Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Split from: Scorpion Saver Virus


  • Please log in to reply
1 reply to this topic

#1 Elpunzon

Elpunzon

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:42 PM

Posted 05 December 2013 - 08:50 PM

Split from: http://www.bleepingcomputer.com/forums/t/516322 ~Budapest

Results of screen317's Security Check version 0.99.77  
 Windows Vista Service Pack 2 x64 (UAC is enabled)  
 Internet Explorer 9  
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 45  
 Adobe Flash Player 11.9.900.117  
 Adobe Reader 10.1.8 Adobe Reader out of Date!
 Mozilla Firefox (Firefox.) 
 Google Chrome 31.0.1650.57  
 Google Chrome 31.0.1650.63  
 Google Chrome plugins...  
````````Process Check: objlist.exe by Laurent````````
 Norton ccSvcHst.exe 
 Norton AntiVirus Engine 19.9.1.14 ccSvcHst.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 1 % 
````````````````````End of Log``````````````````````
 
 
Farbar Service Scanner Version: 05-12-2013
Ran by Kathy (administrator) on 05-12-2013 at 18:52:53
Running from "C:\Users\Kathy\Downloads"
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Security Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
 
 
Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcsvc.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2013-11-14 18:45] - [2013-09-03 19:31] - 0404992 ____A (Microsoft Corporation) 2BA159E1F9FD75F6A496742B20F1D9CF
 
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
 
 
**** End of log ****
 
 
 

 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : isatap.{BC58A921-694C-46B4-BEA2-E005F6592F61}
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Local Area Connection* 7:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 02-00-54-55-4E-01
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fd:143d:279a:3f57:fffd(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::143d:279a:3f57:fffd%11(Preferred) 
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  UnKnown
Address:  192.168.0.1
 
Name:    google.com
Addresses:  2607:f8b0:400f:801::1003
 74.125.225.200
 74.125.225.198
 74.125.225.194
 74.125.225.201
 74.125.225.196
 74.125.225.195
 74.125.225.193
 74.125.225.197
 74.125.225.192
 74.125.225.206
 74.125.225.199
 
 
 
Pinging google.com [74.125.225.201] with 32 bytes of data:
 
Reply from 74.125.225.201: bytes=32 time=51ms TTL=57
 
Reply from 74.125.225.201: bytes=32 time=51ms TTL=57
 
 
 
Ping statistics for 74.125.225.201:
 
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
 
Approximate round trip times in milli-seconds:
 
    Minimum = 51ms, Maximum = 51ms, Average = 51ms
 
Server:  UnKnown
Address:  192.168.0.1
 
Name:    yahoo.com
Addresses:  206.190.36.45
 98.139.183.24
 98.138.253.109
 
 
 
Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
 
Reply from 206.190.36.45: bytes=32 time=83ms TTL=51
 
Reply from 206.190.36.45: bytes=32 time=138ms TTL=51
 
 
 
Ping statistics for 206.190.36.45:
 
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
 
Approximate round trip times in milli-seconds:
 
    Minimum = 83ms, Maximum = 138ms, Average = 110ms
 
 
 
Pinging 127.0.0.1 with 32 bytes of data:
 
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
 
 
Ping statistics for 127.0.0.1:
 
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
 
Approximate round trip times in milli-seconds:
 
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
 
===========================================================================
Interface List
 10 ...00 22 15 fb a8 88 ...... Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller
  1 ........................... Software Loopback Interface 1
 12 ...00 00 00 00 00 00 00 e0  isatap.{BC58A921-694C-46B4-BEA2-E005F6592F61}
 11 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1      192.168.0.2     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.0.0    255.255.255.0         On-link       192.168.0.2    276
      192.168.0.2  255.255.255.255         On-link       192.168.0.2    276
    192.168.0.255  255.255.255.255         On-link       192.168.0.2    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.0.2    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.0.2    276
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 11     18 ::/0                     On-link
  1    306 ::1/128                  On-link
 11     18 2001::/32                On-link
 11    266 2001:0:5ef5:79fd:143d:279a:3f57:fffd/128
                                    On-link
 10    276 fe80::/64                On-link
 11    266 fe80::/64                On-link
 11    266 fe80::143d:279a:3f57:fffd/128
                                    On-link
 10    276 fe80::c10d:b70b:be9e:8217/128
                                    On-link
  1    306 ff00::/8                 On-link
 11    266 ff00::/8                 On-link
 10    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [61440] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [62976] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [27648] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (12/05/2013 06:05:40 PM) (Source: MatSvc) (User: )
Description: A piece of uploaded data has been rejected by the server. hr=0xC004F01F
 
