Jump to content

Recommended Posts

Hello Malware Fighter,

 

The wife downloaded an "Etsy Bot" from an external link.  Next thing, there's this Etsy Bot installer thing that pops up on boot up.  It says Pilefile installer or something on it too.  Did a Google search and didn't find much on Etsy Bot, but found a bunch of alarming stuff on Pilefile.  At the same time, the default web page on IE11 and Chrome33.0 were set to Key-find.com, which turns out to be another annoying hijack.  Ran Malwarebytes, it found nothing.  And did I mention, my Windows 7 PC is already "secured" with McAfee Total Protection... right!  This has been happening for the last 2 days and I'm at my wits end.  Just noticed today, every time I would kill the Pilefile reminder, McAfee will flash -- trojan quarantined - Artemis!  Seem related?

 

So I followed the instructions, and below are my logs.  

 

Please help!  Thank you.

 

Shaun

 

DDS.TXT

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
 
Internet Explorer: 11.0.9600.16521  BrowserJavaVersion: 10.51.2
 
Run by FRIEDGREEN at 19:18:00 on 2014-04-01
 
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8104.5792 [GMT -5:00]
 
.
 
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
 
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
 
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
 
.
 
============== Running Processes ===============
 
.
 
C:\windows\system32\lsm.exe
 
C:\windows\system32\svchost.exe -k DcomLaunch
 
C:\windows\system32\svchost.exe -k RPCSS
 
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
 
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
 
C:\windows\system32\svchost.exe -k LocalService
 
C:\windows\system32\svchost.exe -k netsvcs
 
C:\windows\system32\svchost.exe -k GPSvcGroup
 
C:\windows\system32\svchost.exe -k NetworkService
 
C:\windows\System32\spoolsv.exe
 
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
 
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
 
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
 
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
 
C:\Windows\jmesoft\Service.exe
 
c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe
 
C:\windows\system32\mfevtps.exe
 
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
 
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
 
C:\windows\system32\svchost.exe -k imgsvc
 
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
 
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
 
C:\Program Files\McAfee\MSC\McAPExe.exe
 
C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
 
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
 
C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
 
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
 
C:\windows\SysWOW64\rundll32.exe
 
C:\windows\system32\rundll32.exe
 
C:\windows\system32\taskhost.exe
 
C:\windows\system32\Dwm.exe
 
C:\windows\Explorer.EXE
 
C:\windows\System32\rundll32.exe
 
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
 
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
 
C:\Windows\System32\igfxtray.exe
 
C:\Windows\System32\hkcmd.exe
 
C:\Windows\System32\igfxpers.exe
 
C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
 
C:\Program Files (x86)\McAfee Online Backup\MOBKstat.exe
 
C:\Program Files (x86)\NETGEAR\WPN111\wpn111.exe
 
C:\windows\system32\SearchIndexer.exe
 
C:\Program Files\Windows Media Player\wmpnetwk.exe
 
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
 
C:\windows\System32\svchost.exe -k LocalServicePeerNet
 
C:\Windows\jmesoft\hotkey.exe
 
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
 
C:\Program Files\Lenovo\Lenovo Eye Distance System\Lenovo Eye Distance System.exe
 
C:\Program Files\Lenovo\Lenovo Brightness System\Lenovo Dynamic Brightness System.exe
 
C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
 
C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
 
C:\Windows\jmesoft\JME_LOAD.exe
 
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
 
C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
 
C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
 
C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
 
C:\windows\system32\wbem\wmiprvse.exe
 
C:\windows\system32\taskeng.exe
 
c:\PROGRA~2\mcafee\SITEAD~1\saui.exe
 
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
 
C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
 
C:\windows\system32\sppsvc.exe
 
C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
 
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
 
C:\windows\System32\svchost.exe -k secsvcs
 
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
 
C:\Program Files\McAfee\MAT\McPvTray.exe
 
C:\windows\system32\wbem\wmiprvse.exe
 
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
 
C:\windows\servicing\TrustedInstaller.exe
 
C:\windows\System32\cscript.exe
 
.
 
============== Pseudo HJT Report ===============
 
.
 
uSearch Bar = Preserve
 
 
 
mWinlogon: Userinit = userinit.exe,
 
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
 
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
 
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
 
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
 
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
 
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
 
BHO: TBSB07898 Class: {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll
 
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
 
TB: Coupons.com CouponBar: {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll
 
uRun: [EPSON WorkForce 1100 Series] C:\windows\System32\spool\DRIVERS\x64\3\E_IATIFEA.EXE /FU "C:\windows\TEMP\E_SF8B0.tmp" /EF "HKCU"
 
uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
 
uRun: [Google Update] "C:\Users\FRIEDGREEN\AppData\Local\Google\Update\GoogleUpdate.exe" /c
 
mRun: [jmekey] C:\windows\jmesoft\hotkey.exe
 
mRun: [jmesoft] C:\Windows\jmesoft\ServiceLoader.exe
 
mRun: [Lenovo Eye Distance System] C:\Program Files\Lenovo\Lenovo Eye Distance System\Lenovo Eye Distance System.exe 1
 
mRun: [Lenovo Dynamic Brightness System] C:\Program Files\Lenovo\Lenovo Brightness System\Lenovo Dynamic Brightness System.exe 1
 
mRun: [setDefaultSCR] C:\Program Files (x86)\Lenovo\Lenovo Screensaver\SetDefaultSCR.exe
 
mRun: [CLMLServer] "C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe"
 
mRun: [updateP2GoShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
 
mRun: [updatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
 
mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
 
mRun: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
 
mRun: [iJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
 
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
 
dRunOnce: [{91140000-0011-0000-0000-0000000FF1CE}] C:\windows\System32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
 
dRunOnce: [{90140000-0018-0409-0000-0000000FF1CE}] C:\windows\System32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
 
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Online Backup\MOBKstat.exe
 
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WPN111\wpn111.exe
 
mPolicies-Explorer: NoActiveDesktop = dword:1
 
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
 
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
 
mPolicies-System: ConsentPromptBehaviorUser = dword:3
 
mPolicies-System: EnableUIADesktopToggle = dword:0
 
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
 
TCP: NameServer = 10.0.0.1
 
TCP: Interfaces\{8B449D86-FF9D-46D6-B0E3-54A2A9ECD424} : DHCPNameServer = 10.0.0.1
 
TCP: Interfaces\{8B449D86-FF9D-46D6-B0E3-54A2A9ECD424}\26F6D626 : DHCPNameServer = 10.0.0.1
 
TCP: Interfaces\{8B449D86-FF9D-46D6-B0E3-54A2A9ECD424}\37869647374796C6C6 : DHCPNameServer = 192.168.254.254
 
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll
 
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
 
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
 
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
 
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
 
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
 
SSODL: WebCheck - <orphaned>
 
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
 
 
 
 
 
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
 
x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
 
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
 
x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
 
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
 
x64-Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe
 
x64-Run: [igfxTray] C:\windows\System32\igfxtray.exe
 
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
 
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
 
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll
 
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
 
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
 
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
 
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
 
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
 
x64-Notify: igfxcui - igfxdev.dll
 
x64-SSODL: WebCheck - <orphaned>
 
.
 
============= SERVICES / DRIVERS ===============
 
.
 
