Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

google blocking virus


  • This topic is locked This topic is locked
52 replies to this topic

#1 drpeggyp

drpeggyp

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Atlanta, GA
  • Local time:11:44 PM

Posted 19 December 2013 - 02:49 PM

I have been having this problem for several days, so I cannot swear that I am including all the details or in the right order.  Initially I couldn't access google.  My malware protection told me that several malicious sites had been blocked.  I found several infected files when I scanned with superantispyware, which were cleaned.  The problem continued and has gotten worse.  The browser connects to some sites after a very long time and never connects to anything with google in it.  I connected to bleepingcomputer.com, but I cannot navigate around the site.  I reviewed the preparation guide and followed the instructions, but I could not connect to the Post a New Topic link or the download of dds.  I used another computer to do that and then transferred the files with a jump drive.  The logs that are contained here are from the infected computer even if this post is being entered from a different computer on a different network.

 

Here is the log  dds.txt and I have attached the other file.  I appreciate any help you can offer.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.45.2
Run by Peggy at 14:14:26 on 2013-12-19
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8127.3119 [GMT -5:00]
.
AV: Ad-Aware Antivirus *Disabled/Outdated* {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AV: avast! Internet Security *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Ad-Aware Antivirus *Disabled/Outdated* {631A84A5-349B-D564-3A83-A0F22C2DF32B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Internet Security *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: Ad-Aware Firewall *Disabled* {E040E464-58CE-DBB2-2B6C-32B5A979FEED}
FW: avast! Internet Security *Enabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\Program Files\Lenovo\L2230x Wide USB Port Replicator Monitor\dqscrproj.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\windows\system32\nvvsvc.exe
C:\Program Files\Lenovo\L2230x Wide USB Port Replicator Monitor\dqScrProxy.exe
C:\windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Roxio\BackOnTrack\File Backup\FileBackupSVC.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Workspace\offSyncService.exe
C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\AdAwareService.exe
C:\Program Files\Lenovo\Power Dial\LenovoCOMSvc.exe
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\windows\SYSTEM32\WISPTIS.EXE
C:\windows\SysWOW64\Rundll32.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Lenovo\L2230x Wide USB Port Replicator Monitor\dcute.exe
C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\AdAwareTray.exe
C:\Users\Peggy\AppData\Local\Workspace\workspaceupdate.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Users\Peggy\AppData\Local\Akamai\netsession_win.exe
C:\Users\Peggy\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\jmesoft\hotkey.exe
C:\Program Files\Lenovo\Power Dial\LitModeSwitch.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Lenovo\HealthCare\HealthCare.exe
C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\Intuit\QuickBooks 2011\QBW32.EXE
C:\Program Files\Lenovo\Power Dial\LitModeCtrl.exe
C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
C:\Program Files (x86)\WePrint\WePrint Server.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\MyPC Backup\BackupStack.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Users\Peggy\AppData\Local\Temp\Foxit Reader Updater.exe
C:\windows\system32\taskeng.exe
C:\Users\Peggy\Downloads\Insomnia\64-bit\Insomnia.exe
C:\Program Files\HP\HP LaserJet Professional CP1020 Series\HPCP1020STRAY.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\WUDFHost.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://bing.com/
uURLSearchHooks: Connect DLC 2 Toolbar: {515b2424-5911-40bd-8a2c-bdb20286d8f5} - C:\Program Files (x86)\Connect_DLC_2\prxtbConn.dll
mURLSearchHooks: Connect DLC 2 Toolbar: {515b2424-5911-40bd-8a2c-bdb20286d8f5} - C:\Program Files (x86)\Connect_DLC_2\prxtbConn.dll
mWinlogon: Userinit = userinit.exe,
BHO: Connect DLC 2 Toolbar: {515b2424-5911-40bd-8a2c-bdb20286d8f5} - C:\Program Files (x86)\Connect_DLC_2\prxtbConn.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe Acrobat Create PDF Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: Adobe Acrobat Create PDF from Selection: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
TB: Connect DLC 2 Toolbar: {515B2424-5911-40BD-8A2C-BDB20286D8F5} - C:\Program Files (x86)\Connect_DLC_2\prxtbConn.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - 
TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
TB: Connect DLC 2 Toolbar: {515b2424-5911-40bd-8a2c-bdb20286d8f5} - C:\Program Files (x86)\Connect_DLC_2\prxtbConn.dll
uRun: [Starfield Updater] "C:\Users\Peggy\AppData\Local\Workspace\WorkspaceUpdate.exe"
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [Akamai NetSession Interface] "C:\Users\Peggy\AppData\Local\Akamai\netsession_win.exe"
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [ConduitFloatingPlugin_ffekppndigniegkobcngkdmaadbhhonj] "C:\windows\SysWOW64\Rundll32.exe" "C:\Users\Peggy\AppData\Local\Temp\CT3306058\plugins\TBVerifier.dll",RunConduitFloatingPlugin ffekppndigniegkobcngkdmaadbhhonj
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [BackgroundContainer] "C:\windows\SysWOW64\Rundll32.exe" "C:\Users\Peggy\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [jmekey] C:\Program Files (x86)\jmesoft\hotkey.exe
mRun: [ModeSwitch] "C:\Program Files\Lenovo\Power Dial\LitModeSwitch.exe" /AutoRun
mRun: [Healthcare] C:\Program Files\Lenovo\HealthCare\HealthCare.exe /hide
mRun: [CLMLServer] "C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe"
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [SetDefaultSCR] C:\Program Files (x86)\Lenovo\Lenovo Screensaver\SetDefaultSCR.exe
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe  startup
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [20131121] C:\Program Files\AVAST Software\Avast\setup\emupdate\22161bcd-402c-46fe-8fd8-3e932462ce3c.exe /check
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Peggy\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\JLALPI~1.LNK - C:\Program Files (x86)\JL Alpine Advent Calendar\JL Alpine Advent Calendar.exe
StartupFolder: C:\Users\Peggy\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MYPCBA~1.LNK - C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
StartupFolder: C:\Users\Peggy\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\Users\Peggy\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\WEPRIN~1.LNK - C:\Program Files (x86)\WePrint\WePrint Server.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INTUIT~1.LNK - C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~2.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Intuit\QuickBooks 2011\QBW32.EXE
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\windows\System32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{6D3F85B5-4C54-433D-9403-F7CA2C672A62} : DHCPNameServer = 75.75.75.75 75.75.76.76
Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files (x86)\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - 
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Adobe Acrobat Create PDF Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Adobe Acrobat Create PDF from Selection: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll
x64-Run: [Unattend0000000001{BFA3D12B-66DD-4617-923A-E864BC7D20B5}] C:\Windows\test.bat
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [Lenovo dCute] "C:\Program Files\Lenovo\L2230x Wide USB Port Replicator Monitor\dCute.exe"
x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [AdAwareTray] "C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\AdAwareTray.exe"
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - <orphaned>
x64-Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Peggy\AppData\Roaming\Mozilla\Firefox\Profiles\d88lmkb3.default\
FF - prefs.js: browser.startup.homepage - bing.com
FF - prefs.js: network.proxy.type - 4
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Peggy\AppData\Local\Citrix\Plugins\104\npappdetector.dll
FF - plugin: C:\Users\Peggy\AppData\Roaming\Mozilla\plugins\npoff.dll
FF - plugin: C:\Users\Peggy\AppData\Roaming\Mozilla\Plugins\npoff.dll
FF - plugin: C:\Users\Peggy\AppData\Roaming\Mozilla\plugins\npoff64.dll
FF - plugin: C:\Users\Peggy\AppData\Roaming\Mozilla\Plugins\npoff64.dll
FF - plugin: C:\Users\Peggy\AppData\Roaming\Mozilla\plugins\npwbe.dll
FF - plugin: C:\Users\Peggy\AppData\Roaming\Mozilla\Plugins\npwbe.dll
FF - plugin: C:\Users\Peggy\AppData\Roaming\Mozilla\plugins\npwbe64.dll
FF - plugin: C:\Users\Peggy\AppData\Roaming\Mozilla\Plugins\npwbe64.dll
FF - plugin: C:\windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
FF - ExtSQL: 2013-11-21 14:51; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - ExtSQL: 2013-12-03 09:45; wrc@avast.com; C:\Program Files\AVAST Software\Avast\WebRep\FF
.
============= SERVICES / DRIVERS ===============
.
R0 ALvldr;ALvldr;C:\windows\System32\drivers\ALvldr.sys [2010-5-11 28736]
R0 aswRvrt;avast! Revert;C:\windows\System32\drivers\aswRvrt.sys [2013-3-25 65776]
R0 aswVmm;avast! VM Monitor;C:\windows\System32\drivers\aswVmm.sys [2013-3-25 205320]
R0 PxHlpa64;PxHlpa64;C:\windows\System32\drivers\PxHlpa64.sys [2010-7-20 55280]
R1 aswKbd;aswKbd;C:\windows\System32\drivers\aswKbd.sys [2013-4-4 28184]
R1 aswNdisFlt;Avast! Firewall Driver;C:\windows\System32\drivers\aswNdisFlt.sys [2013-4-4 447888]
R1 aswSnx;aswSnx;C:\windows\System32\drivers\aswSnx.sys [2011-12-10 1032416]
R1 aswSP;aswSP;C:\windows\System32\drivers\aswSP.sys [2011-12-10 409832]
R1 dqBridge;dqBridge;C:\windows\System32\drivers\dqbridge.sys [2010-5-11 57408]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\windows\System32\drivers\dtsoftbus01.sys [2011-12-1 279616]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-10-10 144152]
R2 aswFsBlk;aswFsBlk;C:\windows\System32\drivers\aswFsBlk.sys [2011-12-10 38984]
R2 aswMonFlt;aswMonFlt;C:\windows\System32\drivers\aswMonFlt.sys [2011-12-10 84328]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-12-3 50344]
R2 avast! Firewall;avast! Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe [2013-12-3 116776]
R2 BackupStack;Computer Backup (MyPC Backup);C:\Program Files (x86)\MyPC Backup\BackupStack.exe [2013-5-30 32808]
R2 CEEBC40A-FDED-4C59-B354-939132350B01;Roxio File Backup Service;C:\Program Files (x86)\Roxio\BackOnTrack\File Backup\FileBackupSVC.exe [2009-10-12 96752]
R2 File Backup;File Backup Service;C:\Program Files (x86)\Workspace\offSyncService.exe [2012-7-18 1187040]
R2 HP LaserJet Service;HP LaserJet Service;C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [2010-10-25 145920]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-7-20 13336]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-8-25 13672]
R2 LavasoftAdAwareService11;Ad-Aware Service 11;C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\AdAwareService.exe [2013-12-11 513736]
R2 LenovoCOMSvc;LenovoCOMService;C:\Program Files\Lenovo\Power Dial\LenovoCOMSvc.exe [2010-7-20 49152]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2011-9-26 376144]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2011-9-16 16056]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\windows\System32\drivers\LMIRfsDriver.sys [2011-10-9 72216]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-17 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-17 701512]
R2 QBVSS;QBIDPService;C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2011-11-9 1248256]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-12-10 1153368]
R2 ScrProj;Lenovo USB Display Screen Projector;C:\Program Files\Lenovo\L2230x Wide USB Port Replicator Monitor\dqscrproj.exe [2010-5-11 90624]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-10-9 3275136]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-7-20 2320920]
R2 WinI2C-DDC;WinI2C-DDC Kernel Mode Driver;C:\windows\System32\drivers\ddcdrv.sys [2010-7-20 20832]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE [2012-6-11 240208]
R3 dqusb;Driver for ThinkPad USB port rep;C:\windows\System32\drivers\dqusb.sys [2009-8-6 29688]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;C:\windows\System32\drivers\e1k62x64.sys [2009-10-16 283824]
R3 HECIx64;Intel® Management Engine Interface;C:\windows\System32\drivers\HECIx64.sys [2009-10-11 56344]
R3 HPFXBULKLEDM;HPFXBULKLEDM;C:\windows\System32\drivers\hppdbulkio.sys [2010-12-14 22328]
R3 LitModeCtrl;LitModeCtrl;C:\Program Files\Lenovo\Power Dial\LitModeCtrl.exe [2010-7-20 81920]
R3 lvlddrv;Lenovo DsplyFltDrv Filter Driver;C:\windows\System32\drivers\lvlddrv.sys [2010-5-11 95808]
R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2012-5-11 25928]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2010-7-20 219136]
S2 0220091323528877mcinstcleanup;McAfee Application Installer Cleanup (0220091323528877);C:\Users\Peggy\AppData\Local\Temp\022009~1.EXE C:\PROGRA~2\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> C:\Users\Peggy\AppData\Local\Temp\022009~1.EXE C:\PROGRA~2\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE [2012-6-11 193616]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-9-18 1038088]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2013-12-13 111616]
S3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;C:\windows\System32\drivers\Rtnic64.sys [2009-6-10 51712]
S3 SWDUMon;SWDUMon;C:\windows\System32\drivers\SWDUMon.sys [2012-5-7 15672]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2011-9-25 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2011-9-23 1255736]
S3 wsvd;wsvd;C:\windows\System32\drivers\wsvd.sys [2009-7-21 121840]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
.
=============== File Associations ===============
.
FileExt: .js: jsfile="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS4\Dreamweaver.exe","%1"
ShellExec: CrazyTalk60.exe: Open=C:\Program Files (x86)\Reallusion\CrazyTalk 6\CT Program\CTIEMain.exe "%1"
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS4\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2013-12-18 10:40:23 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{34AF77BC-CF56-48A6-B446-E79EE55DD96D}\offreg.dll
2013-12-17 07:28:46 10315576 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{34AF77BC-CF56-48A6-B446-E79EE55DD96D}\mpengine.dll
2013-12-13 08:03:58 1820160 ----a-w- C:\windows\SysWow64\wininet.dll
2013-12-13 08:03:57 2334208 ----a-w- C:\windows\System32\wininet.dll
2013-12-13 08:03:56 1928192 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2013-12-13 08:03:55 1995264 ----a-w- C:\windows\System32\inetcpl.cpl
2013-12-13 08:03:50 4243968 ----a-w- C:\windows\SysWow64\jscript9.dll
2013-12-13 08:03:49 5769216 ----a-w- C:\windows\System32\jscript9.dll
2013-12-12 14:31:03 2048 ----a-w- C:\windows\System32\tzres.dll
2013-12-12 14:31:02 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2013-12-12 14:30:03 3155968 ----a-w- C:\windows\System32\win32k.sys
2013-12-12 14:29:58 81408 ----a-w- C:\windows\System32\imagehlp.dll
2013-12-12 14:29:58 159232 ----a-w- C:\windows\SysWow64\imagehlp.dll
2013-12-12 14:29:51 230400 ----a-w- C:\windows\System32\drivers\portcls.sys
2013-12-12 14:29:51 116736 ----a-w- C:\windows\System32\drivers\drmk.sys
2013-12-12 14:28:27 150016 ----a-w- C:\windows\System32\wshom.ocx
2013-12-12 14:28:26 202752 ----a-w- C:\windows\System32\scrrun.dll
2013-12-12 14:28:26 156160 ----a-w- C:\windows\System32\cscript.exe
2013-12-12 14:28:26 141824 ----a-w- C:\windows\SysWow64\wscript.exe
2013-12-12 14:28:26 121856 ----a-w- C:\windows\SysWow64\wshom.ocx
2013-12-12 14:28:25 168960 ----a-w- C:\windows\System32\wscript.exe
2013-12-12 14:28:25 163840 ----a-w- C:\windows\SysWow64\scrrun.dll
2013-12-12 14:28:25 126976 ----a-w- C:\windows\SysWow64\cscript.exe
2013-12-11 19:12:53 -------- d-----w- C:\Program Files\Common Files\Lavasoft
2013-12-10 16:19:08 -------- d-----w- C:\Users\Peggy\AppData\Roaming\LavasoftStatistics
2013-12-10 16:07:30 -------- d-----w- C:\Program Files\Lavasoft
2013-12-09 16:47:34 -------- d-----w- C:\Users\Peggy\AppData\Roaming\SUPERAntiSpyware.com
2013-12-09 16:47:26 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2013-12-09 16:47:26 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2013-12-04 19:15:21 -------- d-----w- C:\ProgramData\Conduit
2013-12-04 19:15:20 -------- d-----w- C:\Program Files (x86)\Connect_DLC_2
2013-12-04 19:15:09 -------- d-----w- C:\Users\Peggy\AppData\Local\NativeMessaging
2013-12-04 19:15:08 -------- d-----w- C:\Users\Peggy\AppData\Local\Conduit
2013-12-04 19:15:06 -------- d-----w- C:\Users\Peggy\AppData\Local\CRE
2013-12-04 19:15:06 -------- d-----w- C:\Program Files (x86)\Conduit
2013-12-04 19:14:54 -------- d-----w- C:\Users\Peggy\AppData\Roaming\SearchProtect
2013-12-04 19:14:45 -------- d-----w- C:\Users\Peggy\AppData\Roaming\addpcs
2013-12-04 19:14:39 -------- d-----w- C:\Program Files\Temp File Cleaner
2013-12-04 15:14:25 -------- d-----w- C:\ProgramData\Oracle
2013-12-04 15:12:25 96168 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-12-03 18:50:54 -------- d-----w- C:\Users\Peggy\AppData\Roaming\AVAST Software
2013-12-01 12:54:53 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-12-01 12:54:53 -------- d-----w- C:\Program Files\iTunes
2013-12-01 12:54:53 -------- d-----w- C:\Program Files\iPod
2013-12-01 12:54:53 -------- d-----w- C:\Program Files (x86)\iTunes
.
==================== Find3M  ====================
.
2013-12-12 16:48:57 107368 ----a-w- C:\windows\System32\LMIRfsClientNP.dll
2013-12-12 16:48:55 92488 ----a-w- C:\windows\System32\LMIinit.dll
2013-12-12 16:48:55 35656 ----a-w- C:\windows\System32\LMIport.dll
2013-12-10 21:02:17 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-10 21:02:17 692616 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2013-12-03 14:45:42 92544 ----a-w- C:\windows\System32\drivers\aswRdr2.sys
2013-12-03 14:45:42 84328 ----a-w- C:\windows\System32\drivers\aswMonFlt.sys
2013-12-03 14:45:42 65776 ----a-w- C:\windows\System32\drivers\aswRvrt.sys
2013-12-03 14:45:42 205320 ----a-w- C:\windows\System32\drivers\aswVmm.sys
2013-12-03 14:45:42 1032416 ----a-w- C:\windows\System32\drivers\aswSnx.sys
2013-12-03 14:45:41 43152 ----a-w- C:\windows\avastSS.scr
2013-12-03 14:45:30 28184 ----a-w- C:\windows\System32\drivers\aswKbd.sys
2013-12-03 14:45:24 447888 ----a-w- C:\windows\System32\drivers\aswNdisFlt.sys
2013-11-26 10:19:07 2724864 ----a-w- C:\windows\System32\mshtml.tlb
2013-11-26 10:18:23 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07 66048 ----a-w- C:\windows\System32\iesetup.dll
2013-11-26 09:46:25 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39 139264 ----a-w- C:\windows\System32\ieUnatt.exe
2013-11-26 09:18:09 111616 ----a-w- C:\windows\System32\ieetwcollector.exe
2013-11-26 09:16:57 708608 ----a-w- C:\windows\System32\jscript9diag.dll
2013-11-26 08:28:16 553472 ----a-w- C:\windows\SysWow64\jscript9diag.dll
2013-11-19 08:33:38 267936 ------w- C:\windows\System32\MpSigStub.exe
2013-11-19 08:02:56 878080 ----a-w- C:\windows\System32\advapi32.dll
2013-11-19 08:01:58 1887232 ----a-w- C:\windows\System32\d3d11.dll
2013-11-19 08:01:58 1505280 ----a-w- C:\windows\SysWow64\d3d11.dll
2013-11-01 12:40:35 107368 ----a-w- C:\windows\System32\LMIRfsClientNP.dll.000.bak
2013-10-31 07:46:13 270824 ----a-w- C:\windows\System32\drivers\aswNdis2.sys
2013-10-31 07:46:12 131232 ----a-w- C:\windows\System32\drivers\aswFW.sys
2013-10-12 02:30:42 830464 ----a-w- C:\windows\System32\nshwfp.dll
2013-10-12 02:29:21 859648 ----a-w- C:\windows\System32\IKEEXT.DLL
2013-10-12 02:29:08 324096 ----a-w- C:\windows\System32\FWPUCLNT.DLL
2013-10-12 02:03:08 656896 ----a-w- C:\windows\SysWow64\nshwfp.dll
2013-10-12 02:01:25 216576 ----a-w- C:\windows\SysWow64\FWPUCLNT.DLL
2013-10-05 20:25:35 1474048 ----a-w- C:\windows\System32\crypt32.dll
2013-10-05 19:57:25 1168384 ----a-w- C:\windows\SysWow64\crypt32.dll
2013-10-03 02:23:48 404480 ----a-w- C:\windows\System32\gdi32.dll
2013-10-03 02:00:44 311808 ----a-w- C:\windows\SysWow64\gdi32.dll
2013-09-28 01:09:10 497152 ----a-w- C:\windows\System32\drivers\afd.sys
2013-09-25 02:26:40 95680 ----a-w- C:\windows\System32\drivers\ksecdd.sys
2013-09-25 02:26:40 154560 ----a-w- C:\windows\System32\drivers\ksecpkg.sys
2013-09-25 02:23:33 28672 ----a-w- C:\windows\System32\sspisrv.dll
2013-09-25 02:23:33 135680 ----a-w- C:\windows\System32\sspicli.dll
2013-09-25 02:23:01 28160 ----a-w- C:\windows\System32\secur32.dll
2013-09-25 02:22:59 340992 ----a-w- C:\windows\System32\schannel.dll
2013-09-25 02:21:50 307200 ----a-w- C:\windows\System32\ncrypt.dll
2013-09-25 02:21:07 1447936 ----a-w- C:\windows\System32\lsasrv.dll
2013-09-25 01:58:17 96768 ----a-w- C:\windows\SysWow64\sspicli.dll
2013-09-25 01:57:26 22016 ----a-w- C:\windows\SysWow64\secur32.dll
2013-09-25 01:57:24 247808 ----a-w- C:\windows\SysWow64\schannel.dll
2013-09-25 01:56:42 220160 ----a-w- C:\windows\SysWow64\ncrypt.dll
2013-09-25 01:03:24 30720 ----a-w- C:\windows\System32\lsass.exe
.
============= FINISH: 14:14:57.81 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:44 PM