Error: (12/05/2013 06:05:40 PM) (Source: MatSvc) (User: )
Description: The MATS service encountered a web service failure. hr=0xC004F01F
 
Error: (12/05/2013 06:05:15 PM) (Source: MatSvc) (User: )
Description: The scheduled MATS task encountered a failure when collecting configuration data. hr=0x80070005
.
 
Error: (12/04/2013 11:23:03 PM) (Source: MsiInstaller) (User: Kathy-PC)
Description: Product: ScorpionSaver -- Error 1404. Could not delete key \Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID.  System error .  Verify that you have sufficient access to that key, or contact your support personnel.
 
Error: (12/04/2013 11:18:14 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/04/2013 09:07:49 PM) (Source: MsiInstaller) (User: Kathy-PC)
Description: Product: ScorpionSaver -- Error 1404. Could not delete key \Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID.  System error .  Verify that you have sufficient access to that key, or contact your support personnel.
 
Error: (12/04/2013 09:07:48 PM) (Source: MsiInstaller) (User: Kathy-PC)
Description: Product: ScorpionSaver -- Error 1404. Could not delete key \Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID.  System error .  Verify that you have sufficient access to that key, or contact your support personnel.
 
Error: (12/04/2013 09:03:57 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/04/2013 08:55:40 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16520, time stamp 0x525a68d9, faulting module IECore.dll, version 0.0.0.0, time stamp 0x527be1d6, exception code 0xc0000005, fault offset 0x000015e5,
process id 0x202c, application start time 0xiexplore.exe0.
 
Error: (12/04/2013 08:55:13 PM) (Source: MsiInstaller) (User: Kathy-PC)
Description: Product: ScorpionSaver -- Error 1404. Could not delete key \Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Ext.  System error .  Verify that you have sufficient access to that key, or contact your support personnel.
 
 
System errors:
=============
Error: (12/04/2013 09:13:45 PM) (Source: DCOM) (User: Kathy-PC)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Kathy-PCKathyS-1-5-21-3320236135-890788218-3327287523-1000LocalHost (Using LRPC)
 
Error: (12/04/2013 09:05:14 PM) (Source: DCOM) (User: Kathy-PC)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Kathy-PCKathyS-1-5-21-3320236135-890788218-3327287523-1000LocalHost (Using LRPC)
 
Error: (12/04/2013 09:00:47 PM) (Source: Service Control Manager) (User: )
Description: 30000NAV
 
Error: (12/04/2013 08:55:24 PM) (Source: DCOM) (User: Kathy-PC)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Kathy-PCKathyS-1-5-21-3320236135-890788218-3327287523-1000LocalHost (Using LRPC)
 
Error: (12/04/2013 08:54:21 PM) (Source: DCOM) (User: Kathy-PC)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Kathy-PCKathyS-1-5-21-3320236135-890788218-3327287523-1000LocalHost (Using LRPC)
 
Error: (12/04/2013 08:53:46 PM) (Source: Service Control Manager) (User: )
Description: AdpeakProxy1
 
Error: (12/04/2013 08:51:15 PM) (Source: DCOM) (User: Kathy-PC)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Kathy-PCKathyS-1-5-21-3320236135-890788218-3327287523-1000LocalHost (Using LRPC)
 
Error: (12/04/2013 07:38:54 PM) (Source: DCOM) (User: Kathy-PC)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Kathy-PCKathyS-1-5-21-3320236135-890788218-3327287523-1000LocalHost (Using LRPC)
 