R0 fbfmon;fbfmon;C:\windows\System32\drivers\fbfmon.sys [2011-12-8 57952]
 
R0 WinI2C-DDC;WinI2C-DDC Kernel Mode Driver;C:\windows\System32\drivers\ddcdrv.sys [2011-12-8 20832]
 
R1 BPntDrv;BPntDrv;C:\windows\System32\drivers\BPntDrv.sys [2011-12-8 13408]
 
R1 JSWPSLWF;JumpStart Wireless Filter Driver;C:\windows\System32\drivers\jswpslwfx.sys [2012-3-26 26624]
 
R1 MOBKFilter;MOBKFilter;C:\windows\System32\drivers\MOBK.sys [2012-5-10 66040]
 
R2 aksdf;aksdf;C:\windows\System32\drivers\aksdf.sys [2012-9-12 65024]
 
R2 HomeNetSvc;McAfee Home Network;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-5-11 328928]
 
R2 JME Keyboard;JME Keyboard Driver;C:\Windows\jmesoft\Service.exe [2011-12-8 32768]
 
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [2014-3-30 140424]
 
R2 McAPExe;McAfee AP Service;C:\Program Files\McAfee\MSC\McAPExe.exe [2013-5-11 178528]
 
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-5-11 328928]
 
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-5-11 328928]
 
R2 mcpltsvc;McAfee Platform Services;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-5-11 328928]
 
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-5-11 328928]
 
R2 McPvDrv;McPvDrv Driver;C:\windows\System32\drivers\McPvDrv.sys [2013-9-26 74560]
 
R2 mfeavfk;McAfee Inc. mfeavfk;C:\windows\System32\drivers\mfeavfk.sys [2013-8-7 311600]
 
R2 mfecore;McAfee Anti-Malware Core;C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [2013-5-11 1025712]
 
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2013-8-27 219752]
 
R2 mfehidk;McAfee Inc. mfehidk;C:\windows\System32\drivers\mfehidk.sys [2013-8-7 783864]
 
R2 mfevtp;McAfee Validation Trust Protection Service;C:\windows\System32\mfevtps.exe [2013-8-27 185792]
 
R2 mfewfpk;McAfee Inc. mfewfpk;C:\windows\System32\drivers\mfewfpk.sys [2013-8-7 344688]
 
R2 MOBKbackup;McAfee Online Backup;C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [2010-4-13 231224]
 
R2 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2014-1-7 4915040]
 
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-12-8 2655768]
 
R3 cfwids;McAfee Inc. cfwids;C:\windows\System32\drivers\cfwids.sys [2013-8-7 70592]
 
R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2011-4-10 317440]
 
R3 mfefirek;McAfee Inc. mfefirek;C:\windows\System32\drivers\mfefirek.sys [2013-8-7 520696]
 
R3 mfencbdc;McAfee Inc. mfencbdc;C:\windows\System32\drivers\mfencbdc.sys [2014-1-21 422712]
 
R3 PCASp50a64;PCASp50a64 NDIS Protocol Driver;C:\windows\System32\drivers\PCASp50a64.sys [2012-3-3 41280]
 
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2011-12-8 247400]
 
R3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;C:\windows\System32\drivers\WPN111vx.sys [2012-6-27 1075712]
 
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
 
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
 
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
 
S3 HipShieldK;McAfee Inc. HipShieldK;C:\windows\System32\drivers\HipShieldK.sys [2014-1-21 197704]
 
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2014-3-13 111616]
 
S3 jswpsapi;JumpStart Wi-Fi Protected Setup;C:\Program Files (x86)\D-Link\DWA-556 revA\jswpsapi.exe [2012-3-26 954368]
 
S3 mfencrk;McAfee Inc. mfencrk;C:\windows\System32\drivers\mfencrk.sys [2014-1-21 96592]
 
S3 PCAMp50a64;PCAMp50a64 NDIS Protocol Driver;C:\windows\System32\drivers\PCAMp50a64.sys [2012-3-3 43328]
 
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
 
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
 
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-3-3 1255736]
 
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
 
S3 wsvd;wsvd;C:\windows\System32\drivers\wsvd.sys [2009-7-21 121840]
 
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
 
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
 
.
 
=============== File Associations ===============
 
.
 
FileExt: .txt: bftxtfile="C:\Program Files (x86)\Bluefish\bluefish.exe" "%1"
 
FileExt: .vbs: bfvbsfile="C:\Program Files (x86)\Bluefish\bluefish.exe" "%1"
 
FileExt: .js: bfjsfile="C:\Program Files (x86)\Bluefish\bluefish.exe" "%1"
 
.
 
=============== Created Last 30 ================
 
.
 
2014-04-01 10:42:09 10521840 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B7D6FF86-5B4D-4DDF-AD34-6401DEFBF4CB}\mpengine.dll
 
2014-03-30 18:01:38 119512 ----a-w- C:\windows\System32\drivers\MBAMSwissArmy.sys
 
2014-03-30 18:01:19 88280 ----a-w- C:\windows\System32\drivers\mbamchameleon.sys
 
2014-03-30 18:01:19 63192 ----a-w- C:\windows\System32\drivers\mwac.sys
 
2014-03-30 18:01:19 25816 ----a-w- C:\windows\System32\drivers\mbam.sys
 
2014-03-30 18:01:19 -------- d-----w- C:\ProgramData\Malwarebytes
 
2014-03-30 18:01:19 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
 
2014-03-30 18:00:51 -------- d-----w- C:\Users\FRIEDGREEN\AppData\Local\Programs
 
2014-03-30 16:40:08 -------- d-----w- C:\Users\FRIEDGREEN\AppData\Roaming\SupTab
 
2014-03-30 16:40:01 -------- d-----w- C:\ProgramData\WPM
 
2014-03-30 16:38:56 -------- d-----w- C:\Users\FRIEDGREEN\AppData\Roaming\key-find
 
2014-03-29 23:32:50 -------- d-----w- C:\Users\FRIEDGREEN\AppData\Local\21c37a63-8883-49bd-2ed5-6c2ed504d0af
 
2014-03-29 23:32:07 -------- d-----w- C:\Users\FRIEDGREEN\AppData\Local\SearchProtect
 
2014-03-29 23:23:51 -------- d-----w- C:\Users\FRIEDGREEN\AppData\Roaming\Oxy
 
2014-03-13 10:41:45 624128 ----a-w- C:\windows\System32\qedit.dll
 
2014-03-13 10:41:44 509440 ----a-w- C:\windows\SysWow64\qedit.dll
 
2014-03-13 10:41:44 1424384 ----a-w- C:\windows\System32\WindowsCodecs.dll
 
2014-03-13 10:41:43 1230336 ----a-w- C:\windows\SysWow64\WindowsCodecs.dll
 
2014-03-11 23:17:13 96168 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
 
.
 
==================== Find3M  ====================
 
.
 
2014-03-12 00:56:35 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
 
2014-03-12 00:56:35 692616 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
 
2014-03-01 05:17:02 2724864 ----a-w- C:\windows\System32\mshtml.tlb
 
2014-03-01 05:16:26 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll
 
2014-03-01 04:52:55 66048 ----a-w- C:\windows\System32\iesetup.dll
 
2014-03-01 04:51:59 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll
 
2014-03-01 04:33:52 139264 ----a-w- C:\windows\System32\ieUnatt.exe
 
2014-03-01 04:33:34 111616 ----a-w- C:\windows\System32\ieetwcollector.exe
 
2014-03-01 04:32:59 708608 ----a-w- C:\windows\System32\jscript9diag.dll
 
2014-03-01 04:23:49 940032 ----a-w- C:\windows\System32\MsSpellCheckingFacility.exe
 
