Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unable to sign into different sites - Not a private connection?


  • This topic is locked This topic is locked
41 replies to this topic

#1 bluejayhope

bluejayhope

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sevilla, Spain
  • Local time:10:37 PM

Posted 30 September 2014 - 08:07 AM

Hello Bleeping Computer guys,
 
I'm trying to sign into emails and I get a screen saying my internet connection is not private. I don't understand why as its a 20 character key, only visable on the wifi box. This is a computer I just bought from my room mate and don't know what he had on it or what he did on it. On the screen I have the title, and below it says NET:: ERR_CERT_INVALID. Preferably I'd like to wipe the computer clean and rid it of all his stuff on here (as he is a constant downloader of movies and music).
 
Thanks for your help!
 
Chris

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Administrator at 22:36:46 on 2014-09-29
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.750 [GMT 1:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\dmwu.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\BitTorrent\BitTorrent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Samsung\Kies\Kies.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\mjcm\dnkt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k bthsvcs
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.real.com/realplayer/product/cancel?distcode=R81UKR&loc=gb&li=en&cancelled=page_eula1&displayedoffer=rp&acceptedoffer=none&action=close
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.9012.1008\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [BitTorrent] "c:\program files\bittorrent\BitTorrent.exe" /MINIMIZED
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [KiesPreload] c:\program files\samsung\kies\Kies.exe /preload
uRun: [KiesAirMessage] c:\program files\samsung\kies\KiesAirMessage.exe -startup
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SweetIM] c:\program files\sweetim\messenger\SweetIM.exe
mRun: [Sweetpacks Communicator] c:\program files\sweetim\communicator\SweetPacksUpdateManager.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [KiesTrayAgent] c:\program files\samsung\kies\KiesTrayAgent.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
TCP: NameServer = 80.58.61.250 80.58.61.254
TCP: Interfaces\{C05C257E-02D3-4662-80AD-7956D3C1F33E} : DHCPNameServer = 80.58.61.250 80.58.61.254
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\37.0.2062.124\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 IBUpdaterService;IBUpdaterService;c:\windows\system32\dmwu.exe [2014-6-25 2387760]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2011-12-15 88192]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
S3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\system32\drivers\lgandnetdiag.sys [2012-7-3 23040]
S3 ANDNetModem;LGE AndroidNet USB Modem;c:\windows\system32\drivers\lgandnetmodem.sys [2012-7-3 27776]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2014-1-3 84248]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2013-12-25 20032]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2014-1-3 182680]
.
=============== Created Last 30 ================
.
2014-09-26 21:38:07 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-09-26 21:37:02 -------- d-----w- C:\AdwCleaner
2014-09-26 06:57:48 -------- d-----w- c:\documents and settings\administrator\local settings\application data\SWDS
.
==================== Find3M ====================
.
2014-09-17 13:01:26 2387760 ----a-w- c:\windows\system32\dmwu.exe
2014-09-17 12:55:24 27136 ----a-w- c:\windows\system32\ImHttpComm.dll
2014-09-16 14:20:56 773968 ----a-w- c:\windows\system32\msvcr100.dll
2014-09-16 14:20:56 632656 ----a-w- c:\windows\system32\msvcr80.dll
2014-09-16 14:20:56 554832 ----a-w- c:\windows\system32\msvcp80.dll
2014-09-16 14:20:56 479232 ----a-w- c:\windows\system32\msvcm80.dll
2014-09-16 14:20:56 421200 ----a-w- c:\windows\system32\msvcp100.dll
.
============= FINISH: 22:37:29.45 ===============

Attached Files

  • Attached File  dds.txt   8.63KB   4 downloads

Edited by Oh My!, 04 October 2014 - 09:17 PM.
Posted DDS


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,764 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:37 PM

Posted 04 October 2014 - 09:22 PM

Greetings Chris and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. While I review our situation please run the below for me.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop <<< Important
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

Farbar's Service Scanner

--------------------
  • Please download Farbar Service Scanner, save it to your desktop, and run it.
  • Make sure the following options are checked:

Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender
Other Services

  • Press Scan
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.
===================================================

Farbar's MiniToolBox

--------------------
  • Please download MiniToolBox, save it to your desktop
  • Please close any Firefox browsers you may have open
  • Double click the icon to launch the program
  • Make sure only the following options are checked:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries

  • Click Go and once the scan is completed a Result.txt Notepad document will open on your desktop
  • Please copy and paste the contents in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • FSS.txt
  • Result.txt
  • System Summary Information

Edited by Oh My!, 04 October 2014 - 09:24 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 bluejayhope

bluejayhope
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sevilla, Spain
  • Local time:10:37 PM

Posted 06 October 2014 - 08:49 AM

Hello Oh My! Thank you for taking the time to look at my problem! It's very much appreciated!! Here are all the docs you wanted me to post! A little light reading some would call this.... :)

 

