Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

scorpion virus


  • Please log in to reply
11 replies to this topic

#1 jmrsp

jmrsp

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:54 PM

Posted 28 December 2013 - 08:09 PM

my brothers computer became infected with the scorpion virus. i followed the instructions on bleeping computer to remove this virus, and it seemed to work successfully. there was evidence of the virus, and i afterwards i scanned the computer twice, once with malwarebytes and the other with super antivirus spyware (both free versions). however, today the virus is back. could the virus have somehow evaded my actions or is the only way for the virus to return is through piggybacking onto a download from the web?



BC AdBot (Login to Remove)

 


#2 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:06:54 PM

Posted 29 December 2013 - 12:05 AM

:welcome: to BC Forums, jmrsp!


:step1: If you will, please use the following diagnostic tool. It has a powerful detection mechanism, and may help us get to the cause of your issues:

Please use the Farbar Recovery Scan Tool
Download > http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/
Select the version that applies to your system.
Save it to your Desktop.
Double-click the downloaded file to run it.

When the tool opens click Yes to the disclaimer.
At the program's console, press the Scan button.

When done, the tool makes a log (FRST.txt) in the same directory from which the tool is run (Desktop).
>> Please provide the FRST.txt in your reply.

The first time the tool is run, it also makes another log: Addition.txt
>> Also post the Addition.txt in your reply.



:step1: Next, since ScorpionSaver/Adpeak uses a service to run, let's also get a list of started services using the Command Prompt...

Please do the following:
Go to Start > All Programs > Accessories > Command Prompt
Right-click the Command Prompt and select: Run as Administrator
At the Command Prompt window, copy/paste the following text inside the code box, and press: Enter


net start
To copy the text contained/produced in the Command Prompt, click on the small command icon in the top left corner, and then choose:
Edit > Select All
Once again, Edit > Copy
Next, open Notepad, and paste the text to it.

>> Please post the text in your reply.

To close the Command Prompt, use the [X], or type in: exit Press: Enter

Old duck...


#3 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:06:54 PM

Posted 29 December 2013 - 11:42 PM

Also, please use the tool Zoek:
Download > http://hijackthis.nl/smeenk/

 

If your AntiVirus warns you about the program, either allow Zoek to run, or temporarily disable your AV program.
Info on how to disable your security applications > http://www.bleepingcomputer.com/forums/topic114351.html

 

Double-click zoek.exe to start the program. (Give it a few seconds to appear.)

Next, copy and then paste the entire script in the code box below to the input field of Zoek:

createsrpoint;
process;
filesrcm;
startupall;
installedprogs;
installer-list;
uninstall-list;
hijackthis;
firefoxlook;
chromelook; 
srinfo;
DIR /S /A:L "%systemdrive%\*">>"%temp%\log.txt";b

Note: This script is written only for usage on this computer. Please do not use it on another computer even if the problems are similar!

 

Now...

  • Close any open browsers.
  • Click the Run script button and wait. It takes a few minutes to run all the script.
  • If a reboot is needed the log is opened after the reboot.
  • When finished, the zoek-results.log is opened in Notepad.
  • The log is also found on the systemdrive, normally C:\

>> Please post the zoek-results.log in your reply.

 


Old duck...


#4 jmrsp

jmrsp
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:54 PM

Posted 30 December 2013 - 12:03 AM

:welcome: to BC Forums, jmrsp!


:step1: If you will, please use the following diagnostic tool. It has a powerful detection mechanism, and may help us get to the cause of your issues:

Please use the Farbar Recovery Scan Tool
Download > http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/
Select the version that applies to your system.
Save it to your Desktop.
Double-click the downloaded file to run it.

When the tool opens click Yes to the disclaimer.
At the program's console, press the Scan button.

When done, the tool makes a log (FRST.txt) in the same directory from which the tool is run (Desktop).
>> Please provide the FRST.txt in your reply.

The first time the tool is run, it also makes another log: Addition.txt
>> Also post the Addition.txt in your reply.



:step1: Next, since ScorpionSaver/Adpeak uses a service to run, let's also get a list of started services using the Command Prompt...

Please do the following:
Go to Start > All Programs > Accessories > Command Prompt
Right-click the Command Prompt and select: Run as Administrator
At the Command Prompt window, copy/paste the following text inside the code box, and press: Enter

 

net start
To copy the text contained/produced in the Command Prompt, click on the small command icon in the top left corner, and then choose:
Edit > Select All
Once again, Edit > Copy
Next, open Notepad, and paste the text to it.

>> Please post the text in your reply.

To close the Command Prompt, use the [X], or type in: exit Press: Enter

 

thanks. i'll try it.



#5 jmrsp

jmrsp
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:54 PM

Posted 30 December 2013 - 12:14 AM

aaflac

 

thanks for your replies. please clarify though. are you recommending that i use farber scan tool, then zoek sequentially? 

 

also, i know little about coding, but in the code you wrote for zoek there seems to be reference to firefox browser. if so, does it matter that my brother is using internet explorer as his browser?



#6 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:06:54 PM

Posted 30 December 2013 - 12:19 AM

are you recommending that i use farber scan tool, then zoek sequentially? 

 

Each tool has something different to contribute. It will increase our chances of locating Adpeak ScorpionSaver.

 

... in the code you wrote for zoek there seems to be reference to firefox browser. if so, does it matter that my brother is using internet explorer as his browser?