2014-03-01 04:11:20 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb
 
2014-03-01 03:54:33 5768704 ----a-w- C:\windows\System32\jscript9.dll
 
2014-03-01 03:52:43 61952 ----a-w- C:\windows\SysWow64\iesetup.dll
 
2014-03-01 03:51:53 51200 ----a-w- C:\windows\SysWow64\ieetwproxystub.dll
 
2014-03-01 03:38:26 112128 ----a-w- C:\windows\SysWow64\ieUnatt.exe
 
2014-03-01 03:37:35 553472 ----a-w- C:\windows\SysWow64\jscript9diag.dll
 
2014-03-01 03:35:11 2041856 ----a-w- C:\windows\System32\inetcpl.cpl
 
2014-03-01 03:14:15 4244480 ----a-w- C:\windows\SysWow64\jscript9.dll
 
2014-03-01 03:10:28 2334208 ----a-w- C:\windows\System32\wininet.dll
 
2014-03-01 03:00:08 1964032 ----a-w- C:\windows\SysWow64\inetcpl.cpl
 
2014-03-01 02:32:16 1820160 ----a-w- C:\windows\SysWow64\wininet.dll
 
2014-02-07 01:23:30 3156480 ----a-w- C:\windows\System32\win32k.sys
 
2014-01-29 02:32:18 484864 ----a-w- C:\windows\System32\wer.dll
 
2014-01-29 02:06:47 381440 ----a-w- C:\windows\SysWow64\wer.dll
 
2014-01-28 02:32:46 228864 ----a-w- C:\windows\System32\wwansvc.dll
 
2014-01-27 14:43:26 70592 ----a-w- C:\windows\System32\drivers\cfwids.sys
 
2014-01-27 14:37:32 344688 ----a-w- C:\windows\System32\drivers\mfewfpk.sys
 
2014-01-27 14:37:08 185792 ----a-w- C:\windows\System32\mfevtps.exe
 
2014-01-27 14:33:26 783864 ----a-w- C:\windows\System32\drivers\mfehidk.sys
 
2014-01-27 14:31:34 520696 ----a-w- C:\windows\System32\drivers\mfefirek.sys
 
2014-01-27 14:30:06 311600 ----a-w- C:\windows\System32\drivers\mfeavfk.sys
 
2014-01-27 14:29:22 180272 ----a-w- C:\windows\System32\drivers\mfeapfk.sys
 
2014-01-21 08:50:46 11336 ----a-w- C:\windows\System32\drivers\mfeclnrk.sys
 
2014-01-21 08:50:24 96592 ----a-w- C:\windows\System32\drivers\mfencrk.sys
 
2014-01-21 08:50:02 422712 ----a-w- C:\windows\System32\drivers\mfencbdc.sys
 
2014-01-11 16:52:37 9006072 ----a-w- C:\ProgramData\TempMOBK-update-4ec82966293498cc5bd9350557ef54e8.exe
 
2002-07-26 22:02:06 153088 ----a-w- C:\Program Files (x86)\UNWISE.EXE
 
.
 
============= FINISH: 19:18:41.12 ===============
 
 

 

ATTACH.TXT

 

.
 
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
 
IF REQUESTED, ZIP IT UP & ATTACH IT
 
.
 
DDS (Ver_2012-11-20.01)
 
.
 
Microsoft Windows 7 Home Premium 
 
Boot Device: \Device\HarddiskVolume1
 
Install Date: 2/27/2012 8:45:05 PM
 
System Uptime: 4/1/2014 7:11:26 PM (0 hours ago)
 
.
 
Motherboard: LENOVO |  | To be filled by O.E.M.
 
Processor: Intel® Core i5-2320 CPU @ 3.00GHz | CPU 1 | 3001/100mhz
 
.
 
==== Disk Partitions =========================
 
.
 
C: is FIXED (NTFS) - 1838 GiB total, 1723.2 GiB free.
 
D: is CDROM ()
 
.
 
==== Disabled Device Manager Items =============
 
.
 
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
 
Description: McAfee Inc. mfeapfk
 
Device ID: ROOT\LEGACY_MFEAPFK\0000
 
Manufacturer: 
 
Name: McAfee Inc. mfeapfk
 
PNP Device ID: ROOT\LEGACY_MFEAPFK\0000
 
Service: mfeapfk
 
.
 
==== System Restore Points ===================
 
.
 
RP177: 3/21/2014 7:28:06 PM - Windows Update
 
RP178: 3/25/2014 5:35:16 AM - Windows Update
 
RP179: 4/1/2014 5:41:29 AM - Windows Update
 
.
 
==== Installed Programs ======================
 
.
 
7-Zip 9.20 (x64 edition)
 
Adobe AIR
 
Adobe Flash Player 12 ActiveX
 
Adobe Flash Player 12 Plugin
 
Adobe Photoshop Lightroom 4.4 64-bit
 
Adobe Reader XI (11.0.05)
 
ALL-Cut LPT_Com X64
 
Bluefish 2.2.1
 
Canon IJ Network Scan Utility
 
Canon IJ Network Tool
 
Canon MP Navigator EX 3.0
 
Canon MP560 series MP Drivers
 
Corel Graphics - Windows Shell Extension
 
Corel Graphics - Windows Shell Extension 32 Bit
 
CorelDRAW Graphics Suite X6
 
CorelDRAW Graphics Suite X6 - BR
 
CorelDRAW Graphics Suite X6 - Capture
 
CorelDRAW Graphics Suite X6 - Common
 
CorelDRAW Graphics Suite X6 - Connect
 
CorelDRAW Graphics Suite X6 - Content
 
CorelDRAW Graphics Suite X6 - Custom Data
 
CorelDRAW Graphics Suite X6 - Draw
 
CorelDRAW Graphics Suite X6 - EN
 
CorelDRAW Graphics Suite X6 - ES
 
CorelDRAW Graphics Suite X6 - Filters
 
CorelDRAW Graphics Suite X6 - FontNav
 
CorelDRAW Graphics Suite X6 - FR
 
CorelDRAW Graphics Suite X6 - IPM
 
CorelDRAW Graphics Suite X6 - PHOTO-PAINT
 
CorelDRAW Graphics Suite X6 - Photozoom Plugin
 
CorelDRAW Graphics Suite X6 - Redist
 
CorelDRAW Graphics Suite X6 - Setup Files
 
CorelDRAW Graphics Suite X6 - VBA
 
CorelDRAW Graphics Suite X6 - VideoBrowser
 
CorelDRAW Graphics Suite X6 - VSTA
 
CorelDRAW Graphics Suite X6 - Writing Tools
 
Coupon Printer for Windows
 
CouponBar
 
CutePDF Writer 2.8
 
D3DX10
 
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
 
Dropbox
 
DWA-556
 
EPSON WorkForce 1100 Series Printer Uninstall
 
Google Chrome
 
Google Drive
 
Google Update Helper
 
GoToMeeting 5.1.0.880
 
GreatCut
 
Hardlock Device Drivers
 
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
 
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
 
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
 
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
 
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
 
Inkscape 0.48.2
 
Intel® Control Center
 
Intel® Management Engine Components
 
Intel® Network Connections Drivers
 
Intel® Processor Graphics
 
Java 7 Update 51
 
Java Auto Updater
 
JavaFX 2.1.1
 
Junk Mail filter update
 
Lenovo Blacksilk USB Keyboard Driver
 
Lenovo Driver and Application Installation
 
Lenovo Dynamic Brightness System
 
Lenovo EE Boot Optimizer
 
Lenovo Eye Distance System
 
Lenovo Power2Go
 
Lenovo Rescue System
 
Lenovo Screensaver
 
LVT
 
Malwarebytes Anti-Malware version 2.00.0.1000
 
McAfee Online Backup
 
McAfee Total Protection
 
Mesh Runtime
 
Microsoft .NET Framework 4.5.1
 
Microsoft Application Error Reporting
 
Microsoft Corporation
 
Microsoft LifeCam
 
Microsoft Office 2010
 
Microsoft Office Access MUI (English) 2010
 
Microsoft Office Access Setup Metadata MUI (English) 2010
 
Microsoft Office Excel MUI (English) 2010
 
Microsoft Office Groove MUI (English) 2010
 
Microsoft Office InfoPath MUI (English) 2010
 
Microsoft Office Office 64-bit Components 2010
 
Microsoft Office OneNote MUI (English) 2010
 
Microsoft Office Outlook Connector
 
Microsoft Office Outlook MUI (English) 2010
 
Microsoft Office PowerPoint MUI (English) 2010
 
Microsoft Office Professional Plus 2010
 
Microsoft Office Proof (English) 2010
 
Microsoft Office Proof (French) 2010
 
Microsoft Office Proof (Spanish) 2010
 
Microsoft Office Proofing (English) 2010
 
Microsoft Office Publisher MUI (English) 2010
 
Microsoft Office Shared 64-bit MUI (English) 2010
 
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
 
Microsoft Office Shared MUI (English) 2010
 
Microsoft Office Shared Setup Metadata MUI (English) 2010
 
Microsoft Office Word MUI (English) 2010
 
Microsoft Silverlight
 
Microsoft SQL Server 2005 Compact Edition [ENU]
 