Posted 20 December 2013 - 04:41 PM


Hello drpeggyp

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 drpeggyp

drpeggyp
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Atlanta, GA
  • Local time:11:44 PM

Posted 21 December 2013 - 07:16 AM

Thank you for your speedy response.  I will be running both of these this morning and will send you reports.  



#4 drpeggyp

drpeggyp
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Atlanta, GA
  • Local time:11:44 PM

Posted 21 December 2013 - 09:15 AM

I backed up all files and began as instructed.

 

I wasn't able to download the programs from your website on this computer.  Eventually the site loaded but the download never completed.  So I went to my laptop (different wireless isp) and download them to a jumpdrive and moved them to the desktop.

 

adwcleaner:

 

# AdwCleaner v3.015 - Report created 21/12/2013 at 07:57:35
# Updated 10/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Peggy - PEGGY-PC
# Running from : C:\Users\Peggy\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : BackupStack

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\ProgramData\SpeedyPC Software
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Program Files (x86)\Ask.com
Folder Deleted : C:\Program Files (x86)\Conduit
[!] Folder Deleted : C:\Program Files (x86)\MyPC Backup
Folder Deleted : C:\Program Files (x86)\Connect_DLC_2
Folder Deleted : C:\windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
Folder Deleted : C:\Users\Peggy\AppData\Local\Conduit
Folder Deleted : C:\Users\Peggy\AppData\Local\NativeMessaging
Folder Deleted : C:\Users\Peggy\AppData\Local\PackageAware
Folder Deleted : C:\Users\Peggy\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Peggy\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Peggy\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Peggy\AppData\LocalLow\Connect_DLC_2
Folder Deleted : C:\Users\Peggy\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\Peggy\AppData\Roaming\DSite
Folder Deleted : C:\Users\Peggy\AppData\Roaming\Searchprotect
Folder Deleted : C:\Users\Peggy\AppData\Roaming\SpeedyPC Software
Folder Deleted : C:\Users\Peggy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
File Deleted : C:\END
File Deleted : C:\Users\Peggy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
File Deleted : C:\Users\Peggy\Desktop\MyPC Backup.lnk
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\windows\System32\Tasks\BackgroundContainer Startup Task
File Deleted : C:\windows\Tasks\DSite.job
File Deleted : C:\windows\System32\Tasks\DSite
File Deleted : C:\windows\System32\Tasks\LaunchApp
File Deleted : C:\windows\System32\Tasks\Scheduled Update for Ask Toolbar

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bgnjcnjlaajofpendibcoodneacalfho
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [BackgroundContainer]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Applications\iMesh_V11_en_Setup.exe
Key Deleted : HKLM\SOFTWARE\Classes\Applications\iMeshV11.exe
Key Deleted : HKLM\SOFTWARE\Classes\b
Key Deleted : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3306058
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Starfield Updater]
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [ConduitFloatingPlugin_ffekppndigniegkobcngkdmaadbhhonj]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A0B10EBE-4E51-4CAE-949B-E6B9E7D68CEA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F511AFDB-726E-4458-90E7-1ECB97406544}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{515B2424-5911-40BD-8A2C-BDB20286D8F5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D99BD420-3BB9-4ECB-91F6-3C79236E28C0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{515B2424-5911-40BD-8A2C-BDB20286D8F5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{515B2424-5911-40BD-8A2C-BDB20286D8F5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{515B2424-5911-40BD-8A2C-BDB20286D8F5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D99BD420-3BB9-4ECB-91F6-3C79236E28C0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FDA1E611-5CBD-4218-B2C9-8654B29C6716}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1ED00C7B-E762-46F4-92CA-67F721F4B93C}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{515B2424-5911-40BD-8A2C-BDB20286D8F5}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{515B2424-5911-40BD-8A2C-BDB20286D8F5}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{515B2424-5911-40BD-8A2C-BDB20286D8F5}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{515B2424-5911-40BD-8A2C-BDB20286D8F5}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\powerpack
Key Deleted : HKCU\Software\SpeedyPC Software
Key Deleted : HKCU\Software\WEDLMNGR
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainer
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\Connect_DLC_2
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\SpeedyPC Software
Key Deleted : HKLM\Software\Connect_DLC_2
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup
Key Deleted : HKLM\Software\Classes\Installer\Features\90C64EA18BA25EE488BF80DCF07F2FFD
Key Deleted : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\Software\Classes\Installer\Products\90C64EA18BA25EE488BF80DCF07F2FFD
Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v25.0.1 (en-US)

[ File : C:\Users\Peggy\AppData\Roaming\Mozilla\Firefox\Profiles\d88lmkb3.default\prefs.js ]


-\\ Google Chrome v

[ File : C:\Users\Peggy\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [12521 octets] - [21/12/2013 07:55:58]
AdwCleaner[S0].txt - [12307 octets] - [21/12/2013 07:57:35]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [12368 octets] ##########

  After finishing the computer booted up slightly better (faster) and loaded bing faster.  Didn't try google yet.

