Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Win32/Patched rpcs.dll


  • This topic is locked This topic is locked
18 replies to this topic

#1 CobaltCat

CobaltCat

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:19 PM

Posted 21 April 2014 - 07:39 PM

AVG keeps telling me

"Virus found Win32/Patched"

"c:\Windows\System32\rpcss.dll"

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16540
Run by Jeri at 17:31:41 on 2014-04-21
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.2012.910 [GMT -7:00]
.
AV: AVG AntiVirus 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ================
.
c:\PROGRA~1\AVG\AVG2014\avgrsx.exe
C:\Program Files\AVG\AVG2014\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\AVG SafeGuard toolbar\vprot.exe
C:\Program Files\AVG\AVG2014\avgui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Garmin\Express Tray\ExpressTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\AERTSrv.exe
C:\Program Files\AVG\AVG2014\avgidsagent.exe
C:\Program Files\AVG\AVG2014\avgwdsvc.exe
C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files\AVG\AVG2014\avgnsx.exe
C:\Program Files\AVG\AVG2014\avgemcx.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe
C:\Program Files\AVG\AVG2014\avgcsrvx.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\loggingserver.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\notepad.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/?ilc=1
uProxyOverride = localhost
uURLSearchHooks: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: SySaver: {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} - c:\users\jeri\appdata\local\sysaver\temp.dat
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg safeguard toolbar\18.0.5.292\AVG SafeGuard toolbar_toolbar.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg safeguard toolbar\18.0.5.292\AVG SafeGuard toolbar_toolbar.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [GarminExpressTrayApp] "c:\program files\garmin\express tray\ExpressTray.exe"
uRun: [Optimizer Pro] c:\program files\optimizer pro\OptProLauncher.exe
mRun: [vProt] "c:\program files\avg safeguard toolbar\vprot.exe"
mRun: [AVG_UI] "c:\program files\avg\avg2014\avgui.exe" /TRAYONLY
mRun: [RtHDVCpl] RtHDVCpl.exe
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_11_9_900_117_ActiveX.exe -update activex
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableVirtualization = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TCP: NameServer = 68.116.46.115 24.205.192.61 24.205.224.36 192.168.1.1
TCP: Interfaces\{3AEFC30A-7B5F-42AA-B97E-510F715CB980} : DHCPNameServer = 68.116.46.115 24.205.192.61 24.205.224.36 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\18.0.5\ViProtocol.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs= c:\progra~1\optimi~1\optpro~1.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\29.0.1547.66\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2014-3-27 150296]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2014-3-27 238872]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2014-3-31 108312]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2014-3-27 28440]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [2014-3-27 123160]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2014-4-1 199448]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2014-3-27 22296]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2014-3-27 193304]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2014-3-31 211224]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-9-30 42272]
R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2013-8-28 73728]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2014\avgidsagent.exe [2014-4-1 3655184]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2014\avgwdsvc.exe [2014-3-27 291912]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 Garmin Core Update Service;Garmin Core Update Service;c:\program files\garmin\core update service\Garmin.Cartography.MapUpdate.CoreService.exe [2013-8-22 220504]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes anti-malware\mbamscheduler.exe [2014-4-3 1809720]
R2 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2014-4-3 857912]
R2 vToolbarUpdater18.0.5;vToolbarUpdater18.0.5;c:\program files\common files\avg secure search\vtoolbarupdater\18.0.5\ToolbarUpdater.exe [2014-3-20 1771032]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2013-8-28 112128]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-4-3 23256]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-4-3 107736]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2014-4-3 51416]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-9-11 770168]
S2 ca82e1a5;Optimizer Pro Crash Monitor;c:\windows\system32\rundll32.exe [2006-11-2 44544]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
.
=============== File Associations ===============
.
ShellExec: EasyShare.exe: Preview="c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe"
.
=============== Created Last 30 ================
.
2014-04-14 20:37:13    --------    d-----w-    c:\users\jeri\appdata\local\Google
2014-04-14 01:47:29    --------    d-----w-    c:\users\jeri\appdata\local\Deployment
2014-04-14 01:47:29    --------    d-----w-    c:\users\jeri\appdata\local\Apps
2014-04-03 21:41:39    0    ----a-w-    C:\LOG1F3.tmp
2014-04-03 21:02:25    107736    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-04-03 21:02:08    73432    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-04-03 21:02:08    51416    ----a-w-    c:\windows\system32\drivers\mwac.sys
2014-04-03 21:02:08    23256    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-04-03 21:02:08    --------    d-----w-    c:\programdata\Malwarebytes
2014-04-03 21:02:08    --------    d-----w-    c:\program files\Malwarebytes Anti-Malware
2014-04-02 04:07:04    199448    ----a-w-    c:\windows\system32\drivers\avgidsdriverx.sys
2014-03-31 23:11:58    211224    ----a-w-    c:\windows\system32\drivers\avgtdix.sys
2014-03-30 17:19:54    --------    d-----w-    c:\users\jeri\appdata\local\AVG
2014-03-28 05:15:18    193304    ----a-w-    c:\windows\system32\drivers\avgldx86.sys
2014-03-28 05:14:40    123160    ----a-w-    c:\windows\system32\drivers\avgdiskx.sys
2014-03-28 05:04:22    150296    ----a-w-    c:\windows\system32\drivers\avgidshx.sys
2014-03-28 05:04:02    238872    ----a-w-    c:\windows\system32\drivers\avglogx.sys
2014-03-28 05:03:22    28440    ----a-w-    c:\windows\system32\drivers\avgrkx86.sys
2014-03-28 05:03:20    22296    ----a-w-    c:\windows\system32\drivers\avgidsshimx.sys
2014-03-27 17:06:22    --------    d-----w-    c:\programdata\BetuterPariceCHec
.
==================== Find3M  ====================
.
2014-03-31 11:20:58    35640    ----a-w-    c:\windows\system32\uxt95D9.tmp
2014-03-20 22:18:12    42272    ----a-w-    c:\windows\system32\drivers\avgtpx86.sys
2014-02-23 05:47:19    1806848    ----a-w-    c:\windows\system32\jscript9.dll
2014-02-23 05:40:18    1129472    ----a-w-    c:\windows\system32\wininet.dll
2014-02-23 05:39:28    1427968    ----a-w-    c:\windows\system32\inetcpl.cpl
2014-02-23 05:38:08    142848    ----a-w-    c:\windows\system32\ieUnatt.exe
2014-02-23 05:37:49    421376    ----a-w-    c:\windows\system32\vbscript.dll
2014-02-23 05:36:22    2382848    ----a-w-    c:\windows\system32\mshtml.tlb
2014-02-07 10:38:44    2050560    ----a-w-    c:\windows\system32\win32k.sys
2014-02-04 16:35:36    1527600    ------w-    c:\windows\system32\dmwu.exe
2014-02-04 16:30:40    27136    ----a-w-    c:\windows\system32\ImHttpComm.dll
2014-02-04 08:39:38    773968    ----a-w-    c:\windows\system32\msvcr100.dll
2014-02-04 08:39:38    632656    ----a-w-    c:\windows\system32\msvcr80.dll
2014-02-04 08:39:38    554832    ----a-w-    c:\windows\system32\msvcp80.dll
2014-02-04 08:39:38    479232    ----a-w-    c:\windows\system32\msvcm80.dll
2014-02-04 08:39:38    421200    ----a-w-    c:\windows\system32\msvcp100.dll
2014-02-03 10:37:54    505344    ----a-w-    c:\windows\system32\qedit.dll
2014-01-30 07:46:58    876032    ----a-w-    c:\windows\system32\wer.dll
.
============= FINISH: 17:32:25.45 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,310 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:11:19 PM

Posted 22 April 2014 - 04:25 AM

Hello! Welcome to BleepingComputer Forums! :welcome:
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

 

Please download the latest version of Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer. Make sure that Addition.txt is ticked as well.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
  • Next please re-run FRST again and type the following in the edit box after Search: rpcss.dll
  • Click the Search button
  • It will make a log (Search.txt)- please post the log into your reply to me. (you can use pastebin as well).

 

 

Regards,

Georgi


cXfZ4wS.png


#3 CobaltCat

CobaltCat
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:19 PM

Posted 22 April 2014 - 07:47 AM

Thank you for the quick reply.
 
Here is FRST:
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-04-2014
Ran by Jeri (administrator) on JERI-PC on 22-04-2014 05:32:08
Running from C:\Users\Jeri\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
() C:\Program Files\AVG SafeGuard toolbar\vprot.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Express Tray\ExpressTray.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Eastman Kodak Company) C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
(Andrea Electronics Corporation) C:\Windows\system32\AERTSrv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
() C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\loggingserver.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [] => [X]
HKLM\...\Run: [vProt] => C:\Program Files\AVG SafeGuard toolbar\vprot.exe [2544664 2014-03-20] ()
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5180432 2014-04-06] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6246400 2008-07-11] (Realtek Semiconductor)
HKLM\...\runonceex: [] - [X]
HKU\.DEFAULT\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\system32\Macromed\Flash\FlashUtil32_11_9_900_117_ActiveX.exe [829832 2013-11-06] (Adobe Systems Incorporated)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-119363732-4198429369-2133467-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [1093464 2013-08-22] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-119363732-4198429369-2133467-1000\...\Run: [Optimizer Pro] => C:\Program Files\Optimizer Pro\OptProLauncher.exe [135160 2014-01-28] (PC Utilities Software Limited)
HKU\S-1-5-21-119363732-4198429369-2133467-1000\...\MountPoints2: {40095004-bb45-11e3-89da-0021705cb350} - J:\LaunchU3.exe -a
AppInit_DLLs: c:\progra~1\optimi~1\optpro~1.dll => c:\progra~1\optimi~1\optpro~1.dll File Not Found

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=1
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x8092E1D940B7CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
URLSearchHook: HKCU - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
SearchScopes: HKLM - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKLM - {3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^Z7^xdm298^YYA^us&si=solitaireshark-2-1&ptb=F8B13F9C-A31B-42C3-968F-7F39F1D5BEE8&psa=&ind=2013091700&st=sb&n=77fd5774&searchfor={searchTerms}
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3317191&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP12B40071-BAAB-4946-B1E0-2C951B4496D4&q={searchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3317191&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP12B40071-BAAB-4946-B1E0-2C951B4496D4&q={searchTerms}&SSPV=
SearchScopes: HKCU - {01579C26-8AC3-4E3A-BE52-E8DEC864A13C} URL = http://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8
SearchScopes: HKCU - {3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^Z7^xdm298^YYA^us&si=solitaireshark-2-1&ptb=F8B13F9C-A31B-42C3-968F-7F39F1D5BEE8&psa=&ind=2013091700&st=sb&n=77fd5774&searchfor={searchTerms}
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg.com/search?cid={9ED5C86A-13B2-4A63-AEE6-BAAD612A3C3B}&mid=ca034a8c1c2c47d3a5f1d16836b85aa3-3fe7930e508ab44cfbde1f8bf6043fbc148f94aa&lang=en&ds=AVG&coid=avgtbavg&pr=pr&d=2013-09-30 14:26:54&v=17.0.0.10&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: SySaver - {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} - C:\Users\Jeri\AppData\Local\SySaver\temp.dat ()
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\18.0.5.292\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
Toolbar: HKLM - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\18.0.5.292\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.0.5\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 68.116.46.115 24.205.192.61 24.205.224.36 192.168.1.1