 

If FireFox is not used, or installed, there will be nothing to report.

That is no problem.


Old duck...


#7 jmrsp

jmrsp
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:54 PM

Posted 01 January 2014 - 06:49 PM

i ran the farbar scanning tool and tried to run zoek, but had problems. i downloaded the zoek zip file (couldn't download the rar file), extracted the files and got the notepad screen and zoek screen on my monitor. but the zoek screen was locked i could not paste anything into it (and none of the links worked). so i downloaded zoek again with the same results. suggestions?



#8 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:06:54 PM

Posted 01 January 2014 - 11:00 PM

No problem whatsoever using the .zip version...

Did you save it, like to the Desktop, right=click the .zip file and select Extract to zoek\ on the Desktop?
In the Zoek folder, you double-click the Zoek.exe --> Application

If still no go, for now, please post the results of the Farbar Recovery Scan Tool: FRST.txt and Addition.txt

Edited by Aaflac, 01 January 2014 - 11:05 PM.

Old duck...


#9 jmrsp

jmrsp
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:54 PM

Posted 02 January 2014 - 02:50 PM

i was not able to save to the desktop, so i just ran it and saved results.

 

farbar (frst.txt): (additions.txt follows)

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-01-2014 01
Ran by John (ATTENTION: The logged in user is not administrator) on NOAHPC on 01-01-2014 15:39:23
Running from C:\Users\John\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_11_9_900_170_ActiveX.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [Search Protection] - C:\ProgramData\Search Protection\SearchProtection.exe
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
HKLM-x32\...\Runonce: [SpUninstallCleanUp] - REG delete HKEY_LOCAL_MACHINE\Software\SearchProtect /f [x]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [RoboForm] - "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
HKCU\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6563096 2013-12-19] (SUPERAntiSpyware)
AppInit_DLLs: C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL [ ] ()
AppInit_DLLs-x32: c:\progra~2\optimi~1\optpro~1.dll [ ] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x5A300791EA62CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: HKLM-x32 - (No Name) - {3fd4b98c-4dce-43de-99f9-7f8c8cbfd625} - No File
SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldstr&cd=2XzuyEtN2Y1L1QzuzyyEyEyEyDtByD0BtA0CtDtAtB0DyDyDtN0D0Tzu0SyCzyyEtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=671200449&ir=
SearchScopes: HKLM-x32 - DefaultScope {E01BF3E9-12C7-43C0-AD18-9A3122B227EF} URL =
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKCU - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL =
SearchScopes: HKCU - {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL =
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: mysearchdial Helper Object - {EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD} - C:\Program Files (x86)\Mysearchdial\1.8.21.0\bh\mysearchdial.dll (Ironsource Israel (2011) LTD)
Toolbar: HKLM-x32 - mysearchdial Toolbar - {3004627E-F8E9-4E8B-909D-316753CBA923} - C:\Program Files (x86)\Mysearchdial\1.8.21.0\mysearchdialTlbr.dll (Ironsource Israel (2011) LTD)
Toolbar: HKLM-x32 - No Name - {3fd4b98c-4dce-43de-99f9-7f8c8cbfd625} -  No File
Toolbar: HKCU - No Name - {3FD4B98C-4DCE-43DE-99F9-7F8C8CBFD625} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog9 01 C:\Windows\SysWOW64\AdpeakProxy.dll [338944] (Adpeak, Inc.)
Winsock: Catalog9 02 C:\Windows\SysWOW64\AdpeakProxy.dll [338944] (Adpeak, Inc.)
Winsock: Catalog9 03 C:\Windows\SysWOW64\AdpeakProxy.dll [338944] (Adpeak, Inc.)
Winsock: Catalog9 04 C:\Windows\SysWOW64\AdpeakProxy.dll [338944] (Adpeak, Inc.)
Winsock: Catalog9 15 C:\Windows\SysWOW64\AdpeakProxy.dll [338944] (Adpeak, Inc.)
Winsock: Catalog9-x64 01 C:\Windows\system32\AdpeakProxy64.dll [439296] (Adpeak, Inc.)
Winsock: Catalog9-x64 02 C:\Windows\system32\AdpeakProxy64.dll [439296] (Adpeak, Inc.)
Winsock: Catalog9-x64 03 C:\Windows\system32\AdpeakProxy64.dll [439296] (Adpeak, Inc.)
Winsock: Catalog9-x64 04 C:\Windows\system32\AdpeakProxy64.dll [439296] (Adpeak, Inc.)
Winsock: Catalog9-x64 15 C:\Windows\system32\AdpeakProxy64.dll [439296] (Adpeak, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com)
R2 AdpeakProxy; C:\Program Files\ScorpionSaver Services\AdpeakProxy.exe [3688448 2013-10-16] (Adpeak, Inc.)
S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [38440 2013-09-19] (Just Develop It)
R2 Level Quality Watcher; C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe [513528 2013-12-10] ()
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 Skype C2C Service; "C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe" [x]