 

Junk removal tool

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by Peggy on Sat 12/21/2013 at  8:09:24.49
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\adawarebp
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\super_lyrics
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-997571960-636829429-2509540780-1001\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C7E4B67E-4A3D-4E08-AD44-81BECC155A04}
Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Peggy\appdata\local\cre"
Successfully deleted: [Folder] "C:\Program Files (x86)\eusing free registry cleaner"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\free registry cleaner"
Successfully deleted: [Folder] "C:\Users\Peggy\AppData\Roaming\microsoft\windows\start menu\programs\free registry cleaner"



~~~ FireFox

Successfully deleted: [File] C:\user.js



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 12/21/2013 at  8:15:48.66
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

At this point, google will still not load and other sites try to load but get hung up.  At the bottom of the browser window it says "waiting for fonts.googleapis.com."  Websites will not load.



#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:44 PM

Posted 21 December 2013 - 03:01 PM


Hello drpeggyp

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 drpeggyp

drpeggyp
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Atlanta, GA
  • Local time:11:44 PM

Posted 22 December 2013 - 07:17 AM

Deactivated:  malwarebytes, avast, superantispyware and turned off windows firewall.  Ran combofix and got this error message:

 

Windows cannot fin NIRKMD.  Check spelling and try again.

NirCmd v2.35

Copyright ©2004-2009 NirSofer

For more information about uisng this utility, read the help file mircmd.chm

Website:  http://www.nirsoft.net

Copy to Windows Directory       OK

 

Keeps trying to run and repeats error message.  Will reboot and wait until I hear from you.



#7 drpeggyp

drpeggyp
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Atlanta, GA
  • Local time:11:44 PM

Posted 22 December 2013 - 07:55 AM

I clicked ok and it began to run.  Went through all 50 scans - with the error message at the end of each.  When I click ok it continued. After stage 50 it rebooted - warning me not to reboot manually but to let combofix reboot.

 

After the reboot:  Now has this message in comand box.

 

Preparing Log Report

Do Not run any programs until Combofix has finished.

 

SED:  Can't read system_ini.dat:  no such file or directory.

The system cannot find the file NircmdB.exe

 

Then the error message keeps coming up

 

System cannot find NIRKMD and will not go beyond this point.  Have done nothing else - using other computer - until hear from you.

 

Peggy



#8 drpeggyp

drpeggyp
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Atlanta, GA
  • Local time:11:44 PM

Posted 22 December 2013 - 09:55 AM

THe error message continued but I kept hitting ok and combofix finished.  Here is the log.

 

ComboFix 13-12-20.01 - Peggy 12/22/2013   7:21.1.8 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8127.4468 [GMT -5:00]
Running from: c:\users\Peggy\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *Disabled/Outdated* {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\TEMP
c:\users\Peggy\AppData\Roaming\.#
.
.
.
c:\windows\system32\sfcfiles.dll . . . is missing!!
.
c:\windows\system32\drivers\null.sys . . . is missing!!
.
c:\windows\system32\drivers\afd.sys . . . is missing!!
.
c:\windows\system32\drivers\ndis.sys . . . is missing!!
.
c:\windows\system32\drivers\ndisuio.sys . . . is missing!!
.
c:\windows\system32\drivers\netbios.sys . . . is missing!!
.
c:\windows\system32\drivers\usbehci.sys . . . is missing!!
.
c:\windows\system32\drivers\intelppm.sys . . . is missing!!
.
c:\windows\system32\drivers\tcpip.sys . . . is missing!!
.
c:\windows\system32\drivers\netbt.sys . . . is missing!!
.
c:\windows\system32\drivers\asyncmac.sys . . . is missing!!
.
c:\windows\system32\drivers\cdrom.sys . . . is missing!!
.
c:\windows\system32\drivers\Serial.sys . . . is missing!!
.
c:\windows\system32\drivers\ndproxy.sys . . . is missing!!
.
c:\windows\system32\drivers\ws2ifsl.sys . . . is missing!!
.
c:\windows\system32\drivers\i8042prt.sys . . . is missing!!
.
c:\windows\system32\drivers\ipsec.sys . . . is missing!!
.
c:\windows\system32\drivers\psched.sys . . . is missing!!
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_CertPropSvc
-------\Service_gpsvc
-------\Service_iphlpsvc
-------\Service_MSiSCSI
-------\Service_SCPolicySvc
-------\Service_SessionEnv
.
.
(((((((((((((((((((((((((   Files Created from 2013-11-22 to 2013-12-22  )))))))))))))))))))))))))))))))
.
.
2013-12-22 12:31 . 2013-12-22 12:31    --------    d-----w-    C:\Device
2013-12-21 13:09 . 2013-12-21 13:09    --------    d-----w-    c:\windows\ERUNT
2013-12-21 12:55 . 2013-12-21 12:57    --------    d-----w-    C:\AdwCleaner
2013-12-13 08:03 . 2013-11-26 08:02    1995264    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-12-13 08:03 . 2013-11-26 08:35    5769216    ----a-w-    c:\windows\system32\jscript9.dll
2013-12-12 14:29 . 2013-10-19 02:18    81408    ----a-w-    c:\windows\system32\imagehlp.dll
2013-12-12 14:29 . 2013-10-04 02:16    116736    ----a-w-    c:\windows\system32\drivers\drmk.sys
2013-12-12 14:29 . 2013-10-04 01:36    230400    ----a-w-    c:\windows\system32\drivers\portcls.sys
2013-12-12 14:28 . 2013-10-12 01:33    156160    ----a-w-    c:\windows\system32\cscript.exe
2013-12-10 16:19 . 2013-12-10 16:19    --------    d-----w-    c:\users\Peggy\AppData\Roaming\Lavasoft
2013-12-10 16:06 . 2013-12-10 16:06    --------    d-----w-    c:\programdata\Lavasoft
2013-12-09 16:47 . 2013-12-09 16:47    --------    d-----w-    c:\users\Peggy\AppData\Roaming\SUPERAntiSpyware.com
2013-12-09 16:47 . 2013-12-09 16:47    --------    d-----w-    c:\programdata\SUPERAntiSpyware.com
2013-12-04 19:14 . 2013-12-04 19:14    --------    d-----w-    c:\users\Peggy\AppData\Roaming\addpcs
2013-12-04 15:14 . 2013-12-04 15:14    --------    d-----w-    c:\programdata\Oracle
2013-12-04 15:12 . 2013-12-04 15:12    --------    d-----w-    c:\program files (x86)\Common Files\Java
2013-12-03 18:50 . 2013-12-03 18:50    --------    d-----w-    c:\users\Peggy\AppData\Roaming\AVAST Software
2013-12-01 12:54 . 2013-12-01 12:56    --------    d-----w-    c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-12-01 12:54 . 2013-12-01 12:56    --------    d-----w-    c:\program files (x86)\iTunes
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-12 16:48 . 2011-10-09 13:27    107368    ----a-w-    c:\windows\system32\LMIRfsClientNP.dll
2013-12-12 16:48 . 2011-10-09 13:27    35656    ----a-w-    c:\windows\system32\LMIport.dll
2013-12-12 16:48 . 2011-10-09 13:27    92488    ----a-w-    c:\windows\system32\LMIinit.dll
2013-12-04 03:28 . 2013-12-21 07:39    10315576    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{438953C1-D8E6-445A-A945-21276027EC15}\mpengine.dll
2013-12-04 03:28 . 2011-12-11 11:13    10315576    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-12-03 14:45 . 2013-03-25 19:15    205320    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2013-12-03 14:45 . 2013-03-25 19:15    65776    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2013-12-03 14:45 . 2012-03-25 12:23    92544    ----a-w-    c:\windows\system32\drivers\aswRdr2.sys
2013-12-03 14:45 . 2011-12-10 14:58    409832    ----a-w-    c:\windows\system32\drivers\aswSP.sys
2013-12-03 14:45 . 2011-12-10 14:58    38984    ----a-w-    c:\windows\system32\drivers\aswFsBlk.sys
2013-12-03 14:45 . 2011-12-10 14:58    65264    ----a-w-    c:\windows\system32\drivers\aswTdi.sys
2013-12-03 14:45 . 2011-12-10 14:58    1032416    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2013-12-03 14:45 . 2011-12-10 14:58    84328    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2013-12-03 14:45 . 2011-12-10 14:58    334648    ----a-w-    c:\windows\system32\aswBoot.exe
2013-12-03 14:45 . 2011-12-10 14:58    43152    ----a-w-    c:\windows\avastSS.scr
2013-12-03 14:45 . 2013-04-04 16:34    28184    ----a-w-    c:\windows\system32\drivers\aswKbd.sys
2013-12-03 14:45 . 2013-04-04 16:34    447888    ----a-w-    c:\windows\system32\drivers\aswNdisFlt.sys
2013-11-26 07:07 . 2013-12-13 08:03    2334208    ----a-w-    c:\windows\system32\wininet.dll
2013-11-19 08:33 . 2011-09-18 12:31    267936    ------w-    c:\windows\system32\MpSigStub.exe
2013-11-19 08:04 . 2013-11-19 08:04    940032    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2013-11-19 08:04 . 2013-11-19 08:04    942592    ----a-w-    c:\windows\system32\jsIntl.dll
2013-11-19 08:04 . 2013-11-19 08:04    90112    ----a-w-    c:\windows\system32\SetIEInstalledDate.exe
2013-11-19 08:04 . 2013-11-19 08:04    86016    ----a-w-    c:\windows\system32\RegisterIEPKEYs.exe
2013-11-19 08:04 . 2013-11-19 08:04    83968    ----a-w-    c:\windows\system32\MshtmlDac.dll
2013-11-19 08:04 . 2013-11-19 08:04    77312    ----a-w-    c:\windows\system32\tdc.ocx
2013-11-19 08:04 . 2013-11-19 08:04    548352    ----a-w-    c:\windows\system32\vbscript.dll
2013-11-19 08:04 . 2013-11-19 08:04    48640    ----a-w-    c:\windows\system32\mshtmler.dll
2013-11-19 08:04 . 2013-11-19 08:04    48128    ----a-w-    c:\windows\system32\imgutil.dll
2013-11-19 08:04 . 2013-11-19 08:04    413696    ----a-w-    c:\windows\system32\html.iec
2013-11-19 08:04 . 2013-11-19 08:04    40448    ----a-w-    c:\windows\system32\JavaScriptCollectionAgent.dll
2013-11-19 08:04 . 2013-11-19 08:04    30208    ----a-w-    c:\windows\system32\licmgr10.dll
2013-11-19 08:04 . 2013-11-19 08:04    247808    ----a-w-    c:\windows\system32\msls31.dll
2013-11-19 08:04 . 2013-11-19 08:04    235008    ----a-w-    c:\windows\system32\elshyph.dll
2013-11-19 08:04 . 2013-11-19 08:04    167424    ----a-w-    c:\windows\system32\iexpress.exe
2013-11-19 08:04 . 2013-11-19 08:04    143872    ----a-w-    c:\windows\system32\wextract.exe
2013-11-19 08:04 . 2013-11-19 08:04    13824    ----a-w-    c:\windows\system32\mshta.exe
2013-11-19 08:04 . 2013-11-19 08:04    131072    ----a-w-    c:\windows\system32\IEAdvpack.dll
2013-11-19 08:04 . 2013-11-19 08:04    1228800    ----a-w-    c:\windows\system32\mshtmlmedia.dll
2013-11-19 08:04 . 2013-11-19 08:04    105984    ----a-w-    c:\windows\system32\iesysprep.dll
2013-11-19 08:02 . 2013-11-19 08:02    878080    ----a-w-    c:\windows\system32\advapi32.dll
2013-11-19 08:02 . 2013-11-19 08:02    859648    ----a-w-    c:\windows\system32\tdh.dll
2013-11-19 08:02 . 2013-11-19 08:02    5549504    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-11-19 08:02 . 2013-11-19 08:02    44032    ----a-w-    c:\windows\apppatch\acwow64.dll
2013-11-19 08:02 . 2013-11-19 08:02    243712    ----a-w-    c:\windows\system32\wow64.dll
2013-11-19 08:02 . 2013-11-19 08:02    1732032    ----a-w-    c:\windows\system32\ntdll.dll
2013-11-19 08:02 . 2013-11-19 08:02    327168    ----a-w-    c:\windows\system32\mswsock.dll
2013-11-19 08:02 . 2013-11-19 08:02    1903552    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2013-11-19 08:01 . 2013-11-19 08:01    1887232    ----a-w-    c:\windows\system32\d3d11.dll
2013-11-12 02:23 . 2013-12-12 14:31    2048    ----a-w-    c:\windows\system32\tzres.dll
2013-11-01 12:40 . 2011-10-09 13:27    107368    ----a-w-    c:\windows\system32\LMIRfsClientNP.dll.000.bak
2013-10-31 07:46 . 2013-04-04 16:34    270824    ----a-w-    c:\windows\system32\drivers\aswNdis2.sys
2013-10-31 07:46 . 2013-04-04 16:34    131232    ----a-w-    c:\windows\system32\drivers\aswFW.sys
2013-10-30 01:24 . 2013-12-12 14:30    3155968    ----a-w-    c:\windows\system32\win32k.sys
2013-10-12 02:32 . 2013-12-12 14:28    150016    ----a-w-    c:\windows\system32\wshom.ocx
2013-10-12 02:31 . 2013-12-12 14:28    202752    ----a-w-    c:\windows\system32\scrrun.dll
2013-10-12 02:30 . 2013-11-13 04:55    830464    ----a-w-    c:\windows\system32\nshwfp.dll
2013-10-12 02:29 . 2013-11-13 04:55    859648    ----a-w-    c:\windows\system32\IKEEXT.DLL
2013-10-12 02:29 . 2013-11-13 04:55    324096    ----a-w-    c:\windows\system32\FWPUCLNT.DLL
