TechSpot

Malware: Fake codec download 'flash' player

Inactive
By Lifesnadir
Apr 30, 2014
Topic Status:
Not open for further replies.
  1. I first want to describe what happened and what steps have already been taken. In my next posting (below) I will post the logs.

    User Info:
    I never download unknown files; I never download music or do filesharing. AVG Free is always on and auto updated. I use Malawarebytes and CCleaner (cookies and temp file deletion). I only visit reputable websites. I don't click on unknown links or videos etc.

    What happened:
    I was on a reputable website, clicked a known link, and suddenly got a full browser pop-up from a dot come site called "appimat" saying I need to download a codec for a flashplayer for video. The page uses an icon similar to the trusted "Flash" for games... I was suspicious so I did NOT download it. But the page pops up a smaller "navigate-away--yes-no" box... I X'd it out and closed the page.

    Immediately, a second pop-up from a dot com called vidsafehaven -- again I X'd out.

    These 2 trigger about 20 other pop-ups from jobs to sex.

    I immediately ran AVG Full Scan. It reported an "unknown file" attached to a system file... it said it "healed" the problem. NOTE that in April prior to these pop-ups, AVG reported that it blocked 3 separate attempts from "Generic 35btek".

    I called AVG. We did the following steps, rebooting the computer after each step:
    1. Checked Add-Remove for any unknown program or toolbar - None.
    2. Re-ran AVG - Found Nothing. Tech deleted the prior 3 blocked attempts from the AVG Vault.
    3. Went to Google Chrome (primary browser) > Settings > History... I manually deleted ALL instances of the offending pages and ad pages.
    4. Went to Chrome > Settings > Cookies and manually deleted any unknown cookies.
    5. Updated and Ran Malawarebytes. First time NO results. Second time, it removed 25 items.
    6. Ran CCLeaner>Analyse - Manually went through Cookies and deleted the offenders and ads.
    7. Re-ran AVG - nothing.
    8. Ran a Malware Remover Tool that AVG sent - nothing.

    Visited a regular website, and as soon as I highlight words on the page, OR scrolled, OR clicked a link, the same garbage started happening. I re-did steps 1 through 8.

    AVG recommended I browse "incognito". But within 5 minutes, same garbage. Re-did same steps. Obviously, AVG is unable to identify this malware OR did not remove it completely.

    Next I will post the logs.

    How do I zip the one file?

    Thank you very much.
  2. Lifesnadir

    Lifesnadir Newcomer, in training Topic Starter

    MALAWAREBYTES FULL SCAN
    Malwarebytes' Anti-Malware 1.42
    Database version: 3397
    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    4/29/2014 7:24:21 PM
    mbam-log-2014-04-29 (19-24-21).txt

    Scan type: Full Scan (C:\|)
    Objects scanned: 281489
    Time elapsed: 2 hour(s), 33 minute(s), 39 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
  3. Lifesnadir

