Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

rplcss.dll file and continuous ads running on computer


  • This topic is locked This topic is locked
138 replies to this topic

#1 Bamagirl15

Bamagirl15

  • Members
  • 130 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Gulf Coast
  • Local time:08:31 AM

Posted 22 April 2014 - 11:07 AM

I'll be revisiting this old closed thread later today & may need some assistance.  I'm great at following directions, but messing with registry items and deleting files isn't something I do on a regular basis!  My husband has the dreaded "playing continuous ads" on his computer (Win7). I've run Malwarebytes, Avira and TDSSKiller (couldn't find a "cure" button on TDSSKiller, only a quarantine".  I "think" I've narrowed it down to this file.  rplcss.dll. 

 

http://www.bleepingcomputer.com/forums/t/530706/rpcssdll-infected-with-virus-system-randomly-broadcasts-ads/

 


BC AdBot (Login to Remove)

 


#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:04:31 PM

Posted 22 April 2014 - 05:36 PM

Hello! Welcome to BleepingComputer Forums! :welcome:
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

 

Please download the latest version of Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
  • Next please re-run FRST again and type the following in the edit box after Search: rpcss.dll
  • Click the Search button
  • It will make a log (Search.txt)- please post the log into your reply to me. (you can use pastebin as well).

 

Regards,

Georgi


cXfZ4wS.png


#3 Bamagirl15

Bamagirl15
  • Topic Starter

  • Members
  • 130 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Gulf Coast
  • Local time:08:31 AM

Posted 22 April 2014 - 08:14 PM

Ok Georgia --here's the first log:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-04-2014
Ran by ray (administrator) on RAY-PC on 22-04-2014 20:10:42
Running from C:\Users\ray\Desktop
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgchsva.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgtray.exe
() C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2012-06-08] (LogMeIn, Inc.)
HKLM-x32\...\Run: [AVG_TRAY] => C:\Program Files (x86)\AVG\AVG10\avgtray.exe [2345592 2012-08-01] (AVG Technologies CZ, s.r.o.)
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2014-03-30] (Microsoft Corporation)
HKU\S-1-5-21-3139533511-3349264603-4081201394-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6563608 2014-01-06] (SUPERAntiSpyware)
HKU\S-1-5-21-3139533511-3349264603-4081201394-1001\...\Run: [NVIDIA nTune] => C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe [98304 2007-09-04] (NVIDIA)
HKU\S-1-5-21-3139533511-3349264603-4081201394-1003\...\Run: [HPADVISOR] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1685048 2009-09-29] (Hewlett-Packard)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQDSK/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQDSK/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQDSK/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQDSK/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQDSK/1
URLSearchHook: HKCU - Default Value = {CFBFAE00-17A6-11D0-99CB-00C04FD64497}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {9D99A061-1537-44E4-BB91-323FD22D64D7} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscqd
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&r=808
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&r=808
SearchScopes: HKCU - {58729474-9319-43EA-AB6C-14958354176A} URL = http://search.yahoo.com/?ourmark=4&p={searchTerms}
SearchScopes: HKCU - {F80757C6-B7B4-40D6-B49F-FD89B7EE6067} URL = http://search.avg.com/route/?d=4b3d2cf0&i=23&tp=chrome&q={searchTerms}&lng={language}&ychte=us&nt=1
BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)
BHO-x32: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Toolbar: HKCU - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKCU - No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} -  No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: HKLM-x32 {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=1007
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll (Microsoft Corporation)
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} -  No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\syswow64\urlmon.dll (Microsoft Corporation)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 97.64.209.36 97.64.168.13

FireFox:
========
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\ray\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @plugin.couponnetwork.com/Coupon Print Activator;version=4.5 - C:\Users\ray\AppData\Roaming\E-centives\NPcolPM470.dll (Invenda)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\ray\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\ray\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files (x86)\AVG\AVG10\Firefox4\
FF Extension: AVG Safe Search - C:\Program Files (x86)\AVG\AVG10\Firefox4\ []

Chrome:
=======
CHR StartupUrls: "hxxp://my.msn.com/"
CHR DefaultSearchKeyword: bing.com
CHR DefaultSearchProvider: Bing
CHR DefaultSearchURL: http://www.bing.com/search?setmkt=en-US&q={searchTerms}
CHR DefaultNewTabURL:
CHR Plugin: (Shockwave Flash) - C:\Users\ray\AppData\Local\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\ray\AppData\Local\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\ray\AppData\Local\Google\Chrome\Application\34.0.1847.116\pdf.dll ()
CHR Plugin: (         "name": "",) - C:\Users\ray\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb\2.5.60263_0\plugin/gc_getcid.dll No File
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\ray\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Coupon Activator Netscape Plugin v. 4.5.0.0) - C:\Users\ray\AppData\Roaming\E-centives\NPcolPM470.dll (Invenda)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (YouTube) - C:\Users\ray\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-02-24]
CHR Extension: (Google Search) - C:\Users\ray\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-02-24]
CHR Extension: (Google Wallet) - C:\Users\ray\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-04]
CHR Extension: (Gmail) - C:\Users\ray\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-02-24]

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [7391072 2012-01-31] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [269520 2011-02-08] (AVG Technologies CZ, s.r.o.)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [376144 2014-01-27] (LogMeIn, Inc.)
R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226640 2014-01-27] (LogMeIn, Inc.)
S2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2012-06-08] (LogMeIn, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 nTuneService; C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe [180224 2007-09-04] (NVIDIA)

