Jump to content

me82

Members
  • Content Count

    208
  • Joined

  • Last visited

Everything posted by me82

  1. me82

    vpn and browser vpn

    I am using a vpn for windows laptop. I am using opera 54 version I just started not to use opera built in vpn proxy. So My question is i don't have to use 2 vpns right. when i did an ip leak test and turned off opera vpn proxy, it revealed my vpn ip and not my actual ip address .Is that good?
  2. i have onekey optimizer program came installed on my laptop with windows 8.1. I ran a checkup and it says battery status good and then it has battery has been in use for a longtime calibration as soon as possible is recommended. it also says i can optimize the hard drive the boot partion, , power performance and a lot of other things ,but i'm not going to do. But is it safe to calibrate the battery.
  3. I am using a pc that was upgraded from xp to windows pro 7 and i did a scan on it using junkware first and it didn't get much off computer, then i downloaded malwarebytes the free version but it has trial version. it got some malware off when i restarted my pc and opened up google chrome the index file came up not normal google screen so i reset google and it shows normal again. This happens whenever i do a malwarebytes scan where just the index file come . It happened in firefox too and i had to go in settings and refresh firefox. Also the safesearch toolbar did not get removed in google chrome , I tried adware removal tool as well and i it took off was ask.com and aol.com. So i went in google extensions and downloaded adblocker( Stands) And went to google homepage and the safesearch toolbar does not show anymore because of the adblocker
  4. ok I see where there is a patch for some of the issues with malwarebytes
  5. I will hold off on doing the zemana antimalware
  6. My browsers are fine now, its just the new malwarebytes, When i did 2 scans a couple of days ago and deleted what it found restarted the computer , and open browser it showed index file . and then reset browswers it shows normal.
  7. what about my browsers not opening normally after i run a scan in malwarebytes Do i have to disable malwarebytes first then open my browser
  8. Fix result of Farbar Recovery Scan Tool (x64) Version: 17-12-2016 Ran by Owner (20-12-2016 21:20:52) Run:1 Running from C:\Users\Owner\Desktop Loaded Profiles: Owner (Available Profiles: Owner) Boot Mode: Normal ============================================== fixlist content: ***************** start CreateRestorePoint: CloseProcesses: C:\Users\Owner\AppData\Local\Temp\libeay32.dll C:\Users\Owner\AppData\Local\Temp\msvcr120.dll C:\Users\Owner\AppData\Local\Temp\sqlite3.dll ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> " ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> " EmptyTemp: Hosts: End ***************** Restore point was successfully created. Processes closed successfully. C:\Users\Owner\AppData\Local\Temp\libeay32.dll => moved successfully C:\Users\Owner\AppData\Local\Temp\msvcr120.dll => moved successfully C:\Users\Owner\AppData\Local\Temp\sqlite3.dll => moved successfully C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk => Shortcut argument removed successfully. C:\Users\Public\Desktop\Google Chrome.lnk => Shortcut argument removed successfully. C:\Windows\System32\Drivers\etc\hosts => moved successfully Hosts restored successfully. =========== EmptyTemp: ========== BITS transfer queue => 8388608 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 6407355 B Java, Flash, Steam htmlcache => 456 B Windows/system/drivers => 812787576 B Edge => 0 B Chrome => 386651845 B Firefox => 204182951 B Opera => 0 B Temp, IE cache, history, cookies, recent: Users => 0 B Default => 0 B Public => 0 B ProgramData => 0 B
  9. when i installed the adblocker it went away from the homepage. (Safeseach) From tomsguide.com it said to Press and hold Windows key and R (Win+R) Copy and paste: %systemroot%\System32\GroupPolicy/Machine Delete : Registry.pol Restart the computer. and this link https://www.techsupportall.com/how-to-remove-safesearch-net-homepage-removal-help/
  10. dditional scan result of Farbar Recovery Scan Tool (x64) Version: 17-12-2016 Ran by Owner (20-12-2016 16:42:48) Running from C:\Users\Owner\Desktop Windows 7 Professional Service Pack 1 (X64) (2016-10-31 18:12:56) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-961524124-1411212058-1041103660-500 - Administrator - Disabled) Guest (S-1-5-21-961524124-1411212058-1041103660-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-961524124-1411212058-1041103660-1002 - Limited - Enabled) Owner (S-1-5-21-961524124-1411212058-1041103660-1001 - Administrator - Enabled) => C:\Users\Owner ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B} AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov) Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.3.181.14 - Adobe Systems Incorporated) Dell System Detect (HKU\S-1-5-21-961524124-1411212058-1041103660-1001\...\58d94f3ce2c27db0) (Version: 7.11.0.6 - Dell) Gigabyte Wireless LAN Card (HKLM-x32\...\{2C564A58-BD28-4926-95E1-EC7812FCA44F}) (Version: 1.00.0000 - Gigabyte) Google Chrome (HKLM-x32\...\{16C1182D-6E13-3989-A4BC-360B106D5C4E}) (Version: 54.0.2840.71 - Google, Inc.) Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden Malwarebytes version 3.0.4.1269 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.4.1269 - Malwarebytes) Microsoft .NET Framework 4.6.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01590 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Mozilla Firefox 50.1.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.1.0 (x86 en-US)) (Version: 50.1.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.1.0.6186 - Mozilla) OpenOffice 4.1.3 (HKLM-x32\...\{EEA30AEB-8BA7-465B-85D4-098BB99733E7}) (Version: 4.13.9783 - Apache Software Foundation) Revo Uninstaller 2.0.1 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.1 - VS Revo Group, Ltd.) WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0FF23161-EB9E-4AB3-93EC-E0C5F6A10961} - System32\Tasks\{0BC15F45-0E9A-4980-B72C-8F0726195EB6} => pcalua.exe -a "C:\Users\Owner\Desktop\Dell driver software\PROSet.exe" -d "C:\Users\Owner\Desktop\Dell driver software" Task: {21D0A833-C8DA-416E-9F39-466C7976A40B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-31] (Google Inc.) Task: {32E4A7E2-E17E-4190-B103-4CB7EC80D21E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-31] (Google Inc.) Task: {8A4E1E6B-F689-47C4-AB88-0FDE06508D23} - System32\Tasks\{18A18759-B6F5-4E7F-B704-7492ACD8B881} => pcalua.exe -a C:\Users\Owner\Desktop\PROSet.exe -d C:\Users\Owner\Desktop (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> " ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> " ==================== Loaded Modules (Whitelisted) ============== 2016-12-17 12:51 - 2016-11-29 06:27 - 02259232 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll 2016-12-17 12:51 - 2016-11-29 06:27 - 02247632 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll 2016-12-17 12:51 - 2016-11-29 06:27 - 02813904 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\arwlib.dll 2016-12-17 12:51 - 2016-11-08 09:46 - 00693248 _____ () C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\qtquickcontrolsplugin.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-961524124-1411212058-1041103660-1001\...\dell.com -> dell.com ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-961524124-1411212058-1041103660-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.1.254 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [sPPSVC-In-TCP] => %SystemRoot%\system32\sppsvc.exe FirewallRules: [sPPSVC-In-TCP-NoScope] => %SystemRoot%\system32\sppsvc.exe FirewallRules: [{866803FD-2C6D-4482-8773-1BED7A76011E}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{9E10EE46-C05B-437E-96F5-8E56D6E5B315}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{F4EF756C-B155-4620-93A2-5370AE5D94F5}] => C:\Program Files (x86)\SrpnFiles\SrpnFiles.exe FirewallRules: [{225C20D6-FB3D-47A7-B85B-3F1695D86273}] => C:\Program Files (x86)\SrpnFiles\SrpnFiles.exe FirewallRules: [{94FAB7E2-3330-46AF-BCE3-28EC66D42C41}] => C:\Program Files (x86)\SrpnFiles\downloader.exe FirewallRules: [{F9300FBC-C47A-4721-BDAF-1A873F9361A8}] => C:\Program Files (x86)\SrpnFiles\downloader.exe FirewallRules: [{0AC08974-A0D6-4E54-A31A-6F6A1C009353}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= 31-10-2016 13:13:08 Windows Update 31-10-2016 13:59:39 Installed Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 05-11-2016 12:22:07 Installed Intel® Network Connections. 05-11-2016 12:46:04 Installed Gigabyte Wireless LAN Card 05-11-2016 15:19:55 Installed Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 05-11-2016 15:22:46 Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 05-11-2016 15:25:13 Installed OpenOffice 4.1.3 05-11-2016 17:21:51 Installed Kaspersky Anti-Virus 2010. 14-11-2016 20:02:31 Revo Uninstaller's restore point - Kaspersky Anti-Virus 2010 14-11-2016 20:19:08 Windows Update 14-11-2016 23:10:21 Windows Update 17-12-2016 12:35:49 JRT Pre-Junkware Removal ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (12/20/2016 03:21:17 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005). Error: (12/20/2016 02:52:17 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (12/19/2016 10:36:44 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (12/19/2016 06:30:31 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005). Error: (12/19/2016 05:38:36 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005). Error: (12/19/2016 05:02:49 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (12/17/2016 01:01:24 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (12/17/2016 11:47:55 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005). Error: (12/17/2016 11:20:59 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (12/14/2016 09:04:07 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. System errors: ============= Error: (12/19/2016 10:33:33 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error: (12/19/2016 10:33:33 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error: (12/19/2016 10:33:32 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error: (12/17/2016 11:40:46 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: Event-ID 2001 Error: (12/17/2016 11:35:36 AM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service. Error: (12/17/2016 11:34:36 AM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service. Error: (12/17/2016 11:33:36 AM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service. Error: (12/17/2016 11:32:36 AM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service. Error: (12/17/2016 11:31:36 AM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service. Error: (12/17/2016 11:30:36 AM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service. ==================== Memory info =========================== Processor: Intel® Pentium® 4 CPU 2.80GHz Percentage of memory in use: 53% Total physical RAM: 2038.15 MB Available physical RAM: 942.88 MB Total Virtual: 4076.3 MB Available Virtual: 2643.93 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:74.43 GB) (Free:53.41 GB) NTFS Drive f: () (Fixed) (Total:74.44 GB) (Free:74.35 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 74.5 GB) (Disk ID: FC78FC78) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=74.4 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 74.5 GB) (Disk ID: 41AB2316) Partition 1: (Not Active) - (Size=55 MB) - (Type=DE) Partition 2: (Active) - (Size=74.4 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================
  11. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-12-2016 Ran by Owner (administrator) on OWNER-PC (20-12-2016 16:41:33) Running from C:\Users\Owner\Desktop Loaded Profiles: Owner (Available Profiles: Owner) Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 8 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2786768 2016-11-29] (Malwarebytes) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 Tcpip\..\Interfaces\{9D69391E-5B78-4298-B9EB-3BDF78BF7400}: [DhcpNameServer] 192.168.1.254 Internet Explorer: ================== HKU\S-1-5-21-961524124-1411212058-1041103660-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation) Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation) Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation) Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\pmwkzvnz.default-1482205545460 [2016-12-20] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.) Chrome: ======= CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default [2016-12-20] CHR Extension: (Google Slides) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-11-05] CHR Extension: (Google Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-11-05] CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-11-05] CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-11-05] CHR Extension: (Google Sheets) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-11-05] CHR Extension: (Fair Ads (by STANDS)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gagfkmknmijppikpcikmbbkdkhggcmge [2016-12-20] CHR Extension: (Google Docs Offline) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-11-05] CHR Extension: (Fair AdBlocker (by STANDS)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgblnfidahcdcjddiepkckcfdhpknnjh [2016-12-20] CHR Extension: (Chrome Web Store Payments) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-11-05] CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-11-05] CHR Extension: (Chrome Media Router) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-19] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-11-29] (Malwarebytes) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 E100B; C:\Windows\System32\DRIVERS\efe5b32e.sys [192256 2009-06-10] (Intel Corporation) R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77408 2016-11-29] () R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [176064 2016-12-17] (Malwarebytes) R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [102856 2016-12-20] (Malwarebytes) R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2016-12-20] (Malwarebytes) R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [250816 2016-12-20] (Malwarebytes) R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [81696 2016-12-20] (Malwarebytes) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-12-20 16:41 - 2016-12-20 16:42 - 00006779 _____ C:\Users\Owner\Desktop\FRST.txt 2016-12-20 16:41 - 2016-12-20 16:41 - 00000000 ____D C:\FRST 2016-12-20 16:39 - 2016-12-20 16:39 - 02420224 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe 2016-12-19 22:45 - 2016-12-19 22:45 - 00000000 ____D C:\Users\Owner\Desktop\Old Firefox Data 2016-12-19 22:02 - 2016-12-19 22:33 - 00000000 ____D C:\AdwCleaner 2016-12-19 21:59 - 2016-12-19 22:00 - 03910208 _____ C:\Users\Owner\Downloads\adwcleaner(2).exe 2016-12-17 13:07 - 2016-12-17 13:07 - 05659917 _____ (Swearware) C:\Users\Owner\Downloads\ComboFix.exe 2016-12-17 12:52 - 2016-12-20 14:51 - 00102856 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2016-12-17 12:52 - 2016-12-20 14:51 - 00081696 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2016-12-17 12:52 - 2016-12-17 12:52 - 00176064 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys 2016-12-17 12:51 - 2016-12-20 14:51 - 00250816 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-12-17 12:51 - 2016-12-20 14:51 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2016-12-17 12:51 - 2016-12-17 12:51 - 00001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2016-12-17 12:51 - 2016-12-17 12:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2016-12-17 12:51 - 2016-12-17 12:51 - 00000000 ____D C:\ProgramData\Malwarebytes 2016-12-17 12:51 - 2016-12-17 12:51 - 00000000 ____D C:\Program Files\Malwarebytes 2016-12-17 12:51 - 2016-11-29 06:27 - 00077408 _____ C:\Windows\system32\Drivers\mbae64.sys 2016-12-17 12:33 - 2016-12-17 12:33 - 01631928 _____ (Malwarebytes) C:\Users\Owner\Downloads\JRT.exe 2016-12-14 21:06 - 2016-12-20 00:19 - 00000000 ____D C:\Users\Owner\AppData\LocalLow\Mozilla 2016-12-11 01:14 - 2016-12-19 22:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-12-20 14:58 - 2009-07-13 23:45 - 00021280 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-12-20 14:58 - 2009-07-13 23:45 - 00021280 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-12-20 14:50 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-12-19 22:34 - 2016-10-31 13:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2016-12-17 13:09 - 2016-11-03 16:21 - 00000000 ____D C:\Users\Owner\AppData\Local\ElevatedDiagnostics 2016-12-17 12:58 - 2016-10-31 13:55 - 00002187 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2016-12-17 12:58 - 2016-10-31 13:55 - 00002187 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-12-17 12:58 - 2016-10-31 13:20 - 00001151 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2016-12-17 12:58 - 2016-10-31 13:19 - 00001163 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2016-12-17 12:58 - 2016-10-31 13:15 - 00001447 _____ C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2016-12-17 12:58 - 2016-10-31 13:15 - 00001413 _____ C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk 2016-12-17 12:16 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf 2016-12-17 12:00 - 2016-10-31 13:54 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2016-12-17 12:00 - 2016-10-31 13:53 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2016-12-17 11:46 - 2016-11-14 20:00 - 00001945 _____ C:\Windows\epplauncher.mif 2016-12-11 01:16 - 2016-11-03 07:45 - 00000000 ____D C:\Users\Owner\AppData\Local\Google 2016-12-10 23:45 - 2009-07-14 00:13 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI ==================== Files in the root of some directories ======= 2016-11-05 15:04 - 2016-11-05 15:04 - 0000000 _____ () C:\Users\Owner\AppData\Local\{17C1B774-83E0-4D5B-9952-55D0E7B5581A} Some files in TEMP: ==================== C:\Users\Owner\AppData\Local\Temp\libeay32.dll C:\Users\Owner\AppData\Local\Temp\msvcr120.dll C:\Users\Owner\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-12-19 22:33 ==================== End of FRST.txt ============================
  12. This (stands) adblocker for google does wonders
  13. I did a search on internet to get off the safesearch toolbar but it requires going in the registry deleting the safeseach entries pol file, and i don't want to go in the registry and mess up my computer. Even though the toolbar doesn't show anymore that doesn't mean its off my computer right?
  14. me82