    Lifesnadir Newcomer, in training Topic Starter

    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.55.2
    Run by [name] at 0:09:33 on 2014-04-30
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.897 [GMT -4:00]
    .
    AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    .
    ============== Running Processes ================
    .
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Elantech\ktp.exe
    C:\Program Files\Compal Electronics, INC\Sidewalker\CSWalker.exe
    C:\WINDOWS\system32\tsnp2std.exe
    C:\WINDOWS\vsnp2std.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Documents and Settings\Name\Local Settings\Application Data\CrossLoop\CrossLoopService.exe
    C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Google\Google Talk\googletalk.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\PROGRA~1\COMMON~1\AOL\125997~1\EE\AOLHOS~1.EXE
    C:\Documents and Settings\Name\Local Settings\Application Data\Amazon Cloud Player\Amazon Music Helper.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Java\jre7\bin\jqs.exe
    C:\PROGRA~1\COMMON~1\AOL\125997~1\EE\AOLServiceHost.exe
    C:\Program Files\Google\Update\1.3.23.9\GoogleCrashHandler.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Name\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Name\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Name\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Name\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Program Files\Scientific Software\ATLASti\Program\atlasti.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Documents and Settings\Name\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Documents and Settings\Name\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Name\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Name\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Documents and Settings\Name\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Name\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uSearch Bar = hxxp://www.google.com/ie
    uSearch Page = hxxp://www.google.com
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    mSearchAssistant = hxxp://www.google.com/ie
    uURLSearchHooks: CFBFAE00-17A6-11D0-99CB-00C04FD64497} - <orphaned>
    uURLSearchHooks: <No Name>: - LocalServer32 - <no file>
    dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
    BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - <orphaned>
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
    BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
    BHO: MP3 Rocket Downloader: {c5e9c0b3-8b18-4b1b-ad67-c1a063ab2b34} -
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
    BHO: ChromeFrame BHO: {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - c:\program files\google\chrome frame\application\32.0.1700.107\npchrome_frame.dll
    TB: &Google: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    TB: &Google: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    EB: Real.com: {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\shdocvw.dll
    uRun: [jsg8jfgfdfhfhf] c:\windows\temp\winlognn.exe
    uRun: [Google Update] "c:\documents and settings\Name\local settings\application data\google\update\GoogleUpdate.exe" /c
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
    uRun: [AVG-Secure-Search-Update_1113a] c:\documents and settings\Name\application data\avg 1113a campaign\AVG-Secure-Search-Update-1113a.exe /PROMPT /mid=b7559a003ae2dabc269ba68a5aa5a3a1-414b99eaaeb5eafa1e42050f994f2d782fba3cdc /CMPID=1113a
    uRun: [Amazon Cloud Player] "c:\documents and settings\Name\local settings\application data\amazon cloud player\Amazon Music Helper.exe"
    mRun: [igfxtray] c:\windows\system32\igfxtray.exe
    mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
    mRun: [igfxpers] c:\windows\system32\igfxpers.exe
    mRun: [KTPWare] c:\program files\elantech\ktp.exe
    mRun: [Sidewalker] c:\program files\compal electronics, inc\sidewalker\CSWalker.exe
    mRun: [tsnp2std] c:\windows\system32\tsnp2std.exe
    mRun: [snp2std] c:\windows\vsnp2std.exe
    mRun: [jsg8jfgfdfhfhf] c:\windows\temp\winlognn.exe
    mRun: [AGRSMMSG] AGRSMMSG.exe
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [Alcmtr] ALCMTR.EXE
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [HostManager] c:\program files\common files\aol\1259979935\ee\AOLHostManager.exe
    mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [Pure Networks Port Magic] "c:\progra~1\purene~1\portma~1\PortAOL.exe" -Run
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [HF_G_Jul] "c:\program files\avg secure search\HF_G_Jul.exe" /DoAction
    mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
    mRun: [ROC_ROC_JULY_P1] "c:\program files\avg secure search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
    mRun: [AVG_UI] "c:\program files\avg\avg2014\avgui.exe" /TRAYONLY
    mRun: [ROC_ROC_NT] "c:\program files\avg secure search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    dRunOnce: [nlhr] RunDll32.exe c:\windows\system32\advpack.dll,launchinfsection c:\windows\inf\nlite.inf,C
    dRunOnce: [tscuninstall] c:\windows\system32\tscupgrd.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    Trusted Zone: ancestry.com
    DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} - hxxp://www.worldwinner.com/games/v47/scrabblecubes/scrabblecubes.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} - hxxp://mypoints.worldwinner.com/games/v47/shared/FunGamesLoader.cab
    DPF: {3D3DBC64-0D21-4EA4-94EE-86D6D9B31C0C} - hxxp://www.worldwinner.com/games/v45/moneylist/moneylist.cab
    DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab
    DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} - hxxp://www.worldwinner.com/games/launcher/ie/v2.23.01.0/iewwload.cab
    DPF: {C82BB209-F528-46F9-96D5-69DEF7260916} - hxxp://www.worldwinner.com/games/v45/mysterypi/mysterypi.cab
    DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} - hxxp://www.worldwinner.com/games/v43/paint/paint.cab
    DPF: {CAFEEFAC-0017-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{9F1ECAC8-4AF9-463F-92D3-E86F12974604} : DHCPNameServer = 192.168.1.1
    Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - c:\program files\google\chrome frame\application\32.0.1700.107\npchrome_frame.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
    Notify: igfxcui - igfxdev.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    mASetup: >>Workshare Professional - c:\program files\workshare\modules\Workshare.Professional.UserInit.exe
    mASetup: >>Workshare Protect Client - c:\program files\workshare\modules\Workshare.Protect.UserInit.exe
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\Name\application data\mozilla\firefox\profiles\tinlslip.default\
    FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
    FF - plugin: c:\documents and settings\Name\local settings\application data\google\update\1.3.21.135\npGoogleUpdate3.dll
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\java\jre6\bin\npdeployJava1.dll
    FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
    FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
    FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
    FF - plugin: c:\windows\system32\npDeployJava1.dll
    FF - plugin: c:\windows\system32\npptools.dll
    FF - ExtSQL: !HIDDEN! 2012-05-31 18:01; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 150296]
    R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012-8-9 238872]
    R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 108312]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 28440]
    R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [2013-8-1 123160]
    R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 199960]
    R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 22296]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 193304]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-3-19 211224]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2014\avgidsagent.exe [2014-4-18 3645456]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg2014\avgwdsvc.exe [2014-3-27 291912]
    R2 CrossLoopService;CrossLoop Service;c:\documents and settings\Name\local settings\application data\crossloop\CrossLoopService.exe [2012-4-1 569072]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-10-23 172192]
    S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]
    S3 tvnserver;TightVNC Server;c:\documents and settings\Name\local settings\application data\crossloop\tvnserver.exe [2012-4-1 814080]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
    .
    =============== File Associations ===============
    .
    FileExt: .txt: txtfile=c:\windows\system32\NOTEPAD.EXE %1 [UserChoice]
    ShellExec: FRONTPG.EXE: edit=c:\progra~1\micros~4\office\FRONTPG.EXE
    ShellExec: SolidConverterSDKExe.exe: open="c:\program files\workshare\pdfconverter\scpdf\"
    .
    =============== Created Last 30 ================
    .
    .
    ==================== Find3M ====================
    .
    2014-04-29 09:53:39 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2014-04-29 09:53:39 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2014-04-29 00:03:50 107736 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2014-04-18 19:02:04 199960 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
    2014-04-03 13:50:56 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
    2014-03-31 20:11:58 211224 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2014-03-28 02:15:18 193304 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2014-03-28 02:14:40 123160 ----a-w- c:\windows\system32\drivers\avgdiskx.sys
    2014-03-28 02:04:22 150296 ----a-w- c:\windows\system32\drivers\avgidshx.sys
    2014-03-28 02:04:02 238872 ----a-w- c:\windows\system32\drivers\avglogx.sys
    2014-03-28 02:03:22 28440 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
    2014-03-28 02:03:20 22296 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
    2014-03-06 17:59:23 920064 ----a-w- c:\windows\system32\wininet.dll
    2014-03-06 17:59:22 43520 ------w- c:\windows\system32\licmgr10.dll
    2014-03-06 17:59:22 18944 ----a-w- c:\windows\system32\corpol.dll
    2014-03-06 17:59:22 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2014-03-06 00:46:54 385024 ------w- c:\windows\system32\html.iec
    2014-02-07 02:01:37 1879040 ----a-w- c:\windows\system32\win32k.sys
    2014-02-05 08:55:04 562688 ----a-w- c:\windows\system32\qedit.dll
    .
    ============= FINISH: 0:16:07.92 ===============
  4. Lifesnadir