==================== Drivers (Whitelisted) ====================

R3 AVGIDSDriver; C:\Windows\System32\DRIVERS\AVGIDSDriver.Sys [118864 2011-05-27] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSEH; C:\Windows\System32\DRIVERS\AVGIDSEH.Sys [26704 2011-02-22] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSFilter; C:\Windows\System32\DRIVERS\AVGIDSFilter.Sys [29264 2011-02-10] (AVG Technologies CZ, s.r.o. )
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [312160 2012-11-12] (AVG Technologies CZ, s.r.o.)
R1 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [41552 2011-03-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [37456 2011-03-16] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [377936 2011-04-05] (AVG Technologies CZ, s.r.o.)
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-05-31] (LogMeIn, Inc.)
S4 LMIRfsClientNP; No ImagePath
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
R3 NVR0Dev; C:\Windows\nvoclk64.sys [39968 2007-09-04] (NVidia Corp.)
U0 Partizan; C:\Windows\SysWOW64\drivers\Partizan.sys [35816 2014-04-22] (Greatis Software)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S0 TfFsMon; system32\drivers\TfFsMon.sys [X]
S3 TfNetMon; \??\C:\Windows\system32\drivers\TfNetMon.sys [X]
S0 TfSysMon; system32\drivers\TfSysMon.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-04-22 20:10 - 2014-04-22 20:11 - 00015540 _____ () C:\Users\ray\Desktop\FRST.txt
2014-04-22 20:10 - 2014-04-22 20:10 - 02061312 _____ (Farbar) C:\Users\ray\Desktop\FRST64.exe
2014-04-22 20:10 - 2014-04-22 20:10 - 00000000 ____D () C:\FRST
2014-04-22 19:12 - 2014-04-22 19:12 - 00000044 _____ () C:\Windows\system32\Partizan.RRI
2014-04-22 19:11 - 2014-04-22 20:06 - 00000000 ____D () C:\ProgramData\RegRun
2014-04-22 09:10 - 2014-04-22 19:14 - 00000248 _____ () C:\Windows\SysWOW64\PARTIZAN.TXT
2014-04-22 09:08 - 2014-04-22 09:08 - 00040720 _____ (Greatis Software) C:\Windows\system32\Partizan.exe
2014-04-22 09:07 - 2014-04-22 09:07 - 00000000 ____D () C:\@RestoreQuarantine
2014-04-22 09:03 - 2014-04-22 09:03 - 00000002 RSHOT () C:\Windows\winstart.bat
2014-04-22 09:03 - 2014-04-22 09:03 - 00000002 RSHOT () C:\Windows\SysWOW64\CONFIG.NT
2014-04-22 09:03 - 2014-04-22 09:03 - 00000002 RSHOT () C:\Windows\SysWOW64\AUTOEXEC.NT
2014-04-22 09:02 - 2014-04-22 19:11 - 00000000 ____D () C:\Users\ray\Documents\RegRun2
2014-04-22 09:02 - 2014-04-22 09:08 - 00000000 ____D () C:\Users\Public\Documents\regruninfo
2014-04-22 09:02 - 2014-04-22 09:03 - 00000000 ____D () C:\Program Files (x86)\UnHackMe
2014-04-22 09:02 - 2014-04-22 09:02 - 00035816 _____ (Greatis Software) C:\Windows\SysWOW64\Drivers\Partizan.sys
2014-04-22 09:02 - 2014-04-22 09:02 - 00001017 _____ () C:\Users\ray\Desktop\UnHackMe.lnk
2014-04-22 09:02 - 2014-04-22 09:02 - 00000418 _____ () C:\Windows\Tasks\UnHackMe Task Scheduler.job
2014-04-22 09:02 - 2014-03-28 13:01 - 00012800 _____ (Greatis Software, LLC.) C:\Windows\SysWOW64\Drivers\UnHackMeDrv.sys
2014-04-22 09:00 - 2014-04-22 09:01 - 15295838 _____ () C:\Users\ray\Downloads\unhackme.zip
2014-04-21 21:40 - 2014-04-21 21:40 - 00001216 _____ () C:\4-21-14.txt
2014-04-21 20:09 - 2014-04-21 20:09 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-21 20:09 - 2014-04-21 20:09 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-21 19:47 - 2014-04-21 19:47 - 00000000 ____D () C:\Users\ray\Documents\tdsskiller[1] evised
2014-04-21 18:55 - 2014-04-21 18:55 - 00000000 ____D () C:\Users\ray\Documents\tdsskiller[1]
2014-04-21 18:53 - 2014-04-21 20:03 - 00000000 ____D () C:\Users\ray\Desktop\tdsskiller-2-8-14-0
2014-04-21 18:53 - 2014-04-21 18:53 - 02195988 _____ () C:\Users\ray\Desktop\tdsskiller-2-8-14-0.zip
2014-04-21 18:30 - 2014-04-22 19:10 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-04-21 17:50 - 2014-04-21 17:50 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf5db421e51740.job
2014-04-21 12:41 - 2014-04-21 12:41 - 06000640 _____ () C:\Program Files (x86)\GUT906E.tmp
2014-04-21 12:41 - 2014-04-21 12:41 - 00000000 ____D () C:\Program Files (x86)\GUM8FA2.tmp
2014-04-21 12:37 - 2014-04-22 08:22 - 00000000 ____D () C:\Program Files\Google
2014-04-21 12:35 - 2014-04-21 20:05 - 00000000 ____D () C:\ProgramData\Google
2014-04-21 12:32 - 2014-04-21 12:38 - 00000000 ____D () C:\Program Files (x86)\GUME263.tmp
2014-04-20 20:02 - 2014-04-22 18:54 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-20 20:01 - 2014-04-20 20:01 - 00001112 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-20 20:01 - 2014-04-20 20:01 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-20 20:01 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-20 20:01 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-20 20:01 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-20 19:27 - 2014-04-20 19:27 - 00380416 _____ () C:\Users\ray\Downloads\eiqbtblm.exe
2014-04-20 19:10 - 2014-04-22 08:46 - 00000000 ____D () C:\Users\ray\Downloads\RootkitRevealer
2014-04-20 19:08 - 2014-04-22 08:46 - 04142142 _____ () C:\Users\ray\Downloads\RootkitRevealer.zip
2014-04-20 16:43 - 2014-04-22 19:14 - 00003820 _____ () C:\Windows\PFRO.log
2014-04-20 01:01 - 2014-04-21 18:24 - 00000000 ____D () C:\Users\ray\Documents\My Weblog Posts
2014-04-20 01:01 - 2014-04-20 01:01 - 00000000 ____D () C:\Users\ray\AppData\Roaming\Windows Live Writer