Microsoft Visual Basic for Applications 7.1 (x86)
 
Microsoft Visual Basic for Applications 7.1 (x86) English
 
Microsoft Visual C++ 2005 Redistributable
 
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
 
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
 
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
 
Microsoft Visual Studio Tools for Applications 2.0 - ENU
 
Microsoft Visual Studio Tools for Applications 2.0 Runtime
 
MSVCRT
 
MSVCRT_amd64
 
NETGEAR RangeMax Wireless USB 2.0 Adapter WPN111
 
Notepad++
 
Oxy
 
PileFile reminder
 
Realtek High Definition Audio Driver
 
Realtek USB 2.0 Card Reader
 
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
 
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
 
Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition
 
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
 
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
 
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
 
Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition
 
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
 
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
 
Shared C Run-time for x64
 
Skype™ 6.11
 
TeamViewer 9
 
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
 
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition
 
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition
 
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition
 
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
 
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
 
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
 
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
 
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
 
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
 
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
 
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
 
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition
 
Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition
 
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition
 
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition
 
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition
 
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
 
Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition
 
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition
 
Update for Microsoft Visio 2010 (KB2878227) 32-Bit Edition
 
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
 
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition
 
Windows 7 Codec Pack 4.0.3
 
Windows Live Communications Platform
 
Windows Live Essentials
 
Windows Live ID Sign-in Assistant
 
Windows Live Installer
 
Windows Live Language Selector
 
Windows Live Mail
 
Windows Live Mesh
 
Windows Live Mesh ActiveX Control for Remote Connections
 
Windows Live Messenger
 
Windows Live MIME IFilter
 
Windows Live Movie Maker
 
Windows Live Photo Common
 
Windows Live Photo Gallery
 
Windows Live PIMT Platform
 
Windows Live Remote Client
 
Windows Live Remote Client Resources
 
Windows Live Remote Service
 
Windows Live Remote Service Resources
 
Windows Live SOXE
 
Windows Live SOXE Definitions
 
Windows Live UX Platform
 
Windows Live UX Platform Language Pack
 
Windows Live Writer
 
Windows Live Writer Resources
 
WinSCP 4.3.9
 
.
 
==== Event Viewer Messages From Past Week ========
 
.
 
4/1/2014 7:11:49 PM, Error: Service Control Manager [7000]  - The McAfee Inc. mfeapfk service failed to start due to the following error:  The specified service does not exist.
 
3/31/2014 6:06:57 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
 
3/31/2014 6:06:57 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {C90134D2-4AE9-407A-919A-4A2EF09C6C51}
 
3/31/2014 6:05:23 PM, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
 
3/31/2014 6:05:23 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
 
3/31/2014 6:05:23 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
 
3/31/2014 6:05:23 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
 
3/31/2014 6:05:23 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
 
3/31/2014 6:05:22 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
 
3/31/2014 6:05:16 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
 
3/31/2014 6:04:55 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD BPntDrv DfsC discache JSWPSLWF MOBKFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
 
3/31/2014 6:04:55 PM, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
 
3/31/2014 6:04:55 PM, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
 
3/31/2014 6:04:55 PM, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.
 
3/31/2014 6:04:55 PM, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
 
3/31/2014 6:04:55 PM, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
 
3/31/2014 6:04:55 PM, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error:  A device attached to the system is not functioning.
 
3/31/2014 6:04:55 PM, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
 
3/31/2014 6:04:55 PM, Error: Service Control Manager [7001]  - The McAfee Personal Firewall Service service depends on the Windows Firewall service which failed to start because of the following error:  The dependency service or group failed to start.
 
3/31/2014 6:04:55 PM, Error: Service Control Manager [7001]  - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
 
3/31/2014 6:04:55 PM, Error: Service Control Manager [7001]  - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
 
3/31/2014 6:04:55 PM, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
 
3/31/2014 5:43:50 AM, Error: Service Control Manager [7034]  - The McAfee SiteAdvisor Service service terminated unexpectedly.  It has done this 1 time(s).
 
3/31/2014 5:34:05 AM, Error: bowser [8003]  - The master browser has received a server announcement from the computer UNDERDAWG that believes that it is the master browser for the domain on transport NetBT_Tcpip_{8B449D86-FF9D-46D6-B0E3-54A2A9ECD424}. The master browser is stopping or an election is being forced.
 
3/30/2014 4:19:50 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {0B5A2C52-3EB9-470A-96E2-6C6D4570E40F}
 
3/30/2014 4:12:31 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
 
3/30/2014 4:12:31 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
 
3/30/2014 4:11:00 PM, Error: Microsoft-Windows-Directory-Services-SAM [12291]  - SAM failed to start the TCP/IP or SPX/IPX listening thread
 
3/30/2014 11:40:09 AM, Error: Service Control Manager [7034]  - The Search Protect by Conduit Service service terminated unexpectedly.  It has done this 1 time(s).
 
3/28/2014 10:18:20 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the McAfee Platform Services service to connect.
 
3/28/2014 10:18:20 PM, Error: Service Control Manager [7000]  - The McAfee Platform Services service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
 
3/28/2014 10:18:19 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service mcpltsvc with arguments "" in order to run the server: {20966775-18A4-4299-B8E3-772C336B52A7}
 
.
 
==== End Of File ===========================
 
 
Link to post
Share on other sites

Welcome to the forum.

Can you post those logs again but this time:

1: Uncheck "word wrap" in note pad.

2: Use the default font.
 

You can also just attach them if needed:

To attach a log:

Bottom right corner of this page.
reply1.jpg

New window that comes up.
replyer1.jpg

 


Also......

Please run a Quick Scan with Malwarebytes like this:
Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.
Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.
Make sure that everything is checked, and click Remove Selected.

If you're using Malwarebytes 2.0, please run a Threat Scan

Then.......

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.
For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.


Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.
(please don't put logs in code or quotes and use the default font)

MrC


Note:
Please read all of my instructions completely including these.

Make sure system restore is turned on and running. Create a new restore point

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly


Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive


<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.


<+>The removal of malware isn't instantaneous, please be patient.


<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs


<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.


------->Your topic will be closed if you haven't replied within 3 days!<--------
(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

MrCharlie:  Thanks for the swift response.  I have read and understood your instructions.  Please give me some time to back up my data.  I have quite a bit that needs to be backed up.  I will reply when I have backed up my data and run the tools like you have instructed.

 

Thank you again for your time and help.

 

Shaun

Link to post
Share on other sites

MrC... while creating a new restore point, I found a couple of older restore points that go well before when I got infected.  Do you think restoring it the earliest point would help undo the infection?  It would save us some time and bellyache, if that works.  What do you recommend?

Link to post
Share on other sites

Hi MrC... tried system restore... said it "didn't complete successfully"... restore point corrupt or something.