2013-10-12 01:33 . 2013-12-12 14:28    168960    ----a-w-    c:\windows\system32\wscript.exe
2013-10-05 20:25 . 2013-11-13 04:56    1474048    ----a-w-    c:\windows\system32\crypt32.dll
2013-10-03 02:23 . 2013-11-13 04:55    404480    ----a-w-    c:\windows\system32\gdi32.dll
2013-09-28 01:09 . 2013-11-13 04:56    497152    ----a-w-    c:\windows\system32\drivers\afd.sys
2013-09-25 02:26 . 2013-11-13 04:56    95680    ----a-w-    c:\windows\system32\drivers\ksecdd.sys
2013-09-25 02:26 . 2013-11-13 04:56    154560    ----a-w-    c:\windows\system32\drivers\ksecpkg.sys
2013-09-25 02:23 . 2013-11-13 04:55    135680    ----a-w-    c:\windows\system32\sspicli.dll
2013-09-25 02:23 . 2013-11-13 04:55    28672    ----a-w-    c:\windows\system32\sspisrv.dll
2013-09-25 02:23 . 2013-11-13 04:55    28160    ----a-w-    c:\windows\system32\secur32.dll
2013-09-25 02:22 . 2013-11-13 04:56    340992    ----a-w-    c:\windows\system32\schannel.dll
2013-09-25 02:21 . 2013-11-13 04:55    307200    ----a-w-    c:\windows\system32\ncrypt.dll
2013-09-25 02:21 . 2013-11-13 04:55    1447936    ----a-w-    c:\windows\system32\lsasrv.dll
2013-09-25 01:03 . 2013-11-13 04:55    30720    ----a-w-    c:\windows\system32\lsass.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
.
.
.
.
[7] 2010-11-20 12:19 . AB9EB3745B03AE67AB241A82338DEA7B . 954288 . . [4.1.6140] . . c:\windows\SysWOW64\mfc40u.dll
[7] 2010-11-20 12:19 . AB9EB3745B03AE67AB241A82338DEA7B . 954288 . . [4.1.6151] . . c:\windows\winsxs\x86_microsoft-windows-mfc40u_31bf3856ad364e35_6.1.7601.17514_none_f51a7bf0b3d25294\mfc40u.dll
[7] 2010-08-31 04:32 . 1B3A500340AC40F08D03A2C45213A17D . 954288 . . [4.1.6151] . . c:\windows\winsxs\x86_microsoft-windows-mfc40u_31bf3856ad364e35_6.1.7600.16666_none_f3000dfcb6d2a7e4\mfc40u.dll
[7] 2010-08-31 04:25 . A716981A8BB41F4149203687EE2D1BE4 . 954288 . . [4.1.6151] . . c:\windows\winsxs\x86_microsoft-windows-mfc40u_31bf3856ad364e35_6.1.7600.20791_none_f3643991d00d1cce\mfc40u.dll
[7] 2009-07-14 01:15 . F8742FC618ECBDA92A406725197E93AE . 924944 . . [4.1.6140] . . c:\windows\winsxs\x86_microsoft-windows-mfc40u_31bf3856ad364e35_6.1.7600.16385_none_f2e96828b6e3cefa\mfc40u.dll
.
[7] 2013-11-19 . 482C8CD985C727C7C78A5E9B320947F0 . 3969472 . . [6.1.7601.18247] . . c:\windows\SysWOW64\ntkrnlpa.exe
[7] 2013-11-19 . 482C8CD985C727C7C78A5E9B320947F0 . 3969472 . . [6.1.7601.18247] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18247_none_6e1a402c127aed77\ntkrnlpa.exe
[7] 2013-11-19 . EB6B2FB5EE07337C8B4F3A16CBC18BE3 . 3973568 . . [6.1.7601.22436] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22436_none_6eadae7f2b915520\ntkrnlpa.exe
[7] 2013-08-02 . 0F3ACFF7F3D87C319F7894EF7155609B . 3973056 . . [6.1.7601.22411] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22411_none_6ebe4ce52b859e8b\ntkrnlpa.exe
[7] 2013-08-02 . 1A9E4EE88B31750E5CA207424143F99C . 3968960 . . [6.1.7601.18229] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18229_none_6e31e0981268e843\ntkrnlpa.exe
[7] 2013-07-09 . DD5F17D44E9966E7EA447AE8C4D12D6C . 3968960 . . [6.1.7601.18205] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18205_none_6e437f48125c4b05\ntkrnlpa.exe
[7] 2013-07-08 . 16A6C242C9B4DCA5A0B0FB7A95A75D70 . 3973056 . . [6.1.7601.22379] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22379_none_6e856dc72baf13c2\ntkrnlpa.exe
[7] 2013-03-19 . B02D4E4A4EBEF9E33488969DF6E9BC22 . 3958120 . . [6.1.7600.17273] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.17273_none_6c0f6e6e157075b4\ntkrnlpa.exe
[7] 2013-03-19 . 88355CFE81D381F93C74716DAA803587 . 3968856 . . [6.1.7601.18113] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18113_none_6e36ace212663721\ntkrnlpa.exe
[7] 2013-03-19 . 448A0336B56C2E927AAE8E903C721800 . 3971432 . . [6.1.7600.21490] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.21490_none_6c806c692ea0fe82\ntkrnlpa.exe
[7] 2013-03-19 . 3DFCBEEE97DF8BBAA749CAACFC9C43E1 . 3972440 . . [6.1.7601.22280] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22280_none_6e71995b2bbf4e7d\ntkrnlpa.exe
[7] 2013-01-05 . 4FC77400373F727993B96CD2AD5C94CC . 3957608 . . [6.1.7600.17207] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.17207_none_6c5f1f0a15341779\ntkrnlpa.exe
[7] 2013-01-05 . 660100CB90F344040EF57F52FC0681C3 . 3967848 . . [6.1.7601.18044] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18044_none_6e173b82127da724\ntkrnlpa.exe
[7] 2013-01-05 . 291E9950A38F49A5C0BBC097C6D1A07D . 3970920 . . [6.1.7600.21417] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.21417_none_6cddedcf2e59d05b\ntkrnlpa.exe
[7] 2013-01-05 . 8E43161944CE6E3A1F2B2618B992A8CE . 3971928 . . [6.1.7601.22210] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22210_none_6ebd48cf2b868ae6\ntkrnlpa.exe
[7] 2012-08-30 . 543F90836EFEB1CCE1DC547EF94CABAC . 3971440 . . [6.1.7600.21315] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.21315_none_6cdbeb552e5ba086\ntkrnlpa.exe
[7] 2012-08-30 . 31805BFA4DC62A55D1C2193237DECC0F . 3958128 . . [6.1.7600.17118] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.17118_none_6c554d82153b4f9a\ntkrnlpa.exe
[7] 2012-08-30 . 7E1EC00B7D0D33A67DFC563574EEFF93 . 3968880 . . [6.1.7601.17944] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17944_none_6e176360127d73e2\ntkrnlpa.exe
[7] 2012-08-30 . 770FEEA2823E463D68E170D7EA6FAEBA . 3972464 . . [6.1.7601.22103] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22103_none_6ecb17b32b7bbdd3\ntkrnlpa.exe
[7] 2012-05-04 . 406FC11EC77CD41740E6C4A7DE2BE627 . 3958128 . . [6.1.7600.17017] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.17017_none_6c544b52153c391c\ntkrnlpa.exe
[7] 2012-05-04 . 4A56DB06360F59130CAED69FA7526F0A . 3968368 . . [6.1.7601.17835] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17835_none_6e2331b012747421\ntkrnlpa.exe
[7] 2012-05-04 . AFF886D9D718D3747E5031816C0DA7D2 . 3971952 . . [6.1.7601.21987] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21987_none_6e78bf732bb8d24e\ntkrnlpa.exe
[7] 2012-05-04 . B8B8ED76D2C7F85F343A284E1DD19B9A . 3970928 . . [6.1.7600.21207] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.21207_none_6ce8b9ef2e51ba1c\ntkrnlpa.exe
[7] 2012-04-02 . 9D19079820928D72A5708A668B5B62AE . 3958128 . . [6.1.7600.16988] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16988_none_6c09c4061573e2c8\ntkrnlpa.exe
[7] 2012-03-31 . C6D1D128DE4148E35B6C04B6892EB71A . 3970928 . . [6.1.7600.21179] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.21179_none_6c9f09292e88b33a\ntkrnlpa.exe
[7] 2012-03-31 . 8F6D5704D7522AAB8B4B82C0D35D9184 . 3968368 . . [6.1.7601.17803] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17803_none_6e41a0e0125deda0\ntkrnlpa.exe
[7] 2012-03-31 . 93358348D0B79812CAAA83A1377E4449 . 3971952 . . [6.1.7601.21955] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21955_none_6e972ea32ba24bcd\ntkrnlpa.exe
[7] 2011-06-23 . 3624D782F8B061B6FBA3A35E2FE53CFD . 3967872 . . [6.1.7601.21755] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21755_none_6e972ad72ba2517f\ntkrnlpa.exe
[7] 2011-06-23 . 1F969255E068D451BAC2D4FB0BD8C9C3 . 3957120 . . [6.1.7600.16841] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16841_none_6c2dffca1559c47c\ntkrnlpa.exe
[7] 2011-06-23 . A4A8EF2ACE5FA5863AA0B04C9BBFECA7 . 3967872 . . [6.1.7601.17640] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17640_none_6e135c8612811711\ntkrnlpa.exe
[7] 2011-06-23 . 11486D4317D57C6F5E4DC902EF75D811 . 3967872 . . [6.1.7600.20994] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20994_none_6c848dd72e9d3c00\ntkrnlpa.exe
[7] 2010-11-20 . 144BD78C6103C8616DE047B3532142DB . 3966848 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17514_none_6e37cb8c12652b73\ntkrnlpa.exe
[7] 2010-10-27 . A6DCF9F73F2FCA7A96D9585817A08B43 . 3957120 . . [6.1.7600.16695] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16695_none_6bfbed8a157ebb3f\ntkrnlpa.exe
[7] 2010-10-27 . 8E641A407A795DFB7B3A34053EF8DB39 . 3966848 . . [6.1.7600.20826] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20826_none_6cd23bf92e62adf0\ntkrnlpa.exe
[7] 2010-02-27 . 20926A3F64BFFCD92BAA5ECE9D65CC4A . 3954568 . . [6.1.7600.16539] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16539_none_6c40cc54154a7bce\ntkrnlpa.exe
[7] 2010-02-27 . FC781D4359B553D62CBAD9F658E68784 . 3954568 . . [6.1.7600.20655] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20655_none_6cb0c81f2e7bee1e\ntkrnlpa.exe
[7] 2009-07-14 . E2A8596576873BC5D509031DECD8C95D . 3954768 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16385_none_6c06b7c41576a7d9\ntkrnlpa.exe
.
[7] 2010-11-20 12:20 . 703FFD301AB900B047337C5D40FD6F96 . 90112 . . [6.1.7601.17514] . . c:\windows\SysWOW64\olepro32.dll
[7] 2010-11-20 12:20 . 703FFD301AB900B047337C5D40FD6F96 . 90112 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-ole-automation-legacy_31bf3856ad364e35_6.1.7601.17514_none_3c1b247e5ff65f89\olepro32.dll
[7] 2009-07-14 01:16 . C10459DBDC2099C5A8428CB7D87DB85F . 90112 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-ole-automation-legacy_31bf3856ad364e35_6.1.7600.16385_none_39ea10b66307dbef\olepro32.dll
.
c:\windows\System32\drivers\atapi.sys ... is missing !!
c:\windows\System32\drivers\asyncmac.sys ... is missing !!
c:\windows\System32\drivers\beep.sys ... is missing !!
c:\windows\System32\drivers\kbdclass.sys ... is missing !!
c:\windows\System32\drivers\ndis.sys ... is missing !!
c:\windows\System32\drivers\ntfs.sys ... is missing !!
c:\windows\System32\drivers\null.sys ... is missing !!
c:\windows\System32\drivers\tcpip.sys ... is missing !!
c:\windows\System32\browser.dll ... is missing !!
c:\windows\System32\lsass.exe ... is missing !!
c:\windows\System32\netman.dll ... is missing !!
c:\windows\System32\qmgr.dll ... is missing !!
c:\windows\System32\rpcss.dll ... is missing !!
c:\windows\System32\services.exe ... is missing !!
c:\windows\System32\spoolsv.exe ... is missing !!
c:\windows\System32\winlogon.exe ... is missing !!
c:\windows\System32\wuauclt.exe ... is missing !!
c:\windows\System32\drivers\ipsec.sys ... is missing !!
c:\windows\System32\eventlog.dll ... is missing !!
c:\windows\System32\sfcfiles.dll ... is missing !!
c:\windows\System32\drivers\ipsec.sys ... is missing !!
c:\windows\System32\regsvc.dll ... is missing !!
c:\windows\System32\schedsvc.dll ... is missing !!
c:\windows\System32\ssdpsrv.dll ... is missing !!
c:\windows\System32\termsrv.dll ... is missing !!
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1AMPCBOK]
@="{04cd1f3e-81d5-4904-a3ab-e0f99a7d769d}"
[HKEY_CLASSES_ROOT\CLSID\{04cd1f3e-81d5-4904-a3ab-e0f99a7d769d}]
2010-11-05 01:58    297808    ----a-w-    c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SharingPrivate]
@="{08244EE6-92F0-47f2-9FC9-929BAA2E7235}"
[HKEY_CLASSES_ROOT\CLSID\{08244EE6-92F0-47f2-9FC9-929BAA2E7235}]
2010-11-20 12:20    442880    ----a-w-    c:\windows\System32\ntshrui.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-11-10 3514176]
"Akamai NetSession Interface"="c:\users\Peggy\AppData\Local\Akamai\netsession_win.exe" [2013-06-05 4489472]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-11-14 20584608]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-12-20 6563096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"jmekey"="c:\program files (x86)\jmesoft\hotkey.exe" [2009-07-16 114688]
"ModeSwitch"="c:\program files\Lenovo\Power Dial\LitModeSwitch.exe" [2009-09-27 163840]
"Healthcare"="c:\program files\Lenovo\HealthCare\HealthCare.exe" [2009-09-28 827392]
"CLMLServer"="c:\program files (x86)\Lenovo\Power2Go\CLMLSvc.exe" [2009-06-04 103720]
"UpdateP2GoShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"SetDefaultSCR"="c:\program files (x86)\Lenovo\Lenovo Screensaver\SetDefaultSCR.exe" [2009-12-31 102400]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-09-30 2215768]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe" [2013-09-05 3478392]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-11-02 152392]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2013-12-03 3568312]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
c:\users\Peggy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