2014-04-20 01:01 - 2014-04-20 01:01 - 00000000 ____D () C:\Users\ray\AppData\Local\Windows Live Writer
2014-04-19 14:09 - 2014-04-22 19:25 - 00000079 _____ () C:\Windows\system32\gmcwp.ruz
2014-04-19 13:25 - 2014-04-22 19:14 - 00037888 _____ () C:\Windows\system32\oysc.ozp
2014-04-19 13:24 - 2014-04-22 19:14 - 00002296 _____ () C:\Windows\setupact.log
2014-04-19 13:24 - 2014-04-22 19:14 - 00000101 _____ () C:\Windows\system32\sfate.ibh
2014-04-19 13:24 - 2014-04-19 13:24 - 00000064 _____ () C:\Windows\system32\dujv.mru
2014-04-19 13:24 - 2014-04-19 13:24 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-19 13:22 - 2014-04-19 13:22 - 00301959 ____S () C:\Windows\system32\kayb.zca
2014-04-19 08:23 - 2014-04-19 08:23 - 00002368 _____ () C:\Users\ray\Documents\cc_20140419_082306.reg
2014-04-19 08:22 - 2014-04-22 20:06 - 01887562 _____ () C:\Windows\WindowsUpdate.log
2014-04-08 14:15 - 2014-04-20 16:39 - 00000000 ____D () C:\ProgramData\2992199F9A
2014-04-08 09:02 - 2014-04-08 09:03 - 00000000 ____D () C:\7ff2b078b4c1b9dd0ac54f5cbe812170
2014-04-06 09:50 - 2014-04-06 09:51 - 00000000 ____D () C:\9c6dcc9126b4e25ba5d9e1b4cb
2014-04-04 09:16 - 2014-04-04 09:18 - 00000000 ____D () C:\3675a78ddb851723b75398ec3765fa
2014-04-03 13:15 - 2014-04-03 13:17 - 00000000 ____D () C:\be98ef957d3ada2e302c0394041a97
2014-04-03 08:45 - 2014-04-03 08:47 - 00000000 ____D () C:\b3b599e5fbb4626d3bc4b966
2014-04-02 08:50 - 2014-04-02 08:51 - 00000000 ____D () C:\454fe4c57681099358b905bf43ed
2014-04-01 08:21 - 2014-04-01 08:23 - 00000000 ____D () C:\a2f9d5723601ecbf89b901
2014-03-31 07:36 - 2014-03-31 07:39 - 00000000 ____D () C:\8c0e70295313b56c721fd8b49a
2014-03-30 23:01 - 2014-03-30 23:01 - 07534736 _____ (ParetoLogic, Inc.) C:\Users\ray\Downloads\RegCureProSetup.exe
2014-03-30 22:59 - 2014-03-30 22:59 - 00347816 _____ (Microsoft Corporation) C:\Users\ray\Downloads\MicrosoftFixit.WindowsFirewall.RNP.150319669159250902.1.1.Run.exe
2014-03-30 22:53 - 2014-03-30 22:56 - 00000000 ____D () C:\e3d96a383eb4509598411894
2014-03-30 22:40 - 2014-03-30 22:40 - 00000624 _____ () C:\Users\ray\Documents\cc_20140330_224032.reg
2014-03-30 22:06 - 2014-03-30 22:34 - 00000000 ____D () C:\Windows\system32\SPReview
2014-03-30 21:40 - 2014-03-30 21:40 - 44335120 _____ (Microsoft Corporation) C:\Users\ray\Downloads\IE10-Windows6.1-x64-en-us.exe
2014-03-30 21:13 - 2014-03-30 21:13 - 00000000 ____D () C:\Users\ray\AppData\Roaming\CyberLink
2014-03-30 21:12 - 2014-03-30 21:12 - 00617522 _____ () C:\Users\ray\Downloads\Windows6.1-KB976098-x64.msu
2014-03-30 21:12 - 2014-03-30 21:12 - 00617522 _____ () C:\Users\ray\Downloads\Windows6.1-KB976098-x64 (1).msu
2014-03-30 21:12 - 2014-03-30 21:12 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-03-30 21:11 - 2014-03-30 21:11 - 01528184 _____ (Microsoft Corporation) C:\Users\ray\Downloads\GenuineCheck.exe
2014-03-30 19:27 - 2014-03-30 19:27 - 01414933 _____ () C:\Users\ray\Downloads\Windows6.1-KB971033-x64.MSU
2014-03-30 19:27 - 2014-03-30 19:27 - 00000000 ____D () C:\00048a7c2a9422ba5c
2014-03-30 19:20 - 2014-03-30 19:20 - 00280204 _____ () C:\Users\ray\Downloads\WindowsUpdateDiagnostic (1).diagcab
2014-03-29 09:38 - 2014-03-29 09:40 - 00000000 ____D () C:\1db6896e63318d15620fd2a46ec8
2014-03-28 19:54 - 2014-03-28 19:54 - 00000848 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3139533511-3349264603-4081201394-1001Core1cf4ae96fabacd8.job
2014-03-27 16:11 - 2014-03-27 16:14 - 00000000 ____D () C:\57bb4f97c1324e6a1ae2a796259ee3e9
2014-03-27 09:41 - 2014-03-27 09:44 - 00000000 ____D () C:\16dd76991157382789a723546b7036
2014-03-26 19:09 - 2014-03-26 19:28 - 563934504 _____ (Microsoft Corporation) C:\Users\ray\Downloads\windows6.1-KB976932-X86.exe
2014-03-26 19:07 - 2014-03-26 19:33 - 947070088 _____ (Microsoft Corporation) C:\Users\ray\Downloads\windows6.1-KB976932-X64.exe
2014-03-26 19:07 - 2014-03-26 19:26 - 536437704 _____ (Microsoft Corporation) C:\Users\ray\Downloads\windows6.1-KB976932-IA64.exe
2014-03-26 19:03 - 2014-03-26 19:17 - 346666496 _____ () C:\Users\ray\Downloads\Windows_Win7SP1.7601.17514.101119-1850.X86FRE.Symbols.msi
2014-03-26 18:55 - 2014-03-26 19:40 - 2048196608 _____ () C:\Users\ray\Downloads\7601.17514.101119-1850_Update_Sp_Wave1-GRMSP1.1_DVD.iso
2014-03-26 18:55 - 2014-03-26 19:13 - 308797952 _____ () C:\Users\ray\Downloads\Windows_Win7SP1.7601.17514.101119-1850.X86CHK.Symbols.msi
2014-03-26 18:55 - 2014-03-26 19:13 - 275488256 _____ () C:\Users\ray\Downloads\Windows_Win7SP1.7601.17514.101119-1850.AMD64CHK.Symbols.msi
2014-03-26 18:55 - 2014-03-26 19:10 - 301812736 _____ () C:\Users\ray\Downloads\Windows_Win7SP1.7601.17514.101119-1850.AMD64FRE.Symbols.msi
2014-03-26 18:55 - 2014-03-26 19:10 - 253522944 _____ () C:\Users\ray\Downloads\Windows_Win7SP1.7601.17514.101119-1850.IA64CHK.Symbols.msi
2014-03-26 18:55 - 2014-03-26 19:05 - 202747392 _____ () C:\Users\ray\Downloads\Windows_Win7SP1.7601.17514.101119-1850.IA64FRE.Symbols.msi
2014-03-25 09:37 - 2014-03-25 09:39 - 00000000 ____D () C:\3ed17838a7fcc14645f6addaad09a7
2014-03-23 08:46 - 2014-03-23 08:46 - 00002996 _____ () C:\Users\ray\Documents\cc_20140323_084605.reg
2014-03-23 00:28 - 2014-03-23 00:28 - 00000000 ____D () C:\Windows\CheckSur

