Need help with Scorpion Saver and Level Quality Watcher

[GrannySlammy]

Using Windows Uninstaller, AdwCleaner, and Malwarebytes, I tried removing Scorpion Saver and Level Quality Watcher, but now it's down to Malwarebytes' saying there are no infected files, while I can manually scroll down through Program Files and find folders and files for both still leftover.

 

I obviously needed help from the start (when will I learn?). I know just about enough about my computer to be dangerous, I guess.  Could I ask for step-by-step help in finally getting rid of this evil stuff? 

 

I am running Windows 8 64-bit on a Lenovo dual-core Idea Pad Z580.

 

Thanks ever so much,

Granny 

[Maniac]

Hello Granny and ! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

• If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
• I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
• Make sure you read all of the instructions and fixes thoroughly before continuing with them.
• Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
• Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
• Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

Please follow the instructions here and then post your log files in a new reply in this thread:

http://forums.malwarebytes.org/index.php?showtopic=9573

[GrannySlammy]

Hi!

 

I am not at all sure I'm doing the right thing by posting this here. I posted a plea for help under a different topic title, and Maniac answered me, directing me to the instructions to download and run dds.com or dds.scr; however, I got confused as to where to post this follow-up (there were two different prompts as to where I should post my reply).  Please forgive me if this is totally wrong!  :-/

 

First, I want to tell you that while I’ve been completing these steps offered to me, I’ve been receiving little flags from MBAM that alert me to its having blocked a potentially malicious website, even though I have not had any browser open during most of that time.  I copied and pasted Mbam’s log file about this here, for you to see it, in case it helps:

 

2013/12/03 18:53:39 -0600     TBSLENOVO            Tita      MESSAGE     Executing scheduled update:  Daily

2013/12/03 18:53:40 -0600     TBSLENOVO            Tita      ERROR          Scheduled update failed:  No address found failed with error code 0

2013/12/03 19:55:40 -0600     TBSLENOVO            Tita      IP-BLOCK     174.129.20.145 (Type: outgoing, Port: 50748, Process: chrome.exe)

2013/12/03 19:55:40 -0600     TBSLENOVO            Tita      IP-BLOCK     174.129.20.145 (Type: outgoing, Port: 50750, Process: chrome.exe)

2013/12/03 19:55:40 -0600     TBSLENOVO            Tita      IP-BLOCK     174.129.20.145 (Type: outgoing, Port: 50751, Process: chrome.exe)

2013/12/03 19:55:48 -0600     TBSLENOVO            Tita      IP-BLOCK     174.129.20.145 (Type: outgoing, Port: 50752, Process: chrome.exe)

2013/12/03 19:56:04 -0600     TBSLENOVO            Tita      IP-BLOCK     174.129.20.145 (Type: outgoing, Port: 50753, Process: chrome.exe)

2013/12/03 19:56:36 -0600     TBSLENOVO            Tita      IP-BLOCK     174.129.20.145 (Type: outgoing, Port: 50757, Process: chrome.exe)

2013/12/03 19:57:41 -0600     TBSLENOVO            Tita      IP-BLOCK     174.129.20.145 (Type: outgoing, Port: 50763, Process: chrome.exe)

2013/12/03 19:59:41 -0600     TBSLENOVO            Tita      IP-BLOCK     174.129.20.145 (Type: outgoing, Port: 50773, Process: chrome.exe)

2013/12/03 20:03:57 -0600     TBSLENOVO            Tita      IP-BLOCK     174.129.20.145 (Type: outgoing, Port: 50793, Process: chrome.exe)

2013/12/03 20:12:14 -0600     TBSLENOVO            Tita      IP-BLOCK     174.129.20.145 (Type: outgoing, Port: 50865, Process: chrome.exe)

 

 

 

Okay, I followed your instructions and ran dds.scr.  Here are the two texts it produced:

 

 

This is the document called “attach.txt:”

 

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 8

Boot Device: \Device\HarddiskVolume2

Install Date: 6/5/2013 6:16:27 PM

System Uptime: 11/30/2013 9:15:29 PM (71 hours ago)

.

Motherboard: LENOVO |  | Lenovo         

Processor: Intel® Core i5-3210M CPU @ 2.50GHz | CPU Socket - U3E1 | 2501/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 651 GiB total, 585.527 GiB free.