FireFox:
========
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.0.5\\npsitesafety.dll (AVG Technologies)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-08-29]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-08-29]

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR Extension: (Google Docs) - C:\Users\Jeri\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-14]
CHR Extension: (Google Drive) - C:\Users\Jeri\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-14]
CHR Extension: (YouTube) - C:\Users\Jeri\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-14]
CHR Extension: (Google Search) - C:\Users\Jeri\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-14]
CHR Extension: (Google Wallet) - C:\Users\Jeri\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-14]
CHR Extension: (Gmail) - C:\Users\Jeri\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-14]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

R2 AERTFilters; C:\Windows\system32\AERTSrv.exe [73728 2008-02-15] (Andrea Electronics Corporation)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3655184 2014-04-01] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [291912 2014-03-27] (AVG Technologies CZ, s.r.o.)
S2 ca82e1a5; C:\Program Files\Optimizer Pro\OptProCrashSvc.dll [186496 2014-02-28] ()
R2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [220504 2013-08-22] (Garmin Ltd or its subsidiaries)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 vToolbarUpdater18.0.5; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe [1771032 2014-03-20] (AVG Secure Search)

==================== Drivers (Whitelisted) ====================

R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [123160 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [199448 2014-04-01] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [150296 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22296 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [193304 2014-03-27] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [238872 2014-03-27] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [108312 2014-03-31] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [28440 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [211224 2014-03-31] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42272 2014-03-20] (AVG Technologies)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [107736 2014-04-22] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51416 2014-04-03] (Malwarebytes Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-22 05:32 - 2014-04-22 05:32 - 00014142 _____ () C:\Users\Jeri\Desktop\FRST.txt
2014-04-22 05:31 - 2014-04-22 05:32 - 00000000 ____D () C:\FRST
2014-04-22 05:29 - 2014-04-22 05:29 - 01048064 _____ (Farbar) C:\Users\Jeri\Desktop\FRST.exe
2014-04-21 17:33 - 2014-04-21 17:35 - 00013918 _____ () C:\Users\Jeri\Desktop\dds.txt
2014-04-21 17:33 - 2014-04-21 17:33 - 00003807 _____ () C:\Users\Jeri\Desktop\attach.txt
2014-04-21 17:27 - 2014-04-21 17:27 - 00000000 ____S () C:\Windows\system32\iogpyc.gzd
2014-04-21 17:20 - 2014-04-21 17:20 - 00001699 _____ () C:\Users\Jeri\Desktop\Notepad.lnk
2014-04-21 17:20 - 2014-04-21 17:14 - 00688992 ____R (Swearware) C:\Users\Jeri\Desktop\dds.com
2014-04-19 15:14 - 2014-04-19 15:14 - 00000590 _____ () C:\Users\Jeri\Desktop\299 - Shortcut.lnk
2014-04-17 17:34 - 2014-04-17 17:34 - 00000000 ____S () C:\Windows\system32\wzkqu.uao
2014-04-17 08:08 - 2014-04-17 08:08 - 00000000 ____S () C:\Windows\system32\tedptj.xiz
2014-04-14 13:38 - 2014-04-14 13:38 - 00001971 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-04-14 13:37 - 2014-04-22 05:26 - 00000878 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-14 13:37 - 2014-04-21 19:42 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-14 13:37 - 2014-04-14 13:44 - 00000000 ____D () C:\Users\Jeri\AppData\Local\Google
2014-04-14 13:37 - 2014-04-14 13:38 - 00000000 ____D () C:\Program Files\Google
2014-04-14 13:37 - 2014-04-14 13:37 - 00000000 ____D () C:\ProgramData\Google
2014-04-14 13:35 - 2014-04-14 13:35 - 00001892 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk
2014-04-14 13:35 - 2014-04-14 13:35 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-04-14 13:35 - 2014-04-14 13:35 - 00000000 ____D () C:\Program Files\Adobe
2014-04-14 13:30 - 2014-04-14 13:30 - 01168107 _____ () C:\Users\Jeri\Downloads\Medford-Medical-Clinic_04-14-14.zip
2014-04-13 18:47 - 2014-04-13 18:47 - 00000000 ____D () C:\Users\Jeri\AppData\Local\Deployment
2014-04-13 18:47 - 2014-04-13 18:47 - 00000000 ____D () C:\Users\Jeri\AppData\Local\Apps\2.0
2014-04-08 10:49 - 2014-04-21 19:11 - 00000069 _____ () C:\Windows\system32\hapndw.zoy
2014-04-08 10:40 - 2014-04-08 10:40 - 00000028 _____ () C:\Windows\system32\u
2014-04-08 10:39 - 2014-04-08 10:39 - 00000064 _____ () C:\Windows\system32\sbou.sqr
2014-04-08 10:39 - 2014-04-08 10:39 - 00000000 _____ () C:\Windows\system32\vzzbi.lgp
2014-04-07 22:30 - 2014-04-07 22:30 - 00236655 ____S () C:\Windows\system32\oiiv.izg
2014-04-03 14:41 - 2014-04-03 14:44 - 00000000 ____D () C:\Users\Jeri\AppData\Roaming\U3
2014-04-03 14:41 - 2014-04-03 14:41 - 00000459 _____ () C:\LOG1F3.log
2014-04-03 14:41 - 2014-04-03 14:41 - 00000000 _____ () C:\LOG1F3.tmp
2014-04-03 14:02 - 2014-04-22 05:27 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-03 14:02 - 2014-04-04 21:12 - 00000899 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-03 14:02 - 2014-04-04 21:12 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-04-03 14:02 - 2014-04-03 14:02 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-03 14:02 - 2014-04-03 09:51 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 14:02 - 2014-04-03 09:51 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 14:02 - 2014-04-03 09:50 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-01 21:07 - 2014-04-01 21:07 - 00199448 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdriverx.sys
2014-03-31 16:11 - 2014-03-31 16:11 - 00211224 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdix.sys
2014-03-31 16:11 - 2014-03-31 16:11 - 00108312 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx86.sys
2014-03-30 10:19 - 2014-03-30 10:19 - 00000000 ____D () C:\Users\Jeri\AppData\Local\AVG
2014-03-27 22:15 - 2014-03-27 22:15 - 00193304 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx86.sys
2014-03-27 22:14 - 2014-03-27 22:14 - 00123160 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiskx.sys
2014-03-27 22:04 - 2014-03-27 22:04 - 00238872 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avglogx.sys
2014-03-27 22:04 - 2014-03-27 22:04 - 00150296 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidshx.sys
2014-03-27 22:03 - 2014-03-27 22:03 - 00028440 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx86.sys
2014-03-27 22:03 - 2014-03-27 22:03 - 00022296 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsshimx.sys
2014-03-27 10:06 - 2014-04-03 14:04 - 00000000 ____D () C:\ProgramData\BetuterPariceCHec

