Jump to content

monk3ydudek

Members
  • Posts

    14
  • Joined

  • Last visited

Reputation

0 Neutral

Recent Profile Visitors

851 profile views
  1. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014 Ran by Zac at 2014-04-07 20:51:21 Run:1 Running from C:\Users\Zac\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** HKLM-x32\...\Run: [] - [X] ShortcutTarget: Updater.lnk -> C:\Users\Zac\AppData\Roaming\Mixi.DJ Addon\Updater.exe (No File) SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {62E6AB84-875B-4551-84E6-A3E290D88D82} URL = SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = SearchScopes: HKCU - {F7C78C08-3CC7-416F-B827-7C1785ABBDA8} URL = CHR HKLM\SOFTWARE\Policies\Google: Policy restriction C:\Users\Zac\AppData\Local\Temp\dufgmr4c.exe C:\Users\Zac\AppData\Local\Temp\Extract.exe C:\Users\Zac\AppData\Local\Temp\Quarantine.exe C:\Users\Zac\AppData\Local\Temp\SP65168.exe C:\Users\Zac\AppData\Local\Temp\SP65654.exe Startup: C:\Users\Zac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Updater.lnk AlternateDataStreams: C:\ProgramData\Temp:373E1720 AlternateDataStreams: C:\ProgramData\Temp:862BDB1A AlternateDataStreams: C:\ProgramData\Temp:D1B5B4F1 AlternateDataStreams: C:\Users\Zac\SkyDrive:ms-properties Task: {0CA938DE-8954-48BD-8083-2C02B6152B09} - System32\Tasks\GC_Informer => %LOCALAPPDATA%\GCC\Controller.exe <==== ATTENTION Task: {30C683B0-5DC3-4C93-85E0-15FB083DE2F1} - System32\Tasks\GC_Scheduler => %LOCALAPPDATA%\GCC\Controller.exe <==== ATTENTION Task: {83E02F97-913D-4804-88B2-51EE510FE39B} - \RegClean Pro No Task File Task: {930A9DAB-73F7-4FBA-881B-0EA157ED7C99} - \RegClean Pro_DEFAULT No Task File Task: {C35F3795-E3B2-41C7-B3B8-2183E2180DA3} - System32\Tasks\Microsoft\Windows\Maintenance\UP_Scheduler => %LOCALAPPDATA%\GCC\Controller.exe <==== ATTENTION Task: {FC71DDFB-4CD8-4793-9D08-6E24AAB73B6A} - System32\Tasks\RegistryDr_Start => C:\Program Files (x86)\Registry Dr\RegistryDr.exe <==== ATTENTION ***************** HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully. C:\Users\Zac\AppData\Roaming\Mixi.DJ Addon\Updater.exe not found. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully. HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully. HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{62E6AB84-875B-4551-84E6-A3E290D88D82} => Key deleted successfully. HKCR\CLSID\{62E6AB84-875B-4551-84E6-A3E290D88D82} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} => Key deleted successfully. HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC} => Key deleted successfully. HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F7C78C08-3CC7-416F-B827-7C1785ABBDA8} => Key deleted successfully. HKCR\CLSID\{F7C78C08-3CC7-416F-B827-7C1785ABBDA8} => Key not found. HKLM\SOFTWARE\Policies\Google => Key deleted successfully. C:\Users\Zac\AppData\Local\Temp\dufgmr4c.exe => Moved successfully. C:\Users\Zac\AppData\Local\Temp\Extract.exe => Moved successfully. C:\Users\Zac\AppData\Local\Temp\Quarantine.exe => Moved successfully. C:\Users\Zac\AppData\Local\Temp\SP65168.exe => Moved successfully. C:\Users\Zac\AppData\Local\Temp\SP65654.exe => Moved successfully. C:\Users\Zac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Updater.lnk => Moved successfully. C:\ProgramData\Temp => ":373E1720" ADS removed successfully. C:\ProgramData\Temp => ":862BDB1A" ADS removed successfully. C:\ProgramData\Temp => ":D1B5B4F1" ADS removed successfully. "C:\Users\Zac\SkyDrive" => ":ms-properties" ADS not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0CA938DE-8954-48BD-8083-2C02B6152B09} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0CA938DE-8954-48BD-8083-2C02B6152B09} => Key deleted successfully. C:\Windows\System32\Tasks\GC_Informer => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GC_Informer => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{30C683B0-5DC3-4C93-85E0-15FB083DE2F1} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{30C683B0-5DC3-4C93-85E0-15FB083DE2F1} => Key deleted successfully. C:\Windows\System32\Tasks\GC_Scheduler => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GC_Scheduler => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{83E02F97-913D-4804-88B2-51EE510FE39B} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{83E02F97-913D-4804-88B2-51EE510FE39B} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegClean