Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

I can't run any antivirus software or malware program [Solved]


  • This topic is locked This topic is locked

#1
tea82au

tea82au

    Member

  • Member
  • PipPip
  • 23 posts

Hi,

 

Can you please help me, I have a Microsoft xp, and I can no longer run any antivirus programs, I have uninstalled all the ones I have had but I still have no luck.

I can download fine but when I click run nothing happens.

 


  • 0

Advertisements


#2
tea82au

tea82au

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts

i no longer have an antivirus on my computer as it keeps prompting me that i need to download a program. Every time I try to download one, and click run nothing happens, if anyone can help me I'd really appreciate it.


  • 0

#3
tea82au

tea82au

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-05-2015
Ran by natasha (administrator) on NATASHA-6117050 on 11-05-2015 18:18:33
Running from C:\Documents and Settings\natasha\Desktop
Loaded Profiles: natasha (Available profiles: natasha)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation ) C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehRecvr.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehSched.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehrec.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
(MicroStudio) C:\Program Files\Windows Network Accelerater\v3\winvxm.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
(Microsoft Corporation) C:\WINDOWS\ehome\mcrdsvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe
(Telstra) C:\Program Files\Telstra\Mobile Broadband Manager\TelstraUCM.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
(Creative Technology Ltd) C:\Program Files\Creative\Mixer\CTSVolFE.exe
(SigmaTel, Inc.) C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Akamai Technologies, Inc.) C:\Documents and Settings\natasha\Local Settings\Application Data\Akamai\netsession_win.exe
(BitTorrent Inc.) C:\Documents and Settings\natasha\Application Data\uTorrent\uTorrent.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehmsas.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Akamai Technologies, Inc.) C:\Documents and Settings\natasha\Local Settings\Application Data\Akamai\netsession_win.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ehTray] => C:\WINDOWS\ehome\ehtray.exe [64512 2005-08-05] (Microsoft Corporation)
HKLM\...\Run: [BigPondWirelessBroadbandCM] => C:\Program Files\Telstra\Mobile Broadband Manager\TelstraUCM.exe [4352408 2010-05-14] (Telstra)
HKLM\...\Run: [IntelZeroConfig] => C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [995328 2007-10-08] (Intel Corporation)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [1101824 2007-10-08] (Intel Corporation)
HKLM\...\Run: [CTSVolFE.exe] => C:\Program Files\Creative\Mixer\CTSVolFE.exe [57344 2005-02-23] (Creative Technology Ltd)
HKLM\...\Run: [SigmatelSysTrayApp] => C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe [405504 2007-05-10] (SigmaTel, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [761947 2006-03-08] (Synaptics, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-03] (Adobe Systems Incorporated)
HKLM Group Policy restriction on software: C:\Program Files\Trend Micro <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Trend Micro <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Trend Micro\Titanium <====== ATTENTION
HKU\S-1-5-21-73586283-1580818891-725345543-1003\...\Run: [Akamai NetSession Interface] => C:\Documents and Settings\natasha\Local Settings\Application Data\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-73586283-1580818891-725345543-1003\...\Run: [uTorrent] => C:\Documents and Settings\natasha\Application Data\uTorrent\uTorrent.exe [1694560 2015-05-07] (BitTorrent Inc.)
HKU\S-1-5-21-73586283-1580818891-725345543-1003\...\RunOnce: [Adobe Speed Launcher] => 1431330205
HKU\S-1-5-21-73586283-1580818891-725345543-1003\Control Panel\Desktop\\SCRNSAVE.EXE ->
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk [2014-02-18]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2014-08-31]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-73586283-1580818891-725345543-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
HKU\S-1-5-21-73586283-1580818891-725345543-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-73586283-1580818891-725345543-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\S-1-5-21-73586283-1580818891-725345543-1003\Software\Microsoft\Internet Explorer\Main,Start Page Before = https://mysearch.avg...sa&d=2014-05-0120:45:46&v=18.3.0.885&pid=safeguard&sg=&sap=hp
HKU\S-1-5-21-73586283-1580818891-725345543-1003\Software\Microsoft\Internet Explorer\Main,Search Page Before = http://www.microsoft...=ie&ar=iesearch
HKU\S-1-5-21-73586283-1580818891-725345543-1003\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.<!DOCTYPEHTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-73586283-1580818891-725345543-1003 -> {5B46D981-2C97-4581-938F-3102DEC02F94} URL =
SearchScopes: HKU\S-1-5-21-73586283-1580818891-725345543-1003 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg...sa&d=2014-05-0120:45:46&v=18.4.0.889&pid=safeguard&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-73586283-1580818891-725345543-1003 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = https://www.google.c...q={searchTerms}
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO: No Name -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> No File
BHO: BigPond Mobile Broadband Auto Dial -> {DB92EC3F-697D-4C3B-9A3B-3ABBD23D4A85} -> C:\Program Files\Telstra\Mobile Broadband Manager\bpwbb2ad.dll [2010-05-14] (Telstra)
Toolbar: HKLM - No Name - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - No File
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate...b?1392642793046
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1392643198218
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2014-03-07] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2014-03-07] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF ProfilePath: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default
FF Keyword.URL:
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-20] ()
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-05-11] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-05-11] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-1.xml [2015-03-16]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-10.xml [2015-03-22]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-100.xml [2015-03-31]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-101.xml [2015-03-31]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-102.xml [2015-03-31]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-103.xml [2015-03-31]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-104.xml [2015-03-31]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-105.xml [2015-03-31]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-106.xml [2015-03-31]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-107.xml [2015-03-31]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-108.xml [2015-03-31]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-109.xml [2015-03-31]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-11.xml [2015-03-22]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-110.xml [2015-03-31]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-111.xml [2015-03-31]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-112.xml [2015-03-31]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-113.xml [2015-03-31]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-114.xml [2015-03-31]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-115.xml [2015-03-31]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-116.xml [2015-03-31]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-117.xml [2015-03-31]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-118.xml [2015-03-31]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-119.xml [2015-03-31]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-12.xml [2015-03-23]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-120.xml [2015-03-31]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-121.xml [2015-03-31]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-122.xml [2015-03-31]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-123.xml [2015-03-31]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-124.xml [2015-03-31]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-125.xml [2015-03-31]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-126.xml [2015-03-31]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-127.xml [2015-04-27]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-128.xml [2015-04-27]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-129.xml [2015-04-27]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-13.xml [2015-03-27]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-130.xml [2015-04-27]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-131.xml [2015-05-01]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-132.xml [2015-05-01]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-133.xml [2015-05-01]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-134.xml [2015-05-01]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-135.xml [2015-05-03]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-136.xml [2015-05-03]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-137.xml [2015-05-03]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-138.xml [2015-05-03]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-139.xml [2015-05-03]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-14.xml [2015-03-27]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-140.xml [2015-05-08]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-141.xml [2015-05-08]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-142.xml [2015-05-08]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-143.xml [2015-05-08]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-144.xml [2015-05-10]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-145.xml [2015-05-10]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-146.xml [2015-05-10]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-147.xml [2015-05-10]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-148.xml [2015-05-10]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-149.xml [2015-05-11]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-15.xml [2015-03-27]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-150.xml [2015-05-11]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-151.xml [2015-05-11]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-152.xml [2015-05-11]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-153.xml [2015-05-11]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-154.xml [2015-05-11]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-155.xml [2015-05-11]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-156.xml [2015-05-11]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-157.xml [2015-05-11]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-158.xml [2015-05-11]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-159.xml [2015-05-11]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-16.xml [2015-03-27]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-160.xml [2015-05-11]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-161.xml [2015-05-11]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-17.xml [2015-03-27]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-18.xml [2015-03-27]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-19.xml [2015-03-27]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-2.xml [2015-03-18]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-20.xml [2015-03-27]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-21.xml [2015-03-27]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-22.xml [2015-03-27]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-23.xml [2015-03-27]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-24.xml [2015-03-27]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-25.xml [2015-03-27]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-26.xml [2015-03-27]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-27.xml [2015-03-27]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-28.xml [2015-03-27]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-29.xml [2015-03-27]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-3.xml [2015-03-18]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-30.xml [2015-03-29]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-31.xml [2015-03-29]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-32.xml [2015-03-29]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-33.xml [2015-03-29]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-34.xml [2015-03-29]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-35.xml [2015-03-29]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-36.xml [2015-03-29]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-37.xml [2015-03-29]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-38.xml [2015-03-29]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-39.xml [2015-03-29]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-4.xml [2015-03-22]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-40.xml [2015-03-31]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-41.xml [2015-03-31]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-42.xml [2015-03-31]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-43.xml [2015-03-31]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-44.xml [2015-03-31]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-45.xml [2015-03-31]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-46.xml [2015-03-31]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-47.xml [2015-03-31]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-48.xml [2015-03-31]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-49.xml [2015-03-31]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-5.xml [2015-03-22]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-50.xml [2015-03-31]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-51.xml [2015-03-31]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-52.xml [2015-03-31]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-53.xml [2015-03-31]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-54.xml [2015-03-31]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-55.xml [2015-03-31]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-56.xml [2015-03-31]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-57.xml [2015-03-31]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-58.xml [2015-03-31]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-59.xml [2015-03-31]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-6.xml [2015-03-22]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-60.xml [2015-03-31]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-61.xml [2015-03-31]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-62.xml [2015-03-31]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-63.xml [2015-03-31]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-64.xml [2015-03-31]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-65.xml [2015-03-31]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-66.xml [2015-03-31]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-67.xml [2015-03-31]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-68.xml [2015-03-31]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-69.xml [2015-03-31]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-7.xml [2015-03-22]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-70.xml [2015-03-31]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-71.xml [2015-03-31]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-72.xml [2015-03-31]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-73.xml [2015-03-31]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-74.xml [2015-03-31]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-75.xml [2015-03-31]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-76.xml [2015-03-31]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-77.xml [2015-03-31]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-78.xml [2015-03-31]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-79.xml [2015-03-31]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-8.xml [2015-03-22]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-80.xml [2015-03-31]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-81.xml [2015-03-31]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-82.xml [2015-03-31]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-83.xml [2015-03-31]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-84.xml [2015-03-31]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-85.xml [2015-03-31]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-86.xml [2015-03-31]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-87.xml [2015-03-31]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-88.xml [2015-03-31]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-89.xml [2015-03-31]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-9.xml [2015-03-22]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-90.xml [2015-03-31]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-91.xml [2015-03-31]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-92.xml [2015-03-31]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-93.xml [2015-03-31]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-94.xml [2015-03-31]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-95.xml [2015-03-31]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-96.xml [2015-03-31]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-97.xml [2015-03-31]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-98.xml [2015-03-31]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4-99.xml [2015-03-31]
FF SearchPlugin: C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\searchplugins\doctype-html-public--w3cdtd-html-4.xml [2015-03-16]
FF Extension: Lights Cinema 1.5beta - C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\Extensions\[email protected] [2015-05-11]
FF Extension: CinemaPlus-3.2c - C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\Extensions\[email protected] [2015-05-11]
FF Extension: Zoom It - C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\Extensions\{0067d9be-f2c1-bcc6-6cd5-d85cdc1172ed} [2015-03-22]
FF Extension: Zoom It - C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\Extensions\{392499a4-ec30-c6e4-0ef2-ceb40d74b8b6} [2015-03-15]
FF Extension: Zoom It - C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\Extensions\{43c09bf1-02ef-e798-3bfe-ac2b872b7152} [2015-03-15]
FF Extension: Zoom It - C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\Extensions\{aef8bba3-d538-47ec-7f87-c09aa33d3a77} [2015-05-10]
FF Extension: b6b1a201b252484fb9fe68efbb273fbd - C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\Extensions\{b6b1a201-b252-484f-b9fe-68efbb273fbd} [2015-03-27]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-02-18]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\firefoxextension
FF HKLM\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension
FF HKU\S-1-5-21-73586283-1580818891-725345543-1003\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\Documents and Settings\All Users\Application Data\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\Documents and Settings\All Users\Application Data\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
FF Extension: No Name - C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\extensions\[email protected] [Not Found]
FF Extension: No Name - C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\extensions\[email protected] [Not Found]
FF Extension: No Name - C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\extensions\[email protected] [Not Found]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]