    Lifesnadir Newcomer, in training Topic Starter

    Please advise how to ZIP the other file called "Attach.txt".

    Thanks.
  5. Broni

    Broni Malware Annihilator Posts: 46,478   +252

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ==============================

    [​IMG] No zipping needed. Simply paste Attach.txt log from DDS into your next reply.

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2

    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Create new restore point before proceeding with the next step....
    How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

    Download Malwarebytes Anti-Rootkit (MBAR) from HERE
    • Unzip downloaded file.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    • Wait while the system shuts down and the cleanup process is performed.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
  6. Lifesnadir

    Lifesnadir Newcomer, in training Topic Starter

    ATTACH.TXT - POSTING AS REQUESTED
    DDS (Ver_2012-11-20.01)
    Microsoft Windows XP Professional

    Boot Device: \Device\HarddiskVolume1
    Install Date: 1/30/2009 10:51:13 PM
    System Uptime: 4/29/2014 1:20:03 PM (11 hours ago)
    .
    Motherboard: COMPAL | | HEL8X
    Processor: Genuine Intel(R) CPU T2050 @ 1.60GHz | U2E1 | 1595/mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 75 GiB total, 40.937 GiB free.
    D: is CDROM ()
    E: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP1024: 1/30/2014 4:04:47 PM - System Checkpoint
    RP1025: 2/2/2014 8:15:41 AM - System Checkpoint
    RP1026: 2/5/2014 6:20:28 AM - System Checkpoint
    RP1027: 2/6/2014 3:04:05 PM - System Checkpoint
    RP1028: 2/7/2014 9:05:40 PM - System Checkpoint
    RP1029: 2/10/2014 7:50:19 PM - System Checkpoint
    RP1030: 2/12/2014 3:47:12 PM - System Checkpoint
    RP1031: 2/13/2014 6:54:46 PM - System Checkpoint
    RP1032: 2/17/2014 12:13:57 PM - System Checkpoint
    RP1033: 2/19/2014 2:50:25 PM - System Checkpoint
    RP1034: 2/22/2014 5:31:17 AM - System Checkpoint
    RP1035: 2/24/2014 7:15:22 PM - System Checkpoint
    RP1036: 2/25/2014 7:52:45 PM - System Checkpoint
    RP1037: 2/27/2014 4:18:01 PM - System Checkpoint
    RP1038: 3/1/2014 11:31:08 AM - System Checkpoint
    RP1039: 3/4/2014 7:26:13 PM - System Checkpoint
    RP1040: 3/7/2014 3:55:01 PM - System Checkpoint
    RP1041: 3/9/2014 3:06:53 AM - Installed AVG 2014
    RP1042: 3/9/2014 3:09:26 AM - Removed AVG 2014
    RP1043: 3/11/2014 1:37:20 PM - System Checkpoint
    RP1044: 3/13/2014 2:17:24 PM - System Checkpoint
    RP1045: 3/16/2014 9:12:08 PM - b4 CCleaner411
    RP1046: 3/19/2014 7:03:11 PM - System Checkpoint
    RP1047: 3/26/2014 8:06:00 PM - System Checkpoint
    RP1048: 3/28/2014 2:28:29 AM - b4 WinXP Security Updates
    RP1049: 3/28/2014 2:46:10 AM - Software Distribution Service 3.0
    RP1050: 3/30/2014 1:20:10 PM - System Checkpoint
    RP1051: 3/31/2014 4:34:35 PM - System Checkpoint
    RP1052: 4/1/2014 4:21:04 AM - b4 WinXP priority updates
    RP1053: 4/1/2014 5:15:44 AM - Software Distribution Service 3.0
    RP1054: 4/3/2014 4:47:27 AM - System Checkpoint
    RP1055: 4/5/2014 1:47:33 PM - System Checkpoint
    RP1056: 4/6/2014 10:15:51 PM - b4 WinXP Updates
    RP1057: 4/7/2014 1:49:08 AM - b4 LAME file for Audacity to make MP3files
    RP1058: 4/7/2014 1:50:47 AM - Software Distribution Service 3.0
    RP1059: 4/10/2014 4:09:19 PM - System Checkpoint
    RP1060: 4/12/2014 11:21:09 PM - System Checkpoint
    RP1061: 4/15/2014 10:16:58 PM - b4 Windows updates
    RP1062: 4/15/2014 10:19:51 PM - Software Distribution Service 3.0
    RP1063: 4/18/2014 3:50:32 PM - b4 Java ver 7 update 55
    RP1064: 4/18/2014 3:52:10 PM - Installed Java 7 Update 55
    RP1065: 4/19/2014 9:18:56 PM - System Checkpoint
    RP1066: 4/24/2014 12:37:30 AM - System Checkpoint
    RP1067: 4/26/2014 3:03:19 PM - b4 update CCLeaner ver 4.13
    RP1068: 4/26/2014 4:12:11 PM - b4 DL of Amazon Cloud Player for PC
    RP1069: 4/27/2014 6:14:49 PM - Removed Ask Toolbar
    RP1070: 4/27/2014 6:18:21 PM - Removed InstallIQ Updater
    RP1071: 4/28/2014 8:26:50 PM - b4 malawarebytes REMOVING JUNK
    RP1072: 4/30/2014 12:00:11 AM - System Checkpoint
    .
    ==== Installed Programs ======================
    .
    AbiWord 2.8.6
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 10 Plugin
    Adobe Flash Player 13 ActiveX
    Adobe Photoshop 5.5
    Adobe Photoshop 7.0
    Adobe Reader X (10.1.9)
