How do I get rid of that?


#24 flyforever01

flyforever01

    Authentic Member

  • Authentic Member
  • PipPip
  • 22 posts

Posted 22 December 2013 - 01:21 AM

It's working better, but I still have this thing called "Friends Checker" that is underlining and linking words in my web pages. It's not an extension on my browser. How do I get rid of that?


#25 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 22 December 2013 - 07:37 AM

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

------------
 

VBJ9QO9.jpgJava
 
Please go to Start > Control Panel > Programs and Features > uninstall all the Java Programs you see, now download the latest Java from the following link and install it:
 
http://java.com/en/download/index.jsp
----------
 
See this page for instructions on how to clear java's cache.
 
Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup)

  • Under Temporary Internet Files, click the Delete Files button.
  • There are three options in the window to clear the cache - Leave ALL 3 Checked
    • Downloaded Applets
      Downloaded Applications
      Installed Applications and Applets
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Java Control Panel.

----------
 

GUZVCQN.jpg Please download Malwarebytes Anti-Malware to your desktop.

  • Right-click and Run as Administrator mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Full scan, then click Scan as shown below.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
  • The log can also be found here:
     
    Windows 2000 & Windows XP:
    C:\Documents and Settings\<USERNAME>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs
     
    Windows Vista & Win7:
    C:\Users\<USERNAME>\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs
    ----------
     

    ESET Online Scanner
     
    Go here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator
    • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
    • Turn off the real time scanner of any existing antivirus program while performing the online scan
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the activex control to install
    • Click Start
    • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
    • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
    • Click Scan
    • Wait for the scan to finish
    • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
    • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
    • Close the ESET online scan, and let me know how things are now.
    ----------

Posted Image
 
 

    Advertisements

Register to Remove

#26 flyforever01

flyforever01

    Authentic Member

  • Authentic Member
  • PipPip
  • 22 posts

Posted 25 December 2013 - 08:25 PM

Here is the Junkware Removal log:

 

Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by Sierra Larson on Wed 12/25/2013 at 21:07:23.97
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\dynconie
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1565193607-854521613-1741241799-1001\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{FEC26096-9730-4EDD-AD86-96C5C675EDC4}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{FEC26096-9730-4EDD-AD86-96C5C675EDC4}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10AD2C61-0898-4348-8600-14A342F22AC3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{10AD2C61-0898-4348-8600-14A342F22AC3}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Users\Sierra Larson\AppData\Roaming\onlinevault"
Successfully deleted: [Folder] "C:\Users\Sierra Larson\appdata\locallow\vgrabber_v1"
Successfully deleted: [Folder] "C:\Program Files (x86)\buzzsocialpoints_dns_ie"
Successfully deleted: [Folder] "C:\Program Files (x86)\onlinevault"
Successfully deleted: [Folder] "C:\Program Files (x86)\vgrabber_v1"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\pc fix speed"
Successfully deleted: [Empty Folder] C:\Users\Sierra Larson\appdata\local\{0180E3BE-43EB-416B-95E0-B494189B73CD}
Successfully deleted: [Empty Folder] C:\Users\Sierra Larson\appdata\local\{0247C46F-7A59-4E5E-BA94-C311AEE0FF69}
Successfully deleted: [Empty Folder] C:\Users\Sierra Larson\appdata\local\{03CE89D7-B772-42CA-B8EE-45703D2A11C2}
Successfully deleted: [Empty Folder] C:\Users\Sierra Larson\appdata\local\{06D7DACA-3114-493F-A26C-9F5881EB82D5}
Successfully deleted: [Empty Folder] C:\Users\Sierra Larson\appdata\local\{07A8220F-4D1D-4770-9253-3265653391E8}
Successfully deleted: [Empty Folder] C:\Users\Sierra Larson\appdata\local\{08EC04DF-C1C9-4CC2-8588-BC4A90306382}
Successfully deleted: [Empty Folder] C:\Users\Sierra Larson\appdata\local\{0B40B89D-7FA5-4586-ABFD-119CF8B89ADE}
Successfully deleted: [Empty Folder] C:\Users\Sierra Larson\appdata\local\{160428F9-8B7E-4634-B877-DDEA4741CD74}
Successfully deleted: [Empty Folder] C:\Users\Sierra Larson\appdata\local\{18F4A62A-222C-4A16-9C72-56F4149F62FA}
Successfully deleted: [Empty Folder] C:\Users\Sierra Larson\appdata\local\{196BF91C-BB46-4B28-9749-3C11FD0E35F5}
Successfully deleted: [Empty Folder] C:\Users\Sierra Larson\appdata\local\{205C6323-10C2-4CE2-B353-4CBA23784CED}
Successfully deleted: [Empty Folder] C:\Users\Sierra Larson\appdata\local\{21419E5E-7030-4B98-B1F8-88A4A7678B68}
Successfully deleted: [Empty Folder] C:\Users\Sierra Larson\appdata\local\{2150CA4A-0AB7-456C-927E-4590439F9761}
Successfully deleted: [Empty Folder] C:\Users\Sierra Larson\appdata\local\{218C4E41-D231-48D9-8D85-6AAC473592CD}
Successfully deleted: [Empty Folder] C:\Users\Sierra Larson\appdata\local\{2260D045-4177-4CE8-B6C1-2A32E7C5C7AC}
Successfully deleted: [Empty Folder] C:\Users\Sierra Larson\appdata\local\{267ACB9E-0114-4926-AD7B-2CC9A3402D65}
Successfully deleted: [Empty Folder] C:\Users\Sierra Larson\appdata\local\{2D1CE70A-4E1D-4059-BBDC-65C5E3AA71CC}
Successfully deleted: [Empty Folder] C:\Users\Sierra Larson\appdata\local\{3169FE10-1F70-45AA-B18D-15E787B94715}
Successfully deleted: [Empty Folder] C:\Users\Sierra Larson\appdata\local\{356EACF1-D7B0-4614-8588-4476E3DCEB15}
Successfully deleted: [Empty Folder] C:\Users\Sierra Larson\appdata\local\{37849EF8-D0D5-4EDF-AB77-58CC0F18946F}
Successfully deleted: [Empty Folder] C:\Users\Sierra Larson\appdata\local\{3B85B5E6-306C-4D18-A81E-52328F48571E}
Successfully deleted: [Empty Folder] C:\Users\Sierra Larson\appdata\local\{3C4055C3-4FF2-4009-AABE-1ED5E9004FD2}
Successfully deleted: [Empty Folder] C:\Users\Sierra Larson\appdata\local\{3D251819-9EBB-41ED-8AE7-B09C6694EBF8}
Successfully deleted: [Empty Folder] C:\Users\Sierra Larson\appdata\local\{3FD2AEF7-9518-4DB6-A433-DB0D0E8236D2}
Successfully deleted: [Empty Folder] C:\Users\Sierra Larson\appdata\local\{422F3D15-B2D5-4FF2-AACB-97B099D170F8}
Successfully deleted: [Empty Folder] C:\Users\Sierra Larson\appdata\local\{439E6A40-54CF-4ED8-9C07-282D05D69771}
Successfully deleted: [Empty Folder] C:\Users\Sierra Larson\appdata\local\{47353476-3832-4800-AE03-898163C0EB90}