D: is FIXED (NTFS) - 25 GiB total, 22.396 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {8a2edc79-c759-46f2-88af-9d4efe3b5eee}

Description: USB-IF xHCI USB Host Controller

Device ID: ROOT\UOIP_BUS_DRIVER\0000

Manufacturer: Intel Corporation

Name: USB-IF xHCI USB Host Controller

PNP Device ID: ROOT\UOIP_BUS_DRIVER\0000

Service: XHCIPort

.

==== System Restore Points ===================

.

RP34: 11/16/2013 7:34:34 PM - Removed Nitro Pro 7

RP35: 11/24/2013 3:22:18 AM - Scheduled Checkpoint

RP36: 11/28/2013 1:20:37 AM - Advanced System Protector

RP37: 11/29/2013 10:53:59 PM - RegClean Pro Fri, Nov 29, 13  22:53

.

==== Installed Programs ======================

.

Adobe Acrobat 9 Pro - English, Français, Deutsch

Adobe Acrobat 9.2.0 - CPSID_50026

Adobe Reader XI (11.0.05)

Advanced Driver Updater

Advanced System Protector

Akamai NetSession Interface

Amazon Browser App

Canon IJ Network Scan Utility

Canon IJ Network Tool

Canon MP560 series MP Drivers

CCleaner

Corel WordPerfect Suite 8

Definition Update for Microsoft Office 2013 (KB2760587) 64-Bit Edition

Dolby Home Theater v4

Dropbox

Energy Management

f.lux

FreeRide Games

Google Chrome

Google Update Helper

Intel AppUp(SM) center

Intel PROSet Wireless

Intel RSX 3D

Intel® Control Center

Intel® Manageability Engine Firmware Recovery Agent

Intel® Management Engine Components

Intel® Processor Graphics

Intel® Rapid Storage Technology

Intel® SDK for OpenCL - CPU Only Runtime Package

Intel® WiDi

Intel® PROSet/Wireless WiFi Software

Intel® Trusted Connect Service Client

Intelligent Touchpad

Lenovo Bluetooth with Enhanced Data Rate Software

Lenovo EasyCamera

Lenovo MuteSync

Lenovo OneKey Recovery

Lenovo Photos

Lenovo PowerDVD10

Lenovo YouCam

Malwarebytes Anti-Malware version 1.75.0.1300

Microsoft Access MUI (English) 2013

Microsoft Access Setup Metadata MUI (English) 2013

Microsoft DCF MUI (English) 2013

Microsoft Excel MUI (English) 2013

Microsoft Groove MUI (English) 2013

Microsoft InfoPath MUI (English) 2013

Microsoft Lync MUI (English) 2013

Microsoft Office 32-bit Components 2013

Microsoft Office OSM MUI (English) 2013

Microsoft Office OSM UX MUI (English) 2013

Microsoft Office Professional Plus 2013

Microsoft Office Proofing (English) 2013

Microsoft Office Proofing Tools 2013 - English

Microsoft Office Proofing Tools 2013 - Español

Microsoft Office Shared 32-bit MUI (English) 2013

Microsoft Office Shared MUI (English) 2013

Microsoft Office Shared Setup Metadata MUI (English) 2013

Microsoft OneNote MUI (English) 2013

Microsoft Outlook MUI (English) 2013

Microsoft PowerPoint MUI (English) 2013

Microsoft Publisher MUI (English) 2013

Microsoft VC9 runtime libraries

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

Microsoft Word MUI (English) 2013

Onekey Theater

OpenOffice.org 3.4.1

Outils de vérification linguistique 2013 de Microsoft Office - Français

Power2Go

Realtek Ethernet Controller Driver

Realtek High Definition Audio Driver

Realtek USB 2.0 Card Reader

Revo Uninstaller 1.95

ScorpionSaver

Secure Download Manager

Security Update for Microsoft Excel 2013 (KB2827238) 64-Bit Edition

Security Update for Microsoft Office 2013 (KB2768005) 64-Bit Edition

Security Update for Microsoft Office 2013 (KB2810009) 64-Bit Edition

Security Update for Microsoft Office 2013 (KB2817623) 64-Bit Edition

Security Update for Microsoft Outlook 2013 (KB2837618) 64-Bit Edition

Start Menu 8

SugarSync Manager

Synaptics Pointing Device Driver

System Checkup 3.4

UniCon

Update for Microsoft Access 2013 (KB2768008) 64-Bit Edition