==================== Drivers (Whitelisted) ====================

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 hlnfd; system32\drivers\hlnfd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-01 15:39 - 2014-01-01 15:41 - 00008324 _____ C:\Users\John\Downloads\FRST.txt
2014-01-01 15:38 - 2014-01-01 15:38 - 00000000 ____D C:\FRST
2014-01-01 15:35 - 2014-01-01 15:38 - 01931426 _____ (Farbar) C:\Users\John\Downloads\FRST64.exe
2013-12-28 10:38 - 2013-12-28 10:38 - 00000000 ____D C:\Program Files\ScorpionSaver Services
2013-12-27 23:10 - 2013-12-27 23:10 - 00000552 _____ C:\Users\John\Downloads\wext.asx
2013-12-27 22:53 - 2014-01-01 06:53 - 00000508 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 47f8eea3-c6bc-4a2f-863b-ccb4fe62bd38.job
2013-12-27 22:53 - 2014-01-01 02:00 - 00000508 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task d50a7bda-7bd0-4385-a67c-47fa9d04d758.job
2013-12-27 22:52 - 2013-12-27 22:52 - 00001810 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2013-12-27 22:52 - 2013-12-27 22:52 - 00000000 ____D C:\Users\John\AppData\Roaming\SUPERAntiSpyware.com
2013-12-27 22:52 - 2013-12-27 22:52 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2013-12-27 22:52 - 2013-12-27 22:52 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-12-27 22:51 - 2013-12-27 22:51 - 29232496 _____ (SUPERAntiSpyware) C:\Users\John\Downloads\SUPERAntiSpyware.exe
2013-12-27 20:17 - 2013-12-28 17:05 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2013-12-27 20:16 - 2013-12-27 20:16 - 24097311 _____ C:\Users\John\Downloads\vlc-2.1.2-win32 (1).exe
2013-12-27 20:11 - 2013-12-27 20:12 - 24097311 _____ C:\Users\John\Downloads\vlc-2.1.2-win32.exe
2013-12-27 20:08 - 2013-12-27 20:08 - 00026448 _____ C:\Windows\diagwrn.xml
2013-12-27 20:08 - 2013-12-27 20:08 - 00001908 _____ C:\Windows\diagerr.xml
2013-12-27 19:59 - 2013-12-27 19:59 - 00637440 _____ C:\Users\John\Documents\Untitled Document.wps
2013-12-27 19:56 - 2013-12-27 19:59 - 00000106 _____ C:\Users\John\AppData\Roaming\wklnhst.dat
2013-12-27 19:56 - 2013-12-27 19:56 - 00000000 ____D C:\Users\John\AppData\Roaming\Template
2013-12-27 19:55 - 2013-12-28 03:05 - 00001137 _____ C:\Users\Public\Desktop\Microsoft Works.lnk
2013-12-27 19:55 - 2013-12-27 19:55 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2013-12-27 19:53 - 2013-12-28 03:05 - 00000000 ____D C:\Program Files (x86)\Microsoft Works
2013-12-27 19:25 - 2013-12-27 19:25 - 00001077 _____ C:\Users\John\Documents\Documents - Shortcut.lnk
2013-12-27 06:19 - 2013-12-27 06:20 - 00000000 ____D C:\Users\John\AppData\Local\adawarebp
2013-12-26 05:54 - 2013-10-16 10:18 - 00439296 _____ (Adpeak, Inc.) C:\Windows\system32\AdpeakProxy64.dll
2013-12-26 05:54 - 2013-10-16 10:18 - 00338944 _____ (Adpeak, Inc.) C:\Windows\SysWOW64\AdpeakProxy.dll
2013-12-25 18:51 - 2013-12-25 18:51 - 00000000 ____D C:\Users\John\AppData\Roaming\Lavasoft
2013-12-25 16:31 - 2013-12-25 16:31 - 00000000 ____D C:\ProgramData\Ad-Aware Browsing Protection
2013-12-25 16:30 - 2013-12-27 18:59 - 00000000 ____D C:\Program Files (x86)\Lavasoft
2013-12-25 16:29 - 2013-12-25 16:29 - 00000000 ____D C:\ProgramData\Lavasoft
2013-12-25 16:28 - 2013-12-25 16:29 - 01725064 _____ C:\Users\John\Downloads\Adaware_Installer.exe
2013-12-25 16:18 - 2013-12-25 16:18 - 00001111 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-25 16:18 - 2013-12-25 16:18 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-25 16:18 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-12-25 16:17 - 2013-12-25 16:17 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\John\Downloads\mbam-setup-1.75.0.1300 (1).exe
2013-12-25 11:00 - 2013-12-25 11:00 - 00000000 ____D C:\Users\John\AppData\Roaming\Malwarebytes
2013-12-25 10:57 - 2013-12-25 10:57 - 00000009 _____ C:\END
2013-12-25 10:57 - 2013-12-25 10:57 - 00000000 ____D C:\ProgramData\Conduit
2013-12-25 10:57 - 2013-12-25 10:57 - 00000000 ____D C:\Program Files (x86)\ConnectSo_V1
2013-12-25 10:57 - 2013-12-25 10:57 - 00000000 ____D C:\Program Files (x86)\Conduit
2013-12-25 10:50 - 2014-01-01 15:28 - 00002104 _____ C:\Windows\Tasks\Plus-HD-4.8-firefoxinstaller.job
2013-12-25 10:50 - 2014-01-01 15:28 - 00001974 _____ C:\Windows\Tasks\Plus-HD-4.8-chromeinstaller.job
2013-12-25 10:50 - 2014-01-01 15:28 - 00001328 _____ C:\Windows\Tasks\Plus-HD-4.8-updater.job
2013-12-25 10:50 - 2014-01-01 15:28 - 00001230 _____ C:\Windows\Tasks\Plus-HD-4.8-codedownloader.job