FRST

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06-10-2014
Ran by Administrator (administrator) on DELL-D610 on 05-10-2014 23:16:54
Running from C:\Documents and Settings\Administrator\Desktop
Loaded Profile: Administrator (Available profiles: Administrator)
Platform: Microsoft Windows XP Professional Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
() C:\WINDOWS\system32\WLTRYSVC.EXE
(Dell Inc.) C:\WINDOWS\system32\BCMWLTRY.EXE
(Promethean) C:\Program Files\Activ Software\ActivDriver\ActivControlsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\WINDOWS\system32\dmwu.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(ATI Technologies, Inc.) C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Dell Inc.) C:\WINDOWS\system32\WLTRAY.EXE
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\Activ Software\ActivDriver\ActivMgr.exe
() C:\WINDOWS\system32\mjcm\dnkt.exe
() C:\Program Files\Activ Software\ActivDriver\FlashExtension\flashbridge-wrapper-crossplatform.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ATIPTA] => C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [344064 2005-07-06] (ATI Technologies, Inc.)
HKLM\...\Run: [AVG_TRAY] => C:\Program Files\AVG\AVG2012\avgtray.exe [2415456 2011-12-03] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [igfxhkcmd] => C:\WINDOWS\system32\hkcmd.exe [77824 2006-09-15] (Intel Corporation)
HKLM\...\Run: [igfxpers] => C:\WINDOWS\system32\igfxpers.exe [118784 2006-09-15] (Intel Corporation)
HKLM\...\Run: [BluetoothAuthenticationAgent] => rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\WINDOWS\system32\WLTRAY.exe [1392640 2007-03-16] (Dell Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM\...\Run: [ActivManager] => C:\Program Files\Activ Software\ActivDriver\ActivMgr.exe [683872 2013-11-22] ()
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
HKU\S-1-5-21-789336058-1614895754-839522115-500\...\Run: [BitTorrent] => "C:\Program Files\BitTorrent\BitTorrent.exe"  /MINIMIZED
HKU\S-1-5-21-789336058-1614895754-839522115-500\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-12-24] (Google Inc.)
HKU\S-1-5-21-789336058-1614895754-839522115-500\...\MountPoints2: G - G:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-789336058-1614895754-839522115-500\...\MountPoints2: {f8c31e74-2925-11e3-ba6e-00164149e28e} - F:\LGAutoRun.exe
Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ActivSDK Flash Extension.lnk
ShortcutTarget: ActivSDK Flash Extension.lnk -> C:\WINDOWS\Installer\{19541760-F18C-4148-8A55-F0A88B41DF0A}\NewShortcut1_31C7358B35944FA781961EEA93A9077C.exe (Flexera Software, Inc.)
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.ca/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKCU - DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid=&crg=3.1010000.10014&st=23&st=23
SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid=&crg=3.1010000.10014&st=23&st=23
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Program Files\Java\jre1.6.0_22\lib\deploy\jqs\ie\jqs_plugin.dll No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF HKLM\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files\AVG\AVG2012\Firefox4
FF Extension: AVG Safe Search - C:\Program Files\AVG\AVG2012\Firefox4 [2011-12-15]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-12-25]
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre1.6.0_22\lib\deploy\jqs\ff
 