Successfully deleted: [Empty Folder] C:\Users\Sierra Larson\appdata\local\{47C29E4D-65D6-4F79-B1B9-8C66530851F2}
Successfully deleted: [Empty Folder] C:\Users\Sierra Larson\appdata\local\{4AABD565-9BCF-4744-B060-A0097F3BCF27}
Successfully deleted: [Empty Folder] C:\Users\Sierra Larson\appdata\local\{4E35B2DF-0BE5-4BA3-8C73-B5AE7DEA0DA6}
Successfully deleted: [Empty Folder] C:\Users\Sierra Larson\appdata\local\{5126F62B-D4C2-4BF7-A6CB-53737854340A}
Successfully deleted: [Empty Folder] C:\Users\Sierra Larson\appdata\local\{5392C9B7-26B1-47FD-9C9F-40EAB89A2867}
Successfully deleted: [Empty Folder] C:\Users\Sierra Larson\appdata\local\{566FB44D-0576-430B-9998-A44657229450}
Successfully deleted: [Empty Folder] C:\Users\Sierra Larson\appdata\local\{57F2AC27-1221-4095-B688-9D2CAABF3271}
Successfully deleted: [Empty Folder] C:\Users\Sierra Larson\appdata\local\{5815FD61-2952-44BD-9647-5EB9AE54C512}
Successfully deleted: [Empty Folder] C:\Users\Sierra Larson\appdata\local\{5930B263-1D01-4A63-BF33-AF436BD5B9F3}
Successfully deleted: [Empty Folder] C:\Users\Sierra Larson\appdata\local\{59D94DF8-28B8-4E10-AAA0-06C7578ADCBC}
Successfully deleted: [Empty Folder] C:\Users\Sierra Larson\appdata\local\{5A3AF51C-47DB-46F9-AAF5-4080843C15F8}
Successfully deleted: [Empty Folder] C:\Users\Sierra Larson\appdata\local\{5BF301E0-EDC1-404C-9026-86CE4CF00418}
Successfully deleted: [Empty Folder] C:\Users\Sierra Larson\appdata\local\{5DD0252F-4373-41F4-A1E5-9F2CA8A3BD2E}
Successfully deleted: [Empty Folder] C:\Users\Sierra Larson\appdata\local\{5FA3A2D5-4C39-43C3-81E0-14A50E7556D4}
Successfully deleted: [Empty Folder] C:\Users\Sierra Larson\appdata\local\{633AF31B-FB84-44FC-B1D9-869E9DD81DE7}
Successfully deleted: [Empty Folder] C:\Users\Sierra Larson\appdata\local\{68808BFC-362D-4285-825B-9CD532FA3789}
Successfully deleted: [Empty Folder] C:\Users\Sierra Larson\appdata\local\{6B1CCDE2-12D8-4217-829B-1D8790AE23A9}
Successfully deleted: [Empty Folder] C:\Users\Sierra Larson\appdata\local\{6E531330-4C32-4FDC-BED4-55D199B6AF78}
Successfully deleted: [Empty Folder] C:\Users\Sierra Larson\appdata\local\{6E8F72F8-91D0-4211-8AA4-8166C5B063DD}
Successfully deleted: [Empty Folder] C:\Users\Sierra Larson\appdata\local\{70451961-D048-4746-BAB3-62EF21E0A704}
Successfully deleted: [Empty Folder] C:\Users\Sierra Larson\appdata\local\{71E2C44B-7560-4D2B-87E5-8C614EE2EA8F}
Successfully deleted: [Empty Folder] C:\Users\Sierra Larson\appdata\local\{72B00BD6-4E7A-4702-BC07-C905D576E86B}
Successfully deleted: [Empty Folder] C:\Users\Sierra Larson\appdata\local\{780FA2F6-5EFF-4658-BE77-D7EEA1F22FF3}
Successfully deleted: [Empty Folder] C:\Users\Sierra Larson\appdata\local\{784CD866-201F-48E9-BFFA-269950019379}
Successfully deleted: [Empty Folder] C:\Users\Sierra Larson\appdata\local\{7984C131-69C9-4845-A638-169628E35C7D}
Successfully deleted: [Empty Folder] C:\Users\Sierra Larson\appdata\local\{7AB0860E-35D6-47AD-A540-A0FB670F6679}
Successfully deleted: [Empty Folder] C:\Users\Sierra Larson\appdata\local\{7AEAE6D3-87EF-4A6B-92B5-5D249A513684}
Successfully deleted: [Empty Folder] C:\Users\Sierra Larson\appdata\local\{800D15E8-672B-4D2A-AB3C-803716BCB7D1}
Successfully deleted: [Empty Folder] C:\Users\Sierra Larson\appdata\local\{806B2C22-662E-4E76-A794-6C28FD256241}
Successfully deleted: [Empty Folder] C:\Users\Sierra Larson\appdata\local\{8083068B-BD5D-4D9C-A67F-45600B590241}
Successfully deleted: [Empty Folder] C:\Users\Sierra Larson\appdata\local\{80D2902A-8A3B-4076-9608-8AA6C7141537}
Successfully deleted: [Empty Folder] C:\Users\Sierra Larson\appdata\local\{83734B34-DD70-4A50-9B17-64D784E5E2CC}
Successfully deleted: [Empty Folder] C:\Users\Sierra Larson\appdata\local\{8381B740-6BF2-4281-9D84-6D7AD2D78AAE}
Successfully deleted: [Empty Folder] C:\Users\Sierra Larson\appdata\local\{83B17F4F-B567-4E21-B9DB-5FAD716BC83D}
Successfully deleted: [Empty Folder] C:\Users\Sierra Larson\appdata\local\{896DBC63-7522-473F-8C8B-172A65DC80C0}
Successfully deleted: [Empty Folder] C:\Users\Sierra Larson\appdata\local\{899A17AA-80F5-4F14-B308-7017100F7E4A}
Successfully deleted: [Empty Folder] C:\Users\Sierra Larson\appdata\local\{89F1DCED-524F-498D-8E37-6D62FC717B8C}