==================== One Month Modified Files and Folders =======

2014-04-22 05:32 - 2014-04-22 05:32 - 00014142 _____ () C:\Users\Jeri\Desktop\FRST.txt
2014-04-22 05:32 - 2014-04-22 05:31 - 00000000 ____D () C:\FRST
2014-04-22 05:31 - 2013-09-30 14:16 - 00000000 ____D () C:\ProgramData\MFAData
2014-04-22 05:29 - 2014-04-22 05:29 - 01048064 _____ (Farbar) C:\Users\Jeri\Desktop\FRST.exe
2014-04-22 05:27 - 2014-04-03 14:02 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-22 05:26 - 2014-04-14 13:37 - 00000878 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-22 05:26 - 2008-01-20 19:47 - 02362408 _____ () C:\Windows\PFRO.log
2014-04-22 05:26 - 2006-11-02 06:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-22 05:26 - 2006-11-02 05:47 - 00003712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-22 05:26 - 2006-11-02 05:47 - 00003712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-21 19:45 - 2006-11-02 06:01 - 00032638 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-21 19:42 - 2014-04-14 13:37 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-21 19:11 - 2014-04-08 10:49 - 00000069 _____ () C:\Windows\system32\hapndw.zoy
2014-04-21 18:55 - 2013-11-06 10:15 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-21 17:35 - 2014-04-21 17:33 - 00013918 _____ () C:\Users\Jeri\Desktop\dds.txt
2014-04-21 17:33 - 2014-04-21 17:33 - 00003807 _____ () C:\Users\Jeri\Desktop\attach.txt
2014-04-21 17:27 - 2014-04-21 17:27 - 00000000 ____S () C:\Windows\system32\iogpyc.gzd
2014-04-21 17:27 - 2013-09-30 14:24 - 00000000 ____D () C:\Program Files\AVG
2014-04-21 17:20 - 2014-04-21 17:20 - 00001699 _____ () C:\Users\Jeri\Desktop\Notepad.lnk
2014-04-21 17:19 - 2006-11-02 03:33 - 00762374 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-21 17:16 - 2006-11-02 05:52 - 00049297 _____ () C:\Windows\setupact.log
2014-04-21 17:14 - 2014-04-21 17:20 - 00688992 ____R (Swearware) C:\Users\Jeri\Desktop\dds.com
2014-04-21 14:48 - 2008-01-20 18:35 - 01800835 _____ () C:\Windows\WindowsUpdate.log
2014-04-21 10:05 - 2013-12-06 13:19 - 00000000 ____D () C:\Users\Jeri\AppData\Roaming\HpUpdate
2014-04-19 15:14 - 2014-04-19 15:14 - 00000590 _____ () C:\Users\Jeri\Desktop\299 - Shortcut.lnk
2014-04-17 17:34 - 2014-04-17 17:34 - 00000000 ____S () C:\Windows\system32\wzkqu.uao
2014-04-17 13:20 - 2006-11-02 04:18 - 00000000 ____D () C:\Windows\Provisioning
2014-04-17 11:14 - 2013-12-16 17:05 - 00000000 ____D () C:\Windows\system32\ARFC
2014-04-17 08:08 - 2014-04-17 08:08 - 00000000 ____S () C:\Windows\system32\tedptj.xiz
2014-04-14 13:44 - 2014-04-14 13:37 - 00000000 ____D () C:\Users\Jeri\AppData\Local\Google
2014-04-14 13:44 - 2013-12-16 17:04 - 00000000 ____D () C:\Users\Jeri\AppData\Local\Adobe
2014-04-14 13:38 - 2014-04-14 13:38 - 00001971 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-04-14 13:38 - 2014-04-14 13:37 - 00000000 ____D () C:\Program Files\Google
2014-04-14 13:37 - 2014-04-14 13:37 - 00000000 ____D () C:\ProgramData\Google
2014-04-14 13:35 - 2014-04-14 13:35 - 00001892 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk
2014-04-14 13:35 - 2014-04-14 13:35 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-04-14 13:35 - 2014-04-14 13:35 - 00000000 ____D () C:\Program Files\Adobe
2014-04-14 13:35 - 2013-12-16 17:05 - 00000000 ____D () C:\ProgramData\Adobe
2014-04-14 13:30 - 2014-04-14 13:30 - 01168107 _____ () C:\Users\Jeri\Downloads\Medford-Medical-Clinic_04-14-14.zip
2014-04-13 18:47 - 2014-04-13 18:47 - 00000000 ____D () C:\Users\Jeri\AppData\Local\Deployment
2014-04-13 18:47 - 2014-04-13 18:47 - 00000000 ____D () C:\Users\Jeri\AppData\Local\Apps\2.0
2014-04-12 10:09 - 2013-09-30 14:27 - 00000842 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-04-08 10:40 - 2014-04-08 10:40 - 00000028 _____ () C:\Windows\system32\u
2014-04-08 10:39 - 2014-04-08 10:39 - 00000064 _____ () C:\Windows\system32\sbou.sqr
2014-04-08 10:39 - 2014-04-08 10:39 - 00000000 _____ () C:\Windows\system32\vzzbi.lgp
2014-04-07 22:30 - 2014-04-07 22:30 - 00236655 ____S () C:\Windows\system32\oiiv.izg
2014-04-06 11:53 - 2014-02-28 17:43 - 00000000 ____D () C:\Program Files\Optimizer Pro
2014-04-04 21:12 - 2014-04-03 14:02 - 00000899 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-04 21:12 - 2014-04-03 14:02 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-04-03 14:44 - 2014-04-03 14:41 - 00000000 ____D () C:\Users\Jeri\AppData\Roaming\U3
2014-04-03 14:41 - 2014-04-03 14:41 - 00000459 _____ () C:\LOG1F3.log
2014-04-03 14:41 - 2014-04-03 14:41 - 00000000 _____ () C:\LOG1F3.tmp
2014-04-03 14:36 - 2014-02-28 17:41 - 00000000 ____D () C:\Program Files\EnhanceTronic
2014-04-03 14:27 - 2013-12-16 17:05 - 00000000 ____D () C:\Windows\system32\WNLT
2014-04-03 14:12 - 2014-03-01 09:21 - 00000000 ____D () C:\Users\Jeri\AppData\Local\MovieMode
2014-04-03 14:12 - 2013-12-16 17:05 - 00000000 ____D () C:\Program Files\SearchProtect
2014-04-03 14:04 - 2014-03-27 10:06 - 00000000 ____D () C:\ProgramData\BetuterPariceCHec
2014-04-03 14:02 - 2014-04-03 14:02 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-03 09:51 - 2014-04-03 14:02 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-03 14:02 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-03 14:02 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-01 21:07 - 2014-04-01 21:07 - 00199448 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdriverx.sys
2014-03-31 16:11 - 2014-03-31 16:11 - 00211224 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdix.sys
2014-03-31 16:11 - 2014-03-31 16:11 - 00108312 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx86.sys
2014-03-30 10:19 - 2014-03-30 10:19 - 00000000 ____D () C:\Users\Jeri\AppData\Local\AVG
2014-03-27 22:15 - 2014-03-27 22:15 - 00193304 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx86.sys
2014-03-27 22:14 - 2014-03-27 22:14 - 00123160 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiskx.sys
2014-03-27 22:04 - 2014-03-27 22:04 - 00238872 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avglogx.sys
2014-03-27 22:04 - 2014-03-27 22:04 - 00150296 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidshx.sys
2014-03-27 22:03 - 2014-03-27 22:03 - 00028440 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx86.sys
2014-03-27 22:03 - 2014-03-27 22:03 - 00022296 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsshimx.sys
2014-03-27 10:06 - 2014-03-21 10:08 - 00000000 ____D () C:\ProgramData\8d9f887a56e320ec
2014-03-23 19:51 - 2014-03-21 10:08 - 00000000 ____D () C:\ProgramData\DiosciountLocator

Some content of TEMP:
====================
C:\Users\Jeri\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Jeri\AppData\Local\Temp\SDShelEx-win32.dll


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll
[2013-08-28 23:53] - [2009-04-10 23:28] - 0554496 ____A (Microsoft Corporation) 994B099EC7CD5D617141DC6A2A7DF898

 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-22 05:34

==================== End Of Log ============================

 

 

Sorry, I didn't see anywhere to add an attachment to this reply, so here is the Addition.txt:

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 22-04-2014
Ran by Jeri at 2014-04-22 05:32:57
Running from C:\Users\Jeri\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: AVG AntiVirus 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.9.900.117 - Adobe Systems Incorporated)
Adobe Reader X (10.1.4) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.4 - Adobe Systems Incorporated)
aspi (Version: 3.00.0008.0000 - Eastman Kodak Company) Hidden
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4569 - AVG Technologies)
AVG 2014 (Version: 14.0.3882 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4569 - AVG Technologies) Hidden
AVG SafeGuard toolbar (HKLM\...\AVG SafeGuard toolbar) (Version: 18.0.5.292 - AVG Technologies)
BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden
C309g-m (Version: 130.0.396.000 - Hewlett-Packard) Hidden
CCHelp (Version: 3.00.0010.0000 - Easlman Kodak Company) Hidden
CCScore (Version: 3.01.0001.0014 - Eastman Kodak) Hidden
CR2 (Version: 3.01.0001.0003 - Eastman Kodak Company) Hidden
Destinations (Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 130.0.372.000 - Hewlett-Packard) Hidden
Elevated Installer (Version: 2.2.21 - Garmin Ltd or its subsidiaries) Hidden
ESSAdpt (Version: 3.01.0001.0001 - Eastman Kodak Company) Hidden
ESSANUP (Version: 3.01.0001.0001 - Eastman Kodak Company) Hidden
ESSBrwr (Version: 3.01.0001.0001 - Eastman Kodak Company) Hidden
ESSCAM (Version: 3.01.0001.0001 - Eastman Kodak Company) Hidden
ESSCDBK (Version: 3.01.0001.0001 - Eastman Kodak Company) Hidden
ESScore (Version: 3.01.0001.0003 - Eastman Kodak) Hidden
ESSgui (Version: 3.01.0001.0001 - Eastman Kodak) Hidden
ESShelp (Version: 3.01.0001.0001 - Eastman Kodak Company) Hidden
ESSini (Version: 3.01.0001.0002 - Eastman Kodak) Hidden
ESSPCD (Version: 3.01.0001.0001 - Eastman Kodak Company) Hidden
ESSTUTOR (Version: 3.01.0001.0002 - Eastman Kodak Company) Hidden
ESSvpaht (Version: 3.01.0001.0001 - Eastman Kodak) Hidden
ESSvpot (Version: 3.01.0001.0001 - Eastman Kodak) Hidden
Flash Player Pro V5.4 (HKLM\...\Flash Player Pro_is1) (Version:  - FlashPlayerPro.com)
Garmin Express (HKLM\...\{31a12940-e5c8-4d27-a6ac-005212152f1f}) (Version: 2.2.21 - Garmin Ltd or its subsidiaries)
Garmin Express (Version: 2.2.21 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (Version: 2.2.21 - Garmin Ltd or its subsidiaries) Hidden
Garmin Update Service (Version: 2.2.21 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 29.0.1547.66 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.4501.1952 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.21.115 - Google Inc.) Hidden
GPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart Premium C309g-m All-In-One Driver Software 13.0 Rel .6 (HKLM\...\{181AC4C7-B83C-4B5F-B566-E19BF2472429}) (Version: 13.0 - HP)
HP Print Projects 1.0 (HKLM\...\HP Print Projects) (Version: 1.0 - HP)
HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HPPhotoGadget (Version: 130.0.282.000 - Hewlett-Packard) Hidden
hpPrintProjects (Version: 130.0.303.000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard) Hidden
hpWLPGInstaller (Version: 130.0.303.000 - Hewlett-Packard) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Kodak EasyShare software (HKLM\...\{D32470A1-B10C-4059-BA53-CF0486F68EBC}) (Version:  - Eastman Kodak Company)
KSU (Version: 612.7.0013.0000 - Eastman Kodak Compnay) Hidden
Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
MarketResearch (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Notifier (Version: 3.01.0001.0002 - Eastman Kodak Company) Hidden
Optimizer Pro v3.2 (HKLM\...\Optimizer Pro_is1) (Version:  - ) <==== ATTENTION
OTtBP (Version: 3.00.0007.0000 - Eastman Kodak Company) Hidden
PCDLNCH (Version: 3.01.0001.0001 - Eastman Kodak Company) Hidden
PS_AIO_06_C309g-m_SW_Min (Version: 130.0.396.000 - Hewlett-Packard) Hidden
QuickTime (HKLM\...\QuickTime) (Version:  - )
Realtek 8169 8168 8101E 8102E Ethernet Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 2.60 - Realtek Semiconductor Corp.)
Scan (Version: 13.0.0.0 - Hewlett-Packard) Hidden
SFR (Version: 3.01.0001.0001 - Eastman Kodak Company) Hidden
SFR2 (Version: 3.00.0004.0000 - Eastman Kodak Company) Hidden
SmartWebPrinting (Version: 130.0.373.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (Version: 130.0.373.000 - Hewlett-Packard) Hidden
SySaver (HKCU\...\SySaver) (Version: 2 - SySaver)
Toolbox (Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (Version: 130.0.376.000 - Hewlett-Packard) Hidden
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden
Yahoo! Toolbar (HKLM\...\Yahoo! Companion) (Version:  - )