Error: (12/04/2013 07:38:22 PM) (Source: DCOM) (User: Kathy-PC)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Kathy-PCKathyS-1-5-21-3320236135-890788218-3327287523-1000LocalHost (Using LRPC)
 
Error: (12/04/2013 07:36:49 PM) (Source: DCOM) (User: Kathy-PC)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Kathy-PCKathyS-1-5-21-3320236135-890788218-3327287523-1000LocalHost (Using LRPC)
 
 
Microsoft Office Sessions:
=========================
Error: (12/05/2013 06:05:40 PM) (Source: MatSvc)(User: )
Description: hr=0xC004F01Fdda435fa-6e05-4dbf-80fe-c4ebe882e798.321
 
Error: (12/05/2013 06:05:40 PM) (Source: MatSvc)(User: )
Description: hr=0xC004F01FIDataUploadService::UploadResultERROR_UPLOAD_LIMIT_EXCEEDED
 
Error: (12/05/2013 06:05:15 PM) (Source: MatSvc)(User: )
Description: hr=0x80070005
 
Error: (12/04/2013 11:23:03 PM) (Source: MsiInstaller)(User: Kathy-PC)
Description: Product: ScorpionSaver -- Error 1404. Could not delete key \Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID.  System error .  Verify that you have sufficient access to that key, or contact your support personnel. (NULL)(NULL)(NULL)(NULL)
 
Error: (12/04/2013 11:18:14 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/04/2013 09:07:49 PM) (Source: MsiInstaller)(User: Kathy-PC)
Description: Product: ScorpionSaver -- Error 1404. Could not delete key \Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID.  System error .  Verify that you have sufficient access to that key, or contact your support personnel. (NULL)(NULL)(NULL)(NULL)
 
Error: (12/04/2013 09:07:48 PM) (Source: MsiInstaller)(User: Kathy-PC)
Description: Product: ScorpionSaver -- Error 1404. Could not delete key \Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID.  System error .  Verify that you have sufficient access to that key, or contact your support personnel. (NULL)(NULL)(NULL)(NULL)
 
Error: (12/04/2013 09:03:57 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/04/2013 08:55:40 PM) (Source: Application Error)(User: )
Description: iexplore.exe9.0.8112.16520525a68d9IECore.dll0.0.0.0527be1d6c0000005000015e5202c01cef16dd50a250e
 
Error: (12/04/2013 08:55:13 PM) (Source: MsiInstaller)(User: Kathy-PC)
Description: Product: ScorpionSaver -- Error 1404. Could not delete key \Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Ext.  System error .  Verify that you have sufficient access to that key, or contact your support personnel. (NULL)(NULL)(NULL)(NULL)
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-12-04 21:28:24.484
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\BASHDefs\20131203.001\BHDrvx64.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-12-04 21:28:24.221
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\BASHDefs\20131203.001\BHDrvx64.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-12-04 21:28:23.958
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\BASHDefs\20131203.001\BHDrvx64.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-12-04 21:28:23.690
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\BASHDefs\20131203.001\BHDrvx64.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-12-04 21:28:23.380
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\BASHDefs\20131203.001\BHDrvx64.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-12-04 21:28:23.101
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.0.145\Definitions\BASHDefs\20131203.001\BHDrvx64.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-06-04 18:40:53.298
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Microsoft Security Client\Drivers\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-06-04 18:40:53.142
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Microsoft Security Client\Drivers\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-06-04 18:40:53.017
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Microsoft Security Client\Drivers\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-06-04 18:40:52.861
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Microsoft Security Client\Drivers\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
 