2013-12-25 10:50 - 2014-01-01 15:28 - 00001130 _____ C:\Windows\Tasks\Plus-HD-4.8-enabler.job
2013-12-25 10:50 - 2013-12-27 22:40 - 00000000 ____D C:\Users\John\AppData\Local\VisualBeeExe
2013-12-25 10:49 - 2013-12-25 10:50 - 00000000 ____D C:\ProgramData\VisualBee
2013-12-25 10:49 - 2013-12-25 10:49 - 00000000 ____D C:\Program Files\Level Quality Watcher
2013-12-25 10:40 - 2014-01-01 12:04 - 00000270 _____ C:\Windows\Tasks\GreatArcadeHits.job
2013-12-25 10:40 - 2013-12-25 10:40 - 00178024 _____ (Rapiddown) C:\Users\John\Downloads\Windows Media Player.exe
2013-12-12 03:01 - 2013-11-26 04:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-12 03:01 - 2013-11-26 04:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-12 03:01 - 2013-11-26 03:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-12 03:01 - 2013-11-26 03:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-12 03:01 - 2013-11-26 03:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-12 03:01 - 2013-11-26 03:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-12 03:01 - 2013-11-26 03:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-12 03:01 - 2013-11-26 03:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-12 03:01 - 2013-11-26 03:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-12 03:01 - 2013-11-26 03:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-12 03:01 - 2013-11-26 02:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-12 03:01 - 2013-11-26 02:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-12 03:01 - 2013-11-26 02:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-12 03:00 - 2013-11-26 05:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-12 03:00 - 2013-11-26 04:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-12 03:00 - 2013-11-26 03:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-12 03:00 - 2013-11-26 03:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-12 03:00 - 2013-11-26 02:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-12 03:00 - 2013-11-26 02:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-12 03:00 - 2013-11-26 02:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-12 03:00 - 2013-11-26 02:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-12 03:00 - 2013-11-26 02:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-12 03:00 - 2013-11-26 01:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-12 03:00 - 2013-11-26 01:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-12 03:00 - 2013-11-26 01:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-12 03:00 - 2013-11-26 01:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-12 03:00 - 2013-11-26 00:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-12 03:00 - 2013-11-26 00:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-12 03:00 - 2013-11-26 00:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-12 03:00 - 2013-11-26 00:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-12 03:00 - 2013-11-26 00:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-12 01:36 - 2013-11-23 12:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-12 01:36 - 2013-11-23 11:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-12 01:36 - 2013-11-11 20:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-12 01:36 - 2013-11-11 20:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-12 01:36 - 2013-10-29 20:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-12 01:36 - 2013-10-29 20:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-12 01:36 - 2013-10-29 19:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-12 01:36 - 2013-10-18 20:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-12 01:36 - 2013-10-18 19:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-12 01:36 - 2013-10-11 20:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-12 01:36 - 2013-10-11 20:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-12 01:36 - 2013-10-11 20:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-12 01:36 - 2013-10-11 20:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-12 01:36 - 2013-10-11 19:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-12 01:36 - 2013-10-11 19:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-12 01:36 - 2013-10-11 19:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-12 01:36 - 2013-10-11 19:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-12 01:36 - 2013-10-03 20:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-12 01:36 - 2013-10-03 19:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys

==================== One Month Modified Files and Folders =======

2014-01-01 15:41 - 2014-01-01 15:39 - 00008324 _____ C:\Users\John\Downloads\FRST.txt
2014-01-01 15:41 - 2013-06-06 10:14 - 01236507 _____ C:\Windows\WindowsUpdate.log
2014-01-01 15:38 - 2014-01-01 15:38 - 00000000 ____D C:\FRST
2014-01-01 15:38 - 2014-01-01 15:35 - 01931426 _____ (Farbar) C:\Users\John\Downloads\FRST64.exe
2014-01-01 15:36 - 2009-07-13 22:45 - 00015136 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-01 15:36 - 2009-07-13 22:45 - 00015136 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-01 15:33 - 2009-07-13 23:13 - 00726316 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-01 15:28 - 2013-12-25 10:50 - 00002104 _____ C:\Windows\Tasks\Plus-HD-4.8-firefoxinstaller.job
2014-01-01 15:28 - 2013-12-25 10:50 - 00001974 _____ C:\Windows\Tasks\Plus-HD-4.8-chromeinstaller.job
2014-01-01 15:28 - 2013-12-25 10:50 - 00001328 _____ C:\Windows\Tasks\Plus-HD-4.8-updater.job
2014-01-01 15:28 - 2013-12-25 10:50 - 00001230 _____ C:\Windows\Tasks\Plus-HD-4.8-codedownloader.job
2014-01-01 15:28 - 2013-12-25 10:50 - 00001130 _____ C:\Windows\Tasks\Plus-HD-4.8-enabler.job
2014-01-01 15:28 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-01 15:28 - 2009-07-13 22:51 - 00012714 _____ C:\Windows\setupact.log
2014-01-01 14:19 - 2013-11-24 11:26 - 00000292 _____ C:\Windows\Tasks\UpdaterEX.job
2014-01-01 14:19 - 2013-11-24 11:25 - 00000292 _____ C:\Windows\Tasks\MySearchDial.job
2014-01-01 14:19 - 2013-06-07 09:21 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-01 12:04 - 2013-12-25 10:40 - 00000270 _____ C:\Windows\Tasks\GreatArcadeHits.job
2014-01-01 06:53 - 2013-12-27 22:53 - 00000508 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 47f8eea3-c6bc-4a2f-863b-ccb4fe62bd38.job
2014-01-01 02:00 - 2013-12-27 22:53 - 00000508 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task d50a7bda-7bd0-4385-a67c-47fa9d04d758.job
2013-12-28 17:05 - 2013-12-27 20:17 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2013-12-28 10:38 - 2013-12-28 10:38 - 00000000 ____D C:\Program Files\ScorpionSaver Services
2013-12-28 03:05 - 2013-12-27 19:55 - 00001137 _____ C:\Users\Public\Desktop\Microsoft Works.lnk
2013-12-28 03:05 - 2013-12-27 19:53 - 00000000 ____D C:\Program Files (x86)\Microsoft Works
2013-12-27 23:10 - 2013-12-27 23:10 - 00000552 _____ C:\Users\John\Downloads\wext.asx
2013-12-27 22:52 - 2013-12-27 22:52 - 00001810 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2013-12-27 22:52 - 2013-12-27 22:52 - 00000000 ____D C:\Users\John\AppData\Roaming\SUPERAntiSpyware.com
2013-12-27 22:52 - 2013-12-27 22:52 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2013-12-27 22:52 - 2013-12-27 22:52 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-12-27 22:51 - 2013-12-27 22:51 - 29232496 _____ (SUPERAntiSpyware) C:\Users\John\Downloads\SUPERAntiSpyware.exe
2013-12-27 22:40 - 2013-12-25 10:50 - 00000000 ____D C:\Users\John\AppData\Local\VisualBeeExe
2013-12-27 22:37 - 2009-07-13 22:45 - 00310432 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-27 20:16 - 2013-12-27 20:16 - 24097311 _____ C:\Users\John\Downloads\vlc-2.1.2-win32 (1).exe
2013-12-27 20:12 - 2013-12-27 20:11 - 24097311 _____ C:\Users\John\Downloads\vlc-2.1.2-win32.exe
2013-12-27 20:08 - 2013-12-27 20:08 - 00026448 _____ C:\Windows\diagwrn.xml
2013-12-27 20:08 - 2013-12-27 20:08 - 00001908 _____ C:\Windows\diagerr.xml
2013-12-27 20:08 - 2009-07-13 22:51 - 00000000 _____ C:\Windows\setuperr.log
2013-12-27 20:00 - 2009-07-13 23:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-12-27 19:59 - 2013-12-27 19:59 - 00637440 _____ C:\Users\John\Documents\Untitled Document.wps
2013-12-27 19:59 - 2013-12-27 19:56 - 00000106 _____ C:\Users\John\AppData\Roaming\wklnhst.dat
2013-12-27 19:56 - 2013-12-27 19:56 - 00000000 ____D C:\Users\John\AppData\Roaming\Template
2013-12-27 19:56 - 2013-06-06 16:41 - 00075232 _____ C:\Users\John\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-27 19:55 - 2013-12-27 19:55 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2013-12-27 19:48 - 2013-06-06 16:41 - 00002057 _____ C:\Windows\epplauncher.mif
2013-12-27 19:25 - 2013-12-27 19:25 - 00001077 _____ C:\Users\John\Documents\Documents - Shortcut.lnk
2013-12-27 19:07 - 2013-06-06 14:35 - 00031388 _____ C:\Windows\PFRO.log
2013-12-27 18:59 - 2013-12-25 16:30 - 00000000 ____D C:\Program Files (x86)\Lavasoft
2013-12-27 06:20 - 2013-12-27 06:19 - 00000000 ____D C:\Users\John\AppData\Local\adawarebp
2013-12-27 06:17 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system32\NDF
2013-12-25 18:51 - 2013-12-25 18:51 - 00000000 ____D C:\Users\John\AppData\Roaming\Lavasoft
2013-12-25 16:31 - 2013-12-25 16:31 - 00000000 ____D C:\ProgramData\Ad-Aware Browsing Protection
2013-12-25 16:29 - 2013-12-25 16:29 - 00000000 ____D C:\ProgramData\Lavasoft
2013-12-25 16:29 - 2013-12-25 16:28 - 01725064 _____ C:\Users\John\Downloads\Adaware_Installer.exe
2013-12-25 16:18 - 2013-12-25 16:18 - 00001111 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-25 16:18 - 2013-12-25 16:18 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-25 16:17 - 2013-12-25 16:17 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\John\Downloads\mbam-setup-1.75.0.1300 (1).exe
2013-12-25 11:00 - 2013-12-25 11:00 - 00000000 ____D C:\Users\John\AppData\Roaming\Malwarebytes
2013-12-25 10:57 - 2013-12-25 10:57 - 00000009 _____ C:\END
2013-12-25 10:57 - 2013-12-25 10:57 - 00000000 ____D C:\ProgramData\Conduit
2013-12-25 10:57 - 2013-12-25 10:57 - 00000000 ____D C:\Program Files (x86)\ConnectSo_V1
2013-12-25 10:57 - 2013-12-25 10:57 - 00000000 ____D C:\Program Files (x86)\Conduit
2013-12-25 10:50 - 2013-12-25 10:49 - 00000000 ____D C:\ProgramData\VisualBee
2013-12-25 10:49 - 2013-12-25 10:49 - 00000000 ____D C:\Program Files\Level Quality Watcher
2013-12-25 10:40 - 2013-12-25 10:40 - 00178024 _____ (Rapiddown) C:\Users\John\Downloads\Windows Media Player.exe
2013-12-17 05:19 - 2013-06-16 17:15 - 00000000 ____D C:\Users\John\AppData\Roaming\Skype
2013-12-16 03:01 - 2013-07-20 02:00 - 00000000 ____D C:\Windows\system32\MRT
2013-12-16 03:00 - 2013-06-06 10:07 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-12 08:00 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\rescache
2013-12-10 13:16 - 2013-06-07 09:21 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-10 13:16 - 2013-06-07 09:21 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-03 06:49 - 2013-06-16 17:15 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-12-03 06:49 - 2013-06-16 17:15 - 00000000 ____D C:\ProgramData\Skype