Successfully deleted: [Empty Folder] C:\Users\Sierra Larson\appdata\local\{8D55C866-7FD0-49A1-8513-E0145885EC29}
Successfully deleted: [Empty Folder] C:\Users\Sierra Larson\appdata\local\{903E4944-17C3-41B2-A70F-BA4050413C1B}
Successfully deleted: [Empty Folder] C:\Users\Sierra Larson\appdata\local\{936271AC-6B15-4816-B764-6EB6AC8E4DEF}
Successfully deleted: [Empty Folder] C:\Users\Sierra Larson\appdata\local\{966E639F-276A-44FD-A42B-27645829D578}
Successfully deleted: [Empty Folder] C:\Users\Sierra Larson\appdata\local\{9DD2DA45-4CDD-4833-A6BA-AE9D5AAA77CF}
Successfully deleted: [Empty Folder] C:\Users\Sierra Larson\appdata\local\{A53524E1-8C46-45FC-BE67-F36286EDBEF7}
Successfully deleted: [Empty Folder] C:\Users\Sierra Larson\appdata\local\{A5653D8F-4ACB-486B-9DCA-05BB43DCB35D}
Successfully deleted: [Empty Folder] C:\Users\Sierra Larson\appdata\local\{A8CF8E3F-2D20-44E5-822E-F836F20B3918}
Successfully deleted: [Empty Folder] C:\Users\Sierra Larson\appdata\local\{A9FF6F96-F5FB-4B25-86C9-22EFB7019D5D}
Successfully deleted: [Empty Folder] C:\Users\Sierra Larson\appdata\local\{B60AA5B1-0CE3-47B4-86BF-3CF8D5AB2920}
Successfully deleted: [Empty Folder] C:\Users\Sierra Larson\appdata\local\{B85FB548-EA71-48F0-9B7E-FD443B3CCF15}
Successfully deleted: [Empty Folder] C:\Users\Sierra Larson\appdata\local\{B95416E8-CC5B-4628-8BB9-F2C817042714}
Successfully deleted: [Empty Folder] C:\Users\Sierra Larson\appdata\local\{BB761D2E-2301-4243-A76D-2FA49F130680}
Successfully deleted: [Empty Folder] C:\Users\Sierra Larson\appdata\local\{BDD4CD1D-7142-43AE-B5CC-943DA92F9793}
Successfully deleted: [Empty Folder] C:\Users\Sierra Larson\appdata\local\{BEB8B663-8B52-4E51-9226-118D027D9199}
Successfully deleted: [Empty Folder] C:\Users\Sierra Larson\appdata\local\{BFDA5D31-26C2-479B-B1E6-7A0DACA97943}
Successfully deleted: [Empty Folder] C:\Users\Sierra Larson\appdata\local\{C00D2BD6-657E-476D-B386-23F3695997CD}
Successfully deleted: [Empty Folder] C:\Users\Sierra Larson\appdata\local\{C4F8A329-CEEF-4565-AFD8-08A5931DF4FC}
Successfully deleted: [Empty Folder] C:\Users\Sierra Larson\appdata\local\{C5FDB7A0-7086-409A-A9FD-E54F8412F7C7}
Successfully deleted: [Empty Folder] C:\Users\Sierra Larson\appdata\local\{CB315D79-65E4-46C0-97E6-BC9FF877668D}
Successfully deleted: [Empty Folder] C:\Users\Sierra Larson\appdata\local\{CCA613DA-7D02-47FF-B11F-DD5D527BAA0B}
Successfully deleted: [Empty Folder] C:\Users\Sierra Larson\appdata\local\{CDD7242E-2B19-4428-8DC1-787FABC18796}
Successfully deleted: [Empty Folder] C:\Users\Sierra Larson\appdata\local\{D487BD0D-CA1A-4817-8F65-BA8AEBF6A100}
Successfully deleted: [Empty Folder] C:\Users\Sierra Larson\appdata\local\{D819B6F8-238C-4295-98B9-88A5695AE7E2}
Successfully deleted: [Empty Folder] C:\Users\Sierra Larson\appdata\local\{D9F38852-A579-4E89-B53D-AF8EEF287826}
Successfully deleted: [Empty Folder] C:\Users\Sierra Larson\appdata\local\{DAF38492-C386-4373-98D4-CD8E371A8D40}
Successfully deleted: [Empty Folder] C:\Users\Sierra Larson\appdata\local\{DB347928-26B8-4389-9B14-76C3DFEC09AF}
Successfully deleted: [Empty Folder] C:\Users\Sierra Larson\appdata\local\{E01E0FA9-426E-453B-88AC-E0362C34D864}
Successfully deleted: [Empty Folder] C:\Users\Sierra Larson\appdata\local\{E4312BF2-8682-44FF-9933-BFB9E1FA03F7}
Successfully deleted: [Empty Folder] C:\Users\Sierra Larson\appdata\local\{E6CD73DA-C124-4F1B-86A3-260CF1264ED8}
Successfully deleted: [Empty Folder] C:\Users\Sierra Larson\appdata\local\{EBC0FBA1-417E-4611-8B35-AF3CA9BD4DD3}
Successfully deleted: [Empty Folder] C:\Users\Sierra Larson\appdata\local\{EC8BC82F-F9DD-4896-ABC3-6A307EDEAC4A}
Successfully deleted: [Empty Folder] C:\Users\Sierra Larson\appdata\local\{ED0576A8-9E50-4A5A-A451-FCEAC03BDDF1}
Successfully deleted: [Empty Folder] C:\Users\Sierra Larson\appdata\local\{F3BADCDB-57DC-445A-A3DE-770D3F186B82}
Successfully deleted: [Empty Folder] C:\Users\Sierra Larson\appdata\local\{F9023549-A0C5-4E1E-850C-975D627E8A43}
Successfully deleted: [Empty Folder] C:\Users\Sierra Larson\appdata\local\{FF5076D2-CEC6-4C3C-A690-F55CF69F5411}
Successfully deleted: [Empty Folder] C:\Users\Sierra Larson\appdata\local\{FFCC7FD5-C2AE-4BBF-A7FC-0E3C02D11D08}
 