Chrome:
=======
CHR Profile: C:\Documents and Settings\natasha\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Documents and Settings\natasha\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-31]
CHR Extension: (Google Docs) - C:\Documents and Settings\natasha\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-31]
CHR Extension: (Google Drive) - C:\Documents and Settings\natasha\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-31]
CHR Extension: (YouTube) - C:\Documents and Settings\natasha\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-31]
CHR Extension: (Google Search) - C:\Documents and Settings\natasha\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-31]
CHR Extension: (Google Sheets) - C:\Documents and Settings\natasha\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-31]
CHR Extension: (Bookmark Manager) - C:\Documents and Settings\natasha\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-23]
CHR Extension: (Chrome Hotword Shared Module) - C:\Documents and Settings\natasha\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-31]
CHR Extension: (Google Wallet) - C:\Documents and Settings\natasha\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-31]
CHR Extension: (Gmail) - C:\Documents and Settings\natasha\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-31]
CHR HKLM\...\Chrome\Extension: [dflinnddekagfkncpgojoppgnppfkbkj] - No Path Or update_url value
CHR HKLM\...\Chrome\Extension: [idkknaphebegndgimgdpfnconcickdfn] - No Path Or update_url value

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 btwdins; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [266295 2006-05-24] (Broadcom Corporation.) [File not signed]
R2 EvtEng; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [794624 2007-10-08] (Intel Corporation) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
R2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation)
R2 RegSrvc; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [483328 2007-10-08] (Intel Corporation) [File not signed]
R2 S24EventMonitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [1183744 2007-10-08] (Intel Corporation ) [File not signed]
R2 WindowsVNT_R3; C:\Program Files\Windows Network Accelerater\v3\winvxm.exe [2973600 2014-10-20] (MicroStudio) [File not signed]
R2 WLANKEEPER; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [356352 2007-10-08] (Intel Corporation) [File not signed]
S3 MHN; %SystemRoot%\System32\mhn.dll [X]
S2 vToolbarUpdater18.3.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.3.0\ToolbarUpdater.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [21361 2014-02-17] (Cisco Systems, Inc.)
R3 BTKRNL; C:\WINDOWS\System32\DRIVERS\btkrnl.sys [851434 2006-05-24] (Broadcom Corporation.) [File not signed]
R2 BTSERIAL; C:\WINDOWS\system32\drivers\btserial.sys [23271 2006-05-24] (Broadcom Corporation.) [File not signed]
R3 BTWUSB; C:\WINDOWS\System32\Drivers\btwusb.sys [66488 2006-05-24] (Broadcom Corporation.) [File not signed]
S0 cercsr6; C:\WINDOWS\system32\Drivers\cercsr6.sys [39904 2004-12-14] (Adaptec, Inc.) [File not signed]
R3 CTUSFSYN; C:\WINDOWS\System32\drivers\ctusfsyn.sys [158464 2005-05-25] (Creative Technology Ltd.)
S3 MHNDRV; C:\WINDOWS\System32\DRIVERS\mhndrv.sys [11008 2004-08-10] (Microsoft Corporation) [File not signed]
R3 monfilt; C:\WINDOWS\System32\drivers\monfilt.sys [1389056 2006-01-04] (Creative Technology Ltd.)
R3 NETw4x32; C:\WINDOWS\System32\DRIVERS\NETw4x32.sys [2236032 2007-09-26] (Intel Corporation)
S3 PCASp50; C:\WINDOWS\System32\Drivers\PCASp50.sys [27072 2010-05-03] (Printing Communications Assoc., Inc. (PCAUSA))
R2 s24trans; C:\WINDOWS\System32\DRIVERS\s24trans.sys [12288 2007-08-27] (Intel Corporation)
R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1222840 2007-05-10] (SigmaTel, Inc.)
S3 ZTEusbnet; C:\WINDOWS\System32\DRIVERS\ZTEusbnet.sys [114688 2009-12-28] (ZTE Corporation)
S1 BAPIDRV; system32\DRIVERS\BAPIDRV.sys [X]
S3 bcm4sbxp; system32\DRIVERS\bcm4sbxp.sys [X]
S3 BS2151321024; \??\C:\DOCUME~1\natasha\LOCALS~1\Temp\NTFS.sys [X]
S3 catchme; \??\C:\DOCUME~1\natasha\LOCALS~1\Temp\catchme.sys [X]
S0 DsArk; No ImagePath
S4 IntelIde; No ImagePath
S1 nmi1n2y4ndzhyjb; system32\drivers\nmi1n2y4ndzhyjb.sys [X]
S1 pfnfd_1_10_0_11; system32\drivers\pfnfd_1_10_0_11.sys [X]
S1 qrnfd_1_10_0_9; system32\drivers\qrnfd_1_10_0_9.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
U2 TMAgent; No ImagePath
S3 UIUSys; system32\DRIVERS\UIUSYS.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

NETSVC: MHN -> C:\Windows\System32\mhn.dll ==> No File.