WePrint Server.lnk - c:\program files (x86)\WePrint\WePrint Server.exe [2012-4-4 3521672]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Intuit Data Protect.lnk - c:\program files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe /Startup [2010-8-25 5969752]
QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2011-11-9 1156968]
QuickBooks_Standard_21.lnk - c:\program files (x86)\Intuit\QuickBooks 2011\QBW32.EXE -silent [2011-11-9 1178984]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"
.
R0 ALvldr;ALvldr;c:\windows\system32\DRIVERS\ALvldr.sys --> c:\windows\system32\DRIVERS\ALvldr.sys [?]
R0 amdxata;amdxata;c:\windows\system32\drivers\amdxata.sys --> c:\windows\system32\drivers\amdxata.sys [?]
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys --> c:\windows\system32\drivers\aswRvrt.sys [?]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys --> c:\windows\system32\drivers\aswVmm.sys [?]
R0 CLFS;Common Log (CLFS);c:\windows\system32\CLFS.sys --> c:\windows\system32\CLFS.sys [?]
R0 CNG;CNG;c:\windows\system32\Drivers\cng.sys --> c:\windows\system32\Drivers\cng.sys [?]
R0 FileInfo;File Information FS MiniFilter;c:\windows\system32\drivers\fileinfo.sys --> c:\windows\system32\drivers\fileinfo.sys [?]
R0 fvevol;Bitlocker Drive Encryption Filter Driver;c:\windows\system32\DRIVERS\fvevol.sys --> c:\windows\system32\DRIVERS\fvevol.sys [?]
R0 hwpolicy;Hardware Policy Driver;c:\windows\system32\drivers\hwpolicy.sys --> c:\windows\system32\drivers\hwpolicy.sys [?]
R0 KSecPkg;KSecPkg;c:\windows\system32\Drivers\ksecpkg.sys --> c:\windows\system32\Drivers\ksecpkg.sys [?]
R0 msahci;msahci;c:\windows\system32\drivers\msahci.sys --> c:\windows\system32\drivers\msahci.sys [?]
R0 msisadrv;msisadrv;c:\windows\system32\drivers\msisadrv.sys --> c:\windows\system32\drivers\msisadrv.sys [?]
R0 pcw;Performance Counters for Windows Driver;c:\windows\system32\drivers\pcw.sys --> c:\windows\system32\drivers\pcw.sys [?]
R0 PxHlpa64;PxHlpa64;c:\windows\system32\Drivers\PxHlpa64.sys --> c:\windows\system32\Drivers\PxHlpa64.sys [?]
R0 rdyboost;ReadyBoost;c:\windows\system32\drivers\rdyboost.sys --> c:\windows\system32\drivers\rdyboost.sys [?]
R0 spldr;Security Processor Loader Driver;c:\windows\system32\drivers\spldr.sys --> c:\windows\system32\drivers\spldr.sys [?]
R0 vdrvroot;Microsoft Virtual Drive Enumerator Driver;c:\windows\system32\drivers\vdrvroot.sys --> c:\windows\system32\drivers\vdrvroot.sys [?]
R0 volmgr;Volume Manager Driver;c:\windows\system32\drivers\volmgr.sys --> c:\windows\system32\drivers\volmgr.sys [?]
R0 volmgrx;Dynamic Volume Manager;c:\windows\system32\drivers\volmgrx.sys --> c:\windows\system32\drivers\volmgrx.sys [?]
R1 aswKbd;aswKbd;\??\c:\windows\system32\drivers\aswKbd.sys --> c:\windows\system32\drivers\aswKbd.sys [?]
R1 aswNdisFlt;Avast! Firewall Driver;c:\windows\system32\DRIVERS\aswNdisFlt.sys --> c:\windows\system32\DRIVERS\aswNdisFlt.sys [?]
R1 aswSnx;aswSnx;\??\c:\windows\system32\drivers\aswSnx.sys --> c:\windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;\??\c:\windows\system32\drivers\aswSP.sys --> c:\windows\system32\drivers\aswSP.sys [?]
R1 blbdrive;blbdrive;c:\windows\system32\DRIVERS\blbdrive.sys --> c:\windows\system32\DRIVERS\blbdrive.sys [?]
R1 DfsC;DFS Namespace Client Driver;c:\windows\system32\Drivers\dfsc.sys --> c:\windows\system32\Drivers\dfsc.sys [?]
R1 discache;System Attribute Cache;c:\windows\system32\drivers\discache.sys --> c:\windows\system32\drivers\discache.sys [?]
R1 dqBridge;dqBridge;c:\windows\system32\DRIVERS\dqbridge.sys --> c:\windows\system32\DRIVERS\dqbridge.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys --> c:\windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 nsiproxy;NSI proxy service driver.;c:\windows\system32\drivers\nsiproxy.sys --> c:\windows\system32\drivers\nsiproxy.sys [?]
R1 RDPENCDD;RDP Encoder Mirror Driver;c:\windows\system32\drivers\rdpencdd.sys --> c:\windows\system32\drivers\rdpencdd.sys [?]
R1 RDPREFMP;Reflector Display Driver used to gain access to graphics data;c:\windows\system32\drivers\rdprefmp.sys --> c:\windows\system32\drivers\rdprefmp.sys [?]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv64.sys [7/22/2011 11:26 AM 14928]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\saskutil64.sys [7/12/2011 4:55 PM 12368]
R1 tdx;NetIO Legacy TDI Support Driver;c:\windows\system32\DRIVERS\tdx.sys --> c:\windows\system32\DRIVERS\tdx.sys [?]
R1 Wanarpv6;Remote Access IPv6 ARP Driver;c:\windows\system32\DRIVERS\wanarp.sys --> c:\windows\system32\DRIVERS\wanarp.sys [?]
R1 WfpLwf;WFP Lightweight Filter;c:\windows\system32\DRIVERS\wfplwf.sys --> c:\windows\system32\DRIVERS\wfplwf.sys [?]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore64.exe [10/10/2013 5:54 PM 144152]
R2 aswFsBlk;aswFsBlk;\??\c:\windows\system32\drivers\aswFsBlk.sys --> c:\windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\c:\windows\system32\drivers\aswMonFlt.sys --> c:\windows\system32\drivers\aswMonFlt.sys [?]
R2 AudioEndpointBuilder;Windows Audio Endpoint Builder;c:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [7/13/2009 6:19 PM 20992]
R2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [12/3/2013 9:45 AM 116776]
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE [6/11/2012 3:22 PM 193616]
R2 BFE;Base Filtering Engine;c:\windows\system32\svchost.exe -k LocalServiceNoNetwork [7/13/2009 6:19 PM 20992]
R2 CEEBC40A-FDED-4C59-B354-939132350B01;Roxio File Backup Service;c:\program files (x86)\Roxio\BackOnTrack\File Backup\FileBackupSVC.exe [10/12/2009 2:47 PM 96752]
R2 DPS;Diagnostic Policy Service;c:\windows\System32\svchost.exe -k LocalServiceNoNetwork [7/13/2009 6:19 PM 20992]
R2 FDResPub;Function Discovery Resource Publication;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [7/13/2009 6:19 PM 20992]
R2 File Backup;File Backup Service;c:\program files (x86)\Workspace\offSyncService.exe [7/18/2012 1:39 PM 1187040]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalService [7/13/2009 6:19 PM 20992]
R2 HP LaserJet Service;HP LaserJet Service;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [10/25/2010 1:53 PM 145920]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [7/20/2010 2:13 PM 13336]
R2 IKEEXT;IKE and AuthIP IPsec Keying Modules;c:\windows\system32\svchost.exe -k netsvcs [7/13/2009 6:19 PM 20992]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [8/25/2011 5:53 PM 13672]
R2 LavasoftAdAwareService11;Ad-Aware Service 11;c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\AdAwareService.exe [12/11/2013 6:03 PM 513736]
R2 LenovoCOMSvc;LenovoCOMService;c:\program files\Lenovo\Power Dial\LenovoCOMSvc.exe [7/20/2010 2:33 PM 49152]
R2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver;c:\windows\system32\DRIVERS\lltdio.sys --> c:\windows\system32\DRIVERS\lltdio.sys [?]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [9/26/2011 5:16 PM 376144]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\rainfo.sys [9/16/2011 2:10 PM 16056]
R2 luafv;UAC File Virtualization;c:\windows\system32\drivers\luafv.sys --> c:\windows\system32\drivers\luafv.sys [?]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [9/17/2012 9:29 AM 418376]
R2 MMCSS;Multimedia Class Scheduler;c:\windows\system32\svchost.exe -k netsvcs [7/13/2009 6:19 PM 20992]
R2 MpsSvc;Windows Firewall;c:\windows\system32\svchost.exe -k LocalServiceNoNetwork [7/13/2009 6:19 PM 20992]
R2 NlaSvc;Network Location Awareness;c:\windows\System32\svchost.exe -k NetworkService [7/13/2009 6:19 PM 20992]
R2 nsi;Network Store Interface Service;c:\windows\system32\svchost.exe -k LocalService [7/13/2009 6:19 PM 20992]
R2 PcaSvc;Program Compatibility Assistant Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [7/13/2009 6:19 PM 20992]
R2 PEAUTH;PEAUTH;c:\windows\system32\drivers\peauth.sys --> c:\windows\system32\drivers\peauth.sys [?]
R2 Power;Power;c:\windows\system32\svchost.exe -k DcomLaunch [7/13/2009 6:19 PM 20992]
R2 ProfSvc;User Profile Service;c:\windows\system32\svchost.exe -k netsvcs [7/13/2009 6:19 PM 20992]
R2 QBVSS;QBIDPService;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [11/9/2011 9:59 AM 1248256]
R2 RpcEptMapper;RPC Endpoint Mapper;c:\windows\system32\svchost.exe -k RPCSS [7/13/2009 6:19 PM 20992]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [12/10/2011 10:01 AM 1153368]
R2 ScrProj;Lenovo USB Display Screen Projector;c:\program files\Lenovo\L2230x Wide USB Port Replicator Monitor\dqscrproj.exe [5/11/2010 1:24 PM 90624]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [10/9/2013 9:58 AM 3275136]
R2 sppsvc;Software Protection;c:\windows\system32\sppsvc.exe --> c:\windows\system32\sppsvc.exe [?]
R2 SysMain;Superfetch;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [7/13/2009 6:19 PM 20992]
R2 TabletInputService;Tablet PC Input Service;c:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [7/13/2009 6:19 PM 20992]
R2 tcpipreg;TCP/IP Registry Compatibility;c:\windows\system32\drivers\tcpipreg.sys --> c:\windows\system32\drivers\tcpipreg.sys [?]
R2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [7/20/2010 2:13 PM 2320920]
R2 UxSms;Desktop Window Manager Session Manager;c:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [7/13/2009 6:19 PM 20992]
R2 WinDefend;Windows Defender;c:\windows\System32\svchost.exe -k secsvcs [7/13/2009 6:19 PM 20992]
R2 WinI2C-DDC;WinI2C-DDC Kernel Mode Driver;c:\windows\System32\drivers\ddcdrv.sys [7/20/2010 2:33 PM 16200]
R3 Appinfo;Application Information;c:\windows\system32\svchost.exe -k netsvcs [7/13/2009 6:19 PM 20992]
R3 bowser;Browser Support Driver;c:\windows\system32\DRIVERS\bowser.sys --> c:\windows\system32\DRIVERS\bowser.sys [?]
R3 CompositeBus;Composite Bus Enumerator Driver;c:\windows\system32\drivers\CompositeBus.sys --> c:\windows\system32\drivers\CompositeBus.sys [?]
R3 dqusb;Driver for ThinkPad USB port rep;c:\windows\system32\DRIVERS\dqusb.sys --> c:\windows\system32\DRIVERS\dqusb.sys [?]
R3 DXGKrnl;LDDM Graphics Subsystem;c:\windows\system32\drivers\dxgkrnl.sys --> c:\windows\system32\drivers\dxgkrnl.sys [?]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys --> c:\windows\system32\DRIVERS\e1k62x64.sys [?]
R3 fdPHost;Function Discovery Provider Host;c:\windows\system32\svchost.exe -k LocalService [7/13/2009 6:19 PM 20992]
R3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys --> c:\windows\system32\DRIVERS\HECIx64.sys [?]
R3 HomeGroupListener;HomeGroup Listener;c:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [7/13/2009 6:19 PM 20992]
R3 HomeGroupProvider;HomeGroup Provider;c:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted [7/13/2009 6:19 PM 20992]
R3 HPFXBULKLEDM;HPFXBULKLEDM;c:\windows\system32\drivers\hppdbulkio.sys --> c:\windows\system32\drivers\hppdbulkio.sys [?]
R3 KeyIso;CNG Key Isolation;c:\windows\system32\lsass.exe --> c:\windows\system32\lsass.exe [?]
R3 LitModeCtrl;LitModeCtrl;c:\program files\Lenovo\Power Dial\LitModeCtrl.exe [7/20/2010 2:33 PM 81920]
R3 lvlddrv;Lenovo DsplyFltDrv Filter Driver;c:\windows\system32\DRIVERS\lvlddrv.sys --> c:\windows\system32\DRIVERS\lvlddrv.sys [?]
R3 MBAMProtector;MBAMProtector;\??\c:\windows\system32\drivers\mbam.sys --> c:\windows\system32\drivers\mbam.sys [?]
R3 monitor;Microsoft Monitor Class Function Driver Service;c:\windows\system32\DRIVERS\monitor.sys --> c:\windows\system32\DRIVERS\monitor.sys [?]
R3 mpsdrv;Windows Firewall Authorization Driver;c:\windows\system32\drivers\mpsdrv.sys --> c:\windows\system32\drivers\mpsdrv.sys [?]
R3 mrxsmb10;SMB 1.x MiniRedirector;c:\windows\system32\DRIVERS\mrxsmb10.sys --> c:\windows\system32\DRIVERS\mrxsmb10.sys [?]
R3 mrxsmb20;SMB 2.0 MiniRedirector;c:\windows\system32\DRIVERS\mrxsmb20.sys --> c:\windows\system32\DRIVERS\mrxsmb20.sys [?]
R3 netprofm;Network List Service;c:\windows\System32\svchost.exe -k LocalService [7/13/2009 6:19 PM 20992]
R3 RasAgileVpn;WAN Miniport (IKEv2);c:\windows\system32\DRIVERS\AgileVpn.sys --> c:\windows\system32\DRIVERS\AgileVpn.sys [?]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys --> c:\windows\system32\Drivers\RtsUStor.sys [?]
R3 srv2;Server SMB 2.xxx Driver;c:\windows\system32\DRIVERS\srv2.sys --> c:\windows\system32\DRIVERS\srv2.sys [?]
R3 srvnet;srvnet;c:\windows\system32\DRIVERS\srvnet.sys --> c:\windows\system32\DRIVERS\srvnet.sys [?]
R3 TrustedInstaller;Windows Modules Installer;c:\windows\servicing\TrustedInstaller.exe [9/25/2011 9:37 AM 194048]