==================== Restore Points  =========================

14-11-2013 17:29:19 Windows Update
12-12-2013 17:01:22 Windows Update
17-12-2013 19:47:34 Scheduled Checkpoint
16-01-2014 16:07:27 Windows Update
18-01-2014 05:12:44 Scheduled Checkpoint
26-01-2014 18:11:21 Scheduled Checkpoint
13-02-2014 17:29:27 Windows Update
27-02-2014 17:17:36 Windows Update
01-03-2014 16:19:08 Windows Update
02-03-2014 05:36:30 Scheduled Checkpoint
04-03-2014 18:07:30 Scheduled Checkpoint
06-03-2014 16:56:32 Scheduled Checkpoint
07-03-2014 18:44:42 Scheduled Checkpoint
10-03-2014 17:43:25 Scheduled Checkpoint
13-03-2014 20:34:59 Scheduled Checkpoint
14-03-2014 15:07:23 Windows Update
17-03-2014 18:21:40 Scheduled Checkpoint
18-03-2014 17:00:30 Scheduled Checkpoint
19-03-2014 16:12:55 Windows Update
24-03-2014 20:01:27 Scheduled Checkpoint

==================== Hosts content: ==========================

2006-11-02 03:23 - 2006-09-18 14:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {21523CDB-D96D-4281-8D32-C3EAB8835FC9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-04-14] (Google Inc.)
Task: {21A371FF-C494-4963-B1DC-C08D2A6C58FE} - System32\Tasks\HP online update program => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2011-10-28] (Hewlett-Packard)
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {51BF7C9E-2047-439C-8030-1267517B87BB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-04-14] (Google Inc.)
Task: {84868B42-4680-4981-B414-FDC84C8631CE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-06] (Adobe Systems Incorporated)
Task: {C7841E98-5BA8-4C8E-B9DB-DE7BC549E389} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {C7EDAC9C-B6A6-4502-A560-0D84FB754395} - System32\Tasks\Backweb Online Update => C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe [2003-06-08] ()
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: {FB77D34C-7DB2-42D4-A182-F70C6A56E05C} - System32\Tasks\Adobe online update program => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-07-27] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-09-30 14:26 - 2014-03-20 15:18 - 02544664 _____ () C:\Program Files\AVG SafeGuard toolbar\vprot.exe
2014-03-20 15:18 - 2014-03-20 15:18 - 00519704 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\log4cplusU.dll
2013-12-09 13:03 - 2014-03-20 15:18 - 01603608 _____ () C:\Program Files\AVG SafeGuard toolbar\TBAPI.dll
2003-06-25 05:33 - 2003-06-25 05:33 - 00229512 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\SpiffyExt.dll
2003-06-25 06:02 - 2003-06-25 06:02 - 00954508 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaControls.dll
2003-06-25 05:48 - 2003-06-25 05:48 - 00536716 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaCDBackup.dll
2003-06-25 06:02 - 2003-06-25 06:02 - 00061574 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\KPCDInterface.dll
2003-06-25 04:50 - 2003-06-25 04:50 - 00036864 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\LocAcqMod.dll
2003-06-25 05:53 - 2003-06-25 05:53 - 00110719 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\kpri40.dll
2003-06-25 06:16 - 2003-06-25 06:16 - 00319631 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaPrintOnLine.dll
2003-06-25 06:01 - 2003-06-25 06:01 - 00114829 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\VPrintOnlineHelper40.dll
2003-06-25 06:11 - 2003-06-25 06:11 - 00450693 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\VPrintOnline.dll
2003-06-25 06:03 - 2003-06-25 06:03 - 00389257 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaEmail.dll
2003-06-25 05:23 - 2003-06-25 05:23 - 00356479 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\keml40.dll
2003-06-25 06:18 - 2003-06-25 06:18 - 00139264 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\cameratodos.syx
2003-06-25 05:05 - 2003-06-25 05:05 - 00024576 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\LocCameraToDos.dll
2003-06-25 05:01 - 2003-06-25 05:01 - 00028672 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\LocCameraToDosCamBack.dll
2003-06-25 06:30 - 2003-06-25 06:30 - 00081920 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\PCDLaunchSysX.syx
2003-06-25 06:08 - 2003-06-25 06:08 - 00270484 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\VistacameraUploadSysx.syx
2003-06-25 05:25 - 2003-06-25 05:25 - 00024576 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\LocVistaCameraUploadSysx.dll
2003-06-25 05:08 - 2003-06-25 05:08 - 00024576 _____ () C:\Program Files\Kodak\Kodak EasyShare software\bin\LocVistaCameraUploadCamBack.dll
2003-06-25 06:12 - 2003-06-25 06:12 - 00278660 _____ () C:\Program Files\Kodak\Kodak Easyshare Software\bin\Escom.dll
2014-03-20 15:18 - 2014-03-20 15:18 - 00159768 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\loggingserver.exe

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:0CFF5F08
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\Users\Jeri\Documents\Fw_ Fwd_ FW_ Injustice.eml:OECustomProperty
AlternateDataStreams: C:\Users\Jeri\Documents\FW_ You picked a fine time to...__.eml:OECustomProperty
AlternateDataStreams: C:\Users\Jeri\Documents\FW_.eml:OECustomProperty
AlternateDataStreams: C:\Users\Jeri\Documents\The Joy Movie.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: RtHDVCpl => RtHDVCpl.exe
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/22/2014 05:27:59 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/21/2014 05:04:00 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/21/2014 07:50:41 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/20/2014 08:24:15 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/19/2014 09:43:18 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/18/2014 08:53:31 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/17/2014 09:06:00 PM) (Source: Application Hang) (User: )
Description: The program avgui.exe version 14.0.0.4567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 1ac
Start Time: 01cf5a83a1f28390
Termination Time: 27908

Error: (04/17/2014 06:20:36 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16540, time stamp 0x5309896b, faulting module IEFRAME.dll, version 9.0.8112.16540, time stamp 0x53098a7a, exception code 0xc0000005, fault offset 0x0019d342,
process id 0x19e8, application start time 0xiexplore.exe0.

Error: (04/17/2014 02:27:27 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/17/2014 02:01:03 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (04/21/2014 05:01:09 PM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.2.2 for the Network Card with network address 0021705CB350 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Error: (04/21/2014 03:01:05 PM) (Source: Service Control Manager) (User: )
Description: AVGIDSAgent

Error: (04/19/2014 11:06:00 AM) (Source: disk) (User: )
Description: The device, \Device\Harddisk4\DR4, has a bad block.

Error: (04/19/2014 11:05:59 AM) (Source: disk) (User: )
Description: The device, \Device\Harddisk4\DR4, has a bad block.

Error: (04/17/2014 01:58:16 PM) (Source: Service Control Manager) (User: )
Description: AVGIDSAgent

Error: (04/17/2014 01:54:14 PM) (Source: Service Control Manager) (User: )
Description: 2Reboot the machinePlug and Play%%1190

Error: (04/17/2014 01:54:14 PM) (Source: Service Control Manager) (User: )
Description: 2Reboot the machineDCOM Server Process Launcher%%1190

Error: (04/17/2014 01:54:13 PM) (Source: Service Control Manager) (User: )
Description: Plug and Play1600002Reboot the machine

Error: (04/17/2014 01:54:13 PM) (Source: Service Control Manager) (User: )
Description: DCOM Server Process Launcher1600002Reboot the machine

Error: (04/17/2014 01:54:13 PM) (Source: Service Control Manager) (User: )
Description: Remote Procedure Call (RPC)1600002Reboot the machine


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-04-22 05:32:51.150
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-22 05:32:51.072
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-22 05:32:50.994
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-22 05:32:50.914
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-22 05:32:50.834
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-22 05:32:50.756
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-22 05:32:50.673
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-22 05:32:50.593
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-22 05:32:50.373
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-22 05:32:50.291
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 71%
Total physical RAM: 2012.45 MB
Available physical RAM: 565.08 MB
Total Pagefile: 4270.16 MB
Available Pagefile: 2514.89 MB
Total Virtual: 2047.88 MB
Available Virtual: 1894.08 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:450.71 GB) (Free:358.11 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:15 GB) (Free:8.23 GB) NTFS
Drive j: () (Removable) (Total:0.48 GB) (Free:0.48 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: 30000000)
Partition 1: (Not Active) - (Size=55 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=451 GB) - (Type=07 NTFS)

========================================================
Disk: 5 (Size: 489 MB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================

 

 

Here is the search.txt file:

 

Farbar Recovery Scan Tool (x86) Version: 22-04-2014
Ran by Jeri at 2014-04-22 05:36:15
Running from C:\Users\Jeri\Desktop
Boot Mode: Normal

================== Search: "rpcss.dll" ===================

C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6002.18005_none_6bb655083b01c988\rpcss.dll
[2013-08-28 23:53] - [2009-04-10 23:28] - 0550400 ____A (Microsoft Corporation) 3B5B4D53FEC14F7476CA29A20CC31AC9

C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.18000_none_69cadbfc3ddffe3c\rpcss.dll
[2008-01-20 19:24] - [2008-01-20 19:24] - 0547328 ____A (Microsoft Corporation) 33FB1F0193EE2051067441492D56113C

C:\Windows\System32\rpcss.dll
[2013-08-28 23:53] - [2009-04-10 23:28] - 0554496 ____A (Microsoft Corporation) 994B099EC7CD5D617141DC6A2A7DF898

=== End Of Search ===



#4 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,310 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:11:19 PM

Posted 22 April 2014 - 05:06 PM

Hello,

 

 

Registry Editor / Cleaner Warning !!



The following is referring to Optimizer Pro v3.2.
Please be aware that bleepingcomputer staff do not recommend the usage of registry cleaners / tools due to the following facts:

  • Registry tools can cause irreparable damage to your Operating System
  • Registry tools can, as a result of the above, render your pc to be inoperable.
This is done, assuming that the major audience here at this board might be inexperienced users and thus a suggested safeguard from our side.
If you feel you have the need for a registry cleaner, then you are just as welcome to keep it. This is what we refer to an "optional fix" and is up to the user, so just take this as a recommendation from my side.


For more information about why you should avoid using a such programs please take a look here => Registry Cleaners and System Tweaking Tools

 

 

Click on Start > type in appwiz.cpl in the search box and press Enter
Select Optimizer Pro v3.2 > press Uninstall

 

 

 

Next please download the following file => and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

 

Regards,

Georgi


cXfZ4wS.png


#5 CobaltCat

CobaltCat
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:19 PM

Posted 22 April 2014 - 07:10 PM

I uninstalled Optimizer Pro (and I totally agree with you about reg cleaners, but it's not my computer, so, you know.)