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-11 18:18 - 2015-05-11 18:19 - 00048938 _____ () C:\Documents and Settings\natasha\Desktop\FRST.txt
2015-05-11 18:16 - 2015-05-11 18:16 - 01141248 _____ (Farbar) C:\Documents and Settings\natasha\Desktop\FRST.exe
2015-05-11 18:16 - 2015-05-11 18:16 - 00007577 _____ () C:\WINDOWS\system32\DB2151321024
2015-05-11 18:14 - 2015-05-11 18:14 - 00000000 ____D () C:\Documents and Settings\natasha\Desktop\New Folder
2015-05-11 16:44 - 2015-05-11 16:44 - 00000000 ____D () C:\Documents and Settings\natasha\Application Data\SparkTrust
2015-05-11 16:43 - 2015-05-11 17:35 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\SparkTrust
2015-05-11 16:07 - 2015-05-11 16:07 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\temp
2015-05-11 16:07 - 2015-05-11 16:07 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\temp
2015-05-11 16:07 - 2015-05-11 16:07 - 00000000 ____D () C:\Documents and Settings\Default User\Local Settings\temp
2015-05-11 16:06 - 2015-05-11 16:06 - 00009256 _____ () C:\ComboFix.txt
2015-05-11 15:45 - 2015-05-11 15:46 - 00030415 _____ () C:\TMPatch.log
2015-05-11 15:26 - 2015-05-11 16:38 - 00000000 ____D () C:\Program Files\Uninstall Tool
2015-05-11 15:26 - 2015-05-11 15:26 - 00000000 ____D () C:\Documents and Settings\natasha\Application Data\CrystalIdea Software
2015-05-11 15:08 - 2015-05-11 15:08 - 00008192 ____H () C:\WINDOWS\system32\config\SECURITY.tmp.LOG
2015-05-11 15:08 - 2015-05-11 15:08 - 00000000 ____H () C:\WINDOWS\system32\config\system.tmp.LOG
2015-05-11 15:08 - 2015-05-11 15:08 - 00000000 ____H () C:\WINDOWS\system32\config\software.tmp.LOG
2015-05-11 15:08 - 2015-05-11 15:08 - 00000000 ____H () C:\WINDOWS\system32\config\SAM.tmp.LOG
2015-05-11 15:08 - 2015-05-11 15:08 - 00000000 ____H () C:\WINDOWS\system32\config\default.tmp.LOG
2015-05-11 14:59 - 2015-05-11 14:59 - 00000000 _RSHD () C:\cmdcons
2015-05-11 14:59 - 2014-02-18 09:48 - 00000209 _____ () C:\Boot.bak
2015-05-11 14:59 - 2004-08-03 23:00 - 00260272 __RSH () C:\cmldr
2015-05-11 14:58 - 2011-06-26 16:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2015-05-11 14:58 - 2010-11-08 03:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2015-05-11 14:58 - 2009-04-20 14:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2015-05-11 14:58 - 2000-08-31 10:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2015-05-11 14:58 - 2000-08-31 10:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2015-05-11 14:58 - 2000-08-31 10:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2015-05-11 14:58 - 2000-08-31 10:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2015-05-11 14:58 - 2000-08-31 10:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2015-05-11 14:58 - 2000-08-31 10:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2015-05-11 14:51 - 2015-05-11 14:51 - 00000182 _____ () C:\Documents and Settings\natasha\My Documents\SAVEKEY1.reg
2015-05-11 14:44 - 2015-05-11 16:07 - 00000000 ____D () C:\Qoobox
2015-05-11 14:43 - 2015-05-11 15:14 - 00000000 ____D () C:\WINDOWS\erdnt
2015-05-11 14:24 - 2015-05-11 15:24 - 00000000 ____D () C:\AdwCleaner
2015-05-11 13:58 - 2015-05-11 18:18 - 00000000 ____D () C:\FRST
2015-05-11 13:20 - 2015-05-11 13:20 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2015-05-11 13:20 - 2015-05-11 13:20 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
2015-05-11 13:19 - 2015-05-11 17:43 - 00000884 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-11 13:19 - 2015-05-11 17:24 - 00000888 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-11 12:47 - 2015-05-11 15:27 - 00000051 _____ () C:\WINDOWS\UpdateInfo.ini
2015-05-11 11:08 - 2015-05-11 11:08 - 00000356 _____ () C:\Documents and Settings\natasha\My Documents\SAVEKEY.reg
2015-05-11 10:44 - 2015-05-11 11:07 - 00000000 ____D () C:\Documents and Settings\NetworkService\Application Data\tor
2015-05-11 10:36 - 2006-12-29 00:31 - 00019569 _____ () C:\WINDOWS\000003_.tmp
2015-05-11 10:24 - 2015-05-11 10:46 - 00000792 _____ () C:\Documents and Settings\LocalService\Start Menu\Programs\Windows Media Player.lnk
2015-05-11 10:08 - 2008-04-14 05:41 - 00081920 ____N (Microsoft Corporation) C:\WINDOWS\system32\ieencode.dll
2015-05-11 10:06 - 2006-12-29 00:31 - 00019569 _____ () C:\WINDOWS\000002_.tmp
2015-05-11 08:50 - 2015-05-11 08:50 - 00000000 ____D () C:\Documents and Settings\natasha\Local Settings\Application Data\Help
2015-05-11 08:50 - 2015-05-11 08:50 - 00000000 ____D () C:\Documents and Settings\natasha\Application Data\Help
2015-04-20 17:56 - 2015-04-20 17:56 - 18178736 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-11 18:19 - 2014-02-17 21:29 - 00000000 ____D () C:\Documents and Settings\natasha\Local Settings\Temp
2015-05-11 18:18 - 2014-02-18 14:49 - 00000000 ____D () C:\Documents and Settings\natasha\Application Data\uTorrent
2015-05-11 17:56 - 2014-02-26 19:57 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-05-11 17:44 - 2014-02-17 21:23 - 01496218 _____ () C:\WINDOWS\WindowsUpdate.log
2015-05-11 17:43 - 2014-04-30 21:38 - 00000226 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-05-11 17:43 - 2014-02-17 21:28 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-05-11 17:41 - 2014-02-18 11:33 - 00637996 _____ () C:\WINDOWS\KB973768.log
2015-05-11 17:41 - 2014-02-17 21:29 - 00000178 ___SH () C:\Documents and Settings\natasha\ntuser.ini
2015-05-11 17:41 - 2014-02-17 21:28 - 00032474 _____ () C:\WINDOWS\SchedLgU.Txt
2015-05-11 17:29 - 2014-02-18 07:13 - 00907704 _____ () C:\WINDOWS\setupapi.log
2015-05-11 16:49 - 2014-02-17 21:39 - 00001394 _____ () C:\Documents and Settings\natasha\Desktop\Media Center.lnk
2015-05-11 16:30 - 2014-02-18 11:00 - 00000426 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{020D0B2D-E8B5-494B-B722-C8DD5F0FD533}.job
2015-05-11 16:05 - 2004-08-10 21:00 - 00000227 _____ () C:\WINDOWS\system.ini
2015-05-11 15:45 - 2014-07-28 07:55 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Trend Micro
2015-05-11 15:16 - 2014-02-17 21:28 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2015-05-11 15:15 - 2014-02-18 07:07 - 00000000 ____D () C:\WINDOWS\repair
2015-05-11 15:09 - 2014-02-18 07:16 - 00000216 _____ () C:\WINDOWS\wiadebug.log
2015-05-11 15:09 - 2014-02-18 07:12 - 29622272 _____ () C:\WINDOWS\system32\config\software.bak
2015-05-11 15:09 - 2014-02-18 07:12 - 06553600 _____ () C:\WINDOWS\system32\config\system.bak
2015-05-11 15:09 - 2014-02-18 07:12 - 00524288 _____ () C:\WINDOWS\system32\config\default.bak