R3 tunnel;Microsoft Tunnel Miniport Adapter Driver;c:\windows\system32\DRIVERS\tunnel.sys --> c:\windows\system32\DRIVERS\tunnel.sys [?]
R3 umbus;UMBus Enumerator Driver;c:\windows\system32\drivers\umbus.sys --> c:\windows\system32\drivers\umbus.sys [?]
R3 WdiServiceHost;Diagnostic Service Host;c:\windows\System32\svchost.exe -k LocalService [7/13/2009 6:19 PM 20992]
R3 WdiSystemHost;Diagnostic System Host;c:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [7/13/2009 6:19 PM 20992]
S2 0220091323528877mcinstcleanup;McAfee Application Installer Cleanup (0220091323528877);c:\users\Peggy\AppData\Local\Temp\022009~1.EXE c:\progra~2\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\users\Peggy\AppData\Local\Temp\022009~1.EXE c:\progra~2\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [3/18/2010 2:27 PM 138576]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [9/17/2012 9:29 AM 701512]
S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [9/5/2013 10:34 AM 171680]
S3 1394ohci;1394 OHCI Compliant Host Controller;c:\windows\system32\drivers\1394ohci.sys --> c:\windows\system32\drivers\1394ohci.sys [?]
S3 AcpiPmi;ACPI Power Meter Driver;c:\windows\system32\drivers\acpipmi.sys --> c:\windows\system32\drivers\acpipmi.sys [?]
S3 adp94xx;adp94xx;c:\windows\system32\DRIVERS\adp94xx.sys --> c:\windows\system32\DRIVERS\adp94xx.sys [?]
S3 adpahci;adpahci;c:\windows\system32\DRIVERS\adpahci.sys --> c:\windows\system32\DRIVERS\adpahci.sys [?]
S3 amdsata;amdsata;c:\windows\system32\drivers\amdsata.sys --> c:\windows\system32\drivers\amdsata.sys [?]
S3 amdsbs;amdsbs;c:\windows\system32\DRIVERS\amdsbs.sys --> c:\windows\system32\DRIVERS\amdsbs.sys [?]
S3 AppID;AppID Driver;c:\windows\system32\drivers\appid.sys --> c:\windows\system32\drivers\appid.sys [?]
S3 AppIDSvc;Application Identity;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [7/13/2009 6:19 PM 20992]
S3 arcsas;arcsas;c:\windows\system32\DRIVERS\arcsas.sys --> c:\windows\system32\DRIVERS\arcsas.sys [?]
S3 b06bdrv;Broadcom NetXtreme II VBD;c:\windows\system32\DRIVERS\bxvbda.sys --> c:\windows\system32\DRIVERS\bxvbda.sys [?]
S3 b57nd60a;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60a.sys --> c:\windows\system32\DRIVERS\b57nd60a.sys [?]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE [6/11/2012 3:22 PM 240208]
S3 BDESVC;BitLocker Drive Encryption Service;c:\windows\System32\svchost.exe -k netsvcs [7/13/2009 6:19 PM 20992]
S3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver;c:\windows\system32\DRIVERS\BrFiltLo.sys --> c:\windows\system32\DRIVERS\BrFiltLo.sys [?]
S3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver;c:\windows\system32\DRIVERS\BrFiltUp.sys --> c:\windows\system32\DRIVERS\BrFiltUp.sys [?]
S3 Brserid;Brother MFC Serial Port Interface Driver (WDM);c:\windows\system32\Drivers\Brserid.sys --> c:\windows\system32\Drivers\Brserid.sys [?]
S3 BrSerWdm;Brother WDM Serial driver;c:\windows\system32\Drivers\BrSerWdm.sys --> c:\windows\system32\Drivers\BrSerWdm.sys [?]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\Drivers\BrUsbMdm.sys --> c:\windows\system32\Drivers\BrUsbMdm.sys [?]
S3 circlass;Consumer IR Devices;c:\windows\system32\DRIVERS\circlass.sys --> c:\windows\system32\DRIVERS\circlass.sys [?]
S3 defragsvc;Disk Defragmenter;c:\windows\system32\svchost.exe -k defragsvc [7/13/2009 6:19 PM 20992]
S3 ebdrv;Broadcom NetXtreme II 10 GigE VBD;c:\windows\system32\DRIVERS\evbda.sys --> c:\windows\system32\DRIVERS\evbda.sys [?]
S3 elxstor;elxstor;c:\windows\system32\DRIVERS\elxstor.sys --> c:\windows\system32\DRIVERS\elxstor.sys [?]
S3 Filetrace;Filetrace;c:\windows\system32\drivers\filetrace.sys --> c:\windows\system32\drivers\filetrace.sys [?]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [9/18/2011 4:01 PM 1038088]
S3 FsDepends;File System Dependency Minifilter;c:\windows\system32\drivers\FsDepends.sys --> c:\windows\system32\drivers\FsDepends.sys [?]
S3 hcw85cir;Hauppauge Consumer Infrared Receiver;c:\windows\system32\drivers\hcw85cir.sys --> c:\windows\system32\drivers\hcw85cir.sys [?]
S3 HpSAMD;HpSAMD;c:\windows\system32\drivers\HpSAMD.sys --> c:\windows\system32\drivers\HpSAMD.sys [?]
S3 iaStorV;Intel RAID Controller Windows 7;c:\windows\system32\drivers\iaStorV.sys --> c:\windows\system32\drivers\iaStorV.sys [?]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe /V --> c:\windows\system32\IEEtwCollector.exe  [?]
S3 IPBusEnum;PnP-X IP Bus Enumerator;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [7/13/2009 6:19 PM 20992]
S3 IPMIDRV;IPMIDRV;c:\windows\system32\drivers\IPMIDrv.sys --> c:\windows\system32\drivers\IPMIDrv.sys [?]
S3 iScsiPrt;iScsiPort Driver;c:\windows\system32\drivers\msiscsi.sys --> c:\windows\system32\drivers\msiscsi.sys [?]
S3 KtmRm;KtmRm for Distributed Transaction Coordinator;c:\windows\System32\svchost.exe -k NetworkServiceAndNoImpersonation [7/13/2009 6:19 PM 20992]
S3 lltdsvc;Link-Layer Topology Discovery Mapper;c:\windows\System32\svchost.exe -k LocalService [7/13/2009 6:19 PM 20992]
S3 LSI_FC;LSI_FC;c:\windows\system32\DRIVERS\lsi_fc.sys --> c:\windows\system32\DRIVERS\lsi_fc.sys [?]
S3 LSI_SAS;LSI_SAS;c:\windows\system32\DRIVERS\lsi_sas.sys --> c:\windows\system32\DRIVERS\lsi_sas.sys [?]
S3 LSI_SAS2;LSI_SAS2;c:\windows\system32\DRIVERS\lsi_sas2.sys --> c:\windows\system32\DRIVERS\lsi_sas2.sys [?]
S3 LSI_SCSI;LSI_SCSI;c:\windows\system32\DRIVERS\lsi_scsi.sys --> c:\windows\system32\DRIVERS\lsi_scsi.sys [?]
S3 megasas;megasas;c:\windows\system32\DRIVERS\megasas.sys --> c:\windows\system32\DRIVERS\megasas.sys [?]
S3 mpio;Microsoft Multi-Path Bus Driver;c:\windows\system32\drivers\mpio.sys --> c:\windows\system32\drivers\mpio.sys [?]
S3 msdsm;Microsoft Multi-Path Device Specific Module;c:\windows\system32\drivers\msdsm.sys --> c:\windows\system32\drivers\msdsm.sys [?]
S3 mshidkmdf;Pass-through HID to KMDF Filter Driver;c:\windows\system32\drivers\mshidkmdf.sys --> c:\windows\system32\drivers\mshidkmdf.sys [?]
S3 MsRPC;MsRPC;c:\windows\system32\drivers\MsRPC.sys --> c:\windows\system32\drivers\MsRPC.sys [?]
S3 MTConfig;Microsoft Input Configuration Driver;c:\windows\system32\DRIVERS\MTConfig.sys --> c:\windows\system32\DRIVERS\MTConfig.sys [?]
S3 NativeWifiP;NativeWiFi Filter;c:\windows\system32\DRIVERS\nwifi.sys --> c:\windows\system32\DRIVERS\nwifi.sys [?]
S3 NdisCap;NDIS Capture LightWeight Filter;c:\windows\system32\DRIVERS\ndiscap.sys --> c:\windows\system32\DRIVERS\ndiscap.sys [?]
S3 nfrd960;nfrd960;c:\windows\system32\DRIVERS\nfrd960.sys --> c:\windows\system32\DRIVERS\nfrd960.sys [?]
S3 nvstor;nvstor;c:\windows\system32\drivers\nvstor.sys --> c:\windows\system32\drivers\nvstor.sys [?]
S3 PerfHost;Performance Counter DLL Host;c:\windows\SysWOW64\perfhost.exe [7/13/2009 6:11 PM 20992]
S3 pla;Performance Logs & Alerts;c:\windows\System32\svchost.exe -k LocalServiceNoNetwork [7/13/2009 6:19 PM 20992]
S3 PNRPAutoReg;PNRP Machine Name Publication Service;c:\windows\System32\svchost.exe -k LocalServicePeerNet [7/13/2009 6:19 PM 20992]
S3 ql2300;ql2300;c:\windows\system32\DRIVERS\ql2300.sys --> c:\windows\system32\DRIVERS\ql2300.sys [?]
S3 ql40xx;ql40xx;c:\windows\system32\DRIVERS\ql40xx.sys --> c:\windows\system32\DRIVERS\ql40xx.sys [?]
S3 rdpbus;Remote Desktop Device Redirector Bus Driver;c:\windows\system32\DRIVERS\rdpbus.sys --> c:\windows\system32\DRIVERS\rdpbus.sys [?]
S3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;c:\windows\system32\DRIVERS\Rtnic64.sys --> c:\windows\system32\DRIVERS\Rtnic64.sys [?]
S3 scfilter;Smart card PnP Class Filter Driver;c:\windows\system32\DRIVERS\scfilter.sys --> c:\windows\system32\DRIVERS\scfilter.sys [?]
S3 SDRSVC;Windows Backup;c:\windows\system32\svchost.exe -k SDRSVC [7/13/2009 6:19 PM 20992]
S3 SensrSvc;Adaptive Brightness;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [7/13/2009 6:19 PM 20992]
S3 sffp_mmc;SFF Storage Protocol Driver for MMC;c:\windows\system32\drivers\sffp_mmc.sys --> c:\windows\system32\drivers\sffp_mmc.sys [?]
S3 SiSRaid4;SiSRaid4;c:\windows\system32\DRIVERS\sisraid4.sys --> c:\windows\system32\DRIVERS\sisraid4.sys [?]
S3 Smb;Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session);c:\windows\system32\DRIVERS\smb.sys --> c:\windows\system32\DRIVERS\smb.sys [?]
S3 sppuinotify;SPP Notification Service;c:\windows\system32\svchost.exe -k LocalService [7/13/2009 6:19 PM 20992]
S3 stexstor;stexstor;c:\windows\system32\DRIVERS\stexstor.sys --> c:\windows\system32\DRIVERS\stexstor.sys [?]
S3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys --> c:\windows\system32\DRIVERS\SWDUMon.sys [?]
S3 TBS;TPM Base Services;c:\windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [7/13/2009 6:19 PM 20992]
S3 THREADORDER;Thread Ordering Server;c:\windows\system32\svchost.exe -k LocalService [7/13/2009 6:19 PM 20992]
S3 tssecsrv;Remote Desktop Services Security Filter Driver;c:\windows\system32\DRIVERS\tssecsrv.sys --> c:\windows\system32\DRIVERS\tssecsrv.sys [?]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys --> c:\windows\system32\drivers\tsusbflt.sys [?]
S3 UI0Detect;Interactive Services Detection;c:\windows\system32\UI0Detect.exe --> c:\windows\system32\UI0Detect.exe [?]
S3 uliagpkx;Uli AGP Bus Filter;c:\windows\system32\drivers\uliagpkx.sys --> c:\windows\system32\drivers\uliagpkx.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys --> c:\windows\system32\Drivers\usbaapl64.sys [?]
S3 usbcir;eHome Infrared Receiver (USBCIR);c:\windows\system32\drivers\usbcir.sys --> c:\windows\system32\drivers\usbcir.sys [?]
S3 VaultSvc;Credential Manager;c:\windows\system32\lsass.exe --> c:\windows\system32\lsass.exe [?]
S3 vhdmp;vhdmp;c:\windows\system32\drivers\vhdmp.sys --> c:\windows\system32\drivers\vhdmp.sys [?]
S3 vsmraid;vsmraid;c:\windows\system32\DRIVERS\vsmraid.sys --> c:\windows\system32\DRIVERS\vsmraid.sys [?]
S3 vwifibus;Virtual WiFi Bus Driver;c:\windows\system32\drivers\vwifibus.sys --> c:\windows\system32\drivers\vwifibus.sys [?]
S3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\DRIVERS\wacompen.sys --> c:\windows\system32\DRIVERS\wacompen.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe --> c:\windows\system32\Wat\WatAdminSvc.exe [?]
S3 wbengine;Block Level Backup Engine Service;"c:\windows\system32\wbengine.exe" --> c:\windows\system32\wbengine.exe [?]
S3 WbioSrvc;Windows Biometric Service;c:\windows\system32\svchost.exe -k WbioSvcGroup [7/13/2009 6:19 PM 20992]
S3 wcncsvc;Windows Connect Now - Config Registrar;c:\windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [7/13/2009 6:19 PM 20992]
S3 WcsPlugInService;Windows Color System;c:\windows\system32\svchost.exe -k wcssvc [7/13/2009 6:19 PM 20992]
S3 Wd;Wd;c:\windows\system32\DRIVERS\wd.sys --> c:\windows\system32\DRIVERS\wd.sys [?]
S3 Wecsvc;Windows Event Collector;c:\windows\system32\svchost.exe -k NetworkService [7/13/2009 6:19 PM 20992]
S3 wercplsupport;Problem Reports and Solutions Control Panel Support;c:\windows\System32\svchost.exe -k netsvcs [7/13/2009 6:19 PM 20992]
S3 WerSvc;Windows Error Reporting Service;c:\windows\System32\svchost.exe -k WerSvcGroup [7/13/2009 6:19 PM 20992]
S3 WIMMount;WIMMount;c:\windows\System32\drivers\wimmount.sys [7/13/2009 6:17 PM 19008]
S3 Wlansvc;WLAN AutoConfig;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [7/13/2009 6:19 PM 20992]
S3 WPCSvc;Parental Controls;c:\windows\system32\svchost.exe -k LocalServiceNetworkRestricted [7/13/2009 6:19 PM 20992]
S3 WPDBusEnum;Portable Device Enumerator Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [7/13/2009 6:19 PM 20992]
S3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys --> c:\windows\system32\DRIVERS\wsvd.sys [?]
S3 WwanSvc;WWAN AutoConfig;c:\windows\system32\svchost.exe -k LocalServiceNoNetwork [7/13/2009 6:19 PM 20992]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys --> c:\windows\system32\DRIVERS\yk62x64.sys [?]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [7/13/2009 3:37 PM 89920]
S4 Mcx2Svc;Media Center Extender Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [7/13/2009 6:19 PM 20992]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork    REG_MULTI_SZ       PLA
LocalServiceAndNoImpersonation    REG_MULTI_SZ       SSDPSRV upnphost SCardSvr TBS QWAVE wcncsvc