 
 
~~~ Chrome
 
Successfully deleted: [Folder] C:\Users\Sierra Larson\appdata\local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 12/25/2013 at 21:19:44.94
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#27 flyforever01

flyforever01

    Authentic Member

  • Authentic Member
  • PipPip
  • 22 posts

Posted 25 December 2013 - 11:00 PM

This is the Malware Scan log:

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.12.26.02
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Sierra Larson :: SIERRALARSON-HP [administrator]
 
Protection: Enabled
 
12/25/2013 10:15:58 PM
mbam-log-2013-12-25 (22-15-58).txt
 
Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 419044
Time elapsed: 1 hour(s), 16 minute(s), 44 second(s)
 
Memory Processes Detected: 6
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Trojan.Sefnit) -> 1488 -> Delete on reboot.
C:\ProgramData\RHelpers\ChromeHelper\ChromeHelper.exe (PUP.Optional.SearchDonkey.A) -> 3288 -> Delete on reboot.
C:\ProgramData\RHelpers\FirefoxHelper\FirefoxHelper.exe (PUP.Optional.SearchDonkey.A) -> 996 -> Delete on reboot.
C:\ProgramData\RHelpers\IeHelper\IeHelper.exe (PUP.Optional.SearchDonkey.A) -> 4764 -> Delete on reboot.
C:\ProgramData\Updater\updater.exe (PUP.Optional.TubeDimmer) -> 12388 -> Delete on reboot.
C:\ProgramData\Updater\updater.exe (Trojan.Agent) -> 12388 -> Delete on reboot.
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 7
HKLM\SYSTEM\CurrentControlSet\Services\AdobeFlashPlayerUpdateSvc (Trojan.Sefnit) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FLASHPLAYERUPDATESERVICE.EXE (Trojan.Sefnit) -> Quarantined and deleted successfully.
HKCR\AppID\AdpeakProxy.exe (PUP.Optional.Adpeak) -> Quarantined and deleted successfully.
HKCR\Wow6432Node\AppID\AdpeakProxy.exe (PUP.Optional.Adpeak) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{19DC5AB8-0792-4875-8F1B-896C5A9CE6AE} (PUP.Optional.Adpeak) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Wow6432Node\Adpeak, Inc. (PUP.Optional.Adpeak) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\INTERNETUPDATER (PUP.Optional.InternetUpdater.A) -> Quarantined and deleted successfully.
 
Registry Values Detected: 6
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Updater (PUP.Optional.TubeDimmer) -> Data: C:\ProgramData\Updater\Updater.exe -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Updater (PUP.Optional.TubeDimmer) -> Data: C:\ProgramData\Updater\updater.exe -> Quarantined and deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Updater (Trojan.Agent) -> Data: C:\ProgramData\Updater\updater.exe -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Updater (Trojan.Agent) -> Data: C:\ProgramData\Updater\Updater.exe -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{19DC5AB8-0792-4875-8F1B-896C5A9CE6AE}|DisplayName (PUP.Optional.Adpeak) -> Data: Level Quality Watcher -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\InternetUpdater|ImagePath (PUP.Optional.InternetUpdater.A) -> Data: "C:\ProgramData\InternetUpdater\InternetUpdaterService.exe" -> Quarantined and deleted successfully.
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 8
C:\Program Files (x86)\Unfriend Checker\FF\chrome (PUP.Optional.UnFriendChecker) -> No action taken.
C:\ProgramData\InternetUpdater (PUP.Optional.InternetUpdater.A) -> Delete on reboot.
C:\Program Files (x86)\Unfriend Checker (PUP.Optional.UnFriendChecker) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Unfriend Checker\FF (PUP.Optional.UnFriendChecker) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Unfriend Checker\FF\chrome\content (PUP.Optional.UnFriendChecker) -> Quarantined and deleted successfully.
C:\ProgramData\RHelpers\ChromeHelper (PUP.Optional.Searchagent) -> Delete on reboot.
C:\ProgramData\RHelpers\FirefoxHelper (PUP.Optional.Searchagent) -> Delete on reboot.
C:\ProgramData\RHelpers\IeHelper (PUP.Optional.Searchagent) -> Delete on reboot.
 
Files Detected: 50
C:\Temp\ScorpionSaver.msi (PUP.Optional.Adpeak) -> No action taken.
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Trojan.Sefnit) -> Delete on reboot.