2015-05-11 15:09 - 2014-02-18 07:12 - 00262144 _____ () C:\WINDOWS\system32\config\SECURITY.bak
2015-05-11 15:09 - 2014-02-18 07:12 - 00262144 _____ () C:\WINDOWS\system32\config\SAM.bak
2015-05-11 15:06 - 2015-03-27 15:42 - 00000000 ____D () C:\Documents and Settings\natasha\Application Data\Company
2015-05-11 14:59 - 2014-02-18 07:12 - 00000325 __RSH () C:\boot.ini
2015-05-11 14:57 - 2015-03-16 14:55 - 00000000 ____D () C:\Documents and Settings\LocalService\Application Data\tor
2015-05-11 14:46 - 2014-02-18 07:16 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2015-05-11 14:34 - 2014-02-18 15:33 - 00000000 ____D () C:\Documents and Settings\natasha\Local Settings\Application Data\Deployment
2015-05-11 14:28 - 2014-02-17 21:22 - 00000000 ____D () C:\Program Files\Common Files\System
2015-05-11 13:20 - 2015-03-15 09:15 - 00000000 ____D () C:\Program Files\Google
2015-05-11 12:21 - 2014-02-18 09:57 - 00098128 _____ () C:\WINDOWS\ie8_main.log
2015-05-11 12:13 - 2014-02-17 21:45 - 00000681 _____ () C:\Documents and Settings\natasha\Start Menu\Programs\Internet Explorer.lnk
2015-05-11 12:07 - 2015-03-06 06:44 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-05-11 11:11 - 2014-02-17 21:22 - 00000000 ____D () C:\WINDOWS\system32\Restore
2015-05-11 11:10 - 2014-05-04 00:00 - 00009235 _____ () C:\WINDOWS\KB2964358-IE8.log
2015-05-11 11:10 - 2014-04-30 21:51 - 00014485 _____ () C:\WINDOWS\KB2936068-IE8.log
2015-05-11 11:10 - 2014-02-18 11:31 - 00017380 _____ () C:\WINDOWS\KB946648.log
2015-05-11 11:10 - 2014-02-17 21:19 - 00000000 ____D () C:\Program Files\Messenger
2015-05-11 10:46 - 2014-02-18 07:14 - 00055099 _____ () C:\WINDOWS\tabletoc.log
2015-05-11 10:46 - 2014-02-17 21:44 - 00146543 _____ () C:\WINDOWS\spupdsvc.log
2015-05-11 10:46 - 2014-02-17 21:20 - 00027775 _____ () C:\WINDOWS\wmsetup.log
2015-05-11 10:46 - 2014-02-17 21:20 - 00001063 _____ () C:\WINDOWS\DtcInstall.log
2015-05-11 10:45 - 2014-02-17 21:24 - 00316640 _____ () C:\WINDOWS\WMSysPr9.prx
2015-05-11 10:44 - 2014-02-18 09:54 - 00000682 _____ () C:\WINDOWS\spupdsvc.log.1.log
2015-05-11 10:43 - 2014-02-18 09:54 - 00000090 _____ () C:\WINDOWS\system32\spupdwxp.log
2015-05-11 10:43 - 2014-02-18 07:14 - 00164144 _____ () C:\WINDOWS\MedCtrOC.log
2015-05-11 10:42 - 2014-02-18 07:07 - 00000000 ____D () C:\WINDOWS\security
2015-05-11 10:42 - 2004-08-10 21:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2015-05-11 10:41 - 2014-02-18 09:39 - 00820462 _____ () C:\WINDOWS\svcpack.log
2015-05-11 10:37 - 2014-02-17 21:24 - 00001563 _____ () C:\Documents and Settings\All Users\Start Menu\Set Program Access and Defaults.lnk
2015-05-11 10:37 - 2014-02-17 21:22 - 00002058 _____ () C:\WINDOWS\sessmgr.setup.log
2015-05-11 10:37 - 2014-02-17 21:18 - 00000892 _____ () C:\WINDOWS\cmsetacl.log
2015-05-11 10:37 - 2014-02-17 21:18 - 00000000 ___RD () C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
2015-05-11 10:36 - 2014-02-18 07:07 - 00000000 ____D () C:\WINDOWS\Help
2015-05-11 10:36 - 2014-02-17 21:40 - 00208053 _____ () C:\WINDOWS\updspapi.log
2015-05-11 10:20 - 2015-03-22 11:01 - 00000000 ____D () C:\Program Files\360
2015-05-11 10:06 - 2014-02-18 10:29 - 00000000 ____D () C:\WINDOWS\system32\ReinstallBackups
2015-05-11 08:46 - 2014-02-18 07:14 - 01164178 _____ () C:\WINDOWS\iis6.log
2015-05-11 08:46 - 2014-02-18 07:14 - 01050906 _____ () C:\WINDOWS\FaxSetup.log
2015-05-11 08:46 - 2014-02-18 07:14 - 00513429 _____ () C:\WINDOWS\ocgen.log
2015-05-11 08:46 - 2014-02-18 07:14 - 00484949 _____ () C:\WINDOWS\tsoc.log
2015-05-11 08:46 - 2014-02-18 07:14 - 00362860 _____ () C:\WINDOWS\comsetup.log
2015-05-11 08:46 - 2014-02-18 07:14 - 00217849 _____ () C:\WINDOWS\ntdtcsetup.log
2015-05-11 08:46 - 2014-02-18 07:14 - 00197959 _____ () C:\WINDOWS\netfxocm.log
2015-05-11 08:46 - 2014-02-18 07:14 - 00057945 _____ () C:\WINDOWS\ocmsn.log
2015-05-11 08:46 - 2014-02-18 07:14 - 00052797 _____ () C:\WINDOWS\msgsocm.log
2015-05-11 08:46 - 2014-02-18 07:14 - 00001917 _____ () C:\WINDOWS\imsins.log
2015-05-11 08:45 - 2014-02-18 07:14 - 00327978 _____ () C:\WINDOWS\msmqinst.log
2015-05-10 15:36 - 2014-11-24 09:42 - 00000000 ____D () C:\Documents and Settings\natasha\Local Settings\Application Data\WinZip
2015-05-08 19:12 - 2014-03-02 21:03 - 00000000 ____D () C:\Documents and Settings\natasha\Application Data\vlc
2015-05-08 19:12 - 2014-02-24 20:45 - 00112128 _____ () C:\Documents and Settings\natasha\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-05-08 16:19 - 2014-04-30 21:38 - 00000220 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2015-05-08 01:39 - 2015-03-14 12:03 - 01249588 _____ () C:\WINDOWS\system32\CFG2151321024
2015-04-25 16:56 - 2015-03-22 11:05 - 00000000 __SHD () C:\Documents and Settings\All Users\Application Data\360Quarant
2015-04-25 16:56 - 2015-03-22 11:05 - 00000000 ____D () C:\$360Section
2015-04-24 09:16 - 2015-03-22 09:53 - 00000000 ____D () C:\Documents and Settings\natasha\Local Settings\Application Data\jamip
2015-04-23 16:50 - 2015-03-15 11:04 - 00000258 __RSH () C:\Documents and Settings\All Users\ntuser.pol
2015-04-21 00:09 - 2014-04-07 19:13 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-04-20 17:57 - 2014-02-26 19:57 - 00778416 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-04-20 17:57 - 2014-02-26 19:57 - 00142512 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2014-05-01 20:45 - 2014-06-06 21:32 - 0000000 _____ () C:\Program Files\Mozilla Firefoxsafeguard-secure-search.xml
2015-01-26 02:12 - 2015-01-26 02:12 - 0002086 _____ () C:\Documents and Settings\natasha\Application Data\HCWBZZ
2015-05-11 16:44 - 2015-05-11 16:49 - 0000053 _____ () C:\Documents and Settings\natasha\Application Data\LogFile.txt
2015-03-10 07:30 - 2015-03-10 07:30 - 0005487 _____ () C:\Documents and Settings\natasha\Application Data\OFUYTYU
2015-03-22 09:54 - 2015-03-22 09:54 - 0408088 _____ () C:\Documents and Settings\natasha\Local Settings\Application Data\bfctsjrfiu.dat
2014-02-24 20:45 - 2015-05-08 19:12 - 0112128 _____ () C:\Documents and Settings\natasha\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-17 21:34 - 2014-02-17 21:34 - 0000130 _____ () C:\Documents and Settings\natasha\Local Settings\Application Data\fusioncache.dat
2014-07-28 07:54 - 2014-07-28 07:54 - 0000036 _____ () C:\Documents and Settings\natasha\Local Settings\Application Data\housecall.guid.cache
2015-03-22 09:53 - 2015-03-22 09:53 - 0000032 _____ () C:\Documents and Settings\natasha\Local Settings\Application Data\rbkqbnjemt.png

