Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Removed PILE FILE and OXY, still having network issues


  • This topic is locked This topic is locked
2 replies to this topic

#1 thehuntedone

thehuntedone

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:01 AM

Posted 04 May 2014 - 03:42 PM

Hi, friends computer had PILE FILE and OXY issue and was (I think) successfully removed.  Still need to clean up some of the tools.  However, she is having issues in her own network that the computer fails to connect to the internet, and when I had her try to open the page to manage her wireless she indicated a bunch of icon changes that indicated OXY was still on her machine.  I scanned for other viruses or malware and one of the tools indicated a virus detected before the machine shutdown for an unknown reason.  I have been able to log back in and check startups and IE settings, and on my network at my house the computer gets on the internet just fine. 

 

I need some help trying to figure this out.  I am just struggling a little and looking for some help to point me in the right direction...

 

I have stopped any and all troubleshooting at this point pending response to this forum.

 

A little history, the user and her wife indicated that they use this computer for college and were doing some research and downloaded some pictures when the initial problem started.

 

Here is the DDS log, and Attach.txt attached, as instructed ...

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17041  BrowserJavaVersion: 10.51.2
Run by Alisyn at 14:22:29 on 2014-05-04
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4863.3652 [GMT -6:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\mfevtps.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\UI0Detect.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie9
uSearch Bar = Preserve
uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
mWinlogon: Userinit = userinit.exe
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll
TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
uRun: [Google Update] "C:\Users\Trent\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [Nikon Transfer Monitor] C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
StartupFolder: C:\Users\Alisyn\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\COMCAS~1.LNK - C:\Program Files (x86)\Comcast Universal Caller ID\Comcast Universal Caller ID.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{60F87767-D435-49E8-A414-A3620A22597D} : NameServer = 208.67.222.222
TCP: Interfaces\{7FC1E60B-E0B6-47D6-961B-4958C6FD5A84} : NameServer = 208.67.222.222
TCP: Interfaces\{7FC1E60B-E0B6-47D6-961B-4958C6FD5A84} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{7FC1E60B-E0B6-47D6-961B-4958C6FD5A84}\34F6D636163747 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{7FC1E60B-E0B6-47D6-961B-4958C6FD5A84}\3686166756A7 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{7FC1E60B-E0B6-47D6-961B-4958C6FD5A84}\456214 : NameServer = 208.67.222.222
TCP: Interfaces\{7FC1E60B-E0B6-47D6-961B-4958C6FD5A84}\456214 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{EF39876C-BAB5-4562-BBC2-EEC962D04DD4} : DHCPNameServer = 75.75.75.75 75.75.76.76
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} -
x64-Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - C:\Windows\System32\rundll32.exe C:\Windows\System32\advpack.dll,LaunchINFSectionEx C:\Program Files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2011-1-18 75904]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2011-1-18 38016]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2011-3-13 783864]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2011-5-5 345456]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2013-11-4 92160]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-11-7 328928]
R2 mfecore;McAfee Anti-Malware Core;C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [2013-11-7 1025712]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2011-5-5 219752]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2011-5-5 185792]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE [2014-3-11 247968]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2011-5-5 70592]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2011-5-5 311600]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2011-5-5 522360]
R3 mfencbdc;McAfee Inc. mfencbdc;C:\Windows\System32\drivers\mfencbdc.sys [2014-1-21 422712]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-1-18 349800]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\System32\drivers\RTL8192su.sys [2010-9-29 695400]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-1-18 38456]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE [2014-3-11 193696]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2012-9-19 102368]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2014-4-16 197704]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-4-11 111616]