Some content of TEMP:
====================
C:\Users\John\AppData\Local\Temp\install_reader11_en_gtbd_chrd_dn_aaa_aih.exe
C:\Users\John\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe
C:\Users\John\AppData\Local\Temp\SkypeSetup.exe
C:\Users\John\AppData\Local\Temp\SpOrder.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

 

 

----------------------------------------------------------------------------------------------------------------------------------------------------------------------------

additions.txt:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-01-2014 01
Ran by John at 2014-01-01 15:42:52
Running from C:\Users\John\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.05) (x32 Version: 11.0.05 - Adobe Systems Incorporated)
Compatibility Pack for the 2007 Office system (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Java 7 Update 21 (x32 Version: 7.0.210 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (x32 Version: 9.7.0621 - Microsoft Corporation)
MyPC Backup  (Version:  - MyPC Backup) <==== ATTENTION
Mysearchdial (x32 Version:  - Mysearchdial) <==== ATTENTION
ScorpionSaver Services (Version: 1.0.0.0 - Adpeak, Inc.) <==== ATTENTION
Skype Click to Call (x32 Version: 6.13.13771 - Skype Technologies S.A.)
Skype™ 6.11 (x32 Version: 6.11.102 - Skype Technologies S.A.)
SUPERAntiSpyware (Version: 5.7.1016 - SUPERAntiSpyware.com)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Winamp (x32 Version: 5.66  - Nullsoft, Inc)

==================== Restore Points  =========================

Could not list Restore Points. Check WMI.


==================== Hosts content: ==========================

2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => ? <==== ATTENTION
Task: C:\Windows\Tasks\GreatArcadeHits.job => ? <==== ATTENTION
Task: C:\Windows\Tasks\MySearchDial.job => ? <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-4.8-chromeinstaller.job => ? <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-4.8-codedownloader.job => ? <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-4.8-enabler.job => ? <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-4.8-firefoxinstaller.job => ? <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-4.8-updater.job => ? <==== ATTENTION
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 47f8eea3-c6bc-4a2f-863b-ccb4fe62bd38.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe <==== ATTENTION
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task d50a7bda-7bd0-4385-a67c-47fa9d04d758.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe <==== ATTENTION
Task: C:\Windows\Tasks\UpdaterEX.job => ? <==== ATTENTION

==================== Loaded Modules (whitelisted) =============


==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AdpeakProxy => ""="service"

==================== Faulty Device Manager Devices =============

Name: hlnfd
Description: hlnfd
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: hlnfd
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/31/2013 04:58:33 PM) (Source: Application Error) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.16428, time stamp: 0x525b664c
Faulting module name: MSHTML.dll, version: 11.0.9600.16476, time stamp: 0x52947390
Exception code: 0xc0000005
Fault offset: 0x0039ed87
Faulting process id: 0x14d4
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (12/28/2013 10:14:44 PM) (Source: Application Error) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.16428, time stamp: 0x525b664c
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x49043971
Faulting process id: 0x3420
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (12/28/2013 04:39:19 PM) (Source: Application Error) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.16428, time stamp: 0x525b664c
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x008b41eb
Faulting process id: 0x1aec
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (12/28/2013 03:36:50 AM) (Source: Application Error) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.16428, time stamp: 0x525b664c
Faulting module name: MSHTML.dll, version: 11.0.9600.16476, time stamp: 0x52947390
Exception code: 0xc0000005
Fault offset: 0x0026f1f5
Faulting process id: 0x1e8
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (12/27/2013 10:39:57 PM) (Source: Application Error) (User: )
Description: Faulting application name: MsiExec.exe, version: 5.0.7601.17514, time stamp: 0x4ce792c4
Faulting module name: SHELL32.dll, version: 6.1.7601.18222, time stamp: 0x51f1d731
Exception code: 0xc0000005
Fault offset: 0x00086828
Faulting process id: 0x860
Faulting application start time: 0xMsiExec.exe0
Faulting application path: MsiExec.exe1
Faulting module path: MsiExec.exe2
Report Id: MsiExec.exe3

Error: (12/27/2013 08:13:41 PM) (Source: Application Error) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.16428, time stamp: 0x525b664c
Faulting module name: IECore.dll, version: 0.0.0.0, time stamp: 0x529ce18d
Exception code: 0xc0000005
Fault offset: 0x000015e5
Faulting process id: 0x9cc
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (12/27/2013 07:48:34 PM) (Source: Microsoft Security Client Setup) (User: NOAHPC)
Description: HRESULT:0x8004FF06
Description:Microsoft Security Essentials is already installed. A newer version of Security Essentials is already installed on your computer. Error code:0x8004FF06.