Files to move or delete:
====================
C:\Documents and Settings\natasha\TempWmicBatchFile.bat


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================
  • 0

#4
tea82au

tea82au

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 09-05-2015
Ran by natasha at 2015-05-11 18:19:30
Running from C:\Documents and Settings\natasha\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-73586283-1580818891-725345543-500 - Administrator - Enabled)
ASPNET (S-1-5-21-73586283-1580818891-725345543-1004 - Limited - Enabled)
Guest (S-1-5-21-73586283-1580818891-725345543-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-73586283-1580818891-725345543-1000 - Limited - Disabled)
natasha (S-1-5-21-73586283-1580818891-725345543-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\natasha
SUPPORT_388945a0 (S-1-5-21-73586283-1580818891-725345543-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-73586283-1580818891-725345543-1003\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.)
AC3Filter 1.63b (HKLM\...\AC3Filter_is1) (Version: 1.63b - Alexander Vigovsky)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-73586283-1580818891-725345543-1003\...\Akamai) (Version: - Akamai Technologies, Inc)
Cinema Plus Pro 3.2cV26.03 (HKLM\...\Cinema Plus Pro 3.2cV26.03) (Version: 1.36.01.22 - Cinema PlusV26.03) <==== ATTENTION!
CinemaP-1.9cV20.03 (HKLM\...\CinemaP-1.9cV20.03) (Version: 1.36.01.22 - Cinema PlusV20.03) <==== ATTENTION
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
Conexant HDA D110 MDC V.92 Modem (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3) (Version: - )
Dell System Detect (HKU\S-1-5-21-73586283-1580818891-725345543-1003\...\9204f5692a8faf3b) (Version: 5.4.0.4 - Dell)
ESPNMotion (HKLM\...\ESPNMotion) (Version: 2.1.6.0011 - ESPN Internet Ventures)
GemMaster Mystic (HKLM\...\12133444-BF36-4d4e-B7FB-A3424C645DE4) (Version: - )
Google Chrome (HKLM\...\Google Chrome) (Version: 42.0.2311.135 - Google Inc.)
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
Graboid Video (HKU\S-1-5-21-73586283-1580818891-725345543-1003\...\Graboid Video 5.2.1.0) (Version: 5.2.1.0 - Graboid Inc.)
Graboid Video (Version: 5.2.1.0 - Graboid Inc.) Hidden
High Definition Audio Driver Package - KB888111 (HKLM\...\KB888111WXPSP2) (Version: 20040219.000000 - Microsoft Corporation)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - )
Intel® PROSet/Wireless Software (HKLM\...\ProInst) (Version: 11.5.0000 - Intel Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
mCore (Version: 11.02.0000 - Intel Corporation) Hidden
mDriver (Version: 11.02.0000 - Intel) Hidden
mDrWiFi (Version: 11.02.0000 - Intel Corporation) Hidden
mHlpDell (Version: 11.02.0000 - Intel) Hidden
Microsoft .NET Framework 1.0 Security Update (KB2742607) (HKLM\...\KB2742607) (Version: - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2904878) (HKLM\...\KB2904878) (Version: - Microsoft Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
mIWA (Version: 11.02.0000 - Intel Corporation) Hidden
Mixer (HKLM\...\MIXERLITE) (Version: - )
mLogView (Version: 11.02.0000 - Intel Corporation) Hidden
mMHouse (Version: 11.02.0000 - Intel Corporation) Hidden
mPfMgr (Version: 11.02.0000 - Intel Corporation) Hidden
mPfWiz (Version: 11.02.0000 - Intel Corporation) Hidden
mProSafe (Version: 9.00.0000 - Intel) Hidden
mSCfg (Version: 11.02.0000 - Intel Corporation) Hidden
mSSO (Version: 11.02.0000 - Intel Corporation) Hidden
MSXML 6.0 Parser (KB933579) (HKLM\...\{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}) (Version: 6.10.1200.0 - Microsoft Corporation)
mWlsSafe (Version: 9.00.0000 - Intel) Hidden
mWMI (Version: 11.02.0000 - Intel Corporation) Hidden
mZConfig (Version: 11.02.0000 - Intel Corporation) Hidden
SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.5210.0 - SigmaTel)
Sonic Encoders (HKLM\...\{9941F0AA-B903-4AF4-A055-83A9815CC011}) (Version: 1.00 - Sonic Solutions)
Sound Blaster ADVANCED MB Drivers (HKLM\...\SAMB_ADVMB_FILTER_DRV) (Version: - )
Sound Blaster Audigy ADVANCED MB Demo (HKLM\...\CTMBDemo_Audigy) (Version: - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 8.2.4.6 - Synaptics)
Telstra Mobile Broadband Manager (HKLM\...\Telstra Mobile Broadband Manager) (Version: 3.0.514 - Telstra)
Telstra Mobile Broadband Manager (Version: 3.0.514 - Telstra) Hidden
Update Rollup 2 for Windows XP Media Center Edition 2005 (HKLM\...\KB900325) (Version: - Microsoft Corporation)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{3F4EC965-28EF-45C3-B063-04B25D4E9679}) (Version: 5.0.1.2609 - Dell)
Windows Driver Package - Cmotech (cmusbnet) Net (06/11/2007 2.0.0.9) (HKLM\...\E7E257830CD4614E7CF1B3792DF19B85FE5E7BE7) (Version: 06/11/2007 2.0.0.9 - Cmotech)
Windows Driver Package - Cmotech Modem (12/13/2006 2.0.3.5) (HKLM\...\5E8F128761A9B07EC2DEC909F167D92DB8B3A348) (Version: 12/13/2006 2.0.3.5 - Cmotech)
Windows Driver Package - Cmotech Ports (12/13/2006 2.0.3.5) (HKLM\...\6A032F4180B5A0E8F4BC27384D0A423B2595A785) (Version: 12/13/2006 2.0.3.5 - Cmotech)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format Runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WinZip 18.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C24013}) (Version: 18.0.10644 - WinZip Computing, S.L. )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points =========================

11-05-2015 11:12:06 System Checkpoint
11-05-2015 11:14:02 repaired restore point dont go past this date
11-05-2015 11:20:00 Software Distribution Service 3.0
11-05-2015 11:44:24 Software Distribution Service 3.0
11-05-2015 12:15:26 Software Distribution Service 3.0
11-05-2015 12:45:26 Software Distribution Service 3.0
11-05-2015 12:52:23 Software Distribution Service 3.0
11-05-2015 13:00:36 Software Distribution Service 3.0
11-05-2015 13:28:40 Software Distribution Service 3.0
11-05-2015 15:27:54 Removed Trend Micro DirectPass
11-05-2015 15:50:58 Software Distribution Service 3.0
11-05-2015 16:47:58 Software Distribution Service 3.0
11-05-2015 17:14:56 Software Distribution Service 3.0
11-05-2015 17:36:12 Software Distribution Service 3.0
11-05-2015 17:41:07 Software Distribution Service 3.0

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2004-08-10 21:00 - 2015-05-11 15:10 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{020D0B2D-E8B5-494B-B722-C8DD5F0FD533}.job => C:\WINDOWS\system32\msfeedssync.exe

==================== Loaded Modules (whitelisted) ==============

2007-10-08 14:03 - 2007-10-08 14:03 - 00245760 _____ () C:\Program Files\Intel\Wireless\Bin\IWMSPROV.DLL
2004-08-10 21:00 - 2005-08-05 14:01 - 00282112 _____ () C:\WINDOWS\system32\sbe.dll
2004-08-10 21:00 - 2013-01-02 16:49 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll
2004-08-10 21:00 - 2008-04-14 05:41 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2004-08-10 21:00 - 2008-04-14 05:42 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2014-02-18 12:06 - 2014-02-18 12:06 - 03391488 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_b8a16cab\mscorlib.dll
2006-05-24 18:29 - 2006-05-24 18:29 - 00053248 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2007-05-17 14:42 - 2007-05-17 14:42 - 01167360 _____ () C:\Program Files\Intel\Wireless\Bin\acAuth.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-73586283-1580818891-725345543-1003\...\dell.com -> dell.com


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-73586283-1580818891-725345543-1003\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Bliss.bmp
DNS Servers: 10.0.0.138

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

StandardProfile\AuthorizedApplications: [C:\Documents and Settings\natasha\Application Data\uTorrent\uTorrent.exe] => Enabled:µTorrent
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\natasha\Local Settings\Application Data\Akamai\netsession_win.exe] => Enabled:Akamai NetSession Client
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [1132:TCP] => Enabled:Akamai NetSession Interface
StandardProfile\GloballyOpenPorts: [5000:UDP] => Enabled:Akamai NetSession Interface

==================== Faulty Device Manager Devices =============

Name: Ethernet Controller
Description: Ethernet Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/11/2015 00:34:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application pfsvc.exe, version 1.10.0.11, faulting module pfsvc.exe, version 1.10.0.11, fault address 0x000250fc.
Processing media-specific event for [pfsvc.exe!ws!]

Error: (05/11/2015 00:05:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 37.0.2.5583, faulting module mozalloc.dll, version 37.0.2.5583, fault address 0x00001aa1.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (05/11/2015 11:16:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application qrsvc.exe, version 1.10.0.9, faulting module qrsvc.exe, version 1.10.0.9, fault address 0x000250fc.
Processing media-specific event for [qrsvc.exe!ws!]

Error: (05/11/2015 08:44:50 AM) (Source: CardSpace 3.0.0.0) (EventID: 269) (User: NT AUTHORITY)
Description: The Windows CardSpace service is too busy to process this request.
User has too many outstanding requests.



Additional Information:
at System.Environment.GetStackTrace(Exception e, Boolean needFileInfo)
at System.Environment.get_StackTrace()
at Microsoft.InfoCards.Diagnostics.InfoCardTrace.BuildMessage(InfoCardBaseException ie)
at Microsoft.InfoCards.Diagnostics.InfoCardTrace.TraceAndLogException(Exception e)
at Microsoft.InfoCards.Diagnostics.InfoCardTrace.ThrowHelperError(Exception e)
at Microsoft.InfoCards.UIAgentMonitor.AddNewClient(UIAgentMonitorHandle handle)
at Microsoft.InfoCards.UIAgentMonitorHandle.CreateAgent(Int32 callerPid, WindowsIdentity callerIdentity, Int32 tsSessionId)
at Microsoft.InfoCards.RequestFactory.CreateClientRequestInstance(UIAgentMonitorHandle monitorHandle, String reqName, IntPtr rpcHandle, Stream inStream, Stream outStream)
at Microsoft.InfoCards.RequestFactory.ProcessNewRequest(Int32 parentRequestHandle, IntPtr rpcHandle, IntPtr inArgs, IntPtr& outArgs)

Error: (05/09/2015 10:16:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application ehrec.exe, version 5.1.2600.5512, faulting module ehrec.exe, version 5.1.2600.5512, fault address 0x00005f67.
Processing media-specific event for [ehrec.exe!ws!]

Error: (05/08/2015 06:42:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 36.0.4.5557, faulting module mozalloc.dll, version 36.0.4.5557, fault address 0x00001e02.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (05/08/2015 04:33:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application chrome.exe, version 42.0.2311.135, faulting module chrome.dll, version 42.0.2311.135, fault address 0x00535279.
Processing media-specific event for [chrome.exe!ws!]

