hness Posted March 7, 2014 Posted March 7, 2014 Hi there, everytime I try to open FB a page appears saying that I need to update flash player and when I click on the link to update my virus protection tells me that a malware threat has occurred. Before I found your site I did some research and I understand that as I am using Chrome this should automatically update? I ran the malware software (Malwarebytes) and it is still occurring. Even when I'm not trying to access fb I am getting msgs saying that I need to update. Please help as it's driving me crazy and I can't seem to find any searches for other people this is happening to in order to get a solution! :mad: Quote
KenB Posted March 7, 2014 Posted March 7, 2014 Hi and welcome to ExTS Malwarebytes would have produced a log of the last scan. If you open it again > Logs and click on the most recent it should open in Notepad. Please copy the entire log and post it here. One of our security experts will pick this up and advise you further. Quote There is an email going around offering processed pork - gelatin - and salt in a can ......this is simply SPAM !! MiniToolBoxNetwork TestWireless Test
Starbuck Posted March 7, 2014 Posted March 7, 2014 Hi hness Please help as it's driving me crazy and I can't seem to find any searches for other people this is happening to in order to get a solution It actually depends on the cause, but there are lots of Flash Player problems out there... http://www.facebook.com/notes/adobe-flash/flash-player-support/10152195568965391 http://forums.adobe.com/message/6032951 when I click on the link to update my virus protection tells me that a malware threat has occurred. Criminals typically use the 'Flash Player Upgrade Required' fake message to deliver Trojans and other malware disguised as fake updates for Adobe Flash. The 'Flash Player Upgrade Required' fake message has been linked to scams on social networks, such as Facebook, in which a fake viral video will be posted repeatedly – usually promising attractive women, outrageous stunts or a great special offer. Regardless of the supposed content of the video, clicking on its link will result in the appearance of the 'Flash Player Upgrade Required' fake message. Of course, if the victim clicks on this message in order to 'update' their Flash Player, the file that will be downloaded will probably be anything but a legitimate update for this essential application. Criminals use the 'Flash Player Upgrade Required' fake message to distribute Trojans that are designed to deliver rogue security programs or open up a backdoor into the infected computer system. Please post the MBAM report as asked for by KenB and then we'll take it from there. Quote Member of:UNITE
hness Posted March 13, 2014 Author Posted March 13, 2014 Hi Ken - thanks for the welcome and the quick reply! Sorry I didn't get back to you but I thought I would receive a notification on e-mail to let me know if someone had replied! To be honest I am in the middle of year end exams and am trying to find the time to sit sown and sort this out so am sure I should have ticked a box somewhere to enable this! Starbuck as well - many thanks - I'm not great on PC's but can generally find my way around so let me try and explain (in layman's terms exactly what has happened so far)! PC working absolutely fine (as was my housemates). Suddenly kept getting this error message and when clicked on to update flash player (confident in the fact that if it was a virus that I have good anti-virus software) it would be detected and lo and behold a threat came up (my house mate who uses a different laptop had exactly the same problem at the same time and also had it on her phone when trying to use the wi fi). I have run anti malware (as previously stated), this didn't help, and then googled a few further help and ran a trojan program today which didn't detect anything.Ran the malware program again (copy of log attached) and it came up with 16 new threats?! It seems to be really random - sometimes I can access sites, sometimes, it tells me there is an SSL error, and sometimes the flash player warning come up. I hope this helps ?? Anyway the log details (the one I ran again today) are: Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2014.03.06.08 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Administrator :: ANY-3F6D0C1FCE8 [administrator] 13/03/2014 17:18:30 mbam-log-2014-03-13 (17-18-30).txt Scan type: Full scan (C:\|D:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 255114 Time elapsed: 40 minute(s), 3 second(s) Memory Processes Detected: 2 C:\Program Files\crimsolite\updatecrimsolite.exe (PUP.Optional.Crimsolite.A) -> 224 -> Delete on reboot. C:\Program Files\crimsolite\bin\utilcrimsolite.exe (PUP.Optional.Crimsolite.A) -> 496 -> Delete on reboot. Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 11 HKLM\SYSTEM\CurrentControlSet\Services\Update crimsolite (PUP.Optional.Crimsolite.A) -> Quarantined and deleted successfully. HKLM\SYSTEM\CurrentControlSet\Services\Util crimsolite (PUP.Optional.Crimsolite.A) -> Quarantined and deleted successfully. HKCR\CLSID\{1b059c94-7dfc-419a-8aa6-8e643bac7974} (PUP.Optional.Crimsolite.A) -> Quarantined and deleted successfully. HKCR\TypeLib\{57598d3d-4682-464b-8a24-84462a40a4fa} (PUP.Optional.Crimsolite.A) -> Quarantined and deleted successfully. HKCR\Interface\{AFCA2592-4D6B-4DC0-B9E1-F1BC3978DEDF} (PUP.Optional.Crimsolite.A) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1B059C94-7DFC-419A-8AA6-8E643BAC7974} (PUP.Optional.Crimsolite.A) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{1B059C94-7DFC-419A-8AA6-8E643BAC7974} (PUP.Optional.Crimsolite.A) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1B059C94-7DFC-419A-8AA6-8E643BAC7974} (PUP.Optional.Crimsolite.A) -> Quarantined and deleted successfully. HKCR\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23} (PUP.Optional.BrowseFox.A) -> Quarantined and deleted successfully. HKCU\Software\crimsolite (PUP.Optional.Crimsolite.A) -> Quarantined and deleted successfully. HKLM\Software\crimsolite (PUP.Optional.Crimsolite.A) -> Quarantined and deleted successfully. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 3 C:\Program Files\crimsolite (PUP.Optional.Crimsolite.A) -> Delete on reboot. C:\Program Files\crimsolite\bin (PUP.Optional.Crimsolite.A) -> Delete on reboot. C:\Program Files\crimsolite\bin\plugins (PUP.Optional.Crimsolite.A) -> Quarantined and deleted successfully. Files Detected: 11 C:\Program Files\crimsolite\updatecrimsolite.exe (PUP.Optional.Crimsolite.A) -> Delete on reboot. C:\Program Files\crimsolite\bin\utilcrimsolite.exe (PUP.Optional.Crimsolite.A) -> Delete on reboot. C:\Program Files\crimsolite\crimsoliteBHO.dll (PUP.Optional.Crimsolite.A) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{C762F25B-B185-4A6C-B8BF-72327A572368}\RP162\A0037448.exe (PUP.Optional.Sambreel.A) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{C762F25B-B185-4A6C-B8BF-72327A572368}\RP164\A0037575.exe (PUP.Optional.Crimsolite.A) -> Quarantined and deleted successfully. C:\Program Files\crimsolite\crimsolite.ico (PUP.Optional.Crimsolite.A) -> Quarantined and deleted successfully. C:\Program Files\crimsolite\7za.exe (PUP.Optional.Crimsolite.A) -> Quarantined and deleted successfully. C:\Program Files\crimsolite\updatecrimsolite.InstallState (PUP.Optional.Crimsolite.A) -> Quarantined and deleted successfully. C:\Program Files\crimsolite\bin\utilcrimsolite.InstallState (PUP.Optional.Crimsolite.A) -> Quarantined and deleted successfully. C:\Program Files\crimsolite\bin\plugins\crimsolite.BrowserFilterG.dll (PUP.Optional.Crimsolite.A) -> Quarantined and deleted successfully. C:\Program Files\crimsolite\bin\plugins\crimsolite.FFUpdate.dll (PUP.Optional.Crimsolite.A) -> Quarantined and deleted successfully. (end) Any help you could give me would be so appreciated as I am sure you can imagine that when you're trying to study and this error keeps appearing it is really annoying to say the least!!!! Quote
Starbuck Posted March 14, 2014 Posted March 14, 2014 Hi hness Ok, let's see if we can sort this for you. Step 1 Please download Junkware Removal Tool to your desktop. Shut down your protection software now to avoid potential conflicts. Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator". The tool will open and start scanning your system. Please be patient as this can take a while to complete depending on your system's specifications. On completion, a log (JRT.txt) is saved to your desktop and will automatically open. Post the contents of JRT.txt into your next message. Please download AdwCleaner by Xplode onto your desktop.Close all open programs and internet browsers. Double click on adwcleaner.exe to run the tool. Vista/Windows 7/8 users right-click and select Run As Administrator. Click on the Scan button. AdwCleaner will begin to scan your computer. After the scan has finished... Click on the Clean button. Press OK when asked to close all programs and follow the onscreen prompts. Press OK again to allow AdwCleaner to restart the computer and complete the removal process. After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically. Copy and paste the contents of that logfile in your next reply. A copy of that logfile will also be saved in the C:\AdwCleaner folder. Step 2 For x32 bit systems download Farbar Recovery Scan Tool and save it to your Desktop. Double-click the downloaded icon to run the tool. http://img.photobucket.com/albums/v708/starbuck50/frsticon_zpsdc3cbdc3.png When the tool opens click Yes to disclaimer. http://img.photobucket.com/albums/v708/starbuck50/frstdis_zps7f598f12.png Press Scan button. http://img.photobucket.com/albums/v708/starbuck50/frst_zps6548371f.png It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply also. In your next reply, please submit: JRT.txt AdwCleaner report and both reports from FRST. You may need to use more than one reply post to fit them in. Thanks. Quote Member of:UNITE
hness Posted March 15, 2014 Author Posted March 15, 2014 Hi hness Ok, let's see if we can sort this for you. Step 1 Please download Junkware Removal Tool to your desktop. Shut down your protection software now to avoid potential conflicts. Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator". The tool will open and start scanning your system. Please be patient as this can take a while to complete depending on your system's specifications. On completion, a log (JRT.txt) is saved to your desktop and will automatically open. Post the contents of JRT.txt into your next message. Please download AdwCleaner by Xplode onto your desktop. Close all open programs and internet browsers. Double click on adwcleaner.exe to run the tool. Vista/Windows 7/8 users right-click and select Run As Administrator. Click on the Scan button. AdwCleaner will begin to scan your computer. After the scan has finished... Click on the Clean button. Press OK when asked to close all programs and follow the onscreen prompts. Press OK again to allow AdwCleaner to restart the computer and complete the removal process. After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically. Copy and paste the contents of that logfile in your next reply. A copy of that logfile will also be saved in the C:\AdwCleaner folder. Step 2 For x32 bit systems download Farbar Recovery Scan Tool and save it to your Desktop. Double-click the downloaded icon to run the tool. http://img.photobucket.com/albums/v708/starbuck50/frsticon_zpsdc3cbdc3.png When the tool opens click Yes to disclaimer. http://img.photobucket.com/albums/v708/starbuck50/frstdis_zps7f598f12.png Press Scan button. http://img.photobucket.com/albums/v708/starbuck50/frst_zps6548371f.png It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply also. In your next reply, please submit: JRT.txt AdwCleaner report and both reports from FRST. You may need to use more than one reply post to fit them in. Thanks. Hi Starbuck, many thanks for the reply. Okay I ran step one: ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\secman.dll Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Myfree Codec Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\systweak Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Myfree Codec Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\desksvc Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\searchprotect Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\systweak Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\searchthewebarp ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Documents and Settings\Administrator\Application Data\isafe" Successfully deleted: [Folder] "C:\Documents and Settings\Administrator\Local Settings\Application Data\searchprotect" Successfully deleted: [Folder] "C:\Program Files\iminent" Successfully deleted: [Folder] "C:\Program Files\myfree codec" Successfully deleted: [Folder] "C:\Program Files\mypc backup" Successfully deleted: [Folder] "C:\Program Files\torntv.com" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 15/03/2014 at 12:24:07.06 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ However, when I try to run the second step, it scans okay but then crashes as soon as I hit the clean button. I've tried it twice and it just won't run?! Quote
