hness

Members

View Profile See their activity

Posts
14
Joined
March 7, 2014
Last visited
March 25, 2014

Tech Info

Experience
beginner
System: windows_xp_home

hness's Achievements

Newbie (1/14)

Reputation

When trying to open Facebook update flash player appears and download is a virus

hness replied to hness's topic in Tech Support & Discussions Forum

Hey Starbuck, sorry for the late reply. I uninstalled Chrome and it was happening on IE. Def got the right time and date set. It is really weird as it will be fine all day and then suddenly start causing problems continuously. This only started happening when I moved into a friends house and started connecting to her wifi - surely this couldn't be at the root of it?!
- March 25, 2014
- 24 replies
When trying to open Facebook update flash player appears and download is a virus

hness replied to hness's topic in Tech Support & Discussions Forum

also (not sure if I've mentioned it already) but it's on fb, bbc website, and when it is playing up I am also unable to search using google - it keeps coming up with SSL error but other times it'a fine?!
- March 21, 2014
- 24 replies
When trying to open Facebook update flash player appears and download is a virus

hness replied to hness's topic in Tech Support & Discussions Forum

Hi Starbuck, it's not doing it v often now and it's intermittent when it does seem to happen.It's still quite random in the fact that I put in fb url earlier and it blocked me. I tried to access fb by clicking on the tile that appears on google's home page and it let me straight in. I just tried it again by clicking the tile and same error msg is appearing - [h=1]Cannot connect to the real http://www.facebook.com[/h]Something is currently interfering with your secure connection to http://www.facebook.com. Try to reload this page in a few minutes or after switching to a new network. If you have recently connected to a new Wi-Fi network, finish logging in before reloading. If you were to visit http://www.facebook.com right now, you might share private information with an attacker. To protect your privacy, Chrome will not load the page until it can establish a secure connection to the real http://www.facebook.com. ????!!!!!
- March 21, 2014
- 24 replies
When trying to open Facebook update flash player appears and download is a virus

hness replied to hness's topic in Tech Support & Discussions Forum

Hi Starbuck, okay have done this and here are the results: C:\Documents and Settings\Administrator\My Documents\Downloads\InstallConverter (1).exe a variant of Win32/Wajam.F potentially unwanted application deleted - quarantined C:\Documents and Settings\Administrator\My Documents\Downloads\InstallConverter.exe a variant of Win32/Wajam.F potentially unwanted application deleted - quarantined C:\FRST\Quarantine\C\Documents and Settings\Administrator\Local Settings\Application Data\Mobogenie\Version\OldVersion\Mobogenie2.1.32.zip a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined C:\FRST\Quarantine\C\Documents and Settings\Administrator\Local Settings\Application Data\Mobogenie\Version\OldVersion\Mobogenie\DaemonProcess.exe a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined C:\FRST\Quarantine\C\Documents and Settings\Administrator\Local Settings\Application Data\Mobogenie\Version\OldVersion\Mobogenie\Mobogenie.exe a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined C:\FRST\Quarantine\C\Documents and Settings\Administrator\Local Settings\Application Data\Mobogenie\Version\OldVersion\Mobogenie\New_UpdateMoboGenie.exe a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined ESETSmartInstaller@High as downloader log: Can not open internetESETSmartInstaller@High as downloader log: Can not open internetesets_scanner_update returned -1 esets_gle=1 # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=1695df86f85f04498f8679ca36197084 # engine=17501 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2014-03-19 12:16:56 # local_time=2014-03-19 12:16:56 (+0000, GMT Standard Time) # country="United Kingdom" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=774 16777213 85 79 2176209 11989900 0 0 # scanned=41955 # found=6 # cleaned=6 # scan_time=1835 sh=ADB265910863F10F6D7C013BFB0F38737F8C1DE2 ft=1 fh=20249ee4c09b4eea vn="a variant of Win32/Wajam.F potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Documents and Settings\Administrator\My Documents\Downloads\InstallConverter (1).exe" sh=ADB265910863F10F6D7C013BFB0F38737F8C1DE2 ft=1 fh=20249ee4c09b4eea vn="a variant of Win32/Wajam.F potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Documents and Settings\Administrator\My Documents\Downloads\InstallConverter.exe" sh=EBF01B3EC4607AEB707184674F723440272D4EF5 ft=0 fh=0000000000000000 vn="a variant of Win32/Mobogenie.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\FRST\Quarantine\C\Documents and Settings\Administrator\Local Settings\Application Data\Mobogenie\Version\OldVersion\Mobogenie2.1.32.zip" sh=748E90CBB284A00D9E9396B9EE387AC5905FF8D1 ft=1 fh=ab95f3a7820679d6 vn="a variant of Win32/Mobogenie.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\FRST\Quarantine\C\Documents and Settings\Administrator\Local Settings\Application Data\Mobogenie\Version\OldVersion\Mobogenie\DaemonProcess.exe" sh=D0E5E11ACDD3E7AF720794C6AD722169570CA169 ft=1 fh=afc8ab45c959803b vn="a variant of Win32/Mobogenie.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\FRST\Quarantine\C\Documents and Settings\Administrator\Local Settings\Application Data\Mobogenie\Version\OldVersion\Mobogenie\Mobogenie.exe" sh=67D59D15A734F2B41373F1CAF8347D199215D42C ft=1 fh=86e026dc2bf78850 vn="a variant of Win32/Mobogenie.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\FRST\Quarantine\C\Documents and Settings\Administrator\Local Settings\Application Data\Mobogenie\Version\OldVersion\Mobogenie\New_UpdateMoboGenie.exe" Can now access bbc website without warnings flashing up?! Thanks for all your time on this!!!!
- March 19, 2014
- 24 replies
When trying to open Facebook update flash player appears and download is a virus

hness replied to hness's topic in Tech Support & Discussions Forum

Sorry Starbuck my mistake!!!! This is the log: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-03-2014 01 Ran by Administrator at 2014-03-17 08:29:02 Run:2 Running from C:\Documents and Settings\Administrator\My Documents\Downloads Boot Mode: Normal ============================================== Content of fixlist: ***************** Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File S2 Wpm; No ImagePath S0 cerc6; No ImagePath S4 IntelIde; No ImagePath S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X] S1 iSafeNetFilter; \??\C:\Program Files\iSafe\iSafeNetFilter.sys [X] U1 WS2IFSL; 2014-03-13 17:13 - 2014-03-13 17:13 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\TrojanHunter C:\Documents and Settings\Administrator\Local Settings\Temp\air165.exe C:\Documents and Settings\Administrator\Local Settings\Temp\air16A.exe C:\Documents and Settings\Administrator\Local Settings\Temp\air315.exe C:\Documents and Settings\Administrator\Local Settings\Temp\air324.exe C:\Documents and Settings\Administrator\Local Settings\Temp\air325.exe C:\Documents and Settings\Administrator\Local Settings\Temp\install_reader11_uk_mssa_aaa_aih.exe C:\Documents and Settings\Administrator\Local Settings\Temp\Quarantine.exe MSCONFIG\startupreg: mobilegeni daemon => C:\Program Files\Mobogenie\DaemonProcess.exe C:\Documents and Settings\Administrator\Local Settings\Application Data\Mobogenie C:\Documents and Settings\All Users\Application Data\WPM C:\Documents and Settings\All Users\Start Menu\Programs\myfree codec C:\Program Files\WinZipper Reboot: ***************** HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Value not found. HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => Value not found. HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => Key not found. Wpm => Service not found. cerc6 => Service not found. IntelIde => Service not found. esgiguard => Service deleted successfully. iSafeNetFilter => Service not found. WS2IFSL => Service not found. C:\Documents and Settings\Administrator\Application Data\TrojanHunter => Moved successfully. "C:\Documents and Settings\Administrator\Local Settings\Temp\air165.exe" => File/Directory not found. "C:\Documents and Settings\Administrator\Local Settings\Temp\air16A.exe" => File/Directory not found. "C:\Documents and Settings\Administrator\Local Settings\Temp\air315.exe" => File/Directory not found. "C:\Documents and Settings\Administrator\Local Settings\Temp\air324.exe" => File/Directory not found. "C:\Documents and Settings\Administrator\Local Settings\Temp\air325.exe" => File/Directory not found. "C:\Documents and Settings\Administrator\Local Settings\Temp\install_reader11_uk_mssa_aaa_aih.exe" => File/Directory not found. "C:\Documents and Settings\Administrator\Local Settings\Temp\Quarantine.exe" => File/Directory not found. ========= MSCONFIG\startupmobilegeni daemon => C:\Program Files\Mobogenie\DaemonProcess.exe ========= The system cannot find the path specified. ========= End of Reg: ========= "C:\Documents and Settings\Administrator\Local Settings\Application Data\Mobogenie" => File/Directory not found. "C:\Documents and Settings\All Users\Application Data\WPM" => File/Directory not found. "C:\Documents and Settings\All Users\Start Menu\Programs\myfree codec" => File/Directory not found. "C:\Program Files\WinZipper" => File/Directory not found. The system needed a reboot. ==== End of Fixlog ==== I was just thinking how I had not had this message for a few days when I tried to access the bbc website and it appeared again!!! I can access other sites with no problem or errors?! I had actually accessed the bbc website earlier with no error msgs too - very strange?!
- March 18, 2014
- 24 replies
When trying to open Facebook update flash player appears and download is a virus

hness replied to hness's topic in Tech Support & Discussions Forum

ok Starbuck, deleted MBAM and worked immediately - deleted loads of stuff - as a newbie - have no idea what it all means but seemed to reboot a lot quicker too - :D
- March 18, 2014
- 24 replies
When trying to open Facebook update flash player appears and download is a virus

hness replied to hness's topic in Tech Support & Discussions Forum

ok - fix list coming up...... Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File S2 Wpm; No ImagePath S0 cerc6; No ImagePath S4 IntelIde; No ImagePath S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X] S1 iSafeNetFilter; \??\C:\Program Files\iSafe\iSafeNetFilter.sys [X] U1 WS2IFSL; 2014-03-13 17:13 - 2014-03-13 17:13 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\TrojanHunter C:\Documents and Settings\Administrator\Local Settings\Temp\air165.exe C:\Documents and Settings\Administrator\Local Settings\Temp\air16A.exe C:\Documents and Settings\Administrator\Local Settings\Temp\air315.exe C:\Documents and Settings\Administrator\Local Settings\Temp\air324.exe C:\Documents and Settings\Administrator\Local Settings\Temp\air325.exe C:\Documents and Settings\Administrator\Local Settings\Temp\install_reader11_uk_mssa_aaa_aih.exe C:\Documents and Settings\Administrator\Local Settings\Temp\Quarantine.exe MSCONFIG\startupreg: mobilegeni daemon => C:\Program Files\Mobogenie\DaemonProcess.exe C:\Documents and Settings\Administrator\Local Settings\Application Data\Mobogenie C:\Documents and Settings\All Users\Application Data\WPM C:\Documents and Settings\All Users\Start Menu\Programs\myfree codec C:\Program Files\WinZipper Reboot:
- March 17, 2014
- 24 replies
When trying to open Facebook update flash player appears and download is a virus