    ssd in old pc

    What would be the best size ssd to get in an dell dimension e310 pc with windows 7 ? and is it supposed to be internal.
  15. How to remove this off of my pc? I used malwarebytes and it found 2 threats but didn't get it off because antivirus says that its still on in my operating memory. I download the eset sirefef cleaner and it says there is no threat on my system. But the virus is still on my computer because eset nod32 antivirus says it is.
  16. me82

    removing sirefef trojan virus

    Additional scan result of Farbar Recovery Scan Tool (x86) Version:11-05-2014 01 Ran by nika at 2014-05-13 12:40:18 Running from C:\Documents and Settings\nika\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: ESET NOD32 Antivirus 7.0 (Disabled - Up to date) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} ==================== Installed Programs ====================== µTorrent (HKCU\...\uTorrent) (Version: 3.4.1.30888 - BitTorrent Inc.) Adobe Acrobat 5.0 (HKLM\...\Adobe Acrobat 5.0) (Version: 5.0 - Adobe Systems, Inc.) Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.2.202.235 - Adobe Systems Incorporated) Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated) Adobe Reader X (10.1.9) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated) Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.0.112 - Adobe Systems, Inc.) America Online (HKLM\...\America Online us) (Version: - ) AOL Coach Version 1.0(Build:20011028.1) (HKLM\...\AolCoach) (Version: - ) Atomic Pop (HKLM\...\{B3A2F9F3-19D9-4D1B-A908-391124B72282}) (Version: - ) ATT Management Agent (HKLM\...\ATT-ATT Management Agent) (Version: 8.3.1.7 - ATT) Blackhawk Striker (HKLM\...\{33A16A26-1533-4016-AE2D-89D6398D7EB2}) (Version: - ) Blasterball 2 (HKLM\...\{350CC34B-2B8E-4EE5-AE4D-F04FDF37DC39}) (Version: - ) Blasterball Wild (HKLM\...\{31403AA7-7357-43E1-9B46-4B45847C37D5}) (Version: - ) BrowseToSave (HKLM\...\{29095272-695A-4E20-ACCB-2178F2EA7084}) (Version: 1.0 - ) <==== ATTENTION Coloreal (HKLM\...\{BDE90251-93EB-4F6A-89D8-086E2D91DC56}) (Version: - ) Compaq Advisor (HKLM\...\{C4C1AFCD-2C72-48B4-AE2E-A7354A525E87}) (Version: - ) CompuServe 2000 (HKLM\...\CompuServe us) (Version: - ) ConvertXtoDVD 4.1.19.365 (HKLM\...\{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1) (Version: 4.1.19.365 - ) Cooking Academy - Restaurant Royale (HKLM\...\Cooking Academy - Restaurant RoyaleFinal) (Version: Final - AllSmartGames) Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows5.0.0.3) (Version: 5.0.0.3 - Coupons.com Incorporated) Dark Orbit (HKLM\...\{865917D2-33F4-4223-BDCD-C7DA958C216C}) (Version: - ) Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5971CA1F-6BDE-498F-952C-9F2BF94070A4}) (Version: - Microsoft) Disney's Lilo and Stitch Pinball (HKLM\...\{67D9A48A-81E9-4863-8B55-744BAEA180E2}) (Version: - ) DLA (HKLM\...\{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}) (Version: 3.50 - VERITAS Software) D-Link DFE-530TX+ (HKLM\...\InstallShield_{98E3252E-3CE5-4B15-929D-D18F7BE6EED4}) (Version: - D-Link) D-Link DFE-530TX+ (Version: - D-Link) Hidden D-Link PCI Fast Ethernet Adapter (HKLM\...\VN_VUIns_Rhine_D-Link) (Version: - ) Driver Genius Professional Edition (HKLM\...\Driver Genius Professional Edition_is1) (Version: 10.0 - Driver-Soft Inc.) Easy Access Button Support (HKLM\...\{93539D60-1817-11D1-9504-00805F26A89C}) (Version: - ) ESET Antivirus License Finder (MiNODLogin) (HKLM\...\MiNODLogin) (Version: 4.0.2.66 - GuillerSoft) ESET NOD32 Antivirus (HKLM\...\{1BE7C1D9-06A8-466D-ADEA-B07F68BDEFB5}) (Version: 7.0.302.26 - ESET, spol s r. o.) ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - ) Freemake Video Converter version 4.1.1 (HKLM\...\Freemake Video Converter_is1) (Version: 4.1.1 - Ellora Assets Corporation) GemMaster 2 (HKLM\...\{BD0F3F3F-0F1D-4293-BF5C-7CC8F950E8CA}) (Version: - ) HP Deskjet 1050 J410 series Basic Device Software (HKLM\...\{226837D8-0BF8-4CBE-BAB2-8F07E2C2B4DD}) (Version: 22.50.231.0 - Hewlett-Packard Co.) HP Deskjet 1050 J410 series Help (HKLM\...\{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}) (Version: 140.0.66.66 - Hewlett Packard) HP Deskjet 1050 J410 series Product Improvement Study (HKLM\...\{7414C891-720D-4E86-85E5-C3AA898DA9EC}) (Version: 22.50.231.0 - Hewlett-Packard Co.) HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.3781 - HP Photo Creations Powered by RocketLife) HP Update (HKLM\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard) HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!) Inactive HP Printer Drivers (Remove only) (HKLM\...\Inactive HP Printer Drivers (Remove only)) (Version: - ) Intel® 845G Chipset Graphics Driver Software (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: - ) Java 7 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle) Java Auto Updater (Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden Java 6 Update 24 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216024FF}) (Version: 6.0.240 - Oracle) K-Lite Codec Pack 8.2.0 (Full) (HKLM\...\KLiteCodecPack_is1) (Version: 8.2.0 - ) Kublox (HKLM\...\{01862C0C-3330-47DB-83D1-9E88D1D8DCE4}) (Version: - ) Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation) Men In Black II Crossfire Trial Version (HKLM\...\{2B4B4104-7AC7-4950-8BF2-6BB5E3E61CA7}) (Version: - ) Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation) Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft Money 2002 (HKLM\...\{E7298FD5-1386-11D5-8D6C-0050DAD32D95}) (Version: 10.0.50 - Microsoft) Microsoft Money 2002 System Pack (HKLM\...\{CF5193F7-6B37-11D5-B7D2-00AA00A204F1}) (Version: 10.0.80 - Microsoft) Microsoft Office Access MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Groove MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Spanish) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) Microsoft Software Update for Web Folders (English) 14 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Works 6.0 (HKLM\...\{A1B7B9B3-E1D2-41CA-9B4A-F18DC2710704}) (Version: 06.00.0000 - Microsoft Corporation) Microsoft Works and Money 2002 Setup Launcher (HKLM\...\Works2002Setup) (Version: - ) Mozilla Firefox 29.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 29.0.1 (x86 en-US)) (Version: 29.0.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) Netscape 6 (6.2.1) (HKLM\...\Netscape 6 (6.2.1)) (Version: - ) Online Games Manager v1.30 (HKLM\...\Online Games Manager) (Version: 1.30.14 - Real Networks, Inc.) Python 2.2 combined Win32 extensions (HKLM\...\Python 2.2 combined Win32 extensions) (Version: - ) Python 2.2.1 (HKLM\...\Python 2.2.1) (Version: 2.2.1 - PythonLabs at Zope Corporation) Quicken 2002 New User Edition (HKLM\...\Quicken 2002 New User Edition) (Version: - ) Quicken Financial Center (HKLM\...\Quicken Financial Center) (Version: - ) RealNetworks - Microsoft Visual C++ 2005 Runtime (Version: 8.0 - RealNetworks) Hidden RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden RealPlayer (HKLM\...\RealPlayer 15.0) (Version: - RealNetworks) RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden RecordNow (HKLM\...\{8214CC02-6271-4DC8-B8DD-779933450264}) (Version: 4.10 - VERITAS Software) RecordNow Update Manager (HKLM\...\{09DA4F91-2A09-4232-AB8C-6BC740096DE3}) (Version: 2.70 - VERITAS Software) S3Display (HKLM\...\S3Display) (Version: - ) S3Gamma2 (HKLM\...\S3Gamma2) (Version: - ) S3Info2 (HKLM\...\S3Info2) (Version: - ) S3Overlay (HKLM\...\S3Overlay) (Version: - ) SabreWing 2 (HKLM\...\{9A021351-2A3D-463A-9922-E02897E44DA1}) (Version: - ) Snowboard Extreme (HKLM\...\{80E21EE8-007B-4C28-ADB2-5110B4401E2E}) (Version: - ) Space Rocks (HKLM\...\{27565B66-EC6D-48A9-A1C3-8886A849995F}) (Version: - ) Super DVD Creator 9.5 (HKLM\...\Super DVD Creator_is1) (Version: - MasterSoft, Inc.) swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation) Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version: - Microsoft) Update for Windows Internet Explorer 8 (KB2598845) (HKLM\...\KB2598845-IE8) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation) Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB951978) (HKLM\...\KB951978) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation) Viewpoint Media Player (Remove Only) (HKLM\...\ViewpointMediaPlayer) (Version: - ) Virtual Warfare (HKLM\...\{EEDAA297-DFDF-436A-B977-D95EA63C907D}) (Version: - ) WebFldrs XP (Version: 9.50.5318 - Microsoft Corporation) Hidden WildTangent Channel Manager (HKLM\...\WildTangentDDC) (Version: - ) WildTangent Updater (HKLM\...\wcmdmgr.exe) (Version: - ) WildTangent Web Driver (HKLM\...\wtwebdriver) (Version: - ) Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation) Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation) Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation) Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation) WinRAR 4.10 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.10.0 - win.rar GmbH) Works Suite OS Pack (Version: 1.0.0.0000 - Microsoft Corporation) Hidden WorldWinner Games (HKLM\...\{2A82EBFC-89AB-41EA-80E8-A07C73C752A0}) (Version: 1.10.0.25 - WorldWinner.com, Inc.) Yahoo! Companion Toolbar (HKLM\...\Yahoo! Companion) (Version: - ) Yahoo! Essentials (HKLM\...\Yahoo! Essentials) (Version: - ) Yahoo! Internet Mail (HKLM\...\Yahoo! Mail) (Version: - ) Yahoo! Login (HKLM\...\Yahoo! Login) (Version: - ) Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version: - ) Yahoo! Messenger Explorer Bar (HKLM\...\Yahoo! Messenger Explorer Bar) (Version: - ) ==================== Restore Points ========================= ==================== Hosts content: ========================== 2002-08-01 22:32 - 2012-03-23 14:05 - 00000098 ____A C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\At1.job => C:\WINDOWS\system32\igfxdiaag.exe Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-1482789601-782189750-1497286466-1006.