    Adobe Shockwave Player 11.6
    Agere Systems HDA Modem
    AiO_Scan
    AiOSoftware
    Amazon Cloud Player
    America Online (Choose which version to remove)
    Ancestry World Archives Project - Keying Tool
    AOL Coach Version 2.0(Build:20041026.5 en)
    AOL Connectivity Services
    ATLAS.ti
    Audacity 1.2.6
    Audacity 1.3.14 (Unicode)
    AVG 2014
    BufferChm
    CCleaner
    Coupon Printer for Windows
    CP_AtenaShokunin1Config
    CP_CalendarTemplates1
    CP_Package_Basic1
    CP_Package_Variety1
    CP_Package_Variety2
    CP_Package_Variety3
    CP_Panorama1Config
    CrossLoop 2.82
    CueTour
    CutePDF Writer 2.8
    Destinations
    DeviceFunctionQFolder
    DocProc
    DocumentViewer
    DocumentViewerQFolder
    Easy Thumbnails (Remove only)
    ERUNT 1.1j
    eSupportQFolder
    EXMARaLDA 1.9
    FamilySearch Indexing 3.12.1
    FastStone Image Viewer 4.0
    Fax
    FileZilla Client 3.7.3
    Free Opener
    FullDPAppQFolder
    GenoPro 2.5.3.9
    Google Chrome
    Google Chrome Frame
    Google Earth
    Google Talk (remove only)
    Google Toolbar for Internet Explorer
    Google Update Helper
    Graph 4.4.2
    High Definition Audio Driver Package - KB888111
    HijackThis 2.0.2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2633952)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    HP Document Viewer 5.3
    HP Image Zone 5.3
    HP Imaging Device Functions 5.3
    HP PSC & OfficeJet 5.3.B
    HP Software Update
    HP Solution Center & Imaging Support Tools 5.3
    HPProductAssistant
    iLivid
    InstantShareDevices
    Integrated Camera
    Intel(R) Graphics Media Accelerator Driver
    Java 7 Update 55
    Java Auto Updater
    KTP Ware PS/2-WDM 5.0.3.8
    LAME v3.99.3 (for Windows)
    Malwarebytes' Anti-Malware
    Malwarebytes Anti-Malware version 2.0.1.1004
    Mendeley Desktop 1.5
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2833941)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft FrontPage 2000
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office File Validation Add-In
    Microsoft Office Professional Edition 2003
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Works 2003 Setup Launcher
    Microsoft Works 7.0
    Microsoft Works Suite Add-in for Microsoft Word
    Microsoft WSE 3.0 Runtime
    Mozilla Firefox 16.0.1 (x86 en-US)
    Mozilla Maintenance Service
    Mozilla Thunderbird 16.0.2 (x86 en-US)
    MP3 Rocket
    MSN
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    NewCopy
    PanoStandAlone
    PhotoGallery
    ProductContext
    Pure Networks Port Magic
    QDA Miner Lite 1.2
    QuickTime
    RandMap
    Readme
    RealPlayer Basic
    REALTEK GbE & FE Ethernet PCI-E NIC Driver
    Realtek High Definition Audio Driver
    RewardsArcadeSuite
    Scan
    ScannerCopy
    Screen Calipers
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2898855v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2901110v2)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
    Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
    Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
    Security Update for Microsoft .NET Framework 4 Extended (KB2901110v2)
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Windows Internet Explorer 7 (KB2530548)
    Security Update for Windows Internet Explorer 7 (KB938127-v2)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 7 (KB974455)
    Security Update for Windows Internet Explorer 7 (KB976325)
    Security Update for Windows Internet Explorer 7 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2559049)
    Security Update for Windows Internet Explorer 8 (KB2675157)
    Security Update for Windows Internet Explorer 8 (KB2909210)
    Security Update for Windows Internet Explorer 8 (KB2925418)
    Security Update for Windows Internet Explorer 8 (KB2936068)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB2834904-v2)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2584146)
    Security Update for Windows XP (KB2585542)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB2598479)
    Security Update for Windows XP (KB2603381)
    Security Update for Windows XP (KB2618451)
    Security Update for Windows XP (KB2619339)
    Security Update for Windows XP (KB2620712)
    Security Update for Windows XP (KB2621440)
    Security Update for Windows XP (KB2624667)
    Security Update for Windows XP (KB2631813)
    Security Update for Windows XP (KB2646524)