 

So followed the steps in your instructions, the logs are below:

 

reposting DDS.txt from earlier run:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16521  BrowserJavaVersion: 10.51.2
Run by FRIEDGREEN at 19:18:00 on 2014-04-01
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8104.5792 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
C:\Windows\jmesoft\Service.exe
c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe
C:\windows\system32\mfevtps.exe
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\McAfee\MSC\McAPExe.exe
C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\SysWOW64\rundll32.exe
C:\windows\system32\rundll32.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\System32\rundll32.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files (x86)\McAfee Online Backup\MOBKstat.exe
C:\Program Files (x86)\NETGEAR\WPN111\wpn111.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\jmesoft\hotkey.exe
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
C:\Program Files\Lenovo\Lenovo Eye Distance System\Lenovo Eye Distance System.exe
C:\Program Files\Lenovo\Lenovo Brightness System\Lenovo Dynamic Brightness System.exe
C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Windows\jmesoft\JME_LOAD.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\taskeng.exe
c:\PROGRA~2\mcafee\SITEAD~1\saui.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
C:\windows\system32\sppsvc.exe
C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\McAfee\MAT\McPvTray.exe
C:\windows\system32\wbem\wmiprvse.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\windows\servicing\TrustedInstaller.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
mWinlogon: Userinit = userinit.exe,
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: TBSB07898 Class: {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
TB: Coupons.com CouponBar: {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll
uRun: [EPSON WorkForce 1100 Series] C:\windows\System32\spool\DRIVERS\x64\3\E_IATIFEA.EXE /FU "C:\windows\TEMP\E_SF8B0.tmp" /EF "HKCU"
uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
uRun: [Google Update] "C:\Users\FRIEDGREEN\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [jmekey] C:\windows\jmesoft\hotkey.exe
mRun: [jmesoft] C:\Windows\jmesoft\ServiceLoader.exe
mRun: [Lenovo Eye Distance System] C:\Program Files\Lenovo\Lenovo Eye Distance System\Lenovo Eye Distance System.exe 1
mRun: [Lenovo Dynamic Brightness System] C:\Program Files\Lenovo\Lenovo Brightness System\Lenovo Dynamic Brightness System.exe 1
mRun: [setDefaultSCR] C:\Program Files (x86)\Lenovo\Lenovo Screensaver\SetDefaultSCR.exe
mRun: [CLMLServer] "C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe"
mRun: [updateP2GoShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [updatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [iJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
dRunOnce: [{91140000-0011-0000-0000-0000000FF1CE}] C:\windows\System32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
dRunOnce: [{90140000-0018-0409-0000-0000000FF1CE}] C:\windows\System32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Online Backup\MOBKstat.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WPN111\wpn111.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
TCP: NameServer = 10.0.0.1
TCP: Interfaces\{8B449D86-FF9D-46D6-B0E3-54A2A9ECD424} : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{8B449D86-FF9D-46D6-B0E3-54A2A9ECD424}\26F6D626 : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{8B449D86-FF9D-46D6-B0E3-54A2A9ECD424}\37869647374796C6C6 : DHCPNameServer = 192.168.254.254
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe
x64-Run: [igfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 fbfmon;fbfmon;C:\windows\System32\drivers\fbfmon.sys [2011-12-8 57952]
R0 WinI2C-DDC;WinI2C-DDC Kernel Mode Driver;C:\windows\System32\drivers\ddcdrv.sys [2011-12-8 20832]
R1 BPntDrv;BPntDrv;C:\windows\System32\drivers\BPntDrv.sys [2011-12-8 13408]
R1 JSWPSLWF;JumpStart Wireless Filter Driver;C:\windows\System32\drivers\jswpslwfx.sys [2012-3-26 26624]
R1 MOBKFilter;MOBKFilter;C:\windows\System32\drivers\MOBK.sys [2012-5-10 66040]
R2 aksdf;aksdf;C:\windows\System32\drivers\aksdf.sys [2012-9-12 65024]
R2 HomeNetSvc;McAfee Home Network;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-5-11 328928]
R2 JME Keyboard;JME Keyboard Driver;C:\Windows\jmesoft\Service.exe [2011-12-8 32768]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [2014-3-30 140424]
R2 McAPExe;McAfee AP Service;C:\Program Files\McAfee\MSC\McAPExe.exe [2013-5-11 178528]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-5-11 328928]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-5-11 328928]
R2 mcpltsvc;McAfee Platform Services;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-5-11 328928]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-5-11 328928]
R2 McPvDrv;McPvDrv Driver;C:\windows\System32\drivers\McPvDrv.sys [2013-9-26 74560]
R2 mfeavfk;McAfee Inc. mfeavfk;C:\windows\System32\drivers\mfeavfk.sys [2013-8-7 311600]
R2 mfecore;McAfee Anti-Malware Core;C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [2013-5-11 1025712]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2013-8-27 219752]
R2 mfehidk;McAfee Inc. mfehidk;C:\windows\System32\drivers\mfehidk.sys [2013-8-7 783864]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\windows\System32\mfevtps.exe [2013-8-27 185792]
R2 mfewfpk;McAfee Inc. mfewfpk;C:\windows\System32\drivers\mfewfpk.sys [2013-8-7 344688]
R2 MOBKbackup;McAfee Online Backup;C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [2010-4-13 231224]
R2 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2014-1-7 4915040]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-12-8 2655768]
R3 cfwids;McAfee Inc. cfwids;C:\windows\System32\drivers\cfwids.sys [2013-8-7 70592]