==================== One Month Modified Files and Folders =======

2014-04-22 20:11 - 2014-04-22 20:10 - 00015540 _____ () C:\Users\ray\Desktop\FRST.txt
2014-04-22 20:10 - 2014-04-22 20:10 - 02061312 _____ (Farbar) C:\Users\ray\Desktop\FRST64.exe
2014-04-22 20:10 - 2014-04-22 20:10 - 00000000 ____D () C:\FRST
2014-04-22 20:06 - 2014-04-22 19:11 - 00000000 ____D () C:\ProgramData\RegRun
2014-04-22 20:06 - 2014-04-19 08:22 - 01887562 _____ () C:\Windows\WindowsUpdate.log
2014-04-22 19:53 - 2012-02-24 14:43 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3139533511-3349264603-4081201394-1001UA.job
2014-04-22 19:25 - 2014-04-19 14:09 - 00000079 _____ () C:\Windows\system32\gmcwp.ruz
2014-04-22 19:22 - 2009-07-13 23:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-22 19:22 - 2009-07-13 23:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-22 19:14 - 2014-04-22 09:10 - 00000248 _____ () C:\Windows\SysWOW64\PARTIZAN.TXT
2014-04-22 19:14 - 2014-04-20 16:43 - 00003820 _____ () C:\Windows\PFRO.log
2014-04-22 19:14 - 2014-04-19 13:25 - 00037888 _____ () C:\Windows\system32\oysc.ozp
2014-04-22 19:14 - 2014-04-19 13:24 - 00002296 _____ () C:\Windows\setupact.log
2014-04-22 19:14 - 2014-04-19 13:24 - 00000101 _____ () C:\Windows\system32\sfate.ibh
2014-04-22 19:14 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-22 19:12 - 2014-04-22 19:12 - 00000044 _____ () C:\Windows\system32\Partizan.RRI
2014-04-22 19:11 - 2014-04-22 09:02 - 00000000 ____D () C:\Users\ray\Documents\RegRun2
2014-04-22 19:10 - 2014-04-21 18:30 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-04-22 18:54 - 2014-04-20 20:02 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-22 18:07 - 2010-11-07 21:16 - 00000000 ____D () C:\Windows\system32\Drivers\AVG
2014-04-22 11:38 - 2013-03-02 00:27 - 00000000 ____D () C:\ProgramData\Recovery
2014-04-22 09:08 - 2014-04-22 09:08 - 00040720 _____ (Greatis Software) C:\Windows\system32\Partizan.exe
2014-04-22 09:08 - 2014-04-22 09:02 - 00000000 ____D () C:\Users\Public\Documents\regruninfo
2014-04-22 09:08 - 2013-05-29 11:23 - 00002278 _____ () C:\Users\ray\Desktop\GoToMeeting Quick Connect.lnk
2014-04-22 09:07 - 2014-04-22 09:07 - 00000000 ____D () C:\@RestoreQuarantine
2014-04-22 09:03 - 2014-04-22 09:03 - 00000002 RSHOT () C:\Windows\winstart.bat
2014-04-22 09:03 - 2014-04-22 09:03 - 00000002 RSHOT () C:\Windows\SysWOW64\CONFIG.NT
2014-04-22 09:03 - 2014-04-22 09:03 - 00000002 RSHOT () C:\Windows\SysWOW64\AUTOEXEC.NT
2014-04-22 09:03 - 2014-04-22 09:02 - 00000000 ____D () C:\Program Files (x86)\UnHackMe
2014-04-22 09:02 - 2014-04-22 09:02 - 00035816 _____ (Greatis Software) C:\Windows\SysWOW64\Drivers\Partizan.sys
2014-04-22 09:02 - 2014-04-22 09:02 - 00001017 _____ () C:\Users\ray\Desktop\UnHackMe.lnk
2014-04-22 09:02 - 2014-04-22 09:02 - 00000418 _____ () C:\Windows\Tasks\UnHackMe Task Scheduler.job
2014-04-22 09:01 - 2014-04-22 09:00 - 15295838 _____ () C:\Users\ray\Downloads\unhackme.zip
2014-04-22 08:47 - 2010-09-04 19:04 - 00000000 ____D () C:\Users\ray\AppData\Local\CrashDumps
2014-04-22 08:46 - 2014-04-20 19:10 - 00000000 ____D () C:\Users\ray\Downloads\RootkitRevealer
2014-04-22 08:46 - 2014-04-20 19:08 - 04142142 _____ () C:\Users\ray\Downloads\RootkitRevealer.zip
2014-04-22 08:22 - 2014-04-21 12:37 - 00000000 ____D () C:\Program Files\Google
2014-04-22 08:22 - 2010-10-14 17:44 - 00000000 ____D () C:\Program Files (x86)\Google
2014-04-21 21:40 - 2014-04-21 21:40 - 00001216 _____ () C:\4-21-14.txt
2014-04-21 20:10 - 2010-09-09 16:28 - 00000000 ____D () C:\Users\ray\AppData\Local\Adobe
2014-04-21 20:09 - 2014-04-21 20:09 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-21 20:09 - 2014-04-21 20:09 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-21 20:05 - 2014-04-21 12:35 - 00000000 ____D () C:\ProgramData\Google
2014-04-21 20:05 - 2010-10-14 17:44 - 00000000 ____D () C:\Users\ray\AppData\Local\Google
2014-04-21 20:03 - 2014-04-21 18:53 - 00000000 ____D () C:\Users\ray\Desktop\tdsskiller-2-8-14-0
2014-04-21 19:47 - 2014-04-21 19:47 - 00000000 ____D () C:\Users\ray\Documents\tdsskiller[1] evised
2014-04-21 18:55 - 2014-04-21 18:55 - 00000000 ____D () C:\Users\ray\Documents\tdsskiller[1]
2014-04-21 18:53 - 2014-04-21 18:53 - 02195988 _____ () C:\Users\ray\Desktop\tdsskiller-2-8-14-0.zip
2014-04-21 18:24 - 2014-04-20 01:01 - 00000000 ____D () C:\Users\ray\Documents\My Weblog Posts
2014-04-21 17:50 - 2014-04-21 17:50 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf5db421e51740.job
2014-04-21 12:41 - 2014-04-21 12:41 - 06000640 _____ () C:\Program Files (x86)\GUT906E.tmp
2014-04-21 12:41 - 2014-04-21 12:41 - 00000000 ____D () C:\Program Files (x86)\GUM8FA2.tmp
2014-04-21 12:38 - 2014-04-21 12:32 - 00000000 ____D () C:\Program Files (x86)\GUME263.tmp
2014-04-21 08:20 - 2010-10-26 17:34 - 00000000 ____D () C:\Windows\pss
2014-04-20 21:50 - 2010-09-03 23:25 - 00000000 ___RD () C:\Users\ray\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-20 20:01 - 2014-04-20 20:01 - 00001112 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-20 20:01 - 2014-04-20 20:01 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-20 20:01 - 2013-07-23 16:43 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-20 19:27 - 2014-04-20 19:27 - 00380416 _____ () C:\Users\ray\Downloads\eiqbtblm.exe
2014-04-20 19:10 - 2014-02-12 21:59 - 00000506 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task c1f3d6c2-f378-434d-bdb3-c68eed2393f9.job
2014-04-20 16:39 - 2014-04-08 14:15 - 00000000 ____D () C:\ProgramData\2992199F9A
2014-04-20 01:01 - 2014-04-20 01:01 - 00000000 ____D () C:\Users\ray\AppData\Roaming\Windows Live Writer
2014-04-20 01:01 - 2014-04-20 01:01 - 00000000 ____D () C:\Users\ray\AppData\Local\Windows Live Writer
2014-04-19 13:24 - 2014-04-19 13:24 - 00000064 _____ () C:\Windows\system32\dujv.mru
2014-04-19 13:24 - 2014-04-19 13:24 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-19 13:22 - 2014-04-19 13:22 - 00301959 ____S () C:\Windows\system32\kayb.zca