hness replied to hness's topic in Tech Support & Discussions Forum

Step two.... Hey Starbuck, I'm trying to run step two but it keeps crashing my PC. I haven't got any other windows open and as soon as I start it it freezes?! Will running C Cleaner do the same thing as I have that installed? Thanks!
- March 16, 2014
- 24 replies
When trying to open Facebook update flash player appears and download is a virus

hness replied to hness's topic in Tech Support & Discussions Forum

Hey Starbuck, thank you again for all of this!! I tried to delete Mcafee but it's not installed. I tried to delete it from the control panel and it said it had already been deleted. I searched for it and found a shortcut on my desktop which doesn't link to anything. Re-ran the first thing you said and here's the report: Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01 Ran by Administrator (administrator) on ANY-3F6D0C1FCE8 on 16-03-2014 19:07:04 Running from C:\Documents and Settings\Administrator\My Documents\Downloads Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US) Internet Explorer Version 8 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= () C:\WINDOWS\System32\WLTRYSVC.EXE (Dell Inc.) C:\WINDOWS\System32\bcmwltry.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Microsoft Corporation) C:\WINDOWS\System32\SCardSvr.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (SigmaTel, Inc.) C:\WINDOWS\system32\StacSV.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Dell Inc.) C:\WINDOWS\system32\WLTRAY.exe (Intel Corporation) C:\WINDOWS\system32\hkcmd.exe (Intel Corporation) C:\WINDOWS\system32\igfxpers.exe (Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (SigmaTel, Inc.) C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Comfort Software Group) C:\Program Files\FreeCountdownTimer\FreeCountdownTimer.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [broadcom Wireless Manager UI] - C:\WINDOWS\system32\WLTRAY.exe [2498560 2010-10-29] (Dell Inc.) HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM\...\Run: [sigmatelSysTrayApp] - C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe [405504 2007-05-10] (SigmaTel, Inc.) HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-02-21] (AVAST Software) HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated) HKU\S-1-5-21-1343024091-1801674531-1887961886-500\...\Run: [FreeCT] - C:\Program Files\FreeCountdownTimer\FreeCountdownTimer.exe [2432280 2014-02-25] (Comfort Software Group) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1368047788625 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 162.248.99.162 50.63.128.135 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @canon.com/MycameraPlugin - C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: GoPhotoIt - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\profiles\extensions\gophoto@gophoto.it.xpi [2013-08-08] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [] Chrome: ======= CHR DefaultSearchKeyword: google.co.uk CHR Extension: (Google Drive) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-09] CHR Extension: (YouTube) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-09] CHR Extension: (Google Search) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-09] CHR Extension: (Google Wallet) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-09] CHR Extension: (Gmail) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-09] ========================== Services (Whitelisted) ================= R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-02-21] (AVAST Software) R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 STacSV; C:\WINDOWS\system32\StacSV.exe [94208 2007-05-10] (SigmaTel, Inc.) R2 wltrysvc; C:\WINDOWS\System32\bcmwltry.exe [2232320 2010-10-29] (Dell Inc.) U4 avast! Firewall; "C:\Program Files\AVAST Software\Avast\afwServ.exe" [X] S2 Wpm; No ImagePath ==================== Drivers (Whitelisted) ==================== R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-02-21] (AVAST Software) R1 AswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [54832 2014-02-21] (AVAST Software) R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2013-11-23] () R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [775952 2014-02-21] (AVAST Software) R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [410784 2014-02-21] (AVAST Software) R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57672 2014-02-21] (AVAST Software) R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [180248 2013-12-31] () R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [2649216 2010-10-29] (Broadcom Corporation) S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [51088 2004-03-22] (HP) S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2004-03-22] (HP) S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21744 2004-03-22] (HP) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation) R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1222840 2007-05-10] (SigmaTel, Inc.) U4 aswKbd; \??\C:\WINDOWS\system32\drivers\aswKbd.sys [X] S0 cerc6; No ImagePath S3 DIRECTIO; \??\C:\Program Files\PerformanceTest\DirectIo32.sys [X] S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X] S4 IntelIde; No ImagePath S1 iSafeNetFilter; \??\C:\Program Files\iSafe\iSafeNetFilter.sys [X] U1 WS2IFSL; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-03-15 16:46 - 2014-03-16 19:07 - 00000000 ____D () C:\FRST 2014-03-15 14:33 - 2014-03-15 14:33 - 00001804 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk 2014-03-15 14:33 - 2014-03-15 14:33 - 00001734 _____ () C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk 2014-03-15 14:32 - 2014-03-15 14:32 - 00000000 ____D () C:\Program Files\Adobe 2014-03-15 14:07 - 2014-03-15 14:07 - 00000444 _____ () C:\WINDOWS\wmsetup.log 2014-03-15 12:32 - 2014-03-15 16:19 - 00000000 ____D () C:\AdwCleaner 2014-03-15 12:24 - 2014-03-15 12:24 - 00002898 _____ () C:\Documents and Settings\Administrator\Desktop\JRT.txt 2014-03-15 12:19 - 2014-03-15 12:19 - 00000000 ____D () C:\WINDOWS\ERUNT 2014-03-13 17:13 - 2014-03-13 17:13 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\TrojanHunter 2014-03-13 16:26 - 2014-03-13 16:26 - 00059392 ____R () C:\WINDOWS\system32\streamhlp.dll 2014-03-12 23:01 - 2014-03-12 23:01 - 00130750 _____ () C:\WINDOWS\KB2925418-IE8.log 2014-03-12 23:01 - 2014-03-12 23:01 - 00002747 _____ () C:\WINDOWS\updspapi.log 2014-03-12 23:01 - 2014-03-12 23:01 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$ 2014-03-12 23:00 - 2014-03-12 23:00 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$ 2014-03-12 07:25 - 2014-03-12 23:01 - 00129220 _____ () C:\WINDOWS\KB2930275.log 2014-03-12 07:25 - 2014-03-12 23:01 - 00126953 _____ () C:\WINDOWS\KB2929961.log 2014-03-12 07:23 - 2014-03-12 07:23 - 00000000 ____D () C:\WINDOWS\jumpshot.com 2014-03-11 18:02 - 2014-03-11 18:02 - 00000802 _____ () C:\Documents and Settings\Administrator\Desktop\Free Countdown Timer.lnk 2014-03-11 18:02 - 2014-03-11 18:02 - 00000000 ____D () C:\Program Files\FreeCountdownTimer 2014-03-11 18:02 - 2014-03-11 18:02 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Free Countdown Timer 2014-03-09 10:30 - 2014-03-09 10:30 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Mozilla 2014-03-09 10:10 - 2014-03-15 14:55 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk 2014-03-09 10:10 - 2014-03-09 10:10 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome 2014-03-09 08:55 - 2014-03-09 08:49 - 00000426 _____ () C:\AVScanner.ini 2014-03-09 07:10 - 2014-03-16 01:37 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-03-09 07:10 - 2014-03-12 09:37 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2014-03-09 07:10 - 2014-03-12 09:37 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2014-03-09 06:59 - 2014-03-15 16:21 - 00000238 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job 2014-03-09 06:59 - 2014-03-11 07:45 - 00000232 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job 2014-03-08 22:55 - 2014-03-12 23:01 - 00026405 _____ () C:\WINDOWS\iis6.log 2014-03-08 22:55 - 2014-03-12 23:01 - 00024730 _____ () C:\WINDOWS\FaxSetup.log 2014-03-08 22:55 - 2014-03-12 23:01 - 00011824 _____ () C:\WINDOWS\ocgen.log 2014-03-08 22:55 - 2014-03-12 23:01 - 00011284 _____ () C:\WINDOWS\tsoc.log 2014-03-08 22:55 - 2014-03-12 23:01 - 00008227 _____ () C:\WINDOWS\comsetup.log 2014-03-08 22:55 - 2014-03-12 23:01 - 00007466 _____ () C:\WINDOWS\msmqinst.log 2014-03-08 22:55 - 2014-03-12 23:01 - 00004984 _____ () C:\WINDOWS\ntdtcsetup.log 2014-03-08 22:55 - 2014-03-12 23:01 - 00004332 _____ () C:\WINDOWS\netfxocm.log 2014-03-08 22:55 - 2014-03-12 23:01 - 00001700 _____ () C:\WINDOWS\MedCtrOC.log 2014-03-08 22:55 - 2014-03-12 23:01 - 00001374 _____ () C:\WINDOWS\imsins.log 2014-03-08 22:55 - 2014-03-12 23:01 - 00001374 _____ () C:\WINDOWS\imsins.BAK 2014-03-08 22:55 - 2014-03-12 23:01 - 00001368 _____ () C:\WINDOWS\ocmsn.log 2014-03-08 22:55 - 2014-03-12 23:01 - 00001244 _____ () C:\WINDOWS\tabletoc.log 2014-03-08 22:55 - 2014-03-12 23:01 - 00001236 _____ () C:\WINDOWS\msgsocm.log 2014-03-08 22:55 - 2014-03-08 22:55 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2934207$ 2014-03-08 22:55 - 2014-03-08 22:55 - 00000000 _____ () C:\WINDOWS\setuperr.log 2014-03-08 22:55 - 2014-03-08 22:55 - 00000000 _____ () C:\WINDOWS\setupact.log 2014-03-08 22:54 - 2014-03-08 22:55 - 00004074 _____ () C:\WINDOWS\KB2934207.log 2014-03-08 15:26 - 2014-02-26 01:59 - 00013312 ____N (Microsoft Corporation) C:\WINDOWS\system32\xp_eos.exe 2014-03-08 15:26 - 2014-02-26 01:59 - 00013312 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xp_eos.exe 2014-03-06 20:00 - 2014-03-06 20:00 - 00000784 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk 2014-03-06 20:00 - 2014-03-06 20:00 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware 2014-03-06 20:00 - 2014-03-06 20:00 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware 2014-03-06 20:00 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2014-03-05 17:32 - 2014-03-11 19:19 - 00003445 _____ () C:\WINDOWS\setupapi.log 2014-03-01 12:03 - 2014-03-01 12:03 - 00001542 _____ () C:\Documents and Settings\All Users\Desktop\iTunes.lnk 2014-03-01 12:03 - 2014-03-01 12:03 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\iTunes 2014-03-01 12:03 - 2012-08-21 13:01 - 00026840 _____ (GEAR Software Inc.) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys 2014-03-01 12:02 - 2014-03-01 12:03 - 00000000 ____D () C:\Program Files\iTunes 2014-03-01 12:02 - 2014-03-01 12:03 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1 2014-03-01 12:02 - 2014-03-01 12:02 - 00000000 ____D () C:\Program Files\iPod 2014-03-01 12:02 - 2014-03-01 12:02 - 00000000 ____D () C:\Program Files\Bonjour 2014-03-01 12:02 - 2014-03-01 12:02 - 00000000 ____D () C:\Documents and Settings\LocalService\Application Data\Apple Computer 2014-03-01 11:53 - 2014-03-01 11:53 - 00001604 _____ () C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk 2014-03-01 11:53 - 2014-03-01 11:53 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime 2014-03-01 11:52 - 2014-03-01 12:02 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Apple Computer 2014-03-01 11:52 - 2014-03-01 11:53 - 00000000 ____D () C:\Program Files\QuickTime 2014-02-15 07:19 - 2014-02-15 07:19 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2916036$ ==================== One Month Modified Files and Folders ======= 2014-03-16 19:07 - 2014-03-15 16:46 - 00000000 ____D () C:\FRST 2014-03-16 19:03 - 2013-05-08 19:11 - 02050739 _____ () C:\WINDOWS\WindowsUpdate.log 2014-03-16 18:50 - 2013-05-08 20:09 - 00000900 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-03-16 01:37 - 2014-03-09 07:10 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-03-15 19:41 - 2013-05-08 20:09 - 00000364 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job 2014-03-15 16:25 - 2013-10-19 07:13 - 00000000 ____D () C:\Documents and Settings\Administrator\My Documents\Uni 2014-03-15 16:21 - 2014-03-09 06:59 - 00000238 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job 2014-03-15 16:21 - 2013-12-04 22:06 - 00000159 _____ () C:\WINDOWS\wiadebug.log 2014-03-15 16:21 - 2013-12-04 22:06 - 00000050 _____ () C:\WINDOWS\wiaservc.log 2014-03-15 16:21 - 2013-05-08 20:09 - 00000896 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-03-15 16:21 - 2013-05-08 19:16 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-03-15 16:21 - 2008-04-14 07:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl 2014-03-15 16:19 - 2014-03-15 12:32 - 00000000 ____D () C:\AdwCleaner 2014-03-15 16:19 - 2013-12-31 21:51 - 00000000 ____D () C:\Documents and Settings\Administrator\My Documents\H 2014-03-15 14:55 - 2014-03-09 10:10 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk 2014-03-15 14:33 - 2014-03-15 14:33 - 00001804 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk 2014-03-15 14:33 - 2014-03-15 14:33 - 00001734 _____ () C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk 2014-03-15 14:32 - 2014-03-15 14:32 - 00000000 ____D () C:\Program Files\Adobe 2014-03-15 14:32 - 2013-05-08 20:36 - 00000000 ____D () C:\Program Files\Common Files\Adobe 2014-03-15 14:32 - 2013-05-08 20:33 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Adobe 2014-03-15 14:13 - 2013-05-08 21:07 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe 2014-03-15 14:07 - 2014-03-15 14:07 - 00000444 _____ () C:\WINDOWS\wmsetup.log 2014-03-15 14:07 - 2013-05-08 19:18 - 00000792 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk 2014-03-15 12:24 - 2014-03-15 12:24 - 00002898 _____ () C:\Documents and Settings\Administrator\Desktop\JRT.txt 2014-03-15 12:19 - 2014-03-15 12:19 - 00000000 ____D () C:\WINDOWS\ERUNT 2014-03-14 12:50 - 2013-05-08 19:16 - 00032540 _____ () C:\WINDOWS\SchedLgU.Txt 2014-03-14 00:27 - 2013-12-05 23:00 - 00000000 ____D () C:\WINDOWS\SxsCaPendDel 2014-03-14 00:27 - 2013-05-08 19:18 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini 2014-03-13 18:16 - 2013-05-08 21:39 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB952287$ 2014-03-13 18:16 - 2013-05-08 20:09 - 00000000 ____D () C:\Program Files\Google 2014-03-13 17:15 - 2013-05-08 20:37 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Google 2014-03-13 17:15 - 2013-05-08 20:09 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Google 2014-03-13 17:13 - 2014-03-13 17:13 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\TrojanHunter 2014-03-13 16:26 - 2014-03-13 16:26 - 00059392 ____R () C:\WINDOWS\system32\streamhlp.dll 2014-03-13 05:50 - 2013-12-04 22:07 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-03-13 05:50 - 2013-05-08 19:57 - 00266208 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2014-03-12 23:01 - 2014-03-12 23:01 - 00130750 _____ () C:\WINDOWS\KB2925418-IE8.log 2014-03-12 23:01 - 2014-03-12 23:01 - 00002747 _____ () C:\WINDOWS\updspapi.log 2014-03-12 23:01 - 2014-03-12 23:01 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$ 2014-03-12 23:01 - 2014-03-12 07:25 - 00129220 _____ () C:\WINDOWS\KB2930275.log 2014-03-12 23:01 - 2014-03-12 07:25 - 00126953 _____ () C:\WINDOWS\KB2929961.log 2014-03-12 23:01 - 2014-03-08 22:55 - 00026405 _____ () C:\WINDOWS\iis6.log 2014-03-12 23:01 - 2014-03-08 22:55 - 00024730 _____ () C:\WINDOWS\FaxSetup.log 2014-03-12 23:01 - 2014-03-08 22:55 - 00011824 _____ () C:\WINDOWS\ocgen.log 2014-03-12 23:01 - 2014-03-08 22:55 - 00011284 _____ () C:\WINDOWS\tsoc.log 2014-03-12 23:01 - 2014-03-08 22:55 - 00008227 _____ () C:\WINDOWS\comsetup.log 2014-03-12 23:01 - 2014-03-08 22:55 - 00007466 _____ () C:\WINDOWS\msmqinst.log 2014-03-12 23:01 - 2014-03-08 22:55 - 00004984 _____ () C:\WINDOWS\ntdtcsetup.log 2014-03-12 23:01 - 2014-03-08 22:55 - 00004332 _____ () C:\WINDOWS\netfxocm.log 2014-03-12 23:01 - 2014-03-08 22:55 - 00001700 _____ () C:\WINDOWS\MedCtrOC.log 2014-03-12 23:01 - 2014-03-08 22:55 - 00001374 _____ () C:\WINDOWS\imsins.log 2014-03-12 23:01 - 2014-03-08 22:55 - 00001374 _____ () C:\WINDOWS\imsins.BAK 2014-03-12 23:01 - 2014-03-08 22:55 - 00001368 _____ () C:\WINDOWS\ocmsn.log 2014-03-12 23:01 - 2014-03-08 22:55 - 00001244 _____ () C:\WINDOWS\tabletoc.log 2014-03-12 23:01 - 2014-03-08 22:55 - 00001236 _____ () C:\WINDOWS\msgsocm.log 2014-03-12 23:01 - 2013-05-08 21:51 - 00000000 ____D () C:\WINDOWS\ie8updates 2014-03-12 23:00 - 2014-03-12 23:00 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$ 2014-03-12 23:00 - 2013-05-09 17:42 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help 2014-03-12 22:59 - 2013-12-04 22:07 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight 2014-03-12 09:37 - 2014-03-09 07:10 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2014-03-12 09:37 - 2014-03-09 07:10 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2014-03-12 07:23 - 2014-03-12 07:23 - 00000000 ____D () C:\WINDOWS\jumpshot.com 2014-03-11 19:19 - 2014-03-05 17:32 - 00003445 _____ () C:\WINDOWS\setupapi.log 2014-03-11 18:02 - 2014-03-11 18:02 - 00000802 _____ () C:\Documents and Settings\Administrator\Desktop\Free Countdown Timer.lnk 2014-03-11 18:02 - 2014-03-11 18:02 - 00000000 ____D () C:\Program Files\FreeCountdownTimer 2014-03-11 18:02 - 2014-03-11 18:02 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Free Countdown Timer 2014-03-11 07:45 - 2014-03-09 06:59 - 00000232 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job 2014-03-09 17:59 - 2013-09-21 21:08 - 00001746 ____H () C:\Documents and Settings\Administrator\My Documents\Default.rdp 2014-03-09 10:30 - 2014-03-09 10:30 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Mozilla 2014-03-09 10:10 - 2014-03-09 10:10 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome 2014-03-09 10:05 - 2013-05-08 19:18 - 00000803 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer.lnk 2014-03-09 08:49 - 2014-03-09 08:55 - 00000426 _____ () C:\AVScanner.ini 2014-03-08 22:55 - 2014-03-08 22:55 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2934207$ 2014-03-08 22:55 - 2014-03-08 22:55 - 00000000 _____ () C:\WINDOWS\setuperr.log 2014-03-08 22:55 - 2014-03-08 22:55 - 00000000 _____ () C:\WINDOWS\setupact.log 2014-03-08 22:55 - 2014-03-08 22:54 - 00004074 _____ () C:\WINDOWS\KB2934207.log 2014-03-08 13:27 - 2013-05-08 20:51 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Adobe 2014-03-08 11:47 - 2013-10-19 07:42 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job 2014-03-08 06:58 - 2013-05-08 19:57 - 00000211 ___SH () C:\boot.ini 2014-03-08 06:58 - 2008-04-14 07:00 - 00000552 _____ () C:\WINDOWS\win.ini 2014-03-08 06:58 - 2008-04-14 07:00 - 00000227 _____ () C:\WINDOWS\system.ini 2014-03-06 21:45 - 2013-05-08 