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-1482789601-782189750-1497286466-500.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1482789601-782189750-1497286466-1006.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1482789601-782189750-1497286466-500.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe Task: C:\WINDOWS\Tasks\Registration reminder 1.job => C:\WINDOWS\System32\OOBE\oobebaln.exe Task: C:\WINDOWS\Tasks\YourFile Update.job => C:\Program Files\YourFileDownloader\YourFileUpdater.exe ==================== Loaded Modules (whitelisted) ============= 2010-01-09 20:18 - 2010-01-09 20:18 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF 2010-01-21 01:34 - 2010-01-21 01:34 - 08793952 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll 2002-06-08 04:18 - 2002-06-08 04:18 - 00028672 _____ () C:\Program Files\WildTangent\DDC\DDCManager\DDCManps.dll 2002-08-02 01:19 - 1998-12-21 04:35 - 00024576 _____ () C:\Program Files\Compaq\Easy Access Button Support\BttnSeps.dll 2013-03-06 21:26 - 2013-03-06 21:26 - 00241152 _____ () C:\Program Files\ATT\8.3.1.7\ma\node_modules\motive-activex-wrapper\build\Release\NodeActiveXWrapper.node 2013-03-06 21:26 - 2013-03-06 21:26 - 00264704 _____ () C:\Program Files\ATT\8.3.1.7\ma\node_modules\motive-osbridge\build\Release\MotiveOSBridgeNodeModule.node 2013-03-06 21:26 - 2013-03-06 21:26 - 00233984 _____ () C:\Program Files\ATT\8.3.1.7\ma\node_modules\motive-xmpps\build\Release\MotiveXMPPSNode.node 2012-07-12 19:37 - 2012-07-12 19:37 - 01380864 _____ () C:\Program Files\ATT\8.3.1.7\ma\node_modules\libxmljs\build\Release\libxmljs.node 2012-06-26 16:40 - 2012-06-26 16:40 - 00068096 _____ () C:\Program Files\ATT\8.3.1.7\ma\node_modules\dnode\node_modules\weak\build\Release\weakref.node 2002-08-02 00:57 - 2002-05-17 03:30 - 00022016 _____ () C:\Program Files\compaq\Compaq Advisor\bin\nsreg.dll 2014-05-10 12:07 - 2014-05-10 12:10 - 03839088 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:08DB8D99 AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:2CB9631F AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:3A0561F3 AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5ED747B8 AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:A039EDF9 AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:F67947AF ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\88790854.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\88790854.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UploadMgr => ""="Service" ==================== EXE Association (whitelisted) ============= ==================== Disabled items from MSCONFIG ============== MSCONFIG\startupreg: dla => C:\WINDOWS\system32\dla\tfswctrl.exe MSCONFIG\startupreg: HotKeysCmds => C:\WINDOWS\System32\hkcmd.exe MSCONFIG\startupreg: hpsysdrv => c:\windows\system\hpsysdrv.exe MSCONFIG\startupreg: IgfxTray => C:\WINDOWS\System32\igfxtray.exe MSCONFIG\startupreg: NAV Agent => c:\PROGRA~1\NORTON~1\navapw32.exe MSCONFIG\startupreg: Recguard => C:\WINDOWS\SMINST\RECGUARD.EXE MSCONFIG\startupreg: TaskTray => ==================== Faulty Device Manager Devices ============= Name: Realtek RTL8139 Family PCI Fast Ethernet NIC Description: Realtek RTL8139 Family PCI Fast Ethernet NIC Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318} Manufacturer: Realtek Service: rtl8139 Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Communications Port (COM1) Description: Communications Port Class Guid: {4D36E978-E325-11CE-BFC1-08002BE10318} Manufacturer: (Standard port types) Service: Serial Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19) Resolution: A registry problem was detected. This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options: On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver. ==================== Event log errors: ========================= Application errors: ================== Error: (04/29/2014 05:02:55 PM) (Source: Application Error) (User: ) (EventID: 1000) Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x033333b8. Processing media-specific event for [explorer.exe!ws!] Error: (04/29/2014 09:51:21 AM) (Source: Application Error) (User: ) (EventID: 1000) Description: Faulting application dvd_creator.exe, version 0.0.0.0, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x000010e6. Processing media-specific event for [dvd_creator.exe!ws!] Error: (04/22/2014 00:08:48 AM) (Source: Application Hang) (User: ) (EventID: 1002) Description: Hanging application mpc-hc.exe, version 1.5.3.4003, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error: (04/02/2014 11:15:45 PM) (Source: Application Hang) (User: ) (EventID: 1002) Description: Hanging application ImgBurn.exe, version 2.5.7.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error: (04/02/2014 11:09:32 PM) (Source: Application Hang) (User: ) (EventID: 1002) Description: Hanging application ImgBurn.exe, version 2.5.7.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error: (03/25/2014 01:40:47 PM) (Source: ESENT) (User: ) (EventID: 485) Description: wuauclt (508) An attempt to delete the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ". The delete file operation will fail with error -1032 (0xfffffbf8). Error: (03/09/2014 10:53:42 PM) (Source: Application Error) (User: ) (EventID: 1000) Description: Faulting application bfgclient.exe, version 3.3.0.2, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x0000100b. Processing media-specific event for [bfgclient.exe!ws!] Error: (03/05/2014 07:24:40 PM) (Source: Application Hang) (User: ) (EventID: 1002) Description: Hanging application hh.exe, version 5.2.3790.2453, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error: (02/06/2014 00:05:50 AM) (Source: Application Hang) (User: ) (EventID: 1002) Description: Hanging application uTorrent.exe, version 3.3.2.30303, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error: (01/26/2014 05:32:55 PM) (Source: Application Error) (User: ) (EventID: 1000) Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x03d233b8. Processing media-specific event for [explorer.exe!ws!] System errors: ============= Error: (05/13/2014 00:40:55 PM) (Source: 0) (User: ) (EventID: 9) Description: \Device\Ide\IdePort0 Error: (05/13/2014 00:40:38 PM) (Source: 0) (User: ) (EventID: 9) Description: \Device\Ide\IdePort0 Error: (05/13/2014 00:07:55 PM) (Source: 0) (User: ) (EventID: 9) Description: \Device\Ide\IdePort0 Error: (05/13/2014 00:07:50 PM) (Source: 0) (User: ) (EventID: 9) Description: \Device\Ide\IdePort0 Error: (05/13/2014 00:06:59 PM) (Source: 0) (User: ) (EventID: 9) Description: \Device\Ide\IdePort0 Error: (05/13/2014 10:46:10 AM) (Source: Service Control Manager) (User: ) (EventID: 7026) Description: The following boot-start or system-start driver(s) failed to load: SABKUTIL Error: (05/13/2014 10:45:44 AM) (Source: Service Control Manager) (User: ) (EventID: 7023) Description: The Arrayssl_vpn_service3,0,1,9 service terminated with the following error: %%126 Error: (05/13/2014 10:45:44 AM) (Source: Service Control Manager) (User: ) (EventID: 7023) Description: The PCASp50 service terminated with the following error: %%126 Error: (05/13/2014 10:45:44 AM) (Source: Service Control Manager) (User: ) (EventID: 7023) Description: The Tbaspi service terminated with the following error: %%126 Error: (05/13/2014 10:45:44 AM) (Source: Service Control Manager) (User: ) (EventID: 7023) Description: The WDM_YAMAHAAC97 service terminated with the following error: %%126 Microsoft Office Sessions: ========================= Error: (04/29/2014 05:02:55 PM) (Source: Application Error) (User: ) (EventID: 1000) Description: explorer.exe6.0.2900.5512unknown0.0.0.0033333b8 Error: (04/29/2014 09:51:21 AM) (Source: Application Error) (User: ) (EventID: 1000) Description: dvd_creator.exe0.0.0.0ntdll.dll5.1.2600.6055000010e6 Error: (04/22/2014 00:08:48 AM) (Source: Application Hang) (User: ) (EventID: 1002) Description: mpc-hc.exe1.5.3.4003hungapp0.0.0.000000000 Error: (04/02/2014 11:15:45 PM) (Source: Application Hang) (User: ) (EventID: 1002) Description: ImgBurn.exe2.5.7.0hungapp0.0.0.000000000 Error: (04/02/2014 11:09:32 PM) (Source: Application Hang) (User: ) (EventID: 1002) Description: ImgBurn.exe2.5.7.0hungapp0.0.0.000000000 Error: (03/25/2014 01:40:47 PM) (Source: ESENT) (User: ) (EventID: 485) Description: wuauclt508C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edbtmp.log-1032 (0xfffffbf8)5 (0x00000005)Access is denied. Error: (03/09/2014 10:53:42 PM) (Source: Application Error) (User: ) (EventID: 1000) Description: bfgclient.exe3.3.0.2ntdll.dll5.1.2600.60550000100b Error: (03/05/2014 07:24:40 PM) (Source: Application Hang) (User: ) (EventID: 1002) Description: hh.exe5.2.3790.2453hungapp0.0.0.000000000 Error: (02/06/2014 00:05:50 AM) (Source: Application Hang) (User: ) (EventID: 1002) Description: uTorrent.exe3.3.2.30303hungapp0.0.0.000000000 Error: (01/26/2014 05:32:55 PM) (Source: Application Error) (User: ) (EventID: 1000) Description: explorer.exe6.0.2900.5512unknown0.0.0.003d233b8 ==================== Memory info =========================== Percentage of memory in use: 57% Total physical RAM: 1022.52 MB Available physical RAM: 431.65 MB Total Pagefile: 1886.86 MB Available Pagefile: 1207.97 MB Total Virtual: 2047.88 MB Available Virtual: 1955.33 MB ==================== Drives ================================ Drive c: (PRESARIO) (Fixed) (Total:37.26 GB) (Free:12.15 GB) NTFS ==>[Drive with boot components (Windows XP)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 37 GB) (Disk ID: FCB1EC06) Partition 1: (Active) - (Size=37 GB) - (Type=07 NTFS) ==================== End Of Log ============================
  17. me82