hness Posted March 15, 2014 Author Posted March 15, 2014 I have managed to copy a log of the scan though - not sure if this is of any use?!: # AdwCleaner v3.022 - Report created 15/03/2014 at 14:16:03 # Updated 13/03/2014 by Xplode # Operating System : Microsoft Windows XP Service Pack 3 (32 bits) # Username : Administrator - ANY-3F6D0C1FCE8 # Running from : C:\Documents and Settings\Administrator\My Documents\Downloads\AdwCleaner.exe # Option : Scan ***** [ Services ] ***** Service Found : iSafeNetFilter Service Found : Wpm ***** [ Files / Folders ] ***** Folder Found C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\AirInstaller Folder Found C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\AirInstaller Folder Found C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\AirInstaller Folder Found C:\Documents and Settings\Administrator\Local Settings\Application Data\Mobogenie Folder Found C:\Documents and Settings\All Users\Application Data\WPM Folder Found C:\Documents and Settings\All Users\Start Menu\Programs\myfree codec Folder Found C:\Program Files\WinZipper ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Found : HKCU\Software\Conduit Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyFreeCodec Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec Key Found : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98} Key Found : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761} Key Found : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36} Key Found : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71} Key Found : HKLM\SOFTWARE\Classes\CLSID\{FD501041-8EBE-11CE-8183-00AA00577DA2} Key Found : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA} Key Found : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09} Key Found : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49} Key Found : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460} Key Found : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920} Key Found : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3} Key Found : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861} Key Found : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065} Key Found : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA} Key Found : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000} Key Found : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4} Key Found : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D} Key Found : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0} Key Found : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C} Key Found : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9} Key Found : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08} Key Found : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4} Key Found : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C} Key Found : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37} Key Found : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0} Key Found : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003} Key Found : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4} Key Found : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D} Key Found : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5} Key Found : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A} Key Found : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D} Key Found : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA} Key Found : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75} Key Found : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556} Key Found : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C} Key Found : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500} Key Found : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205} Key Found : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED} Key Found : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25} Key Found : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D} Key Found : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3} Key Found : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7} Key Found : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01} Key Found : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2} Key Found : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587} Key Found : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4} Key Found : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B} Key Found : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7} Key Found : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager Key Found : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1 Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF} Key Found : HKLM\Software\hdcode Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Iminent Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Wpm Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5 Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375 Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75FF6D97AF9FC004A9521D4B83FA6321 Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB13D869D7D092348847B7481BB59E27 Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F2E0D3DD9E5E4B74CA43BCE77815E287 Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7 Key Found : HKLM\Software\supWPM Key Found : HKLM\Software\V9 Key Found : HKLM\Software\winzipersvc Key Found : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\TornTV.com\TornTV Downloader.exe] ***** [ Browsers ] ***** -\\ Internet Explorer v8.0.6001.18702 -\\ Mozilla Firefox v -\\ Google Chrome v33.0.1750.149 [ File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [7758 octets] - [15/03/2014 12:32:33] AdwCleaner[R1].txt - [7877 octets] - [15/03/2014 13:06:19] AdwCleaner[R2].txt - [7738 octets] - [15/03/2014 14:16:03] AdwCleaner[s0].txt - [351 octets] - [15/03/2014 12:36:04] AdwCleaner[s1].txt - [351 octets] - [15/03/2014 13:07:01] ########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [7916 octets] ########## Quote
Starbuck Posted March 15, 2014 Posted March 15, 2014 Hi hness, Looks like JRT did a good job for us. it scans okay but then crashes as soon as I hit the clean button. I've tried it twice and it just won't run?! This is the 3rd time i've seen this happen in the last couple of weeks. I have asked the developer about this but am still waiting for a reply as to the cause. Please run FRST as per Step 3 and post the results. I can add those lines to the fix.... so it shouldn't be a problem. Thanks Quote Member of:UNITE
hness Posted March 15, 2014 Author Posted March 15, 2014 Hi hness, Looks like JRT did a good job for us. This is the 3rd time i've seen this happen in the last couple of weeks. I have asked the developer about this but am still waiting for a reply as to the cause. Please run FRST as per Step 3 and post the results. I can add those lines to the fix.... so it shouldn't be a problem. Thanks Test 1...... Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01 Ran by Administrator (administrator) on ANY-3F6D0C1FCE8 on 15-03-2014 16:46:24 Running from C:\Documents and Settings\Administrator\My Documents\Downloads Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US) Internet Explorer Version 8 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= () C:\WINDOWS\System32\WLTRYSVC.EXE (Dell Inc.) C:\WINDOWS\System32\bcmwltry.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Microsoft Corporation) C:\WINDOWS\System32\SCardSvr.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (SigmaTel, Inc.) C:\WINDOWS\system32\StacSV.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Dell Inc.) C:\WINDOWS\system32\WLTRAY.exe (Intel Corporation) C:\WINDOWS\system32\hkcmd.exe (Intel Corporation) C:\WINDOWS\system32\igfxpers.exe (Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (SigmaTel, Inc.) C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Comfort Software Group) C:\Program Files\FreeCountdownTimer\FreeCountdownTimer.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [broadcom Wireless Manager UI] - C:\WINDOWS\system32\WLTRAY.exe [2498560 2010-10-29] (Dell Inc.) HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM\...\Run: [sigmatelSysTrayApp] - C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe [405504 2007-05-10] (SigmaTel, Inc.) HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-02-21] (AVAST Software) HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated) HKU\S-1-5-21-1343024091-1801674531-1887961886-500\...\Run: [FreeCT] - C:\Program Files\FreeCountdownTimer\FreeCountdownTimer.exe [2432280 2014-02-25] (Comfort Software Group) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1368047788625 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 162.248.99.162 50.63.128.135 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @canon.com/MycameraPlugin - C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: GoPhotoIt - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\profiles\extensions\gophoto@gophoto.it.xpi [2013-08-08] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [] Chrome: ======= CHR DefaultSearchKeyword: google.co.uk CHR Extension: (Google Drive) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-09] CHR Extension: (YouTube) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-09] CHR Extension: (Google Search) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-09] CHR Extension: (Google Wallet) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-09] CHR Extension: (Gmail) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-09] ========================== Services (Whitelisted) ================= R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-02-21] (AVAST Software) R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 STacSV; C:\WINDOWS\system32\StacSV.exe [94208 2007-05-10] (SigmaTel, Inc.) R2 wltrysvc; C:\WINDOWS\System32\bcmwltry.exe [2232320 2010-10-29] (Dell Inc.) U4 avast! Firewall; "C:\Program Files\AVAST Software\Avast\afwServ.exe" [X] S2 Wpm; No ImagePath ==================== Drivers (Whitelisted) ==================== R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-02-21] (AVAST Software) R1 AswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [54832 2014-02-21] (AVAST Software) R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2013-11-23] () R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [775952 2014-02-21] (AVAST Software) R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [410784 2014-02-21] (AVAST Software) R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57672 2014-02-21] (AVAST Software) R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [180248 2013-12-31] () R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [2649216 2010-10-29] (Broadcom Corporation) S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [51088 2004-03-22] (HP) S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2004-03-22] (HP) S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21744 2004-03-22] (HP) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation) R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1222840 2007-05-10] (SigmaTel, Inc.) U4 aswKbd; \??\C:\WINDOWS\system32\drivers\aswKbd.sys [X] S0 cerc6; No ImagePath S3 DIRECTIO; \??\C:\Program Files\PerformanceTest\DirectIo32.sys [X] S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X] S4 IntelIde; No ImagePath S1 iSafeNetFilter; \??