 
=========================== Installed Programs ============================
 
Adobe Connect Add-in
aioprnt (Version: 5.3.1.0)
Apple Mobile Device Support (Version: 6.1.0.13)
Bonjour (Version: 3.0.0.10)
FoxTab PDF Converter
Google Chrome (Version: 31.0.1650.63)
iTunes (Version: 11.0.2.26)
Java™ 6 Update 14 (64-bit) (Version: 6.0.140)
Kodak AIO Printer (Version: 7.0.3.0)
LoanAce (Version: 5.3.2.5)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Automated Troubleshooting Services Shim
Microsoft Fix it Center (Version: 1.0.0080)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
NVIDIA 3D Vision Controller Driver 314.07 (Version: 314.07)
NVIDIA Control Panel 314.07 (Version: 314.07)
NVIDIA Graphics Driver 314.07 (Version: 314.07)
NVIDIA Install Application (Version: 2.1002.109.706)
NVIDIA Update 1.12.12 (Version: 1.12.12)
NVIDIA Update Components (Version: 1.12.12)
PANTECH Handset USB Driver V2 (Version: 1.1.4583.1215)
PVSonyDll (Version: 1.00.0001)
Windows Live Family Safety (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Language Selector (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Yahoo! BrowserPlus 2.9.8
 
========================= Devices: ================================
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 65%
Total physical RAM: 4094.12 MB
Available physical RAM: 1428.96 MB
Total Pagefile: 10136.4 MB
Available Pagefile: 7597.05 MB
Total Virtual: 4095.88 MB
Available Virtual: 3996.67 MB
 
========================= Partitions: =====================================
 
2 Drive c: () (Fixed) (Total:596.17 GB) (Free:435.87 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\KATHY-PC
 
Administrator            Guest                    Kathy                    
UpdatusUser              
 
 
**** End of log ****

 

 

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.12.05.08
 
Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Kathy :: KATHY-PC [administrator]
 
Protection: Disabled
 
12/5/2013 7:06:38 PM
mbam-log-2013-12-05 (19-06-38).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 266481
Time elapsed: 7 minute(s), 32 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 4
C:\temp\InstallServices64.msi (PUP.Optional.Adpeak) -> Quarantined and deleted successfully.
C:\Users\Kathy\AppData\Local\Temp\AdpeakProxyr.log (PUP.Optional.AdpeakProxy) -> Quarantined and deleted successfully.
C:\Windows\Temp\AdpeakProxy.log (PUP.Optional.AdpeakProxy) -> Quarantined and deleted successfully.
C:\Windows\Temp\AdpeakProxyr.log (PUP.Optional.AdpeakProxy) -> Quarantined and deleted successfully.
 
(end)

Malwarebytes Anti-Malware (Trial) 1.75.0.1300

www.malwarebytes.org

 

Database version: v2013.12.05.08

 

Windows Vista Service Pack 2 x64 NTFS

Internet Explorer 9.0.8112.16421

Kathy :: KATHY-PC [administrator]

 

Protection: Disabled

 

12/5/2013 7:06:38 PM

mbam-log-2013-12-05 (19-06-38).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 266481

Time elapsed: 7 minute(s), 32 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 4

C:\temp\InstallServices64.msi (PUP.Optional.Adpeak) -> Quarantined and deleted successfully.

C:\Users\Kathy\AppData\Local\Temp\AdpeakProxyr.log (PUP.Optional.AdpeakProxy) -> Quarantined and deleted successfully.

C:\Windows\Temp\AdpeakProxy.log (PUP.Optional.AdpeakProxy) -> Quarantined and deleted successfully.

C:\Windows\Temp\AdpeakProxyr.log (PUP.Optional.AdpeakProxy) -> Quarantined and deleted successfully.

 

(end)

 

EDIT moved content from deleted post to this topic... boopme


Edited by boopme, 05 December 2013 - 09:54 PM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:42 PM

Posted 05 December 2013 - 10:02 PM

Hello, stay with this topic
 
Run these and tell me how it is..
 
Look in Control panel// Remove Programs for anything scorpion and remove it.
 
Look in your add ons to disable or delete it there also.
 
How to Disable Add-ons/Extensions in Internet Explorer, Firefox and Google Chrome



ADW Cleaner

Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
    <-insert any special instructions here for what to uncheck OR remove this line if there are none->
  • This time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • .
    .
    .

    thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users