Inactive Malware: Fake codec download 'flash' player

[Lifesnadir]

I first want to describe what happened and what steps have already been taken. In my next posting (below) I will post the logs.

User Info:
I never download unknown files; I never download music or do filesharing. AVG Free is always on and auto updated. I use Malawarebytes and CCleaner (cookies and temp file deletion). I only visit reputable websites. I don't click on unknown links or videos etc.

What happened:
I was on a reputable website, clicked a known link, and suddenly got a full browser pop-up from a dot come site called "appimat" saying I need to download a codec for a flashplayer for video. The page uses an icon similar to the trusted "Flash" for games... I was suspicious so I did NOT download it. But the page pops up a smaller "navigate-away--yes-no" box... I X'd it out and closed the page.

Immediately, a second pop-up from a dot com called vidsafehaven -- again I X'd out.

These 2 trigger about 20 other pop-ups from jobs to sex.

I immediately ran AVG Full Scan. It reported an "unknown file" attached to a system file... it said it "healed" the problem. NOTE that in April prior to these pop-ups, AVG reported that it blocked 3 separate attempts from "Generic 35btek".

I called AVG. We did the following steps, rebooting the computer after each step:
1. Checked Add-Remove for any unknown program or toolbar - None.
2. Re-ran AVG - Found Nothing. Tech deleted the prior 3 blocked attempts from the AVG Vault.
3. Went to Google Chrome (primary browser) > Settings > History... I manually deleted ALL instances of the offending pages and ad pages.
4. Went to Chrome > Settings > Cookies and manually deleted any unknown cookies.
5. Updated and Ran Malawarebytes. First time NO results. Second time, it removed 25 items.
6. Ran CCLeaner>Analyse - Manually went through Cookies and deleted the offenders and ads.
7. Re-ran AVG - nothing.
8. Ran a Malware Remover Tool that AVG sent - nothing.

Visited a regular website, and as soon as I highlight words on the page, OR scrolled, OR clicked a link, the same garbage started happening. I re-did steps 1 through 8.

AVG recommended I browse "incognito". But within 5 minutes, same garbage. Re-did same steps. Obviously, AVG is unable to identify this malware OR did not remove it completely.

Next I will post the logs.

How do I zip the one file?

Thank you very much.

 

[Lifesnadir]

MALAWAREBYTES FULL SCAN
Malwarebytes' Anti-Malware 1.42
Database version: 3397
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

4/29/2014 7:24:21 PM
mbam-log-2014-04-29 (19-24-21).txt

Scan type: Full Scan (C:\|)
Objects scanned: 281489
Time elapsed: 2 hour(s), 33 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

 

[Lifesnadir]