Chrome: 
=======
CHR CustomProfile: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (YouTube) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-22]
CHR Extension: (Google Search) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-16]
CHR Extension: (AdBlock) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-03-21]
CHR Extension: (AVG Safe Search) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla [2011-12-16]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-07]
CHR Extension: (SweetPacks Chrome Extension) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj [2012-12-22]
CHR Extension: (Gmail) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-16]
CHR HKLM\...\Chrome\Extension: [jmfkcklnlgedgbglfkkgedjfmejoahla] - C:\Program Files\AVG\AVG2012\Chrome\safesearch.crx [2011-10-14]
CHR HKLM\...\Chrome\Extension: [ogccgbmabaphcakpiclgcnmcnimhokcj] - C:\Windows\System32\mjcm\SweetNT.crx [2014-06-24]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ActivControl; C:\Program Files\Activ Software\ActivDriver\ActivControlsvc.exe [21864 2013-11-22] (Promethean)
S2 AVGIDSAgent; C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe [4433248 2011-10-12] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2012\avgwdsvc.exe [192776 2011-08-02] (AVG Technologies CZ, s.r.o.)
R2 IBUpdaterService; C:\WINDOWS\system32\dmwu.exe [2387760 2014-09-17] ()
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-10-01] (Oracle Corporation)
R2 wltrysvc; C:\WINDOWS\System32\bcmwltry.exe [1253376 2007-03-16] (Dell Inc.) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ACTIVhidmini; C:\WINDOWS\System32\DRIVERS\ACTIVhidmini.sys [87296 2012-10-30] (Promethean Technologies Ltd)
S3 AndNetDiag; C:\WINDOWS\System32\DRIVERS\lgandnetdiag.sys [23040 2012-07-03] (LG Electronics Inc.)
S3 ANDNetModem; C:\WINDOWS\System32\DRIVERS\lgandnetmodem.sys [27776 2012-07-03] (LG Electronics Inc.)
R3 AVGIDSDriver; C:\WINDOWS\System32\DRIVERS\AVGIDSDriver.Sys [134608 2011-07-11] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSEH; C:\WINDOWS\System32\DRIVERS\AVGIDSEH.Sys [23120 2011-07-11] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSFilter; C:\WINDOWS\System32\DRIVERS\AVGIDSFilter.Sys [24272 2011-07-11] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\AVGIDSShim.Sys [16720 2011-10-04] (AVG Technologies CZ, s.r.o. )
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [230608 2011-10-07] (AVG Technologies CZ, s.r.o.)
R1 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [40016 2011-08-08] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [32592 2011-09-13] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [295248 2011-07-11] (AVG Technologies CZ, s.r.o.)
R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [604928 2007-03-16] (Broadcom Corporation)
R3 GTIPCI21; C:\WINDOWS\System32\DRIVERS\gtipci21.sys [88192 2006-04-06] (Texas Instruments)
R3 HSFHWICH; C:\WINDOWS\System32\DRIVERS\HSFHWICH.sys [208384 2005-05-03] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.SYS [1033728 2005-05-03] (Conexant Systems, Inc.)
S3 prmvmouse; C:\WINDOWS\System32\DRIVERS\activmouse.sys [6656 2012-10-30] (Promethean Technologies Ltd)
S3 Secdrv; C:\WINDOWS\System32\DRIVERS\secdrv.sys [27440 2004-08-04] ()
R3 STAC97; C:\WINDOWS\System32\drivers\STAC97.sys [273168 2005-03-10] (SigmaTel, Inc.)
S3 tap0901; C:\WINDOWS\System32\DRIVERS\tap0901.sys [26624 2011-12-15] (The OpenVPN Project) [File not signed]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 UIUSys; system32\drivers\UIUSys.sys [X]
S3 USBAAPL; System32\Drivers\usbaapl.sys [X]
S3 w29n51; system32\DRIVERS\w29n51.sys [X]
U1 WS2IFSL; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-05 23:16 - 2014-10-05 23:17 - 00014009 _____ () C:\Documents and Settings\Administrator\Desktop\FRST.txt
2014-10-05 23:16 - 2014-10-05 23:16 - 01101312 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\FRST.exe
2014-10-05 23:16 - 2014-10-05 23:16 - 00000000 ____D () C:\FRST
2014-10-03 23:22 - 2014-10-03 23:27 - 00000134 _____ () C:\Documents and Settings\Administrator\Desktop\Microsoft Fix it.url
2014-10-03 23:18 - 2014-10-03 23:18 - 00000000 ____D () C:\Program Files\FreeISOBurner
2014-10-03 23:18 - 2014-10-03 23:18 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Free ISO Burner
2014-10-03 22:54 - 2014-10-03 23:32 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\ParetoLogic
2014-10-03 22:54 - 2014-10-03 22:54 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\ParetoLogic
2014-10-03 22:54 - 2014-10-03 22:54 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\DriverCure
2014-10-03 22:04 - 2014-10-03 22:11 - 1028653056 _____ () C:\Documents and Settings\Administrator\Desktop\ubuntu-14.04.1-desktop-amd64.iso
2014-10-02 04:49 - 2014-10-02 04:49 - 00007139 _____ () C:\Documents and Settings\Administrator\Desktop\hijackthis.log
2014-10-02 01:48 - 2014-10-02 01:48 - 00000000 ____D () C:\Documents and Settings\Administrator\My Documents\samsung
2014-10-02 01:38 - 2014-10-02 22:18 - 00000000 ____D () C:\WINDOWS\SxsCaPendDel
2014-10-02 01:06 - 2014-10-02 01:09 - 00000452 _____ () C:\Documents and Settings\Administrator\ACTIVstudioError.log
2014-10-02 01:06 - 2014-10-02 01:06 - 00000000 ____D () C:\Documents and Settings\Administrator\My Documents\Promethean
2014-10-02 01:06 - 2014-10-02 01:06 - 00000000 ____D () C:\Documents and Settings\Administrator\My Documents\Activ Software
2014-10-02 01:06 - 2014-10-02 01:06 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Promethean
2014-10-02 00:59 - 2014-10-05 08:00 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-10-02 00:57 - 2014-10-02 01:06 - 00002475 _____ () C:\Documents and Settings\All Users\Desktop\ActivInspire.lnk
2014-10-02 00:57 - 2014-10-02 00:57 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Activ Software
2014-10-02 00:56 - 2014-10-02 00:56 - 00000000 ____D () C:\Program Files\Common Files\Activ Software
2014-10-02 00:56 - 2014-10-02 00:56 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\ACTIV Software
2014-10-02 00:55 - 2014-10-02 01:06 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Promethean
2014-10-02 00:55 - 2014-10-02 01:02 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\activboard.pnp
2014-10-02 00:55 - 2014-10-02 00:56 - 00000000 ____D () C:\Program Files\Activ Software
2014-10-02 00:55 - 2014-10-02 00:56 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Activ Software