    removing sirefef trojan virus

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:11-05-2014 01 Ran by nika (administrator) on YOUR-PA86Z1I3G7 on 13-05-2014 12:38:03 Running from C:\Documents and Settings\nika\Desktop Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US) Internet Explorer Version 8 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (WildTangent) C:\Program Files\WildTangent\DDC\DDCManager\DDCMan.exe (Compaq Computer Corporation) C:\Program Files\compaq\Easy Access Button Support\STARTEAK.exe (RealNetworks, Inc.) C:\Program Files\Real\RealOne Player\Update\realsched.exe (WildTangent, Inc.) C:\WINDOWS\wt\updater\wcmdmgr.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (Compaq Computer Corporation) C:\Program Files\compaq\Easy Access Button Support\CPQEADM.exe (Compaq) C:\Compaq\EAKDRV\EAUSBKBD.exe (Compaq Computer Corporation) C:\PROGRA~1\compaq\EASYAC~1\BttnServ.exe (America Online, Inc.) C:\WINDOWS\system32\PackethSvc.exe (Alcatel-Lucent) C:\Program Files\ATT\8.3.1.7\ma\bin\MAHostService.exe (Joyent, Inc) C:\Program Files\ATT\8.3.1.7\ma\bin\node.exe (NeoPlanet) C:\Program Files\compaq\Compaq Advisor\bin\compaq-rba.exe (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe (RealNetworks, Inc.) C:\Program Files\Online Games Manager\ogmservice.exe (Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe (America Online, Inc.) C:\WINDOWS\wanmpsvc.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [storageGuard] => C:\Program Files\VERITAS Software\Update Manager\sgtray.exe [155648 2002-05-09] (VERITAS Software, Inc.) HKLM\...\Run: [WCOLOREAL] => C:\Program Files\COMPAQ\Coloreal\coloreal.exe [143360 2002-02-20] () HKLM\...\Run: [DDCM] => C:\Program Files\WildTangent\DDC\DDCManager\DDCMan.exe [122880 2002-06-08] (WildTangent) HKLM\...\Run: [DDCActiveMenu] => C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe [86016 2002-06-08] (WildTangent) HKLM\...\Run: [srmclean] => C:\Cpqs\Scom\srmclean.exe [36864 2001-07-25] () HKLM\...\Run: [CPQEASYACC] => C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe [32768 2001-12-15] (Compaq Computer Corporation) HKLM\...\Run: [wcmdmgr] => C:\WINDOWS\wt\updater\wcmdmgrl.exe [20480 2002-05-07] (WildTangent, Inc.) HKLM\...\Run: [TkBellExe] => C:\program files\real\realone player\update\realsched.exe [296056 2012-01-28] (RealNetworks, Inc.) HKLM\...\Run: [AlcxMonitor] => C:\WINDOWS\ALCXMNTR.EXE [57344 2004-09-07] (Realtek Semiconductor Corp.) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard) HKLM\...\Run: [] => [X] HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5110672 2013-09-12] (ESET) HKLM\...\RunOnce: [Compaq_RBA] - C:\Program Files\compaq\Compaq Advisor\bin\compaq-rba.exe -z [262144 2002-05-17] (NeoPlanet) Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation) HKLM\...\Policies\Explorer: [NoCDBurning] 0 HKU\.DEFAULT\...\Run: [Windows Update Server] => C:\Documents and Settings\LocalService\5ed86d98-3033.exe HKU\S-1-5-21-1482789601-782189750-1497286466-1006\...\Run: [Microsoft Works Update Detection] => c:\Program Files\Microsoft Works\WkDetect.exe HKU\S-1-5-21-1482789601-782189750-1497286466-1006\...\Run: [ares] => "C:\Program Files\Ares\Ares.exe" -h HKU\S-1-5-21-1482789601-782189750-1497286466-1006\...\Run: [sawarogaal] => "C:\Documents and Settings\nika\Application Data\Armyon\ubys.exe" HKU\S-1-5-21-1482789601-782189750-1497286466-1006\...\Run: [FBackup 5 Tray Agent] => "C:\Program Files\Softland\FBackup 5\bTray.exe" Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Aggiorna ESET license.lnk ShortcutTarget: Aggiorna ESET license.lnk -> C:\Program Files\ESET\MiNODLogin\launcher.exe (No File) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/customize/yessentials_cq/defaults/sp/*http://www.yahoo.com HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=searchfavweb&c=2c02&lc=0409 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=2c02&lc=0409 HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/yessentials_cq/defaults/sb/*http://www.yahoo.com/search/ie.html SearchScopes: HKCU - DefaultScope {717F042E-B576-4E2C-A84C-3000BE4ECC12} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 SearchScopes: HKCU - {717F042E-B576-4E2C-A84C-3000BE4ECC12} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) BHO: Groove GFS Browser Helper - {4DB74D06-491C-440D-305E-012400990F3E} - C:\WINDOWS\system32\doot3cfg.dll () BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Broowsie2saavie - {87FAEA2E-349D-F7A4-D64B-907E352D7544} - C:\Documents and Settings\All Users\Application Data\Broowsie2saavie\5165c621bcc57.dll No File BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: YBIOCtrl Class - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINDOWS\Downloaded Program Files\ycomp4,0,2,2.dll (Yahoo! Inc.) BHO: No Name - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll (Microsoft Corporation) Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation) Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) DPF: {1D082E71-DF20-4AAF-863B-596428C49874} http://www.worldwinner.com/games/v50/tpir/tpir.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} http://www.worldwinner.com/games/launcher/ie/v2.23.01.0/iewwload.cab DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} http://download.yahoo.com/dl/installs/ymail/ymmapi.dll DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} http://www.worldwinner.com/games/v41/hangman/hangman.cab DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab Handler: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation) Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll" Winsock: Catalog5 03 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll" Winsock: Catalog9 04 mswsock.dll File Not found () Winsock: Catalog9 05 mswsock.dll File Not found () Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 FireFox: ======== FF ProfilePath: C:\Documents and Settings\nika\Application Data\Mozilla\Firefox\Profiles\kqcbxn4o.default FF user.js: detected! => C:\Documents and Settings\nika\Application Data\Mozilla\Firefox\Profiles\kqcbxn4o.default\user.js FF NewTab: about:home FF DefaultSearchEngine: Yahoo FF SearchEngineOrder.1: Yahoo FF SearchEngineOrder.user_pref("browser.search.order.1,S", "");: user_pref("browser.search.order.1,S", ""); FF SearchEngineOrder.2: Search the web (Babylon) FF SelectedSearchEngine: Yahoo FF Homepage: www.yahoo.com FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3272718&SearchSource=2&CUI=UN77264259842482335&UM=UM_ID&q= FF NetworkProxy: "http", "127.0.0.1" FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll () FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.) FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @Motive.com/NpMotive,version=1.0 - C:\Program Files\ATT\8.3.1.7\ma\bin\npMotive.dll (Alcatel-Lucent) FF Plugin: @Motive.com/npMotiveRequest,version=1.0 - C:\Program Files\Common Files\Motive\npMotiveRequest.dll (Alcatel-Lucent) FF Plugin: @real.com/nppl3260;version=15.0.1.13 - c:\program files\real\realone player\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprjplug;version=15.0.1.13 - c:\program files\real\realone player\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.1.13 - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprphtml5videoshim;version=15.0.1.13 - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpjplug;version=15.0.1.13 - c:\program files\real\realone player\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF Plugin: @worldwinner.com/Launcher2,version=1.10.0.25 - C:\Program Files\WorldWinner.com, Inc\WorldWinner Games\npwwload.dll (WorldWinner.com, Inc.) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.) FF SearchPlugin: C:\Documents and Settings\nika\Application Data\Mozilla\Firefox\Profiles\kqcbxn4o.default\searchplugins\yahoo-zugo.xml FF Extension: Broowsie2saavie - C:\Documents and Settings\nika\Application Data\Mozilla\Firefox\Profiles\kqcbxn4o.default\Extensions\vdrbzwg@ltpo.org [2013-04-10] FF Extension: Adblock Plus Pop-up Addon - C:\Documents and Settings\nika\Application Data\Mozilla\Firefox\Profiles\kqcbxn4o.default\Extensions\adblockpopups@jessehakanen.net.xpi [2013-01-01] FF Extension: YesScript - C:\Documents and Settings\nika\Application Data\Mozilla\Firefox\Profiles\kqcbxn4o.default\Extensions\yesscript@userstyles.org.xpi [2013-03-06] FF Extension: Adblock Plus - C:\Documents and Settings\nika\Application Data\Mozilla\Firefox\Profiles\kqcbxn4o.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-01-01] FF Extension: Motive Extension - C:\Program Files\Mozilla Firefox\extensions\mcciwbch@motive.com.xpi [2014-05-10] FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF Extension: RealPlayer Browser Record Plugin - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-01-28] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [] FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2013-12-10] Chrome: ======= CHR Extension: (Broowsie2saavie) - C:\Documents and Settings\nika\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gbbopncedhcfaihihacemdlapgjbmfkm [2013-04-10] CHR HKLM\...