DcomLaunch    REG_MULTI_SZ       Power PlugPlay DcomLaunch
wcssvc    REG_MULTI_SZ       WcsPlugInService
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
NETSVCS REQUIRES REPAIRS - current entries shown
FastUserSwitchingCompatibility
Ias
Irmon
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
SENS
Sharedaccess
SRService
Tapisrv
Wmi
WmdmPmSp
LogonHours
PCAudit
helpsvc
uploadmgr
.
Rebuilding ... You need to reboot your machine for this to take effect.
.
eventsystem
iprip
netman
wzcsvc
ip6fwhlp
WmdmPmSN
UxTuneUp
AeLookupSvc
Appinfo
BDESVC
BITS
Browser
EapHost
hkmsvc
IKEEXT
LanmanServer
MMCSS
ProfSvc
Schedule
seclogon
ShellHWDetection
Themes
wercplsupport
Winmgmt
wuauserv
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
2009-07-14 01:14    278528    ----a-w-    c:\windows\System32\unregmp2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
2009-07-14 01:14    44544    ----a-w-    c:\windows\SysWOW64\rundll32.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-20 21:02]
.
2013-12-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-12-09 16:38]
.
2013-12-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-12-09 16:38]
.
2013-12-22 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 26ad6d12-aeb1-4ab8-b651-db05cb194a43.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-10-10 22:55]
.
2013-12-20 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 7962bf2f-50f9-409c-822a-5918c3928f3b.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-10-10 22:55]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://bing.com/
uInternet Settings,ProxyOverride = *.local;<local>
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\Peggy\AppData\Roaming\Mozilla\Firefox\Profiles\d88lmkb3.default\
FF - prefs.js: browser.startup.homepage - bing.com
FF - prefs.js: network.proxy.type - 4
FF - ExtSQL: 2013-11-21 14:51; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - ExtSQL: 2013-12-03 09:45; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
.
.
------- File Associations -------
.
inffile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
VBEFile=%SystemRoot%\SysWow64\WScript.exe "%1" %*
VBSFile=%SystemRoot%\SysWow64\WScript.exe "%1" %*
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{4d87b7a7-23f1-470c-aa45-96b25b9bd138} - (no file)
HKCU-Run-MobileDocuments - c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe
c:\users\Peggy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\JL Alpine Advent Calendar.lnk - c:\program files (x86)\JL Alpine Advent Calendar\JL Alpine Advent Calendar.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
SafeBoot-sacsvr
SafeBoot-vmms
HKLM_ActiveSetup-{44BBA840-CC51-11CF-AAFA-00AA00B6015C} - c:\program files (x86)\Windows Mail\WinMail.exe OCInstallUserConfigOE
AddRemove-Eusing Free Registry Cleaner - c:\progra~2\EUSING~1\UNWISE.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-12-22 07:37
Windows 6.1.7601 Service Pack 1 WOW64 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 47, ZwQueryKey 0 != 19, ZwOpenKey 0 != 15, ZwClose 0 != 12, ZwEnumerateValueKey 0 != 16, ZwQueryValueKey 0 != 20, ZwOpenFile 0 != 48, ZwQueryDirectoryFile 0 != 50, ZwQuerySystemInformation 0 != 51Initialization error
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-12-22 07:37
Windows 6.1.7601 Service Pack 1 WOW64 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 47, ZwQueryKey 0 != 19, ZwOpenKey 0 != 15, ZwClose 0 != 12, ZwEnumerateValueKey 0 != 16, ZwQueryValueKey 0 != 20, ZwOpenFile 0 != 48, ZwQueryDirectoryFile 0 != 50, ZwQuerySystemInformation 0 != 51Initialization error
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-12-22 07:37
Windows 6.1.7601 Service Pack 1 WOW64 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 47, ZwQueryKey 0 != 19, ZwOpenKey 0 != 15, ZwClose 0 != 12, ZwEnumerateValueKey 0 != 16, ZwQueryValueKey 0 != 20, ZwOpenFile 0 != 48, ZwQueryDirectoryFile 0 != 50, ZwQuerySystemInformation 0 != 51Initialization error
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-12-22 07:37
Windows 6.1.7601 Service Pack 1 WOW64 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 47, ZwQueryKey 0 != 19, ZwOpenKey 0 != 15, ZwClose 0 != 12, ZwEnumerateValueKey 0 != 16, ZwQueryValueKey 0 != 20, ZwOpenFile 0 != 48, ZwQueryDirectoryFile 0 != 50, ZwQuerySystemInformation 0 != 51Initialization error
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-12-22 07:37
Windows 6.1.7601 Service Pack 1 WOW64 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 47, ZwQueryKey 0 != 19, ZwOpenKey 0 != 15, ZwClose 0 != 12, ZwEnumerateValueKey 0 != 16, ZwQueryValueKey 0 != 20, ZwOpenFile 0 != 48, ZwQueryDirectoryFile 0 != 50, ZwQuerySystemInformation 0 != 51Initialization error
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-12-22 07:37
Windows 6.1.7601 Service Pack 1 WOW64 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 47, ZwQueryKey 0 != 19, ZwOpenKey 0 != 15, ZwClose 0 != 12, ZwEnumerateValueKey 0 != 16, ZwQueryValueKey 0 != 20, ZwOpenFile 0 != 48, ZwQueryDirectoryFile 0 != 50, ZwQuerySystemInformation 0 != 51Initialization error
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-12-22 07:37
Windows 6.1.7601 Service Pack 1 WOW64 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 47, ZwQueryKey 0 != 19, ZwOpenKey 0 != 15, ZwClose 0 != 12, ZwEnumerateValueKey 0 != 16, ZwQueryValueKey 0 != 20, ZwOpenFile 0 != 48, ZwQueryDirectoryFile 0 != 50, ZwQuerySystemInformation 0 != 51Initialization error
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-12-22 07:37
Windows 6.1.7601 Service Pack 1 WOW64 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 47, ZwQueryKey 0 != 19, ZwOpenKey 0 != 15, ZwClose 0 != 12, ZwEnumerateValueKey 0 != 16, ZwQueryValueKey 0 != 20, ZwOpenFile 0 != 48, ZwQueryDirectoryFile 0 != 50, ZwQuerySystemInformation 0 != 51Initialization error
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-12-22 07:37
Windows 6.1.7601 Service Pack 1 WOW64 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 47, ZwQueryKey 0 != 19, ZwOpenKey 0 != 15, ZwClose 0 != 12, ZwEnumerateValueKey 0 != 16, ZwQueryValueKey 0 != 20, ZwOpenFile 0 != 48, ZwQueryDirectoryFile 0 != 50, ZwQuerySystemInformation 0 != 51Initialization error
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-12-22 07:37
Windows 6.1.7601 Service Pack 1 WOW64 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 47, ZwQueryKey 0 != 19, ZwOpenKey 0 != 15, ZwClose 0 != 12, ZwEnumerateValueKey 0 != 16, ZwQueryValueKey 0 != 20, ZwOpenFile 0 != 48, ZwQueryDirectoryFile 0 != 50, ZwQuerySystemInformation 0 != 51Initialization error
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-12-22 07:37
Windows 6.1.7601 Service Pack 1 WOW64 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 47, ZwQueryKey 0 != 19, ZwOpenKey 0 != 15, ZwClose 0 != 12, ZwEnumerateValueKey 0 != 16, ZwQueryValueKey 0 != 20, ZwOpenFile 0 != 48, ZwQueryDirectoryFile 0 != 50, ZwQuerySystemInformation 0 != 51Initialization error
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files:
.
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files (x86)\Intuit\QuickBooks 2011\QBW32.EXE
c:\program files (x86)\OpenOffice.org 3\program\soffice.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.bin
.
**************************************************************************
.
Completion time: 2013-12-22  09:40:41 - machine was rebooted
ComboFix-quarantined-files.txt  2013-12-22 14:40
.
Pre-Run: 639,226,363,904 bytes free
Post-Run: 638,599,397,376 bytes free
.
- - End Of File - - A9FC7DDF1002B465820646B8137EA766
 

 

In terms of how the computer is doing....  I did not reboot but I can tell you that the browser opened much more quickly to bing as the home page.  When I went to several sites they loaded quickly.  Some sites still hang up and I don't know if this makes any sense, but they seem to be sites I have bookmarked that came originally from a google search or sites I visited a lot.  I don't know if that is helpful, but for what it's worth.  Would not log into google - just timed out on the new tab page.  Also started resisting other sites the longer I opened things.  Let me know if you need more info or what else I need to do.  Should I reboot at this point?



#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:44 PM

Posted 22 December 2013 - 11:30 AM


Hello drpeggyp

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache::


 
Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
CFScriptB-4.gif
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
    • report from Combofix
    • let me know of any problems you may have had
    • How is the computer doing now after running the script?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 drpeggyp

drpeggyp
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Atlanta, GA
  • Local time:11:44 PM

Posted 22 December 2013 - 04:02 PM

Gringo,

 

I had no problems running combfix this time and I did need to resume windows when it was complete.  Here is the log.

 

.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1AMPCBOK]
@="{04cd1f3e-81d5-4904-a3ab-e0f99a7d769d}"
[HKEY_CLASSES_ROOT\CLSID\{04cd1f3e-81d5-4904-a3ab-e0f99a7d769d}]
2010-11-05 01:58    297808    ----a-w-    c:\windows\System32\mscoree.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-11-10 3514176]
"Akamai NetSession Interface"="c:\users\Peggy\AppData\Local\Akamai\netsession_win.exe" [2013-06-05 4489472]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-11-14 20584608]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-12-20 6563096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"jmekey"="c:\program files (x86)\jmesoft\hotkey.exe" [2009-07-16 114688]
"ModeSwitch"="c:\program files\Lenovo\Power Dial\LitModeSwitch.exe" [2009-09-27 163840]
"Healthcare"="c:\program files\Lenovo\HealthCare\HealthCare.exe" [2009-09-28 827392]
"CLMLServer"="c:\program files (x86)\Lenovo\Power2Go\CLMLSvc.exe" [2009-06-04 103720]
"UpdateP2GoShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"SetDefaultSCR"="c:\program files (x86)\Lenovo\Lenovo Screensaver\SetDefaultSCR.exe" [2009-12-31 102400]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-09-30 2215768]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe" [2013-09-05 3478392]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-11-02 152392]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2013-12-03 3568312]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
c:\users\Peggy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
WePrint Server.lnk - c:\program files (x86)\WePrint\WePrint Server.exe [2012-4-4 3521672]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Intuit Data Protect.lnk - c:\program files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe /Startup [2010-8-25 5969752]
QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2011-11-9 1156968]
QuickBooks_Standard_21.lnk - c:\program files (x86)\Intuit\QuickBooks 2011\QBW32.EXE -silent [2011-11-9 1178984]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 0220091323528877mcinstcleanup;McAfee Application Installer Cleanup (0220091323528877);c:\users\Peggy\AppData\Local\Temp\022009~1.EXE;c:\users\Peggy\AppData\Local\Temp\022009~1.EXE [x]
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 LitModeCtrl;LitModeCtrl;c:\program files\Lenovo\Power Dial\LitModeCtrl.exe;c:\program files\Lenovo\Power Dial\LitModeCtrl.exe [x]
R3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;c:\windows\system32\DRIVERS\Rtnic64.sys;c:\windows\SYSNATIVE\DRIVERS\Rtnic64.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys;c:\windows\SYSNATIVE\DRIVERS\Rts516xIR.sys [x]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys;c:\windows\SYSNATIVE\DRIVERS\SWDUMon.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
S0 ALvldr;ALvldr;c:\windows\system32\DRIVERS\ALvldr.sys;c:\windows\SYSNATIVE\DRIVERS\ALvldr.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S1 aswNdisFlt;Avast! Firewall Driver;c:\windows\system32\DRIVERS\aswNdisFlt.sys;c:\windows\SYSNATIVE\DRIVERS\aswNdisFlt.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 dqBridge;dqBridge;c:\windows\system32\DRIVERS\dqbridge.sys;c:\windows\SYSNATIVE\DRIVERS\dqbridge.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys;c:\windows\SYSNATIVE\drivers\aswFsBlk.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe;c:\program files\AVAST Software\Avast\afwServ.exe [x]