2014-10-02 00:55 - 2012-10-30 17:13 - 00087296 _____ (Promethean Technologies Ltd) C:\WINDOWS\system32\Drivers\ACTIVhidmini.sys
2014-10-02 00:55 - 2012-10-30 17:11 - 00006656 _____ (Promethean Technologies Ltd) C:\WINDOWS\system32\Drivers\activmouse.sys
2014-10-01 07:45 - 2014-10-02 23:49 - 00000024 _____ () C:\Documents and Settings\Administrator\random.dat
2014-10-01 07:45 - 2014-10-02 22:29 - 00000069 _____ () C:\Documents and Settings\Administrator\jagex_cl_runescape_LIVE.dat
2014-10-01 07:45 - 2014-10-01 07:45 - 00000000 ____D () C:\Documents and Settings\Administrator\jagexcache
2014-10-01 07:03 - 2014-10-01 07:03 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-10-01 07:02 - 2014-10-01 07:02 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Java
2014-10-01 07:02 - 2014-10-01 07:02 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Sun
2014-10-01 07:02 - 2014-10-01 07:02 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Oracle
2014-10-01 07:02 - 2014-10-01 07:01 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-10-01 07:02 - 2014-10-01 07:01 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-10-01 07:02 - 2014-10-01 07:01 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-10-01 07:02 - 2014-10-01 07:01 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2014-10-01 07:02 - 2014-10-01 07:01 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2014-10-01 07:01 - 2014-10-01 07:01 - 00000000 ____D () C:\Program Files\Java
2014-09-29 22:37 - 2014-09-29 22:38 - 00008839 _____ () C:\Documents and Settings\Administrator\Desktop\dds.txt
2014-09-29 22:37 - 2014-09-29 22:38 - 00003756 _____ () C:\Documents and Settings\Administrator\Desktop\attach.txt
2014-09-28 01:00 - 2014-09-28 01:00 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-09-26 22:38 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\system32\sqlite3.dll
2014-09-26 22:37 - 2014-09-26 22:38 - 00000000 ____D () C:\AdwCleaner
2014-09-26 07:57 - 2014-09-26 07:57 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\SWDS
2014-09-25 08:39 - 2014-09-25 08:39 - 00000108 _____ () C:\Documents and Settings\Administrator\hkghjgk.txt
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-05 23:17 - 2011-12-15 12:38 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Temp
2014-10-05 23:17 - 2011-12-15 12:12 - 00313294 _____ () C:\WINDOWS\WindowsUpdate.log
2014-10-05 23:11 - 2012-12-22 19:47 - 00000294 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-789336058-1614895754-839522115-500.job
2014-10-05 23:11 - 2011-12-16 17:35 - 00000896 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-05 23:11 - 2011-12-15 12:33 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-10-05 23:11 - 2011-12-15 11:21 - 00000157 _____ () C:\WINDOWS\wiadebug.log
2014-10-05 23:11 - 2011-12-15 11:21 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-10-05 08:50 - 2011-12-15 12:38 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2014-10-05 08:50 - 2011-12-15 12:38 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-10-05 08:50 - 2011-12-15 12:33 - 00032568 _____ () C:\WINDOWS\SchedLgU.Txt
2014-10-05 07:55 - 2011-12-16 17:35 - 00000900 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-05 04:50 - 2004-08-04 13:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl
2014-10-03 23:43 - 2011-12-15 11:16 - 00729991 _____ () C:\WINDOWS\setupapi.log
2014-10-03 23:40 - 2011-12-15 11:08 - 00000000 ____D () C:\WINDOWS\security
2014-10-03 22:55 - 2011-12-15 12:38 - 00001599 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
2014-10-03 22:55 - 2011-12-15 12:14 - 00001607 _____ () C:\Documents and Settings\All Users\Start Menu\Set Program Access and Defaults.lnk
2014-10-03 22:55 - 2011-12-15 12:14 - 00001507 _____ () C:\Documents and Settings\All Users\Start Menu\Windows Update.lnk
2014-10-02 07:49 - 2013-12-25 21:09 - 00071888 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2014-10-02 04:47 - 2011-12-15 13:30 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData
2014-10-02 02:04 - 2011-12-15 11:16 - 00189560 _____ () C:\WINDOWS\setupact.log
2014-10-02 01:53 - 2013-12-25 21:22 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Samsung
2014-10-02 01:53 - 2013-12-25 21:22 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Samsung
2014-10-02 01:53 - 2013-12-25 21:13 - 00000000 ____D () C:\Program Files\Samsung
2014-10-02 01:53 - 2013-12-25 21:13 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Samsung
2014-10-02 01:53 - 2011-12-15 13:14 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-10-02 01:46 - 2014-01-04 21:09 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-10-02 01:46 - 2012-12-23 10:00 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Apple Computer
2014-10-02 01:46 - 2012-12-23 09:58 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-10-02 01:41 - 2012-12-22 19:35 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\BitTorrent
2014-10-02 00:59 - 2012-12-22 23:04 - 00426184 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-10-02 00:59 - 2012-12-22 23:04 - 00070344 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-09-27 19:01 - 2012-12-22 19:47 - 00000302 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-789336058-1614895754-839522115-500.job
2014-09-26 07:59 - 2014-06-23 02:13 - 00000000 ____D () C:\WINDOWS\system32\mjcm
2014-09-26 07:58 - 2013-06-10 12:05 - 00000000 ____D () C:\WINDOWS\system32\WNLT
2014-09-26 07:57 - 2013-06-10 12:05 - 00000000 ____D () C:\WINDOWS\system32\ARFC
2014-09-19 08:24 - 2013-01-06 19:06 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\vlc
2014-09-17 14:01 - 2014-06-25 02:14 - 02387760 _____ () C:\WINDOWS\system32\dmwu.exe
2014-09-17 13:55 - 2013-06-10 12:05 - 00027136 _____ (IncrediMail, Ltd.) C:\WINDOWS\system32\ImHttpComm.dll
2014-09-16 15:20 - 2013-06-10 12:05 - 00773968 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr100.dll
2014-09-16 15:20 - 2013-06-10 12:05 - 00632656 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr80.dll
2014-09-16 15:20 - 2013-06-10 12:05 - 00554832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp80.dll
2014-09-16 15:20 - 2013-06-10 12:05 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcm80.dll
2014-09-16 15:20 - 2013-06-10 12:05 - 00421200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp100.dll
2014-09-16 15:20 - 2013-06-10 12:05 - 00001870 _____ () C:\WINDOWS\system32\Microsoft.VC80.CRT.manifest
2014-09-12 00:20 - 2012-12-26 09:22 - 00001324 _____ () C:\WINDOWS\system32\d3d9caps.dat
 