19:50 - 00000000 ____D () C:\WINDOWS\Driver Cache 2014-03-06 21:44 - 2013-05-08 19:18 - 00000000 ____D () C:\Documents and Settings\Administrator 2014-03-06 20:49 - 2013-05-08 21:50 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2478971$ 2014-03-06 20:00 - 2014-03-06 20:00 - 00000784 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk 2014-03-06 20:00 - 2014-03-06 20:00 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware 2014-03-06 20:00 - 2014-03-06 20:00 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware 2014-03-02 21:19 - 2014-01-25 16:29 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\Unused Desktop Shortcuts 2014-03-02 21:19 - 2013-10-19 16:20 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Apple Computer 2014-03-01 12:03 - 2014-03-01 12:03 - 00001542 _____ () C:\Documents and Settings\All Users\Desktop\iTunes.lnk 2014-03-01 12:03 - 2014-03-01 12:03 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\iTunes 2014-03-01 12:03 - 2014-03-01 12:02 - 00000000 ____D () C:\Program Files\iTunes 2014-03-01 12:03 - 2014-03-01 12:02 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1 2014-03-01 12:03 - 2013-10-19 07:42 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Apple Computer 2014-03-01 12:02 - 2014-03-01 12:02 - 00000000 ____D () C:\Program Files\iPod 2014-03-01 12:02 - 2014-03-01 12:02 - 00000000 ____D () C:\Program Files\Bonjour 2014-03-01 12:02 - 2014-03-01 12:02 - 00000000 ____D () C:\Documents and Settings\LocalService\Application Data\Apple Computer 2014-03-01 12:02 - 2014-03-01 11:52 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Apple Computer 2014-03-01 12:02 - 2013-10-19 07:42 - 00000000 ____D () C:\Program Files\Common Files\Apple 2014-03-01 12:02 - 2013-10-19 07:42 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Apple 2014-03-01 11:53 - 2014-03-01 11:53 - 00001604 _____ () C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk 2014-03-01 11:53 - 2014-03-01 11:53 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime 2014-03-01 11:53 - 2014-03-01 11:52 - 00000000 ____D () C:\Program Files\QuickTime 2014-02-27 14:13 - 2013-06-10 15:33 - 00068456 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2014-02-26 01:59 - 2014-03-08 15:26 - 00013312 ____N (Microsoft Corporation) C:\WINDOWS\system32\xp_eos.exe 2014-02-26 01:59 - 2014-03-08 15:26 - 00013312 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xp_eos.exe 2014-02-24 16:24 - 2008-04-14 07:00 - 00174592 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ie4uinit.exe 2014-02-24 16:24 - 2008-04-14 07:00 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2014-02-24 11:46 - 2013-05-08 21:38 - 00012800 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xpshims.dll 2014-02-24 11:46 - 2013-05-08 19:10 - 00759296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\vgx.dll 2014-02-24 11:46 - 2008-04-14 07:00 - 06022144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtml.dll 2014-02-24 11:46 - 2008-04-14 07:00 - 06022144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2014-02-24 11:46 - 2008-04-14 07:00 - 01216000 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\urlmon.dll 2014-02-24 11:46 - 2008-04-14 07:00 - 01216000 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2014-02-24 11:46 - 2008-04-14 07:00 - 00920064 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wininet.dll 2014-02-24 11:46 - 2008-04-14 07:00 - 00920064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2014-02-24 11:46 - 2008-04-14 07:00 - 00611840 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mstime.dll 2014-02-24 11:46 - 2008-04-14 07:00 - 00611840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstime.dll 2014-02-24 11:46 - 2008-04-14 07:00 - 00206848 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\occache.dll 2014-02-24 11:46 - 2008-04-14 07:00 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\occache.dll 2014-02-24 11:46 - 2008-04-14 07:00 - 00105984 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\url.dll 2014-02-24 11:46 - 2008-04-14 07:00 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll 2014-02-24 11:46 - 2008-04-14 07:00 - 00067072 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtmled.dll 2014-02-24 11:46 - 2008-04-14 07:00 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2014-02-24 11:45 - 2013-05-08 21:38 - 11113472 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieframe.dll 2014-02-24 11:45 - 2013-05-08 21:38 - 02006016 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iertutil.dll 2014-02-24 11:45 - 2013-05-08 21:38 - 00743424 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedvtool.dll 2014-02-24 11:45 - 2013-05-08 21:38 - 00630272 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeeds.dll 2014-02-24 11:45 - 2013-05-08 21:38 - 00522240 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsdbgui.dll 2014-02-24 11:45 - 2013-05-08 21:38 - 00247808 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieproxy.dll 2014-02-24 11:45 - 2013-05-08 21:38 - 00055296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2014-02-24 11:45 - 2009-03-08 03:39 - 11113472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2014-02-24 11:45 - 2009-03-08 03:32 - 02006016 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2014-02-24 11:45 - 2009-03-08 03:32 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2014-02-24 11:45 - 2009-03-08 03:31 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll 2014-02-24 11:45 - 2008-04-14 07:00 - 01469440 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\inetcpl.cpl 2014-02-24 11:45 - 2008-04-14 07:00 - 01469440 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2014-02-24 11:45 - 2008-04-14 07:00 - 00387584 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedkcs32.dll 2014-02-24 11:45 - 2008-04-14 07:00 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2014-02-24 11:45 - 2008-04-14 07:00 - 00184320 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iepeers.dll 2014-02-24 11:45 - 2008-04-14 07:00 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll 2014-02-24 11:45 - 2008-04-14 07:00 - 00043520 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\licmgr10.dll 2014-02-24 11:45 - 2008-04-14 07:00 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll 2014-02-24 11:45 - 2008-04-14 07:00 - 00025600 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsproxy.dll 2014-02-24 11:45 - 2008-04-14 07:00 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll 2014-02-24 11:45 - 2008-04-14 07:00 - 00018944 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\corpol.dll 2014-02-24 11:45 - 2008-04-14 07:00 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\corpol.dll 2014-02-24 10:54 - 2008-04-14 07:00 - 00385024 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec 2014-02-21 19:42 - 2013-12-31 15:17 - 00001733 _____ () C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk 2014-02-21 19:42 - 2013-05-08 20:09 - 00067824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys 2014-02-21 19:41 - 2013-05-08 20:09 - 00775952 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys 2014-02-21 19:41 - 2013-05-08 20:09 - 00410784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys 2014-02-21 19:41 - 2013-05-08 20:09 - 00270240 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe 2014-02-21 19:41 - 2013-05-08 20:09 - 00057672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys 2014-02-21 19:41 - 2013-05-08 20:09 - 00054832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys 2014-02-21 19:41 - 2013-05-08 20:08 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr 2014-02-15 10:40 - 2013-05-08 20:00 - 00000000 ____D () C:\WINDOWS\Microsoft.NET 2014-02-15 10:18 - 2013-05-09 17:47 - 00065536 _____ () C:\WINDOWS\system32\config\ODiag.evt 2014-02-15 07:19 - 2014-02-15 07:19 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2916036$ 2014-02-15 07:13 - 2013-05-08 19:59 - 00591082 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-02-14 09:53 - 2013-07-18 02:01 - 00000000 ____D () C:\WINDOWS\system32\MRT Some content of TEMP: ==================== C:\Documents and Settings\Administrator\Local Settings\Temp\air165.exe C:\Documents and Settings\Administrator\Local Settings\Temp\air16A.exe C:\Documents and Settings\Administrator\Local Settings\Temp\air315.exe C:\Documents and Settings\Administrator\Local Settings\Temp\air324.exe C:\Documents and Settings\Administrator\Local Settings\Temp\air325.exe C:\Documents and Settings\Administrator\Local Settings\Temp\install_reader11_uk_mssa_aaa_aih.exe C:\Documents and Settings\Administrator\Local Settings\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\WINDOWS\explorer.exe => MD5 is legit C:\WINDOWS\system32\winlogon.exe => MD5 is legit C:\WINDOWS\system32\svchost.exe => MD5 is legit C:\WINDOWS\system32\services.exe => MD5 is legit C:\WINDOWS\system32\User32.dll => MD5 is legit C:\WINDOWS\system32\userinit.exe => MD5 is legit C:\WINDOWS\system32\rpcss.dll => MD5 is legit C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit ==================== End Of Log ========== Obviously it's completely double dutch to me so hope that it's showing what it should?! Off to run the second thing now.....
- March 16, 2014
- 24 replies
When trying to open Facebook update flash player appears and download is a virus