R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2011-4-10 317440]
R3 mfefirek;McAfee Inc. mfefirek;C:\windows\System32\drivers\mfefirek.sys [2013-8-7 520696]
R3 mfencbdc;McAfee Inc. mfencbdc;C:\windows\System32\drivers\mfencbdc.sys [2014-1-21 422712]
R3 PCASp50a64;PCASp50a64 NDIS Protocol Driver;C:\windows\System32\drivers\PCASp50a64.sys [2012-3-3 41280]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2011-12-8 247400]
R3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;C:\windows\System32\drivers\WPN111vx.sys [2012-6-27 1075712]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\windows\System32\drivers\HipShieldK.sys [2014-1-21 197704]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2014-3-13 111616]
S3 jswpsapi;JumpStart Wi-Fi Protected Setup;C:\Program Files (x86)\D-Link\DWA-556 revA\jswpsapi.exe [2012-3-26 954368]
S3 mfencrk;McAfee Inc. mfencrk;C:\windows\System32\drivers\mfencrk.sys [2014-1-21 96592]
S3 PCAMp50a64;PCAMp50a64 NDIS Protocol Driver;C:\windows\System32\drivers\PCAMp50a64.sys [2012-3-3 43328]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-3-3 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S3 wsvd;wsvd;C:\windows\System32\drivers\wsvd.sys [2009-7-21 121840]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
FileExt: .txt: bftxtfile="C:\Program Files (x86)\Bluefish\bluefish.exe" "%1"
FileExt: .vbs: bfvbsfile="C:\Program Files (x86)\Bluefish\bluefish.exe" "%1"
FileExt: .js: bfjsfile="C:\Program Files (x86)\Bluefish\bluefish.exe" "%1"
.
=============== Created Last 30 ================
.
2014-04-01 10:42:09 10521840 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B7D6FF86-5B4D-4DDF-AD34-6401DEFBF4CB}\mpengine.dll
2014-03-30 18:01:38 119512 ----a-w- C:\windows\System32\drivers\MBAMSwissArmy.sys
2014-03-30 18:01:19 88280 ----a-w- C:\windows\System32\drivers\mbamchameleon.sys
2014-03-30 18:01:19 63192 ----a-w- C:\windows\System32\drivers\mwac.sys
2014-03-30 18:01:19 25816 ----a-w- C:\windows\System32\drivers\mbam.sys
2014-03-30 18:01:19 -------- d-----w- C:\ProgramData\Malwarebytes
2014-03-30 18:01:19 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-03-30 18:00:51 -------- d-----w- C:\Users\FRIEDGREEN\AppData\Local\Programs
2014-03-30 16:40:08 -------- d-----w- C:\Users\FRIEDGREEN\AppData\Roaming\SupTab
2014-03-30 16:40:01 -------- d-----w- C:\ProgramData\WPM
2014-03-30 16:38:56 -------- d-----w- C:\Users\FRIEDGREEN\AppData\Roaming\key-find
2014-03-29 23:32:50 -------- d-----w- C:\Users\FRIEDGREEN\AppData\Local\21c37a63-8883-49bd-2ed5-6c2ed504d0af
2014-03-29 23:32:07 -------- d-----w- C:\Users\FRIEDGREEN\AppData\Local\SearchProtect
2014-03-29 23:23:51 -------- d-----w- C:\Users\FRIEDGREEN\AppData\Roaming\Oxy
2014-03-13 10:41:45 624128 ----a-w- C:\windows\System32\qedit.dll
2014-03-13 10:41:44 509440 ----a-w- C:\windows\SysWow64\qedit.dll
2014-03-13 10:41:44 1424384 ----a-w- C:\windows\System32\WindowsCodecs.dll
2014-03-13 10:41:43 1230336 ----a-w- C:\windows\SysWow64\WindowsCodecs.dll
2014-03-11 23:17:13 96168 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
.
==================== Find3M  ====================
.
2014-03-12 00:56:35 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-12 00:56:35 692616 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2014-03-01 05:17:02 2724864 ----a-w- C:\windows\System32\mshtml.tlb
2014-03-01 05:16:26 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll
2014-03-01 04:52:55 66048 ----a-w- C:\windows\System32\iesetup.dll
2014-03-01 04:51:59 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll
2014-03-01 04:33:52 139264 ----a-w- C:\windows\System32\ieUnatt.exe
2014-03-01 04:33:34 111616 ----a-w- C:\windows\System32\ieetwcollector.exe
2014-03-01 04:32:59 708608 ----a-w- C:\windows\System32\jscript9diag.dll
2014-03-01 04:23:49 940032 ----a-w- C:\windows\System32\MsSpellCheckingFacility.exe
2014-03-01 04:11:20 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb
2014-03-01 03:54:33 5768704 ----a-w- C:\windows\System32\jscript9.dll
2014-03-01 03:52:43 61952 ----a-w- C:\windows\SysWow64\iesetup.dll
2014-03-01 03:51:53 51200 ----a-w- C:\windows\SysWow64\ieetwproxystub.dll
2014-03-01 03:38:26 112128 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2014-03-01 03:37:35 553472 ----a-w- C:\windows\SysWow64\jscript9diag.dll
2014-03-01 03:35:11 2041856 ----a-w- C:\windows\System32\inetcpl.cpl
2014-03-01 03:14:15 4244480 ----a-w- C:\windows\SysWow64\jscript9.dll
2014-03-01 03:10:28 2334208 ----a-w- C:\windows\System32\wininet.dll
2014-03-01 03:00:08 1964032 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2014-03-01 02:32:16 1820160 ----a-w- C:\windows\SysWow64\wininet.dll
2014-02-07 01:23:30 3156480 ----a-w- C:\windows\System32\win32k.sys
2014-01-29 02:32:18 484864 ----a-w- C:\windows\System32\wer.dll
2014-01-29 02:06:47 381440 ----a-w- C:\windows\SysWow64\wer.dll
2014-01-28 02:32:46 228864 ----a-w- C:\windows\System32\wwansvc.dll
2014-01-27 14:43:26 70592 ----a-w- C:\windows\System32\drivers\cfwids.sys
2014-01-27 14:37:32 344688 ----a-w- C:\windows\System32\drivers\mfewfpk.sys
2014-01-27 14:37:08 185792 ----a-w- C:\windows\System32\mfevtps.exe
2014-01-27 14:33:26 783864 ----a-w- C:\windows\System32\drivers\mfehidk.sys
2014-01-27 14:31:34 520696 ----a-w- C:\windows\System32\drivers\mfefirek.sys
2014-01-27 14:30:06 311600 ----a-w- C:\windows\System32\drivers\mfeavfk.sys
2014-01-27 14:29:22 180272 ----a-w- C:\windows\System32\drivers\mfeapfk.sys
2014-01-21 08:50:46 11336 ----a-w- C:\windows\System32\drivers\mfeclnrk.sys
2014-01-21 08:50:24 96592 ----a-w- C:\windows\System32\drivers\mfencrk.sys
2014-01-21 08:50:02 422712 ----a-w- C:\windows\System32\drivers\mfencbdc.sys
2014-01-11 16:52:37 9006072 ----a-w- C:\ProgramData\TempMOBK-update-4ec82966293498cc5bd9350557ef54e8.exe
2002-07-26 22:02:06 153088 ----a-w- C:\Program Files (x86)\UNWISE.EXE
.
============= FINISH: 19:18:41.12 ===============
 