Files to move or delete:
====================
C:\Documents and Settings\Administrator\jagex_cl_runescape_LIVE.dat
C:\Documents and Settings\Administrator\random.dat
 
 
Some content of TEMP:
====================
C:\Documents and Settings\Administrator\Local Settings\Temp\InstallPlugin.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End Of Log ============================
 
ADDITION
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 06-10-2014
Ran by Administrator at 2014-10-05 23:17:57
Running from C:\Documents and Settings\Administrator\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG Anti-Virus Free Edition 2012 (Disabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
ActivDriver x86 v5.9 (HKLM\...\{19541760-F18C-4148-8A55-F0A88B41DF0A}) (Version: 5.9.27 - Promethean)
ActivInspire Core Resources (ESP) v1 (HKLM\...\{A12D438F-3D20-4D84-985B-99FB78C2E2FA}) (Version: 1.6.3 - Promethean)
ActivInspire Help (ESP) v1 (HKLM\...\{00D4487C-7E0A-4E0B-9E3D-AA5591B16E1A}) (Version: 1.6.3 - Promethean)
ActivInspire HWR Resources (ESP) v1 (HKLM\...\{8B7D1EDE-EDBD-4AB7-9BFC-8C6B71893B90}) (Version: 1.7.1 - Promethean)
ActivInspire v1 (HKLM\...\{D292E0F0-07D0-47B6-8B50-BCEBE67A17C4}) (Version: 1.8.64868 - Promethean)
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.5.502.135 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM\...\{9BFB1FAB-8FC4-4FAA-9B2D-2B121834B659}) (Version: 11.3.300.268 - Adobe Systems Incorporated)
ATI - Software Uninstall Utility (HKLM\...\All ATI Software) (Version: 6.14.10.1012 - )
ATI Control Panel (HKLM\...\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}) (Version: 6.14.10.5154 - )
ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.131.1.2-050706a-025030C-Dell - )
AVG 2012 (HKLM\...\AVG) (Version: 2012.0.1890 - AVG Technologies)
AVG 2012 (Version: 12.0.1890 - AVG Technologies) Hidden
AVG 2012 (Version: 12.0.2637 - AVG Technologies) Hidden
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Gigabit Integrated Controller (HKLM\...\{7E369B27-13E2-41A5-9879-358EE1C8B5AD}) (Version: 9.02.06 - Broadcom Corporation)
C-Major Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 42xx - SigmaTel)
Conexant D110 MDC V.92 Modem (HKLM\...\CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1) (Version:  - )
Dell Wireless WLAN Card (HKLM\...\Broadcom 802.11b Network Adapter) (Version: 4.100.15.8 - Dell Inc.)
Free ISO Burner (HKLM\...\Free ISO Burner_is1) (Version: 1.0 - Media Freeware)
Google Chrome (HKLM\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
IB Updater Service (HKLM\...\WNLT) (Version: 5.1.4.1 - ) <==== ATTENTION
Intel® Graphics Media Accelerator Driver for Mobile (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4693 - )
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (Version: 2.1.67.1 - Oracle, Inc.) Hidden
LG United Mobile Drivers (HKLM\...\{5DB849D6-9392-4FB7-9ABB-87ED433152E5}) (Version: 3.8.1 - LG Electronics)
Malwarebytes' Anti-Malware version 1.51.2.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.51.2.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
MSXML 6.0 Parser (KB933579) (HKLM\...\{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}) (Version: 6.10.1200.0 - Microsoft Corporation)
OpenOffice.org 3.3 (HKLM\...\{82AF3E91-57E1-4754-84D0-40A46E2479AB}) (Version: 3.3.9567 - OpenOffice.org)
Texas Instruments PCIxx21/x515/xx12 drivers. (HKLM\...\InstallShield_{0E0479F8-180F-4054-B4F7-17EE657F90BF}) (Version: 2.00.0000 - Texas Instruments Inc.)
TIPCI (Version: 2.00.0000 - Texas Instruments Inc.) Hidden
VLC media player 2.0.5 (HKLM\...\VLC media player) (Version: 2.0.5 - VideoLAN)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation)
Windows Installer 3.1 (KB893803) (HKLM\...\KB893803v2) (Version:  - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Yahoo! Detect (HKLM\...\YTdetect) (Version:  - )
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
12-09-2014 02:08:45 System Checkpoint
14-09-2014 19:06:08 System Checkpoint
18-09-2014 19:37:35 System Checkpoint
24-09-2014 21:17:18 System Checkpoint
25-09-2014 21:46:05 System Checkpoint
29-09-2014 23:54:06 System Checkpoint
01-10-2014 03:20:05 System Checkpoint
01-10-2014 05:50:29 Removed Java™ 6 Update 27
01-10-2014 05:51:36 Removed Java™ 6 Update 22
01-10-2014 06:01:31 Installed Java 7 Update 67
01-10-2014 23:54:08 Instalado ActivInspire
02-10-2014 00:37:45 Removed Apple Application Support
02-10-2014 00:38:36 Removed Apple Mobile Device Support
02-10-2014 00:39:18 Removed Apple Software Update
02-10-2014 00:44:07 Removed iTunes
02-10-2014 00:47:22 Removed SweetIM for Messenger 3.7
02-10-2014 00:48:22 Removed Update Manager for SweetPacks 1.1
02-10-2014 00:51:38 Removed Samsung Kies
02-10-2014 01:02:12 Removed Internet Explorer Toolbar 4.6 by SweetPacks
04-10-2014 22:04:23 System Checkpoint
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2004-08-04 13:00 - 2004-08-04 13:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-789336058-1614895754-839522115-500.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-789336058-1614895754-839522115-500.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-12-20 17:56 - 2007-03-16 19:10 - 00020480 _____ () C:\WINDOWS\System32\WLTRYSVC.EXE
2012-12-20 17:56 - 2007-03-16 19:10 - 00757760 _____ () C:\WINDOWS\System32\bcm1xsup.dll
2014-06-25 02:14 - 2014-09-17 14:01 - 02387760 _____ () C:\WINDOWS\system32\dmwu.exe
2013-11-22 13:01 - 2013-11-22 13:01 - 00683872 _____ () C:\Program Files\Activ Software\ActivDriver\ActivMgr.exe
2013-11-22 13:02 - 2013-11-22 13:02 - 00190824 _____ () C:\WINDOWS\libactivboardex.dll
2014-09-17 14:01 - 2014-09-17 14:01 - 00730928 _____ () C:\WINDOWS\system32\mjcm\dnkt.exe
2014-09-17 14:01 - 2014-09-17 14:01 - 01778480 _____ () C:\WINDOWS\system32\mjcm\5141\nsib.dll
2013-11-22 13:02 - 2013-11-22 13:02 - 00523152 _____ () C:\Program Files\Activ Software\ActivDriver\FlashExtension\flashbridge-wrapper-crossplatform.exe
2013-11-22 13:01 - 2013-11-22 13:01 - 00087392 _____ () C:\Program Files\Activ Software\ActivDriver\FlashExtension\activsdk2.dll
2013-11-22 13:02 - 2013-11-22 13:02 - 00388456 _____ () C:\Program Files\Activ Software\ActivDriver\FlashExtension\activsystem1.dll
2013-11-22 13:01 - 2013-11-22 13:01 - 00691552 _____ () C:\Program Files\Activ Software\ActivDriver\FlashExtension\QtNetwork4.dll
2013-11-22 13:01 - 2013-11-22 13:01 - 02152792 _____ () C:\Program Files\Activ Software\ActivDriver\FlashExtension\QtCore4.dll
2013-11-22 13:01 - 2013-11-22 13:01 - 00341848 _____ () C:\Program Files\Activ Software\ActivDriver\FlashExtension\QtXml4.dll
2013-11-22 13:01 - 2013-11-22 13:01 - 07989592 _____ () C:\Program Files\Activ Software\ActivDriver\FlashExtension\QtGui4.dll
2013-11-22 13:02 - 2013-11-22 13:02 - 00126296 _____ () C:\Program Files\Activ Software\ActivDriver\FlashExtension\plugins\imageformats\qjpeg4.dll
2011-01-17 17:19 - 2011-12-16 17:33 - 00985088 _____ () C:\Program Files\OpenOffice.org 3\program\libxml2.dll
2004-08-04 13:00 - 2004-08-04 13:00 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2004-08-04 13:00 - 2004-08-04 13:00 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2014-09-24 23:05 - 2014-09-23 05:07 - 08577864 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.124\pdf.dll
2014-09-24 23:05 - 2014-09-23 05:07 - 00331592 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll
2014-09-24 23:05 - 2014-09-23 05:06 - 01660232 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.124\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-789336058-1614895754-839522115-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
Guest (S-1-5-21-789336058-1614895754-839522115-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-789336058-1614895754-839522115-1000 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-789336058-1614895754-839522115-1002 - Limited - Disabled)
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/30/2014 08:55:20 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11469
 
Error: (09/30/2014 08:55:20 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11469
 
Error: (09/30/2014 08:55:20 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (09/30/2014 08:55:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2000
 
Error: (09/30/2014 08:55:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2000
 
Error: (09/30/2014 08:55:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (09/28/2014 08:59:53 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15641
 
Error: (09/28/2014 08:59:53 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15641
 
Error: (09/28/2014 08:59:53 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (09/18/2014 08:20:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application itunes.exe, version 11.1.3.8, faulting module itunesmobiledevice.dll, version 710.0.0.4, fault address 0x000ebc67.
Processing media-specific event for [itunes.exe!ws!]
 