Error: (04/04/2015 05:17:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application ehrec.exe, version 5.1.2600.5512, faulting module ehrec.exe, version 5.1.2600.5512, fault address 0x00005f67.
Processing media-specific event for [ehrec.exe!ws!]

Error: (03/31/2015 08:07:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 36.0.4.5557, faulting module mozalloc.dll, version 36.0.4.5557, fault address 0x00001e02.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (03/31/2015 08:00:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 36.0.4.5557, faulting module mozalloc.dll, version 36.0.4.5557, fault address 0x00001e02.
Processing media-specific event for [plugin-container.exe!ws!]


System errors:
=============
Error: (05/11/2015 05:43:21 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
nmi1n2y4ndzhyjb
pfnfd_1_10_0_11
qrnfd_1_10_0_9

Error: (05/11/2015 05:43:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The vToolbarUpdater18.3.0 service failed to start due to the following error:
%%2

Error: (05/11/2015 05:41:09 PM) (Source: Windows Update Agent) (EventID: 20) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x8007f0f4: Security Update for Windows XP (KB973768).

Error: (05/11/2015 05:37:34 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
nmi1n2y4ndzhyjb
pfnfd_1_10_0_11
qrnfd_1_10_0_9

Error: (05/11/2015 05:37:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The vToolbarUpdater18.3.0 service failed to start due to the following error:
%%2

Error: (05/11/2015 05:36:12 PM) (Source: Windows Update Agent) (EventID: 20) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x8007f0f4: Security Update for Windows XP (KB973768).

Error: (05/11/2015 05:15:02 PM) (Source: Windows Update Agent) (EventID: 20) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x8007f0f4: Security Update for Windows XP (KB973768).

Error: (05/11/2015 04:49:16 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
nmi1n2y4ndzhyjb
pfnfd_1_10_0_11
qrnfd_1_10_0_9

Error: (05/11/2015 04:49:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The vToolbarUpdater18.3.0 service failed to start due to the following error:
%%2

Error: (05/11/2015 04:48:00 PM) (Source: Windows Update Agent) (EventID: 20) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x8007f0f4: Security Update for Windows XP (KB973768).


Microsoft Office Sessions:
=========================
Error: (05/11/2015 00:34:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: pfsvc.exe1.10.0.11pfsvc.exe1.10.0.11000250fc

Error: (05/11/2015 00:05:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe37.0.2.5583mozalloc.dll37.0.2.558300001aa1

Error: (05/11/2015 11:16:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: qrsvc.exe1.10.0.9qrsvc.exe1.10.0.9000250fc

Error: (05/11/2015 08:44:50 AM) (Source: CardSpace 3.0.0.0) (EventID: 269) (User: NT AUTHORITY)
Description: User has too many outstanding requests.



Additional Information:
at System.Environment.GetStackTrace(Exception e, Boolean needFileInfo)
at System.Environment.get_StackTrace()
at Microsoft.InfoCards.Diagnostics.InfoCardTrace.BuildMessage(InfoCardBaseException ie)
at Microsoft.InfoCards.Diagnostics.InfoCardTrace.TraceAndLogException(Exception e)
at Microsoft.InfoCards.Diagnostics.InfoCardTrace.ThrowHelperError(Exception e)
at Microsoft.InfoCards.UIAgentMonitor.AddNewClient(UIAgentMonitorHandle handle)
at Microsoft.InfoCards.UIAgentMonitorHandle.CreateAgent(Int32 callerPid, WindowsIdentity callerIdentity, Int32 tsSessionId)
at Microsoft.InfoCards.RequestFactory.CreateClientRequestInstance(UIAgentMonitorHandle monitorHandle, String reqName, IntPtr rpcHandle, Stream inStream, Stream outStream)
at Microsoft.InfoCards.RequestFactory.ProcessNewRequest(Int32 parentRequestHandle, IntPtr rpcHandle, IntPtr inArgs, IntPtr& outArgs)

Error: (05/09/2015 10:16:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: ehrec.exe5.1.2600.5512ehrec.exe5.1.2600.551200005f67

Error: (05/08/2015 06:42:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe36.0.4.5557mozalloc.dll36.0.4.555700001e02

Error: (05/08/2015 04:33:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe42.0.2311.135chrome.dll42.0.2311.13500535279

Error: (04/04/2015 05:17:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ehrec.exe5.1.2600.5512ehrec.exe5.1.2600.551200005f67

Error: (03/31/2015 08:07:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe36.0.4.5557mozalloc.dll36.0.4.555700001e02

Error: (03/31/2015 08:00:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe36.0.4.5557mozalloc.dll36.0.4.555700001e02


==================== Memory info ===========================

Processor: Intel® Core™2 CPU T5300 @ 1.73GHz
Percentage of memory in use: 45%
Total physical RAM: 2038.27 MB
Available physical RAM: 1120.12 MB
Total Pagefile: 3931.02 MB
Available Pagefile: 3005.04 MB
Total Virtual: 2047.88 MB
Available Virtual: 1930.36 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.78 GB) (Free:38.51 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 111.8 GB) (Disk ID: 00000080)
Partition 1: (Active) - (Size=111.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================
  • 0

#5
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,017 posts

Hello tea82au,

 

Welcome to Geekstogo.

 

Open notepad.

Please copy the contents of the code box below.

To do this highlight (click in the box and press Ctrl + A) the contents of the box and right click on it. Paste this into the open notepad. Save it to the Desktop as fixlist.txt.

Alternatively type the contents of the box into notepad and save it to your desktop as fixlist.txt.

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
 

HKLM Group Policy restriction on software: C:\Program Files\Trend Micro <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Trend Micro <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Trend Micro\Titanium <====== ATTENTION
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-73586283-1580818891-725345543-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-73586283-1580818891-725345543-1003\Software\Microsoft\Internet Explorer\Main,Start Page Before = https://mysearch.avg...sa&d=2014-05-0120:45:46&v=18.3.0.885&pid=safeguard&sg=&sap=hp
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-73586283-1580818891-725345543-1003 -> {5B46D981-2C97-4581-938F-3102DEC02F94} URL =
SearchScopes: HKU\S-1-5-21-73586283-1580818891-725345543-1003 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg...sa&d=2014-05-0120:45:46&v=18.4.0.889&pid=safeguard&sg=&sap=dsp&q={searchTerms}
BHO: No Name -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> No File
FF Extension: No Name - C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\extensions\[email protected] [Not Found]
FF Extension: No Name - C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\extensions\[email protected] [Not Found]
FF Extension: No Name - C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\extensions\[email protected] [Not Found]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
CHR HKLM\...\Chrome\Extension: [dflinnddekagfkncpgojoppgnppfkbkj] - No Path Or update_url value
CHR HKLM\...\Chrome\Extension: [idkknaphebegndgimgdpfnconcickdfn] - No Path Or update_url value
S2 vToolbarUpdater18.3.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.3.0\ToolbarUpdater.exe [X]
C:\Program Files\Common Files\AVG Secure Search
S1 nmi1n2y4ndzhyjb; system32\drivers\nmi1n2y4ndzhyjb.sys [X]
C:\WINDOWS\system32\drivers\nmi1n2y4ndzhyjb.sys
S1 pfnfd_1_10_0_11; system32\drivers\pfnfd_1_10_0_11.sys [X]
C:\WINDOWS\system32\drivers\pfnfd_1_10_0_11.sys
S1 qrnfd_1_10_0_9; system32\drivers\qrnfd_1_10_0_9.sys [X]
C:\WINDOWS\system32\drivers\qrnfd_1_10_0_9.sys
NETSVC: MHN -> C:\Windows\System32\mhn.dll ==> No File.
C:\$360Section
C:\Documents and Settings\natasha\Application Data\HCWBZZ
C:\Documents and Settings\natasha\Application Data\OFUYTYU
C:\Documents and Settings\natasha\TempWmicBatchFile.bat
CMD: ipconfig /flushdns
EmptyTemp:

This script is specifically written for the infection on this person's computer. It should NOT to be used on another machine. It may cause serious damage even to the point of rendering the computer unusable.

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

After that

Download RogueKiller to your desktop.

NOTE: If using IE8 or better Smartscreen Filter will need to be disabled.



  • Quit all running programs
  • For Vista and above, right click -> run as administrator, for XP simply run RogueKiller.exe
  • Wait until Prescan has finished...
  • Click on Scan (top of panel right hand side)
  • Wait for the scan to finish.
  • Click the report button, right hand panel.
  • Do not click on any other buttons

Please copy and paste the contents of all the RKreport in your next Reply.