Pro => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{930A9DAB-73F7-4FBA-881B-0EA157ED7C99} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{930A9DAB-73F7-4FBA-881B-0EA157ED7C99} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegClean Pro_DEFAULT => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C35F3795-E3B2-41C7-B3B8-2183E2180DA3} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C35F3795-E3B2-41C7-B3B8-2183E2180DA3} => Key deleted successfully. C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance\UP_Scheduler => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Maintenance\UP_Scheduler => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FC71DDFB-4CD8-4793-9D08-6E24AAB73B6A} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FC71DDFB-4CD8-4793-9D08-6E24AAB73B6A} => Key deleted successfully. C:\Windows\System32\Tasks\RegistryDr_Start => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegistryDr_Start => Key deleted successfully. ==== End of Fixlog ====
  2. Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 4/5/2014 Scan Time: 9:06:11 PM Logfile: malware scan.txt Administrator: Yes Version: 2.00.1.1004 Malware Database: v2014.04.06.02 Rootkit Database: v2014.03.27.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Chameleon: Disabled OS: Windows 8.1 CPU: x64 File System: NTFS User: Zac Scan Type: Threat Scan Result: Completed Objects Scanned: 258033 Time Elapsed: 13 min, 30 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Shuriken: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 1 PUP.Optional.FreeFileConverter.A, HKU\S-1-5-21-2932913618-75830066-4036860142-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{59A062A1-5ECA-4A1A-BC44-B2A9283A8ACB}, , [e03a0324651684b2b80110fbd82a11ef], Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end)
  3. # AdwCleaner v3.023 - Report created 05/04/2014 at 20:37:03 # Updated 01/04/2014 by Xplode # Operating System : Windows 8.1 (64 bits) # Username : Zac - ZACS # Running from : C:\Users\Zac\Desktop\adwcleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\wincert Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registry Dr Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TornTV.com Folder Deleted : C:\Program Files (x86)\File Type Helper Folder Deleted : C:\Program Files (x86)\Settings Manager Folder Deleted : C:\Program Files (x86)\ShopperPro Folder Deleted : C:\Program Files (x86)\TidyNetwork Folder Deleted : C:\Users\Zac\AppData\Local\CrashRpt Folder Deleted : C:\Users\Zac\AppData\Local\RegistryDr Folder Deleted : C:\Users\Zac\AppData\Roaming\DriverCure Folder Deleted : C:\Users\Zac\AppData\Roaming\Optimizer Elite Max Folder Deleted : C:\Users\Zac\AppData\Roaming\Systweak Folder Deleted : C:\Users\Zac\Documents\Optimizer Pro File Deleted : C:\END File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe Value Deleted : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x64] Value Deleted : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x86] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} Key Deleted : HKCU\Software\Softonic Key Deleted : HKCU\Software\systweak Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F} Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F} Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0} Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C} Key Deleted : HKLM\Software\systweak Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~3\wincert\win32c~1.dll Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~3\Wincert\WIN64C~1.DLL Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\Linkey\IEEXTE~1\iedll64.dll ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.16518 -\\ Google Chrome v32.0.1700.107 [ File : C:\Users\Zac\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [12124 octets] - [23/02/2014 15:15:45] AdwCleaner[R1].txt - [3375 octets] - [05/04/2014 20:33:48] AdwCleaner[s0].txt - [11700 octets] - [23/02/2014 15:16:24] AdwCleaner[s1].txt - [3120 octets] - [05/04/2014 20:37:03] ########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [3180 octets] ##########
  4. Okay Scorpion Saver is now gone but we found this registry dr that is in the installed programs as well that stays in there. And it keeps popping up when you restart the computer or just randomly. It tries to redirect to website. Really annoying. Do you think you could help me with that as well? Thanks.