hness replied to hness's topic in Tech Support & Discussions Forum

Test 1...... Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01 Ran by Administrator (administrator) on ANY-3F6D0C1FCE8 on 15-03-2014 16:46:24 Running from C:\Documents and Settings\Administrator\My Documents\Downloads Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US) Internet Explorer Version 8 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= () C:\WINDOWS\System32\WLTRYSVC.EXE (Dell Inc.) C:\WINDOWS\System32\bcmwltry.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Microsoft Corporation) C:\WINDOWS\System32\SCardSvr.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (SigmaTel, Inc.) C:\WINDOWS\system32\StacSV.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Dell Inc.) C:\WINDOWS\system32\WLTRAY.exe (Intel Corporation) C:\WINDOWS\system32\hkcmd.exe (Intel Corporation) C:\WINDOWS\system32\igfxpers.exe (Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (SigmaTel, Inc.) C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Comfort Software Group) C:\Program Files\FreeCountdownTimer\FreeCountdownTimer.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [broadcom Wireless Manager UI] - C:\WINDOWS\system32\WLTRAY.exe [2498560 2010-10-29] (Dell Inc.) HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM\...\Run: [sigmatelSysTrayApp] - C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe [405504 2007-05-10] (SigmaTel, Inc.) HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-02-21] (AVAST Software) HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated) HKU\S-1-5-21-1343024091-1801674531-1887961886-500\...\Run: [FreeCT] - C:\Program Files\FreeCountdownTimer\FreeCountdownTimer.exe [2432280 2014-02-25] (Comfort Software Group) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1368047788625 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 162.248.99.162 50.63.128.135 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @canon.com/MycameraPlugin - C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: GoPhotoIt - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\profiles\extensions\gophoto@gophoto.it.xpi [2013-08-08] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [] Chrome: ======= CHR DefaultSearchKeyword: google.co.uk CHR Extension: (Google Drive) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-09] CHR Extension: (YouTube) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-09] CHR Extension: (Google Search) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-09] CHR Extension: (Google Wallet) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-09] CHR Extension: (Gmail) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-09] ========================== Services (Whitelisted) ================= R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-02-21] (AVAST Software) R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 STacSV; C:\WINDOWS\system32\StacSV.exe [94208 2007-05-10] (SigmaTel, Inc.) R2 wltrysvc; C:\WINDOWS\System32\bcmwltry.exe [2232320 2010-10-29] (Dell Inc.) U4 avast! Firewall; "C:\Program Files\AVAST Software\Avast\afwServ.exe" [X] S2 Wpm; No ImagePath ==================== Drivers (Whitelisted) ==================== R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-02-21] (AVAST Software) R1 AswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [54832 2014-02-21] (AVAST Software) R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2013-11-23] () R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [775952 2014-02-21] (AVAST Software) R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [410784 2014-02-21] (AVAST Software) R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57672 2014-02-21] (AVAST Software) R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [180248 2013-12-31] () R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [2649216 2010-10-29] (Broadcom Corporation) S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [51088 2004-03-22] (HP) S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2004-03-22] (HP) S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21744 2004-03-22] (HP) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation) R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1222840 2007-05-10] (SigmaTel, Inc.) U4 aswKbd; \??\C:\WINDOWS\system32\drivers\aswKbd.sys [X] S0 cerc6; No ImagePath S3 DIRECTIO; \??\C:\Program Files\PerformanceTest\DirectIo32.sys [X] S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X] S4 IntelIde; No ImagePath S1 iSafeNetFilter; \??\C:\Program Files\iSafe\iSafeNetFilter.sys [X] U1 WS2IFSL; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-03-15 16:46 - 2014-03-15 16:46 - 00000000 ____D () C:\FRST 2014-03-15 14:33 - 2014-03-15 14:33 - 00001804 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk 2014-03-15 14:33 - 2014-03-15 14:33 - 00001734 _____ () C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk 2014-03-15 14:32 - 2014-03-15 14:32 - 00000000 ____D () C:\Program Files\Adobe 2014-03-15 14:07 - 2014-03-15 14:07 - 00000444 _____ () C:\WINDOWS\wmsetup.log 2014-03-15 12:32 - 2014-03-15 16:19 - 00000000 ____D () C:\AdwCleaner 2014-03-15 12:24 - 2014-03-15 12:24 - 00002898 _____ () C:\Documents and Settings\Administrator\Desktop\JRT.txt 2014-03-15 12:19 - 2014-03-15 12:19 - 00000000 ____D () C:\WINDOWS\ERUNT 2014-03-13 17:13 - 2014-03-13 17:13 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\TrojanHunter 2014-03-13 16:26 - 2014-03-13 16:26 - 00059392 ____R () C:\WINDOWS\system32\streamhlp.dll 2014-03-12 23:01 - 2014-03-12 23:01 - 00130750 _____ () C:\WINDOWS\KB2925418-IE8.log 2014-03-12 23:01 - 2014-03-12 23:01 - 00002747 _____ () C:\WINDOWS\updspapi.log 2014-03-12 23:01 - 2014-03-12 23:01 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$ 2014-03-12 23:00 - 2014-03-12 23:00 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$ 2014-03-12 07:25 - 2014-03-12 23:01 - 00129220 _____ () C:\WINDOWS\KB2930275.log 2014-03-12 07:25 - 2014-03-12 23:01 - 00126953 _____ () C:\WINDOWS\KB2929961.log 2014-03-12 07:23 - 2014-03-12 07:23 - 00000000 ____D () C:\WINDOWS\jumpshot.com 2014-03-11 18:02 - 2014-03-11 18:02 - 00000802 _____ () C:\Documents and Settings\Administrator\Desktop\Free Countdown Timer.lnk 2014-03-11 18:02 - 2014-03-11 18:02 - 00000000 ____D () C:\Program Files\FreeCountdownTimer 2014-03-11 18:02 - 2014-03-11 18:02 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Free Countdown Timer 2014-03-09 10:30 - 2014-03-09 10:30 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Mozilla 2014-03-09 10:10 - 2014-03-15 14:55 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk 2014-03-09 10:10 - 2014-03-09 10:10 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome 2014-03-09 08:55 - 2014-03-09 08:49 - 00000426 _____ () C:\AVScanner.ini 2014-03-09 07:10 - 2014-03-15 16:37 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-03-09 07:10 - 2014-03-12 09:37 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2014-03-09 07:10 - 2014-03-12 09:37 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2014-03-09 06:59 - 2014-03-15 16:21 - 00000238 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job 2014-03-09 06:59 - 2014-03-11 07:45 - 00000232 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job 2014-03-08 22:55 - 2014-03-12 23:01 - 00026405 _____ () C:\WINDOWS\iis6.log 2014-03-08 22:55 - 2014-03-12 23:01 - 00024730 _____ () C:\WINDOWS\FaxSetup.log 2014-03-08 22:55 - 2014-03-12 23:01 - 00011824 _____ () C:\WINDOWS\ocgen.log 2014-03-08 22:55 - 2014-03-12 23:01 - 00011284 _____ () C:\WINDOWS\tsoc.log 2014-03-08 22:55 - 2014-03-12 23:01 - 00008227 _____ () C:\WINDOWS\comsetup.log 2014-03-08 22:55 - 2014-03-12 23:01 - 00007466 _____ () C:\WINDOWS\msmqinst.log 2014-03-08 22:55 - 2014-03-12 23:01 - 00004984 _____ () C:\WINDOWS\ntdtcsetup.log 2014-03-08 22:55 - 2014-03-12 23:01 - 00004332 _____ () C:\WINDOWS\netfxocm.log 2014-03-08 22:55 - 2014-03-12 23:01 - 00001700 _____ () C:\WINDOWS\MedCtrOC.log 2014-03-08 22:55 - 2014-03-12 23:01 - 00001374 _____ () C:\WINDOWS\imsins.log 2014-03-08 22:55 - 2014-03-12 23:01 - 00001374 _____ () C:\WINDOWS\imsins.BAK 2014-03-08 22:55 - 2014-03-12 23:01 - 00001368 _____ () C:\WINDOWS\ocmsn.log 2014-03-08 22:55 - 2014-03-12 23:01 - 00001244 _____ () C:\WINDOWS\tabletoc.log 2014-03-08 22:55 - 2014-03-12 23:01 - 00001236 _____ () C:\WINDOWS\msgsocm.log 2014-03-08 22:55 - 2014-03-08 22:55 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2934207$ 2014-03-08 22:55 - 2014-03-08 22:55 - 00000000 _____ () C:\WINDOWS\setuperr.log 2014-03-08 22:55 - 2014-03-08 22:55 - 00000000 _____ () C:\WINDOWS\setupact.log 2014-03-08 22:54 - 2014-03-08 22:55 - 00004074 _____ () C:\WINDOWS\KB2934207.log 2014-03-08 15:26 - 2014-02-26 01:59 - 00013312 ____N (Microsoft Corporation) C:\WINDOWS\system32\xp_eos.exe 2014-03-08 15:26 - 2014-02-26 01:59 - 00013312 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xp_eos.exe 2014-03-06 20:00 - 2014-03-06 20:00 - 00000784 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk 2014-03-06 20:00 - 2014-03-06 20:00 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware 2014-03-06 20:00 - 2014-03-06 20:00 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware 2014-03-06 20:00 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2014-03-05 17:32 - 2014-03-11 19:19 - 00003445 _____ () C:\WINDOWS\setupapi.log 2014-03-01 12:03 - 2014-03-01 12:03 - 00001542 _____ () C:\Documents and Settings\All Users\Desktop\iTunes.lnk 2014-03-01 12:03 - 2014-03-01 12:03 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\iTunes 2014-03-01 12:03 - 2012-08-21 13:01 - 00026840 _____ (GEAR Software Inc.) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys 2014-03-01 12:02 - 2014-03-01 12:03 - 00000000 ____D () C:\Program Files\iTunes 2014-03-01 12:02 - 2014-03-01 12:03 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1 2014-03-01 12:02 - 2014-03-01 12:02 - 00000000 ____D () C:\Program Files\iPod 2014-03-01 12:02 - 2014-03-01 12:02 - 00000000 ____D () C:\Program Files\Bonjour 2014-03-01 12:02 - 2014-03-01 12:02 - 00000000 ____D () C:\Documents and Settings\LocalService\Application Data\Apple Computer 2014-03-01 11:53 - 2014-03-01 11:53 - 00001604 _____ () C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk 2014-03-01 11:53 - 2014-03-01 11:53 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime 2014-03-01 11:52 - 2014-03-01 12:02 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Apple Computer 2014-03-01 11:52 - 2014-03-01 11:53 - 00000000 ____D () C:\Program Files\QuickTime 2014-02-15 07:19 - 2014-02-15 07:19 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2916036$ ==================== One Month Modified Files and Folders ======= 2014-03-15 16:46 - 2014-03-15 16:46 - 00000000 ____D () C:\FRST 2014-03-15 16:37 - 2014-03-09 07:10 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-03-15 16:27 - 2013-05-08 19:11 - 02025077 _____ () C:\WINDOWS\WindowsUpdate.log 2014-03-15 16:25 - 2013-10-19 07:13 - 00000000 ____D () C:\Documents and Settings\Administrator\My Documents\Uni 2014-03-15 16:22 - 2013-05-08 20:09 - 00000364 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job 2014-03-15 16:21 - 2014-03-09 06:59 - 00000238 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job 2014-03-15 16:21 - 2013-12-04 22:06 - 00000159 _____ () C:\WINDOWS\wiadebug.log 2014-03-15 16:21 - 2013-12-04 22:06 - 00000050 _____ () C:\WINDOWS\wiaservc.log 2014-03-15 16:21 - 2013-05-08 20:09 - 00000896 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-03-15 16:21 - 2013-05-08 19:16 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-03-15 16:21 - 2008-04-14 07:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl 2014-03-15 16:19 - 2014-03-15 12:32 - 00000000 ____D () C:\AdwCleaner 2014-03-15 16:19 - 2013-12-31 21:51 - 00000000 ____D () C:\Documents and Settings\Administrator\My Documents\H 2014-03-15 