\C:\Program Files\iSafe\iSafeNetFilter.sys [X] U1 WS2IFSL; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-03-15 16:46 - 2014-03-15 16:46 - 00000000 ____D () C:\FRST 2014-03-15 14:33 - 2014-03-15 14:33 - 00001804 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk 2014-03-15 14:33 - 2014-03-15 14:33 - 00001734 _____ () C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk 2014-03-15 14:32 - 2014-03-15 14:32 - 00000000 ____D () C:\Program Files\Adobe 2014-03-15 14:07 - 2014-03-15 14:07 - 00000444 _____ () C:\WINDOWS\wmsetup.log 2014-03-15 12:32 - 2014-03-15 16:19 - 00000000 ____D () C:\AdwCleaner 2014-03-15 12:24 - 2014-03-15 12:24 - 00002898 _____ () C:\Documents and Settings\Administrator\Desktop\JRT.txt 2014-03-15 12:19 - 2014-03-15 12:19 - 00000000 ____D () C:\WINDOWS\ERUNT 2014-03-13 17:13 - 2014-03-13 17:13 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\TrojanHunter 2014-03-13 16:26 - 2014-03-13 16:26 - 00059392 ____R () C:\WINDOWS\system32\streamhlp.dll 2014-03-12 23:01 - 2014-03-12 23:01 - 00130750 _____ () C:\WINDOWS\KB2925418-IE8.log 2014-03-12 23:01 - 2014-03-12 23:01 - 00002747 _____ () C:\WINDOWS\updspapi.log 2014-03-12 23:01 - 2014-03-12 23:01 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$ 2014-03-12 23:00 - 2014-03-12 23:00 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$ 2014-03-12 07:25 - 2014-03-12 23:01 - 00129220 _____ () C:\WINDOWS\KB2930275.log 2014-03-12 07:25 - 2014-03-12 23:01 - 00126953 _____ () C:\WINDOWS\KB2929961.log 2014-03-12 07:23 - 2014-03-12 07:23 - 00000000 ____D () C:\WINDOWS\jumpshot.com 2014-03-11 18:02 - 2014-03-11 18:02 - 00000802 _____ () C:\Documents and Settings\Administrator\Desktop\Free Countdown Timer.lnk 2014-03-11 18:02 - 2014-03-11 18:02 - 00000000 ____D () C:\Program Files\FreeCountdownTimer 2014-03-11 18:02 - 2014-03-11 18:02 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Free Countdown Timer 2014-03-09 10:30 - 2014-03-09 10:30 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Mozilla 2014-03-09 10:10 - 2014-03-15 14:55 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk 2014-03-09 10:10 - 2014-03-09 10:10 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome 2014-03-09 08:55 - 2014-03-09 08:49 - 00000426 _____ () C:\AVScanner.ini 2014-03-09 07:10 - 2014-03-15 16:37 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-03-09 07:10 - 2014-03-12 09:37 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2014-03-09 07:10 - 2014-03-12 09:37 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2014-03-09 06:59 - 2014-03-15 16:21 - 00000238 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job 2014-03-09 06:59 - 2014-03-11 07:45 - 00000232 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job 2014-03-08 22:55 - 2014-03-12 23:01 - 00026405 _____ () C:\WINDOWS\iis6.log 2014-03-08 22:55 - 2014-03-12 23:01 - 00024730 _____ () C:\WINDOWS\FaxSetup.log 2014-03-08 22:55 - 2014-03-12 23:01 - 00011824 _____ () C:\WINDOWS\ocgen.log 2014-03-08 22:55 - 2014-03-12 23:01 - 00011284 _____ () C:\WINDOWS\tsoc.log 2014-03-08 22:55 - 2014-03-12 23:01 - 00008227 _____ () C:\WINDOWS\comsetup.log 2014-03-08 22:55 - 2014-03-12 23:01 - 00007466 _____ () C:\WINDOWS\msmqinst.log 2014-03-08 22:55 - 2014-03-12 23:01 - 00004984 _____ () C:\WINDOWS\ntdtcsetup.log 2014-03-08 22:55 - 2014-03-12 23:01 - 00004332 _____ () C:\WINDOWS\netfxocm.log 2014-03-08 22:55 - 2014-03-12 23:01 - 00001700 _____ () C:\WINDOWS\MedCtrOC.log 2014-03-08 22:55 - 2014-03-12 23:01 - 00001374 _____ () C:\WINDOWS\imsins.log 2014-03-08 22:55 - 2014-03-12 23:01 - 00001374 _____ () C:\WINDOWS\imsins.BAK 2014-03-08 22:55 - 2014-03-12 23:01 - 00001368 _____ () C:\WINDOWS\ocmsn.log 2014-03-08 22:55 - 2014-03-12 23:01 - 00001244 _____ () C:\WINDOWS\tabletoc.log 2014-03-08 22:55 - 2014-03-12 23:01 - 00001236 _____ () C:\WINDOWS\msgsocm.log 2014-03-08 22:55 - 2014-03-08 22:55 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2934207$ 2014-03-08 22:55 - 2014-03-08 22:55 - 00000000 _____ () C:\WINDOWS\setuperr.log 2014-03-08 22:55 - 2014-03-08 22:55 - 00000000 _____ () C:\WINDOWS\setupact.log 2014-03-08 22:54 - 2014-03-08 22:55 - 00004074 _____ () C:\WINDOWS\KB2934207.log 2014-03-08 15:26 - 2014-02-26 01:59 - 00013312 ____N (Microsoft Corporation) C:\WINDOWS\system32\xp_eos.exe 2014-03-08 15:26 - 2014-02-26 01:59 - 00013312 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xp_eos.exe 2014-03-06 20:00 - 2014-03-06 20:00 - 00000784 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk 2014-03-06 20:00 - 2014-03-06 20:00 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware 2014-03-06 20:00 - 2014-03-06 20:00 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware 2014-03-06 20:00 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2014-03-05 17:32 - 2014-03-11 19:19 - 00003445 _____ () C:\WINDOWS\setupapi.log 2014-03-01 12:03 - 2014-03-01 12:03 - 00001542 _____ () C:\Documents and Settings\All Users\Desktop\iTunes.lnk 2014-03-01 12:03 - 2014-03-01 12:03 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\iTunes 2014-03-01 12:03 - 2012-08-21 13:01 - 00026840 _____ (GEAR Software Inc.) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys 2014-03-01 12:02 - 2014-03-01 12:03 - 00000000 ____D () C:\Program Files\iTunes 2014-03-01 12:02 - 2014-03-01 12:03 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1 2014-03-01 12:02 - 2014-03-01 12:02 - 00000000 ____D () C:\Program Files\iPod 2014-03-01 12:02 - 2014-03-01 12:02 - 00000000 ____D () C:\Program Files\Bonjour 2014-03-01 12:02 - 2014-03-01 12:02 - 00000000 ____D () C:\Documents and Settings\LocalService\Application Data\Apple Computer 2014-03-01 11:53 - 2014-03-01 11:53 - 00001604 _____ () C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk 2014-03-01 11:53 - 2014-03-01 11:53 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime 2014-03-01 11:52 - 2014-03-01 12:02 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Apple Computer 2014-03-01 11:52 - 2014-03-01 11:53 - 00000000 ____D () C:\Program Files\QuickTime 2014-02-15 07:19 - 2014-02-15 07:19 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2916036$ ==================== One Month Modified Files and Folders ======= 2014-03-15 16:46 - 2014-03-15 16:46 - 00000000 ____D () C:\FRST 2014-03-15 16:37 - 2014-03-09 07:10 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-03-15 16:27 - 2013-05-08 19:11 - 02025077 _____ () C:\WINDOWS\WindowsUpdate.log 2014-03-15 16:25 - 2013-10-19 07:13 - 00000000 ____D () C:\Documents and Settings\Administrator\My Documents\Uni 2014-03-15 16:22 - 2013-05-08 20:09 - 00000364 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job 2014-03-15 16:21 - 2014-03-09 06:59 - 00000238 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job 2014-03-15 16:21 - 2013-12-04 22:06 - 00000159 _____ () C:\WINDOWS\wiadebug.log 2014-03-15 16:21 - 2013-12-04 22:06 - 00000050 _____ () C:\WINDOWS\wiaservc.log 2014-03-15 16:21 - 2013-05-08 20:09 - 00000896 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-03-15 16:21 - 2013-05-08 19:16 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-03-15 16:21 - 2008-04-14 07:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl 2014-03-15 16:19 - 2014-03-15 12:32 - 00000000 ____D () C:\AdwCleaner 2014-03-15 16:19 - 2013-12-31 21:51 - 00000000 ____D () C:\Documents and Settings\Administrator\My Documents\H 2014-03-15 15:50 - 2013-05-08 20:09 - 00000900 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-03-15 14:55 - 2014-03-09 10:10 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk 2014-03-15 14:33 - 2014-03-15 14:33 - 00001804 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk 2014-03-15 14:33 - 2014-03-15 14:33 - 00001734 _____ () C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk 2014-03-15 14:32 - 2014-03-15 14:32 - 00000000 ____D () C:\Program Files\Adobe 2014-03-15 14:32 - 2013-05-08 20:36 - 00000000 ____D () C:\Program Files\Common Files\Adobe 2014-03-15 14:32 - 2013-05-08 20:33 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Adobe 2014-03-15 14:13 - 2013-05-08 21:07 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe 2014-03-15 14:07 - 2014-03-15 14:07 - 00000444 _____ () C:\WINDOWS\wmsetup.log 2014-03-15 14:07 - 2013-05-08 19:18 - 00000792 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk 2014-03-15 12:24 - 2014-03-15 12:24 - 00002898 _____ () C:\Documents and Settings\Administrator\Desktop\JRT.txt 2014-03-15 12:19 - 2014-03-15 12:19 - 00000000 ____D () C:\WINDOWS\ERUNT 2014-03-14 12:50 - 2013-05-08 19:16 - 00032540 _____ () C:\WINDOWS\SchedLgU.Txt 2014-03-14 00:27 - 2013-12-05 23:00 - 00000000 ____D () C:\WINDOWS\SxsCaPendDel 2014-03-14 00:27 - 2013-05-08 19:18 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini 2014-03-13 18:16 - 2013-05-08 21:39 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB952287$ 2014-03-13 18:16 - 2013-05-08 20:09 - 00000000 ____D () C:\Program Files\Google 2014-03-13 17:15 - 2013-05-08 20:37 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Google 2014-03-13 17:15 - 2013-05-08 20:09 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Google 2014-03-13 17:13 - 2014-03-13 17:13 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\TrojanHunter 2014-03-13 16:26 - 2014-03-13 16:26 - 00059392 ____R () C:\WINDOWS\system32\streamhlp.dll 2014-03-13 05:50 - 2013-12-04 22:07 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-03-13 05:50 - 2013-05-08 19:57 - 00266208 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2014-03-12 23:01 - 2014-03-12 23:01 - 00130750 _____ () C:\WINDOWS\KB2925418-IE8.log 2014-03-12 23:01 - 2014-03-12 23:01 - 00002747 _____ () C:\WINDOWS\updspapi.log 2014-03-12 23:01 - 2014-03-12 23:01 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$ 2014-03-12 23:01 - 2014-03-12 07:25 - 00129220 _____ () C:\WINDOWS\KB2930275.log 2014-03-12 23:01 - 2014-03-12 07:25 - 00126953 _____ () C:\WINDOWS\KB2929961.log 2014-03-12 23:01 - 2014-03-08 22:55 - 00026405 _____ () C:\WINDOWS\iis6.log 2014-03-12 23:01 - 2014-03-08 22:55 - 00024730 _____ () C:\WINDOWS\FaxSetup.log 2014-03-12 23:01 - 2014-03-08 22:55 - 00011824 _____ () C:\WINDOWS\ocgen.log 2014-03-12 23:01 - 2014-03-08 22:55 - 00011284 _____ () C:\WINDOWS\tsoc.log 2014-03-12 23:01 - 2014-03-08 22:55 - 00008227 _____ () C:\WINDOWS\comsetup.log 2014-03-12 23:01 - 2014-03-08 22:55 - 00007466 _____ () C:\WINDOWS\msmqinst.log 2014-03-12 23:01 - 2014-03-08 22:55 - 00004984 _____ () C:\WINDOWS\ntdtcsetup.log 2014-03-12 23:01 - 2014-03-08 22:55 - 00004332 _____ () C:\WINDOWS\netfxocm.log 2014-03-12 23:01 - 2014-03-08 22:55 - 00001700 _____ () C:\WINDOWS\MedCtrOC.log 2014-03-12 23:01 - 2014-03-08 22:55 - 00001374 _____ () C:\WINDOWS\imsins.log 2014-03-12 23:01 - 2014-03-08 22:55 - 00001374 _____ () C:\WINDOWS\imsins.BAK 2014-03-12 23:01 - 2014-03-08 22:55 - 00001368 _____ () C:\WINDOWS\ocmsn.log 2014-03-12 23:01 - 2014-03-08 22:55 - 00001244 _____ () C:\WINDOWS\tabletoc.log 2014-03-12 23:01 - 2014-03-08 22:55 - 00001236 _____ () C:\WINDOWS\msgsocm.log 2014-03-12 23:01 - 2013-05-08 21:51 - 00000000 ____D () C:\WINDOWS\ie8updates 2014-03-12 23:00 - 2014-03-12 23:00 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$ 2014-03-12 23:00 - 2013-05-09 17:42 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help 2014-03-12 22:59 - 2013-12-04 22:07 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight 2014-03-12 09:37 - 2014-03-09 07:10 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2014-03-12 09:37 - 2014-03-09 07:10 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2014-03-12 07:23 - 2014-03-12 07:23 - 00000000 ____D () C:\WINDOWS\jumpshot.com 2014-03-11 19:19 - 2014-03-05 17:32 - 00003445 _____ () C:\WINDOWS\setupapi.log 2014-03-11 18:02 - 2014-03-11 18:02 - 00000802 _____ () C:\Documents and Settings\Administrator\Desktop\Free Countdown Timer.lnk 2014-03-11 18:02 - 2014-03-11 18:02 - 00000000 ____D () C:\Program Files\FreeCountdownTimer 2014-03-11 18:02 - 2014-03-11 18:02 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Free Countdown Timer 2014-03-11 07:45 - 2014-03-09 06:59 - 00000232 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job 2014-03-09 17:59 - 2013-09-21 21:08 - 00001746 ____H () C:\Documents and Settings\Administrator\My Documents\Default.rdp 2014-03-09 10:30 - 2014-03-09 10:30 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Mozilla 2014-03-09 10:10 - 2014-03-09 10:10 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome 2014-03-09 10:05 - 2013-05-08 19:18 - 00000803 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer.lnk 2014-03-09 08:49 - 2014-03-09 08:55 - 00000426 _____ () C:\AVScanner.ini 2014-03-08 22:55 - 2014-03-08 22:55 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2934207$ 2014-03-08 22:55 - 2014-03-08 22:55 - 00000000 _____ () C:\WINDOWS\setuperr.log 2014-03-08 22:55 - 2014-03-08 22:55 - 00000000 _____ () C:\WINDOWS\setupact.log 2014-03-08 22:55 - 2014-03-08 22:54 - 00004074 _____ () C:\WINDOWS\KB2934207.log 2014-03-08 13:27 - 2013-05-08 20:51 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Adobe 2014-03-08 11:47 - 2013-10-19 07:42 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job 2014-03-08 06:58 - 2013-05-08 19:57 - 00000211 ___SH () C:\boot.ini 2014-03-08 06:58 - 2008-04-14 07:00 - 00000552 _____ () C:\WINDOWS\win.ini 2014-03-08 06:58 - 2008-04-14 07:00 - 00000227 _____ () C:\WINDOWS\system.ini 2014-03-06 21:45 - 2013-05-08 19:50 - 00000000 ____D () C:\WINDOWS\Driver Cache 2014-03-06 21:44 - 2013-05-08 19:18 - 00000000 ____D () C:\Documents and Settings\Administrator 2014-03-06 20:49 - 2013-05-08 21:50 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2478971$ 2014-03-06 20:00 - 2014-03-06 20:00 - 00000784 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk 2014-03-06 20:00 - 2014-03-06 20:00 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware 2014-03-06 20:00 - 2014-03-06 20:00 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware 2014-03-02 21:19 - 2014-01-25 16:29 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\Unused Desktop Shortcuts 2014-03-02 21:19 - 2013-10-19 16:20 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Apple Computer 2014-03-01 12:03 - 2014-03-01 12:03 - 00001542 _____ () C:\Documents and Settings\All Users\Desktop\iTunes.lnk 2014-03-01 12:03 - 2014-03-01 12:03 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\iTunes 2014-03-01 12:03 - 2014-03-01 12:02 - 00000000 ____D () C:\Program Files\iTunes 2014-03-01 12:03 - 2014-03-01 12:02 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1 2014-03-01 12:03 - 2013-10-19 07:42 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Apple Computer 2014-03-01 12:02 - 2014-03-01 12:02 - 00000000 ____D () C:\Program Files\iPod 2014-03-01 12:02 - 2014-03-01 12:02 - 00000000 ____D () C:\Program Files\Bonjour 2014-03-01 12:02 - 2014-03-01 12:02 - 00000000 ____D () C:\Documents and Settings\LocalService\Application Data\Apple Computer 2014-03-01 12:02 - 2014-03-01 11:52 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Apple Computer 2014-03-01 12:02 - 2013-10-19 07:42 - 00000000 ____D () C:\Program Files\Common Files\Apple 2014-03-01 12:02 - 2013-10-19 07:42 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Apple 2014-03-01 11:53 - 2014-03-01 11:53 - 00001604 _____ () C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk 2014-03-01 