Hi my name is Jackie
I hope you can help. I have recently moved and haven't used my PC for a couple of months. I have just started it up and tried to access the internet. I received an error message saying "The Server's Security Certificates Revoked! You attempted to reach accounts@google.com but the certificate that the server presented has been revoked by its issuer. This means that the security credentials the server presented absolutely should not be trusted. You may be communicating with an attacker. You cannot proceed because the website operator has requested heightened security for this domain"
Also my Avast security keeps alerting me to infected webpages. Malwarebytes have also detected some malware.
I had a similar problem to this previously however due to moving I have not had access to internet or my computer and I think my previous post was closed.
I have posted my logs below:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2013.08.11.04
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Max :: MAX [administrator]
11/08/2013 18:25:21
mbam-log-2013-08-11 (18-25-21).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 258775
Time elapsed: 29 minute(s), 20 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\RECYCLER\S-1-5-21-823518204-1547161642-839522115-1004\$RA766E186 (Trojan.FakeMS) -> Quarantined and deleted successfully.
(end)
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 12/06/2010 15:36:45
System Uptime: 11/08/2013 19:18:39 (0 hours ago)
.
Motherboard: eveshamvale | | MS-7125
Processor: AMD Athlon(tm) 64 Processor 3200+ | Socket 939 | 2010/201mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 147 GiB total, 25.167 GiB free.
J: is FIXED (NTFS) - 932 GiB total, 198.292 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}
Description: CD-ROM Drive
Device ID: IDE\CDROMSONY_DVD_RW_DW-Q28A_____________________KYS1____\4&FB5CB90&0&1.0.0
Manufacturer: (Standard CD-ROM drives)
Name: SONY DVD RW DW-Q28A
PNP Device ID: IDE\CDROMSONY_DVD_RW_DW-Q28A_____________________KYS1____\4&FB5CB90&0&1.0.0
Service: cdrom
.
Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}
Description: CD-ROM Drive
Device ID: IDE\CDROMSONY_DVD-ROM_DDU1615____________________FYS2____\4&FB5CB90&0&1.1.0
Manufacturer: (Standard CD-ROM drives)
Name: SONY DVD-ROM DDU1615
PNP Device ID: IDE\CDROMSONY_DVD-ROM_DDU1615____________________FYS2____\4&FB5CB90&0&1.1.0
Service: cdrom
.
Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}
Description: CD-ROM Drive
Device ID: SCSI\CDROM&VEN_CRMB&PROD_C1AZKLIBSH&REV_3.5Z\5&2134D835&0&000
Manufacturer: (Standard CD-ROM drives)
Name: CRMB C1AZKLIBSH SCSI CdRom Device
PNP Device ID: SCSI\CDROM&VEN_CRMB&PROD_C1AZKLIBSH&REV_3.5Z\5&2134D835&0&000
Service: cdrom
.
==== System Restore Points ===================
.
RP975: 13/06/2013 02:32:23 - System Checkpoint
RP976: 13/06/2013 02:32:32 - OTL Restore Point - 13/06/2013 02:32:29
RP977: 13/06/2013 02:47:09 - Removed Java 7 Update 9
RP978: 13/06/2013 02:47:23 - Removed Java(TM) 6 Update 29
RP979: 13/06/2013 02:54:09 - Installed QuickTime
RP980: 24/06/2013 21:09:33 - Revo Uninstaller's restore point - Java(TM) 6 Update 29
RP981: 24/06/2013 21:13:38 - Removed Java(TM) 6 Update 29
RP982: 24/06/2013 21:20:33 - Revo Uninstaller's restore point - Java 7 Update 9
RP983: 24/06/2013 21:22:00 - Removed Java 7 Update 9
RP984: 11/08/2013 15:45:26 - Revo Uninstaller's restore point - Avira Free Antivirus
RP985: 11/08/2013 16:23:40 - Revo Uninstaller's restore point - Malwarebytes Anti-Malware version 1.75.0.1300
RP986: 11/08/2013 17:09:15 - avast! Free Antivirus Setup
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Media Player
Adobe Reader XI (11.0.03)
Agatha Christie - And Then There Were None
Apple Application Support
Apple Software Update
avast! Free Antivirus
BitComet 1.35
BlackBerry App World Browser Plugin
BlackBerry Desktop Software 7.1
BlackBerry Device Software Updater
Bonjour
CCleaner
Compatibility Pack for the 2007 Office system
Free Video to MP3 Converter version 5.0.22.128
Free YouTube Download version 3.2.0.128
Free YouTube to MP3 Converter version 3.12.0.128
Freemake Video Converter version 3.1.2
Google Chrome
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Junk Mail filter update
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office File Validation Add-In
Microsoft Office Live Add-in 1.5
Microsoft Office Outlook Connector
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual J# 2.0 Redistributable Package
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
NVIDIA ForceWare Network Access Manager
PowerDVD
QuickTime
Realtek AC'97 Audio
RegCure Pro
Revo Uninstaller 1.94
Secunia PSI (3.0.0.7009)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB2829530)
Security Update for Windows Internet Explorer 8 (KB2838727)
Security Update for Windows Internet Explorer 8 (KB2847204)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows XP (KB2839229)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB982381)
Segoe UI
Sky Broadband
Sky Broadband Browser Branding
SmartSound Quicktracks Plugin
Tweaking.com - Windows Repair (All in One)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB982632)
Virtual DJ - Atomix Productions
VLC media player 2.0.6
WebFldrs XP
Winamp
Winamp Detector Plug-in
Windows Imaging Component
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format Runtime
Windows Media Player Firefox Plugin
Windows XP Service Pack 3
WinRAR archiver
.