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.55.2
Run by [name] at 0:09:33 on 2014-04-30
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.897 [GMT -4:00]
.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Elantech\ktp.exe
C:\Program Files\Compal Electronics, INC\Sidewalker\CSWalker.exe
C:\WINDOWS\system32\tsnp2std.exe
C:\WINDOWS\vsnp2std.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Documents and Settings\Name\Local Settings\Application Data\CrossLoop\CrossLoopService.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\PROGRA~1\COMMON~1\AOL\125997~1\EE\AOLHOS~1.EXE
C:\Documents and Settings\Name\Local Settings\Application Data\Amazon Cloud Player\Amazon Music Helper.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\PROGRA~1\COMMON~1\AOL\125997~1\EE\AOLServiceHost.exe
C:\Program Files\Google\Update\1.3.23.9\GoogleCrashHandler.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Name\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Name\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Name\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Name\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Scientific Software\ATLASti\Program\atlasti.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Name\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Name\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Name\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Name\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Name\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Name\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: CFBFAE00-17A6-11D0-99CB-00C04FD64497} - <orphaned>
uURLSearchHooks: <No Name>: - LocalServer32 - <no file>
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - <orphaned>
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: MP3 Rocket Downloader: {c5e9c0b3-8b18-4b1b-ad67-c1a063ab2b34} -
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: ChromeFrame BHO: {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - c:\program files\google\chrome frame\application\32.0.1700.107\npchrome_frame.dll
TB: &Google: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
TB: &Google: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
EB: Real.com: {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\shdocvw.dll
uRun: [jsg8jfgfdfhfhf] c:\windows\temp\winlognn.exe
uRun: [Google Update] "c:\documents and settings\Name\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [AVG-Secure-Search-Update_1113a] c:\documents and settings\Name\application data\avg 1113a campaign\AVG-Secure-Search-Update-1113a.exe /PROMPT /mid=b7559a003ae2dabc269ba68a5aa5a3a1-414b99eaaeb5eafa1e42050f994f2d782fba3cdc /CMPID=1113a
uRun: [Amazon Cloud Player] "c:\documents and settings\Name\local settings\application data\amazon cloud player\Amazon Music Helper.exe"
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [KTPWare] c:\program files\elantech\ktp.exe
mRun: [Sidewalker] c:\program files\compal electronics, inc\sidewalker\CSWalker.exe
mRun: [tsnp2std] c:\windows\system32\tsnp2std.exe
mRun: [snp2std] c:\windows\vsnp2std.exe
mRun: [jsg8jfgfdfhfhf] c:\windows\temp\winlognn.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [HostManager] c:\program files\common files\aol\1259979935\ee\AOLHostManager.exe
mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Pure Networks Port Magic] "c:\progra~1\purene~1\portma~1\PortAOL.exe" -Run
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [HF_G_Jul] "c:\program files\avg secure search\HF_G_Jul.exe" /DoAction
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [ROC_ROC_JULY_P1] "c:\program files\avg secure search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
mRun: [AVG_UI] "c:\program files\avg\avg2014\avgui.exe" /TRAYONLY
mRun: [ROC_ROC_NT] "c:\program files\avg secure search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRunOnce: [nlhr] RunDll32.exe c:\windows\system32\advpack.dll,launchinfsection c:\windows\inf\nlite.inf,C
dRunOnce: [tscuninstall] c:\windows\system32\tscupgrd.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: ancestry.com
DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} - hxxp://www.worldwinner.com/games/v47/scrabblecubes/scrabblecubes.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} - hxxp://mypoints.worldwinner.com/games/v47/shared/FunGamesLoader.cab
DPF: {3D3DBC64-0D21-4EA4-94EE-86D6D9B31C0C} - hxxp://www.worldwinner.com/games/v45/moneylist/moneylist.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab
DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} - hxxp://www.worldwinner.com/games/launcher/ie/v2.23.01.0/iewwload.cab
DPF: {C82BB209-F528-46F9-96D5-69DEF7260916} - hxxp://www.worldwinner.com/games/v45/mysterypi/mysterypi.cab
DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} - hxxp://www.worldwinner.com/games/v43/paint/paint.cab
DPF: {CAFEEFAC-0017-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{9F1ECAC8-4AF9-463F-92D3-E86F12974604} : DHCPNameServer = 192.168.1.1
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - c:\program files\google\chrome frame\application\32.0.1700.107\npchrome_frame.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: >>Workshare Professional - c:\program files\workshare\modules\Workshare.Professional.UserInit.exe
mASetup: >>Workshare Protect Client - c:\program files\workshare\modules\Workshare.Protect.UserInit.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\Name\application data\mozilla\firefox\profiles\tinlslip.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - plugin: c:\documents and settings\Name\local settings\application data\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - ExtSQL: !HIDDEN! 2012-05-31 18:01; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 150296]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012-8-9 238872]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 108312]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 28440]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [2013-8-1 123160]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 199960]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 22296]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 193304]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-3-19 211224]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2014\avgidsagent.exe [2014-4-18 3645456]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2014\avgwdsvc.exe [2014-3-27 291912]
R2 CrossLoopService;CrossLoop Service;c:\documents and settings\Name\local settings\application data\crossloop\CrossLoopService.exe [2012-4-1 569072]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-10-23 172192]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]
S3 tvnserver;TightVNC Server;c:\documents and settings\Name\local settings\application data\crossloop\tvnserver.exe [2012-4-1 814080]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=c:\windows\system32\NOTEPAD.EXE %1 [UserChoice]
ShellExec: FRONTPG.EXE: edit=c:\progra~1\micros~4\office\FRONTPG.EXE
ShellExec: SolidConverterSDKExe.exe: open="c:\program files\workshare\pdfconverter\scpdf\"
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2014-04-29 09:53:39 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-04-29 09:53:39 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-04-29 00:03:50 107736 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2014-04-18 19:02:04 199960 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2014-04-03 13:50:56 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-03-31 20:11:58 211224 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2014-03-28 02:15:18 193304 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2014-03-28 02:14:40 123160 ----a-w- c:\windows\system32\drivers\avgdiskx.sys
2014-03-28 02:04:22 150296 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2014-03-28 02:04:02 238872 ----a-w- c:\windows\system32\drivers\avglogx.sys
2014-03-28 02:03:22 28440 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2014-03-28 02:03:20 22296 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2014-03-06 17:59:23 920064 ----a-w- c:\windows\system32\wininet.dll
2014-03-06 17:59:22 43520 ------w- c:\windows\system32\licmgr10.dll
2014-03-06 17:59:22 18944 ----a-w- c:\windows\system32\corpol.dll
2014-03-06 17:59:22 1469440 ------w- c:\windows\system32\inetcpl.cpl
2014-03-06 00:46:54 385024 ------w- c:\windows\system32\html.iec
2014-02-07 02:01:37 1879040 ----a-w- c:\windows\system32\win32k.sys
2014-02-05 08:55:04 562688 ----a-w- c:\windows\system32\qedit.dll
.
============= FINISH: 0:16:07.92 ===============