11:53 - 2014-03-01 11:53 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime 2014-03-01 11:53 - 2014-03-01 11:52 - 00000000 ____D () C:\Program Files\QuickTime 2014-02-27 14:13 - 2013-06-10 15:33 - 00068456 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2014-02-26 01:59 - 2014-03-08 15:26 - 00013312 ____N (Microsoft Corporation) C:\WINDOWS\system32\xp_eos.exe 2014-02-26 01:59 - 2014-03-08 15:26 - 00013312 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xp_eos.exe 2014-02-24 16:24 - 2008-04-14 07:00 - 00174592 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ie4uinit.exe 2014-02-24 16:24 - 2008-04-14 07:00 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2014-02-24 11:46 - 2013-05-08 21:38 - 00012800 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xpshims.dll 2014-02-24 11:46 - 2013-05-08 19:10 - 00759296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\vgx.dll 2014-02-24 11:46 - 2008-04-14 07:00 - 06022144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtml.dll 2014-02-24 11:46 - 2008-04-14 07:00 - 06022144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2014-02-24 11:46 - 2008-04-14 07:00 - 01216000 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\urlmon.dll 2014-02-24 11:46 - 2008-04-14 07:00 - 01216000 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2014-02-24 11:46 - 2008-04-14 07:00 - 00920064 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wininet.dll 2014-02-24 11:46 - 2008-04-14 07:00 - 00920064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2014-02-24 11:46 - 2008-04-14 07:00 - 00611840 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mstime.dll 2014-02-24 11:46 - 2008-04-14 07:00 - 00611840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstime.dll 2014-02-24 11:46 - 2008-04-14 07:00 - 00206848 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\occache.dll 2014-02-24 11:46 - 2008-04-14 07:00 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\occache.dll 2014-02-24 11:46 - 2008-04-14 07:00 - 00105984 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\url.dll 2014-02-24 11:46 - 2008-04-14 07:00 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll 2014-02-24 11:46 - 2008-04-14 07:00 - 00067072 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtmled.dll 2014-02-24 11:46 - 2008-04-14 07:00 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2014-02-24 11:45 - 2013-05-08 21:38 - 11113472 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieframe.dll 2014-02-24 11:45 - 2013-05-08 21:38 - 02006016 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iertutil.dll 2014-02-24 11:45 - 2013-05-08 21:38 - 00743424 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedvtool.dll 2014-02-24 11:45 - 2013-05-08 21:38 - 00630272 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeeds.dll 2014-02-24 11:45 - 2013-05-08 21:38 - 00522240 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsdbgui.dll 2014-02-24 11:45 - 2013-05-08 21:38 - 00247808 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieproxy.dll 2014-02-24 11:45 - 2013-05-08 21:38 - 00055296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2014-02-24 11:45 - 2009-03-08 03:39 - 11113472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2014-02-24 11:45 - 2009-03-08 03:32 - 02006016 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2014-02-24 11:45 - 2009-03-08 03:32 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2014-02-24 11:45 - 2009-03-08 03:31 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll 2014-02-24 11:45 - 2008-04-14 07:00 - 01469440 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\inetcpl.cpl 2014-02-24 11:45 - 2008-04-14 07:00 - 01469440 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2014-02-24 11:45 - 2008-04-14 07:00 - 00387584 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedkcs32.dll 2014-02-24 11:45 - 2008-04-14 07:00 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2014-02-24 11:45 - 2008-04-14 07:00 - 00184320 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iepeers.dll 2014-02-24 11:45 - 2008-04-14 07:00 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll 2014-02-24 11:45 - 2008-04-14 07:00 - 00043520 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\licmgr10.dll 2014-02-24 11:45 - 2008-04-14 07:00 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll 2014-02-24 11:45 - 2008-04-14 07:00 - 00025600 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsproxy.dll 2014-02-24 11:45 - 2008-04-14 07:00 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll 2014-02-24 11:45 - 2008-04-14 07:00 - 00018944 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\corpol.dll 2014-02-24 11:45 - 2008-04-14 07:00 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\corpol.dll 2014-02-24 10:54 - 2008-04-14 07:00 - 00385024 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec 2014-02-21 19:42 - 2013-12-31 15:17 - 00001733 _____ () C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk 2014-02-21 19:42 - 2013-05-08 20:09 - 00067824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys 2014-02-21 19:41 - 2013-05-08 20:09 - 00775952 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys 2014-02-21 19:41 - 2013-05-08 20:09 - 00410784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys 2014-02-21 19:41 - 2013-05-08 20:09 - 00270240 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe 2014-02-21 19:41 - 2013-05-08 20:09 - 00057672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys 2014-02-21 19:41 - 2013-05-08 20:09 - 00054832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys 2014-02-21 19:41 - 2013-05-08 20:08 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr 2014-02-15 10:40 - 2013-05-08 20:00 - 00000000 ____D () C:\WINDOWS\Microsoft.NET 2014-02-15 10:18 - 2013-05-09 17:47 - 00065536 _____ () C:\WINDOWS\system32\config\ODiag.evt 2014-02-15 07:19 - 2014-02-15 07:19 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2916036$ 2014-02-15 07:13 - 2013-05-08 19:59 - 00591082 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-02-14 09:53 - 2013-07-18 02:01 - 00000000 ____D () C:\WINDOWS\system32\MRT Some content of TEMP: ==================== C:\Documents and Settings\Administrator\Local Settings\Temp\air165.exe C:\Documents and Settings\Administrator\Local Settings\Temp\air16A.exe C:\Documents and Settings\Administrator\Local Settings\Temp\air315.exe C:\Documents and Settings\Administrator\Local Settings\Temp\air324.exe C:\Documents and Settings\Administrator\Local Settings\Temp\air325.exe C:\Documents and Settings\Administrator\Local Settings\Temp\install_reader11_uk_mssa_aaa_aih.exe C:\Documents and Settings\Administrator\Local Settings\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\WINDOWS\explorer.exe => MD5 is legit C:\WINDOWS\system32\winlogon.exe => MD5 is legit C:\WINDOWS\system32\svchost.exe => MD5 is legit C:\WINDOWS\system32\services.exe => MD5 is legit C:\WINDOWS\system32\User32.dll => MD5 is legit C:\WINDOWS\system32\userinit.exe => MD5 is legit C:\WINDOWS\system32\rpcss.dll => MD5 is legit C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit ==================== End Of Log ============================ Test 2 Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014 01 Ran by Administrator at 2014-03-15 16:46:54 Running from C:\Documents and Settings\Administrator\My Documents\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D} ==================== Installed Programs ====================== 20/20 v2.2 (HKLM\...\20/20 v2.2) (Version: - ) Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated) Adobe Reader XI (11.0.06) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated) AiO_Scan (Version: 43.0.217.000 - Hewlett-Packard) Hidden Apple Application Support (HKLM\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.) Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) avast! Free Antivirus (HKLM\...\avast) (Version: 9.0.2013 - Avast Software) Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.) Broadcom Management Programs (HKLM\...\{C99C0593-3B48-41D9-B42F-6E035B320449}) (Version: 10.15.01 - Broadcom Corporation) Canon PowerShot S110 Camera User Guide (HKLM\...\CameraUserGuide-PSS110) (Version: 1.0.0.1 - Canon Inc.) Canon Utilities CameraWindow DC 8 (HKLM\...\CameraWindowDC) (Version: 8.9.0.4 - Canon Inc.) Canon Utilities Digital Photo Professional (HKLM\...\Digital Photo Professional) (Version: 3.12.10.2 - Canon Inc.) Canon Utilities ImageBrowser EX (HKLM\...\ImageBrowser EX) (Version: 1.4.0.5 - Canon Inc.) Canon Utilities PhotoStitch (HKLM\...\PhotoStitch) (Version: 3.1.23.47 - Canon Inc.) CCleaner (HKLM\...\CCleaner) (Version: 4.06 - Piriform) DW WLAN Card Utility (HKLM\...\DW WLAN Card Utility) (Version: 5.60.18.47 - Dell Inc.) Enterprise (Version: 43.0.217.000 - Hewlett-Packard) Hidden Free Countdown Timer 3.1.0 (HKLM\...\{404245D0-E836-4737-9C12-D4D0034540F5}_is1) (Version: 3.1 - Comfort Software Group) Google Chrome (HKLM\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.) Google Update Helper (Version: 1.3.22.5 - Google Inc.) Hidden HP PSC & Officejet 4.2 Corporate Edition (HKLM\...\{AC1314E7-D28C-40A1-B322-80D2868D35CE}) (Version: - HP) Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation) iTunes (HKLM\...\{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}) (Version: 11.1.5.5 - Apple Inc.) Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation) McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.141.11 - McAfee, Inc.) Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation) Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 (Version: - Microsoft Corporation) Hidden Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft WinUsb 1.0 (HKLM\...\winusb0100) (Version: - Microsoft Corporation) MyFreeCodec (HKCU\...\MyFreeCodec) (Version: - ) QFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.) Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.1.13105_7 - Samsung Electronics Co., Ltd.) Samsung Kies (Version: 2.6.1.13105_7 - Samsung Electronics Co., Ltd.) Hidden SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.29.0 - SAMSUNG Electronics Co., Ltd.) Scan (Version: 4.1.0.0 - Hewlett-Packard) Hidden SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.5210.0 - SigmaTel) swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878234) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{EC1934B0-AE0F-4BBD-8955-54BB3247ED9E}) (Version: - Microsoft) Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation) Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB898461) (HKLM\...\KB898461) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB951978) (HKLM\...\KB951978) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation) VLC media player 2.1.2 (HKLM\...\VLC media player) (Version: 2.1.2 - VideoLAN) WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation) Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation) Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation) Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation) Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - ) Windows Media Format 11 runtime (Version: - Microsoft Corporation) Hidden ==================== Restore Points ========================= 17-01-2014 08:16:02 System Checkpoint 18-01-2014 08:35:16 System Checkpoint 20-01-2014 08:21:27 System Checkpoint 21-01-2014 09:44:12 System Checkpoint 22-01-2014 22:53:43 System Checkpoint 24-01-2014 08:44:08 System Checkpoint 24-01-2014 20:48:15 Installed Windows XP Wudf01000. 24-01-2014 20:48:24 Installed Samsung Kies 24-01-2014 20:54:48 Installed Windows XP Wdf01007. 24-01-2014 20:55:15 Installed Windows XP winusb0100. 25-01-2014 21:19:40 System Checkpoint 26-01-2014 11:24:56 Software Distribution Service 3.0 28-01-2014 18:22:05 System Checkpoint 30-01-2014 12:37:34 System Checkpoint 31-01-2014 18:15:38 System Checkpoint 04-02-2014 10:13:14 System Checkpoint 05-02-2014 13:45:19 System Checkpoint 08-02-2014 14:32:52 System Checkpoint 11-02-2014 08:23:22 System Checkpoint 12-02-2014 13:19:11 System Checkpoint 14-02-2014 09:44:54 Software Distribution Service 3.0 15-02-2014 07:04:40 Software Distribution Service 3.0 18-02-2014 11:58:24 System Checkpoint 19-02-2014 16:33:33 System Checkpoint 20-02-2014 21:57:36 System Checkpoint 21-02-2014 19:38:32 avast! antivirus system restore point 22-02-2014 20:24:06 System Checkpoint 25-02-2014 07:54:43 System Checkpoint 25-02-2014 21:12:17 Removed Adobe Acrobat XI Pro. 26-02-2014 21:19:18 System Checkpoint 27-02-2014 22:09:44 System Checkpoint 01-03-2014 10:26:50 System Checkpoint 02-03-2014 12:42:40 System Checkpoint 03-03-2014 22:51:59 System Checkpoint 04-03-2014 20:05:58 Installed Adobe Flash Player 12 ActiveX. 05-03-2014 21:53:10 System Checkpoint 06-03-2014 23:19:40 System Checkpoint 08-03-2014 07:54:19 System Checkpoint 08-03-2014 13:25:53 Removed Adobe Download Assistant 08-03-2014 13:26:39 Removed Adobe Reader XI (11.0.06). 