S2 CEEBC40A-FDED-4C59-B354-939132350B01;Roxio File Backup Service;c:\program files (x86)\Roxio\BackOnTrack\File Backup\FileBackupSVC.exe;c:\program files (x86)\Roxio\BackOnTrack\File Backup\FileBackupSVC.exe [x]
S2 File Backup;File Backup Service;c:\program files (x86)\Workspace\offSyncService.exe;c:\program files (x86)\Workspace\offSyncService.exe [x]
S2 HP LaserJet Service;HP LaserJet Service;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [x]
S2 LavasoftAdAwareService11;Ad-Aware Service 11;c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\AdAwareService.exe;c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\AdAwareService.exe [x]
S2 LenovoCOMSvc;LenovoCOMService;c:\program files\Lenovo\Power Dial\LenovoCOMSvc.exe;c:\program files\Lenovo\Power Dial\LenovoCOMSvc.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [x]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 QBVSS;QBIDPService;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x]
S2 ScrProj;Lenovo USB Display Screen Projector;c:\program files\Lenovo\L2230x Wide USB Port Replicator Monitor\dqscrproj.exe;c:\program files\Lenovo\L2230x Wide USB Port Replicator Monitor\dqscrproj.exe [x]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 WinI2C-DDC;WinI2C-DDC Kernel Mode Driver;c:\windows\system32\drivers\DDCDrv.sys;c:\windows\SYSNATIVE\drivers\DDCDrv.sys [x]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [x]
S3 dqusb;Driver for ThinkPad USB port rep;c:\windows\system32\DRIVERS\dqusb.sys;c:\windows\SYSNATIVE\DRIVERS\dqusb.sys [x]
S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1k62x64.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 HPFXBULKLEDM;HPFXBULKLEDM;c:\windows\system32\drivers\hppdbulkio.sys;c:\windows\SYSNATIVE\drivers\hppdbulkio.sys [x]
S3 lvlddrv;Lenovo DsplyFltDrv Filter Driver;c:\windows\system32\DRIVERS\lvlddrv.sys;c:\windows\SYSNATIVE\DRIVERS\lvlddrv.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
eventsystem
iprip
netman
wzcsvc
ip6fwhlp
WmdmPmSN
UxTuneUp
Appinfo
BDESVC
Browser
EapHost
hkmsvc
IKEEXT
MMCSS
ProfSvc
seclogon
Themes
wercplsupport
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-20 21:02]
.
2013-12-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-12-09 16:38]
.
2013-12-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-12-09 16:38]
.
2013-12-22 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 26ad6d12-aeb1-4ab8-b651-db05cb194a43.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-10-10 22:55]
.
2013-12-20 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 7962bf2f-50f9-409c-822a-5918c3928f3b.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-10-10 22:55]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-12-03 14:45    326944    ----a-w-    c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1AMPCBOK]
@="{04cd1f3e-81d5-4904-a3ab-e0f99a7d769d}"
[HKEY_CLASSES_ROOT\CLSID\{04cd1f3e-81d5-4904-a3ab-e0f99a7d769d}]
2010-11-05 01:57    444752    ----a-w-    c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\off0]
@="{8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5}"
[HKEY_CLASSES_ROOT\CLSID\{8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5}]
2012-07-23 13:21    1308432    ----a-w-    c:\program files (x86)\Workspace\offsyncext64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\off1]
@="{8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5}"
[HKEY_CLASSES_ROOT\CLSID\{8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5}]
2012-07-23 13:21    1308432    ----a-w-    c:\program files (x86)\Workspace\offsyncext64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-05 8060960]
"Lenovo dCute"="c:\program files\Lenovo\L2230x Wide USB Port Replicator Monitor\dCute.exe" [2010-05-11 696832]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2011-09-16 57928]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
"AdAwareTray"="c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\AdAwareTray.exe" [2013-12-11 3987288]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://bing.com/
uLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\Peggy\AppData\Roaming\Mozilla\Firefox\Profiles\d88lmkb3.default\
FF - prefs.js: browser.startup.homepage - bing.com
FF - prefs.js: network.proxy.type - 4
FF - ExtSQL: 2013-11-21 14:51; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - ExtSQL: 2013-12-03 09:45; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{4d87b7a7-23f1-470c-aa45-96b25b9bd138} - (no file)
HKLM-Run-Unattend0000000001{BFA3D12B-66DD-4617-923A-E864BC7D20B5} - c:\windows\test.bat
AddRemove-ROES.whcc - c:\windows\system32\javaws.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
.
**************************************************************************
.
Completion time: 2013-12-22  15:42:16 - machine was rebooted
ComboFix-quarantined-files.txt  2013-12-22 20:42
ComboFix2.txt  2013-12-22 14:40
.
Pre-Run: 638,748,315,648 bytes free
Post-Run: 638,703,284,224 bytes free
.
- - End Of File - - 7162558EC1ADF729B7411A8ECFF9E538
 

 

The browser opened very quickly and the bleepingcomputer site loaded much more quickly.  After I open a view websites, things seem to slow way down again and some sites won't load but it's not consistent.  I haven't reboot yet.  I cannot load google. Stays at empty tab



#11 drpeggyp

drpeggyp
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Atlanta, GA
  • Local time:11:44 PM

Posted 22 December 2013 - 04:12 PM

I re started the computer and all of the above is still true. 


Also, desktop is black behind icons.  All windows desktops are gone from selection.  THey are all black.


Edited by drpeggyp, 22 December 2013 - 04:14 PM.


#12 drpeggyp

drpeggyp
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Atlanta, GA
  • Local time:11:44 PM

Posted 24 December 2013 - 08:06 AM

Gringo,

 

Happy Christmas Eve (or whatever holiday you may celebrate)!  I just had a thought I wanted to share for whenever we get back to this after the holidays.  I logged into my comcast network on the laptop and can't get google there either.  When I am on my verizon wifi network the laptop works fine.  Is it possible the virus has altered the isp network connection?  Just a thought from the virus/malware uneducated.  Thanks again for all your help and I am confident we will get this fixed,  You all are awesome and I hope you all have a wonderful holiday.



#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:44 PM

Posted 24 December 2013 - 11:19 AM


Create and Run Batch File
  • Open Notepad and copy/paste the entire contents of the codebox below, into Notepad:

@echo off
>Log1.txt (
ipconfig /all
nslookup google.com
nslookup yahoo.com
ping -n 2 google.com
ping -n 2 yahoo.com
route print
)
start Log1.txt
del %0
  • Save this as router.bat Choose to Save type as - All Files and where to save - Desktop - then close the Notepad file.

    It should look like this: batfileicon.gif <--XP
    Double-click on router.bat to run it. it will open notepad when done please post back the results

gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 drpeggyp

drpeggyp
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Atlanta, GA
  • Local time:11:44 PM

Posted 24 December 2013 - 03:21 PM

Here it is.

 

Windows IP Configuration

   Host Name . . . . . . . . . . . . : Peggy-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : hsd1.ga.comcast.net.

Ethernet adapter Local Area Connection 3:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Lenovo Remote 10M/100M USB Ethernet Device for USB Monitor #2
   Physical Address. . . . . . . . . : 00-24-67-30-04-A3
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . : hsd1.ga.comcast.net.
   Description . . . . . . . . . . . : Intel® 82578DC Gigabit Network Connection
   Physical Address. . . . . . . . . : 90-FB-A6-1D-C3-DB
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2601:0:9c00:3f8:4818:a30f:1068:495f(Preferred)
   Temporary IPv6 Address. . . . . . : 2601:0:9c00:3f8:ecf5:f131:ace:8e10(Preferred)
   Link-local IPv6 Address . . . . . : fe80::4818:a30f:1068:495f%10(Preferred)
   IPv4 Address. . . . . . . . . . . : 10.0.0.2(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Sunday, December 22, 2013 4:04:50 PM
   Lease Expires . . . . . . . . . . : Tuesday, December 31, 2013 2:23:58 PM
   Default Gateway . . . . . . . . . : fe80::21d:d0ff:fe64:4c71%10
                                       10.0.0.1
   DHCP Server . . . . . . . . . . . : 10.0.0.1
   DHCPv6 IAID . . . . . . . . . . . : 244382630
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-D7-AE-23-90-FB-A6-1D-C3-DB
   DNS Servers . . . . . . . . . . . : 2001:558:feed::1
                                       2001:558:feed::2
                                       75.75.75.75
                                       75.75.76.76
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.hsd1.ga.comcast.net.:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : hsd1.ga.comcast.net.
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{535B0B01-3D48-4A1D-8239-147360B7855A}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:f1:3cd:b396:9a8d(Preferred)
   Link-local IPv6 Address . . . . . : fe80::f1:3cd:b396:9a8d%12(Preferred)
   Default Gateway . . . . . . . . . :
   NetBIOS over Tcpip. . . . . . . . : Disabled
DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  2001:558:feed::1

DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  2001:558:feed::1

DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.

Pinging google.com [2607:f8b0:4002:c07::8b] with 32 bytes of data:
Request timed out.
Request timed out.

Ping statistics for 2607:f8b0:4002:c07::8b:
    Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),

Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=77ms TTL=51
Reply from 98.139.183.24: bytes=32 time=55ms TTL=49

Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 55ms, Maximum = 77ms, Average = 66ms
===========================================================================
Interface List
 14...00 24 67 30 04 a3 ......Lenovo Remote 10M/100M USB Ethernet Device for USB Monitor #2
 10...90 fb a6 1d c3 db ......Intel® 82578DC Gigabit Network Connection
  1...........................Software Loopback Interface 1
 16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
 12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0         10.0.0.1         10.0.0.2     10
         10.0.0.0    255.255.255.0         On-link          10.0.0.2    266
         10.0.0.2  255.255.255.255         On-link          10.0.0.2    266
       10.0.0.255  255.255.255.255         On-link          10.0.0.2    266
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link          10.0.0.2    266
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link          10.0.0.2    266
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 10    266 ::/0                     fe80::21d:d0ff:fe64:4c71
  1    306 ::1/128                  On-link
 12     58 2001::/32                On-link
 12    306 2001:0:9d38:6ab8:f1:3cd:b396:9a8d/128
                                    On-link
 10     18 2601:0:9c00:3f8::/64     On-link
 10    266 2601:0:9c00:3f8:4818:a30f:1068:495f/128
                                    On-link
 10    266 2601:0:9c00:3f8:ecf5:f131:ace:8e10/128
                                    On-link
 10    266 fe80::/64                On-link
 12    306 fe80::/64                On-link
 12    306 fe80::f1:3cd:b396:9a8d/128
                                    On-link
 10    266 fe80::4818:a30f:1068:495f/128
                                    On-link
  1    306 ff00::/8                 On-link
 12    306 ff00::/8                 On-link
 10    266 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
 



#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:44 PM

Posted 24 December 2013 - 08:53 PM

Hello

I would like you to setup the routers DNS to open DNS and see if it helps

You can see how to do this here - https://store.opendns.com/setup/router/

Just select your router and use the same settings.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users