 

Here is the Fixlog:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 22-04-2014
Ran by Jeri at 2014-04-22 16:51:16 Run:1
Running from C:\Users\Jeri\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
HKLM\...\Run: [] => [X]
HKLM\...\runonceex: [] - [X]
HKU\S-1-5-21-119363732-4198429369-2133467-1000\...\Run: [Optimizer Pro] => C:\Program Files\Optimizer Pro\OptProLauncher.exe [135160 2014-01-28] (PC Utilities Software Limited)
C:\Program Files\Optimizer Pro
AppInit_DLLs: c:\progra~1\optimi~1\optpro~1.dll => c:\progra~1\optimi~1\optpro~1.dll File Not Found
SearchScopes: HKLM - {3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^Z7^xdm298^YYA^us&si=solitaireshark-2-1&ptb=F8B13F9C-A31B-42C3-968F-7F39F1D5BEE8&psa=&ind=2013091700&st=sb&n=77fd5774&searchfor={searchTerms}
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3317191&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP12B40071-BAAB-4946-B1E0-2C951B4496D4&q={searchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3317191&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP12B40071-BAAB-4946-B1E0-2C951B4496D4&q={searchTerms}&SSPV=
SearchScopes: HKCU - {3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^Z7^xdm298^YYA^us&si=solitaireshark-2-1&ptb=F8B13F9C-A31B-42C3-968F-7F39F1D5BEE8&psa=&ind=2013091700&st=sb&n=77fd5774&searchfor={searchTerms}
BHO: SySaver - {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} - C:\Users\Jeri\AppData\Local\SySaver\temp.dat ()
C:\Users\Jeri\AppData\Local\SySaver
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S2 ca82e1a5; C:\Program Files\Optimizer Pro\OptProCrashSvc.dll [186496 2014-02-28] ()
2014-04-21 17:27 - 2014-04-21 17:27 - 00000000 ____S () C:\Windows\system32\iogpyc.gzd
2014-04-17 17:34 - 2014-04-17 17:34 - 00000000 ____S () C:\Windows\system32\wzkqu.uao
2014-04-17 08:08 - 2014-04-17 08:08 - 00000000 ____S () C:\Windows\system32\tedptj.xiz
2014-04-08 10:49 - 2014-04-21 19:11 - 00000069 _____ () C:\Windows\system32\hapndw.zoy
2014-04-08 10:39 - 2014-04-08 10:39 - 00000064 _____ () C:\Windows\system32\sbou.sqr
2014-04-08 10:39 - 2014-04-08 10:39 - 00000000 _____ () C:\Windows\system32\vzzbi.lgp
2014-04-07 22:30 - 2014-04-07 22:30 - 00236655 ____S () C:\Windows\system32\oiiv.izg
Folder: C:\ProgramData\8d9f887a56e320ec
Folder: C:\ProgramData\DiosciountLocator
AlternateDataStreams: C:\ProgramData\TEMP:0CFF5F08
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
Replace: C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6002.18005_none_6bb655083b01c988\rpcss.dll C:\Windows\System32\rpcss.dll
C:\Users\Jeri\AppData\Local\Temp
end
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\runonceex\\ => Value deleted successfully.
HKU\S-1-5-21-119363732-4198429369-2133467-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Optimizer Pro => Value not found.
"C:\Program Files\Optimizer Pro" => File/Directory not found.
"c:\progra~1\optimi~1\optpro~1.dll" => Value Data removed successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab} => Key deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} => Key deleted successfully.
HKCR\CLSID\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} => Key deleted successfully.
C:\Users\Jeri\AppData\Local\SySaver => Moved successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Value deleted successfully.
HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Key deleted successfully.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
ca82e1a5 => Service deleted successfully.
C:\Windows\system32\iogpyc.gzd => Moved successfully.
C:\Windows\system32\wzkqu.uao => Moved successfully.
C:\Windows\system32\tedptj.xiz => Moved successfully.
C:\Windows\system32\hapndw.zoy => Moved successfully.
C:\Windows\system32\sbou.sqr => Moved successfully.
Could not move "C:\Windows\system32\vzzbi.lgp" => Scheduled to move on reboot.
Could not move "C:\Windows\system32\oiiv.izg" => Scheduled to move on reboot.

========================= Folder: C:\ProgramData\8d9f887a56e320ec ========================

2014-03-27 10:06 - 2014-03-27 10:06 - 0000162 _____ () C:\ProgramData\8d9f887a56e320ec\15a1758beb4d95da3ea7a1e56459afee.ini
2014-03-21 10:08 - 2014-03-21 10:08 - 0000513 _____ () C:\ProgramData\8d9f887a56e320ec\242c2fd4536773fa3ea7a1e56459afee.ini
2014-03-21 10:08 - 2014-03-21 10:08 - 0000160 _____ () C:\ProgramData\8d9f887a56e320ec\3ed03cfb568002833ea7a1e56459afee.ini
2014-03-27 10:06 - 2014-03-27 10:06 - 0000514 _____ () C:\ProgramData\8d9f887a56e320ec\5563f418483f31113ea7a1e56459afee.ini

====== End of Folder: ======


========================= Folder: C:\ProgramData\DiosciountLocator ========================

2014-03-21 10:08 - 2014-03-21 10:08 - 0003458 _____ () C:\ProgramData\DiosciountLocator\Efzs.dat
2014-03-21 10:08 - 2014-03-21 10:08 - 0003832 _____ () C:\ProgramData\DiosciountLocator\Efzs.tlb

====== End of Folder: ======

C:\ProgramData\TEMP => ":0CFF5F08" ADS removed successfully.
C:\ProgramData\TEMP => ":373E1720" ADS removed successfully.
C:\Windows\System32\rpcss.dll => Moved successfully.
C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6002.18005_none_6bb655083b01c988\rpcss.dll copied successfully to C:\Windows\System32\rpcss.dll

"C:\Users\Jeri\AppData\Local\Temp" directory move:

C:\Users\Jeri\AppData\Local\Temp\Attach.txt => Moved successfully.
C:\Users\Jeri\AppData\Local\Temp\dat4E6B.tmp => Moved successfully.
C:\Users\Jeri\AppData\Local\Temp\dat6CB7.tmp => Moved successfully.
C:\Users\Jeri\AppData\Local\Temp\datADC2.tmp => Moved successfully.
C:\Users\Jeri\AppData\Local\Temp\DDS.txt => Moved successfully.
C:\Users\Jeri\AppData\Local\Temp\DIOCF63.tmp => Moved successfully.
C:\Users\Jeri\AppData\Local\Temp\DIOE2E4.tmp => Moved successfully.
C:\Users\Jeri\AppData\Local\Temp\DIOFC30.tmp => Moved successfully.
C:\Users\Jeri\AppData\Local\Temp\DseShExt-x86.dll => Moved successfully.
C:\Users\Jeri\AppData\Local\Temp\hpqddusr.log => Moved successfully.
C:\Users\Jeri\AppData\Local\Temp\HPWUCl001.log => Moved successfully.
C:\Users\Jeri\AppData\Local\Temp\ichcop => Moved successfully.
C:\Users\Jeri\AppData\Local\Temp\Jeri.bmp => Moved successfully.
C:\Users\Jeri\AppData\Local\Temp\log3 => Moved successfully.
C:\Users\Jeri\AppData\Local\Temp\MAR112F.tmp => Moved successfully.
C:\Users\Jeri\AppData\Local\Temp\MAR11BC.tmp => Moved successfully.
C:\Users\Jeri\AppData\Local\Temp\MAR1A34.tmp => Moved successfully.
C:\Users\Jeri\AppData\Local\Temp\MAR1D9E.tmp => Moved successfully.
C:\Users\Jeri\AppData\Local\Temp\MAR49BC.tmp => Moved successfully.
C:\Users\Jeri\AppData\Local\Temp\MAR4E9D.tmp => Moved successfully.
C:\Users\Jeri\AppData\Local\Temp\MAR69E9.tmp => Moved successfully.
C:\Users\Jeri\AppData\Local\Temp\MAR6CC7.tmp => Moved successfully.
C:\Users\Jeri\AppData\Local\Temp\MAR86DB.tmp => Moved successfully.
C:\Users\Jeri\AppData\Local\Temp\MAR890D.tmp => Moved successfully.
C:\Users\Jeri\AppData\Local\Temp\MAR8DEC.tmp => Moved successfully.
C:\Users\Jeri\AppData\Local\Temp\MAR8E7A.tmp => Moved successfully.
C:\Users\Jeri\AppData\Local\Temp\MAR956B.tmp => Moved successfully.
C:\Users\Jeri\AppData\Local\Temp\MAR9694.tmp => Moved successfully.
C:\Users\Jeri\AppData\Local\Temp\MARA063.tmp => Moved successfully.
C:\Users\Jeri\AppData\Local\Temp\MARA40C.tmp => Moved successfully.
C:\Users\Jeri\AppData\Local\Temp\MARAF32.tmp => Moved successfully.
C:\Users\Jeri\AppData\Local\Temp\MARB78B.tmp => Moved successfully.
C:\Users\Jeri\AppData\Local\Temp\MARB857.tmp => Moved successfully.
C:\Users\Jeri\AppData\Local\Temp\MARBA88.tmp => Moved successfully.
C:\Users\Jeri\AppData\Local\Temp\MARCF3F.tmp => Moved successfully.
C:\Users\Jeri\AppData\Local\Temp\MARD1C0.tmp => Moved successfully.
Could not move "C:\Users\Jeri\AppData\Local\Temp\me_" => Scheduled to move on reboot.
C:\Users\Jeri\AppData\Local\Temp\me_1Bz0LXZ0cecap9R => Moved successfully.
Could not move "C:\Users\Jeri\AppData\Local\Temp\me_B0rjbd2K28COc2H" => Scheduled to move on reboot.
C:\Users\Jeri\AppData\Local\Temp\me_dEJNdxtgc6VSQcj => Moved successfully.
Could not move "C:\Users\Jeri\AppData\Local\Temp\me_GtMpi8MjqL5kafG" => Scheduled to move on reboot.
Could not move "C:\Users\Jeri\AppData\Local\Temp\me_IXNwhXx7ooI2nqx" => Scheduled to move on reboot.
C:\Users\Jeri\AppData\Local\Temp\me_PSDGhHpEapFCLMl => Moved successfully.
C:\Users\Jeri\AppData\Local\Temp\me_Tw5hFvZwGrVuhHC => Moved successfully.
C:\Users\Jeri\AppData\Local\Temp\RedboxLog.txt => Moved successfully.
C:\Users\Jeri\AppData\Local\Temp\SDShelEx-win32.dll => Moved successfully.
C:\Users\Jeri\AppData\Local\Temp\toolbar_log.txt => Moved successfully.
C:\Users\Jeri\AppData\Local\Temp\wmplog00.sqm => Moved successfully.
C:\Users\Jeri\AppData\Local\Temp\wmplog01.sqm => Moved successfully.
C:\Users\Jeri\AppData\Local\Temp\wmplog02.sqm => Moved successfully.
C:\Users\Jeri\AppData\Local\Temp\wmsetup.log => Moved successfully.
C:\Users\Jeri\AppData\Local\Temp\_iu14D2N.tmp => Moved successfully.
C:\Users\Jeri\AppData\Local\Temp\~DF2494.tmp => Moved successfully.
C:\Users\Jeri\AppData\Local\Temp\~DF2F.tmp => Moved successfully.
C:\Users\Jeri\AppData\Local\Temp\~DF546C.tmp => Moved successfully.
C:\Users\Jeri\AppData\Local\Temp\~DF60FF.tmp => Moved successfully.
C:\Users\Jeri\AppData\Local\Temp\~DF701B.tmp => Moved successfully.
C:\Users\Jeri\AppData\Local\Temp\~DF7CD1.tmp => Moved successfully.
C:\Users\Jeri\AppData\Local\Temp\~DF832E.tmp => Moved successfully.
C:\Users\Jeri\AppData\Local\Temp\~DF8A0A.tmp => Moved successfully.
C:\Users\Jeri\AppData\Local\Temp\~DF9B30.tmp => Moved successfully.
C:\Users\Jeri\AppData\Local\Temp\~DF9EF2.tmp => Moved successfully.
C:\Users\Jeri\AppData\Local\Temp\~DF9F7B.tmp => Moved successfully.
C:\Users\Jeri\AppData\Local\Temp\~DFA624.tmp => Moved successfully.
C:\Users\Jeri\AppData\Local\Temp\~DFAD52.tmp => Moved successfully.
C:\Users\Jeri\AppData\Local\Temp\~DFAD6D.tmp => Moved successfully.
C:\Users\Jeri\AppData\Local\Temp\~DFAEAC.tmp => Moved successfully.
C:\Users\Jeri\AppData\Local\Temp\~DFB240.tmp => Moved successfully.
C:\Users\Jeri\AppData\Local\Temp\~DFB39C.tmp => Moved successfully.
C:\Users\Jeri\AppData\Local\Temp\~DFCAB0.tmp => Moved successfully.
C:\Users\Jeri\AppData\Local\Temp\~DFD0B8.tmp => Moved successfully.
C:\Users\Jeri\AppData\Local\Temp\~DFD731.tmp => Moved successfully.
C:\Users\Jeri\AppData\Local\Temp\~DFDB26.tmp => Moved successfully.
C:\Users\Jeri\AppData\Local\Temp\~DFDC70.tmp => Moved successfully.
C:\Users\Jeri\AppData\Local\Temp\~DFE114.tmp => Moved successfully.
C:\Users\Jeri\AppData\Local\Temp\~DFE118.tmp => Moved successfully.
C:\Users\Jeri\AppData\Local\Temp\~DFE989.tmp => Moved successfully.
Could not move "C:\Users\Jeri\AppData\Local\Temp" directory. => Scheduled to move on reboot.