==== Event Viewer Messages From Past Week ========
.
11/08/2013 19:32:39, information: Windows File Protection [64002] - File replacement was attempted on the protected system file serial.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
11/08/2013 19:21:10, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: atapi PCIIde
11/08/2013 19:19:41, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
11/08/2013 16:33:30, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
11/08/2013 16:33:30, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
11/08/2013 15:32:54, error: Service Control Manager [7024] - The Distributed Transaction Coordinator service terminated with service-specific error 3221229584 (0xC0001010).
11/08/2013 15:13:08, error: Service Control Manager [7031] - The Avira Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
11/08/2013 15:13:07, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
11/08/2013 15:12:54, error: Service Control Manager [7031] - The Avira Real-Time Protection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
11/08/2013 15:09:04, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Volume Shadow Copy service to connect.
11/08/2013 15:09:04, error: Service Control Manager [7000] - The Volume Shadow Copy service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/08/2013 15:08:36, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
.
==== End Of File ===========================
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Max at 19:31:17 on 2013-08-11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.511.263 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
BHO: BitComet Helper: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - c:\program files\bitcomet\tools\BitCometBHO_1.5.4.11.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Free YouTube Download - c:\program files\common files\dvdvideosoft\plugins\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\program files\common files\dvdvideosoft\plugins\freeytmp3downloader.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - c:\program files\bitcomet\tools\BitCometBHO_1.5.4.11.dll/206
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: mswsock.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1351086641375
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{46B03ACA-D47D-4E37-BA15-FA6D2FEBA269} : DHCPNameServer = 192.168.1.254
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\28.0.1500.95\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-8-11 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-8-11 175176]
R0 nvcchflt;NVIDIA Disk Cache Filter Driver;c:\windows\system32\drivers\nvcchflt.sys [2005-2-11 16640]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-8-11 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-8-11 369584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-8-11 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-8-11 66336]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2011-12-7 54760]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf_x86.sys [2013-4-18 16024]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [2007-4-23 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [2007-4-23 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [2007-4-23 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [2007-4-23 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [2007-4-23 98568]
S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [2010-6-12 223128]
.
=============== File Associations ===============
.
ShellExec: BitComet.exe: open="c:\program files\bitcomet\BitComet.exe"
.
=============== Created Last 30 ================
.
2013-08-11 17:23:3122856----a-w-c:\windows\system32\drivers\mbam.sys
2013-08-11 17:22:51--------d-----w-c:\program files\Malwarebytes' Anti-Malware
2013-08-11 16:13:53770344----a-w-c:\windows\system32\drivers\aswSnx.sys
2013-08-11 16:13:5249376----a-w-c:\windows\system32\drivers\aswRvrt.sys
2013-08-11 16:13:52175176----a-w-c:\windows\system32\drivers\aswVmm.sys
2013-08-11 16:13:5166336----a-w-c:\windows\system32\drivers\aswMonFlt.sys
2013-08-11 16:11:0341664----a-w-c:\windows\avastSS.scr
2013-08-11 16:08:11--------d-----w-c:\documents and settings\all users\application data\AVAST Software
.
==================== Find3M ====================
.
2013-08-11 14:30:3171048----a-w-c:\windows\system32\FlashPlayerCPLApp.cpl
2013-08-11 14:30:31692104----a-w-c:\windows\system32\FlashPlayerApp.exe
2013-06-12 01:37:3615616----a-w-c:\windows\system32\drivers\TrueSight.sys
.