Update for Microsoft InfoPath 2013 (KB2752078) 64-Bit Edition

Update for Microsoft Lync 2013 (KB2817678) 64-Bit Edition

Update for Microsoft Lync 2013 (KB2825630) 64-Bit Edition

Update for Microsoft Office 2013 (KB2726954) 64-Bit Edition

Update for Microsoft Office 2013 (KB2726996) 64-Bit Edition

Update for Microsoft Office 2013 (KB2738038) 64-Bit Edition

Update for Microsoft Office 2013 (KB2760224) 64-Bit Edition

Update for Microsoft Office 2013 (KB2760242) 64-Bit Edition

Update for Microsoft Office 2013 (KB2760257) 64-Bit Edition

Update for Microsoft Office 2013 (KB2760267) 64-Bit Edition

Update for Microsoft Office 2013 (KB2760539) 64-Bit Edition

Update for Microsoft Office 2013 (KB2760553) 64-Bit Edition

Update for Microsoft Office 2013 (KB2760610) 64-Bit Edition

Update for Microsoft Office 2013 (KB2767845) 64-Bit Edition

Update for Microsoft Office 2013 (KB2768016) 64-Bit Edition

Update for Microsoft Office 2013 (KB2817309) 64-Bit Edition

Update for Microsoft Office 2013 (KB2817311) 64-Bit Edition

Update for Microsoft Office 2013 (KB2817314) 64-Bit Edition

Update for Microsoft Office 2013 (KB2817316) 64-Bit Edition

Update for Microsoft Office 2013 (KB2817490) 64-Bit Edition

Update for Microsoft Office 2013 (KB2817626) 64-Bit Edition

Update for Microsoft Office 2013 (KB2817640) 64-Bit Edition

Update for Microsoft Office 2013 (KB2827225) 64-Bit Edition

Update for Microsoft Office 2013 (KB2827230) 64-Bit Edition

Update for Microsoft Office 2013 (KB2827239) 64-Bit Edition

Update for Microsoft Office 2013 (KB2837643) 64-Bit Edition

Update for Microsoft Office 2013 (KB2837649) 64-Bit Edition

Update for Microsoft OneNote 2013 (KB2837642) 64-Bit Edition

Update for Microsoft PowerPoint 2013 (KB2726947) 64-Bit Edition

Update for Microsoft PowerPoint 2013 (KB2817625) 64-Bit Edition

Update for Microsoft Project 2013 (KB2767859) 64-Bit Edition

Update for Microsoft Publisher 2013 (KB2752097) 64-Bit Edition

Update for Microsoft SkyDrive Pro (KB2837652) 64-Bit Edition

Update for Microsoft Visio 2013 (KB2752018) 64-Bit Edition

Update for Microsoft Visio Viewer 2013 (KB2768338) 64-Bit Edition

Update for Microsoft Word 2013 (KB2817631) 64-Bit Edition

Update for Microsoft Word 2013 (KB2837630) 64-Bit Edition

UserGuide

VLC media player 2.0.7

Widevine Media Optimizer Chrome 6.0.0

Widevine Media Optimizer IE 6.0.0

Windows Driver Package - Lenovo (ACPIVPC) System  (06/15/2012 8.1.0.1)

Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (06/19/2012 10.13.29.733)

.

==== Event Viewer Messages From Past Week ========

.

12/3/2013 7:57:58 PM, Error: NetBT [4321]  - The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.0.2. The computer with the IP address 192.168.0.9 did not allow the name to be claimed by this computer.

12/3/2013 7:09:23 PM, Error: BROWSER [8020]  - The browser was unable to promote itself to master browser.  The computer that currently believes it is the master browser is unknown.

12/3/2013 6:57:53 PM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Installer service, but this action failed with the following error:  An instance of the service is already running.

12/3/2013 6:55:53 PM, Error: Service Control Manager [7031]  - The Windows Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

12/1/2013 1:09:08 PM, Error: BROWSER [8019]  - The browser was unable to promote itself to master browser.  The browser will continue to attempt to promote itself to the master browser, but will no longer log any events in the event log in Event Viewer.