S3 mfencrk;McAfee Inc. mfencrk;C:\Windows\System32\drivers\mfencrk.sys [2014-1-21 96592]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-8-29 19456]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2012-9-19 203104]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-8-29 57856]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-5-7 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S4 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-1-18 203264]
S4 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S4 HomeNetSvc;McAfee Home Network;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-11-7 328928]
S4 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]
S4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-10-26 201304]
S4 McAPExe;McAfee AP Service;C:\Program Files\McAfee\MSC\McAPExe.exe [2013-11-7 178528]
S4 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [2014-1-15 289256]
S4 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-11-7 328928]
S4 mcpltsvc;McAfee Platform Services;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-11-7 328928]
S4 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-11-7 328928]
S4 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
S4 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2011-1-18 1119768]
S4 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-9-11 399344]
.
=============== Created Last 30 ================
.
2014-05-04 19:46:14    --------    d-----w-    C:\Program Files (x86)\Ask.com
2014-05-04 19:40:22    --------    d-----w-    C:\Program Files (x86)\VS Revo Group
2014-05-04 09:00:28    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-05-04 09:00:28    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-05-03 21:50:14    --------    d-----w-    C:\Program Files (x86)\ESET
2014-05-03 21:49:15    10651704    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2E461FB4-1B97-4F29-8FF5-F4E070600DC9}\mpengine.dll
2014-05-03 20:10:03    119512    ----a-w-    C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-05-03 20:09:34    88280    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2014-05-03 20:09:34    63192    ----a-w-    C:\Windows\System32\drivers\mwac.sys
2014-05-03 20:09:34    25816    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2014-05-03 20:09:34    --------    d-----w-    C:\ProgramData\Malwarebytes
2014-05-03 20:09:34    --------    d-----w-    C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-03 19:17:49    --------    d-----w-    C:\FRST
2014-05-01 06:47:17    --------    d-----w-    C:\Program Files (x86)\Common Files\Research In Motion
2014-04-29 07:40:50    --------    d-----w-    C:\Users\Alisyn\AppData\Local\Macromedia
2014-04-29 07:34:48    --------    d-----w-    C:\Users\Alisyn\AppData\Local\Mozilla
2014-04-29 07:34:37    --------    d-----w-    C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-28 03:20:36    --------    d-----w-    C:\Users\Alisyn\AppData\Roaming\InstallX Search Protect for Yahoo
2014-04-28 03:20:35    --------    d-----w-    C:\Program Files\rrsavings
2014-04-28 03:20:14    --------    d-----w-    C:\Users\Alisyn\AppData\Local\BlitzMediaPlayer
2014-04-28 03:20:13    --------    d-----w-    C:\Program Files (x86)\BlitzMediaPlayer
2014-04-28 03:20:08    --------    d-----w-    C:\Program Files\002
2014-04-28 03:20:04    --------    d-----w-    C:\Program Files (x86)\Browsersafeguard
2014-04-28 03:19:56    --------    d-----w-    C:\ProgramData\WeCareReminder
2014-04-27 04:01:52    --------    d-----w-    C:\Users\Alisyn\AppData\Roaming\LavasoftStatistics
2014-04-27 03:48:07    --------    d-----w-    C:\Program Files\Lavasoft
2014-04-27 03:47:08    --------    d-----w-    C:\Users\Alisyn\AppData\Local\adawarebp
2014-04-27 03:47:06    --------    d-----w-    C:\ProgramData\Ad-Aware Browsing Protection
2014-04-27 03:46:49    --------    d-----w-    C:\Program Files (x86)\Toolbar Cleaner
2014-04-27 03:46:22    --------    d-----w-    C:\Program Files (x86)\Lavasoft
2014-04-27 03:45:14    --------    d-----w-    C:\Program Files\Common Files\Lavasoft
2014-04-25 03:03:26    159744    ----a-w-    C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll
2014-04-25 03:03:26    159744    ----a-w-    C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll
2014-04-25 03:03:26    159744    ----a-w-    C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll
2014-04-25 03:03:26    159744    ----a-w-    C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll
2014-04-25 03:03:26    159744    ----a-w-    C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll
2014-04-25 03:00:28    --------    d-----w-    C:\Users\Alisyn\AppData\Local\Apple
2014-04-25 02:28:24    1409    ----a-w-    C:\Windows\QTFont.for
2014-04-17 05:13:41    197704    ----a-w-    C:\Windows\System32\drivers\HipShieldK.sys
2014-04-17 02:45:13    --------    d-----w-    C:\Users\Alisyn\.config
2014-04-17 02:43:52    --------    d-----w-    C:\Users\Alisyn\AppData\Local\Programs
2014-04-17 02:43:52    --------    d-----w-    C:\Users\Alisyn\AppData\Local\Chromium
2014-04-15 20:57:13    --------    d-----w-    C:\Users\Alisyn\AppData\Local\{B00F437C-803B-43DA-881C-011B37877DCB}
2014-04-13 03:18:05    --------    d-----w-    C:\ProgramData\APN
2014-04-13 03:16:14    --------    d-----w-    C:\ProgramData\Oracle