============= FINISH: 19:33:46.07 ===============
I hope you can help. I have recently moved and haven't used my PC for a couple of months. I have just started it up and tried to access the internet. I received an error message saying "The Server's Security Certificates Revoked! You attempted to reach accounts@google.com but the certificate that the server presented has been revoked by its issuer. This means that the security credentials the server presented absolutely should not be trusted. You may be communicating with an attacker. You cannot proceed because the website operator has requested heightened security for this domain"
Also my Avast security keeps alerting me to infected webpages. Malwarebytes have also detected some malware.
I had a similar problem to this previously however due to moving I have not had access to internet or my computer and I think my previous post was closed.
I have posted my logs below:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2013.08.11.04
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Max :: MAX [administrator]
11/08/2013 18:25:21
mbam-log-2013-08-11 (18-25-21).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 258775
Time elapsed: 29 minute(s), 20 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\RECYCLER\S-1-5-21-823518204-1547161642-839522115-1004\$RA766E186 (Trojan.FakeMS) -> Quarantined and deleted successfully.
(end)
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 12/06/2010 15:36:45
System Uptime: 11/08/2013 19:18:39 (0 hours ago)
.
Motherboard: eveshamvale | | MS-7125
Processor: AMD Athlon(tm) 64 Processor 3200+ | Socket 939 | 2010/201mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 147 GiB total, 25.167 GiB free.
J: is FIXED (NTFS) - 932 GiB total, 198.292 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}
Description: CD-ROM Drive
Device ID: IDE\CDROMSONY_DVD_RW_DW-Q28A_____________________KYS1____\4&FB5CB90&0&1.0.0
Manufacturer: (Standard CD-ROM drives)
Name: SONY DVD RW DW-Q28A
PNP Device ID: IDE\CDROMSONY_DVD_RW_DW-Q28A_____________________KYS1____\4&FB5CB90&0&1.0.0
Service: cdrom
.
Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}
Description: CD-ROM Drive
Device ID: IDE\CDROMSONY_DVD-ROM_DDU1615____________________FYS2____\4&FB5CB90&0&1.1.0
Manufacturer: (Standard CD-ROM drives)
Name: SONY DVD-ROM DDU1615
PNP Device ID: IDE\CDROMSONY_DVD-ROM_DDU1615____________________FYS2____\4&FB5CB90&0&1.1.0
Service: cdrom
.
Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}
Description: CD-ROM Drive
Device ID: SCSI\CDROM&VEN_CRMB&PROD_C1AZKLIBSH&REV_3.5Z\5&2134D835&0&000
Manufacturer: (Standard CD-ROM drives)
Name: CRMB C1AZKLIBSH SCSI CdRom Device
PNP Device ID: SCSI\CDROM&VEN_CRMB&PROD_C1AZKLIBSH&REV_3.5Z\5&2134D835&0&000
Service: cdrom
.
==== System Restore Points ===================
.
RP975: 13/06/2013 02:32:23 - System Checkpoint
RP976: 13/06/2013 02:32:32 - OTL Restore Point - 13/06/2013 02:32:29
RP977: 13/06/2013 02:47:09 - Removed Java 7 Update 9
RP978: 13/06/2013 02:47:23 - Removed Java(TM) 6 Update 29
RP979: 13/06/2013 02:54:09 - Installed QuickTime
RP980: 24/06/2013 21:09:33 - Revo Uninstaller's restore point - Java(TM) 6 Update 29
RP981: 24/06/2013 21:13:38 - Removed Java(TM) 6 Update 29
RP982: 24/06/2013 21:20:33 - Revo Uninstaller's restore point - Java 7 Update 9
RP983: 24/06/2013 21:22:00 - Removed Java 7 Update 9
RP984: 11/08/2013 15:45:26 - Revo Uninstaller's restore point - Avira Free Antivirus
RP985: 11/08/2013 16:23:40 - Revo Uninstaller's restore point - Malwarebytes Anti-Malware version 1.75.0.1300
RP986: 11/08/2013 17:09:15 - avast! Free Antivirus Setup
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Media Player
Adobe Reader XI (11.0.03)
Agatha Christie - And Then There Were None
Apple Application Support
Apple Software Update
avast! Free Antivirus
BitComet 1.35
BlackBerry App World Browser Plugin
BlackBerry Desktop Software 7.1
BlackBerry Device Software Updater
Bonjour
CCleaner
Compatibility Pack for the 2007 Office system
Free Video to MP3 Converter version 5.0.22.128
Free YouTube Download version 3.2.0.128
Free YouTube to MP3 Converter version 3.12.0.128
Freemake Video Converter version 3.1.2
Google Chrome
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Junk Mail filter update
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office File Validation Add-In
Microsoft Office Live Add-in 1.5
Microsoft Office Outlook Connector
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual J# 2.0 Redistributable Package
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
NVIDIA ForceWare Network Access Manager
PowerDVD
QuickTime
Realtek AC'97 Audio
RegCure Pro
Revo Uninstaller 1.94
Secunia PSI (3.0.0.7009)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB2829530)
Security Update for Windows Internet Explorer 8 (KB2838727)
Security Update for Windows Internet Explorer 8 (KB2847204)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows XP (KB2839229)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB982381)
Segoe UI
Sky Broadband
Sky Broadband Browser Branding
SmartSound Quicktracks Plugin
Tweaking.com - Windows Repair (All in One)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB982632)
Virtual DJ - Atomix Productions
VLC media player 2.0.6
WebFldrs XP
Winamp
Winamp Detector Plug-in
Windows Imaging Component
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format Runtime
Windows Media Player Firefox Plugin
Windows XP Service Pack 3
WinRAR archiver
.