11/30/2013 9:19:11 PM, Error: Service Control Manager [7034]  - The Intel® Rapid Storage Technology service terminated unexpectedly.  It has done this 1 time(s).

11/30/2013 9:16:24 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the HOSTS Anti-PUPs service to connect.

11/30/2013 9:16:24 PM, Error: Service Control Manager [7000]  - The HOSTS Anti-PUPs service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

11/30/2013 9:01:46 PM, Error: Service Control Manager [7030]  - The HOSTS Anti-PUPs service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

11/30/2013 2:55:13 AM, Error: Schannel [36888]  - A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 40. The Windows SChannel error state is 107.

11/30/2013 2:55:13 AM, Error: Schannel [36874]  - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

.

==== End Of File ===========================

 

This is the document called “DDS.txt:”

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 10.0.9200.16537

Run by Tita at 20:01:19 on 2013-12-03

Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.8053.5644 [GMT -6:00]

.

AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\system32\dwm.exe

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k LocalService

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\System32\spoolsv.exe

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\windows\system32\BtwRSupportService.exe

C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe

C:\windows\system32\dashost.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\windows\system32\taskhostex.exe

C:\windows\Explorer.EXE

C:\Program Files\Intel\iCLS Client\HeciServer.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\windows\SysWOW64\NLSSRV32.EXE

C:\Program Files (x86)\Common Files\Motive\pcCMService.exe

C:\Program Files\Common Files\Motive\pcCMService.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\windows\system32\svchost.exe -k imgsvc

C:\Program Files\Windows Defender\MsMpEng.exe

C:\Program Files (x86)\IObit\Start Menu 8\StartMenu8.exe

C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

C:\windows\system32\wbem\unsecapp.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\IObit\Start Menu 8\InstallServices64.exe

C:\Program Files (x86)\IObit\Start Menu 8\StartMenu_Hook.exe

C:\windows\system32\SearchIndexer.exe

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe

C:\Windows\System32\WUDFHost.exe

C:\Windows\System32\RuntimeBroker.exe

C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe

C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE

C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe

C:\Program Files (x86)\Lenovo\Energy Management\utility.exe

C:\Windows\System32\hkcmd.exe

C:\windows\system32\igfxsrvc.exe

C:\Windows\System32\igfxpers.exe

C:\Users\Tita\AppData\Local\FluxSoftware\Flux\flux.exe

C:\Users\Tita\AppData\Local\Akamai\netsession_win.exe

C:\Users\Tita\AppData\Local\Akamai\netsession_win.exe

C:\Users\Tita\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe

C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe

C:\Program Files (x86)\USB Camera2\VM332STI.EXE

C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe

C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe

C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe

C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\windows\system32\taskhost.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\Internet Explorer\IELowutil.exe

C:\Program Files\Microsoft Office\Office15\WINWORD.EXE

C:\windows\system32\WLANExt.exe

C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\windows\system32\taskeng.exe

C:\windows\system32\msiexec.exe

C:\windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uSearch Bar = Preserve

uProxyOverride = <-loopback>;<local>

mWinlogon: Userinit = userinit.exe,

BHO: ScorpionSaver: {10AD2C61-0898-4348-8600-14A342F22AC3} - C:\Program Files (x86)\ScorpionSaver\IECore.dll

TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

uRun: [Lync] "C:\Program Files\Microsoft Office\Office15\lync.exe" /fromrunkey

uRun: [Google Update] "C:\Users\Tita\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [f.lux] "C:\Users\Tita\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow

uRun: [Akamai NetSession Interface] "C:\Users\Tita\AppData\Local\Akamai\netsession_win.exe"

uRun: [GoogleChromeAutoLaunch_B823B1DF5696562C0A736A76F08DD9A7] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window

uRunOnce: [Application Restart #2] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe  --flag-switches-begin --enable-full-history-sync --sync-keystore-encryption --flag-switches-end --restore-last-session -- http://get.adobe.com/reader/completion/aih/?exitcode=-1&type=install&appid=200

mRun: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"

mRun: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe" /s

mRun: [updateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"

mRun: [RemoteControl10] "C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe"

mRun: [intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4

mRun: [MuteSync] C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60

mRun: [Dolby Home Theater v4] "C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe" -autostart

mRun: [332BigDog] C:\Program Files (x86)\USB Camera2\VM332STI.EXE

mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"

mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"

mRun: [iJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe

mRun: [HOSTS Anti-Adware_PUPs] C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe

StartupFolder: C:\Users\Tita\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Tita\AppData\Roaming\Dropbox\bin\Dropbox.exe

StartupFolder: C:\Users\Tita\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

StartupFolder: C:\Users\Tita\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SENDTO~1.LNK - C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\BLUETO~1.LNK - C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll

IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll

Trusted Zone: $talisma_url$

DPF: {4FF78044-96B4-4312-A5B7-FDA3CB328095} -

TCP: NameServer = 97.64.183.164 97.64.209.37

TCP: Interfaces\{21DD842C-9069-4ED6-A7D7-994BC4E89FA0} : DHCPNameServer = 97.64.183.164 97.64.209.37

TCP: Interfaces\{21DD842C-9069-4ED6-A7D7-994BC4E89FA0}\2375942554832373 : DHCPNameServer = 192.168.1.254

Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL

Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL

SSODL: WebCheck - <orphaned>

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll",CreateReaderUserSettings

x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll

x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL

x64-Run: [synLenovoGestureMgr] "C:\Program Files (x86)\Synaptics\SynTP\SynLenovoGestureMgr.exe" /m

x64-Run: [OnekeyStudio] C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe

x64-Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe

x64-Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe

x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

x64-Run: [RtHDVBg_Dolby] "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /FORPCEE4

x64-Run: [igfxTray] "C:\windows\System32\igfxtray.exe"

x64-Run: [HotKeysCmds] "C:\windows\System32\hkcmd.exe"

x64-Run: [Persistence] "C:\windows\System32\igfxpers.exe"

x64-Run: [RadioRage Home Page Guard 64 bit] "C:\PROGRA~2\RADIOR~2\bar\1.bin\AppIntegrator64.exe"

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll

x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll

x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL

x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R0 iaStorA;iaStorA;C:\windows\System32\Drivers\iaStorA.sys [2013-4-22 677360]

R0 LHDmgr;LHDmgr;C:\windows\System32\Drivers\LhdX64.sys [2012-9-19 39008]

R2 AdpeakWFP;AdpeakWFP;C:\windows\System32\Drivers\AdpeakWFP64.sys [2013-11-27 41624]

R2 BcmBtRSupport;Bluetooth Radio Control Service;C:\windows\System32\BtwRSupportService.exe [2013-7-9 2252088]

R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2013-7-9 2451456]

R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]

R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2012-9-19 128896]

R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-9-19 165760]

R2 Level Quality Watcher;Level Quality Watcher;C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe run options=01110010000000000000000000000000 sourceguid=422332B5 --> C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe run options=01110010000000000000000000000000 sourceguid=422332B5 [?]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-11-30 418376]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-11-30 701512]

R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\NLSSRV32.EXE [2012-7-16 69640]

R2 pcCMService;pcCMService;C:\Program Files (x86)\Common Files\Motive\pcCMService.exe [2013-7-1 369152]

R2 pcCMService64;pcCMService64;C:\Program Files\Common Files\Motive\pcCMService.exe [2013-7-1 460288]

R2 StartMenuService;StartMenu8 Service;C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe [2013-6-24 75584]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-9-19 364416]

R2 X5XSEx_Pr148;X5XSEx_Pr148;C:\Program Files (x86)\FreeRide Games\X5XSEx_Pr148.sys [2012-9-19 56136]

R2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2012-7-18 2699568]

R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\windows\System32\Drivers\AcpiVpc.sys [2012-5-15 33560]

R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;C:\windows\System32\Drivers\bcbtums.sys [2012-9-19 165688]

R3 BthLEEnum;Bluetooth Low Energy Driver;C:\windows\System32\Drivers\BthLEEnum.sys [2012-7-25 202752]

R3 btwampfl;btwampfl Bluetooth filter driver;C:\windows\System32\Drivers\btwampfl.sys [2012-9-19 157560]