2014-04-13 03:15:52    96168    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-04-13 02:15:59    --------    d-----w-    C:\Users\Alisyn\AppData\Roaming\Oxy
2014-04-13 01:26:15    --------    d-sh--w-    C:\Users\Alisyn\AppData\Local\EmieUserList
2014-04-13 01:26:15    --------    d-sh--w-    C:\Users\Alisyn\AppData\Local\EmieSiteList
2014-04-09 06:37:45    274880    ----a-w-    C:\Windows\System32\drivers\msiscsi.sys
.
==================== Find3M  ====================
.
2014-03-31 15:35:08    270496    ------w-    C:\Windows\System32\MpSigStub.exe
2014-03-18 01:02:08    70592    ----a-w-    C:\Windows\System32\drivers\cfwids.sys
2014-03-18 00:54:54    345456    ----a-w-    C:\Windows\System32\drivers\mfewfpk.sys
2014-03-18 00:54:26    185792    ----a-w-    C:\Windows\System32\mfevtps.exe
2014-03-18 00:49:44    783864    ----a-w-    C:\Windows\System32\drivers\mfehidk.sys
2014-03-18 00:47:30    522360    ----a-w-    C:\Windows\System32\drivers\mfefirek.sys
2014-03-18 00:45:38    311600    ----a-w-    C:\Windows\System32\drivers\mfeavfk.sys
2014-03-18 00:44:40    180272    ----a-w-    C:\Windows\System32\drivers\mfeapfk.sys
2014-03-13 16:18:27    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-13 16:18:27    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-03-06 09:31:33    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2014-03-06 08:59:04    66048    ----a-w-    C:\Windows\System32\iesetup.dll
2014-03-06 08:57:34    548352    ----a-w-    C:\Windows\System32\vbscript.dll
2014-03-06 08:57:20    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2014-03-06 08:29:40    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe
2014-03-06 08:29:14    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2014-03-06 08:28:15    752640    ----a-w-    C:\Windows\System32\jscript9diag.dll
2014-03-06 08:15:54    940032    ----a-w-    C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-06 08:11:41    5784064    ----a-w-    C:\Windows\System32\jscript9.dll
2014-03-06 08:02:34    61952    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2014-03-06 08:02:33    455168    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2014-03-06 08:01:01    51200    ----a-w-    C:\Windows\SysWow64\ieetwproxystub.dll
2014-03-06 07:56:43    38400    ----a-w-    C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-03-06 07:46:36    4254720    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2014-03-06 07:38:13    112128    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2014-03-06 07:36:40    592896    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2014-03-06 07:13:43    32256    ----a-w-    C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-03-06 07:11:15    2043904    ----a-w-    C:\Windows\System32\inetcpl.cpl
2014-03-06 06:40:39    1967104    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2014-03-06 06:22:40    2260480    ----a-w-    C:\Windows\System32\wininet.dll
2014-03-06 05:41:49    1789440    ----a-w-    C:\Windows\SysWow64\wininet.dll
2014-03-04 09:44:21    362496    ----a-w-    C:\Windows\System32\wow64win.dll
2014-03-04 09:44:21    243712    ----a-w-    C:\Windows\System32\wow64.dll
2014-03-04 09:44:21    13312    ----a-w-    C:\Windows\System32\wow64cpu.dll
2014-03-04 09:44:03    16384    ----a-w-    C:\Windows\System32\ntvdm64.dll
2014-03-04 09:17:19    14336    ----a-w-    C:\Windows\SysWow64\ntvdm64.dll
2014-03-04 09:17:05    44032    ----a-w-    C:\Windows\apppatch\acwow64.dll
2014-03-04 09:16:54    25600    ----a-w-    C:\Windows\SysWow64\setup16.exe
2014-03-04 09:16:18    5120    ----a-w-    C:\Windows\SysWow64\wow32.dll
2014-03-04 08:09:30    7680    ----a-w-    C:\Windows\SysWow64\instnm.exe
2014-03-04 08:09:29    2048    ----a-w-    C:\Windows\SysWow64\user.exe
2014-02-07 01:23:30    3156480    ----a-w-    C:\Windows\System32\win32k.sys
2014-02-04 02:35:56    190912    ----a-w-    C:\Windows\System32\drivers\storport.sys
2014-02-04 02:35:35    27584    ----a-w-    C:\Windows\System32\drivers\Diskdump.sys
2014-02-04 02:32:22    1424384    ----a-w-    C:\Windows\System32\WindowsCodecs.dll
2014-02-04 02:32:12    624128    ----a-w-    C:\Windows\System32\qedit.dll
2014-02-04 02:28:36    2048    ----a-w-    C:\Windows\System32\iologmsg.dll
2014-02-04 02:04:22    1230336    ----a-w-    C:\Windows\SysWow64\WindowsCodecs.dll
2014-02-04 02:04:11    509440    ----a-w-    C:\Windows\SysWow64\qedit.dll
2014-02-04 02:00:39    2048    ----a-w-    C:\Windows\SysWow64\iologmsg.dll
.
============= FINISH: 14:23:11.59 ===============
 

 

Thanks for your help!

Eric

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,749 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:01 AM

Posted 09 May 2014 - 09:25 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Before I suggest any fix I will need your to run these tools.

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the correct version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.

Let me know what problem persists.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,749 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:01 AM

Posted 15 May 2014 - 08:07 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users