C:\ProgramData\RHelpers\ChromeHelper\ChromeHelper.exe (PUP.Optional.SearchDonkey.A) -> Delete on reboot.
C:\ProgramData\RHelpers\FirefoxHelper\FirefoxHelper.exe (PUP.Optional.SearchDonkey.A) -> Delete on reboot.
C:\ProgramData\RHelpers\IeHelper\IeHelper.exe (PUP.Optional.SearchDonkey.A) -> Delete on reboot.
C:\ProgramData\Updater\updater.exe (PUP.Optional.TubeDimmer) -> Delete on reboot.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Level Quality Watcher\LevelQualityWatcher32.exe.vir (PUP.Optional.Adpeak) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Users\Sierra Larson\AppData\Roaming\file scout\filescout.exe.vir (PUP.Optional.FileScout.A) -> Quarantined and deleted successfully.
C:\ProgramData\InternetUpdater\InternetUpdaterService.exe (PUP.Optional.InternetUpdater.A) -> Delete on reboot.
C:\Qoobox\Quarantine\C\Program Files\ScorpionSaver Services\AdpeakProxy.dll.vir (PUP.Optional.Adpeak) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\ScorpionSaver Services\AdpeakProxy.exe.vir (PUP.Optional.Adpeak) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\ScorpionSaver Services\AdpeakProxy64.dll.vir (PUP.Optional.Adpeak) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\ScorpionSaver Services\AdpeakRegisterLSP.exe.vir (PUP.Optional.Adpeak) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\ScorpionSaver Services\AdpeakRegisterLSP64.exe.vir (PUP.Optional.Adpeak) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\ScorpionSaver Services\Installbat.dll.vir (PUP.Optional.Adpeak) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\ScorpionSaver Services\InstallDLL.dll.vir (PUP.Optional.Adpeak) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\ScorpionSaver Services\InstallDLL64.dll.vir (PUP.Optional.Adpeak) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\ScorpionSaver Services\PCProxyDLL.dll.vir (PUP.Optional.Adpeak) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files (x86)\ScorpionSaver\CustomActionUninstall.vir (Adware.Adpeak) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Windows\System32\AdpeakProxy64.dll.vir (PUP.Optional.Adpeak) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Windows\SysWOW64\AdpeakProxy.dll.vir (PUP.Optional.Adpeak) -> Quarantined and deleted successfully.
C:\Temp\InstallServices64.msi (PUP.Optional.Adpeak) -> Quarantined and deleted successfully.
C:\Temp\scorpionsaver.exe (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.
C:\Temp\ScorpionSaver.msi (Adware.Adpeak) -> Quarantined and deleted successfully.
C:\Users\Sierra Larson\Downloads\FlashPlayer_V.49163382c.exe (Adware.DomaIQ) -> Quarantined and deleted successfully.
C:\Users\Sierra Larson\Downloads\gimp-setup.exe (PUP.Optional.DownloadAdmin.A) -> Quarantined and deleted successfully.
C:\Users\Sierra Larson\Downloads\IWantThis.exe (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
C:\Users\Sierra Larson\Downloads\movie_player_1280.exe (PUP.Optional.InstallIQ.A) -> Quarantined and deleted successfully.
C:\Users\Sierra Larson\Downloads\movie_player_d998173.exe (PUP.Optional.InstallIQ.A) -> Quarantined and deleted successfully.
C:\Users\Sierra Larson\Downloads\Player_Plugin (1).exe (PUP.Optional.BundleInstaller.A) -> Quarantined and deleted successfully.
C:\Users\Sierra Larson\Downloads\Player_Plugin.exe (PUP.Optional.BundleInstaller.A) -> Quarantined and deleted successfully.
C:\Users\Sierra Larson\Downloads\SoftonicDownloader_for_jeta-logo-designer.exe (PUP.Optional.Softonic.A) -> Quarantined and deleted successfully.
C:\Users\Sierra Larson\Downloads\video-media-download_setup (1).exe (PUP.Downware) -> Quarantined and deleted successfully.
C:\Users\Sierra Larson\Downloads\video-media-download_setup.exe (PUP.Downware) -> Quarantined and deleted successfully.
C:\Users\Sierra Larson\Downloads\ZNES.exe (PUP.Optional.IBryte) -> Quarantined and deleted successfully.
C:\Windows\Installer\404d7e59.msi (PUP.Optional.Adpeak) -> Quarantined and deleted successfully.
C:\Windows\Installer\5f956285.msi (PUP.Optional.Adpeak) -> Quarantined and deleted successfully.
C:\Windows\Installer\5f9a5c3e.msi (Adware.Adpeak) -> Quarantined and deleted successfully.