08-03-2014 22:54:40 Software Distribution Service 3.0 10-03-2014 07:20:26 System Checkpoint 11-03-2014 10:06:39 System Checkpoint 12-03-2014 12:41:31 System Checkpoint 12-03-2014 22:59:04 Software Distribution Service 3.0 ==================== Hosts content: ========================== 2008-04-14 07:00 - 2008-04-14 07:00 - 00000734 ____N C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe ==================== Loaded Modules (whitelisted) ============= 2013-05-08 19:35 - 2010-10-29 09:14 - 00025088 _____ () C:\WINDOWS\System32\WLTRYSVC.EXE 2013-05-08 19:35 - 2010-10-29 09:14 - 00761856 _____ () C:\WINDOWS\System32\bcm1xsup.dll 2014-03-15 12:14 - 2014-03-15 08:32 - 02186752 _____ () C:\Program Files\AVAST Software\Avast\defs\14031500\algo.dll 2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2013-05-08 19:35 - 2010-10-29 09:14 - 00143360 _____ () C:\WINDOWS\system32\preflib.dll 2013-11-23 06:53 - 2013-11-23 06:53 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2014-03-15 14:54 - 2014-03-15 00:50 - 00051016 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll 2008-04-14 07:00 - 2008-04-14 07:00 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll 2008-04-14 07:00 - 2008-04-14 07:00 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll 2014-03-15 14:55 - 2014-03-15 00:50 - 04061000 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.154\pdf.dll 2014-03-15 14:55 - 2014-03-15 00:50 - 00394568 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll 2014-03-15 14:54 - 2014-03-15 00:50 - 01647432 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== Disabled items from MSCONFIG ============== MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ImageBrowser EX Agent.lnk => C:\WINDOWS\pss\ImageBrowser EX Agent.lnkCommon Startup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: KiesAirMessage => C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup MSCONFIG\startupreg: KiesPreload => C:\Program Files\Samsung\Kies\Kies.exe /preload MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe MSCONFIG\startupreg: mobilegeni daemon => C:\Program Files\Mobogenie\DaemonProcess.exe MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" ==================== Faulty Device Manager Devices ============= Name: Modem Device on High Definition Audio Bus Description: Modem Device on High Definition Audio Bus Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318} Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Ethernet Controller Description: Ethernet Controller Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318} Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (03/15/2014 02:10:59 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 5047 Error: (03/15/2014 02:10:59 AM) (Source: Bonjour Service) (User: ) is this what you needed???? Quote
Starbuck Posted March 15, 2014 Posted March 15, 2014 (edited) Hi hness, is this what you needed???? Yes thanks. Step 1 Please uninstall the following: McAfee Security Scan Plus This normally gets added to some installs, but isn't really required. Step 2 Please download the attached fixlist.txt file (bottom of this post) and save it to the Download folder. (C:\Documents and Settings\Administrator\My Documents\Downloads) NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Re-run FRST/FRST64 and press the Fix button just once and wait. The tool will make a log on the Desktop (Fixlog.txt). Please post this in your next reply. Step 3 Download TFC by OldTimer to your desktop Please double-click TFC.exe to run it. (Note: If you are running on Vista/Win7, right-click on the file and choose Run As Administrator). It will close all programs when run, so make sure you have saved all your work before you begin. Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion. Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean. In your next reply, please submit: Fixlog.txt also let me know how the system is running now. Thanks.fixlist.txt Edited March 16, 2014 by Starbuck Quote Member of:UNITE
hness Posted March 16, 2014 Author Posted March 16, 2014 Hi hness, Yes thanks. Step 1 Please uninstall the following: McAfee Security Scan Plus This normally gets added to some installs, but isn't really required. Step 2 Please download the attached fixlist.txt file (bottom of this post) and save it to the Download folder. (C:\Documents and Settings\Administrator\My Documents\Downloads) NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Re-run FRST/FRST64 and press the Fix button just once and wait. The tool will make a log on the Desktop (Fixlog.txt). Please post this in your next reply. Step 3 Download TFC by OldTimer to your desktop Please double-click TFC.exe to run it. (Note: If you are running on Vista/Win7, right-click on the file and choose Run As Administrator). It will close all programs when run, so make sure you have saved all your work before you begin. Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion. Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean. In your next reply, please submit: Fixlog.txt also let me know how the system is running now. Thanks. Hey Starbuck, thank you again for all of this!! I tried to delete Mcafee but it's not installed. I tried to delete it from the control panel and it said it had already been deleted. I searched for it and found a shortcut on my desktop which doesn't link to anything. Re-ran the first thing you said and here's the report: Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01 Ran by Administrator (administrator) on ANY-3F6D0C1FCE8 on 16-03-2014 19:07:04 Running from C:\Documents and Settings\Administrator\My Documents\Downloads Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US) Internet Explorer Version 8 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= () C:\WINDOWS\System32\WLTRYSVC.EXE (Dell Inc.) C:\WINDOWS\System32\bcmwltry.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Microsoft Corporation) C:\WINDOWS\System32\SCardSvr.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (SigmaTel, Inc.) C:\WINDOWS\system32\StacSV.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Dell Inc.) C:\WINDOWS\system32\WLTRAY.exe (Intel Corporation) C:\WINDOWS\system32\hkcmd.exe (Intel Corporation) C:\WINDOWS\system32\igfxpers.exe (Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (SigmaTel, Inc.) C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Comfort Software Group) C:\Program Files\FreeCountdownTimer\FreeCountdownTimer.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [broadcom Wireless Manager UI] - C:\WINDOWS\system32\WLTRAY.exe [2498560 2010-10-29] (Dell Inc.) HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM\...\Run: [sigmatelSysTrayApp] - C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe [405504 2007-05-10] (SigmaTel, Inc.) HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-02-21] (AVAST Software) HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated) HKU\S-1-5-21-1343024091-1801674531-1887961886-500\...\Run: [FreeCT] - C:\Program Files\FreeCountdownTimer\FreeCountdownTimer.exe [2432280 2014-02-25] (Comfort Software Group) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1368047788625 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 162.248.99.162 50.63.128.135 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @canon.com/MycameraPlugin - C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: GoPhotoIt - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\profiles\extensions\gophoto@gophoto.it.xpi [2013-08-08] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [] Chrome: ======= CHR DefaultSearchKeyword: google.co.uk CHR Extension: (Google Drive) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-09] CHR Extension: (YouTube) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-09] CHR Extension: (Google Search) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-09] CHR Extension: (Google Wallet) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-09] CHR Extension: (Gmail) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-09] ========================== Services (Whitelisted) ================= R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-02-21] (AVAST Software) R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 STacSV; C:\WINDOWS\system32\StacSV.exe [94208 2007-05-10] (SigmaTel, Inc.) R2 wltrysvc; C:\WINDOWS\System32\bcmwltry.exe [2232320 2010-10-29] (Dell Inc.) U4 avast! Firewall; "C:\Program Files\AVAST Software\Avast\afwServ.exe" [X] S2 Wpm; No ImagePath ==================== Drivers (Whitelisted) ==================== R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-02-21] (AVAST Software) R1 AswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [54832 2014-02-21] (AVAST Software) R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2013-11-23] () R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [775952 2014-02-21] (AVAST Software) R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [410784 2014-02-21] (AVAST Software) R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57672 2014-02-21] (AVAST Software) R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [180248 2013-12-31] () R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [2649216 2010-10-29] (Broadcom Corporation) S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [51088 2004-03-22] (HP) S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2004-03-22] (HP) S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21744 2004-03-22] (HP) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation) R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1222840 2007-05-10] (SigmaTel, Inc.) U4 aswKbd; \??\C:\WINDOWS\system32\drivers\aswKbd.sys [X] S0 cerc6; No ImagePath S3 DIRECTIO; \??\C:\Program Files\PerformanceTest\DirectIo32.sys [X] S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X] S4 IntelIde; No ImagePath S1 iSafeNetFilter; \??\C:\Program Files\iSafe\iSafeNetFilter.sys [X] U1 WS2IFSL; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-03-15 16:46 - 2014-03-16 19:07 - 00000000 ____D () C:\FRST 2014-03-15 14:33 - 2014-03-15 14:33 - 00001804 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk 2014-03-15 14:33 - 2014-03-15 14:33 - 00001734 _____ () C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk 2014-03-15 14:32 - 2014-03-15 14:32 - 00000000 ____D () C:\Program Files\Adobe 2014-03-15 14:07 - 2014-03-15 14:07 - 00000444 _____ () C:\WINDOWS\wmsetup.log 2014-03-15 12:32 - 2014-03-15 16:19 - 00000000 ____D () C:\AdwCleaner 2014-03-15 12:24 - 2014-03-15 12:24 - 00002898 _____ () C:\Documents and Settings\Administrator\Desktop\JRT.txt 2014-03-15 12:19 - 2014-03-15 12:19 - 00000000 ____D () C:\WINDOWS\ERUNT 2014-03-13 17:13 - 2014-03-13 17:13 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\TrojanHunter 2014-03-13 16:26 - 2014-03-13 16:26 - 00059392 ____R () C:\WINDOWS\system32\streamhlp.dll 2014-03-12 23:01 - 2014-03-12 23:01 - 00130750 _____ () C:\WINDOWS\KB2925418-IE8.log 2014-03-12 23:01 - 2014-03-12 23:01 - 00002747 _____ () C:\WINDOWS\updspapi.log 2014-03-12 23:01 - 2014-03-12 23:01 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$ 2014-03-12 23:00 - 2014-03-12 23:00 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$ 2014-03-12 07:25 - 2014-03-12 23:01 - 00129220 _____ () C:\WINDOWS\KB2930275.log 2014-03-12 07:25 - 2014-03-12 23:01 - 00126953 _____ () C:\WINDOWS\KB2929961.log 2014-03-12 07:23 - 2014-03-12 07:23 - 00000000 ____D () C:\WINDOWS\jumpshot.com 2014-03-11 18:02 - 2014-03-11 18:02 - 00000802 _____ () C:\Documents and Settings\Administrator\Desktop\Free Countdown Timer.lnk 2014-03-11 18:02 - 2014-03-11 18:02 - 00000000 ____D () C:\Program Files\FreeCountdownTimer 2014-03-11 18:02 - 2014-03-11 18:02 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Free Countdown Timer 2014-03-09 10:30 - 2014-03-09 10:30 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Mozilla 2014-03-09 10:10 - 2014-03-15 14:55 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk 2014-03-09 10:10 - 2014-03-09 10:10 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome 2014-03-09 08:55 - 2014-03-09 08:49 - 00000426 _____ () C:\AVScanner.ini 2014-03-09 07:10 - 2014-03-16 01:37 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-03-09 07:10 - 2014-03-12 09:37 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2014-03-09 07:10 - 2014-03-12 09:37 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2014-03-09 06:59 - 2014-03-15 16:21 - 00000238 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job 2014-03-09 06:59 - 2014-03-11 07:45 - 00000232 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job 2014-03-08 22:55 - 2014-03-12 23:01 - 00026405 _____ () C:\WINDOWS\iis6.log 2014-03-08 22:55 - 2014-03-12 23:01 - 00024730 _____ () C:\WINDOWS\FaxSetup.log 2014-03-08 22:55 - 2014-03-12 23:01 - 00011824 _____ () C:\WINDOWS\ocgen.log 2014-03-08 22:55 - 2014-03-12 23:01 - 00011284 _____ () C:\WINDOWS\tsoc.log 2014-03-08 22:55 - 2014-03-12 23:01 - 00008227 _____ () C:\WINDOWS\comsetup.log 2014-03-08 22:55 - 2014-03-12 23:01 - 00007466 _____ () C:\WINDOWS\msmqinst.log 2014-03-08 22:55 - 2014-03-12 23:01 - 00004984 _____ () C:\WINDOWS\ntdtcsetup.log 2014-03-08 22:55 - 2014-03-12 23:01 - 00004332 _____ () C:\WINDOWS\netfxocm.log 2014-03-08 22:55 - 2014-03-12 23:01 - 00001700 _____ () C:\WINDOWS\MedCtrOC.log 2014-03-08 22:55 - 2014-03-12 23:01 - 00001374 _____ () C:\WINDOWS\imsins.log 2014-03-08 22:55 - 2014-03-12 23:01 - 00001374 _____ () C:\WINDOWS\imsins.BAK 2014-03-08 22:55 - 2014-03-12 23:01 - 00001368 _____ () C:\WINDOWS\ocmsn.log 2014-03-08 22:55 - 2014-03-12 23:01 - 00001244 _____ () C:\WINDOWS\tabletoc.log 2014-03-08 22:55 - 2014-03-12 23:01 - 00001236 _____ () C:\WINDOWS\msgsocm.log 2014-03-08 22:55 - 2014-03-08 22:55 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2934207$ 2014-03-08 22:55 - 2014-03-08 22:55 - 00000000 _____ () C:\WINDOWS\setuperr.log 2014-03-08 22:55 - 2014-03-08 22:55 - 00000000 _____ () C:\WINDOWS\setupact.log 2014-03-08 22:54 - 2014-03-08 22:55 - 00004074 _____ () C:\WINDOWS\KB2934207.log 2014-03-08 15:26 - 2014-02-26 01:59 - 00013312 ____N (Microsoft Corporation) C:\WINDOWS\system32\xp_eos.exe 2014-03-08 15:26 - 2014-02-26 01:59 - 00013312 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xp_eos.exe 2014-03-06 20:00 - 2014-03-06 20:00 - 00000784 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk 2014-03-06 20:00 - 2014-03-06 20:00 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware 2014-03-06 20:00 - 2014-03-06 20:00 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware 2014-03-06 20:00 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2014-03-05 17:32 - 2014-03-11 19:19 - 00003445 _____ () C:\WINDOWS\setupapi.log 2014-03-01 12:03 - 2014-03-01 12:03 - 00001542 _____ () C:\Documents and Settings\All Users\Desktop\iTunes.lnk 2014-03-01 12:03 - 2014-03-01 12:03 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\iTunes 2014-03-01 12:03 - 2012-08-21 13:01 - 00026840 _____ (GEAR Software Inc.) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys 2014-03-01 12:02 - 2014-03-01 12:03 - 00000000 ____D () C:\Program Files\iTunes 2014-03-01 12:02 - 2014-03-01 12:03 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1 2014-03-01 12:02 - 2014-03-01 12:02 - 00000000 ____D () C:\Program Files\iPod 2014-03-01 12:02 - 2014-03-01 12:02 - 00000000 ____D () C:\Program Files\Bonjour 2014-03-01 12:02 - 2014-03-01 12:02 - 00000000 ____D () C:\Documents and Settings\LocalService\Application Data\Apple Computer 2014-03-01 11:53 - 2014-03-01 11:53 - 00001604 _____ () C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk 2014-03-01 11:53 - 2014-03-01 11:53 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime 2014-03-01 11:52 - 2014-03-01 12:02 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Apple Computer 2014-03-01 11:52 - 2014-03-01 11:53 - 00000000 ____D () C:\Program Files\QuickTime 2014-02-15 07:19 - 2014-02-15 07:19 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2916036$ ==================== One Month Modified Files and Folders ======= 2014-03-16 19:07 - 2014-03-15 16:46 - 00000000 ____D () C:\FRST 2014-03-16 19:03 - 2013-05-08 19:11 - 02050739 _____ () C:\WINDOWS\WindowsUpdate.log 2014-03-16 18:50 - 2013-05-08 20:09 - 00000900 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-03-16 01:37 - 2014-03-09 07:10 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-03-15 19:41 - 2013-05-08 20:09 - 00000364 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job 2014-03-15 16:25 - 2013-10-19 07:13 - 00000000 ____D () C:\Documents and Settings\Administrator\My Documents\Uni 2014-03-15 16:21 - 2014-03-09 06:59 - 00000238 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job 2014-03-15 16:21 - 2013-12-04 22:06 - 00000159 _____ () C:\WINDOWS\wiadebug.log 2014-03-15 16:21 - 2013-12-04 22:06 - 00000050 _____ () C:\WINDOWS\wiaservc.log 2014-03-15 16:21 - 2013-05-08 20:09 - 00000896 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-03-15 16:21 - 2013-05-08 19:16 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-03-15 16:21 - 2008-04-14 07:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl 2014-03-15 16:19 - 2014-03-15 12:32 - 00000000 ____D () C:\AdwCleaner 2014-03-15 16:19 - 2013-12-31 21:51 - 00000000 ____D () C:\Documents and Settings\Administrator\My Documents\H 2014-03-15 14:55 - 2014-03-09 10:10 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk 2014-03-15 14:33 - 2014-03-15 14:33 - 00001804 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk 2014-03-15 14:33 - 2014-03-15 14:33 - 00001734 _____ () C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk 2014-03-15 14:32 - 2014-03-15 14:32 - 00000000 ____D () C:\Program Files\Adobe 2014-03-15 14:32 - 2013-05-08 20:36 - 00000000 ____D () C:\Program Files\Common Files\Adobe 2014-03-15 14:32 - 2013-05-08 20:33 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Adobe 2014-03-15 14:13 - 2013-05-08 21:07 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe 2014-03-15 14:07 - 2014-03-15 14:07 - 00000444 _____ () C:\WINDOWS\wmsetup.log 2014-03-15 14:07 - 2013-05-08 19:18 - 00000792 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk 2014-03-15 12:24 - 2014-03-15 12:24 - 00002898 _____ () C:\Documents and Settings\Administrator\Desktop\JRT.txt 2014-03-15 12:19 - 2014-03-15 12:19 - 00000000 ____D () C:\WINDOWS\ERUNT 2014-03-14 12:50 - 2013-05-08 19:16 - 00032540 _____ () C:\WINDOWS\SchedLgU.Txt 2014-03-14 00:27 - 2013-12-05 23:00 - 00000000 ____D () C:\WINDOWS\SxsCaPendDel 2014-03-14 00:27 - 2013-05-08 19:18 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini 2014-03-13 18:16 - 2013-05-08 21:39 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB952287$ 2014-03-13 18:16 - 2013-05-08 20:09 - 00000000 ____D () C:\Program Files\Google 2014-03-13 17:15 - 2013-05-08 20:37 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Google 2014-03-13 17:15 - 2013-05-08 20:09 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Google 2014-03-13 17:13 - 2014-03-13 17:13 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\TrojanHunter 2014-03-13 16:26 - 2014-03-13 16:26 - 00059392 ____R () C:\WINDOWS\system32\streamhlp.dll 2014-03-13 05:50 - 2013-12-04 22:07 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-03-13 05:50 - 2013-05-08 19:57 - 00266208 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2014-03-12 23:01 - 2014-03-12 23:01 - 00130750 _____ () C:\WINDOWS\KB2925418-IE8.log 2014-03-12 23:01 - 2014-03-12 23:01 - 00002747 _____ () C:\WINDOWS\updspapi.log 2014-03-12 23:01 - 2014-03-12 23:01 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$ 2014-03-12 23:01 - 2014-03-12 07:25 - 00129220 _____ () C:\WINDOWS\KB2930275.log 2014-03-12 23:01 - 2014-03-12 07:25 - 00126953 _____ () C:\WINDOWS\KB2929961.log 2014-03-12 23:01 - 2014-03-08 22:55 - 00026405 _____ () C:\WINDOWS\iis6.log 2014-03-12 23:01 - 2014-03-08 22:55 - 00024730 _____ () C:\WINDOWS\FaxSetup.log 2014-03-12 23:01 - 2014-03-08 22:55 - 00011824 _____ () C:\WINDOWS\ocgen.log 2014-03-12 23:01 - 2014-03-08 22:55 - 00011284 _____ () C:\WINDOWS\tsoc.log 2014-03-12 23:01 - 2014-03-08 22:55 - 00008227 _____ () C:\WINDOWS\comsetup.log 2014-03-12 23:01 - 2014-03-08 22:55 - 00007466 _____ () C:\WINDOWS\msmqinst.log 2014-03-12 23:01 - 2014-03-08 22:55 - 00004984 _____ () C:\WINDOWS\ntdtcsetup.log 2014-03-12 23:01 - 2014-03-08 22:55 - 00004332 _____ () C:\WINDOWS\netfxocm.log 2014-03-12 23:01 - 2014-03-08 22:55 - 00001700 _____ () C:\WINDOWS\MedCtrOC.log 2014-03-12 23:01 - 2014-03-08 22:55 - 00001374 _____ () C:\WINDOWS\imsins.log 2014-03-12 23:01 - 2014-03-08 22:55 - 00001374 _____ () C:\WINDOWS\imsins.BAK 2014-03-12 23:01 - 2014-03-08 22:55 - 00001368 _____ () C:\WINDOWS\ocmsn.log 2014-03-12 23:01 - 2014-03-08 22:55 - 00001244 _____ () C:\WINDOWS\tabletoc.log 2014-03-12 23:01 - 2014-03-08 22:55 - 00001236 _____ () C:\WINDOWS\msgsocm.log 2014-03-12 23:01 - 2013-05-08 21:51 - 00000000 ____D () C:\WINDOWS\ie8updates 2014-03-12 23:00 - 2014-03-12 23:00 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$ 2014-03-12 23:00 - 2013-05-09 17:42 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help 2014-03-12 22:59 - 2013-12-04 22:07 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight 2014-03-12 09:37 - 2014-03-09 07:10 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2014-03-12 09:37 - 2014-03-09 07:10 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2014-03-12 07:23 - 2014-03-12 07:23 - 00000000 ____D () C:\WINDOWS\jumpshot.com 2014-03-11 19:19 - 2014-03-05 17:32 - 00003445 _____ () C:\WINDOWS\setupapi.log 2014-03-11 18:02 - 2014-03-11 18:02 - 00000802 _____ () C:\Documents and Settings\Administrator\Desktop\Free Countdown Timer.lnk 2014-03-11 18:02 - 2014-03-11 18:02 - 00000000 ____D () C:\Program Files\FreeCountdownTimer 2014-03-11 18:02 - 2014-03-11 18:02 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Free Countdown Timer 2014-03-11 07:45 - 2014-03-09 06:59 - 00000232 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job 2014-03-09 17:59 - 2013-09-21 21:08 - 00001746 ____H () C:\Documents and Settings\Administrator\My Documents\Default.rdp 2014-03-09 10:30 - 2014-03-09 10:30 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Mozilla 2014-03-09 10:10 - 2014-03-09 10:10 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome 2014-03-09 10:05 - 2013-05-08 19:18 - 00000803 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer.lnk 2014-03-09 08:49 - 2014-03-09 08:55 - 00000426 _____ () C:\AVScanner.ini 2014-03-08 22:55 - 2014-03-08 22:55 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2934207$ 2014-03-08 22:55 - 2014-03-08 22:55 - 00000000 _____ () C:\WINDOWS\setuperr.log 2014-03-08 22:55 - 2014-03-08 22:55 - 00000000 _____ () C:\WINDOWS\setupact.log 2014-03-08 22:55 - 2014-03-08 22:54 - 00004074 _____ () C:\WINDOWS\KB2934207.log 2014-03-08 13:27 - 2013-05-08 20:51 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Adobe 2014-03-08 11:47 - 2013-10-19 07:42 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job 2014-03-08 06:58 - 2013-05-08 19:57 - 00000211 ___SH () C:\boot.ini 2014-03-08 06:58 - 2008-04-14 07:00 - 00000552 _____ () C:\WINDOWS\win.ini 2014-03-08 06:58 - 2008-04-14 07:00 - 00000227 _____ () C:\WINDOWS\system.ini 2014-03-06 21:45 - 2013-05-08 19:50 - 00000000 ____D () C:\WINDOWS\Driver Cache 2014-03-06 21:44 - 2013-05-08 19:18 - 00000000 ____D () C:\Documents and Settings\Administrator 2014-03-06 20:49 - 2013-05-08 21:50 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2478971$ 2014-03-06 20:00 - 2014-03-06 20:00 - 00000784 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk 2014-03-06 20:00 - 2014-03-06 20:00 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware 2014-03-06 20:00 - 2014-03-06 20:00 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware 2014-03-02 21:19 - 2014-01-25 16:29 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\Unused Desktop Shortcuts 2014-03-02 21:19 - 2013-10-19 16:20 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Apple Computer 2014-03-01 12:03 - 2014-03-01 12:03 - 00001542 _____ () C:\Documents and Settings\All Users\Desktop\iTunes.lnk 2014-03-01 12:03 - 2014-03-01 12:03 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\iTunes 2014-03-01 12:03 - 2014-03-01 12:02 - 00000000 ____D () C:\Program Files\iTunes 2014-03-01 12:03 - 2014-03-01 12:02 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1 2014-03-01 12:03 - 2013-10-19 07:42 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Apple Computer 2014-03-01 12:02 - 2014-03-01 12:02 - 00000000 ____D () C:\Program Files\iPod 2014-03-01 12:02 - 2014-03-01 12:02 - 00000000 ____D () C:\Program Files\Bonjour 2014-03-01 12:02 - 2014-03-01 12:02 - 00000000 ____D () C:\Documents and Settings\LocalService\Application Data\Apple Computer 2014-03-01 12:02 - 2014-03-01 11:52 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Apple Computer 2014-03-01 12:02 - 2013-10-19 07:42 - 00000000 ____D () C:\Program Files\Common Files\Apple 2014-03-01 12:02 - 2013-10-19 07:42 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Apple 2014-03-01 11:53 - 2014-03-01 11:53 - 00001604 _____ () C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk 2014-03-01 11:53 - 2014-03-01 11:53 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime 2014-03-01 11:53 - 2014-03-01 11:52 - 00000000 ____D () C:\Program Files\QuickTime 2014-02-27 14:13 - 2013-06-10 15:33 - 00068456 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2014-02-26 01:59 - 2014-03-08 15:26 - 00013312 ____N (Microsoft Corporation) C:\WINDOWS\system32\xp_eos.exe 2014-02-26 01:59 - 2014-03-08 15:26 - 00013312 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xp_eos.exe 2014-02-24 16:24 - 2008-04-14 07:00 - 00174592 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ie4uinit.exe 2014-02-24 16:24 - 2008-04-14 07:00 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2014-02-24 11:46 - 2013-05-08 21:38 - 00012800 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xpshims.dll 2014-02-24 11:46 - 2013-05-08 19:10 - 00759296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\vgx.dll 2014-02-24 11:46 - 2008-04-14 07:00 - 06022144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtml.dll 2014-02-24 11:46 - 2008-04-14 07:00 - 06022144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2014-02-24 11:46 - 2008-04-14 07:00 - 01216000 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\urlmon.dll 2014-02-24 11:46 - 2008-04-14 07:00 - 01216000 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2014-02-24 11:46 - 2008-04-14 07:00 - 00920064 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wininet.dll 2014-02-24 11:46 - 2008-04-14 07:00 - 00920064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2014-02-24 11:46 - 2008-04-14 07:00 - 00611840 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mstime.dll 2014-02-24 11:46 - 2008-04-14 07:00 - 00611840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstime.dll 2014-02-24 11:46 - 2008-04-14 07:00 - 00206848 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\occache.dll 2014-02-24 11:46 - 2008-04-14 07:00 