15:50 - 2013-05-08 20:09 - 00000900 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-03-15 14:55 - 2014-03-09 10:10 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk 2014-03-15 14:33 - 2014-03-15 14:33 - 00001804 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk 2014-03-15 14:33 - 2014-03-15 14:33 - 00001734 _____ () C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk 2014-03-15 14:32 - 2014-03-15 14:32 - 00000000 ____D () C:\Program Files\Adobe 2014-03-15 14:32 - 2013-05-08 20:36 - 00000000 ____D () C:\Program Files\Common Files\Adobe 2014-03-15 14:32 - 2013-05-08 20:33 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Adobe 2014-03-15 14:13 - 2013-05-08 21:07 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe 2014-03-15 14:07 - 2014-03-15 14:07 - 00000444 _____ () C:\WINDOWS\wmsetup.log 2014-03-15 14:07 - 2013-05-08 19:18 - 00000792 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk 2014-03-15 12:24 - 2014-03-15 12:24 - 00002898 _____ () C:\Documents and Settings\Administrator\Desktop\JRT.txt 2014-03-15 12:19 - 2014-03-15 12:19 - 00000000 ____D () C:\WINDOWS\ERUNT 2014-03-14 12:50 - 2013-05-08 19:16 - 00032540 _____ () C:\WINDOWS\SchedLgU.Txt 2014-03-14 00:27 - 2013-12-05 23:00 - 00000000 ____D () C:\WINDOWS\SxsCaPendDel 2014-03-14 00:27 - 2013-05-08 19:18 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini 2014-03-13 18:16 - 2013-05-08 21:39 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB952287$ 2014-03-13 18:16 - 2013-05-08 20:09 - 00000000 ____D () C:\Program Files\Google 2014-03-13 17:15 - 2013-05-08 20:37 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Google 2014-03-13 17:15 - 2013-05-08 20:09 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Google 2014-03-13 17:13 - 2014-03-13 17:13 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\TrojanHunter 2014-03-13 16:26 - 2014-03-13 16:26 - 00059392 ____R () C:\WINDOWS\system32\streamhlp.dll 2014-03-13 05:50 - 2013-12-04 22:07 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-03-13 05:50 - 2013-05-08 19:57 - 00266208 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2014-03-12 23:01 - 2014-03-12 23:01 - 00130750 _____ () C:\WINDOWS\KB2925418-IE8.log 2014-03-12 23:01 - 2014-03-12 23:01 - 00002747 _____ () C:\WINDOWS\updspapi.log 2014-03-12 23:01 - 2014-03-12 23:01 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$ 2014-03-12 23:01 - 2014-03-12 07:25 - 00129220 _____ () C:\WINDOWS\KB2930275.log 2014-03-12 23:01 - 2014-03-12 07:25 - 00126953 _____ () C:\WINDOWS\KB2929961.log 2014-03-12 23:01 - 2014-03-08 22:55 - 00026405 _____ () C:\WINDOWS\iis6.log 2014-03-12 23:01 - 2014-03-08 22:55 - 00024730 _____ () C:\WINDOWS\FaxSetup.log 2014-03-12 23:01 - 2014-03-08 22:55 - 00011824 _____ () C:\WINDOWS\ocgen.log 2014-03-12 23:01 - 2014-03-08 22:55 - 00011284 _____ () C:\WINDOWS\tsoc.log 2014-03-12 23:01 - 2014-03-08 22:55 - 00008227 _____ () C:\WINDOWS\comsetup.log 2014-03-12 23:01 - 2014-03-08 22:55 - 00007466 _____ () C:\WINDOWS\msmqinst.log 2014-03-12 23:01 - 2014-03-08 22:55 - 00004984 _____ () C:\WINDOWS\ntdtcsetup.log 2014-03-12 23:01 - 2014-03-08 22:55 - 00004332 _____ () C:\WINDOWS\netfxocm.log 2014-03-12 23:01 - 2014-03-08 22:55 - 00001700 _____ () C:\WINDOWS\MedCtrOC.log 2014-03-12 23:01 - 2014-03-08 22:55 - 00001374 _____ () C:\WINDOWS\imsins.log 2014-03-12 23:01 - 2014-03-08 22:55 - 00001374 _____ () C:\WINDOWS\imsins.BAK 2014-03-12 23:01 - 2014-03-08 22:55 - 00001368 _____ () C:\WINDOWS\ocmsn.log 2014-03-12 23:01 - 2014-03-08 22:55 - 00001244 _____ () C:\WINDOWS\tabletoc.log 2014-03-12 23:01 - 2014-03-08 22:55 - 00001236 _____ () C:\WINDOWS\msgsocm.log 2014-03-12 23:01 - 2013-05-08 21:51 - 00000000 ____D () C:\WINDOWS\ie8updates 2014-03-12 23:00 - 2014-03-12 23:00 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$ 2014-03-12 23:00 - 2013-05-09 17:42 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help 2014-03-12 22:59 - 2013-12-04 22:07 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight 2014-03-12 09:37 - 2014-03-09 07:10 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2014-03-12 09:37 - 2014-03-09 07:10 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2014-03-12 07:23 - 2014-03-12 07:23 - 00000000 ____D () C:\WINDOWS\jumpshot.com 2014-03-11 19:19 - 2014-03-05 17:32 - 00003445 _____ () C:\WINDOWS\setupapi.log 2014-03-11 18:02 - 2014-03-11 18:02 - 00000802 _____ () C:\Documents and Settings\Administrator\Desktop\Free Countdown Timer.lnk 2014-03-11 18:02 - 2014-03-11 18:02 - 00000000 ____D () C:\Program Files\FreeCountdownTimer 2014-03-11 18:02 - 2014-03-11 18:02 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Free Countdown Timer 2014-03-11 07:45 - 2014-03-09 06:59 - 00000232 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job 2014-03-09 17:59 - 2013-09-21 21:08 - 00001746 ____H () C:\Documents and Settings\Administrator\My Documents\Default.rdp 2014-03-09 10:30 - 2014-03-09 10:30 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Mozilla 2014-03-09 10:10 - 2014-03-09 10:10 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome 2014-03-09 10:05 - 2013-05-08 19:18 - 00000803 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer.lnk 2014-03-09 08:49 - 2014-03-09 08:55 - 00000426 _____ () C:\AVScanner.ini 2014-03-08 22:55 - 2014-03-08 22:55 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2934207$ 2014-03-08 22:55 - 2014-03-08 22:55 - 00000000 _____ () C:\WINDOWS\setuperr.log 2014-03-08 22:55 - 2014-03-08 22:55 - 00000000 _____ () C:\WINDOWS\setupact.log 2014-03-08 22:55 - 2014-03-08 22:54 - 00004074 _____ () C:\WINDOWS\KB2934207.log 2014-03-08 13:27 - 2013-05-08 20:51 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Adobe 2014-03-08 11:47 - 2013-10-19 07:42 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job 2014-03-08 06:58 - 2013-05-08 19:57 - 00000211 ___SH () C:\boot.ini 2014-03-08 06:58 - 2008-04-14 07:00 - 00000552 _____ () C:\WINDOWS\win.ini 2014-03-08 06:58 - 2008-04-14 07:00 - 00000227 _____ () C:\WINDOWS\system.ini 2014-03-06 21:45 - 2013-05-08 19:50 - 00000000 ____D () C:\WINDOWS\Driver Cache 2014-03-06 21:44 - 2013-05-08 19:18 - 00000000 ____D () C:\Documents and Settings\Administrator 2014-03-06 20:49 - 2013-05-08 21:50 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2478971$ 2014-03-06 20:00 - 2014-03-06 20:00 - 00000784 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk 2014-03-06 20:00 - 2014-03-06 20:00 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware 2014-03-06 20:00 - 2014-03-06 20:00 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware 2014-03-02 21:19 - 2014-01-25 16:29 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\Unused Desktop Shortcuts 2014-03-02 21:19 - 2013-10-19 16:20 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Apple Computer 2014-03-01 12:03 - 2014-03-01 12:03 - 00001542 _____ () C:\Documents and Settings\All Users\Desktop\iTunes.lnk 2014-03-01 12:03 - 2014-03-01 12:03 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\iTunes 2014-03-01 12:03 - 2014-03-01 12:02 - 00000000 ____D () C:\Program Files\iTunes 2014-03-01 12:03 - 2014-03-01 12:02 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1 2014-03-01 12:03 - 2013-10-19 07:42 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Apple Computer 2014-03-01 12:02 - 2014-03-01 12:02 - 00000000 ____D () C:\Program Files\iPod 2014-03-01 12:02 - 2014-03-01 12:02 - 00000000 ____D () C:\Program Files\Bonjour 2014-03-01 12:02 - 2014-03-01 12:02 - 00000000 ____D () C:\Documents and Settings\LocalService\Application Data\Apple Computer 2014-03-01 12:02 - 2014-03-01 11:52 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Apple Computer 2014-03-01 12:02 - 2013-10-19 07:42 - 00000000 ____D () C:\Program Files\Common Files\Apple 2014-03-01 12:02 - 2013-10-19 07:42 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Apple 2014-03-01 11:53 - 2014-03-01 11:53 - 00001604 _____ () C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk 2014-03-01 11:53 - 2014-03-01 11:53 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime 2014-03-01 11:53 - 2014-03-01 11:52 - 00000000 ____D () C:\Program Files\QuickTime 2014-02-27 14:13 - 2013-06-10 15:33 - 00068456 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2014-02-26 01:59 - 2014-03-08 15:26 - 00013312 ____N (Microsoft Corporation) C:\WINDOWS\system32\xp_eos.exe 2014-02-26 01:59 - 2014-03-08 15:26 - 00013312 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xp_eos.exe 2014-02-24 16:24 - 2008-04-14 07:00 - 00174592 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ie4uinit.exe 2014-02-24 16:24 - 2008-04-14 07:00 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2014-02-24 11:46 - 2013-05-08 21:38 - 00012800 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xpshims.dll 2014-02-24 11:46 - 2013-05-08 19:10 - 00759296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\vgx.dll 2014-02-24 11:46 - 2008-04-14 07:00 - 06022144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtml.dll 2014-02-24 11:46 - 2008-04-14 07:00 - 06022144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2014-02-24 11:46 - 2008-04-14 07:00 - 01216000 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\urlmon.dll 2014-02-24 11:46 - 2008-04-14 07:00 - 01216000 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2014-02-24 11:46 - 2008-04-14 07:00 - 00920064 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wininet.dll 2014-02-24 11:46 - 2008-04-14 07:00 - 00920064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2014-02-24 11:46 - 2008-04-14 07:00 - 00611840 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mstime.dll 2014-02-24 11:46 - 2008-04-14 07:00 - 00611840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstime.dll 2014-02-24 11:46 - 2008-04-14 07:00 - 00206848 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\occache.dll 2014-02-24 11:46 - 2008-04-14 07:00 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\occache.dll 2014-02-24 11:46 - 2008-04-14 07:00 - 00105984 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\url.dll 2014-02-24 11:46 - 2008-04-14 07:00 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll 2014-02-24 11:46 - 2008-04-14 07:00 - 00067072 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtmled.dll 2014-02-24 11:46 - 2008-04-14 07:00 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2014-02-24 11:45 - 2013-05-08 21:38 - 11113472 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieframe.dll 2014-02-24 11:45 - 2013-05-08 21:38 - 02006016 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iertutil.dll 2014-02-24 11:45 - 2013-05-08 21:38 - 00743424 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedvtool.dll 2014-02-24 11:45 - 2013-05-08 21:38 - 00630272 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeeds.dll 2014-02-24 11:45 - 2013-05-08 21:38 - 00522240 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsdbgui.dll 2014-02-24 11:45 - 2013-05-08 21:38 - 00247808 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieproxy.dll 2014-02-24 11:45 - 2013-05-08 21:38 - 00055296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2014-02-24 11:45 - 2009-03-08 03:39 - 11113472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2014-02-24 11:45 - 2009-03-08 03:32 - 02006016 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2014-02-24 11:45 - 2009-03-08 03:32 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2014-02-24 11:45 - 2009-03-08 03:31 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll 2014-02-24 11:45 - 2008-04-14 07:00 - 01469440 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\inetcpl.cpl 2014-02-24 11:45 - 2008-04-14 07:00 - 01469440 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2014-02-24 11:45 - 2008-04-14 07:00 - 00387584 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedkcs32.dll 2014-02-24 11:45 - 2008-04-14 07:00 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2014-02-24 