=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-04-22 17:00:41)<=

C:\Windows\system32\vzzbi.lgp => Is moved successfully.
C:\Windows\system32\oiiv.izg => Is moved successfully.
C:\Users\Jeri\AppData\Local\Temp\me_ => Is moved successfully.
C:\Users\Jeri\AppData\Local\Temp\me_B0rjbd2K28COc2H => Is moved successfully.
C:\Users\Jeri\AppData\Local\Temp\me_GtMpi8MjqL5kafG => Is moved successfully.
C:\Users\Jeri\AppData\Local\Temp\me_IXNwhXx7ooI2nqx => Is moved successfully.
"C:\Users\Jeri\AppData\Local\Temp" => Directory could not move.

==== End of Fixlog ====



#6 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,310 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:11:19 PM

Posted 23 April 2014 - 02:13 AM

Hello,

 

If you don't recognize the content of the following folders:

 

C:\ProgramData\8d9f887a56e320ec
C:\ProgramData\DiosciountLocator

 

then go ahead and delete them manually (only these 2 subfolders not the whole programdata folder). ProgramData is hidden so to see the subfolders there you will need to follow these steps => How to see hidden files in Windows

 

 

Although we managed to clean the infection I want to make sure there is nothing lurking on the system so just in case I want you to go through these steps:

 

The most of them should take no more than 5 minutes each (but the time they take to complete can vary depending on the size of your hard and the speed of your computer).

 

 

STEP 1

 

 

  • Please download RKill by Grinler from the link below and save it to your desktop.

    Rkill
  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply.
  • A log pops up at the end of the run. This log file is located at C:\rkill.log.
  • Please post the log in your next reply.

 

 

STEP 2

 

 

  • Please download RogueKillerX64.exe and save to the desktop.
  • Close all windows and browsers
  • Right-click the program and select 'Run as Administrator'
  • Press the scan button.
  • A report opens on the desktop named - RKreport.txt
  • Please copy and past the results at pastebin.com and post the link to the log in your next reply.

 

 

STEP 3
 

 

Please download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
     
  • Put a checkmark beside loaded modules.
    Sbf88.png
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
     
  • Click the Start Scan button.
     
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    67776163.jpg
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    62117367.jpg
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and past the results at pastebin.com and post the link to the log in your next reply.

 

 

STEP 4

 

 

Please download Malwarebytes Anti-Malware to your desktop.
 

  • Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Settings tab > Detection and Protection subtab, Detection Options, tick the box 'Scan for rootkits'.
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • With some infections, you may see this message box.
    • 'Could not load DDA driver'
  • Click 'Yes' to this message, to allow the driver to load after a restart.
  • Allow the computer to restart. Continue with the rest of these instructions.
  • When the scan is complete, click Apply Actions.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

 

STEP 5

 

 

1.Please download HitmanPro.

  • For 32-bit Operating System - dEMD6.gif.
  • This is the mirror - dEMD6.gif
  • For 64-bit Operating System - dEMD6.gif
  • This is the mirror - dEMD6.gif

2.Launch the program by double clicking on the 5vo5F.jpg icon. (Windows Vista/7 users right click on the HitmanPro icon and select run as administrator).

Note: If the program won't run please then open the program while holding down the left CTRL key until the program is loaded.

3.Click on the next button. You must agree with the terms of EULA. (if asked)

4.Check the box beside "No, I only want to perform a one-time scan to check this computer".

5.Click on the next button.

6.The program will start to scan the computer. The scan will typically take no more than 2-3 minutes.

7.When the scan is done click on drop-down menu of the found entries (if any) and choose - Apply to all => Ignore <= IMPORTANT!!!
 
8.Click on the next button.

9.Click on the "Save Log" button.

10.Save that file to your desktop and post the content of that file in your next reply.
 
Note: if there isn't a dropdown menu when the scan is done then please don't delete anything and close HitmanPro

Navigate to C:\ProgramData\HitmanPro\Logs open the report and copy and paste it to your next reply.

 

 

 

STEP 6

 

 

Download Security Check by screen317 from here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

and then if there aren't any issues left I'll give you my final recommendations. :)

 

 

Regards,

Georgi


Edited by B-boy/StyLe/, 23 April 2014 - 02:14 AM.

cXfZ4wS.png


#7 CobaltCat

CobaltCat
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:19 PM

Posted 24 April 2014 - 12:52 AM

Rkill:

Rkill 2.6.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 04/23/2014 09:45:06 PM in x86 mode.
Windows Version: Windows Vista ™ Home Premium Service Pack 2

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

 * Windows Defender (WinDefend) is not Running.
   Startup Type set to: Disabled

 * Security Center (wscsvc) is not Running.
   Startup Type set to: Disabled

 * Windows Update (wuauserv) is not Running.
   Startup Type set to: Disabled

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1       localhost
  ::1             localhost

Program finished at: 04/23/2014 09:45:44 PM
Execution time: 0 hours(s), 0 minute(s), and 37 seconds(s)

RogueKiller:

http://pastebin.com/qugGCdM5

TDSSKiller:

http://pastebin.com/Xi28jekG

MalwareBytes:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 4/23/2014
Scan Time: 10:30:51 PM
Logfile:
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.04.24.04
Rootkit Database: v2014.03.27.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled

OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: Jeri

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 225821
Time Elapsed: 11 min, 50 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

HitmanPro:

HitmanPro 3.7.9.216
www.hitmanpro.com
   Computer name . . . . : JERI-PC
   Windows . . . . . . . : 6.0.2.6002.X86/2
   User name . . . . . . : Jeri-PC\Jeri
   UAC . . . . . . . . . : Disabled
   License . . . . . . . : Free
   Scan date . . . . . . : 2014-04-23 22:35:15
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 4m 15s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No
   Threats . . . . . . . : 9
   Traces  . . . . . . . : 98
   Objects scanned . . . : 1,426,241
   Files scanned . . . . : 27,587
   Remnants scanned  . . : 311,766 files / 1,086,888 keys
Suspicious files ____________________________________________________________
   C:\Users\Jeri\AppData\LocalLow\DE6D.tmp
      Size . . . . . . . : 757,488 bytes
      Age  . . . . . . . : 45.1 days (2014-03-09 20:10:04)
      Entropy  . . . . . : 6.6
      SHA-256  . . . . . : 901399757F50C28011473A613E38C021F58520C2C72B6225CF4CC814B779CA81
      Product  . . . . . : Windows® Internet Explorer
      Publisher  . . . . : Microsoft Corporation
      Description  . . . : Internet Explorer
      Version  . . . . . : 9.00.8112.16533
      Copyright  . . . . : © Microsoft Corporation. All rights reserved.
      RSA Key Size . . . : 2048
      Authenticode . . . : Invalid
      Fuzzy  . . . . . . : 24.0
         Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
         The file name extension of this program is not common.