R3 btwl2cap;Bluetooth L2CAP Service;C:\windows\System32\Drivers\btwl2cap.sys [2013-7-9 40248]

R3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);C:\windows\System32\Drivers\ICCWDT.sys [2010-8-18 26136]

R3 IntcDAud;Intel® Display Audio;C:\windows\System32\Drivers\IntcDAud.sys [2013-6-14 452088]

R3 iwdbus;IWD Bus Enumerator;C:\windows\System32\Drivers\iwdbus.sys [2012-8-9 26008]

R3 MBAMProtector;MBAMProtector;C:\windows\System32\Drivers\mbam.sys [2013-11-30 25928]

R3 NETwNe64;@oem37.inf,___ %NIC_Service_DispName_WIN8_64%;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 8 - 64 Bit;C:\windows\System32\Drivers\NETwew00.sys [2013-4-25 3341792]

R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\windows\System32\Drivers\RtsUVStor.sys [2013-5-9 327752]

R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\Drivers\Rt64win7.sys [2013-4-10 849992]

R3 SmbDrvI;SmbDrvI;C:\windows\System32\Drivers\Smb_driver_Intel.sys [2012-8-22 43832]

R3 vm332avs;Lenovo Camera2;C:\windows\System32\Drivers\vm332avs.sys [2013-7-9 981112]

R3 WSDScan;WSD Scan Support;C:\windows\System32\Drivers\WSDScan.sys [2013-8-18 23552]

S2 HOSTS Anti-PUPs;HOSTS Anti-PUPs;C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe -update --> C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe -update [?]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-7-9 7168]

S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\windows\System32\Drivers\intelaud.sys [2012-8-9 37784]

S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2012-7-18 272176]

S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE [2012-10-1 178824]

S3 RTL8168;Realtek 8168 NT Driver;C:\windows\System32\Drivers\Rt630x64.sys [2012-9-19 683664]

S3 usb3Hub;USB-IF USB 3.0 Hub;C:\windows\System32\Drivers\usb3Hub.sys [2012-8-9 48096]

S3 wsvd;wsvd;C:\windows\System32\Drivers\wsvd.sys [2012-9-19 102376]

S3 XHCIPort;USB-IF xHCI USB Host Controller;C:\windows\System32\Drivers\xHCIPort.sys [2012-8-9 188384]

.

=============== File Associations ===============

.

FileExt: .txt: txtfile=C:\windows\System32\NOTEPAD.EXE %1 [userChoice]

FileExt: .js: jsfile=C:\Corel\Suite8\Programs\CCWin\Cscape.exe

.

=============== Created Last 30 ================

.

2013-12-04 01:11:12   10285968        ----a-w-            C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{24D5DCC6-0EDC-4EF3-8CC1-E5B4B410CFF3}\mpengine.dll

2013-12-04 00:55:55   --------  d-----w-           C:\Program Files (x86)\ScorpionSaver

2013-12-02 09:00:00   10285968        ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll

2013-12-01 03:01:40   --------  d-----w-           C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs

2013-11-30 22:53:54   --------  d-----w-           C:\Users\Tita\AppData\Roaming\Systweak

2013-11-30 22:53:53   --------  d-----w-           C:\Program Files\RegClean Pro

2013-11-30 22:53:52   --------  d-----w-           C:\Program Files\Advanced System Protector

2013-11-30 22:53:52   --------  d-----w-           C:\Program Files (x86)\RegClean Pro

2013-11-30 22:53:51   --------  d-----w-           C:\Program Files (x86)\Advanced System Protector

2013-11-30 22:53:48   --------  d-----w-           C:\ProgramData\Systweak

2013-11-30 22:00:02   --------  d-----w-           C:\AdwCleaner

2013-11-30 21:49:39   --------  d-----w-           C:\Program Files (x86)\VS Revo Group

2013-11-30 19:23:30   --------  d-----w-           C:\Users\Tita\AppData\Roaming\Malwarebytes

2013-11-30 19:23:24   --------  d-----w-           C:\ProgramData\Malwarebytes

2013-11-30 19:23:23   25928  ----a-w-            C:\windows\System32\drivers\mbam.sys

2013-11-30 19:23:23   --------  d-----w-           C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-11-27 20:54:16   41624  ----a-w-            C:\windows\System32\drivers\AdpeakWFP64.sys

2013-11-26 20:51:50   --------  d-----w-           C:\Program Files\Level Quality Watcher

2013-11-23 20:27:05   280752            ----a-w-            C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10226.bin

2013-11-17 06:29:53   78296  ----a-w-            C:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-11-17 06:29:53   694232            ----a-w-            C:\windows\SysWow64\FlashPlayerApp.exe

2013-11-05 05:55:29   --------  d--h--w-           C:\ProgramData\CanonIJScan

.