11:45 - 2008-04-14 07:00 - 00184320 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iepeers.dll 2014-02-24 11:45 - 2008-04-14 07:00 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll 2014-02-24 11:45 - 2008-04-14 07:00 - 00043520 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\licmgr10.dll 2014-02-24 11:45 - 2008-04-14 07:00 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll 2014-02-24 11:45 - 2008-04-14 07:00 - 00025600 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsproxy.dll 2014-02-24 11:45 - 2008-04-14 07:00 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll 2014-02-24 11:45 - 2008-04-14 07:00 - 00018944 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\corpol.dll 2014-02-24 11:45 - 2008-04-14 07:00 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\corpol.dll 2014-02-24 10:54 - 2008-04-14 07:00 - 00385024 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec 2014-02-21 19:42 - 2013-12-31 15:17 - 00001733 _____ () C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk 2014-02-21 19:42 - 2013-05-08 20:09 - 00067824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys 2014-02-21 19:41 - 2013-05-08 20:09 - 00775952 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys 2014-02-21 19:41 - 2013-05-08 20:09 - 00410784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys 2014-02-21 19:41 - 2013-05-08 20:09 - 00270240 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe 2014-02-21 19:41 - 2013-05-08 20:09 - 00057672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys 2014-02-21 19:41 - 2013-05-08 20:09 - 00054832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys 2014-02-21 19:41 - 2013-05-08 20:08 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr 2014-02-15 10:40 - 2013-05-08 20:00 - 00000000 ____D () C:\WINDOWS\Microsoft.NET 2014-02-15 10:18 - 2013-05-09 17:47 - 00065536 _____ () C:\WINDOWS\system32\config\ODiag.evt 2014-02-15 07:19 - 2014-02-15 07:19 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2916036$ 2014-02-15 07:13 - 2013-05-08 19:59 - 00591082 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-02-14 09:53 - 2013-07-18 02:01 - 00000000 ____D () C:\WINDOWS\system32\MRT Some content of TEMP: ==================== C:\Documents and Settings\Administrator\Local Settings\Temp\air165.exe C:\Documents and Settings\Administrator\Local Settings\Temp\air16A.exe C:\Documents and Settings\Administrator\Local Settings\Temp\air315.exe C:\Documents and Settings\Administrator\Local Settings\Temp\air324.exe C:\Documents and Settings\Administrator\Local Settings\Temp\air325.exe C:\Documents and Settings\Administrator\Local Settings\Temp\install_reader11_uk_mssa_aaa_aih.exe C:\Documents and Settings\Administrator\Local Settings\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\WINDOWS\explorer.exe => MD5 is legit C:\WINDOWS\system32\winlogon.exe => MD5 is legit C:\WINDOWS\system32\svchost.exe => MD5 is legit C:\WINDOWS\system32\services.exe => MD5 is legit C:\WINDOWS\system32\User32.dll => MD5 is legit C:\WINDOWS\system32\userinit.exe => MD5 is legit C:\WINDOWS\system32\rpcss.dll => MD5 is legit C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit ==================== End Of Log ============================ Test 2 Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014 01 Ran by Administrator at 2014-03-15 16:46:54 Running from C:\Documents and Settings\Administrator\My Documents\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D} ==================== Installed Programs ====================== 20/20 v2.2 (HKLM\...\20/20 v2.2) (Version: - ) Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated) Adobe Reader XI (11.0.06) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated) AiO_Scan (Version: 43.0.217.000 - Hewlett-Packard) Hidden Apple Application Support (HKLM\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.) Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) avast! Free Antivirus (HKLM\...\avast) (Version: 9.0.2013 - Avast Software) Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.) Broadcom Management Programs (HKLM\...\{C99C0593-3B48-41D9-B42F-6E035B320449}) (Version: 10.15.01 - Broadcom Corporation) Canon PowerShot S110 Camera User Guide (HKLM\...\CameraUserGuide-PSS110) (Version: 1.0.0.1 - Canon Inc.) Canon Utilities CameraWindow DC 8 (HKLM\...\CameraWindowDC) (Version: 8.9.0.4 - Canon Inc.) Canon Utilities Digital Photo Professional (HKLM\...\Digital Photo Professional) (Version: 3.12.10.2 - Canon Inc.) Canon Utilities ImageBrowser EX (HKLM\...\ImageBrowser EX) (Version: 1.4.0.5 - Canon Inc.) Canon Utilities PhotoStitch (HKLM\...\PhotoStitch) (Version: 3.1.23.47 - Canon Inc.) CCleaner (HKLM\...\CCleaner) (Version: 4.06 - Piriform) DW WLAN Card Utility (HKLM\...\DW WLAN Card Utility) (Version: 5.60.18.47 - Dell Inc.) Enterprise (Version: 43.0.217.000 - Hewlett-Packard) Hidden Free Countdown Timer 3.1.0 (HKLM\...\{404245D0-E836-4737-9C12-D4D0034540F5}_is1) (Version: 3.1 - Comfort Software Group) Google Chrome (HKLM\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.) Google Update Helper (Version: 1.3.22.5 - Google Inc.) Hidden HP PSC & Officejet 4.2 Corporate Edition (HKLM\...\{AC1314E7-D28C-40A1-B322-80D2868D35CE}) (Version: - HP) Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation) iTunes (HKLM\...\{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}) (Version: 11.1.5.5 - Apple Inc.) Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation) McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.141.11 - McAfee, Inc.) Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation) Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 (Version: - Microsoft Corporation) Hidden Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft WinUsb 1.0 (HKLM\...\winusb0100) (Version: - Microsoft Corporation) MyFreeCodec (HKCU\...\MyFreeCodec) (Version: - ) QFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.) Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.1.13105_7 - Samsung Electronics Co., Ltd.) Samsung Kies (Version: 2.6.1.13105_7 - Samsung Electronics Co., Ltd.) Hidden SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.29.0 - SAMSUNG Electronics Co., Ltd.) Scan (Version: 4.1.0.0 - Hewlett-Packard) Hidden SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.5210.0 - SigmaTel) swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878234) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{EC1934B0-AE0F-4BBD-8955-54BB3247ED9E}) (Version: - Microsoft) Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation) Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB898461) (HKLM\...\KB898461) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB951978) (HKLM\...\KB951978) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation) VLC media player 2.1.2 (HKLM\...\VLC media player) (Version: 2.1.2 - VideoLAN) WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation) Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation) Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation) Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation) Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - ) Windows Media Format 11 runtime (Version: - Microsoft Corporation) Hidden ==================== Restore Points ========================= 17-01-2014 08:16:02 System Checkpoint 18-01-2014 08:35:16 System Checkpoint 20-01-2014 08:21:27 System Checkpoint 21-01-2014 09:44:12 System Checkpoint 22-01-2014 22:53:43 System Checkpoint 24-01-2014 08:44:08 System Checkpoint 24-01-2014 20:48:15 Installed Windows XP Wudf01000. 24-01-2014 20:48:24 Installed Samsung Kies 24-01-2014 20:54:48 Installed Windows XP Wdf01007. 24-01-2014 20:55:15 Installed Windows XP winusb0100. 25-01-2014 21:19:40 System Checkpoint 26-01-2014 11:24:56 Software Distribution Service 3.0 28-01-2014 18:22:05 System Checkpoint 30-01-2014 12:37:34 System Checkpoint 31-01-2014 18:15:38 System Checkpoint 04-02-2014 10:13:14 System Checkpoint 05-02-2014 13:45:19 System Checkpoint 08-02-2014 14:32:52 System Checkpoint 11-02-2014 08:23:22 System Checkpoint 12-02-2014 13:19:11 System Checkpoint 14-02-2014 09:44:54 Software Distribution Service 3.0 15-02-2014 07:04:40 Software Distribution Service 3.0 18-02-2014 11:58:24 System Checkpoint 19-02-2014 16:33:33 System Checkpoint 20-02-2014 21:57:36 System Checkpoint 21-02-2014 19:38:32 avast! antivirus system restore point 22-02-2014 20:24:06 System Checkpoint 25-02-2014 07:54:43 System Checkpoint 25-02-2014 21:12:17 Removed Adobe Acrobat XI Pro. 26-02-2014 21:19:18 System Checkpoint 27-02-2014 22:09:44 System Checkpoint 01-03-2014 10:26:50 System Checkpoint 02-03-2014 12:42:40 System Checkpoint 03-03-2014 22:51:59 System Checkpoint 04-03-2014 20:05:58 Installed Adobe Flash Player 12 ActiveX. 05-03-2014 21:53:10 System Checkpoint 06-03-2014 23:19:40 System Checkpoint 08-03-2014 07:54:19 System Checkpoint 08-03-2014 13:25:53 Removed Adobe Download Assistant 08-03-2014 13:26:39 Removed Adobe Reader XI (11.0.06). 08-03-2014 22:54:40 Software Distribution Service 3.0 10-03-2014 07:20:26 System Checkpoint 11-03-2014 10:06:39 System Checkpoint 12-03-2014 12:41:31 System Checkpoint 12-03-2014 22:59:04 Software Distribution Service 3.0 ==================== Hosts content: ========================== 2008-04-14 07:00 - 2008-04-14 07:00 - 00000734 ____N C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe ==================== Loaded Modules (whitelisted) ============= 2013-05-08 19:35 - 2010-10-29 09:14 - 00025088 _____ () C:\WINDOWS\System32\WLTRYSVC.EXE 2013-05-08 19:35 - 2010-10-29 09:14 - 00761856 _____ () C:\WINDOWS\System32\bcm1xsup.dll 2014-03-15 12:14 - 2014-03-15 08:32 - 02186752 _____ () C:\Program Files\AVAST Software\Avast\defs\14031500\algo.dll 2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2013-05-08 19:35 - 2010-10-29 09:14 - 00143360 _____ () C:\WINDOWS\system32\preflib.dll 2013-11-23 06:53 - 2013-11-23 06:53 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2014-03-15 14:54 - 2014-03-15 00:50 - 00051016 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll 2008-04-14 07:00 - 2008-04-14 07:00 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll 2008-04-14 07:00 - 2008-04-14 07:00 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll 2014-03-15 14:55 - 2014-03-15 00:50 - 04061000 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.154\pdf.dll 2014-03-15 14:55 - 2014-03-15 00:50 - 00394568 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll 2014-03-15 14:54 - 2014-03-15 00:50 - 01647432 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== Disabled items from MSCONFIG ============== MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ImageBrowser EX Agent.lnk => C:\WINDOWS\pss\ImageBrowser EX Agent.lnkCommon Startup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: KiesAirMessage => C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup MSCONFIG\startupreg: KiesPreload => C:\Program Files\Samsung\Kies\Kies.exe /preload MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe MSCONFIG\startupreg: mobilegeni daemon => C:\Program Files\Mobogenie\DaemonProcess.exe MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" ==================== Faulty Device Manager Devices ============= Name: Modem Device on High Definition Audio Bus Description: Modem Device on High Definition Audio Bus Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318} Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Ethernet Controller Description: Ethernet Controller Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318} Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (03/15/2014 02:10:59 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 5047 Error: (03/15/2014 02:10:59 AM) (Source: Bonjour Service) (User: ) is this what you needed????
- March 15, 2014
- 24 replies
When trying to open Facebook update flash player appears and download is a virus