\Chrome\Extension: [edmgmpmklgfbohogafcfobonnkogchec] - C:\Program Files\Common Files\Motive\extensions\MotiveRequest.crx [2013-09-05] CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2012-01-28] ========================== Services (Whitelisted) ================= R2 ATT MAHostService; C:\Program Files\ATT\8.3.1.7\ma\bin\MAHostService.exe [321024 2013-08-26] (Alcatel-Lucent) R2 Compaq_RBA; C:\Program Files\compaq\Compaq Advisor\bin\compaq-rba.exe [262144 2002-05-17] (NeoPlanet) R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [1337752 2013-09-12] (ESET) R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182184 2013-07-21] (Oracle Corporation) R2 ogmservice; C:\Program Files\Online Games Manager\ogmservice.exe [581568 2014-03-27] (RealNetworks, Inc.) R2 PackethSvc; C:\WINDOWS\System32\PackethSvc.exe [64512 2001-08-10] (America Online, Inc.) R2 WANMiniportService; C:\WINDOWS\wanmpsvc.exe [65536 2001-11-27] (America Online, Inc.) S2 ASFWHide; %systemroot%\system32\Ndismeetro.dll [X] S2 eeyeevnt; %systemroot%\system32\backupexecagentaccelerator.dll [X] S2 kpf4; %systemroot%\system32\pctavsvc.dll [X] S2 msCMTSrvc; C:\WINDOWS\system32\msCMTSrvc.exe [X] S2 osaio; %systemroot%\system32\nvax.dll [X] S2 SymIM; %systemroot%\system32\govsrv.dll [X] S2 tosrfhid; %systemroot%\system32\s117bus.dll [X] S2 VICESYS; %systemroot%\system32\HabuFltr.dll [X] S2 w800mdfl; %systemroot%\system32\DirectUpdate.dll [X] ==================== Drivers (Whitelisted) ==================== R3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [2279424 2004-10-01] (Realtek Semiconductor Corp.) S3 AX88772; C:\WINDOWS\System32\DRIVERS\ax88772.sys [29184 2007-09-21] (ASIX Electronics Corp.) R0 drvmcdb; C:\WINDOWS\System32\drivers\drvmcdb.sys [81552 2002-06-05] (VERITAS Software, Inc.) R2 drvnddm; C:\WINDOWS\System32\drivers\drvnddm.sys [40368 2002-06-06] (VERITAS Software, Inc.) R1 eamon; C:\WINDOWS\System32\DRIVERS\eamon.sys [184664 2013-09-17] (ESET) R3 eaps2kbd; C:\WINDOWS\System32\DRIVERS\eaps2kbd.sys [24035 2001-12-29] (Compaq Computer Corp.) R1 EAWDMFD; C:\WINDOWS\System32\DRIVERS\eawdmfd.sys [24348 1999-10-30] (Compaq Computer Corporation) R1 ehdrv; C:\WINDOWS\System32\DRIVERS\ehdrv.sys [134248 2013-09-17] (ESET) R1 epfwtdir; C:\WINDOWS\System32\DRIVERS\epfwtdir.sys [118768 2013-09-17] (ESET) R3 FETNDISB; C:\WINDOWS\System32\DRIVERS\dlkfet5b.sys [43008 2007-07-13] (D-Link ) S3 i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [158140 2001-08-08] (Intel® Corporation) S3 iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [12479 2001-08-08] (Intel® Corporation) S3 iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [12031 2001-08-08] (Intel® Corporation) S3 iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [11679 2001-08-08] (Intel® Corporation) S3 iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [11999 2001-08-08] (Intel® Corporation) S3 iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [19359 2001-08-08] (Intel® Corporation) S3 iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [29215 2001-08-08] (Intel® Corporation) S3 iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [19199 2001-08-08] (Intel® Corporation) S3 iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [33503 2001-08-08] (Intel® Corporation) S3 iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [23519 2001-08-08] (Intel® Corporation) R3 ltmodem5; C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys [625537 2003-03-31] (LT) S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2004-08-04] (Realtek Semiconductor Corporation) S3 S3Psddr; C:\WINDOWS\System32\DRIVERS\s3gnbm.sys [155008 2002-07-13] (S3 Graphics, Inc.) R1 sscdbhk5; C:\WINDOWS\System32\drivers\sscdbhk5.sys [5589 2002-06-19] (VERITAS Software, Inc.) R1 ssrtln; C:\WINDOWS\System32\drivers\ssrtln.sys [22995 2002-06-19] (VERITAS Software, Inc.) R2 tfsnboio; C:\WINDOWS\System32\dla\tfsnboio.sys [23701 2002-07-16] (VERITAS Software, Inc.) R2 tfsncofs; C:\WINDOWS\System32\dla\tfsncofs.sys [34805 2002-07-16] (VERITAS Software, Inc.) R2 tfsndrct; C:\WINDOWS\System32\dla\tfsndrct.sys [4117 2002-07-16] (VERITAS Software, Inc.) R2 tfsndres; C:\WINDOWS\System32\dla\tfsndres.sys [2201 2002-07-16] (VERITAS Software, Inc.) R2 tfsnifs; C:\WINDOWS\System32\dla\tfsnifs.sys [54900 2002-07-16] (VERITAS Software, Inc.) R2 tfsnopio; C:\WINDOWS\System32\dla\tfsnopio.sys [14421 2002-07-16] (VERITAS Software, Inc.) R2 tfsnpool; C:\WINDOWS\System32\dla\tfsnpool.sys [6325 2002-07-16] (VERITAS Software, Inc.) R2 tfsnudf; C:\WINDOWS\System32\dla\tfsnudf.sys [91156 2002-07-16] (VERITAS Software, Inc.) R2 tfsnudfa; C:\WINDOWS\System32\dla\tfsnudfa.sys [95125 2002-07-16] (VERITAS Software, Inc.) R0 viaagp1; C:\WINDOWS\System32\DRIVERS\viaagp1.sys [27648 2002-03-04] (VIA Technologies, Inc.) R3 wanatw; C:\WINDOWS\System32\DRIVERS\wanatw4.sys [28396 2001-09-27] (America Online, Inc.) R3 wandrv; C:\WINDOWS\System32\DRIVERS\wandrv.sys [22608 2001-08-10] (America Online, Inc.) R1 {6080A529-897E-4629-A488-ABA0C29B635E}; C:\WINDOWS\System32\drivers\ialmsbw.sys [90336 2002-05-22] (Intel Corporation) R3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}; C:\WINDOWS\System32\drivers\ialmkchw.sys [69504 2002-05-22] (Intel Corporation) S4 hpt3xx; No ImagePath S3 iAimTV2; System32\DRIVERS\wATV03nt.sys [X] S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X] S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X] S1 SABKUTIL; \??\C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys [X] S3 SABProcEnum; \??\C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABProcEnum.sys [X] U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation) U3 TlntSvr; U3 aswMBR; \??\C:\DOCUME~1\nika\LOCALS~1\Temp\aswMBR.sys [X] ========================== Drivers MD5 ======================= C:\WINDOWS\System32\DRIVERS\ACPI.sys 8FD99680A539792A30E97944FDAECF17 C:\WINDOWS\system32\Drivers\ACPIEC.sys 9859C0F6936E723E4892D7141B1327D5 C:\WINDOWS\System32\drivers\aec.sys 8BED39E3C35D6A489438B8141717A557 C:\WINDOWS\System32\drivers\afd.sys 1E44BC1E83D8FD2305F8D452DB109CF9 C:\WINDOWS\System32\drivers\ALCXWDM.SYS 8D6C30E515717248E0E52B85FD7AC466 C:\WINDOWS\System32\DRIVERS\amdk7.sys 8FCE268CDBDD83B23419D1F35F42C7B1 C:\WINDOWS\System32\DRIVERS\asyncmac.sys B153AFFAC761E7F5FCFA822B9C4E97BC C:\WINDOWS\System32\DRIVERS\atapi.sys 9F3A2F5AA6875C72BF062C712CFA2674 C:\WINDOWS\System32\DRIVERS\atmarpc.sys 9916C1225104BA14794209CFA8012159 C:\WINDOWS\System32\DRIVERS\audstub.sys D9F724AA26C010A217C97606B160ED68 C:\WINDOWS\System32\DRIVERS\ax88772.sys 26A378D112677FB8AE08E1DFCECDA44D C:\WINDOWS\system32\Drivers\Beep.sys DA1F27D85E0D1525F6621372E7B685E9 C:\WINDOWS\system32\Drivers\cbidf2k.sys 90A673FC8E12A79AFBED2576F6A7AAF9 C:\WINDOWS\system32\Drivers\Cdaudio.sys C1B486A7658353D33A10CC15211A873B C:\WINDOWS\system32\Drivers\Cdfs.sys C885B02847F5D2FD45A24E219ED93B32 C:\WINDOWS\System32\DRIVERS\cdrom.sys 1F4260CC5B42272D71F79E570A27A4FE C:\WINDOWS\System32\DRIVERS\disk.sys 044452051F3E02E7963599FC8F4F3E25 C:\WINDOWS\System32\drivers\dmboot.sys D992FE1274BDE0F84AD826ACAE022A41 C:\WINDOWS\System32\drivers\dmio.sys 7C824CF7BBDE77D95C08005717A95F6F C:\WINDOWS\System32\drivers\dmload.sys E9317282A63CA4D188C0DF5E09C6AC5F C:\WINDOWS\System32\drivers\DMusic.sys 8A208DFCF89792A484E76C40E5F50B45 C:\WINDOWS\System32\drivers\drmkaud.sys 8F5FCFF8E8848AFAC920905FBD9D33C8 C:\WINDOWS\System32\drivers\drvmcdb.sys A605A3D1A946D7B9B8E011A056445136 C:\WINDOWS\System32\drivers\drvnddm.sys 394D65A0DA6BD18EACA54AE4FEF28054 C:\WINDOWS\System32\DRIVERS\eamon.sys 0C51F1D7A7501FC948D35AE0FDE764A5 C:\WINDOWS\System32\DRIVERS\eaps2kbd.sys 53CE0799C9384CAC99942FF032285F21 C:\WINDOWS\System32\DRIVERS\eawdmfd.sys E54E3A335B3A03AD0252E50BB92A633C C:\WINDOWS\System32\DRIVERS\ehdrv.sys C79916F203E1A2CBBE99F22D6E5D21DA C:\WINDOWS\System32\DRIVERS\epfwtdir.sys 8727A2182BBCD588E255C60C1AA7B357 C:\WINDOWS\system32\Drivers\Fastfat.sys 38D332A6D56AF32635675F132548343E C:\WINDOWS\System32\DRIVERS\fdc.sys 92CDD60B6730B9F50F6A1A0C1F8CDC81 C:\WINDOWS\System32\DRIVERS\dlkfet5b.sys 95BC4D8493FE30312F5E1AB57EF36083 C:\WINDOWS\system32\Drivers\Fips.sys D45926117EB9FA946A6AF572FBE1CAA3 C:\WINDOWS\System32\DRIVERS\flpydisk.sys 9D27E7B80BFCDF1CDD9B555862D5E7F0 C:\WINDOWS\System32\drivers\fltmgr.sys B2CF4B0786F8212CB92ED2B50C6DB6B0 C:\WINDOWS\system32\Drivers\Fs_Rec.sys 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A C:\WINDOWS\System32\DRIVERS\ftdisk.sys 6AC26732762483366C3969C9E4D2259D C:\WINDOWS\System32\DRIVERS\msgpc.sys 0A02C63C8B144BD8C86B103DEE7C86A2 C:\WINDOWS\System32\DRIVERS\hidusb.sys CCF82C5EC8A7326C3066DE870C06DAF1 C:\WINDOWS\System32\Drivers\HTTP.sys F80A415EF82CD06FFAF0D971528EAD38 C:\WINDOWS\System32\DRIVERS\i8042prt.sys 4A0B06AA8943C1E332520F7440C0AA30 C:\WINDOWS\System32\DRIVERS\i81xnt5.sys 007DBB8F9C35DF8F8A20B8E7C1204B8B C:\WINDOWS\System32\DRIVERS\wADV01nt.sys 19F03895CE0B9E7FB514E67BB17EDCB5 C:\WINDOWS\System32\DRIVERS\wADV02NT.sys 479278C265B596C4FC1A2E0F51E70736 C:\WINDOWS\System32\DRIVERS\wADV05NT.sys 66317ECBED58D15541CAD4ED60888430 C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys 5807920DCD9FE760FFD733A1297D164A C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys AFB6725DDF3F417495AB99198979FFB1 C:\WINDOWS\System32\DRIVERS\wATV01nt.sys 3DE116FE9FC7F15B0A5E0E611B344236 C:\WINDOWS\System32\DRIVERS\wATV02NT.sys 275B8EC3A1AA555E3F1586EAF1302AC5 C:\WINDOWS\System32\DRIVERS\wATV04nt.sys 31D5981E35D0F158CD1031E0EE74C6FE C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys 78B4456A11582A927E9B1ECA87D1E4F6 C:\WINDOWS\System32\DRIVERS\ialmnt5.sys 86BA1718DEE415BCD63FBE35F425D874 C:\WINDOWS\System32\DRIVERS\imapi.sys 083A052659F5310DD8B6A6CB05EDCF8E C:\WINDOWS\System32\DRIVERS\intelide.sys B5466A9250342A7AA0CD1FBA13420678 C:\WINDOWS\System32\drivers\ip6fw.sys 3BB22519A194418D5FEC05D800A19AD0 C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys 731F22BA402EE4B62748ADAF6363C182 C:\WINDOWS\System32\DRIVERS\ipinip.sys B87AB476DCF76E72010632B5550955F5 C:\WINDOWS\System32\DRIVERS\ipnat.sys CC748EA12C6EFFDE940EE98098BF96BB C:\WINDOWS\System32\DRIVERS\ipsec.sys 23C74D75E36E7158768DD63D92789A91 C:\WINDOWS\System32\DRIVERS\irenum.sys C93C9FF7B04D772627A3646D89F7BF89 C:\WINDOWS\System32\DRIVERS\isapnp.sys 05A299EC56E52649B1CF2FC52D20F2D7 C:\WINDOWS\System32\DRIVERS\kbdclass.sys 463C1EC80CD17420A542B7F36A36F128 C:\WINDOWS\System32\drivers\kmixer.sys 692BCF44383D056AED41B045A323D378 C:\WINDOWS\system32\Drivers\KSecDD.sys B467646C54CC746128904E1654C750C1 C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys FA2ED4A054360F3F873C15420F1F19CC C:\WINDOWS\system32\Drivers\mnmdd.sys 4AE068242760A1FB6E1A44BF4E16AFA6 C:\WINDOWS\system32\Drivers\Modem.sys DFCBAD3CEC1C5F964962AE10E0BCC8E1 C:\WINDOWS\System32\DRIVERS\mouclass.sys 35C9E97194C8CFB8430125F8DBC34D04 C:\WINDOWS\System32\DRIVERS\mouhid.sys B1C303E17FB9D46E87A98E4BA6769685 C:\WINDOWS\system32\Drivers\MountMgr.sys A80B9A0BAD1B73637DBCBBA7DF72D3FD C:\Program Files\Common Files\Motive\MREMP50.sys 9BD4DCB5412921864A7AACDEDFBD1923 C:\Program Files\Common Files\Motive\MRESP50.sys 07C02C892E8E1A72D6BF35004F0E9C5E C:\WINDOWS\System32\DRIVERS\mrxdav.sys 11D42BB6206F33FBB3BA0288D3EF81BD C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 7D304A5EB4344EBEEAB53A2FE3FFB9F0 C:\WINDOWS\system32\Drivers\Msfs.sys C941EA2454BA8350021D774DAF0F1027 C:\WINDOWS\System32\drivers\MSKSSRV.sys D1575E71568F4D9E14CA56B7B0453BF1 C:\WINDOWS\System32\drivers\MSPCLOCK.sys 325BB26842FC7CCC1FCCE2C457317F3E C:\WINDOWS\System32\drivers\MSPQM.sys BAD59648BA099DA4A17680B39730CB3D C:\WINDOWS\System32\DRIVERS\mssmbios.sys AF5F4F3F14A8EA2C26DE30F7A1E17136 C:\WINDOWS\system32\Drivers\Mup.sys DE6A75F5C270E756C5508D94B6CF68F5 C:\WINDOWS\system32\Drivers\NDIS.sys 1DF7F42665C94B825322FAE71721130D C:\WINDOWS\System32\DRIVERS\ndistapi.sys 0109C4F3850DFBAB279542515386AE22 C:\WINDOWS\System32\DRIVERS\ndisuio.sys F927A4434C5028758A842943EF1A3849 C:\WINDOWS\System32\DRIVERS\ndiswan.sys EDC1531A49C80614B2CFDA43CA8659AB C:\WINDOWS\system32\Drivers\NDProxy.sys 2F597BB467E05B1FE3830EABD821B8E0 C:\WINDOWS\System32\DRIVERS\netbios.sys 5D81CF9A2F1A3A756B66CF684911CDF0 C:\WINDOWS\System32\DRIVERS\netbt.sys 74B2B2F5BEA5E9A3DC021D685551BD3D C:\WINDOWS\system32\Drivers\Npfs.sys 3182D64AE053D6FB034F44B6DEF8034A C:\WINDOWS\system32\Drivers\Ntfs.sys 78A08DD6A8D65E697C18E1DB01C5CDCA C:\WINDOWS\system32\Drivers\Null.sys 73C1E1F395918BC2C6DD67AF7591A3AD C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys B305F3FAD35083837EF46A0BBCE2FC57 C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys C99B3415198D1AAB7227F2C88FD664B9 C:\WINDOWS\System32\DRIVERS\parport.sys 5575FAF8F97CE5E713D108C2A58D7C7C C:\WINDOWS\system32\Drivers\PartMgr.sys BEB3BA25197665D82EC7065B724171C6 C:\WINDOWS\system32\Drivers\ParVdm.sys 70E98B3FD8E963A6A46A2E6247E0BEA1 C:\WINDOWS\System32\DRIVERS\pci.sys A219903CCF74233761D92BEF471A07B1 C:\WINDOWS\System32\DRIVERS\pciide.sys CCF5F451BB1A5A2A522A76E670000FF0 C:\WINDOWS\system32\Drivers\Pcmcia.sys 9E89EF60E9EE05E3F2EEF2DA7397F1C1 C:\WINDOWS\System32\Drivers\pcouffin.sys 5B6C11DE7E839C05248CED8825470FEF C:\WINDOWS\System32\DRIVERS\raspptp.sys EFEEC01B1D3CF84F16DDD24D9D9D8F99 C:\WINDOWS\System32\DRIVERS\processr.sys A32BEBAF723557681BFC6BD93E98BD26 C:\WINDOWS\System32\DRIVERS\psched.sys 09298EC810B07E5D582CB3A3F9255424 C:\WINDOWS\System32\DRIVERS\ptilink.sys 80D317BD1C3DBC5D4FE7B1678C60CADD C:\WINDOWS\System32\DRIVERS\PxHelp20.sys 40FEDD328F98245AD201CF5F9F311724 C:\WINDOWS\System32\DRIVERS\rasacd.sys FE0D99D6F31E4FAD8159F690D68DED9C C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 11B4A627BC9614B885C4969BFA5FF8A6 C:\WINDOWS\System32\DRIVERS\raspppoe.sys 5BC962F2654137C9909C3D4603587DEE C:\WINDOWS\System32\DRIVERS\raspti.sys FDBB1D60066FCFBB7452FD8F9829B242 C:\WINDOWS\System32\DRIVERS\rdbss.sys 7AD224AD1A1437FE28D89CF22B17780A C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 4912D5B403614CE99C28420F75353332 C:\WINDOWS\system32\Drivers\RDPWD.sys 43AF5212BD8FB5BA6EED9754358BD8F7 C:\WINDOWS\System32\DRIVERS\redbook.sys F828DD7E1419B6653894A8F97A0094C5 C:\WINDOWS\System32\DRIVERS\RTL8139.SYS D507C1400284176573224903819FFDA3 C:\WINDOWS\System32\DRIVERS\s3gnbm.sys 6D9E6867F89A3B06CF317FC4C7EE5029 C:\WINDOWS\System32\DRIVERS\secdrv.sys ==> MD5 is legit C:\WINDOWS\System32\DRIVERS\serenum.sys 0F29512CCD6BEAD730039FB4BD2C85CE C:\WINDOWS\system32\Drivers\Sfloppy.sys 8E6B8C671615D126FDC553D1E2DE5562 C:\WINDOWS\System32\drivers\splitter.sys AB8B92451ECB048A4D1DE7C3FFCB4A9F C:\WINDOWS\System32\DRIVERS\sr.sys 76BB022C2FB6902FD5BDD4F78FC13A5D C:\WINDOWS\System32\DRIVERS\srv.sys 47DDFC2F003F7F9F0592C6874962A2E7 C:\WINDOWS\System32\drivers\sscdbhk5.sys 0885506BD787A1AE7041EA1D0E0F7922 C:\WINDOWS\System32\drivers\ssrtln.sys A9E4ACEE2D7C9736CD753D630E13A386 C:\WINDOWS\System32\DRIVERS\swenum.sys 3941D127AEF12E93ADDF6FE6EE027E0F C:\WINDOWS\System32\drivers\swmidi.sys 8CE882BCC6CF8A62F2B2323D95CB3D01 C:\WINDOWS\System32\drivers\sysaudio.sys 8B83F3ED0F1688B4958F77CD6D2BF290 C:\WINDOWS\System32\DRIVERS\tcpip.sys 9AEFA14BD6B182D61E3119FA5F436D3D C:\WINDOWS\system32\Drivers\TDPIPE.sys 6471A66807F5E104E4885F5B67349397 C:\WINDOWS\system32\Drivers\TDTCP.sys C56B6D0402371CF3700EB322EF3AAF61 C:\WINDOWS\System32\DRIVERS\termdd.sys 88155247177638048422893737429D9E C:\WINDOWS\System32\dla\tfsnboio.sys 471B28101EE53B965B836033D8FE7955 C:\WINDOWS\System32\dla\tfsncofs.sys 70766EF81E05EA358118468A722FA1F5 C:\WINDOWS\System32\dla\tfsndrct.sys 66FD0AAC1648BC38CD3CD130A4EA12E0 C:\WINDOWS\System32\dla\tfsndres.sys 2B35FCAA75B1C475374D1474A1C2EFE1 C:\WINDOWS\System32\dla\tfsnifs.sys 7AAA22C17642D19C64B81CAAE888B43F C:\WINDOWS\System32\dla\tfsnopio.sys A56EBC32E332F66488CBF9C5EF4E084A C:\WINDOWS\System32\dla\tfsnpool.sys 53809135B8EB9EB2B29525F125456741 C:\WINDOWS\System32\dla\tfsnudf.sys 03E0CE19E5F6A8009EBDC3CC087A6C9C C:\WINDOWS\System32\dla\tfsnudfa.sys 3F8F05BE8F1D68A598412927AEB57BD9 C:\WINDOWS\system32\Drivers\Udfs.sys 5787B80C2E3C5E2F56C2A233D91FA2C9 C:\WINDOWS\System32\DRIVERS\update.sys 402DDC88356B1BAC0EE3DD1580C76A31 C:\WINDOWS\System32\DRIVERS\usbccgp.sys 1B611611C28D2DF25BC057D79C6F13FC C:\WINDOWS\System32\DRIVERS\usbehci.sys 4BAC8DF07F1D8434FC640E677A62204E C:\WINDOWS\System32\DRIVERS\usbhub.sys 1AB3CDDE553B6E064D2E754EFE20285C C:\WINDOWS\System32\DRIVERS\usbprint.sys A717C8721046828520C9EDF31288FC00 C:\WINDOWS\System32\DRIVERS\usbscan.sys F8EDE2B6928970DCE3D5614C27D9E7F6 C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS A32426D9B14A089EAA1D922E0C5801A9 C:\WINDOWS\System32\DRIVERS\usbuhci.sys 26496F9DEE2D787FC3E61AD54821FFE6 C:\WINDOWS\System32\drivers\vga.sys 0D3A8FAFCEACD8B7625CD549757A7DF1 C:\WINDOWS\System32\DRIVERS\viaagp1.sys 099F10C7B9D4C7A2BF48D4C6ECA1E7F1 C:\WINDOWS\System32\DRIVERS\viaide.sys 3B3EFCDA263B8AC14FDF9CBDD0791B2E C:\WINDOWS\system32\Drivers\VolSnap.sys 4C8FCB5CC53AAB716D810740FE59D025 C:\WINDOWS\System32\DRIVERS\wanarp.sys E20B95BAEDB550F32DD489265C1DA1F6 C:\WINDOWS\System32\DRIVERS\wanatw4.sys BA1D9278448CB26152A18B6A06B61EA3 C:\WINDOWS\System32\DRIVERS\wandrv.sys 30211ADD92098D4B5CFADBF3DA01E69B C:\WINDOWS\System32\drivers\wdmaud.sys 6768ACF64B18196494413695F0C3A00F C:\WINDOWS\System32\drivers\ws2ifsl.sys 6ABE6E225ADB5A751622A9CC3BC19CE8 C:\WINDOWS\System32\drivers\ialmsbw.sys 5B3D453A2F38105BCD0C573B94DEA346 C:\WINDOWS\System32\drivers\ialmkchw.sys E147BD61A697701096CA5C830A5ADB90 ==================== NetSvcs (Whitelisted) =================== NETSVC: eeyeevnt -> C:\Windows\system32\backupexecagentaccelerator.dll ==> No File. NETSVC: tosrfhid -> C:\Windows\system32\s117bus.dll ==> No File. NETSVC: ASFWHide -> C:\Windows\system32\Ndismeetro.dll ==> No File. NETSVC: osaio -> C:\Windows\system32\nvax.dll ==> No File. NETSVC: VICESYS -> C:\Windows\system32\HabuFltr.dll ==> No File. NETSVC: kpf4 -> C:\Windows\system32\pctavsvc.dll ==> No File. NETSVC: w800mdfl -> C:\Windows\system32\DirectUpdate.dll ==> No File. NETSVC: SymIM -> C:\Windows\system32\govsrv.dll ==> No File. ==================== One Month Created Files and Folders ======== 2014-05-13 12:38 - 2014-05-13 12:38 - 00033434 _____ () C:\Documents and Settings\nika\Desktop\FRST.txt 2014-05-13 12:35 - 2014-05-13 12:38 - 00000000 ____D () C:\FRST 2014-05-13 12:15 - 2014-05-13 12:15 - 01056256 _____ (Farbar) C:\Documents and Settings\nika\Desktop\FRST.exe 2014-05-13 12:14 - 