C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Trojan.Sefnit) -> Delete on reboot.
C:\ProgramData\InternetUpdater\InternetUpdater.ico (PUP.Optional.InternetUpdater.A) -> Quarantined and deleted successfully.
C:\ProgramData\InternetUpdater\app.dat (PUP.Optional.InternetUpdater.A) -> Quarantined and deleted successfully.
C:\ProgramData\InternetUpdater\data.dat (PUP.Optional.InternetUpdater.A) -> Quarantined and deleted successfully.
C:\ProgramData\InternetUpdater\InternetUpdaterService.exe.config (PUP.Optional.InternetUpdater.A) -> Quarantined and deleted successfully.
C:\ProgramData\InternetUpdater\Uninstall.exe (PUP.Optional.InternetUpdater.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Unfriend Checker\r.log (PUP.Optional.UnFriendChecker) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Unfriend Checker\chrome.crx (PUP.Optional.UnFriendChecker) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Unfriend Checker\FF\install.rdf (PUP.Optional.UnFriendChecker) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Unfriend Checker\FF\chrome\content\icon.png (PUP.Optional.UnFriendChecker) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Unfriend Checker\FF\chrome\content\overlay.xul (PUP.Optional.UnFriendChecker) -> Quarantined and deleted successfully.
C:\ProgramData\Updater\updater.exe (Trojan.Agent) -> Delete on reboot.
 
(end)

#28 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 26 December 2013 - 06:26 AM

Good job!!  When you get the ESET log please post that as well and let me know how your system is running.   :)


Posted Image
 
 

#29 flyforever01

flyforever01

    Authentic Member

  • Authentic Member
  • PipPip
  • 22 posts

Posted 26 December 2013 - 07:27 PM

Here is the ESET Scan Log:

 

C:\AdwCleaner\Quarantine\C\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher32.exe.vir Win32/AdWare.Adpeak.B application
C:\AdwCleaner\Quarantine\C\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe.vir Win64/Adware.Adpeak.B application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Inbox Toolbar\FF_Install.cab.vir multiple threats
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Level Quality Watcher\LevelQualityWatcher64.exe.vir a variant of Win64/Adware.Adpeak.B application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\ExpressInvoice\expressinvoice.exe.vir a variant of Win32/Bundled.Toolbar.Google.C application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\ExpressInvoice\expressinvoicesetup_v3.87.exe.vir a variant of Win32/Bundled.Toolbar.Google.C application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\Scribe\scribe.exe.vir a variant of Win32/Bundled.Toolbar.Google.C application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\Scribe\scribesetup_v5.59.exe.vir a variant of Win32/Bundled.Toolbar.Google.C application
C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll.vir a variant of Win32/Adware.Yontoo.B application
C:\ProgramData\Updater\Uninstall.exe a variant of Win32/ExFriendAlert.B application
C:\Qoobox\Quarantine\C\Program Files (x86)\DealPly\DealPly.crx.vir Win32/DealPly.E application
C:\Qoobox\Quarantine\C\Program Files (x86)\DealPly\DealPly.xpi.vir Win32/DealPly.J application
C:\Qoobox\Quarantine\C\Program Files (x86)\ScorpionSaver\CustomActionInstall.vir a variant of Win32/AdWare.Adpeak.B application
C:\Qoobox\Quarantine\C\Program Files (x86)\ScorpionSaver\IECore.dll.vir a variant of Win32/AdWare.Adpeak.B application
C:\Users\All Users\Updater\Uninstall.exe a variant of Win32/ExFriendAlert.B application
C:\Users\Sierra Larson\Downloads\Adobe-Reader_Allmyapps.exe a variant of Win32/InstallCore.BH application
C:\Users\Sierra Larson\Downloads\Codec-C.exe Win32/InstallMate application
C:\Users\Sierra Larson\Downloads\Codec-V (1).exe Win32/InstallMate.A application
C:\Users\Sierra Larson\Downloads\Codec-V (2).exe Win32/InstallMate.A application
C:\Users\Sierra Larson\Downloads\Codec-V.exe Win32/InstallMate.A application
C:\Users\Sierra Larson\Downloads\essetup (1).exe a variant of Win32/Bundled.Toolbar.Google.C application