 
System errors:
=============
Error: (10/05/2014 04:50:54 AM) (Source: 0) (EventID: 7) (User: )
Description: \Device\CdRom0
 
Error: (10/05/2014 04:50:54 AM) (Source: 0) (EventID: 7) (User: )
Description: \Device\CdRom0
 
Error: (10/05/2014 04:50:54 AM) (Source: 0) (EventID: 7) (User: )
Description: \Device\CdRom0
 
Error: (10/04/2014 10:10:06 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
 
Error: (10/04/2014 10:09:29 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
 
Error: (10/04/2014 11:55:02 AM) (Source: 0) (EventID: 7) (User: )
Description: \Device\CdRom0
 
Error: (10/04/2014 11:26:37 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
 
Error: (10/04/2014 11:26:04 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
 
Error: (10/04/2014 00:16:40 AM) (Source: 0) (EventID: 7) (User: )
Description: \Device\CdRom0
 
Error: (10/03/2014 11:47:24 PM) (Source: 0) (EventID: 7) (User: )
Description: \Device\CdRom0
 
 
Microsoft Office Sessions:
=========================
Error: (09/30/2014 08:55:20 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11469
 
Error: (09/30/2014 08:55:20 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11469
 
Error: (09/30/2014 08:55:20 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (09/30/2014 08:55:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2000
 
Error: (09/30/2014 08:55:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2000
 
Error: (09/30/2014 08:55:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (09/28/2014 08:59:53 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15641
 
Error: (09/28/2014 08:59:53 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15641
 
Error: (09/28/2014 08:59:53 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (09/18/2014 08:20:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: itunes.exe11.1.3.8itunesmobiledevice.dll710.0.0.4000ebc67
 
 
==================== Memory info =========================== 
 
Processor:  Intel® Pentium® M processor 2.13GHz
Percentage of memory in use: 33%
Total physical RAM: 2047.36 MB
Available physical RAM: 1357.32 MB
Total Pagefile: 3430.35 MB
Available Pagefile: 2752.71 MB
Total Virtual: 2047.88 MB
Available Virtual: 1934.15 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:27.95 GB) (Free:17.23 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (NEW VOLUME) (Fixed) (Total:9.3 GB) (Free:9.29 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 37.3 GB) (Disk ID: 4F60A60C)
Partition 1: (Active) - (Size=27.9 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=9.3 GB) - (Type=0C)
 
==================== End Of Log ============================
 
FSS
 
Farbar Service Scanner Version: 21-07-2014
Ran by Administrator (administrator) on 05-10-2014 at 23:19:12
Running from "C:\Documents and Settings\Administrator\Desktop"
Microsoft Windows XP Professional Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is unreachable
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Security Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Other Services:
==============
 
 
File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\afd.sys => File is digitally signed
C:\WINDOWS\system32\Drivers\netbt.sys => File is digitally signed
C:\WINDOWS\system32\Drivers\tcpip.sys => File is digitally signed
C:\WINDOWS\system32\Drivers\ipsec.sys => File is digitally signed
C:\WINDOWS\system32\dnsrslvr.dll => File is digitally signed
C:\WINDOWS\system32\ipnathlp.dll => File is digitally signed
C:\WINDOWS\system32\netman.dll => File is digitally signed
C:\WINDOWS\system32\wbem\WMIsvc.dll => File is digitally signed
C:\WINDOWS\system32\srsvc.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\sr.sys => File is digitally signed
C:\WINDOWS\system32\wscsvc.dll => File is digitally signed
C:\WINDOWS\system32\wbem\WMIsvc.dll => File is digitally signed
C:\WINDOWS\system32\wuauserv.dll => File is digitally signed
C:\WINDOWS\system32\qmgr.dll => File is digitally signed
C:\WINDOWS\system32\es.dll => File is digitally signed
C:\WINDOWS\system32\cryptsvc.dll => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
 
Extra List:
=======
Avgtdix(8) Gpc(3) IPSec(5) NetBT(6) PSched(7) RFCOMM(9) Tcpip(4) 
0x09000000050000000100000002000000030000000400000008000000060000000700000009000000
IpSec Tag value is correct.
 
**** End of log ****
 
RESULT
 
MiniToolBox by Farbar  Version: 21-07-2014
Ran by Administrator (administrator) on 05-10-2014 at 23:20:35
Running from "C:\Documents and Settings\Administrator\Desktop"
Microsoft Windows XP Professional Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
 
Windows IP Configuration
 
 
 
Successfully flushed the DNS Resolver Cache.
 
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
 
 
127.0.0.1       localhost
 
========================= IP Configuration: ================================
 
Dell Wireless 1470 Dual Band WLAN Mini-PCI Card = Wireless Network Connection 2 (Connected)
Broadcom NetXtreme 57xx Gigabit Controller = Local Area Connection (Media disconnected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)
 
 
# ---------------------------------- 
# Interface IP Configuration         
# ---------------------------------- 
pushd interface ip
 
 
# Interface IP Configuration for "Local Area Connection"
 
set address name="Local Area Connection" source=dhcp 
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp
 
# Interface IP Configuration for "Wireless Network Connection 2"
 
set address name="Wireless Network Connection 2" source=dhcp 
set dns name="Wireless Network Connection 2" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection 2" source=dhcp
 
# Interface IP Configuration for "Bluetooth Network Connection"
 
set address name="Bluetooth Network Connection" source=dhcp 
set dns name="Bluetooth Network Connection" source=dhcp register=PRIMARY
set wins name="Bluetooth Network Connection" source=dhcp
 
 
popd
# End of interface IP configuration
 
 
 
 
Windows IP Configuration
 
 
 
        Host Name . . . . . . . . . . . . : dell-d610
 
        Primary Dns Suffix  . . . . . . . : 
 
        Node Type . . . . . . . . . . . . : Mixed
 
        IP Routing Enabled. . . . . . . . : No
 
        WINS Proxy Enabled. . . . . . . . : No
 
 
 
Ethernet adapter Local Area Connection:
 
 
 
        Media State . . . . . . . . . . . : Media disconnected
 
        Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controller
 
        Physical Address. . . . . . . . . : 00-15-C5-04-5B-63
 
 
 
Ethernet adapter Wireless Network Connection 2:
 
 
 
        Connection-specific DNS Suffix  . : 
 
        Description . . . . . . . . . . . : Dell Wireless 1470 Dual Band WLAN Mini-PCI Card
 