Malware remnants ____________________________________________________________
   C:\Program Files\SearchProtect\ (SearchProtect)
   C:\Users\Jeri\AppData\Local\SearchProtect\ (SearchProtect)
   C:\Users\Jeri\AppData\Local\SearchProtect\SearchProtect\rep\ (SearchProtect)
   C:\Users\Jeri\AppData\Local\SearchProtect\SearchProtect\rep\UserRepository.dat (SearchProtect)
   C:\Users\Jeri\AppData\Local\SearchProtect\SearchProtect\rep\UserSettings.dat (SearchProtect)
   C:\Users\Jeri\AppData\Local\SearchProtect\UI\rep\ (SearchProtect)
   C:\Users\Jeri\AppData\Local\SearchProtect\UI\rep\UIRepository.dat (SearchProtect)
   HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}\ (Jotzey)
   HKLM\SOFTWARE\SearchProtect\ (SearchProtect)
Potential Unwanted Programs _________________________________________________
   C:\Users\Jeri\Documents\Optimizer Pro\ (PCOptimizerPro)
   C:\Users\Jeri\Documents\Optimizer Pro\CookiesException.txt (PCOptimizerPro)
   C:\Windows\System32\WNLT\ (Sweetpacks)
   HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}\ (FLV Player)
   HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}\ (FLV Player)
   HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}\ (FLV Player)
   HKLM\SYSTEM\ControlSet001\Services\Eventlog\Application\WajamUpdater\ (Claro)
   HKLM\SYSTEM\ControlSet002\Services\Eventlog\Application\WajamUpdater\ (Claro)
   HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater\ (Claro)
   HKU\.DEFAULT\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\ (FLV Player)
   HKU\.DEFAULT\Software\IM\ (Sweetpacks)
   HKU\.DEFAULT\Software\ImInstaller\ (Sweetpacks)
   HKU\.DEFAULT\Software\SweetIM\ (Sweetpacks)
   HKU\S-1-5-18\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\ (FLV Player)
   HKU\S-1-5-18\Software\IM\ (Sweetpacks)
   HKU\S-1-5-18\Software\ImInstaller\ (Sweetpacks)
   HKU\S-1-5-18\Software\SweetIM\ (Sweetpacks)
   HKU\S-1-5-19\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\ (FLV Player)
   HKU\S-1-5-20\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\ (FLV Player)
   HKU\S-1-5-21-119363732-4198429369-2133467-1000\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\ (FLV Player)
   HKU\S-1-5-21-119363732-4198429369-2133467-1000\Software\IM\ (Sweetpacks)
   HKU\S-1-5-21-119363732-4198429369-2133467-1000\Software\ImInstaller\ (Sweetpacks)
   HKU\S-1-5-21-119363732-4198429369-2133467-1000\Software\SweetIM\ (Sweetpacks)
   HKU\S-1-5-21-119363732-4198429369-2133467-1000\Software\Wajam\ (Claro)
   HKU\S-1-5-21-119363732-4198429369-2133467-1000\Software\WNLT\ (Sweetpacks)
Cookies _____________________________________________________________________
   C:\Users\Jeri\AppData\Roaming\Microsoft\Windows\Cookies\01N6Q594.txt
   C:\Users\Jeri\AppData\Roaming\Microsoft\Windows\Cookies\01PRT4FH.txt
   C:\Users\Jeri\AppData\Roaming\Microsoft\Windows\Cookies\0ZV4JJ6W.txt
   C:\Users\Jeri\AppData\Roaming\Microsoft\Windows\Cookies\1H3PYEHQ.txt
   C:\Users\Jeri\AppData\Roaming\Microsoft\Windows\Cookies\20IKGUXU.txt
   C:\Users\Jeri\AppData\Roaming\Microsoft\Windows\Cookies\2J5QGHZJ.txt
   C:\Users\Jeri\AppData\Roaming\Microsoft\Windows\Cookies\2YDF9R4S.txt
   C:\Users\Jeri\AppData\Roaming\Microsoft\Windows\Cookies\3HUR8A92.txt
   C:\Users\Jeri\AppData\Roaming\Microsoft\Windows\Cookies\3S71QFE7.txt
   C:\Users\Jeri\AppData\Roaming\Microsoft\Windows\Cookies\3X28VUI7.txt
   C:\Users\Jeri\AppData\Roaming\Microsoft\Windows\Cookies\4AHWZLTX.txt
   C:\Users\Jeri\AppData\Roaming\Microsoft\Windows\Cookies\5UAJC931.txt
   C:\Users\Jeri\AppData\Roaming\Microsoft\Windows\Cookies\5YNYD0FD.txt
   C:\Users\Jeri\AppData\Roaming\Microsoft\Windows\Cookies\64JSZUR0.txt
   C:\Users\Jeri\AppData\Roaming\Microsoft\Windows\Cookies\6CJEUYHM.txt
   C:\Users\Jeri\AppData\Roaming\Microsoft\Windows\Cookies\6F3X0DPM.txt
   C:\Users\Jeri\AppData\Roaming\Microsoft\Windows\Cookies\81PFXY29.txt
   C:\Users\Jeri\AppData\Roaming\Microsoft\Windows\Cookies\8BAVNTNS.txt
   C:\Users\Jeri\AppData\Roaming\Microsoft\Windows\Cookies\8YXLHDET.txt
   C:\Users\Jeri\AppData\Roaming\Microsoft\Windows\Cookies\95Y1NV5R.txt
   C:\Users\Jeri\AppData\Roaming\Microsoft\Windows\Cookies\98F0195O.txt
   C:\Users\Jeri\AppData\Roaming\Microsoft\Windows\Cookies\9VFDT4ZG.txt
   C:\Users\Jeri\AppData\Roaming\Microsoft\Windows\Cookies\A1CFVPQ8.txt
   C:\Users\Jeri\AppData\Roaming\Microsoft\Windows\Cookies\A8JKQXZZ.txt
   C:\Users\Jeri\AppData\Roaming\Microsoft\Windows\Cookies\B2WLDDHI.txt
   C:\Users\Jeri\AppData\Roaming\Microsoft\Windows\Cookies\B7I0TKD9.txt
   C:\Users\Jeri\AppData\Roaming\Microsoft\Windows\Cookies\C8MURXJF.txt
   C:\Users\Jeri\AppData\Roaming\Microsoft\Windows\Cookies\D2J7ZX3W.txt
   C:\Users\Jeri\AppData\Roaming\Microsoft\Windows\Cookies\DIPDFC51.txt
   C:\Users\Jeri\AppData\Roaming\Microsoft\Windows\Cookies\DWUVVZHX.txt
   C:\Users\Jeri\AppData\Roaming\Microsoft\Windows\Cookies\DZ1Z47V4.txt
   C:\Users\Jeri\AppData\Roaming\Microsoft\Windows\Cookies\E3QWPS1P.txt
   C:\Users\Jeri\AppData\Roaming\Microsoft\Windows\Cookies\E7606EMR.txt
   C:\Users\Jeri\AppData\Roaming\Microsoft\Windows\Cookies\F1KWYPVV.txt
   C:\Users\Jeri\AppData\Roaming\Microsoft\Windows\Cookies\FWBLYXK7.txt
   C:\Users\Jeri\AppData\Roaming\Microsoft\Windows\Cookies\G8Y987N4.txt
   C:\Users\Jeri\AppData\Roaming\Microsoft\Windows\Cookies\GM000PD9.txt
   C:\Users\Jeri\AppData\Roaming\Microsoft\Windows\Cookies\H34G37L8.txt
   C:\Users\Jeri\AppData\Roaming\Microsoft\Windows\Cookies\I5TJT6Y6.txt
   C:\Users\Jeri\AppData\Roaming\Microsoft\Windows\Cookies\I9HIU1KW.txt
   C:\Users\Jeri\AppData\Roaming\Microsoft\Windows\Cookies\IA30W9M0.txt
   C:\Users\Jeri\AppData\Roaming\Microsoft\Windows\Cookies\IGFBRQ1H.txt
   C:\Users\Jeri\AppData\Roaming\Microsoft\Windows\Cookies\IJDAC336.txt
   C:\Users\Jeri\AppData\Roaming\Microsoft\Windows\Cookies\J4F4LIZB.txt
   C:\Users\Jeri\AppData\Roaming\Microsoft\Windows\Cookies\KSAP6K4L.txt
   C:\Users\Jeri\AppData\Roaming\Microsoft\Windows\Cookies\KUWDR08V.txt
   C:\Users\Jeri\AppData\Roaming\Microsoft\Windows\Cookies\KZFM5G5M.txt
   C:\Users\Jeri\AppData\Roaming\Microsoft\Windows\Cookies\M1IBW4EY.txt
   C:\Users\Jeri\AppData\Roaming\Microsoft\Windows\Cookies\MIXR1DOL.txt
   C:\Users\Jeri\AppData\Roaming\Microsoft\Windows\Cookies\MSEUS2EY.txt
   C:\Users\Jeri\AppData\Roaming\Microsoft\Windows\Cookies\NEUJNCAM.txt
   C:\Users\Jeri\AppData\Roaming\Microsoft\Windows\Cookies\O7X81ZOF.txt
   C:\Users\Jeri\AppData\Roaming\Microsoft\Windows\Cookies\PG1TBW3Y.txt
   C:\Users\Jeri\AppData\Roaming\Microsoft\Windows\Cookies\PL16ATGU.txt
   C:\Users\Jeri\AppData\Roaming\Microsoft\Windows\Cookies\SDNQX3RN.txt
   C:\Users\Jeri\AppData\Roaming\Microsoft\Windows\Cookies\TO39F0WZ.txt
   C:\Users\Jeri\AppData\Roaming\Microsoft\Windows\Cookies\U32VKFMQ.txt
   C:\Users\Jeri\AppData\Roaming\Microsoft\Windows\Cookies\VEZOU550.txt
   C:\Users\Jeri\AppData\Roaming\Microsoft\Windows\Cookies\VJ6RBEF8.txt
   C:\Users\Jeri\AppData\Roaming\Microsoft\Windows\Cookies\VPMR5JAR.txt
   C:\Users\Jeri\AppData\Roaming\Microsoft\Windows\Cookies\XK3CPU60.txt
   C:\Users\Jeri\AppData\Roaming\Microsoft\Windows\Cookies\Y8EMUOU7.txt
   C:\Users\Jeri\AppData\Roaming\Microsoft\Windows\Cookies\YFS5X68R.txt

Security Check:

 Results of screen317's Security Check version 0.99.82
 Windows Vista Service Pack 2 x86 (UAC is disabled!)
 Internet Explorer 9
 Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
 Windows Security Center service is not running! This report may not be accurate!
 Windows Firewall Enabled!
AVG AntiVirus 2014 
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 Adobe Reader 10.1.4 Adobe Reader out of Date!
 Google Chrome 29.0.1547.66
 Google Chrome 34.0.1847.116
````````Process Check: objlist.exe by Laurent````````
 Malwarebytes Anti-Malware mbamservice.exe
 Malwarebytes Anti-Malware mbam.exe
 AVG avgwdsvc.exe
 AVG avgrsx.exe
 AVG avgnsx.exe
 AVG avgemc.exe
 Malwarebytes Anti-Malware mbamscheduler.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 1 %
````````````````````End of Log``````````````````````



#8 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,310 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:11:19 PM

Posted 24 April 2014 - 05:21 AM

Hello,

 

 

We need to execute another fixlist to clean some remnants:

 

Please download the following file => and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

Your Adobe Reader is out of date.
Older versions may have vulnerabilities that malware can use to infect your system.
Please download Adobe Reader 11.0.06 to your PC's desktop.
 

  • Uninstall Adobe Reader 10.1.4 via Start => Control Panel > Uninstall a program
  • Install the new downloaded updated software.

 

  • It is possible for other programs on your computer to have security vulnerability that can allow malware to infect you.
  • Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities.
  • You can check these by visiting Secunia Software Inspector or you can use the following application for this purpose PatchMyPC

 
Visit Microsoft's Windows Update Site Frequently

 

  • It is important that you visit Windows Update regularly.
  • This will ensure your computer has always the latest security updates available installed on your computer.
  • If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

 

Finally post a new log from SecurityCheck.