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\occache.dll 2014-02-24 11:46 - 2008-04-14 07:00 - 00105984 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\url.dll 2014-02-24 11:46 - 2008-04-14 07:00 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll 2014-02-24 11:46 - 2008-04-14 07:00 - 00067072 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtmled.dll 2014-02-24 11:46 - 2008-04-14 07:00 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2014-02-24 11:45 - 2013-05-08 21:38 - 11113472 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieframe.dll 2014-02-24 11:45 - 2013-05-08 21:38 - 02006016 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iertutil.dll 2014-02-24 11:45 - 2013-05-08 21:38 - 00743424 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedvtool.dll 2014-02-24 11:45 - 2013-05-08 21:38 - 00630272 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeeds.dll 2014-02-24 11:45 - 2013-05-08 21:38 - 00522240 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsdbgui.dll 2014-02-24 11:45 - 2013-05-08 21:38 - 00247808 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieproxy.dll 2014-02-24 11:45 - 2013-05-08 21:38 - 00055296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2014-02-24 11:45 - 2009-03-08 03:39 - 11113472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2014-02-24 11:45 - 2009-03-08 03:32 - 02006016 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2014-02-24 11:45 - 2009-03-08 03:32 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2014-02-24 11:45 - 2009-03-08 03:31 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll 2014-02-24 11:45 - 2008-04-14 07:00 - 01469440 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\inetcpl.cpl 2014-02-24 11:45 - 2008-04-14 07:00 - 01469440 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2014-02-24 11:45 - 2008-04-14 07:00 - 00387584 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedkcs32.dll 2014-02-24 11:45 - 2008-04-14 07:00 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2014-02-24 11:45 - 2008-04-14 07:00 - 00184320 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iepeers.dll 2014-02-24 11:45 - 2008-04-14 07:00 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll 2014-02-24 11:45 - 2008-04-14 07:00 - 00043520 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\licmgr10.dll 2014-02-24 11:45 - 2008-04-14 07:00 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll 2014-02-24 11:45 - 2008-04-14 07:00 - 00025600 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsproxy.dll 2014-02-24 11:45 - 2008-04-14 07:00 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll 2014-02-24 11:45 - 2008-04-14 07:00 - 00018944 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\corpol.dll 2014-02-24 11:45 - 2008-04-14 07:00 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\corpol.dll 2014-02-24 10:54 - 2008-04-14 07:00 - 00385024 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec 2014-02-21 19:42 - 2013-12-31 15:17 - 00001733 _____ () C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk 2014-02-21 19:42 - 2013-05-08 20:09 - 00067824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys 2014-02-21 19:41 - 2013-05-08 20:09 - 00775952 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys 2014-02-21 19:41 - 2013-05-08 20:09 - 00410784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys 2014-02-21 19:41 - 2013-05-08 20:09 - 00270240 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe 2014-02-21 19:41 - 2013-05-08 20:09 - 00057672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys 2014-02-21 19:41 - 2013-05-08 20:09 - 00054832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys 2014-02-21 19:41 - 2013-05-08 20:08 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr 2014-02-15 10:40 - 2013-05-08 20:00 - 00000000 ____D () C:\WINDOWS\Microsoft.NET 2014-02-15 10:18 - 2013-05-09 17:47 - 00065536 _____ () C:\WINDOWS\system32\config\ODiag.evt 2014-02-15 07:19 - 2014-02-15 07:19 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2916036$ 2014-02-15 07:13 - 2013-05-08 19:59 - 00591082 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-02-14 09:53 - 2013-07-18 02:01 - 00000000 ____D () C:\WINDOWS\system32\MRT Some content of TEMP: ==================== C:\Documents and Settings\Administrator\Local Settings\Temp\air165.exe C:\Documents and Settings\Administrator\Local Settings\Temp\air16A.exe C:\Documents and Settings\Administrator\Local Settings\Temp\air315.exe C:\Documents and Settings\Administrator\Local Settings\Temp\air324.exe C:\Documents and Settings\Administrator\Local Settings\Temp\air325.exe C:\Documents and Settings\Administrator\Local Settings\Temp\install_reader11_uk_mssa_aaa_aih.exe C:\Documents and Settings\Administrator\Local Settings\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\WINDOWS\explorer.exe => MD5 is legit C:\WINDOWS\system32\winlogon.exe => MD5 is legit C:\WINDOWS\system32\svchost.exe => MD5 is legit C:\WINDOWS\system32\services.exe => MD5 is legit C:\WINDOWS\system32\User32.dll => MD5 is legit C:\WINDOWS\system32\userinit.exe => MD5 is legit C:\WINDOWS\system32\rpcss.dll => MD5 is legit C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit ==================== End Of Log ========== Obviously it's completely double dutch to me so hope that it's showing what it should?! Off to run the second thing now..... Quote
hness Posted March 16, 2014 Author Posted March 16, 2014 Step two.... Hey Starbuck, I'm trying to run step two but it keeps crashing my PC. I haven't got any other windows open and as soon as I start it it freezes?! Will running C Cleaner do the same thing as I have that installed? Thanks! Quote
Starbuck Posted March 16, 2014 Posted March 16, 2014 Hi hness I tried to delete it from the control panel and it said it had already been deleted. I searched for it and found a shortcut on my desktop which doesn't link to anything. Ok, this means that it's been removed by a security program earlier but has left an orphan entry in the add/remove list. This is not a problem to remove. As you have CCleaner on your system: start CCleaner click on the 'Tools' tab. then the Uninstall' tab. click on the dead link for: McAfee Security Scan Plus and click on 'Delete Entry'. This should remove the entry from the list. Re-ran the first thing you said and here's the report: Unfortunately we needed to run a fix .... not a scan. Go back to post #10 and follow the instructions to download the attached 'fixlist' and follow the rest of the instructions to run the fix. (you will see the 'fixlist.txt' at the bottom of post #10..... just click on it to download it) I'm trying to run step two but it keeps crashing my PC Do you mean 'step 3' .... the TFC program? This may well be due to you having MalwareBytes AntiMalware installed. There is a known conflict on some XP machines when TFC is run. ( but it doesn't effect every XP system) Please uninstall MBAM and then run TFC again. You can re-install MBAM again afterwards. Will running C Cleaner do the same thing as I have that installed? CCleaner does a similar job to TFC, but TFC will remove more areas than CCleaner will (plus TFC is a bit more efficient) Thanks Quote Member of:UNITE
hness Posted March 17, 2014 Author Posted March 17, 2014 ok - fix list coming up...... Hi hness Ok, this means that it's been removed by a security program earlier but has left an orphan entry in the add/remove list. This is not a problem to remove. As you have CCleaner on your system: start CCleaner click on the 'Tools' tab. then the Uninstall' tab. click on the dead link for: McAfee Security Scan Plus and click on 'Delete Entry'. This should remove the entry from the list. Unfortunately we needed to run a fix .... not a scan. Go back to post #10 and follow the instructions to download the attached 'fixlist' and follow the rest of the instructions to run the fix. (you will see the 'fixlist.txt' at the bottom of post #10..... just click on it to download it) Do you mean 'step 3' .... the TFC program? This may well be due to you having MalwareBytes AntiMalware installed. There is a known conflict on some XP machines when TFC is run. ( but it doesn't effect every XP system) Please uninstall MBAM and then run TFC again. You can re-install MBAM again afterwards. CCleaner does a similar job to TFC, but TFC will remove more areas than CCleaner will (plus TFC is a bit more efficient) Thanks Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File S2 Wpm; No ImagePath S0 cerc6; No ImagePath S4 IntelIde; No ImagePath S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X] S1 iSafeNetFilter; \??\C:\Program Files\iSafe\iSafeNetFilter.sys [X] U1 WS2IFSL; 2014-03-13 17:13 - 2014-03-13 17:13 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\TrojanHunter C:\Documents and Settings\Administrator\Local Settings\Temp\air165.exe C:\Documents and Settings\Administrator\Local Settings\Temp\air16A.exe C:\Documents and Settings\Administrator\Local Settings\Temp\air315.exe C:\Documents and Settings\Administrator\Local Settings\Temp\air324.exe C:\Documents and Settings\Administrator\Local Settings\Temp\air325.exe C:\Documents and Settings\Administrator\Local Settings\Temp\install_reader11_uk_mssa_aaa_aih.exe C:\Documents and Settings\Administrator\Local Settings\Temp\Quarantine.exe MSCONFIG\startupreg: mobilegeni daemon => C:\Program Files\Mobogenie\DaemonProcess.exe C:\Documents and Settings\Administrator\Local Settings\Application Data\Mobogenie C:\Documents and Settings\All Users\Application Data\WPM C:\Documents and Settings\All Users\Start Menu\Programs\myfree codec C:\Program Files\WinZipper Reboot: Quote
hness Posted March 18, 2014 Author Posted March 18, 2014 ok Starbuck, deleted MBAM and worked immediately - deleted loads of stuff - as a newbie - have no idea what it all means but seemed to reboot a lot quicker too - :D Quote
Starbuck Posted March 18, 2014 Posted March 18, 2014 Hi hness, That was the actual fixlist....... it's not the fixlog.txt The fixlog.txt will only be produced once the fix has been run. Have you downloaded the fixlist.txt ( as in post #10 ) Or are you opening it? Take a look..... ----------------------------------------------- http://img.photobucket.com/albums/v708/starbuck50/attach_zps8dd0d30b.png ---------------------------------------------- When you click on the fixlist.txt (the attachment in post #10 ) you need to change the preference to Save File and then click OK .... don't click on Open With. NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work. Re-run FRST/FRST64 and press the Fix button just once and wait. The tool will make a log on the Desktop (Fixlog.txt). Please post this in your next reply. Quote Member of:UNITE
hness Posted March 18, 2014 Author Posted March 18, 2014 Sorry Starbuck my mistake!!!! This is the log: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-03-2014 01 Ran by Administrator at 2014-03-17 08:29:02 Run:2 Running from C:\Documents and Settings\Administrator\My Documents\Downloads Boot Mode: Normal ============================================== Content of fixlist: ***************** Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File S2 Wpm; No ImagePath S0 cerc6; No ImagePath S4 IntelIde; No ImagePath S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X] S1 iSafeNetFilter; \??\C:\Program Files\iSafe\iSafeNetFilter.sys [X] U1 WS2IFSL; 2014-03-13 17:13 - 2014-03-13 17:13 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\TrojanHunter C:\Documents and Settings\Administrator\Local Settings\Temp\air165.exe C:\Documents and Settings\Administrator\Local Settings\Temp\air16A.exe C:\Documents and Settings\Administrator\Local Settings\Temp\air315.exe C:\Documents and Settings\Administrator\Local Settings\Temp\air324.exe C:\Documents and Settings\Administrator\Local Settings\Temp\air325.exe C:\Documents and Settings\Administrator\Local Settings\Temp\install_reader11_uk_mssa_aaa_aih.exe C:\Documents and Settings\Administrator\Local Settings\Temp\Quarantine.exe MSCONFIG\startupreg: mobilegeni daemon => C:\Program Files\Mobogenie\DaemonProcess.exe C:\Documents and Settings\Administrator\Local Settings\Application Data\Mobogenie C:\Documents and Settings\All Users\Application Data\WPM C:\Documents and Settings\All Users\Start Menu\Programs\myfree codec C:\Program Files\WinZipper Reboot: ***************** HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Value not found. HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => Value not found. HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => Key not found. Wpm => Service not found. cerc6 => Service not found. IntelIde => Service not found. esgiguard => Service deleted successfully. iSafeNetFilter => Service not found. WS2IFSL => Service not found. C:\Documents and Settings\Administrator\Application Data\TrojanHunter => Moved successfully. "C:\Documents and Settings\Administrator\Local Settings\Temp\air165.exe" => File/Directory not found. "C:\Documents and Settings\Administrator\Local Settings\Temp\air16A.exe" => File/Directory not found. "C:\Documents and Settings\Administrator\Local Settings\Temp\air315.exe" => File/Directory not found. "C:\Documents and Settings\Administrator\Local Settings\Temp\air324.exe" => File/Directory not found. "C:\Documents and Settings\Administrator\Local Settings\Temp\air325.exe" => File/Directory not found. "C:\Documents and Settings\Administrator\Local Settings\Temp\install_reader11_uk_mssa_aaa_aih.exe" => File/Directory not found. "C:\Documents and Settings\Administrator\Local Settings\Temp\Quarantine.exe" => File/Directory not found. ========= MSCONFIG\startupmobilegeni daemon => C:\Program Files\Mobogenie\DaemonProcess.exe ========= The system cannot find the path specified. ========= End of Reg: ========= "C:\Documents and Settings\Administrator\Local Settings\Application Data\Mobogenie" => File/Directory not found. "C:\Documents and Settings\All Users\Application Data\WPM" => File/Directory not found. "C:\Documents and Settings\All Users\Start Menu\Programs\myfree codec" => File/Directory not found. "C:\Program Files\WinZipper" => File/Directory not found. The system needed a reboot. ==== End of Fixlog ==== I was just thinking how I had not had this message for a few days when I tried to access the bbc website and it appeared again!!! I can access other sites with no problem or errors?! I had actually accessed the bbc website earlier with no error msgs too - very strange?! Hi hness, That was the actual fixlist....... it's not the fixlog.txt The fixlog.txt will only be produced once the fix has been run. Have you downloaded the fixlist.txt ( as in post #10 ) Or are you opening it? Take a look..... ----------------------------------------------- http://img.photobucket.com/albums/v708/starbuck50/attach_zps8dd0d30b.png ---------------------------------------------- When you click on the fixlist.txt (the attachment in post #10 ) you need to change the preference to Save File and then click OK .... don't click on Open With. NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work. Re-run FRST/FRST64 and press the Fix button just once and wait. The tool will make a log on the Desktop (Fixlog.txt). Please post this in your next reply. Quote