 

[Lifesnadir]

Please advise how to ZIP the other file called "Attach.txt".

Thanks.

 

[Broni]

Welcome aboard

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==============================

No zipping needed. Simply paste Attach.txt log from DDS into your next reply.

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

• Close all the running programs
• Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
• Otherwise just double-click on RogueKiller.exe
• Pre-scan will start. Let it finish.
• Click on SCAN button.
• Wait until the Status box shows Scan Finished
• Click on Delete.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.
• If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Create new restore point before proceeding with the next step....
How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

Download Malwarebytes Anti-Rootkit (MBAR) from HERE

• Unzip downloaded file.
• Open the folder where the contents were unzipped and run mbar.exe
• Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
• Click on the Cleanup button to remove any threats and reboot if prompted to do so.
• Wait while the system shuts down and the cleanup process is performed.
• Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
• When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt

 

[Lifesnadir]

ATTACH.TXT - POSTING AS REQUESTED
DDS (Ver_2012-11-20.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 1/30/2009 10:51:13 PM
System Uptime: 4/29/2014 1:20:03 PM (11 hours ago)
.
Motherboard: COMPAL | | HEL8X
Processor: Genuine Intel(R) CPU T2050 @ 1.60GHz | U2E1 | 1595/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 75 GiB total, 40.937 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1024: 1/30/2014 4:04:47 PM - System Checkpoint
RP1025: 2/2/2014 8:15:41 AM - System Checkpoint
RP1026: 2/5/2014 6:20:28 AM - System Checkpoint
RP1027: 2/6/2014 3:04:05 PM - System Checkpoint
RP1028: 2/7/2014 9:05:40 PM - System Checkpoint
RP1029: 2/10/2014 7:50:19 PM - System Checkpoint
RP1030: 2/12/2014 3:47:12 PM - System Checkpoint
RP1031: 2/13/2014 6:54:46 PM - System Checkpoint
RP1032: 2/17/2014 12:13:57 PM - System Checkpoint
RP1033: 2/19/2014 2:50:25 PM - System Checkpoint
RP1034: 2/22/2014 5:31:17 AM - System Checkpoint
RP1035: 2/24/2014 7:15:22 PM - System Checkpoint
RP1036: 2/25/2014 7:52:45 PM - System Checkpoint
RP1037: 2/27/2014 4:18:01 PM - System Checkpoint
RP1038: 3/1/2014 11:31:08 AM - System Checkpoint
RP1039: 3/4/2014 7:26:13 PM - System Checkpoint
RP1040: 3/7/2014 3:55:01 PM - System Checkpoint
RP1041: 3/9/2014 3:06:53 AM - Installed AVG 2014
RP1042: 3/9/2014 3:09:26 AM - Removed AVG 2014
RP1043: 3/11/2014 1:37:20 PM - System Checkpoint
RP1044: 3/13/2014 2:17:24 PM - System Checkpoint
RP1045: 3/16/2014 9:12:08 PM - b4 CCleaner411
RP1046: 3/19/2014 7:03:11 PM - System Checkpoint
RP1047: 3/26/2014 8:06:00 PM - System Checkpoint
RP1048: 3/28/2014 2:28:29 AM - b4 WinXP Security Updates
RP1049: 3/28/2014 2:46:10 AM - Software Distribution Service 3.0
RP1050: 3/30/2014 1:20:10 PM - System Checkpoint
RP1051: 3/31/2014 4:34:35 PM - System Checkpoint
RP1052: 4/1/2014 4:21:04 AM - b4 WinXP priority updates
RP1053: 4/1/2014 5:15:44 AM - Software Distribution Service 3.0
RP1054: 4/3/2014 4:47:27 AM - System Checkpoint
RP1055: 4/5/2014 1:47:33 PM - System Checkpoint
RP1056: 4/6/2014 10:15:51 PM - b4 WinXP Updates
RP1057: 4/7/2014 1:49:08 AM - b4 LAME file for Audacity to make MP3files
RP1058: 4/7/2014 1:50:47 AM - Software Distribution Service 3.0
RP1059: 4/10/2014 4:09:19 PM - System Checkpoint
RP1060: 4/12/2014 11:21:09 PM - System Checkpoint