2014-04-19 08:23 - 2014-04-19 08:23 - 00002368 _____ () C:\Users\ray\Documents\cc_20140419_082306.reg
2014-04-19 08:22 - 2012-07-16 07:44 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-04-19 08:22 - 2010-09-20 14:43 - 00000000 ____D () C:\Users\ray\Tracing
2014-04-19 08:20 - 2012-05-30 18:44 - 00001027 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-04-19 08:20 - 2010-10-26 18:01 - 00000000 ____D () C:\Program Files (x86)\CCleaner
2014-04-18 13:33 - 2012-02-24 14:44 - 00002364 _____ () C:\Users\ray\Desktop\Google Chrome.lnk
2014-04-08 22:08 - 2013-12-25 20:33 - 00000000 ____D () C:\Users\ray\Desktop\Cindy Scans
2014-04-08 09:03 - 2014-04-08 09:02 - 00000000 ____D () C:\7ff2b078b4c1b9dd0ac54f5cbe812170
2014-04-06 09:51 - 2014-04-06 09:50 - 00000000 ____D () C:\9c6dcc9126b4e25ba5d9e1b4cb
2014-04-04 09:18 - 2014-04-04 09:16 - 00000000 ____D () C:\3675a78ddb851723b75398ec3765fa
2014-04-03 13:17 - 2014-04-03 13:15 - 00000000 ____D () C:\be98ef957d3ada2e302c0394041a97
2014-04-03 09:51 - 2014-04-20 20:01 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-20 20:01 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-20 20:01 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-03 08:47 - 2014-04-03 08:45 - 00000000 ____D () C:\b3b599e5fbb4626d3bc4b966
2014-04-02 08:51 - 2014-04-02 08:50 - 00000000 ____D () C:\454fe4c57681099358b905bf43ed
2014-04-01 08:23 - 2014-04-01 08:21 - 00000000 ____D () C:\a2f9d5723601ecbf89b901
2014-03-31 10:48 - 2010-09-03 21:34 - 00000544 _____ () C:\Windows\Tasks\PCDRScheduledMaintenance.job
2014-03-31 07:39 - 2014-03-31 07:36 - 00000000 ____D () C:\8c0e70295313b56c721fd8b49a
2014-03-30 23:14 - 2014-02-12 21:59 - 00000506 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task dafe97f8-ccb9-4100-9f6c-22e5b21930b6.job
2014-03-30 23:01 - 2014-03-30 23:01 - 07534736 _____ (ParetoLogic, Inc.) C:\Users\ray\Downloads\RegCureProSetup.exe
2014-03-30 22:59 - 2014-03-30 22:59 - 00347816 _____ (Microsoft Corporation) C:\Users\ray\Downloads\MicrosoftFixit.WindowsFirewall.RNP.150319669159250902.1.1.Run.exe
2014-03-30 22:56 - 2014-03-30 22:53 - 00000000 ____D () C:\e3d96a383eb4509598411894
2014-03-30 22:40 - 2014-03-30 22:40 - 00000624 _____ () C:\Users\ray\Documents\cc_20140330_224032.reg
2014-03-30 22:35 - 2009-07-14 00:08 - 00032650 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-30 22:34 - 2014-03-30 22:06 - 00000000 ____D () C:\Windows\system32\SPReview
2014-03-30 22:34 - 2010-09-03 23:19 - 00000000 ____D () C:\Users\ray
2014-03-30 22:34 - 2010-04-22 01:41 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
2014-03-30 22:34 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2014-03-30 21:40 - 2014-03-30 21:40 - 44335120 _____ (Microsoft Corporation) C:\Users\ray\Downloads\IE10-Windows6.1-x64-en-us.exe
2014-03-30 21:13 - 2014-03-30 21:13 - 00000000 ____D () C:\Users\ray\AppData\Roaming\CyberLink
2014-03-30 21:13 - 2010-04-22 01:54 - 00000000 ____D () C:\ProgramData\CyberLink
2014-03-30 21:12 - 2014-03-30 21:12 - 00617522 _____ () C:\Users\ray\Downloads\Windows6.1-KB976098-x64.msu
2014-03-30 21:12 - 2014-03-30 21:12 - 00617522 _____ () C:\Users\ray\Downloads\Windows6.1-KB976098-x64 (1).msu
2014-03-30 21:12 - 2014-03-30 21:12 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-03-30 21:11 - 2014-03-30 21:11 - 01528184 _____ (Microsoft Corporation) C:\Users\ray\Downloads\GenuineCheck.exe
2014-03-30 19:27 - 2014-03-30 19:27 - 01414933 _____ () C:\Users\ray\Downloads\Windows6.1-KB971033-x64.MSU
2014-03-30 19:27 - 2014-03-30 19:27 - 00000000 ____D () C:\00048a7c2a9422ba5c
2014-03-30 19:20 - 2014-03-30 19:20 - 00280204 _____ () C:\Users\ray\Downloads\WindowsUpdateDiagnostic (1).diagcab
2014-03-29 09:40 - 2014-03-29 09:38 - 00000000 ____D () C:\1db6896e63318d15620fd2a46ec8
2014-03-28 19:54 - 2014-03-28 19:54 - 00000848 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3139533511-3349264603-4081201394-1001Core1cf4ae96fabacd8.job
2014-03-28 13:01 - 2014-04-22 09:02 - 00012800 _____ (Greatis Software, LLC.) C:\Windows\SysWOW64\Drivers\UnHackMeDrv.sys
2014-03-27 16:14 - 2014-03-27 16:11 - 00000000 ____D () C:\57bb4f97c1324e6a1ae2a796259ee3e9
2014-03-27 09:44 - 2014-03-27 09:41 - 00000000 ____D () C:\16dd76991157382789a723546b7036
2014-03-26 19:40 - 2014-03-26 18:55 - 2048196608 _____ () C:\Users\ray\Downloads\7601.17514.101119-1850_Update_Sp_Wave1-GRMSP1.1_DVD.iso
2014-03-26 19:33 - 2014-03-26 19:07 - 947070088 _____ (Microsoft Corporation) C:\Users\ray\Downloads\windows6.1-KB976932-X64.exe
2014-03-26 19:28 - 2014-03-26 19:09 - 563934504 _____ (Microsoft Corporation) C:\Users\ray\Downloads\windows6.1-KB976932-X86.exe
2014-03-26 19:26 - 2014-03-26 19:07 - 536437704 _____ (Microsoft Corporation) C:\Users\ray\Downloads\windows6.1-KB976932-IA64.exe
2014-03-26 19:17 - 2014-03-26 19:03 - 346666496 _____ () C:\Users\ray\Downloads\Windows_Win7SP1.7601.17514.101119-1850.X86FRE.Symbols.msi
2014-03-26 19:13 - 2014-03-26 18:55 - 308797952 _____ () C:\Users\ray\Downloads\Windows_Win7SP1.7601.17514.101119-1850.X86CHK.Symbols.msi
2014-03-26 19:13 - 2014-03-26 18:55 - 275488256 _____ () C:\Users\ray\Downloads\Windows_Win7SP1.7601.17514.101119-1850.AMD64CHK.Symbols.msi
2014-03-26 19:10 - 2014-03-26 18:55 - 301812736 _____ () C:\Users\ray\Downloads\Windows_Win7SP1.7601.17514.101119-1850.AMD64FRE.Symbols.msi
2014-03-26 19:10 - 2014-03-26 18:55 - 253522944 _____ () C:\Users\ray\Downloads\Windows_Win7SP1.7601.17514.101119-1850.IA64CHK.Symbols.msi
2014-03-26 19:05 - 2014-03-26 18:55 - 202747392 _____ () C:\Users\ray\Downloads\Windows_Win7SP1.7601.17514.101119-1850.IA64FRE.Symbols.msi
2014-03-25 09:39 - 2014-03-25 09:37 - 00000000 ____D () C:\3ed17838a7fcc14645f6addaad09a7
2014-03-23 08:46 - 2014-03-23 08:46 - 00002996 _____ () C:\Users\ray\Documents\cc_20140323_084605.reg
2014-03-23 00:28 - 2014-03-23 00:28 - 00000000 ____D () C:\Windows\CheckSur