So when you return please post

  • Fixlog.txt
  • RKreport

 


  • 0

#6
tea82au

tea82au

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 09-05-2015
Ran by natasha at 2015-05-12 14:08:11 Run:1
Running from C:\Documents and Settings\natasha\Desktop
Loaded Profiles: natasha (Available profiles: natasha)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKLM Group Policy restriction on software: C:\Program Files\Trend Micro <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Trend Micro <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Trend Micro\Titanium <====== ATTENTION
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-73586283-1580818891-725345543-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-73586283-1580818891-725345543-1003\Software\Microsoft\Internet Explorer\Main,Start Page Before = https://mysearch.avg...sa&d=2014-05-0120:45:46&v=18.3.0.885&pid=safeguard&sg=&sap=hp
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-73586283-1580818891-725345543-1003 -> {5B46D981-2C97-4581-938F-3102DEC02F94} URL =
SearchScopes: HKU\S-1-5-21-73586283-1580818891-725345543-1003 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg...sa&d=2014-05-0120:45:46&v=18.4.0.889&pid=safeguard&sg=&sap=dsp&q={searchTerms}
BHO: No Name -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> No File
FF Extension: No Name - C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\extensions\[email protected] [Not Found]
FF Extension: No Name - C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\extensions\[email protected] [Not Found]
FF Extension: No Name - C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\extensions\[email protected] [Not Found]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
CHR HKLM\...\Chrome\Extension: [dflinnddekagfkncpgojoppgnppfkbkj] - No Path Or update_url value
CHR HKLM\...\Chrome\Extension: [idkknaphebegndgimgdpfnconcickdfn] - No Path Or update_url value
S2 vToolbarUpdater18.3.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.3.0\ToolbarUpdater.exe [X]
C:\Program Files\Common Files\AVG Secure Search
S1 nmi1n2y4ndzhyjb; system32\drivers\nmi1n2y4ndzhyjb.sys [X]
C:\WINDOWS\system32\drivers\nmi1n2y4ndzhyjb.sys
S1 pfnfd_1_10_0_11; system32\drivers\pfnfd_1_10_0_11.sys [X]
C:\WINDOWS\system32\drivers\pfnfd_1_10_0_11.sys
S1 qrnfd_1_10_0_9; system32\drivers\qrnfd_1_10_0_9.sys [X]
C:\WINDOWS\system32\drivers\qrnfd_1_10_0_9.sys
NETSVC: MHN -> C:\Windows\System32\mhn.dll ==> No File.
C:\$360Section
C:\Documents and Settings\natasha\Application Data\HCWBZZ
C:\Documents and Settings\natasha\Application Data\OFUYTYU
C:\Documents and Settings\natasha\TempWmicBatchFile.bat
CMD: ipconfig /flushdns
EmptyTemp:
*****************

HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-73586283-1580818891-725345543-1003\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\S-1-5-21-73586283-1580818891-725345543-1003\Software\Microsoft\Internet Explorer\Main\\Start Page Before => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-73586283-1580818891-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5B46D981-2C97-4581-938F-3102DEC02F94}" => Key deleted successfully.
HKCR\CLSID\{5B46D981-2C97-4581-938F-3102DEC02F94} => Key not found.
"HKU\S-1-5-21-73586283-1580818891-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}" => Key deleted successfully.
HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{43C6D902-A1C5-45c9-91F6-FD9E90337E18}" => Key deleted successfully.
HKCR\CLSID\{43C6D902-A1C5-45c9-91F6-FD9E90337E18} => Key not found.
C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\extensions\[email protected] => not found.
C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\extensions\[email protected] => not found.
C:\Documents and Settings\natasha\Application Data\Mozilla\Firefox\Profiles\wkxumcp1.default\extensions\[email protected] => not found.
C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} => not found.
"HKLM\SOFTWARE\Google\Chrome\Extensions\dflinnddekagfkncpgojoppgnppfkbkj" => Key deleted successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\idkknaphebegndgimgdpfnconcickdfn" => Key deleted successfully.
vToolbarUpdater18.3.0 => Service deleted successfully.
"C:\Program Files\Common Files\AVG Secure Search" => File/Directory not found.
nmi1n2y4ndzhyjb => Service deleted successfully.
"C:\WINDOWS\system32\drivers\nmi1n2y4ndzhyjb.sys" => File/Directory not found.
pfnfd_1_10_0_11 => Service deleted successfully.
"C:\WINDOWS\system32\drivers\pfnfd_1_10_0_11.sys" => File/Directory not found.
qrnfd_1_10_0_9 => Service deleted successfully.
"C:\WINDOWS\system32\drivers\qrnfd_1_10_0_9.sys" => File/Directory not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs MHN => Value deleted successfully.
C:\$360Section => Moved successfully.
C:\Documents and Settings\natasha\Application Data\HCWBZZ => Moved successfully.
C:\Documents and Settings\natasha\Application Data\OFUYTYU => Moved successfully.
C:\Documents and Settings\natasha\TempWmicBatchFile.bat => Moved successfully.

========= ipconfig /flushdns =========



Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========= End of CMD: =========

EmptyTemp: => Removed 361 MB temporary data.


The system needed a reboot.

==== End of Fixlog 14:11:17 ====
  • 0

#7
tea82au

tea82au

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts

I have downloaded Roguekiller to my desktop, I was prompted to click on Run. After clicking on it, nothing happens.

 

I am also using google chrome

 

If you can let me know what else to do I appreciate it.

 

Thank you


  • 0

#8
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,017 posts

Hmm... try this one.

 

Download Malwarebytes Anti-Rootkit to your desktop from here.

  • Right-Click on the file that was downloaded and choose Run as administrator. Answer Yes if prompted to Allow.
  • Click OK at the installer screen that comes up.
  • The software will be extracted and will open.
  • Click Next at the first screen.
  • The Update Database screen will appear. Click the Update button.
  • Once updated, click the Next button.
  • On the Scan System screen, click the Scan button.
  • Once, the Scan is finished click on the Cleanup button to remove any threats and reboot if prompted to do so.  If no threats are found just close the programme.
  • If threats were found, then after the reboot, re-run the programme to verify no threats remain. If threats are still detected, click the Cleanup button once more.

Whether threats were found or not there will be a folder named mbar on your desktop. Open this folder and you will find in the list that presents with a file named mbar-log-...txt and another named system log.txt. Please open the files one at a time and copy and paste the contents of each back here.

 


  • 0

#9
tea82au

tea82au

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts

Hi,

 

I've downloaded the program to desktop, run as administrator but still nothing happens


  • 0

#10
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,017 posts

Let's go back to Roguekiller then.

 

Please right click on it an rename it winlogon.exe and see if it will work.


  • 0

Advertisements


#11
tea82au

tea82au

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts

I renamed RogueKiller, but tried to run it but nothing happens


  • 0

#12
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,017 posts

Okay another possibility.

 

Run Dr Web CureIt.

Go to the link below and follow the instructions to run Dr Web CureIt.

http://www.freedrweb.com/cureit/


  • 0

#13
tea82au

tea82au

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Dr curelt worked, this is the log please let me know what to do next, thankyou
=============================================================================
Dr.Web Scanner SE for Windows v9.1.3.04070
© Doctor Web, Ltd., 1992-2013
Scan session started 2015/05/12 17:48:05
Module location : c:\documents and settings\natasha\local settings\temp\63870E22-27A20952-A1E2571A-EAB594B6\
=============================================================================

OPTION [Automatic Apply Actions] NO
OPTION [Turn Off Computer After Scan] NO
OPTION [Use Sound Alerts] NO

OPTION [Block Network] NO
OPTION [Protect Process] NO
OPTION [Protect Raw Disk] NO