==== Event Viewer Messages From Past Week ========
.
11/08/2013 19:32:39, information: Windows File Protection [64002] - File replacement was attempted on the protected system file serial.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
11/08/2013 19:21:10, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: atapi PCIIde
11/08/2013 19:19:41, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
11/08/2013 16:33:30, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
11/08/2013 16:33:30, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
11/08/2013 15:32:54, error: Service Control Manager [7024] - The Distributed Transaction Coordinator service terminated with service-specific error 3221229584 (0xC0001010).
11/08/2013 15:13:08, error: Service Control Manager [7031] - The Avira Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
11/08/2013 15:13:07, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
11/08/2013 15:12:54, error: Service Control Manager [7031] - The Avira Real-Time Protection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
11/08/2013 15:09:04, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Volume Shadow Copy service to connect.
11/08/2013 15:09:04, error: Service Control Manager [7000] - The Volume Shadow Copy service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/08/2013 15:08:36, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
.
==== End Of File ===========================
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Max at 19:31:17 on 2013-08-11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.511.263 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
BHO: BitComet Helper: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - c:\program files\bitcomet\tools\BitCometBHO_1.5.4.11.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Free YouTube Download - c:\program files\common files\dvdvideosoft\plugins\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\program files\common files\dvdvideosoft\plugins\freeytmp3downloader.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - c:\program files\bitcomet\tools\BitCometBHO_1.5.4.11.dll/206
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: mswsock.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1351086641375
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{46B03ACA-D47D-4E37-BA15-FA6D2FEBA269} : DHCPNameServer = 192.168.1.254
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\28.0.1500.95\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-8-11 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-8-11 175176]
R0 nvcchflt;NVIDIA Disk Cache Filter Driver;c:\windows\system32\drivers\nvcchflt.sys [2005-2-11 16640]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-8-11 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-8-11 369584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-8-11 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-8-11 66336]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2011-12-7 54760]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf_x86.sys [2013-4-18 16024]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [2007-4-23 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [2007-4-23 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [2007-4-23 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [2007-4-23 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [2007-4-23 98568]
S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [2010-6-12 223128]
.
=============== File Associations ===============
.
ShellExec: BitComet.exe: open="c:\program files\bitcomet\BitComet.exe"
.
=============== Created Last 30 ================
.
2013-08-11 17:23:3122856----a-w-c:\windows\system32\drivers\mbam.sys
2013-08-11 17:22:51--------d-----w-c:\program files\Malwarebytes' Anti-Malware
2013-08-11 16:13:53770344----a-w-c:\windows\system32\drivers\aswSnx.sys
2013-08-11 16:13:5249376----a-w-c:\windows\system32\drivers\aswRvrt.sys
2013-08-11 16:13:52175176----a-w-c:\windows\system32\drivers\aswVmm.sys
2013-08-11 16:13:5166336----a-w-c:\windows\system32\drivers\aswMonFlt.sys
2013-08-11 16:11:0341664----a-w-c:\windows\avastSS.scr
2013-08-11 16:08:11--------d-----w-c:\documents and settings\all users\application data\AVAST Software
.
==================== Find3M ====================
.
2013-08-11 14:30:3171048----a-w-c:\windows\system32\FlashPlayerCPLApp.cpl
2013-08-11 14:30:31692104----a-w-c:\windows\system32\FlashPlayerApp.exe
2013-06-12 01:37:3615616----a-w-c:\windows\system32\drivers\TrueSight.sys
.
============= FINISH: 19:33:46.07 ===============