RP1061: 4/15/2014 10:16:58 PM - b4 Windows updates
RP1062: 4/15/2014 10:19:51 PM - Software Distribution Service 3.0
RP1063: 4/18/2014 3:50:32 PM - b4 Java ver 7 update 55
RP1064: 4/18/2014 3:52:10 PM - Installed Java 7 Update 55
RP1065: 4/19/2014 9:18:56 PM - System Checkpoint
RP1066: 4/24/2014 12:37:30 AM - System Checkpoint
RP1067: 4/26/2014 3:03:19 PM - b4 update CCLeaner ver 4.13
RP1068: 4/26/2014 4:12:11 PM - b4 DL of Amazon Cloud Player for PC
RP1069: 4/27/2014 6:14:49 PM - Removed Ask Toolbar
RP1070: 4/27/2014 6:18:21 PM - Removed InstallIQ Updater
RP1071: 4/28/2014 8:26:50 PM - b4 malawarebytes REMOVING JUNK
RP1072: 4/30/2014 12:00:11 AM - System Checkpoint
.
==== Installed Programs ======================
.
AbiWord 2.8.6
Acrobat.com
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player 13 ActiveX
Adobe Photoshop 5.5
Adobe Photoshop 7.0
Adobe Reader X (10.1.9)
Adobe Shockwave Player 11.6
Agere Systems HDA Modem
AiO_Scan
AiOSoftware
Amazon Cloud Player
America Online (Choose which version to remove)
Ancestry World Archives Project - Keying Tool
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Connectivity Services
ATLAS.ti
Audacity 1.2.6
Audacity 1.3.14 (Unicode)
AVG 2014
BufferChm
CCleaner
Coupon Printer for Windows
CP_AtenaShokunin1Config
CP_CalendarTemplates1
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
CrossLoop 2.82
CueTour
CutePDF Writer 2.8
Destinations
DeviceFunctionQFolder
DocProc
DocumentViewer
DocumentViewerQFolder
Easy Thumbnails (Remove only)
ERUNT 1.1j
eSupportQFolder
EXMARaLDA 1.9
FamilySearch Indexing 3.12.1
FastStone Image Viewer 4.0
Fax
FileZilla Client 3.7.3
Free Opener
FullDPAppQFolder
GenoPro 2.5.3.9
Google Chrome
Google Chrome Frame
Google Earth
Google Talk (remove only)
Google Toolbar for Internet Explorer
Google Update Helper
Graph 4.4.2
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
HP Document Viewer 5.3
HP Image Zone 5.3
HP Imaging Device Functions 5.3
HP PSC & OfficeJet 5.3.B
HP Software Update
HP Solution Center & Imaging Support Tools 5.3
HPProductAssistant
iLivid
InstantShareDevices
Integrated Camera
Intel(R) Graphics Media Accelerator Driver
Java 7 Update 55
Java Auto Updater
KTP Ware PS/2-WDM 5.0.3.8
LAME v3.99.3 (for Windows)
Malwarebytes' Anti-Malware
Malwarebytes Anti-Malware version 2.0.1.1004
Mendeley Desktop 1.5
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft FrontPage 2000
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works 2003 Setup Launcher
Microsoft Works 7.0
Microsoft Works Suite Add-in for Microsoft Word
Microsoft WSE 3.0 Runtime
Mozilla Firefox 16.0.1 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird 16.0.2 (x86 en-US)
MP3 Rocket
MSN
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NewCopy
PanoStandAlone
PhotoGallery
ProductContext
Pure Networks Port Magic
QDA Miner Lite 1.2
QuickTime
RandMap
Readme
RealPlayer Basic
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
RewardsArcadeSuite
Scan
ScannerCopy
Screen Calipers
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2898855v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2901110v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2901110v2)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB2530548)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2909210)
Security Update for Windows Internet Explorer 8 (KB2925418)
Security Update for Windows Internet Explorer 8 (KB2936068)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB2834904-v2)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219-v2)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135-v2)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2847311)