        Physical Address. . . . . . . . . : 00-14-A5-4B-3E-42
 
        Dhcp Enabled. . . . . . . . . . . : Yes
 
        Autoconfiguration Enabled . . . . : Yes
 
        IP Address. . . . . . . . . . . . : 192.168.1.36
 
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
 
        Default Gateway . . . . . . . . . : 192.168.1.1
 
        DHCP Server . . . . . . . . . . . : 192.168.1.1
 
        DNS Servers . . . . . . . . . . . : 192.168.1.1
 
        Lease Obtained. . . . . . . . . . : 05 October 2014 23:11:32
 
        Lease Expires . . . . . . . . . . : 06 October 2014 23:11:32
 
 
 
Ethernet adapter Bluetooth Network Connection:
 
 
 
        Media State . . . . . . . . . . . : Media disconnected
 
        Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
 
        Physical Address. . . . . . . . . : 00-16-41-49-E2-8E
 
Server:  UnKnown
Address:  192.168.1.1
 
Name:    google.com
Addresses:  74.125.230.34, 74.125.230.39, 74.125.230.33, 74.125.230.37
 74.125.230.32, 74.125.230.46, 74.125.230.41, 74.125.230.40, 74.125.230.35
 74.125.230.38, 74.125.230.36
 
 
 
Pinging google.com [74.125.230.34] with 32 bytes of data:
 
 
 
Reply from 74.125.230.34: bytes=32 time=44ms TTL=55
 
Reply from 74.125.230.34: bytes=32 time=47ms TTL=55
 
 
 
Ping statistics for 74.125.230.34:
 
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
 
Approximate round trip times in milli-seconds:
 
    Minimum = 44ms, Maximum = 47ms, Average = 45ms
 
Server:  UnKnown
Address:  192.168.1.1
 
Name:    yahoo.com
Addresses:  98.138.253.109, 206.190.36.45, 98.139.183.24
 
 
 
Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
 
 
 
Reply from 98.139.183.24: bytes=32 time=182ms TTL=47
 
Reply from 98.139.183.24: bytes=32 time=183ms TTL=47
 
 
 
Ping statistics for 98.139.183.24:
 
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
 
Approximate round trip times in milli-seconds:
 
    Minimum = 182ms, Maximum = 183ms, Average = 182ms
 
 
 
Pinging 127.0.0.1 with 32 bytes of data:
 
 
 
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
 
 
Ping statistics for 127.0.0.1:
 
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
 
Approximate round trip times in milli-seconds:
 
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
 
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 15 c5 04 5b 63 ...... Broadcom NetXtreme 57xx Gigabit Controller - Packet Scheduler Miniport
0x3 ...00 14 a5 4b 3e 42 ...... Dell Wireless 1470 Dual Band WLAN Mini-PCI Card - Packet Scheduler Miniport
0x10005 ...00 16 41 49 e2 8e ...... Bluetooth Device (Personal Area Network)
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.36  25
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1  1
      169.254.0.0      255.255.0.0     192.168.1.36    192.168.1.36  20
      192.168.1.0    255.255.255.0     192.168.1.36    192.168.1.36  25
     192.168.1.36  255.255.255.255        127.0.0.1       127.0.0.1  25
    192.168.1.255  255.255.255.255     192.168.1.36    192.168.1.36  25
        224.0.0.0        240.0.0.0     192.168.1.36    192.168.1.36  25
  255.255.255.255  255.255.255.255     192.168.1.36    192.168.1.36  1
  255.255.255.255  255.255.255.255     192.168.1.36               2  1
  255.255.255.255  255.255.255.255     192.168.1.36           10005  1
Default Gateway:       192.168.1.1
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\system32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog5 05 C:\WINDOWS\system32\wshbth.dll [108032] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\system32\rsvpsp.dll [90112] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\system32\rsvpsp.dll [90112] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
 
**** End of log ****
 
Summary file is attached to post. I think these 5 are all you asked for, it you require more, please let me know. Let me know what you find out and my next steps! 
 
Thank you!
 

 

Attached Files



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,764 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:37 PM

Posted 06 October 2014 - 01:44 PM

Hi Chris,

Yes, light reading. :)

Can you tell me which browser(s) you are using?

At this point I do not think your problem is malware related. We will address some things and then attempt to address what I believe is the underlying issue. I will tell you from the start I may end up referring you to the Networking Forum if I feel like I am getting close to doing more harm than good since I am not a Networking expert. Having said that, my goal is to try to take care of your situation from start to finish.

Please consider and start with this.

===================================================

P2P Warning

--------------------

Going over your logs I noticed that you have Bit Torrent installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall Bit Torrent, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities. .

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed click on Clean
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
  • You can also find the logfile at C:\AdwCleaner\AdwCleaner.txt
===================================================

Junkware Removal Tool by thisisu

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 UIUSys; system32\drivers\UIUSys.sys [X]
S3 USBAAPL; System32\Drivers\usbaapl.sys [X]
S3 w29n51; system32\DRIVERS\w29n51.sys [X]
U1 WS2IFSL; No ImagePath
C:\Documents and Settings\Administrator\jagex_cl_runescape_LIVE.dat
C:\Documents and Settings\Administrator\random.dat
C:\Documents and Settings\Administrator\Local Settings\Temp\InstallPlugin.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\Quarantine.exe
Folder: C:\WINDOWS\SxsCaPendDel
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Browser(s)?
  • AdwCleaner log
  • Junkware log
  • Fixlog

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 bluejayhope

bluejayhope
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sevilla, Spain
  • Local time:10:37 PM

Posted 07 October 2014 - 12:28 PM

Good afternoon Oh My!

 

Thanks for the reply, here is the desired inofrmation.

 

I use Google Chrome as my browser. Also, I deleted BitTorrent as it was on here from when I bought the laptop. I deleted it from the Add/Remove programs list.