Starbuck Posted March 18, 2014 Posted March 18, 2014 Hi hness, Sorry Starbuck my mistake!!!! This is the log: That's exactly what i wanted, thanks. I was just thinking how I had not had this message for a few days when I tried to access the bbc website and it appeared again!!! The version of Flash Player that you have installed, is the latest version...... so don't take any notice of any popups saying otherwise. We'll just run one other scan as a double check ... hopefully this will come back clean now. I'd like you to do an ESET OnlineScan You may find it beneficial to close your resident AV program before running the scan. Hold down Control and click on the following link to open ESET OnlineScan in a new window. ESET OnlineScan Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps) Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop. Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop. [*]Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png [*]Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button. [*]Accept any security warnings from your browser. [*]Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png [*] Make sure that the option Remove found threats is ticked, and the option Scan unwanted applications is checked [*]Click the Start button. [*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time. [*]When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png [*]Click http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply. [*]Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png button. [*]Click http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt Note: It's been found that on some systems the Eset's Online Scan fails during the database download ( around 20% ) To prevent this happening: When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked): Enable Anti-Stealth technology http://img.photobucket.com/albums/v708/starbuck50/eset.png Post the Eset report if anything is found. Thanks Quote Member of:UNITE
hness Posted March 19, 2014 Author Posted March 19, 2014 Hi Starbuck, okay have done this and here are the results: C:\Documents and Settings\Administrator\My Documents\Downloads\InstallConverter (1).exe a variant of Win32/Wajam.F potentially unwanted application deleted - quarantined C:\Documents and Settings\Administrator\My Documents\Downloads\InstallConverter.exe a variant of Win32/Wajam.F potentially unwanted application deleted - quarantined C:\FRST\Quarantine\C\Documents and Settings\Administrator\Local Settings\Application Data\Mobogenie\Version\OldVersion\Mobogenie2.1.32.zip a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined C:\FRST\Quarantine\C\Documents and Settings\Administrator\Local Settings\Application Data\Mobogenie\Version\OldVersion\Mobogenie\DaemonProcess.exe a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined C:\FRST\Quarantine\C\Documents and Settings\Administrator\Local Settings\Application Data\Mobogenie\Version\OldVersion\Mobogenie\Mobogenie.exe a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined C:\FRST\Quarantine\C\Documents and Settings\Administrator\Local Settings\Application Data\Mobogenie\Version\OldVersion\Mobogenie\New_UpdateMoboGenie.exe a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined ESETSmartInstaller@High as downloader log: Can not open internetESETSmartInstaller@High as downloader log: Can not open internetesets_scanner_update returned -1 esets_gle=1 # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=1695df86f85f04498f8679ca36197084 # engine=17501 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2014-03-19 12:16:56 # local_time=2014-03-19 12:16:56 (+0000, GMT Standard Time) # country="United Kingdom" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=774 16777213 85 79 2176209 11989900 0 0 # scanned=41955 # found=6 # cleaned=6 # scan_time=1835 sh=ADB265910863F10F6D7C013BFB0F38737F8C1DE2 ft=1 fh=20249ee4c09b4eea vn="a variant of Win32/Wajam.F potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Documents and Settings\Administrator\My Documents\Downloads\InstallConverter (1).exe" sh=ADB265910863F10F6D7C013BFB0F38737F8C1DE2 ft=1 fh=20249ee4c09b4eea vn="a variant of Win32/Wajam.F potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Documents and Settings\Administrator\My Documents\Downloads\InstallConverter.exe" sh=EBF01B3EC4607AEB707184674F723440272D4EF5 ft=0 fh=0000000000000000 vn="a variant of Win32/Mobogenie.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\FRST\Quarantine\C\Documents and Settings\Administrator\Local Settings\Application Data\Mobogenie\Version\OldVersion\Mobogenie2.1.32.zip" sh=748E90CBB284A00D9E9396B9EE387AC5905FF8D1 ft=1 fh=ab95f3a7820679d6 vn="a variant of Win32/Mobogenie.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\FRST\Quarantine\C\Documents and Settings\Administrator\Local Settings\Application Data\Mobogenie\Version\OldVersion\Mobogenie\DaemonProcess.exe" sh=D0E5E11ACDD3E7AF720794C6AD722169570CA169 ft=1 fh=afc8ab45c959803b vn="a variant of Win32/Mobogenie.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\FRST\Quarantine\C\Documents and Settings\Administrator\Local Settings\Application Data\Mobogenie\Version\OldVersion\Mobogenie\Mobogenie.exe" sh=67D59D15A734F2B41373F1CAF8347D199215D42C ft=1 fh=86e026dc2bf78850 vn="a variant of Win32/Mobogenie.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\FRST\Quarantine\C\Documents and Settings\Administrator\Local Settings\Application Data\Mobogenie\Version\OldVersion\Mobogenie\New_UpdateMoboGenie.exe" Can now access bbc website without warnings flashing up?! Thanks for all your time on this!!!! Hi hness, That's exactly what i wanted, thanks. The version of Flash Player that you have installed, is the latest version...... so don't take any notice of any popups saying otherwise. We'll just run one other scan as a double check ... hopefully this will come back clean now. I'd like you to do an ESET OnlineScan You may find it beneficial to close your resident AV program before running the scan. Hold down Control and click on the following link to open ESET OnlineScan in a new window. ESET OnlineScan Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps) Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop. Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop. [*]Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png [*]Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button. [*]Accept any security warnings from your browser. [*]Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png [*] Make sure that the option Remove found threats is ticked, and the option Scan unwanted applications is checked [*]Click the Start button. [*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time. [*]When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png [*]Click http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply. [*]Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png button. [*]Click http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt Note: It's been found that on some systems the Eset's Online Scan fails during the database download ( around 20% ) To prevent this happening: When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked): Enable Anti-Stealth technology http://img.photobucket.com/albums/v708/starbuck50/eset.png Post the Eset report if anything is found. Thanks Quote
Starbuck Posted March 20, 2014 Posted March 20, 2014 Hi hness, That's good. Eset picked up on 1 item we missed. The rest had already been removed by FRST and had been placed in quarantine. When you are happy with the system, we'll finish off the cleaning process. Quote Member of:UNITE
hness Posted March 21, 2014 Author Posted March 21, 2014 Hi hness, That's good. Eset picked up on 1 item we missed. The rest had already been removed by FRST and had been placed in quarantine. When you are happy with the system, we'll finish off the cleaning process. Hi Starbuck, it's not doing it v often now and it's intermittent when it does seem to happen.It's still quite random in the fact that I put in fb url earlier and it blocked me. I tried to access fb by clicking on the tile that appears on google's home page and it let me straight in. I just tried it again by clicking the tile and same error msg is appearing - [h=1]Cannot connect to the real http://www.facebook.com[/h]Something is currently interfering with your secure connection to http://www.facebook.com. Try to reload this page in a few minutes or after switching to a new network. If you have recently connected to a new Wi-Fi network, finish logging in before reloading. If you were to visit http://www.facebook.com right now, you might share private information with an attacker. To protect your privacy, Chrome will not load the page until it can establish a secure connection to the real http://www.facebook.com. ????!!!!! Quote
hness Posted March 21, 2014 Author Posted March 21, 2014 also (not sure if I've mentioned it already) but it's on fb, bbc website, and when it is playing up I am also unable to search using google - it keeps coming up with SSL error but other times it'a fine?! Quote
Starbuck Posted March 21, 2014 Posted March 21, 2014 Chrome will not load the page until it can establish a secure connection to the real http://www.facebook.com. ????!!!!! Does this only happen with Chrome? Have you tried another browser? Another really random question..... Is the time and date set correctly on your system? Seems that an incorrect time/date setting can produce a "SSL Connection Error" On Google Chrome. Quote Member of:UNITE
hness Posted March 25, 2014 Author Posted March 25, 2014 Hey Starbuck, sorry for the late reply. I uninstalled Chrome and it was happening on IE. Def got the right time and date set. It is really weird as it will be fine all day and then suddenly start causing problems continuously. This only started happening when I moved into a friends house and started connecting to her wifi - surely this couldn't be at the root of it?! Quote
Starbuck Posted March 25, 2014 Posted March 25, 2014 Hi hness, It is really weird as it will be fine all day and then suddenly start causing problems continuously. Actually this is quite possible.... it all depends on what website you are using. Websites that require an SSL connection start with https: instead of http: https is a lot more secure and this is used by Facebook and Google .... as well as others including Banking sites. Websites starting with http should be unaffected. There are a number of things that can effect this connection. Let us check a few things... Download Security Check from here or here. Save it to your Desktop. Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box. Wait for the scan to finish A Notepad document should open automatically when the scan has finished called checkup.txt; please copy and paste the contents of that document in your next reply. Open Internet Explorer. On the Tools menu, click Internet Options. On the Advanced tab, scroll down to Security, what check boxes are selected for: Use SSL Use TLS there maybe more than one. and are there any not checked? This only started happening when I moved into a friends house and started connecting to her wifi - surely this couldn't be at the root of it?! Actually it's not as strange as it seems. It would depend on what security settings are being used in the router. What make is it and who is the internet provider? Quote Member of:UNITE
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.