Security Update for Windows XP (KB2850869)
Security Update for Windows XP (KB2859537)
Security Update for Windows XP (KB2862152)
Security Update for Windows XP (KB2862330)
Security Update for Windows XP (KB2862335)
Security Update for Windows XP (KB2864063)
Security Update for Windows XP (KB2868038)
Security Update for Windows XP (KB2868626)
Security Update for Windows XP (KB2876217)
Security Update for Windows XP (KB2876331)
Security Update for Windows XP (KB2892075)
Security Update for Windows XP (KB2893294)
Security Update for Windows XP (KB2898715)
Security Update for Windows XP (KB2900986)
Security Update for Windows XP (KB2914368)
Security Update for Windows XP (KB2916036)
Security Update for Windows XP (KB2922229)
Security Update for Windows XP (KB2929961)
Security Update for Windows XP (KB2930275)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Segoe UI
Sidewalker
SK.Helper 1.74
SketchUp 8
SkinsHP1
Skype™ 6.11
SolutionCenter
Sonic_PrimoSDK
Spybot - Search & Destroy
Status
swMSM
TranscriberAG
TrayApp
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2749655)
Update for Windows XP (KB2904266)
Update for Windows XP (KB2934207)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual Studio 2012 x86 Redistributables
VLC media player 2.1.3
waterMark V2
WebFldrs XP
WebReg
WFMJ Live Online
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell(TM) 1.0
Windows XP Service Pack 3
WinMerge 2.12.4
Works Suite OS Pack
Workshare Compare
Workshare PDF Converter
Xenu's Link Sleuth
XY Family Tree 6.5
.
==== Event Viewer Messages From Past Week ========
.
4/27/2014 6:10:02 PM, error: ACPIEC [1] - \Device\ACPIEC: The embedded controller (EC) hardware didn't respond within the timeout period. This may indicate an error in the EC hardware or firmware, or possibly a poorly designed BIOS which accesses the EC in an unsafe manner. The EC driver will retry the failed transaction if possible.
4/26/2014 12:23:06 AM, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 0018DEBA5503 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
4/23/2014 1:50:48 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the avgwd service.
4/23/2014 1:29:41 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
.
==== End Of File ===========================

 

[Lifesnadir]

I want to draw your attention to two threads of people using Chrome who are reporting exact issue -- all started within the last week.
--this thread for MAC:
https://discussions.apple.com/thread/6141436?start=0&tstart=0

And this thread for Windows / Google Chrome
https://productforums.google.com/fo...e=footer#!msg/chrome/oc4OuhEq1uc/UnHNSmqK9fUJ

They are suggesting this same issue is a router-DNS infection???

My router log shows several unsuccessful attempts to log in from a remote location. Internet Provider plans to look at Router tomorrow.

I will need tomorrow to download and run the program you suggested. I will post late tomorrow evening.

Thank you.

 

[Broni]

 

[Lifesnadir]

Broni,

I had my Internet Provider reset my router and modem and put heavier security on.
Blessedly, the problem has not happened at all today. Perhaps those forum posts are correct?

If you wouldn't mind, I'd like to put my PC through heavy use for a day and see if anything bad starts up again. I realize I might still need to do the next recommended test ... but I'd rather avoid it if I can. Do you concur this is an appropriate strategy?

I will be back within 24 to 36 hours to let you know if I need to proceed... if that's okay with you?

Thank you.

 

[Broni]

No problem.

 

[Broni]

Still with me?