    Security Update for Windows XP (KB2653956)
    Security Update for Windows XP (KB2655992)
    Security Update for Windows XP (KB2659262)
    Security Update for Windows XP (KB2661637)
    Security Update for Windows XP (KB2676562)
    Security Update for Windows XP (KB2686509)
    Security Update for Windows XP (KB2691442)
    Security Update for Windows XP (KB2695962)
    Security Update for Windows XP (KB2698365)
    Security Update for Windows XP (KB2705219-v2)
    Security Update for Windows XP (KB2712808)
    Security Update for Windows XP (KB2719985)
    Security Update for Windows XP (KB2723135-v2)
    Security Update for Windows XP (KB2727528)
    Security Update for Windows XP (KB2757638)
    Security Update for Windows XP (KB2758857)
    Security Update for Windows XP (KB2770660)
    Security Update for Windows XP (KB2780091)
    Security Update for Windows XP (KB2802968)
    Security Update for Windows XP (KB2807986)
    Security Update for Windows XP (KB2813345)
    Security Update for Windows XP (KB2820917)
    Security Update for Windows XP (KB2834886)
    Security Update for Windows XP (KB2847311)
    Security Update for Windows XP (KB2850869)
    Security Update for Windows XP (KB2859537)
    Security Update for Windows XP (KB2862152)
    Security Update for Windows XP (KB2862330)
    Security Update for Windows XP (KB2862335)
    Security Update for Windows XP (KB2864063)
    Security Update for Windows XP (KB2868038)
    Security Update for Windows XP (KB2868626)
    Security Update for Windows XP (KB2876217)
    Security Update for Windows XP (KB2876331)
    Security Update for Windows XP (KB2892075)
    Security Update for Windows XP (KB2893294)
    Security Update for Windows XP (KB2898715)
    Security Update for Windows XP (KB2900986)
    Security Update for Windows XP (KB2914368)
    Security Update for Windows XP (KB2916036)
    Security Update for Windows XP (KB2922229)
    Security Update for Windows XP (KB2929961)
    Security Update for Windows XP (KB2930275)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958215)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960714)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371-v2)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982665)
    Segoe UI
    Sidewalker
    SK.Helper 1.74
    SketchUp 8
    SkinsHP1
    Skype™ 6.11
    SolutionCenter
    Sonic_PrimoSDK
    Spybot - Search & Destroy
    Status
    swMSM
    TranscriberAG
    TrayApp
    Unload
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
    Update for Microsoft .NET Framework 4 Extended (KB2836939v3)
    Update for Windows Internet Explorer 7 (KB976749)
    Update for Windows Internet Explorer 8 (KB2447568)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2641690)
    Update for Windows XP (KB2749655)
    Update for Windows XP (KB2904266)
    Update for Windows XP (KB2934207)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB961503)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Viewpoint Media Player
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    Visual Studio 2012 x86 Redistributables
    VLC media player 2.1.3
    waterMark V2
    WebFldrs XP
    WebReg
    WFMJ Live Online
    Windows Genuine Advantage Notifications (KB905474)
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Messenger
    Windows Live Sign-in Assistant
    Windows Live Upload Tool
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows PowerShell(TM) 1.0
    Windows XP Service Pack 3
    WinMerge 2.12.4
    Works Suite OS Pack
    Workshare Compare
    Workshare PDF Converter
    Xenu's Link Sleuth
    XY Family Tree 6.5
    .
    ==== Event Viewer Messages From Past Week ========
    .
    4/27/2014 6:10:02 PM, error: ACPIEC [1] - \Device\ACPIEC: The embedded controller (EC) hardware didn't respond within the timeout period. This may indicate an error in the EC hardware or firmware, or possibly a poorly designed BIOS which accesses the EC in an unsafe manner. The EC driver will retry the failed transaction if possible.
    4/26/2014 12:23:06 AM, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 0018DEBA5503 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    4/23/2014 1:50:48 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the avgwd service.
    4/23/2014 1:29:41 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
    .
    ==== End Of File ===========================
  7. Lifesnadir