2014-05-13 12:14 - 00001917 _____ () C:\Documents and Settings\nika\Desktop\aswMBR.txt 2014-05-13 12:14 - 2014-05-13 12:14 - 00000512 _____ () C:\Documents and Settings\nika\Desktop\MBR.dat 2014-05-13 11:11 - 2014-05-13 11:12 - 04745728 _____ (AVAST Software) C:\Documents and Settings\nika\Desktop\aswmbr.exe 2014-05-12 14:11 - 2014-05-12 14:11 - 00367968 _____ (ESET) C:\Documents and Settings\nika\Desktop\ESETSirefefCleaner.exe 2014-05-10 12:03 - 2014-05-10 12:10 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-05-07 00:14 - 2014-05-07 00:14 - 00000000 ____D () C:\Documents and Settings\nika\Application Data\Fugazo 2014-05-07 00:00 - 2014-05-07 00:00 - 00001848 _____ () C:\Documents and Settings\nika\Desktop\Cooking Academy- Restaurant Royale.lnk 2014-05-07 00:00 - 2014-05-07 00:00 - 00000000 ____D () C:\Documents and Settings\nika\Start Menu\Programs\Cooking Academy - Restaurant Royale 2014-05-06 23:59 - 2014-05-07 00:00 - 00000000 ____D () C:\Program Files\Cooking Academy - Restaurant Royale 2014-05-06 23:59 - 2014-05-06 23:59 - 00000000 ____D () C:\WINDOWS\Cooking Academy - Restaurant Royale 2014-05-06 23:58 - 2014-05-06 23:58 - 00000418 _____ () C:\WINDOWS\Tasks\At1.job 2014-05-06 23:58 - 2014-05-06 23:58 - 00000000 ____D () C:\WINDOWS\system32\3045 2014-05-04 12:02 - 2014-05-04 12:05 - 00006459 _____ () C:\WINDOWS\KB2964358-IE8.log 2014-05-03 16:54 - 2014-05-03 16:45 - 00065536 ____H () C:\WINDOWS\Minidump\Mini050314-01.dmp 2014-05-03 15:33 - 2014-05-03 15:33 - 00000000 ____D () C:\WINDOWS\Performance 2014-05-03 15:33 - 2014-05-03 15:33 - 00000000 ____D () C:\Documents and Settings\nika\Local Settings\Application Data\Microsoft Corporation 2014-04-28 15:39 - 2014-05-13 10:46 - 00000276 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-1482789601-782189750-1497286466-1006.job 2014-04-25 12:00 - 2014-04-25 12:00 - 00002103 _____ () C:\Documents and Settings\nika\Desktop\[HD Lyrics] Beyonce ft Jay Z-Drunk In Love [New Song 2014].cue ==================== One Month Modified Files and Folders ======= 2014-05-13 12:39 - 2012-01-02 19:32 - 00000000 ____D () C:\Documents and Settings\nika 2014-05-13 12:38 - 2014-05-13 12:38 - 00033434 _____ () C:\Documents and Settings\nika\Desktop\FRST.txt 2014-05-13 12:38 - 2014-05-13 12:35 - 00000000 ____D () C:\FRST 2014-05-13 12:15 - 2014-05-13 12:15 - 01056256 _____ (Farbar) C:\Documents and Settings\nika\Desktop\FRST.exe 2014-05-13 12:15 - 2002-08-02 00:57 - 00004745 _____ () C:\WINDOWS\compaq.reg 2014-05-13 12:14 - 2014-05-13 12:14 - 00001917 _____ () C:\Documents and Settings\nika\Desktop\aswMBR.txt 2014-05-13 12:14 - 2014-05-13 12:14 - 00000512 _____ () C:\Documents and Settings\nika\Desktop\MBR.dat 2014-05-13 11:44 - 2012-04-03 11:34 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-05-13 11:40 - 2012-01-24 03:46 - 01688597 _____ () C:\WINDOWS\WindowsUpdate.log 2014-05-13 11:12 - 2014-05-13 11:11 - 04745728 _____ (AVAST Software) C:\Documents and Settings\nika\Desktop\aswmbr.exe 2014-05-13 10:46 - 2014-04-28 15:39 - 00000276 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-1482789601-782189750-1497286466-1006.job 2014-05-13 10:46 - 2013-07-01 12:54 - 00000284 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1482789601-782189750-1497286466-1006.job 2014-05-13 10:45 - 2002-08-01 15:39 - 00000159 _____ () C:\WINDOWS\wiadebug.log 2014-05-13 10:44 - 2014-03-08 14:39 - 00000220 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job 2014-05-13 10:44 - 2013-09-20 21:38 - 00004745 _____ () C:\WINDOWS\.compaq.bak 2014-05-13 10:44 - 2013-09-05 17:36 - 00000000 ____D () C:\Program Files\ATT 2014-05-13 10:44 - 2012-10-04 11:02 - 00000316 _____ () C:\WINDOWS\Tasks\YourFile Update.job 2014-05-13 10:44 - 2012-03-12 12:12 - 00000294 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-1482789601-782189750-1497286466-500.job 2014-05-13 10:44 - 2002-08-02 01:03 - 00000000 ____D () C:\WINDOWS\wt 2014-05-13 10:44 - 2002-08-01 22:46 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-05-13 10:44 - 2002-08-01 15:39 - 00000049 _____ () C:\WINDOWS\wiaservc.log 2014-05-12 23:48 - 2012-01-02 19:32 - 00000178 ___SH () C:\Documents and Settings\nika\ntuser.ini 2014-05-12 20:46 - 2002-08-01 22:51 - 00032614 _____ () C:\WINDOWS\SchedLgU.Txt 2014-05-12 14:11 - 2014-05-12 14:11 - 00367968 _____ (ESET) C:\Documents and Settings\nika\Desktop\ESETSirefefCleaner.exe 2014-05-12 13:54 - 2002-08-02 00:39 - 00000000 ____D () C:\WINDOWS\SMINST 2014-05-12 12:12 - 2012-03-12 12:12 - 00000302 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1482789601-782189750-1497286466-500.job 2014-05-10 19:01 - 2012-06-17 21:12 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-05-10 16:24 - 2012-07-15 19:43 - 00065536 _____ () C:\WINDOWS\system32\config\OAlerts.evt 2014-05-10 12:10 - 2014-05-10 12:03 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-05-08 19:44 - 2014-03-08 14:39 - 00000214 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job 2014-05-07 22:53 - 2012-01-15 19:08 - 00098816 _____ () C:\Documents and Settings\nika\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-05-07 22:29 - 2012-04-15 13:45 - 00000000 ____D () C:\Documents and Settings\nika\Application Data\uTorrent 2014-05-07 00:14 - 2014-05-07 00:14 - 00000000 ____D () C:\Documents and Settings\nika\Application Data\Fugazo 2014-05-07 00:00 - 2014-05-07 00:00 - 00001848 _____ () C:\Documents and Settings\nika\Desktop\Cooking Academy- Restaurant Royale.lnk 2014-05-07 00:00 - 2014-05-07 00:00 - 00000000 ____D () C:\Documents and Settings\nika\Start Menu\Programs\Cooking Academy - Restaurant Royale 2014-05-07 00:00 - 2014-05-06 23:59 - 00000000 ____D () C:\Program Files\Cooking Academy - Restaurant Royale 2014-05-06 23:59 - 2014-05-06 23:59 - 00000000 ____D () C:\WINDOWS\Cooking Academy - Restaurant Royale 2014-05-06 23:58 - 2014-05-06 23:58 - 00000418 _____ () C:\WINDOWS\Tasks\At1.job 2014-05-06 23:58 - 2014-05-06 23:58 - 00000000 ____D () C:\WINDOWS\system32\3045 2014-05-04 12:05 - 2014-05-04 12:02 - 00006459 _____ () C:\WINDOWS\KB2964358-IE8.log 2014-05-04 12:05 - 2013-12-12 14:44 - 00168304 _____ () C:\WINDOWS\setupapi.log 2014-05-04 12:05 - 2012-01-28 15:02 - 00326552 _____ () C:\WINDOWS\updspapi.log 2014-05-04 12:05 - 2002-08-01 15:37 - 02008854 _____ () C:\WINDOWS\FaxSetup.log 2014-05-04 12:05 - 2002-08-01 15:37 - 00969643 _____ () C:\WINDOWS\ocgen.log 2014-05-04 12:05 - 2002-08-01 15:37 - 00769711 _____ () C:\WINDOWS\tsoc.log 2014-05-04 12:05 - 2002-08-01 15:37 - 00559192 _____ () C:\WINDOWS\comsetup.log 2014-05-04 12:05 - 2002-08-01 15:37 - 00338960 _____ () C:\WINDOWS\ntdtcsetup.log 2014-05-04 12:05 - 2002-08-01 15:37 - 00314540 _____ () C:\WINDOWS\iis6.log 2014-05-04 12:05 - 2002-08-01 15:37 - 00100147 _____ () C:\WINDOWS\msgsocm.log 2014-05-04 12:05 - 2002-08-01 15:37 - 00090093 _____ () C:\WINDOWS\ocmsn.log 2014-05-04 12:05 - 2002-08-01 15:37 - 00001355 _____ () C:\WINDOWS\imsins.log 2014-05-04 12:04 - 2012-03-28 20:47 - 00000000 ____D () C:\WINDOWS\ie8updates 2014-05-03 21:42 - 2012-03-19 00:32 - 00001057 _____ () C:\Documents and Settings\nika\Application Data\vso_ts_preview.xml 2014-05-03 21:42 - 2012-02-12 18:29 - 00000000 ____D () C:\Documents and Settings\nika\Application Data\Vso 2014-05-03 16:54 - 2012-01-29 16:21 - 00000000 ____D () C:\WINDOWS\Minidump 2014-05-03 16:45 - 2014-05-03 16:54 - 00065536 ____H () C:\WINDOWS\Minidump\Mini050314-01.dmp 2014-05-03 15:33 - 2014-05-03 15:33 - 00000000 ____D () C:\WINDOWS\Performance 2014-05-03 15:33 - 2014-05-03 15:33 - 00000000 ____D () C:\Documents and Settings\nika\Local Settings\Application Data\Microsoft Corporation 2014-05-03 14:07 - 2002-08-01 22:32 - 00001158 _____ () C:\WINDOWS\system32\wpa.dbl 2014-04-30 15:48 - 2012-03-04 16:48 - 00000486 _____ () C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job 2014-04-30 04:13 - 2012-01-02 19:01 - 06022144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtml.dll 2014-04-30 04:13 - 2012-01-02 19:01 - 06022144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2014-04-28 15:46 - 2012-04-03 11:34 - 00692400 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2014-04-28 15:46 - 2012-01-28 17:58 - 00070832 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2014-04-27 20:49 - 2002-08-01 15:36 - 00200993 _____ () C:\WINDOWS\setupact.log 2014-04-25 12:00 - 2014-04-25 12:00 - 00002103 _____ () C:\Documents and Settings\nika\Desktop\[HD Lyrics] Beyonce ft Jay Z-Drunk In Love [New Song 2014].cue Files to move or delete: ==================== C:\Windows\Tasks\At1.job Some content of TEMP: ==================== C:\Documents and Settings\nika\Local Settings\temp\_Cooking_Academy_4_–_Restaurant_Royale.exe ==================== Bamital & volsnap Check ================= C:\WINDOWS\explorer.exe => MD5 is legit C:\WINDOWS\system32\winlogon.exe => MD5 is legit C:\WINDOWS\system32\svchost.exe => MD5 is legit C:\WINDOWS\system32\services.exe => MD5 is legit C:\WINDOWS\system32\User32.dll => MD5 is legit C:\WINDOWS\system32\userinit.exe => MD5 is legit C:\WINDOWS\system32\rpcss.dll => MD5 is legit C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit ========
  18. me82