Some content of TEMP:
====================
C:\Users\ray\AppData\Local\Temp\FCDOERVTG.exe
C:\Users\ray\AppData\Local\Temp\JEH.exe
C:\Users\ray\AppData\Local\Temp\UIXQ.exe
C:\Users\ray\AppData\Local\Temp\{AA37E4DE-2748-4877-BE50-34E5227A56AC}.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2009-07-13 19:00] - [2009-07-13 20:41] - 0514048 ____A (Microsoft Corporation) 7F857A345E449B34203025FF59B0B5D5

 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-04-19 00:19

==================== End Of Log ============================



#4 Bamagirl15

Bamagirl15
  • Topic Starter

  • Members
  • 130 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Gulf Coast
  • Local time:08:31 AM

Posted 22 April 2014 - 08:15 PM

Additional:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-04-2014
Ran by ray at 2014-04-22 20:11:37
Running from C:\Users\ray\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

==================== Installed Programs ======================

Activation Assistant for the 2007 Microsoft Office suites (HKLM-x32\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (x32 Version: 1.0.1 - Microsoft Corporation) Hidden
AVG 2011 (HKLM\...\AVG) (Version: 10.0.1432 - AVG Technologies)
AVG 2011 (Version: 10.0.1432 - AVG Technologies) Hidden
AVG 2011 (Version: 10.0.3722 - AVG Technologies) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)
Citrix Online Launcher (HKLM-x32\...\{75C7BFBC-5FA8-47C9-9E6C-AD1954F63A53}) (Version: 1.0.109 - Citrix)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.0) (Version: 5.0.0.0 - Coupons.com Incorporated)
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2115 - CyberLink Corp.)
CyberLink DVD Suite Deluxe (x32 Version: 7.0.2115 - CyberLink Corp.) Hidden
Dell Driver Download Manager (HKCU\...\f031ef6ac137efc5) (Version: 2.1.0.0 - Dell Inc.)
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
Foxit Reader (HKLM-x32\...\Foxit Reader) (Version: 4.1.1.805 - Foxit Software Company)
Google Chrome (HKCU\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
GoToMeeting 5.5.0.1132 (HKCU\...\GoToMeeting) (Version: 5.5.0.1132 - CitrixOnline)
Hardware Diagnostic Tools (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5247.34 - PC-Doctor, Inc.)
Hewlett-Packard ACLM.NET v1.1.2.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.3.9512.3162 - Hewlett-Packard)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Deskjet 2050 J510 series Basic Device Software (HKLM\...\{F2C07BE3-0F88-4D0C-957B-3557699981E9}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Deskjet 2050 J510 series Help (HKLM-x32\...\{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}) (Version: 140.0.61.61 - Hewlett Packard)
HP Deskjet 2050 J510 series Product Improvement Study (HKLM\...\{EF48631A-7F45-430A-8AD3-B41CFB1D7596}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.3781 - HP Photo Creations Powered by RocketLife)
HP Remote Solution (HKLM-x32\...\HP Remote Solution) (Version: 1.1.11.0 - Hewlett-Packard)
HP Remote Solution (x32 Version: 1.1.11.0 - Hewlett-Packard) Hidden
HP Setup (HKLM-x32\...\{17B4760F-334B-475D-829F-1A3E94A6A4E6}) (Version: 1.2.3560.3170 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}) (Version: 6.1.12.1 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard)
HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
J2SE Runtime Environment 5.0 (HKLM-x32\...\{3248F0A8-6813-11D6-A77B-00B0D0150000}) (Version: 1.5.0 - Sun Microsystems, Inc.)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2017 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.2017 - CyberLink Corp.) Hidden
LightScribe System Software (HKLM-x32\...\{CC8E94A2-55C7-4460-953C-2A790180578C}) (Version: 1.18.8.1 - LightScribe)
LogMeIn (HKLM-x32\...\{22461A1C-BD68-4D90-9897-1DB146D55ECB}) (Version: 4.1.2504 - LogMeIn, Inc.)
Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office 2000 Disc 2 (HKLM-x32\...\{00040409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Office 2000 Small Business (HKLM-x32\...\{00030409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 3.0.40624.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
Norton Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.2.20.0 - Symantec)
NVIDIA Control Panel 307.83 (Version: 307.83 - NVIDIA Corporation) Hidden
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5896 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
NVIDIA Graphics Driver 307.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.83 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.109.706 - NVIDIA Corporation) Hidden
NVIDIA nTune (HKLM-x32\...\InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}) (Version: 1.00.0000 - NVIDIA Corporation)
NVIDIA nTune (x32 Version: 1.00.0000 - NVIDIA Corporation) Hidden
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.10.8 - NVIDIA Corporation) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PictureMover (HKLM-x32\...\{1896E712-2B3D-45eb-BCE9-542742A51032}) (Version: 3.3.1.19 - Hewlett-Packard Company)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3304 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.3304 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3503 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.3503 - CyberLink Corp.) Hidden
PrimoPDF -- brought to you by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
Privacy Mantra 3.00 (HKLM-x32\...\Privacy Mantra 3.00) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6196 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.2216 - CyberLink Corp.) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1018 - SUPERAntiSpyware.com)
System Requirements Lab (HKLM-x32\...\SystemRequirementsLab) (Version:  - )
UnHackMe 7.11 release (HKLM-x32\...\UnHackMe_is1) (Version:  - Greatis Software, LLC.)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}) (Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
WebEx (HKLM-x32\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Windows Live Call (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 14.0.8091.0730 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 14.0.8081.709 - Microsoft Corporation) Hidden
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden

==================== Restore Points  =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.