 

 

Regards,

Georgi


cXfZ4wS.png


#9 CobaltCat

CobaltCat
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:19 PM

Posted 24 April 2014 - 12:48 PM


FRST:
 
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 24-04-2014
Ran by Jeri at 2014-04-24 09:36:47 Run:2
Running from C:\Users\Jeri\Desktop
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
start
C:\Users\Jeri\AppData\LocalLow\DE6D.tmp
C:\Program Files\SearchProtect
C:\Users\Jeri\AppData\Local\SearchProtect
C:\Users\Jeri\Documents\Optimizer Pro
C:\Windows\System32\WNLT
Reg: reg delete "HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}" /f
Reg: reg delete "HKLM\SOFTWARE\SearchProtect" /f
Reg: reg delete "HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}" /f
Reg: reg delete "HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}" /f
Reg: reg delete "HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}" /f
Reg: reg delete "HKLM\SYSTEM\ControlSet001\Services\Eventlog\Application\WajamUpdater" /f
Reg: reg delete "HKLM\SYSTEM\ControlSet002\Services\Eventlog\Application\WajamUpdater" /f
Reg: reg delete "HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater" /f
Reg: reg delete "HKU\.DEFAULT\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}" /f
Reg: reg delete "HKU\.DEFAULT\Software\IM" /f
Reg: reg delete "HKU\.DEFAULT\Software\ImInstaller" /f
Reg: reg delete "HKU\.DEFAULT\Software\SweetIM" /f
Reg: reg delete "HKU\S-1-5-18\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}" /f
Reg: reg delete "HKU\S-1-5-18\Software\IM" /f
Reg: reg delete "HKU\S-1-5-18\Software\ImInstaller" /f
Reg: reg delete "HKU\S-1-5-18\Software\SweetIM" /f
Reg: reg delete "HKU\S-1-5-19\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}" /f
Reg: reg delete "HKU\S-1-5-20\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}" /f
Reg: reg delete "HKU\S-1-5-21-119363732-4198429369-2133467-1000\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}" /f
Reg: reg delete "HKU\S-1-5-21-119363732-4198429369-2133467-1000\Software\IM" /f
Reg: reg delete "HKU\S-1-5-21-119363732-4198429369-2133467-1000\Software\ImInstaller" /f
Reg: reg delete "HKU\S-1-5-21-119363732-4198429369-2133467-1000\Software\SweetIM" /f
Reg: reg delete "HKU\S-1-5-21-119363732-4198429369-2133467-1000\Software\Wajam" /f
Reg: reg delete "HKU\S-1-5-21-119363732-4198429369-2133467-1000\Software\WNLT" /f
Unlock: HKLM\SYSTEM\CurrentControlSet\services\wscsvc
Unlock: HKLM\SYSTEM\CurrentControlSet\services\wuauserv
cmd: sc config wscsvc start= delayed-auto
cmd: sc config wuauserv start= delayed-auto
end
*****************
 
C:\Users\Jeri\AppData\LocalLow\DE6D.tmp => Moved successfully.
C:\Program Files\SearchProtect => Moved successfully.
C:\Users\Jeri\AppData\Local\SearchProtect => Moved successfully.
C:\Users\Jeri\Documents\Optimizer Pro => Moved successfully.
C:\Windows\System32\WNLT => Moved successfully.
 
========= reg delete "HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}" /f =========
 
The operation completed successfully.
 
 
========= End of Reg: =========
 
 
========= reg delete "HKLM\SOFTWARE\SearchProtect" /f =========
 
The operation completed successfully.
 
 
========= End of Reg: =========
 
 
========= reg delete "HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}" /f =========
 
The operation completed successfully.
 
 
========= End of Reg: =========
 
 
========= reg delete "HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}" /f =========
 
The operation completed successfully.
 
 
========= End of Reg: =========
 
 
========= reg delete "HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}" /f =========
 
The operation completed successfully.
 
 
========= End of Reg: =========
 
 
========= reg delete "HKLM\SYSTEM\ControlSet001\Services\Eventlog\Application\WajamUpdater" /f =========
 
The operation completed successfully.
 
 
========= End of Reg: =========
 
 
========= reg delete "HKLM\SYSTEM\ControlSet002\Services\Eventlog\Application\WajamUpdater" /f =========
 
The operation completed successfully.
 
 
========= End of Reg: =========
 
 
========= reg delete "HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater" /f =========
 
ERROR: The system was unable to find the specified registry key or value.
 
 
========= End of Reg: =========
 
 
========= reg delete "HKU\.DEFAULT\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}" /f =========
 
The operation completed successfully.
 
 
========= End of Reg: =========
 
 
========= reg delete "HKU\.DEFAULT\Software\IM" /f =========
 
The operation completed successfully.
 
 
========= End of Reg: =========
 
 
========= reg delete "HKU\.DEFAULT\Software\ImInstaller" /f =========
 
The operation completed successfully.
 
 
========= End of Reg: =========
 
 
========= reg delete "HKU\.DEFAULT\Software\SweetIM" /f =========
 
The operation completed successfully.
 
 
========= End of Reg: =========
 
 
========= reg delete "HKU\S-1-5-18\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}" /f =========
 
ERROR: The system was unable to find the specified registry key or value.
 
 
========= End of Reg: =========
 
 
========= reg delete "HKU\S-1-5-18\Software\IM" /f =========
 
ERROR: The system was unable to find the specified registry key or value.
 
 
========= End of Reg: =========
 
 
========= reg delete "HKU\S-1-5-18\Software\ImInstaller" /f =========
 
ERROR: The system was unable to find the specified registry key or value.
 
 
========= End of Reg: =========
 
 
========= reg delete "HKU\S-1-5-18\Software\SweetIM" /f =========
 
ERROR: The system was unable to find the specified registry key or value.
 
 
========= End of Reg: =========
 
 
========= reg delete "HKU\S-1-5-19\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}" /f =========
 
The operation completed successfully.
 
 
========= End of Reg: =========
 
 
========= reg delete "HKU\S-1-5-20\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}" /f =========
 
The operation completed successfully.
 
 
========= End of Reg: =========
 
 
========= reg delete "HKU\S-1-5-21-119363732-4198429369-2133467-1000\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}" /f =========
 
The operation completed successfully.
 
 
========= End of Reg: =========
 
 
========= reg delete "HKU\S-1-5-21-119363732-4198429369-2133467-1000\Software\IM" /f =========
 
The operation completed successfully.
 
 
========= End of Reg: =========
 
 
========= reg delete "HKU\S-1-5-21-119363732-4198429369-2133467-1000\Software\ImInstaller" /f =========
 
The operation completed successfully.
 
 
========= End of Reg: =========
 
 
========= reg delete "HKU\S-1-5-21-119363732-4198429369-2133467-1000\Software\SweetIM" /f =========
 
The operation completed successfully.
 
 
========= End of Reg: =========
 
 
========= reg delete "HKU\S-1-5-21-119363732-4198429369-2133467-1000\Software\Wajam" /f =========
 
The operation completed successfully.
 
 
========= End of Reg: =========
 
 
========= reg delete "HKU\S-1-5-21-119363732-4198429369-2133467-1000\Software\WNLT" /f =========
 
The operation completed successfully.
 
 
========= End of Reg: =========
 
"HKLM\SYSTEM\CurrentControlSet\services\wscsvc" => Key unlocked successfully.
"HKLM\SYSTEM\CurrentControlSet\services\wuauserv" => Key unlocked successfully.
 
=========  sc config wscsvc start= delayed-auto =========
 
[SC] ChangeServiceConfig SUCCESS
 
========= End of CMD: =========
 
 
=========  sc config wuauserv start= delayed-auto =========
 
[SC] ChangeServiceConfig SUCCESS
 
========= End of CMD: =========
 
 
==== End of Fixlog ====
 
 
I updated Adobe Reader, which had never been activated.
Windows Updates are current.
 
 
 
Security Check:
 
 Results of screen317's Security Check version 0.99.82  
 Windows Vista Service Pack 2 x86 (UAC is enabled)  
 Internet Explorer 9  
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
AVG AntiVirus 2014   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Adobe Reader 10.1.9 Adobe Reader out of Date!  
 Google Chrome 29.0.1547.66  
 Google Chrome 34.0.1847.116  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 AVG avgwdsvc.exe 
 AVG avgrsx.exe 
 AVG avgnsx.exe 
 AVG avgemc.exe 
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 0 % 
````````````````````End of Log`````````````````````` 
 
 
After this last round, upon system restart, I get a MS Visual C++ Runtime termination error message, but the software name is not there. Kodak EasyShare software stops, too. And Internet Explorer errors out, too. It can't seem to bring up any sites. Chrome works just fine, though.
 


#10 CobaltCat

CobaltCat
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:19 PM

Posted 24 April 2014 - 12:52 PM

I don't understand about Adobe Reader. I have 10.1.9 installed, but Security Check says it's out of date, but if I go to Adobe and look for the latest version there, it says 10.1.4 is the latest version. ?????



#11 CobaltCat

CobaltCat
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:19 PM

Posted 24 April 2014 - 02:08 PM

I finally saw your link to the right Adobe Reader, sorry. It is now installed.

 

I uninstalled Kodak EasyShare. It was no longer supported and always was a junky piece of software. That seems to have gotten rid of the Runtime error. But IE still doesn't work.



#12 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,310 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:11:19 PM

Posted 24 April 2014 - 05:45 PM

Hello,

 

Try to reset IE settings to default and let me know about the results:

 

http://windows.microsoft.com/en-us/windows7/reset-internet-explorer-settings-in-internet-explorer-9

 

 

Regards,

Georgi


cXfZ4wS.png


#13 CobaltCat

CobaltCat
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:19 PM

Posted 24 April 2014 - 09:11 PM

When you open IE, it tries to connect to the home page (Yahoo) and does not. After a bit, the error message comes up "stopped working" and the menu bar never is clickable. I went into control panel and reset it from there, but it still does the same thing.



#14 CobaltCat

CobaltCat
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:19 PM

Posted 25 April 2014 - 01:00 AM

This appears to be a conflict with igdumdx32.dll. I'm researching the problem now, but thought you might have a suggestion.

 

Thank you for hanging in there with me on this!



#15 CobaltCat

CobaltCat
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:19 PM

Posted 25 April 2014 - 02:18 AM

I think I've got it fixed. IE doesn't crash anymore, it's just really, really slow. Chrome and Firefox are fine, though! It seems to have been a graphic driver conflict. After updating the graphic driver, IE stop[ed crashing.

 

Thank you for your help. At this point, I'm calling it fixed, unless you have any other recommendations.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users