hness replied to hness's topic in Tech Support & Discussions Forum

I have managed to copy a log of the scan though - not sure if this is of any use?!: # AdwCleaner v3.022 - Report created 15/03/2014 at 14:16:03 # Updated 13/03/2014 by Xplode # Operating System : Microsoft Windows XP Service Pack 3 (32 bits) # Username : Administrator - ANY-3F6D0C1FCE8 # Running from : C:\Documents and Settings\Administrator\My Documents\Downloads\AdwCleaner.exe # Option : Scan ***** [ Services ] ***** Service Found : iSafeNetFilter Service Found : Wpm ***** [ Files / Folders ] ***** Folder Found C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\AirInstaller Folder Found C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\AirInstaller Folder Found C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\AirInstaller Folder Found C:\Documents and Settings\Administrator\Local Settings\Application Data\Mobogenie Folder Found C:\Documents and Settings\All Users\Application Data\WPM Folder Found C:\Documents and Settings\All Users\Start Menu\Programs\myfree codec Folder Found C:\Program Files\WinZipper ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Found : HKCU\Software\Conduit Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyFreeCodec Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec Key Found : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98} Key Found : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761} Key Found : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36} Key Found : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71} Key Found : HKLM\SOFTWARE\Classes\CLSID\{FD501041-8EBE-11CE-8183-00AA00577DA2} Key Found : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA} Key Found : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09} Key Found : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49} Key Found : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460} Key Found : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920} Key Found : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3} Key Found : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861} Key Found : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065} Key Found : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA} Key Found : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000} Key Found : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4} Key Found : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D} Key Found : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0} Key Found : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C} Key Found : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9} Key Found : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08} Key Found : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4} Key Found : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C} Key Found : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37} Key Found : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0} Key Found : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003} Key Found : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4} Key Found : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D} Key Found : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5} Key Found : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A} Key Found : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D} Key Found : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA} Key Found : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75} Key Found : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556} Key Found : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C} Key Found : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500} Key Found : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205} Key Found : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED} Key Found : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25} Key Found : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D} Key Found : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3} Key Found : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7} Key Found : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01} Key Found : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2} Key Found : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587} Key Found : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4} Key Found : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B} Key Found : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7} Key Found : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager Key Found : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1 Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF} Key Found : HKLM\Software\hdcode Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Iminent Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Wpm Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5 Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375 Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75FF6D97AF9FC004A9521D4B83FA6321 Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB13D869D7D092348847B7481BB59E27 Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F2E0D3DD9E5E4B74CA43BCE77815E287 Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7 Key Found : HKLM\Software\supWPM Key Found : HKLM\Software\V9 Key Found : HKLM\Software\winzipersvc Key Found : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\TornTV.com\TornTV Downloader.exe] ***** [ Browsers ] ***** -\\ Internet Explorer v8.0.6001.18702 -\\ Mozilla Firefox v -\\ Google Chrome v33.0.1750.149 [ File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [7758 octets] - [15/03/2014 12:32:33] AdwCleaner[R1].txt - [7877 octets] - [15/03/2014 13:06:19] AdwCleaner[R2].txt - [7738 octets] - [15/03/2014 14:16:03] AdwCleaner[s0].txt - [351 octets] - [15/03/2014 12:36:04] AdwCleaner[s1].txt - [351 octets] - [15/03/2014 13:07:01] ########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [7916 octets] ##########
- March 15, 2014
- 24 replies
When trying to open Facebook update flash player appears and download is a virus

hness replied to hness's topic in Tech Support & Discussions Forum

Hi Starbuck, many thanks for the reply. Okay I ran step one: ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\secman.dll Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Myfree Codec Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\systweak Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Myfree Codec Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\desksvc Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\searchprotect Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\systweak Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\searchthewebarp ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Documents and Settings\Administrator\Application Data\isafe" Successfully deleted: [Folder] "C:\Documents and Settings\Administrator\Local Settings\Application Data\searchprotect" Successfully deleted: [Folder] "C:\Program Files\iminent" Successfully deleted: [Folder] "C:\Program Files\myfree codec" Successfully deleted: [Folder] "C:\Program Files\mypc backup" Successfully deleted: [Folder] "C:\Program Files\torntv.com" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 15/03/2014 at 12:24:07.06 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ However, when I try to run the second step, it scans okay but then crashes as soon as I hit the clean button. I've tried it twice and it just won't run?!
- March 15, 2014
- 24 replies
When trying to open Facebook update flash player appears and download is a virus

hness replied to hness's topic in Tech Support & Discussions Forum

Hi Ken - thanks for the welcome and the quick reply! Sorry I didn't get back to you but I thought I would receive a notification on e-mail to let me know if someone had replied! To be honest I am in the middle of year end exams and am trying to find the time to sit sown and sort this out so am sure I should have ticked a box somewhere to enable this! Starbuck as well - many thanks - I'm not great on PC's but can generally find my way around so let me try and explain (in layman's terms exactly what has happened so far)! PC working absolutely fine (as was my housemates). Suddenly kept getting this error message and when clicked on to update flash player (confident in the fact that if it was a virus that I have good anti-virus software) it would be detected and lo and behold a threat came up (my house mate who uses a different laptop had exactly the same problem at the same time and also had it on her phone when trying to use the wi fi). I have run anti malware (as previously stated), this didn't help, and then googled a few further help and ran a trojan program today which didn't detect anything.Ran the malware program again (copy of log attached) and it came up with 16 new threats?! It seems to be really random - sometimes I can access sites, sometimes, it tells me there is an SSL error, and sometimes the flash player warning come up. I hope this helps ?? Anyway the log details (the one I ran again today) are: Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2014.03.06.08 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Administrator :: ANY-3F6D0C1FCE8 [administrator] 13/03/2014 17:18:30 mbam-log-2014-03-13 (17-18-30).txt Scan type: Full scan (C:\|D:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 255114 Time elapsed: 40 minute(s), 3 second(s) Memory Processes Detected: 2 C:\Program Files\crimsolite\updatecrimsolite.exe (PUP.Optional.Crimsolite.A) -> 224 -> Delete on reboot. C:\Program Files\crimsolite\bin\utilcrimsolite.exe (PUP.Optional.Crimsolite.A) -> 496 -> Delete on reboot. Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 11 HKLM\SYSTEM\CurrentControlSet\Services\Update crimsolite (PUP.Optional.Crimsolite.A) -> Quarantined and deleted successfully. HKLM\SYSTEM\CurrentControlSet\Services\Util crimsolite (PUP.Optional.Crimsolite.A) -> Quarantined and deleted successfully. HKCR\CLSID\{1b059c94-7dfc-419a-8aa6-8e643bac7974} (PUP.Optional.Crimsolite.A) -> Quarantined and deleted successfully. HKCR\TypeLib\{57598d3d-4682-464b-8a24-84462a40a4fa} (PUP.Optional.Crimsolite.A) -> Quarantined and deleted successfully. HKCR\Interface\{AFCA2592-4D6B-4DC0-B9E1-F1BC3978DEDF} (PUP.Optional.Crimsolite.A) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1B059C94-7DFC-419A-8AA6-8E643BAC7974} (PUP.Optional.Crimsolite.A) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{1B059C94-7DFC-419A-8AA6-8E643BAC7974} (PUP.Optional.Crimsolite.A) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1B059C94-7DFC-419A-8AA6-8E643BAC7974} (PUP.Optional.Crimsolite.A) -> Quarantined and deleted successfully. HKCR\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23} (PUP.Optional.BrowseFox.A) -> Quarantined and deleted successfully. HKCU\Software\crimsolite (PUP.Optional.Crimsolite.A) -> Quarantined and deleted successfully. HKLM\Software\crimsolite (PUP.Optional.Crimsolite.A) -> Quarantined and deleted successfully. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 3 C:\Program Files\crimsolite (PUP.Optional.Crimsolite.A) -> Delete on reboot. C:\Program Files\crimsolite\bin (PUP.Optional.Crimsolite.A) -> Delete on reboot. C:\Program Files\crimsolite\bin\plugins (PUP.Optional.Crimsolite.A) -> Quarantined and deleted successfully. Files Detected: 11 C:\Program Files\crimsolite\updatecrimsolite.exe (PUP.Optional.Crimsolite.A) -> Delete on reboot. C:\Program Files\crimsolite\bin\utilcrimsolite.exe (PUP.Optional.Crimsolite.A) -> Delete on reboot. C:\Program Files\crimsolite\crimsoliteBHO.dll (PUP.Optional.Crimsolite.A) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{C762F25B-B185-4A6C-B8BF-72327A572368}\RP162\A0037448.exe (PUP.Optional.Sambreel.A) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{C762F25B-B185-4A6C-B8BF-72327A572368}\RP164\A0037575.exe (PUP.Optional.Crimsolite.A) -> Quarantined and deleted successfully. C:\Program Files\crimsolite\crimsolite.ico (PUP.Optional.Crimsolite.A) -> Quarantined and deleted successfully. C:\Program Files\crimsolite\7za.exe (PUP.Optional.Crimsolite.A) -> Quarantined and deleted successfully. C:\Program Files\crimsolite\updatecrimsolite.InstallState (PUP.Optional.Crimsolite.A) -> Quarantined and deleted successfully. C:\Program Files\crimsolite\bin\utilcrimsolite.InstallState (PUP.Optional.Crimsolite.A) -> Quarantined and deleted successfully. C:\Program Files\crimsolite\bin\plugins\crimsolite.BrowserFilterG.dll (PUP.Optional.Crimsolite.A) -> Quarantined and deleted successfully. C:\Program Files\crimsolite\bin\plugins\crimsolite.FFUpdate.dll (PUP.Optional.Crimsolite.A) -> Quarantined and deleted successfully. (end) Any help you could give me would be so appreciated as I am sure you can imagine that when you're trying to study and this error keeps appearing it is really annoying to say the least!!!!
- March 13, 2014
- 24 replies
When trying to open Facebook update flash player appears and download is a virus

hness posted a topic in Tech Support & Discussions Forum

Hi there, everytime I try to open FB a page appears saying that I need to update flash player and when I click on the link to update my virus protection tells me that a malware threat has occurred. Before I found your site I did some research and I understand that as I am using Chrome this should automatically update? I ran the malware software (Malwarebytes) and it is still occurring. Even when I'm not trying to access fb I am getting msgs saying that I need to update. Please help as it's driving me crazy and I can't seem to find any searches for other people this is happening to in order to get a solution! :mad:
- March 7, 2014
- 24 replies

Sign In

hness

Posts

Joined

Last visited

Tech Info

hness's Achievements

Newbie (1/14)

Reputation

When trying to open Facebook update flash player appears and download is a virus

When trying to open Facebook update flash player appears and download is a virus

When trying to open Facebook update flash player appears and download is a virus

When trying to open Facebook update flash player appears and download is a virus

When trying to open Facebook update flash player appears and download is a virus

When trying to open Facebook update flash player appears and download is a virus

When trying to open Facebook update flash player appears and download is a virus

When trying to open Facebook update flash player appears and download is a virus

When trying to open Facebook update flash player appears and download is a virus

When trying to open Facebook update flash player appears and download is a virus

When trying to open Facebook update flash player appears and download is a virus

When trying to open Facebook update flash player appears and download is a virus

When trying to open Facebook update flash player appears and download is a virus

When trying to open Facebook update flash player appears and download is a virus

Browse

Activity

Site Info