  5. Do I save it to the desktop, I'm in Internet Explorer just so you know. So when I click on the file it says do you want to save or just run. Sorry I just need more step by step.
  6. SystemLook 30.07.11 by jpshortstuff Log created at 18:45 on 05/04/2014 by Zac Administrator - Elevation successful ========== regfind ========== Searching for "Scorpion" [HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Word\File MRU] "Item 1"="[F00000000][T01CF50F52AEC1BC0]*C:\Users\Zac\SkyDrive\Pictures\Documents\scorpion saver2.docx" [HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Word\File MRU] "Item 2"="[F00000000][T01CF50F512071F60]*C:\Users\Zac\SkyDrive\Pictures\Documents\scorpion saver.docx" [HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Word\File MRU] "Item 3"="[F00000000][T01CF50F4F10BD300]*C:\Users\Zac\SkyDrive\Pictures\Documents\uninstall scorpion saver.docx" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\3A9F56B942D9A2546BFE41756DE52495] "ProductName"="ScorpionSaver" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1C19AC53289098045B06B0DD1D37CBAB] "3A9F56B942D9A2546BFE41756DE52495"="c:\Program Files (x86)\ScorpionSaver\ff_bootstrap.js" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23D9E9D21B4E77E41B9F50DD22F24E20] "3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23EEA1F105A7F45449974D9B95E7AC89] "3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\26982796A8AFD1246B95E00265A95BF9] "3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\42D92D0D75AFEF74297E03876C8D9D33] "3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50FFE845C555A6E4BADB7CB7A145BFEB] "3A9F56B942D9A2546BFE41756DE52495"="c:\Program Files (x86)\ScorpionSaver\SendJson.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\715A3348920B6534690067594BB69F60] "3A9F56B942D9A2546BFE41756DE52495"="c:\Program Files (x86)\ScorpionSaver\" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7B7B13B037A7C2A42AC3E3EAF14D7107] "3A9F56B942D9A2546BFE41756DE52495"="c:\Program Files (x86)\ScorpionSaver\background.js" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7D05B2942E9CC80499F397F6114DFB35] "3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8591B8948E1C4A04F90505B3CDEE8555] "3A9F56B942D9A2546BFE41756DE52495"="c:\Program Files (x86)\ScorpionSaver\CustomActionInstall" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8D841C5FEC311624CB88D49DB3884FA7] "3A9F56B942D9A2546BFE41756DE52495"="c:\Program Files (x86)\ScorpionSaver\IECore.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AD746BF3B3B3FD8409B86604BA85982A] "3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F355F0DB7A2E3A14B8E7A568FBA25937] "3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3A9F56B942D9A2546BFE41756DE52495\InstallProperties] "DisplayName"="ScorpionSaver" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9B65F9A3-9D24-452A-B6EF-1457D65E4259}] "DisplayName"="ScorpionSaver" [HKEY_USERS\S-1-5-21-2932913618-75830066-4036860142-1001\Software\Microsoft\Office\12.0\Word\File MRU] "Item 1"="[F00000000][T01CF50F52AEC1BC0]*C:\Users\Zac\SkyDrive\Pictures\Documents\scorpion saver2.docx" [HKEY_USERS\S-1-5-21-2932913618-75830066-4036860142-1001\Software\Microsoft\Office\12.0\Word\File MRU] "Item 2"="[F00000000][T01CF50F512071F60]*C:\Users\Zac\SkyDrive\Pictures\Documents\scorpion saver.docx" [HKEY_USERS\S-1-5-21-2932913618-75830066-4036860142-1001\Software\Microsoft\Office\12.0\Word\File MRU] "Item 3"="[F00000000][T01CF50F4F10BD300]*C:\Users\Zac\SkyDrive\Pictures\Documents\uninstall scorpion saver.docx" -= EOF =-
  7. Trying to remove Scorpion Saver from installed programs. Tried Adware removal, Malwarebytes, Ccleaner, and Kaspersky. I'm running Windows 8.1 and not too familiar with that or Window 8. Please help thanks.
  8. Hi, Welcome: We cannot assist you here in your profile. Please follow the direction here as best you can: https://forums.malwarebytes.org/index.php?showtopic=9573 . Then please start a new post with the requested logs here: https://forums.malwarebytes.org/index.php?showforum=7. A malware expert will assist you as soon as possible. Thanks!

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.