 
reposting attach.txt from earlier run:
 
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume1
Install Date: 2/27/2012 8:45:05 PM
System Uptime: 4/1/2014 7:11:26 PM (0 hours ago)
.
Motherboard: LENOVO |  | To be filled by O.E.M.
Processor: Intel® Core i5-2320 CPU @ 3.00GHz | CPU 1 | 3001/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 1838 GiB total, 1723.2 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: McAfee Inc. mfeapfk
Device ID: ROOT\LEGACY_MFEAPFK\0000
Manufacturer: 
Name: McAfee Inc. mfeapfk
PNP Device ID: ROOT\LEGACY_MFEAPFK\0000
Service: mfeapfk
.
==== System Restore Points ===================
.
RP177: 3/21/2014 7:28:06 PM - Windows Update
RP178: 3/25/2014 5:35:16 AM - Windows Update
RP179: 4/1/2014 5:41:29 AM - Windows Update
.
==== Installed Programs ======================
.
7-Zip 9.20 (x64 edition)
Adobe AIR
Adobe Flash Player 12 ActiveX
Adobe Flash Player 12 Plugin
Adobe Photoshop Lightroom 4.4 64-bit
Adobe Reader XI (11.0.05)
ALL-Cut LPT_Com X64
Bluefish 2.2.1
Canon IJ Network Scan Utility
Canon IJ Network Tool
Canon MP Navigator EX 3.0
Canon MP560 series MP Drivers
Corel Graphics - Windows Shell Extension
Corel Graphics - Windows Shell Extension 32 Bit
CorelDRAW Graphics Suite X6
CorelDRAW Graphics Suite X6 - BR
CorelDRAW Graphics Suite X6 - Capture
CorelDRAW Graphics Suite X6 - Common
CorelDRAW Graphics Suite X6 - Connect
CorelDRAW Graphics Suite X6 - Content
CorelDRAW Graphics Suite X6 - Custom Data
CorelDRAW Graphics Suite X6 - Draw
CorelDRAW Graphics Suite X6 - EN
CorelDRAW Graphics Suite X6 - ES
CorelDRAW Graphics Suite X6 - Filters
CorelDRAW Graphics Suite X6 - FontNav
CorelDRAW Graphics Suite X6 - FR
CorelDRAW Graphics Suite X6 - IPM
CorelDRAW Graphics Suite X6 - PHOTO-PAINT
CorelDRAW Graphics Suite X6 - Photozoom Plugin
CorelDRAW Graphics Suite X6 - Redist
CorelDRAW Graphics Suite X6 - Setup Files
CorelDRAW Graphics Suite X6 - VBA
CorelDRAW Graphics Suite X6 - VideoBrowser
CorelDRAW Graphics Suite X6 - VSTA
CorelDRAW Graphics Suite X6 - Writing Tools
Coupon Printer for Windows
CouponBar
CutePDF Writer 2.8
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dropbox
DWA-556
EPSON WorkForce 1100 Series Printer Uninstall
Google Chrome
Google Drive
Google Update Helper
GoToMeeting 5.1.0.880
GreatCut
Hardlock Device Drivers
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
Inkscape 0.48.2
Intel® Control Center
Intel® Management Engine Components
Intel® Network Connections Drivers
Intel® Processor Graphics
Java 7 Update 51
Java Auto Updater
JavaFX 2.1.1
Junk Mail filter update
Lenovo Blacksilk USB Keyboard Driver
Lenovo Driver and Application Installation
Lenovo Dynamic Brightness System
Lenovo EE Boot Optimizer
Lenovo Eye Distance System
Lenovo Power2Go
Lenovo Rescue System
Lenovo Screensaver
LVT
Malwarebytes Anti-Malware version 2.00.0.1000
McAfee Online Backup
McAfee Total Protection
Mesh Runtime
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Corporation
Microsoft LifeCam
Microsoft Office 2010
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual Basic for Applications 7.1 (x86)
Microsoft Visual Basic for Applications 7.1 (x86) English
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual Studio Tools for Applications 2.0 - ENU
Microsoft Visual Studio Tools for Applications 2.0 Runtime
MSVCRT
MSVCRT_amd64
NETGEAR RangeMax Wireless USB 2.0 Adapter WPN111
Notepad++
Oxy
PileFile reminder
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Shared C Run-time for x64
Skype™ 6.11
TeamViewer 9
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition
Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition
Update for Microsoft Visio 2010 (KB2878227) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition
Windows 7 Codec Pack 4.0.3
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinSCP 4.3.9
.
==== Event Viewer Messages From Past Week ========
.
4/1/2014 7:11:49 PM, Error: Service Control Manager [7000]  - The McAfee Inc. mfeapfk service failed to start due to the following error:  The specified service does not exist.
3/31/2014 6:06:57 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
3/31/2014 6:06:57 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {C90134D2-4AE9-407A-919A-4A2EF09C6C51}
3/31/2014 6:05:23 PM, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
3/31/2014 6:05:23 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
3/31/2014 6:05:23 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
3/31/2014 6:05:23 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
3/31/2014 6:05:23 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
3/31/2014 6:05:22 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/31/2014 6:05:16 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
3/31/2014 6:04:55 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD BPntDrv DfsC discache JSWPSLWF MOBKFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
3/31/2014 6:04:55 PM, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
3/31/2014 6:04:55 PM, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
3/31/2014 6:04:55 PM, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.
3/31/2014 6:04:55 PM, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
3/31/2014 6:04:55 PM, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
3/31/2014 6:04:55 PM, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error:  A device attached to the system is not functioning.
3/31/2014 6:04:55 PM, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
3/31/2014 6:04:55 PM, Error: Service Control Manager [7001]  - The McAfee Personal Firewall Service service depends on the Windows Firewall service which failed to start because of the following error:  The dependency service or group failed to start.
3/31/2014 6:04:55 PM, Error: Service Control Manager [7001]  - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
3/31/2014 6:04:55 PM, Error: Service Control Manager [7001]  - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
3/31/2014 6:04:55 PM, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
3/31/2014 5:43:50 AM, Error: Service Control Manager [7034]  - The McAfee SiteAdvisor Service service terminated unexpectedly.  It has done this 1 time(s).
3/31/2014 5:34:05 AM, Error: bowser [8003]  - The master browser has received a server announcement from the computer UNDERDAWG that believes that it is the master browser for the domain on transport NetBT_Tcpip_{8B449D86-FF9D-46D6-B0E3-54A2A9ECD424}. The master browser is stopping or an election is being forced.
3/30/2014 4:19:50 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {0B5A2C52-3EB9-470A-96E2-6C6D4570E40F}
3/30/2014 4:12:31 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
3/30/2014 4:12:31 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
3/30/2014 4:11:00 PM, Error: Microsoft-Windows-Directory-Services-SAM [12291]  - SAM failed to start the TCP/IP or SPX/IPX listening thread
3/30/2014 11:40:09 AM, Error: Service Control Manager [7034]  - The Search Protect by Conduit Service service terminated unexpectedly.  It has done this 1 time(s).
3/28/2014 10:18:20 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the McAfee Platform Services service to connect.
3/28/2014 10:18:20 PM, Error: Service Control Manager [7000]  - The McAfee Platform Services service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
3/28/2014 10:18:19 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service mcpltsvc with arguments "" in order to run the server: {20966775-18A4-4299-B8E3-772C336B52A7}
.
==== End Of File ===========================
 
 
RKReport[0]...txt:
 
RogueKiller V8.8.15 _x64_ [Mar 27 2014] by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : FRIEDGREEN [Admin rights]
Mode : Scan -- Date : 04/02/2014 21:31:45
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 7 ¤¤¤
[PROXY IE][PUM] HKCU\[...]\Internet Settings : ProxyEnable (1) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
 
¤¤¤ Scheduled tasks : 1 ¤¤¤
[V2][sUSP PATH] PileFile logon : C:\Users\BIGRED~1\AppData\Local\Temp\FREE ETSY BOTDownload_D0A7\FREE_ETSY_BOT_Downloader.exe [7] -> FOUND
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Browser Addons : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Hitachi HDS722020ALA330 ATA Device +++++
--- User ---
[MBR] 96e71c9a9043fd02a7eb69482ee5f335
[bSP] f82b9fd3ee43ca8a3753917d7c223f1b : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 1881953 MB
2 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): -440520704 | Size: 25675 MB
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_S_04022014_213145.txt >>
 
 
Link to post
Share on other sites

Please uninstall CouponBar from your add/remove programs.

Then..........

Start with this: (make sure you have created a new system restore point)

Please download AdwCleaner from HERE or HERE to your desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

Then...........


Please download Farbar Recovery Scan Tool (FRST) and save it to a folder.
(use correct version for your system.....Which system am I using?)
FRST <----for 32 bit systems
FRST64 <----for 64 bit systems

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

If the logs are large, you can attach them:

To attach a log:

Bottom right corner of this page.
reply1.jpg

New window that comes up.
replyer1.jpg

MrC

Link to post
Share on other sites

Hi MrC... here are the logs.

 

fyi -- when I open Chrome now, it takes me to search.conduit.com.  I haven't downloaded or installed ANYTHING new, except for the tools you have asked, so I am not sure where this thing came from.