C:\Users\Sierra Larson\Downloads\essetup (2).exe a variant of Win32/Bundled.Toolbar.Google.C application
C:\Users\Sierra Larson\Downloads\essetup (3).exe a variant of Win32/Bundled.Toolbar.Google.C application
C:\Users\Sierra Larson\Downloads\essetup (4).exe a variant of Win32/Bundled.Toolbar.Google.C application
C:\Users\Sierra Larson\Downloads\essetup.exe a variant of Win32/Bundled.Toolbar.Google.C application
C:\Users\Sierra Larson\Downloads\thelogocreator-setup.exe Win32/DownloadAdmin.G application
C:\Users\Sierra Larson\Downloads\ZipOpenerSetup.exe a variant of Win32/InstallCore.D application
C:\Windows\Installer\MSI66B5.tmp a variant of Win64/Adware.Adpeak.B application

#30 flyforever01

flyforever01

    Authentic Member

  • Authentic Member
  • PipPip
  • 22 posts

Posted 26 December 2013 - 07:27 PM

Here is the ESET Scan Log:

 

C:\AdwCleaner\Quarantine\C\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher32.exe.vir Win32/AdWare.Adpeak.B application
C:\AdwCleaner\Quarantine\C\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe.vir Win64/Adware.Adpeak.B application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Inbox Toolbar\FF_Install.cab.vir multiple threats
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Level Quality Watcher\LevelQualityWatcher64.exe.vir a variant of Win64/Adware.Adpeak.B application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\ExpressInvoice\expressinvoice.exe.vir a variant of Win32/Bundled.Toolbar.Google.C application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\ExpressInvoice\expressinvoicesetup_v3.87.exe.vir a variant of Win32/Bundled.Toolbar.Google.C application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\Scribe\scribe.exe.vir a variant of Win32/Bundled.Toolbar.Google.C application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\Scribe\scribesetup_v5.59.exe.vir a variant of Win32/Bundled.Toolbar.Google.C application
C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll.vir a variant of Win32/Adware.Yontoo.B application
C:\ProgramData\Updater\Uninstall.exe a variant of Win32/ExFriendAlert.B application
C:\Qoobox\Quarantine\C\Program Files (x86)\DealPly\DealPly.crx.vir Win32/DealPly.E application
C:\Qoobox\Quarantine\C\Program Files (x86)\DealPly\DealPly.xpi.vir Win32/DealPly.J application
C:\Qoobox\Quarantine\C\Program Files (x86)\ScorpionSaver\CustomActionInstall.vir a variant of Win32/AdWare.Adpeak.B application
C:\Qoobox\Quarantine\C\Program Files (x86)\ScorpionSaver\IECore.dll.vir a variant of Win32/AdWare.Adpeak.B application
C:\Users\All Users\Updater\Uninstall.exe a variant of Win32/ExFriendAlert.B application
C:\Users\Sierra Larson\Downloads\Adobe-Reader_Allmyapps.exe a variant of Win32/InstallCore.BH application
C:\Users\Sierra Larson\Downloads\Codec-C.exe Win32/InstallMate application
C:\Users\Sierra Larson\Downloads\Codec-V (1).exe Win32/InstallMate.A application
C:\Users\Sierra Larson\Downloads\Codec-V (2).exe Win32/InstallMate.A application
C:\Users\Sierra Larson\Downloads\Codec-V.exe Win32/InstallMate.A application
C:\Users\Sierra Larson\Downloads\essetup (1).exe a variant of Win32/Bundled.Toolbar.Google.C application
C:\Users\Sierra Larson\Downloads\essetup (2).exe a variant of Win32/Bundled.Toolbar.Google.C application
C:\Users\Sierra Larson\Downloads\essetup (3).exe a variant of Win32/Bundled.Toolbar.Google.C application
C:\Users\Sierra Larson\Downloads\essetup (4).exe a variant of Win32/Bundled.Toolbar.Google.C application
C:\Users\Sierra Larson\Downloads\essetup.exe a variant of Win32/Bundled.Toolbar.Google.C application
C:\Users\Sierra Larson\Downloads\thelogocreator-setup.exe Win32/DownloadAdmin.G application
C:\Users\Sierra Larson\Downloads\ZipOpenerSetup.exe a variant of Win32/InstallCore.D application
C:\Windows\Installer\MSI66B5.tmp a variant of Win64/Adware.Adpeak.B application

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

Also tagged with one or more of these keywords: scorpion savermalwarevirus, PUP, removal, adware, Adpeak, help

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·