Error: (12/27/2013 06:51:08 PM) (Source: Microsoft-Windows-RestartManager) (User: NOAHPC)
Description: Application or service 'AdpeakProxy' could not be restarted.

Error: (12/27/2013 06:50:56 PM) (Source: Microsoft-Windows-RestartManager) (User: NOAHPC)
Description: Application or service 'AdpeakProxy' could not be shut down.

Error: (12/27/2013 06:50:32 PM) (Source: Application Error) (User: )
Description: Faulting application name: MsiExec.exe, version: 5.0.7601.17514, time stamp: 0x4ce792c4
Faulting module name: SHELL32.dll, version: 6.1.7601.18222, time stamp: 0x51f1d731
Exception code: 0xc0000005
Fault offset: 0x0008660e
Faulting process id: 0x904
Faulting application start time: 0xMsiExec.exe0
Faulting application path: MsiExec.exe1
Faulting module path: MsiExec.exe2
Report Id: MsiExec.exe3


System errors:
=============
Error: (01/01/2014 03:29:05 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
hlnfd

Error: (01/01/2014 03:29:04 PM) (Source: Service Control Manager) (User: )
Description: The Computer Backup (MyPC Backup) service failed to start due to the following error:
%%1053

Error: (01/01/2014 03:29:04 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Computer Backup (MyPC Backup) service to connect.

Error: (12/31/2013 01:40:28 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
hlnfd

Error: (12/31/2013 01:40:27 PM) (Source: Service Control Manager) (User: )
Description: The Computer Backup (MyPC Backup) service failed to start due to the following error:
%%1053

Error: (12/31/2013 01:40:27 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Computer Backup (MyPC Backup) service to connect.

Error: (12/31/2013 00:35:53 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
hlnfd

Error: (12/31/2013 00:35:52 PM) (Source: Service Control Manager) (User: )
Description: The Computer Backup (MyPC Backup) service failed to start due to the following error:
%%1053

Error: (12/31/2013 00:35:52 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Computer Backup (MyPC Backup) service to connect.

Error: (12/30/2013 11:40:13 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
hlnfd


Microsoft Office Sessions:
=========================
Error: (12/31/2013 04:58:33 PM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE11.0.9600.16428525b664cMSHTML.dll11.0.9600.1647652947390c00000050039ed8714d401cf067b950d43edC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\system32\MSHTML.dll12775e14-726f-11e3-a049-0025648a6b8a

Error: (12/28/2013 10:14:44 PM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE11.0.9600.16428525b664cunknown0.0.0.000000000c000000549043971342001cf041af9430f18C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEunknownbe771f7c-703f-11e3-aeba-0025648a6b8a

Error: (12/28/2013 04:39:19 PM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE11.0.9600.16428525b664cunknown0.0.0.000000000c0000005008b41eb1aec01cf0419fba76479C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEunknowne34c680b-7010-11e3-aeba-0025648a6b8a

Error: (12/28/2013 03:36:50 AM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE11.0.9600.16428525b664cMSHTML.dll11.0.9600.1647652947390c00000050026f1f51e801cf03af0a30da80C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\system32\MSHTML.dll939c947f-6fa3-11e3-aeba-0025648a6b8a

Error: (12/27/2013 10:39:57 PM) (Source: Application Error)(User: )
Description: MsiExec.exe5.0.7601.175144ce792c4SHELL32.dll6.1.7601.1822251f1d731c00000050008682886001cf0386d8aaf779c:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\SHELL32.dll19d42660-6f7a-11e3-aeba-0025648a6b8a

Error: (12/27/2013 08:13:41 PM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE11.0.9600.16428525b664cIECore.dll0.0.0.0529ce18dc0000005000015e59cc01cf0371fd2a2a28C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Program Files (x86)\ScorpionSaver\IECore.dllab0649e2-6f65-11e3-9f3b-0025648a6b8a

Error: (12/27/2013 07:48:34 PM) (Source: Microsoft Security Client Setup)(User: NOAHPC)
Description: HRESULT:0x8004FF06
Description:Microsoft Security Essentials is already installed. A newer version of Security Essentials is already installed on your computer. Error code:0x8004FF06.

Error: (12/27/2013 06:51:08 PM) (Source: Microsoft-Windows-RestartManager)(User: NOAHPC)
Description: 0AdpeakProxy.exeAdpeakProxy03026217819200

Error: (12/27/2013 06:50:56 PM) (Source: Microsoft-Windows-RestartManager)(User: NOAHPC)
Description: 0AdpeakProxy.exeAdpeakProxy0302621611920263003A005C00500072006F006700720061006D002000460069006C00650073005C00530063006F007200700069006F006E00530061007600650072002000530065007200760069006300650073005C00410064007000650061006B00500072006F00780079002E00650078006500000063003A005C00500072006F006700720061006D002000460069006C00650073005C00530063006F007200700069006F006E00530061007600650072002000530065007200760069006300650073005C0050004300500072006F007800790044004C004C002E0064006C006C000000

Error: (12/27/2013 06:50:32 PM) (Source: Application Error)(User: )
Description: MsiExec.exe5.0.7601.175144ce792c4SHELL32.dll6.1.7601.1822251f1d731c00000050008660e90401cf0366cc2a6032c:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\SHELL32.dll0d4546d7-6f5a-11e3-a152-0025648a6b8a


==================== Memory info ===========================

Percentage of memory in use: 42%
Total physical RAM: 4060.98 MB
Available physical RAM: 2336 MB
Total Pagefile: 8120.15 MB
Available Pagefile: 6046.81 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:455.84 GB) (Free:377.38 GB) NTFS
Drive i: (OFFICE) (Removable) (Total:3.73 GB) (Free:0.52 GB) FAT32

==================== MBR & Partition Table ==================

==================== End Of Log ============================



#10 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:06:54 PM

Posted 02 January 2014 - 08:55 PM

Thanks for the reports!