 

Now the txt files

 

ADWCLEANER

 

# AdwCleaner v3.311 - Report created 07/10/2014 at 02:38:45
# Updated 30/09/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 2 (32 bits)
# Username : Administrator - DELL-D610
# Running from : C:\Documents and Settings\Administrator\Desktop\AdwCleaner (1).exe
# Option : Clean
 
***** [ Services ] *****
 
[#] Service Deleted : IBUpdaterService
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Documents and Settings\All Users\Application Data\ParetoLogic
Folder Deleted : C:\WINDOWS\system32\ARFC
Folder Deleted : C:\WINDOWS\system32\jmdp
Folder Deleted : C:\WINDOWS\system32\WNLT
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\DriverCure
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\ParetoLogic
[!] Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
[!] Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
File Deleted : C:\WINDOWS\system32\dmwu.exe
File Deleted : C:\WINDOWS\system32\ImhxxpComm.dll
File Deleted : C:\Documents and Settings\Administrator\AppData\LocalLow\SkwConfig.bin
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\WINDOWS\system32\ARFC\wrtc.exe]
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKCU\Software\SweetIM
Key Deleted : HKCU\Software\WNLT
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\SOFTWARE\ParetoLogic
Key Deleted : HKLM\SOFTWARE\SweetIM
Key Deleted : HKLM\SOFTWARE\WNLT
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WNLT
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WNLT
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
 
-\\ Google Chrome v37.0.2062.124
 
[ File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid=&crg=3.1010000.10014&st=23&st=23
Deleted [Search Provider] : hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid=&crg=3.1010000.10014&st=23&st=23
 
*************************
 
AdwCleaner[R0].txt - [17577 octets] - [26/09/2014 22:37:06]
AdwCleaner[R1].txt - [3772 octets] - [07/10/2014 02:31:41]
AdwCleaner[S0].txt - [4098 octets] - [07/10/2014 02:38:45]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4158 octets] ##########
 
JRT
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.1 (10.06.2014:1)
OS: Microsoft Windows XP x86
Ran by Administrator on 07/10/2014 at  2:56:40.70
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\Documents and Settings\Administrator\appdata\locallow\skwconfig.bin"
 
 
 
~~~ Folders
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 07/10/2014 at  2:59:16.96
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
FIXLOG
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 06-10-2014
Ran by Administrator at 2014-10-07 03:01:29 Run:1
Running from C:\Documents and Settings\Administrator\Desktop
Loaded Profile: Administrator (Available profiles: Administrator)
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 UIUSys; system32\drivers\UIUSys.sys [X]
S3 USBAAPL; System32\Drivers\usbaapl.sys [X]
S3 w29n51; system32\DRIVERS\w29n51.sys [X]
U1 WS2IFSL; No ImagePath
C:\Documents and Settings\Administrator\jagex_cl_runescape_LIVE.dat
C:\Documents and Settings\Administrator\random.dat
C:\Documents and Settings\Administrator\Local Settings\Temp\InstallPlugin.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\Quarantine.exe
Folder: C:\WINDOWS\SxsCaPendDel
*****************
 
dgderdrv => Service deleted successfully.
UIUSys => Service deleted successfully.
USBAAPL => Service deleted successfully.
w29n51 => Service deleted successfully.
WS2IFSL => Service deleted successfully.
C:\Documents and Settings\Administrator\jagex_cl_runescape_LIVE.dat => Moved successfully.
C:\Documents and Settings\Administrator\random.dat => Moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\InstallPlugin.exe => Moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\Quarantine.exe => Moved successfully.
 
========================= Folder: C:\WINDOWS\SxsCaPendDel ========================
 
 
====== End of Folder: ======
 
 
==== End of Fixlog ====
 
 
Thanks for your time and help!

 



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,764 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:37 PM

Posted 07 October 2014 - 01:07 PM

Hi Chris,

Thank you for the information. Please do this.

===================================================

Modifying Chrome SSL Settings

-------------------
  • Launch Chrome
  • Select the Chrome menu icon on the toolbar (3 horizontal bars)
  • Click Settings (you may be there by default)
  • Click Show Advanced Settings...
  • In the HTTPS/SSL section click Manage Certificates...
  • Click the Immediate Certification Authorities tab at the top
  • Please tell me what Certificates are listed
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Certificate list

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 bluejayhope

bluejayhope
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sevilla, Spain
  • Local time:10:37 PM

Posted 07 October 2014 - 01:46 PM

  Is  there a specific way to copy them? I've exported them to a file of some sort and it isn't letting me paste them onto the reply. I can take screen shots and upload those if that works also...



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,764 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:37 PM

Posted 07 October 2014 - 02:00 PM

Screen shot is perfect.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 bluejayhope

bluejayhope
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sevilla, Spain
  • Local time:10:37 PM

Posted 07 October 2014 - 02:07 PM

 Attached File  certificates.JPG   136.65KB   0 downloads



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,764 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:37 PM

Posted 07 October 2014 - 02:18 PM

Are you able to successfully navigate to other web sites? If so, what email account are you trying to access, Gmail, Yahoo, etc.?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 bluejayhope

bluejayhope
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sevilla, Spain
  • Local time:10:37 PM

Posted 07 October 2014 - 03:18 PM

I am trying to use MSN Live account



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,764 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:37 PM

Posted 07 October 2014 - 03:28 PM

Are you able to successfully navigate to other web sites?


EDIT:
Can you verify the date and time on your computer are correct?

Edited by Oh My!, 07 October 2014 - 03:34 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 bluejayhope

bluejayhope
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sevilla, Spain
  • Local time:10:37 PM

Posted 07 October 2014 - 03:48 PM

they are not. It says its 06:25 when in reality it's 22:48, so it's definitely behind quiet a bit. I haven't been too bothered to change it

 

Almost all other sites I can navigate, however the odd one here and there gives me the same warning and inability to continue further


Edited by bluejayhope, 07 October 2014 - 03:49 PM.


#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,764 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:37 PM

Posted 07 October 2014 - 05:03 PM

Please change the date/time so it is accurate and then try to access the site again.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 bluejayhope

bluejayhope
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sevilla, Spain
  • Local time:10:37 PM

Posted 07 October 2014 - 06:01 PM

Still won't let me. This is what I get on the page

 

Your connection is not private

Attackers might be trying to steal your information from www.outlook.com (for example, passwords, messages, or credit cards).

www.outlook.com normally uses encryption to protect your information. When Chrome tried to connect to www.outlook.com this time, the website sent back unusual and incorrect credentials. Either an attacker is trying to pretend to be www.outlook.com, or a Wi-Fi sign-in screen has interrupted the connection. Your information is still secure because Chrome stopped the connection before any data was exchanged.

You cannot visit www.outlook.com right now because the website sent scrambled credentials that Chrome cannot process. Network errors and attacks are usually temporary, so this page will probably work later.

NET::ERR_CERT_INVALID






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users