    Lifesnadir Newcomer, in training Topic Starter

    I want to draw your attention to two threads of people using Chrome who are reporting exact issue -- all started within the last week.
    --this thread for MAC:
    https://discussions.apple.com/thread/6141436?start=0&tstart=0

    And this thread for Windows / Google Chrome
    https://productforums.google.com/fo...e=footer#!msg/chrome/oc4OuhEq1uc/UnHNSmqK9fUJ

    They are suggesting this same issue is a router-DNS infection???

    My router log shows several unsuccessful attempts to log in from a remote location. Internet Provider plans to look at Router tomorrow.

    I will need tomorrow to download and run the program you suggested. I will post late tomorrow evening.

    Thank you.
  8. Broni

    Broni Malware Annihilator Posts: 46,478   +252

  9. Lifesnadir

    Lifesnadir Newcomer, in training Topic Starter

    Broni,

    I had my Internet Provider reset my router and modem and put heavier security on.
    Blessedly, the problem has not happened at all today. Perhaps those forum posts are correct?

    If you wouldn't mind, I'd like to put my PC through heavy use for a day and see if anything bad starts up again. I realize I might still need to do the next recommended test ... but I'd rather avoid it if I can. Do you concur this is an appropriate strategy?

    I will be back within 24 to 36 hours to let you know if I need to proceed... if that's okay with you?

    Thank you.
  10. Broni

    Broni Malware Annihilator Posts: 46,478   +252

    No problem.
  11. Broni

    Broni Malware Annihilator Posts: 46,478   +252

    Still with me?
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.