    removing sirefef trojan virus

    aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software Run date: 2014-05-13 11:12:45 ----------------------------- 11:12:45.671 OS Version: Windows 5.1.2600 Service Pack 3 11:12:45.703 Number of processors: 1 586 0x103 11:12:45.703 ComputerName: YOUR-PA86Z1I3G7 UserName: nika 11:13:04.187 Initialize success 11:25:04.484 AVAST engine defs: 14051301 11:27:11.953 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 11:27:11.953 Disk 0 Vendor: WDC_WD400EB-11CPF0 06.04G06 Size: 38166MB BusType: 3 11:27:13.171 Disk 0 MBR read successfully 11:27:13.171 Disk 0 MBR scan 11:27:21.578 Disk 0 unknown MBR code 11:27:21.593 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 38154 MB offset 63 11:27:29.218 Disk 0 scanning sectors +78140160 11:27:32.671 Disk 0 scanning C:\WINDOWS\system32\drivers 11:30:31.500 Service scanning 11:33:17.578 Modules scanning 11:33:58.562 Disk 0 trace - called modules: 11:33:58.593 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys 11:33:58.593 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x873d5ab8] 11:33:59.218 3 CLASSPNP.SYS[f7723fd7] -> nt!IofCallDriver -> \Device\0000005d[0x87386f18] 11:33:59.218 5 ACPI.sys[f769a620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x873d9d98] 11:34:03.312 AVAST engine scan C:\WINDOWS 11:35:17.515 AVAST engine scan C:\WINDOWS\system32 11:51:40.484 AVAST engine scan C:\WINDOWS\system32\drivers 11:52:28.156 AVAST engine scan C:\Documents and Settings\nika 12:09:50.687 AVAST engine scan C:\Documents and Settings\All Users 12:13:22.406 Scan finished successfully 12:14:51.250 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\nika\Desktop\MBR.dat" 12:14:51.265 The log file has been saved successfully to "C:\Documents and Settings\nika\Desktop\aswMBR.txt"
  19. me82

    removing sirefef trojan virus

    Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2014.05.12.06 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 nika :: YOUR-PA86Z1I3G7 [administrator] 5/12/2014 1:12:57 PM mbam-log-2014-05-12 (13-12-57).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 307774 Time elapsed: 35 minute(s), 33 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 2 HKCU\Software\1ClickDownload (PUP.Optional.1ClickDownload.A) -> No action taken. HKCU\Software\Softonic\Universal Downloader (PUP.Optional.Softonic.A) -> No action taken. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 2 C:\Documents and Settings\All Users\Application Data\InstallMate\{D8056004-59E8-40AA-A241-11CA03E642F2}\Custom.dll (Adware.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\igfxdiaag.exe (Trojan.Agent) -> Quarantined and deleted successfully. (end) I only removed what was selected there was 4 files altogether but the 2 above was selected . should i have removed the other two?
  20. I found VirtualDub MSU Subtitle Remover Filter v.3.0 Beta online but have not downloaded it. Is there any other software to do this?
  21. there already in the movie . its an avi file
  22. I did a scan with malwarebytes . and these files and registry keys came up as a threat. Should I keep these or not
  23. all the items are safe to delete ok
  24. Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.orgDatabase version: v2013.11.03.04Windows XP Service Pack 3 x86 NTFSInternet Explorer 8.0.6001.18702nika :: YOUR-PA86Z1I3G7 [administrator]11/4/2013 5:49:15 PMMBAM-log-2013-11-04 (18-34-39).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 267015Time elapsed: 34 minute(s), 15 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 8HKLMSOFTWAREMicrosoftWindowsCurrentVersionUninstall{C3F3165C-74D3-6FDB-3274-14FDA8698CFA} (PUP.Optional.SilentInstall.A) -> No action taken.HKLMSOFTWAREMicrosoftWindowsCurrentVersionUninstall{BD0F5D09-EB62-23C9-E4C2-053B60799BD8} (PUP.Optional.Tarma.A) -> No action taken.HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsSETUP.EXE (PUP.Optional.Tarma.A) -> No action taken.HKLMSOFTWAREMicrosoftWindowsCurrentVersionUninstall{A30E2199-21A0-1454-AC3C-4DC87C9714BC} (PUP.Optional.Tarma.A) -> No action taken.HKCUSoftware1ClickDownload (PUP.Optional.1ClickDownload.A) -> No action taken.HKCUSoftwareConduitSearchScopes (PUP.Optional.Conduit.A) -> No action taken.HKCUSoftwareAppDataLowSProtector (PUP.Optional.SProtector.A) -> No action taken.HKLMSOFTWAREBabylonToolbar (PUP.Optional.Babylon.A) -> No action taken.Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 1C:Documents and SettingsnikaApplication DataBabylon (PUP.Optional.Babylon.A) -> No action taken.Files Detected: 10C:Documents and SettingsAll UsersApplication DataBroowsie2saavieuninstall.exe (PUP.Optional.SilentInstall.A) -> No action taken.C:Documents and SettingsAll UsersApplication DataInstallMate{2F26816B-CF11-4130-A3DB-8733F4C5A39D}Setup.exe (PUP.Optional.Tarma.A) -> No action taken.C:Documents and SettingsAll UsersApplication DataInstallMate{2F26816B-CF11-4130-A3DB-8733F4C5A39D}TsuDll.dll (PUP.Optional.Tarma.A) -> No action taken.C:Documents and SettingsAll UsersApplication DataInstallMate{D8056004-59E8-40AA-A241-11CA03E642F2}Setup.exe (PUP.Optional.Tarma.A) -> No action taken.C:Documents and SettingsAll UsersApplication DataInstallMate{D8056004-59E8-40AA-A241-11CA03E642F2}TsuDll.dll (PUP.Optional.Tarma.A) -> No action taken.C:Documents and SettingsnikaLocal SettingstempTsuD43A0CB4.dll (PUP.Optional.Tarma.A) -> No action taken.C:Documents and SettingsnikaLocal SettingstempTsu14B80E2A.dll (PUP.Optional.Tarma.A) -> No action taken.C:Documents and SettingsnikaLocal Settingstemp{825BE6DA-9941-45C2-A729-D16359B8C42C}Setup.exe (PUP.Optional.Tarma.A) -> No action taken.C:Documents and SettingsnikaLocal Settingstemp{0F3D058F-DF43-4671-A49A-9761D4DE2779}Setup.exe (PUP.Optional.Tarma.A) -> No action taken.C:Documents and SettingsnikaApplication DataBabylonlog_file.txt (PUP.Optional.Babylon.A) -> No action taken.(end)
  25. What is the best popup blocker to use besides ad muncher? That is what i was using but then it expired. I tried super pop up blocker. but that did help with my computer so i uninstalled it. I ran malwarebytes . There was nothing found, and I ran eset smart security, and nothing was found. I updated eset smart security and i'm trying to update virus definitions and that not working. So What Ad blocking can i use . I use firefox as my browser.
×