==================== Hosts content: ==========================

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0FE496EE-AC55-4338-88AA-E74E7DC7F508} - System32\Tasks\ServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-20] ()
Task: {15EB2D65-06DC-424B-944F-93CE51F40BD9} - System32\Tasks\HPCeeScheduleForray => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {2B6DF1AB-72E1-4586-A722-5ECE7B79BDE0} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe <==== ATTENTION
Task: {32A18AC7-C0F7-4809-BE60-8C0C8036F669} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-20] ()
Task: {4FF0E750-8FB0-452A-825A-4E4801378F75} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe [2011-03-22] (Hewlett-Packard Company)
Task: {664B2702-F25C-49A3-B69B-BF08D73A6CB6} - System32\Tasks\{0D3D27F5-F4C9-4E50-BB29-7E3DCE2F6258} => C:\dell\drivers\R149373\Setup.exe [2007-02-07] ( )
Task: {6B16E3E4-E3CC-4F30-8F77-EC8347BE7FDB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe [2011-09-09] (Hewlett-Packard Company)
Task: {73FB9672-03A9-4223-9614-547E255811F8} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3139533511-3349264603-4081201394-1001UA => C:\Users\ray\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-24] (Google Inc.)
Task: {9AB43046-AF6A-422F-BA95-0CEA1B634D19} - System32\Tasks\PCDRScheduledMaintenance => C:\Program Files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18] (PC-Doctor, Inc.)
Task: {A34A465D-B651-40E3-B7A5-B1422958858E} - System32\Tasks\ExtendedServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-20] ()
Task: {A5C45700-E463-4A47-8377-6AC6DC93D852} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe [2011-12-15] (Hewlett-Packard)
Task: {B13A2B39-5912-4507-8387-2892E2F79897} - System32\Tasks\RMCreator => C:\Program Files (x86)\Hewlett-Packard\Recovery\Reminder.exe [2009-10-16] (CyberLink)
Task: {B1FA0A3B-DFAF-4E8F-B762-42075FD860A7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-09-09] (Hewlett-Packard Company)
Task: {BF03A7E2-AAFF-47E4-99DB-BD3525FAA26E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-09-09] (Hewlett-Packard Company)
Task: {DCEE4D46-C93E-4019-9A4B-CC4D638F908B} - System32\Tasks\HPCustParticipation HP Deskjet 2050 J510 series => C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\HPCustPartic.exe [2010-11-16] (Hewlett-Packard Co.)
Task: {F592D155-80F0-453A-983B-CB1FF4883C32} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3139533511-3349264603-4081201394-1001Core => C:\Users\ray\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-24] (Google Inc.)
Task: C:\Windows\Tasks\AVG_REG_0913a.job => C:\ProgramData\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe
Task: C:\Windows\Tasks\AVG_SYS_TASK_DELETE.job => C:\ProgramData\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf5db421e51740.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3139533511-3349264603-4081201394-1001Core1cf4ae96fabacd8.job => C:\Users\ray\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3139533511-3349264603-4081201394-1001UA.job => C:\Users\ray\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForray.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\PCDRScheduledMaintenance.job => C:\Program Files\PC-Doctor for Windows\pcdrcui.exe
Task: C:\Windows\Tasks\ROC_REG_APR.job => C:\ProgramData\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe
Task: C:\Windows\Tasks\ROC_REG_JAN.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe
Task: C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe
Task: C:\Windows\Tasks\ROC_SYS_TASK_DELETE.job => C:\ProgramData\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task c1f3d6c2-f378-434d-bdb3-c68eed2393f9.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task dafe97f8-ccb9-4100-9f6c-22e5b21930b6.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\Windows\Tasks\UnHackMe Task Scheduler.job => C:\Program Files (x86)\UnHackMe\hackmon.exe

==================== Loaded Modules (whitelisted) =============

2013-07-23 16:58 - 2013-01-31 04:25 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2010-12-31 14:23 - 2009-12-20 20:42 - 00090624 _____ () C:\Windows\System32\Primomonnt.dll
2011-02-10 07:55 - 2011-02-10 07:55 - 01148256 _____ () C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:0D786AE3
AlternateDataStreams: C:\ProgramData\Temp:430C6D84
AlternateDataStreams: C:\ProgramData\Temp:DFC5A2B2

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\03513364.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\46611057.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\74917304.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\03513364.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\46611057.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\74917304.sys => ""="Driver"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PictureMover.lnk => C:\Windows\pss\PictureMover.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^ray^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^pkdxx.lnk => C:\Windows\pss\pkdxx.lnk.Startup
MSCONFIG\startupreg: Google Update => "C:\Users\ray\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: HPADVISOR => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
MSCONFIG\startupreg: hpsysdrv => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: NortonOnlineBackupReminder => "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
MSCONFIG\startupreg: PC-Doctor for Windows localizer => C:\Program Files\PC-Doctor for Windows\localizer.exe
MSCONFIG\startupreg: PCTools FGuard => C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe
MSCONFIG\startupreg: WLMailPlugin => C:\Program Files (x86)\PC Tools Security\SpamMonitor\PCTools Email Toolbars\WLMailApiAgent.exe

==================== Faulty Device Manager Devices =============

Could not list Devices. Check "winmgmt" service or repair WMI.

==================== Event log errors: =========================

Application errors:
==================
Error: (04/22/2014 08:10:19 PM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: Recovery phase failed.

Context: Windows Application, SystemIndex Catalog

Details:
 The gatherer is shutting down.  (HRESULT : 0x80040d23) (0x80040d23)

Error: (04/22/2014 08:10:19 PM) (Source: Windows Search Service) (User: )
Description: Error ID 1 happened in Windows Search recovery stage, please restart the service. If this error persists, please recreate the index.

Context: Windows Application, SystemIndex Catalog

Details:
 The gatherer is shutting down.  (HRESULT : 0x80040d23) (0x80040d23)

Error: (04/22/2014 08:10:19 PM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service has failed to create the new search index. Internal error <10, 0x80071a91, Failed to save Crawl Scope Manager changes: >.

Error: (04/22/2014 08:10:19 PM) (Source: Windows Search Service) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <20, 0x80071a91, "">.

Error: (04/22/2014 08:07:11 PM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: Recovery phase failed.

Context: Windows Application, SystemIndex Catalog

Details:
 The gatherer is shutting down.  (HRESULT : 0x80040d23) (0x80040d23)

Error: (04/22/2014 08:07:11 PM) (Source: Windows Search Service) (User: )
Description: Error ID 1 happened in Windows Search recovery stage, please restart the service. If this error persists, please recreate the index.

Context: Windows Application, SystemIndex Catalog

Details:
 The gatherer is shutting down.  (HRESULT : 0x80040d23) (0x80040d23)

Error: (04/22/2014 08:07:10 PM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service has failed to create the new search index. Internal error <10, 0x80071a91, Failed to save Crawl Scope Manager changes: >.

Error: (04/22/2014 08:07:10 PM) (Source: Windows Search Service) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <20, 0x80071a91, "">.

Error: (04/22/2014 08:06:29 PM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service has failed to create the new search index. Internal error <10, 0x80071a91, Failed to save Crawl Scope Manager changes: >.

Error: (04/22/2014 08:06:29 PM) (Source: Windows Search Service) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <20, 0x80071a91, "">.

System errors:
=============
Error: (04/22/2014 08:10:20 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 6 time(s).

Error: (04/22/2014 08:10:20 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated with the following error:
%%6801

Error: (04/22/2014 08:07:13 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 5 time(s).

Error: (04/22/2014 08:07:13 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated with the following error:
%%6801

Error: (04/22/2014 08:06:30 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 4 time(s).

Error: (04/22/2014 08:06:30 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated with the following error:
%%6801

Error: (04/22/2014 08:06:17 PM) (Source: DCOM) (User: )
Description: 1075LogMeIn{C3ADA61A-4E0E-48D4-A2B1-AE5F76D01044}

Error: (04/22/2014 07:19:06 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 3 time(s).