 

You need to move the Farbar Recovery Scan Tool to the Desktop! It is now here > Running from C:\Users\John\Downloads

 

Next, please open notepad (Start > All Programs > Accessories > Notepad)
Copy the entire contents of the code box below to Notepad  (Do not copy the word 'code').
Save it to the Desktop, where FRST is now located, and name it: fixlist.txt

start
URLSearchHook: HKLM-x32 - (No Name) - {3fd4b98c-4dce-43de-99f9-7f8c8cbfd625} - No File
SearchScopes: HKLM-x32 - DefaultScope {E01BF3E9-12C7-43C0-AD18-9A3122B227EF} URL =
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKCU - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL =
SearchScopes: HKCU - {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL =
Toolbar: HKLM-x32 - No Name - {3fd4b98c-4dce-43de-99f9-7f8c8cbfd625} -  No File
Toolbar: HKCU - No Name - {3FD4B98C-4DCE-43DE-99F9-7F8C8CBFD625} -  No File
Winsock: Catalog9 01 C:\Windows\SysWOW64\AdpeakProxy.dll [338944] (Adpeak, Inc.)
Winsock: Catalog9 02 C:\Windows\SysWOW64\AdpeakProxy.dll [338944] (Adpeak, Inc.)
Winsock: Catalog9 03 C:\Windows\SysWOW64\AdpeakProxy.dll [338944] (Adpeak, Inc.)
Winsock: Catalog9 04 C:\Windows\SysWOW64\AdpeakProxy.dll [338944] (Adpeak, Inc.)
Winsock: Catalog9 15 C:\Windows\SysWOW64\AdpeakProxy.dll [338944] (Adpeak, Inc.)
Winsock: Catalog9-x64 01 C:\Windows\system32\AdpeakProxy64.dll [439296] (Adpeak, Inc.)
Winsock: Catalog9-x64 02 C:\Windows\system32\AdpeakProxy64.dll [439296] (Adpeak, Inc.)
Winsock: Catalog9-x64 03 C:\Windows\system32\AdpeakProxy64.dll [439296] (Adpeak, Inc.)
Winsock: Catalog9-x64 04 C:\Windows\system32\AdpeakProxy64.dll [439296] (Adpeak, Inc.)
Winsock: Catalog9-x64 15 C:\Windows\system32\AdpeakProxy64.dll [439296] (Adpeak, Inc.)
R2 AdpeakProxy; C:\Program Files\ScorpionSaver Services\AdpeakProxy.exe [3688448 2013-10-16] (Adpeak, Inc.)
R2 Level Quality Watcher; C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe [513528 2013-12-10] ()
2013-12-28 10:38 - 2013-12-28 10:38 - 00000000 ____D C:\Program Files\ScorpionSaver Services
2013-12-26 05:54 - 2013-10-16 10:18 - 00439296 _____ (Adpeak, Inc.) C:\Windows\system32\AdpeakProxy64.dll
2013-12-26 05:54 - 2013-10-16 10:18 - 00338944 _____ (Adpeak, Inc.) C:\Windows\SysWOW64\AdpeakProxy.dll
C:\Users\John\AppData\Local\Temp\install_reader11_en_gtbd_chrd_dn_aaa_aih.exe
C:\Users\John\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe
C:\Users\John\AppData\Local\Temp\SkypeSetup.exe
C:\Users\John\AppData\Local\Temp\SpOrde
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AdpeakProxy
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => ? <==== ATTENTION
Task: C:\Windows\Tasks\GreatArcadeHits.job => ? <==== ATTENTION
Task: C:\Windows\Tasks\MySearchDial.job => ? <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-4.8-chromeinstaller.job => ? <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-4.8-codedownloader.job => ? <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-4.8-enabler.job => ? <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-4.8-firefoxinstaller.job => ? <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-4.8-updater.job => ? <==== ATTENTION
Task: C:\Windows\Tasks\UpdaterEX.job => ? <==== ATTENTION

 

NOTICE: This script is written specifically for this computer!!!
Running this on another computer may cause damage to the Operating System.
 
Now, please run FRST, and press the Fix button, just once, and wait.
 
When done, the tool creates a report on the Desktop called: Fixlog.txt

>>  Please post the Fixlog.txt in your reply.


Old duck...


#11 jmrsp

jmrsp
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:54 PM

Posted 05 January 2014 - 12:09 AM

unfortunately i missed an email notification 2 days ago that you had responded to me and just discovered it. in the interim, i got frustrated that the computer could not be used and brought it to a computer repair business to remove the virus - just this afternoon. i assume they will be successful (but if not i'll let you know). so i'm sorry about the mixup and that you spent all that effort. i appreciate your help. 



#12 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:06:54 PM

Posted 05 January 2014 - 04:44 PM

... i assume they will be successful (but if not i'll let you know).

 

 

 

Would not be surprise if you came back.


Old duck...





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users