==================== Find3M  ====================

.

2013-11-19 10:21:41   267936            ------w- C:\windows\System32\MpSigStub.exe

2013-10-12 08:45:20   2241536          ----a-w-            C:\windows\System32\wininet.dll

2013-10-12 08:43:37   3959808          ----a-w-            C:\windows\System32\jscript9.dll

2013-10-12 07:03:50   1767936          ----a-w-            C:\windows\SysWow64\wininet.dll

2013-10-12 07:02:33   2877952          ----a-w-            C:\windows\SysWow64\jscript9.dll

2013-10-10 11:53:35   96600  ----a-w-            C:\windows\System32\drivers\wfplwfs.sys

2013-10-10 09:21:20   1160192          ----a-w-            C:\windows\System32\IKEEXT.DLL

2013-10-10 09:20:43   723968            ----a-w-            C:\windows\System32\BFE.DLL

2013-10-02 23:25:41   1300992          ----a-w-            C:\windows\System32\gdi32.dll

2013-10-01 23:37:57   1569280          ----a-w-            C:\windows\SysWow64\crypt32.dll

2013-10-01 23:37:53   2035712          ----a-w-            C:\windows\SysWow64\authui.dll

2013-10-01 23:26:49   1890816          ----a-w-            C:\windows\System32\crypt32.dll

2013-10-01 23:26:45   2304512          ----a-w-            C:\windows\System32\authui.dll

2013-10-01 22:22:19   1022976          ----a-w-            C:\windows\SysWow64\gdi32.dll

2013-09-23 22:30:14   419328            ----a-w-            C:\windows\System32\schannel.dll

2013-09-23 22:30:03   323072            ----a-w-            C:\windows\SysWow64\schannel.dll

2013-09-13 22:36:37   35328  ----a-w-            C:\windows\SysWow64\wuapp.exe

2013-09-13 22:36:23   84992  ----a-w-            C:\windows\SysWow64\wudriver.dll

2013-09-13 22:36:23   126976            ----a-w-            C:\windows\SysWow64\wuwebv.dll

2013-09-13 22:36:14   247296            ----a-w-            C:\windows\SysWow64\ubpm.dll

2013-09-13 22:34:14   40448  ----a-w-            C:\windows\System32\wuapp.exe

2013-09-13 22:33:55   252928            ----a-w-            C:\windows\System32\WUSettingsProvider.dll

2013-09-13 22:33:55   142848            ----a-w-            C:\windows\System32\wuwebv.dll

2013-09-13 22:33:54   99328  ----a-w-            C:\windows\System32\wudriver.dll

2013-09-13 22:33:54   1622016          ----a-w-            C:\windows\System32\wucltux.dll

2013-09-13 22:33:42   328192            ----a-w-            C:\windows\System32\ubpm.dll

2013-09-13 22:33:39   175104            ----a-w-            C:\windows\System32\storewuauth.dll

.

============= FINISH: 20:01:39.36 ===============

 

Thank you for your help!

 

Granny

 

[Maniac]

Hi Granny!

Are you still with me?

Sorry about delay!

[GrannySlammy]

No, but thanks, Maniac.  It turned out I had Pro (didn't realize the license key works forever), and the tech person there who helped me figure that out is helping me with the malware.

 

I apologize that I messed things up--  I see now that I got confused by the link given at the end of the document to which you referred me for instructions, and I posted my logs there.  I even thought that when you said "post your log files in a reply to this thread:" that it meant in the thread that is shown after the colon, rather than THIS thread where we are discussing it.  So sorry.

 

Granny

[Maurice Naggar]

Customer being helped on the Heldesk. I am closing this.

@Granny

Please continue on the Helpdesk.

Best regards.