 

AdwCleaner[s0].txt

 

# AdwCleaner v3.023 - Report created 03/04/2014 at 18:21:57
 
# Updated 01/04/2014 by Xplode
 
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
 
# Username : FRIEDGREEN - FRIEDGREEN-PC
 
# Running from : C:\Users\FRIEDGREEN\Desktop\AdwCleaner.exe
 
# Option : Clean
 
 
 
***** [ Services ] *****
 
 
 
 
 
***** [ Files / Folders ] *****
 
 
 
Folder Deleted : C:\AI_RecycleBin
 
Folder Deleted : C:\ProgramData\Babylon
 
Folder Deleted : C:\ProgramData\Partner
 
Folder Deleted : C:\ProgramData\Tarma Installer
 
Folder Deleted : C:\ProgramData\Trymedia
 
Folder Deleted : C:\ProgramData\WPM
 
Folder Deleted : C:\windows\SysWOW64\AI_RecycleBin
 
Folder Deleted : C:\Users\FRIEDGREEN\AppData\Local\apn
 
Folder Deleted : C:\Users\FRIEDGREEN\AppData\Local\SearchProtect
 
Folder Deleted : C:\Users\FRIEDGREEN\AppData\LocalLow\Toolbar4
 
Folder Deleted : C:\Users\FRIEDGREEN\AppData\Roaming\Babylon
 
Folder Deleted : C:\Users\FRIEDGREEN\AppData\Roaming\Oxy
 
Folder Deleted : C:\Users\FRIEDGREEN\AppData\Roaming\SupTab
 
Folder Deleted : C:\Users\FRIEDGREEN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Oxy
 
 
 
***** [ Shortcuts ] *****
 
 
 
 
 
***** [ Registry ] *****
 
 
 
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
 
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
 
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
 
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
 
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
 
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
 
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
 
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
 
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
 
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask
 
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
 
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
 
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
 
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
 
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
 
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
 
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
 
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
 
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
 
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
 
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
 
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
 
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
 
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
 
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
 
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
 
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
 
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
 
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
 
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
 
Key Deleted : HKCU\Software\Escolade
 
Key Deleted : HKLM\Software\Babylon
 
Key Deleted : HKLM\Software\SearchProtect
 
Key Deleted : HKLM\Software\supTab
 
Key Deleted : HKLM\Software\supWPM
 
Key Deleted : HKLM\Software\Trymedia Systems
 
Key Deleted : HKLM\Software\Wpm
 
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
 
 
 
***** [ Browsers ] *****
 
 
 
-\\ Internet Explorer v11.0.9600.16521
 
 
 
 
 
-\\ Google Chrome v
 
 
 
[ File : C:\Users\FRIEDGREEN\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
 
Deleted : homepage
 
 
 
*************************
 
 
 
AdwCleaner[R0].txt - [3935 octets] - [03/04/2014 18:15:07]
 
AdwCleaner[s0].txt - [3908 octets] - [03/04/2014 18:21:57]
 
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [3968 octets] ##########
 
 
The FRST logs are attached.
 
Thanks for everything you are doing.
 
Shaun

Addition.txt

FRST.txt

Link to post
Share on other sites

It's in your add/remove programs and it wasn't there before:

Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.12.11.11 - Conduit) 

Please uninstall it and run another scan with FRST (make sure the Addition box is checked.

Attach the 2 new logs

MrC

Link to post
Share on other sites

See if this can be uninstalled:

Software Version Updater (HKLM-x32\...\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}) (Version: 1.1.3.8 - ) <==== ATTENTION

-----------------------------------

Download the attached fixlist.txt to the same folder as FRST.
Run FRST.exe and click Fix only once and wait
The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

----------------------------------

Clean out temp files:

Download TFC from here and save it to your desktop.
http://oldtimer.geekstogo.com/TFC.exe
http://www.bleepingcomputer.com/download/tfc/dl/92/
Close any open programs and Internet browsers.
Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
Please be patient as clearing out temp files may take a while.
Once it completes you may be prompted to restart your computer, please do so.
Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

----------------------------------

Google Chrome settings have to be manually reset.
Reset home and search pages:
https://support.google.com/chrome/answer/2765944?hl=en

You can always reset Chrome if needed:
https://support.google.com/chrome/answer/3296214?hl=en <---reset

These are your current settings:

 

Let me know....MrC

Link to post
Share on other sites

Hey MrC... I think you did it !!   The annoying Pilefile installer does not pop up on log on anymore.  :)  

 

I was able to reset my browser home pages to my old settings. (and they stuck after I restarted... yahoo!)

 

I still see Pilefile and Oxy under Programs and Features (see attached).  When I try to uninstall them, it says "You don't have sufficient access to uninstall PileFile reminder / Oxy.  Please contact your system administrator."  Is there any way to get rid of them?

 

 

post-159814-0-13587000-1396576670_thumb.

Link to post
Share on other sites

The programs have already been deleted.

 

Please download SystemLook from the link below and save it to your Desktop

http://jpshortstuff.247fixes.com/SystemLook_x64.exe

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield: 

    :regfindPilefileOxy
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply. 
Note: The log can also be found on your Desktop entitled SystemLook.txt 

 

MrC (be back in the AM)

Link to post
Share on other sites

When I run fix.reg, I get this message:

 

The specified file is not a registry script.  You can only import binary registry files from within the registry editor.

 

So I took the liberty to import this from within regedit and got this message:

 

The specified file is not a registry file.  You can only import registry files.

 

Please let me know what to do next.  Thanks.

Link to post
Share on other sites

Hey MrC... it worked!!  The Program and Features entries for Oxy and Pilefile are gone.

 

The folder with the installer etc. still exists (see attached).  Is it safe to just delete it?  How do I search and destroy other folders like this, if they exist?

 

Please let me know next steps... thanks !!

post-159814-0-61668900-1396713278_thumb.

Link to post
Share on other sites

I used FRST to search so......

Download the attached fixlist.txt to the same folder as FRST.

Run FRST.exe and click Fix only once and wait

The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

That should do it.

If there's no other problems.......

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!
MrC
Link to post
Share on other sites

MrC... here are the logs...

 

 

fixlog.txt

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by FRIEDGREEN at 2014-04-05 13:22:53 Run:3
Running from C:\Users\FRIEDGREEN\Desktop\FARBAR
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
C:\Users\FRIEDGREEN\AppData\Roaming\Oxy
C:\Users\FRIEDGREEN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Oxy
C:\windows\System32\Tasks\Oxy
C:\windows\System32\Tasks\PileFile reminder
C:\windows\System32\Tasks\PileFile logon
 
*****************
 
C:\Users\FRIEDGREEN\AppData\Roaming\Oxy => Moved successfully.
C:\Users\FRIEDGREEN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Oxy => Moved successfully.
"C:\windows\System32\Tasks\Oxy" => File/Directory not found.
"C:\windows\System32\Tasks\PileFile reminder" => File/Directory not found.
"C:\windows\System32\Tasks\PileFile logon" => File/Directory not found.
 
==== End of Fixlog ====
 
 
checkup.txt
 
 
 Results of screen317's Security Check version 0.99.81  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
McAfee Anti-Virus and Anti-Spyware   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 JavaFX 2.1.1    
 Java 7 Update 51  
 Adobe Flash Player 12.0.0.77  
 Adobe Reader XI  
 Google Chrome 33.0.1750.146  
 Google Chrome 33.0.1750.154  
 Google Chrome Plugins...  
````````Process Check: objlist.exe by Laurent````````  
 McAfee Online Backup MOBKstat.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log`````````````````````` 
 
Link to post
Share on other sites

That all looks Good,,,,,,,

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter. (it may look like CF is re-installing but it's not)

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller)

---------------------------------

Please download OTC to your desktop. (This will clean up most of the tools and logs)

http://oldtimer.geekstogo.com/OTC.exe

Double-click OTC to run it. (Vista and up users, please right click on OTC and select "Run as an Administrator")

Click on the CleanUp! button and follow the prompts.

(If you get a warning from your firewall or other security programs regarding OTC attempting to contact the Internet, please allow the connection.)

You will be asked to reboot the machine to finish the Cleanup process, choose Yes.

After the reboot all the tools we used should be gone.

Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.

Any other programs or logs you can manually delete. (right click.....Delete)

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST folder, FRST-OlderVersion folder, MBAR folder, etc....AdwCleaner > just run the program and click uninstall.

Note:

If you used FRST and can't delete the quarantine folder:

Download the fixlist.txt to the same folder as FRST.exe.

Run FRST.exe and click Fix only once and wait

That will delete the quarantine folder created by FRST.

The rest you can manually delete.

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again. (My Preventive Maintenance also found HERE)

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.