Error: (04/22/2014 07:19:06 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated with the following error:
%%6801

Error: (04/22/2014 07:18:30 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Microsoft Office Sessions:
=========================
Error: (04/22/2014 08:10:19 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
 The gatherer is shutting down.  (HRESULT : 0x80040d23) (0x80040d23)
Recovery phase failed

Error: (04/22/2014 08:10:19 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
 The gatherer is shutting down.  (HRESULT : 0x80040d23) (0x80040d23)
1

Error: (04/22/2014 08:10:19 PM) (Source: Windows Search Service)(User: )
Description: 100x80071a91Failed to save Crawl Scope Manager changes:

Error: (04/22/2014 08:10:19 PM) (Source: Windows Search Service)(User: )
Description: 200x80071a91

Error: (04/22/2014 08:07:11 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
 The gatherer is shutting down.  (HRESULT : 0x80040d23) (0x80040d23)
Recovery phase failed

Error: (04/22/2014 08:07:11 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
 The gatherer is shutting down.  (HRESULT : 0x80040d23) (0x80040d23)
1

Error: (04/22/2014 08:07:10 PM) (Source: Windows Search Service)(User: )
Description: 100x80071a91Failed to save Crawl Scope Manager changes:

Error: (04/22/2014 08:07:10 PM) (Source: Windows Search Service)(User: )
Description: 200x80071a91

Error: (04/22/2014 08:06:29 PM) (Source: Windows Search Service)(User: )
Description: 100x80071a91Failed to save Crawl Scope Manager changes:

Error: (04/22/2014 08:06:29 PM) (Source: Windows Search Service)(User: )
Description: 200x80071a91

==================== Memory info ===========================

Percentage of memory in use: 61%
Total physical RAM: 1790.49 MB
Available physical RAM: 683.4 MB
Total Pagefile: 3580.98 MB
Available Pagefile: 1937.56 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (COMPAQ) (Fixed) (Total:455.77 GB) (Free:407 GB) NTFS
Drive d: (FACTORY_IMAGE) (Fixed) (Total:9.89 GB) (Free:1.48 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=456 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#5 Bamagirl15

Bamagirl15
  • Topic Starter

  • Members
  • 130 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Gulf Coast
  • Local time:08:31 AM

Posted 22 April 2014 - 08:21 PM

Farbar Recovery Scan Tool (x64) Version: 22-04-2014
Ran by ray at 2014-04-22 20:17:18
Running from C:\Users\ray\Desktop
Boot Mode: Normal

================== Search: "rpscc.dll" ===================

====== End Of Search ======



#6 Bamagirl15

Bamagirl15
  • Topic Starter

  • Members
  • 130 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Gulf Coast
  • Local time:08:31 AM

Posted 22 April 2014 - 08:32 PM

The good news is -- after downloading TDSSKiller and unhack me (and anything else I can think of) - I have yet to hear any ads. However, this happened last night and this morning when I turned on the darn computer, they started back.  So, not sure if it's official repaired or not.



#7 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:04:31 PM

Posted 23 April 2014 - 02:27 AM

Farbar Recovery Scan Tool (x64) Version: 22-04-2014
Ran by ray at 2014-04-22 20:17:18
Running from C:\Users\ray\Desktop
Boot Mode: Normal

================== Search: "rpscc.dll" ===================

====== End Of Search ======

 

Hello,

 

You did this wrong. Please rerun FRST and type rpcss.dll and not rpscc.dll... and post the new log.


cXfZ4wS.png


#8 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:04:31 PM

Posted 23 April 2014 - 02:33 AM

The good news is -- after downloading TDSSKiller and unhack me (and anything else I can think of) - I have yet to hear any ads. However, this happened last night and this morning when I turned on the darn computer, they started back.  So, not sure if it's official repaired or not.

 

Lol...did you read the warnings I gave you:

 

 

  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

 

You are are going down on the danger road by doing things on your own. Doing so can severely cripple or render your computer

Doing so will leave me out of the loop.
Keep calm, removing malware isn't a quick process and it takes a trained eye to catch the offending code.

If you ran TDSSKiller after FRST then I need you to re-run FRST and post fresh logs...also attach the log from TDSSKiller to see what was repaired.

 

 

Regards,

Georgi

 


cXfZ4wS.png


#9 Bamagirl15

Bamagirl15
  • Topic Starter

  • Members
  • 130 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Gulf Coast
  • Local time:08:31 AM

Posted 23 April 2014 - 07:59 AM

I've worked on this so long, but am fairly certain I ran the Farbar program last (when I posted the logs last night).  So sorry.  Just bear with me - I work and of course, this is my husband's home computer.  So, checking it isn't always easy.  Running the correct "search" scan now. 



#10 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:04:31 PM

Posted 23 April 2014 - 08:12 AM

Not a problem...Will catch you later since I am going to work. :)

 

 

Regards,

Georgi


cXfZ4wS.png


#11 Bamagirl15

Bamagirl15
  • Topic Starter

  • Members
  • 130 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Gulf Coast
  • Local time:08:31 AM

Posted 23 April 2014 - 08:27 AM

Farbar Recovery Scan Tool (x64) Version: 22-04-2014
Ran by ray at 2014-04-23 07:48:50
Running from C:\Users\ray\Desktop
Boot Mode: Normal

================== Search: "rpcss.dll" ===================

C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll
[2009-07-13 19:00] - [2009-07-13 20:41] - 0509440 ____A () D41D8CD98F00B204E9800998ECF8427E

C:\Windows\System32\rpcss.dll
[2009-07-13 19:00] - [2009-07-13 20:41] - 0514048 ____A (Microsoft Corporation) 7F857A345E449B34203025FF59B0B5D5

C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll
[2011-06-20 18:49] - [2010-11-20 08:27] - 0512000 ____A (Microsoft Corporation) 5C627D1B1138676C0A7AB2C2C190D123

====== End Of Search ======



#12 Bamagirl15

Bamagirl15
  • Topic Starter

  • Members
  • 130 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Gulf Coast
  • Local time:08:31 AM

Posted 23 April 2014 - 09:47 AM

I know it must be a coincidence, but I could have sworn that while I was using Google, I heard no ads.  This morning, before I left the house, I pulled up IE and the ad for the day was "Ford" vehicles!  :)



#13 Bamagirl15

Bamagirl15
  • Topic Starter

  • Members
  • 130 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Gulf Coast
  • Local time:08:31 AM

Posted 23 April 2014 - 05:37 PM

Uh -- forget the comment above.  Hubby said his computer played ads ALL DAY long!  :)  Am now home & ready to go to work when you're free!



#14 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:04:31 PM

Posted 23 April 2014 - 07:35 PM

Hello,

 

Before I proceed with the fix I need to check something else:

 

  • Please download RKill by Grinler from the link below and save it to your desktop.

    Rkill
  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply.
  • A log pops up at the end of the run. This log file is located at C:\rkill.log.
  • Please post the log in your next reply.

 

Regards,

Georgi


cXfZ4wS.png


#15 Bamagirl15

Bamagirl15
  • Topic Starter

  • Members
  • 130 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Gulf Coast
  • Local time:08:31 AM

Posted 23 April 2014 - 08:38 PM

Alrighty -- here I go!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users