Using language: "English"
Available instances: 6
Instances used: 6
Platform: Windows XP Professional x86 (Build 2600), Service Pack 3
API Version: 2.2
Scanning Engine version: 10.0.5.3260
Virus Finding Engine version: 7.0.12.3050
Total 245 virus bases are loaded from c:\documents and settings\natasha\local settings\temp\63870E22-27A20952-A1E2571A-EAB594B6
yOwbDaGDjcml3 9.0 f943e0d48f60806ce2c846ce9917a9194916d04c 2015/05/12 12:40:47 640 records - OK
VpLOhFR5pVSVl77 9.0 9aed727828f0b2d133db81da67712b9769843aeb 2014/04/10 23:22:45 2 records - OK
s8Lz9usgy67pIV 9.0 2601d24246c903aaf7e71b12c3bcacfeefeca8e5 2015/05/12 06:04:42 570 records - OK
ZIuIH18NlqFSz9G 9.0 984fe93957b68cfc25a69525fd83a224dfcd5c95 2015/05/11 14:12:10 16387 records - OK
eoJFl4YlCMss3yS 9.0 fe75f061b8b7d024ab5fc9d202ce51c22a556815 2015/05/04 14:12:01 13791 records - OK
7AJwxYIRXXVPmb5 9.0 5e3c3f1dd25b90fe54e2551f66679f79692eb0eb 2015/04/27 14:09:10 16980 records - OK
ZahgiMf1s 9.0 d68f395b637141250c62fa2e832ce105f4583364 2015/04/20 14:13:03 18642 records - OK
yLlBdJCBa2w 9.0 f64fa683abdc874b6ae4e3a7b890656e991573df 2015/04/13 14:11:51 12163 records - OK
deLKn4ydLxplt 9.0 e13b1316273ebe745dc5caf40a09ff3d6ec5bab6 2015/04/06 14:10:34 13386 records - OK
Sf8mftOdYdzA0cq 9.0 30d0c12d3bee4c3be8f801a4ff9b8825c18b787f 2015/03/30 14:11:03 14676 records - OK
hhuWk9foE 9.0 62b6c3b207fe75c810c4c28fcfe27e6af5b08e83 2015/03/23 14:11:37 14143 records - OK
3NUNSGUD 9.0 7da8643f31ff10742007d1eb99585ab27fa8be26 2015/03/16 14:08:27 7225 records - OK
JHFIGlZ7X5Wamc 9.0 ecbe71de674a8690e70250f7b8cca4ebb5fd7892 2015/03/09 14:09:27 8721 records - OK
2R1BWvVivKxCu 9.0 3c45c3ec685ae8ede6b4a58657dde779529c7db4 2015/03/02 14:09:55 30503 records - OK
jAkUnTP3GS 9.0 274f8686e0d976f1df6f947e25ebc1ba3abd2315 2015/02/23 14:08:33 37169 records - OK
tPFGhOlRl1UU 9.0 88bc309d8e117313bb9b9921677f4f8b3aeab06f 2015/02/16 14:11:15 11685 records - OK
dyBWFN1VvG7 9.0 43abc95d1a8925b76d022af6998b94c76b84eff1 2015/02/09 14:17:42 22165 records - OK
Hz9MnBIZsAYS 9.0 dd2377aaed6efc3a8c2ded6370656500fc316122 2015/02/02 14:10:22 13708 records - OK
FdafAA9OC 9.0 cc29cfe74a887c101d217061befeb6ec7eea38bb 2015/01/26 14:08:03 18692 records - OK
H2DrZKGd9gd1qE 9.0 9f076b65af34c43bb442d83769b3fac941264de2 2015/01/19 14:11:48 18076 records - OK
GGn4kbk6 9.0 d3d995d710664219c2cf1607fa53464e0562d400 2015/01/12 14:09:48 25264 records - OK
thDnTBC1 9.0 e69a0e5cfb74bc347ca5e2f6ed01ae1520678ed1 2015/01/05 14:08:59 21568 records - OK
y6dccqfKcagH 9.0 c05cc2f7998c2c61bbaa18cefe5492f0dad7bcb5 2014/12/29 14:10:30 14188 records - OK
CClwOxZA 9.0 78bdec9b9ec0e81d76c3eba7be4695a3d723ab57 2014/12/22 14:10:37 15664 records - OK
bBGt58JjdZJgJ 9.0 b41d7f1a4beec99ae86136111b16f20b730a71f6 2014/12/15 14:10:48 10192 records - OK
tnrAVnUjE2 9.0 0adad4ac08299ee2a6e07b33363a1d879c8f5436 2014/12/08 14:08:57 14500 records - OK
uXpjWYpdnkhMG 9.0 591a09f1189eaffe4a7b116b81a453bbccbf38fd 2014/12/01 14:11:11 12965 records - OK
PdaDFUv9 9.0 ff306751677b955148a951c32dcf80cb3e5045fb 2014/11/24 14:10:16 16188 records - OK
1g5xWZZO2 9.0 287d06b168e83271aca389c34754dfd8c88c4c9e 2014/11/17 14:10:43 14676 records - OK
m0tVGcyz 9.0 5706c05b0acb8a91833610be569d054df016720f 2014/11/10 14:08:47 7343 records - OK
jzVeuAOl7kLj0O 9.0 6f304afcbb5533521bbde7012b510848d2e599b6 2014/11/03 14:07:01 6146 records - OK
mPgOLVb2loW 9.0 eeebf2d591071c8e325f7c9e59526c454cacf8db 2014/10/27 13:08:23 6044 records - OK
oPjs3Kvn 9.0 469d8f18c75d5cef4ca98287ca0a280f4fcb17e3 2014/10/20 13:09:12 5207 records - OK
nlKaFeqqOSbSKw 9.0 baa61e57099d2bf119d1d475012816a9a04f3f54 2014/10/13 13:09:12 5850 records - OK
p1oaZZl0oVZ 9.0 e805122898a9a5fcc9035140245ec2c33ea6cd7b 2014/10/06 13:09:31 7211 records - OK
9m272byUcsvmIk 9.0 ad6b7b3e4ad
  • 0

#14
tea82au

tea82au

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
I did a custom scan, these are the results,
=============================================================================
Dr.Web Scanner SE for Windows v9.1.3.04070
© Doctor Web, Ltd., 1992-2013
Scan session started 2015/05/12 17:48:05
Module location : c:\documents and settings\natasha\local

settings\temp\63870E22-27A20952-A1E2571A-EAB594B6\
=============================================================================

OPTION [Automatic Apply Actions] NO
OPTION [Turn Off Computer After Scan] NO
OPTION [Use Sound Alerts] NO

OPTION [Block Network] NO
OPTION [Protect Process] NO
OPTION [Protect Raw Disk] NO

Using language: "English"
Available instances: 6
Instances used: 6
Platform: Windows XP Professional x86 (Build 2600), Service Pack 3
API Version: 2.2
Scanning Engine version: 10.0.5.3260
Virus Finding Engine version: 7.0.12.3050
Total 245 virus bases are loaded from c:\documents and settings\natasha\local

settings\temp\63870E22-27A20952-A1E2571A-EAB594B6
yOwbDaGDjcml3 9.0 f943e0d48f60806ce2c846ce9917a9194916d04c 2015/05/12 12:40:47 640 records - OK
VpLOhFR5pVSVl77 9.0 9aed727828f0b2d133db81da67712b9769843aeb 2014/04/10 23:22:45 2 records - OK
s8Lz9usgy67pIV 9.0 2601d24246c903aaf7e71b12c3bcacfeefeca8e5 2015/05/12 06:04:42 570 records - OK
ZIuIH18NlqFSz9G 9.0 984fe93957b68cfc25a69525fd83a224dfcd5c95 2015/05/11 14:12:10 16387 records - OK
eoJFl4YlCMss3yS 9.0 fe75f061b8b7d024ab5fc9d202ce51c22a556815 2015/05/04 14:12:01 13791 records - OK
7AJwxYIRXXVPmb5 9.0 5e3c3f1dd25b90fe54e2551f66679f79692eb0eb 2015/04/27 14:09:10 16980 records - OK
ZahgiMf1s 9.0 d68f395b637141250c62fa2e832ce105f4583364 2015/04/20 14:13:03 18642 records - OK
yLlBdJCBa2w 9.0 f64fa683abdc874b6ae4e3a7b890656e991573df 2015/04/13 14:11:51 12163 records - OK
deLKn4ydLxplt 9.0 e13b1316273ebe745dc5caf40a09ff3d6ec5bab6 2015/04/06 14:10:34 13386 records - OK
Sf8mftOdYdzA0cq 9.0 30d0c12d3bee4c3be8f801a4ff9b8825c18b787f 2015/03/30 14:11:03 14676 records - OK
hhuWk9foE 9.0 62b6c3b207fe75c810c4c28fcfe27e6af5b08e83 2015/03/23 14:11:37 14143 records - OK
3NUNSGUD 9.0 7da8643f31ff10742007d1eb99585ab27fa8be26 2015/03/16 14:08:27 7225 records - OK
JHFIGlZ7X5Wamc 9.0 ecbe71de674a8690e70250f7b8cca4ebb5fd7892 2015/03/09 14:09:27 8721 records - OK
2R1BWvVivKxCu 9.0 3c45c3ec685ae8ede6b4a58657dde779529c7db4 2015/03/02 14:09:55 30503 records - OK
jAkUnTP3GS 9.0 274f8686e0d976f1df6f947e25ebc1ba3abd2315 2015/02/23 14:08:33 37169 records - OK
tPFGhOlRl1UU 9.0 88bc309d8e117313bb9b9921677f4f8b3aeab06f 2015/02/16 14:11:15 11685 records - OK
dyBWFN1VvG7 9.0 43abc95d1a8925b76d022af6998b94c76b84eff1 2015/02/09 14:17:42 22165 records - OK
Hz9MnBIZsAYS 9.0 dd2377aaed6efc3a8c2ded6370656500fc316122 2015/02/02 14:10:22 13708 records - OK
FdafAA9OC 9.0 cc29cfe74a887c101d217061befeb6ec7eea38bb 2015/01/26 14:08:03 18692 records - OK
H2DrZKGd9gd1qE 9.0 9f076b65af34c43bb442d83769b3fac941264de2 2015/01/19 14:11:48 18076 records - OK
GGn4kbk6 9.0 d3d995d710664219c2cf1607fa53464e0562d400 2015/01/12 14:09:48 25264 records - OK
thDnTBC1 9.0 e69a0e5cfb74bc347ca5e2f6ed01ae1520678ed1 2015/01/05 14:08:59 21568 records - OK
y6dccqfKcagH 9.0 c05cc2f7998c2c61bbaa18cefe5492f0dad7bcb5 2014/12/29 14:10:30 14188 records - OK
CClwOxZA 9.0 78bdec9b9ec0e81d76c3eba7be4695a3d723ab57 2014/12/22 14:10:37 15664 records - OK
bBGt58JjdZJgJ 9.0 b41d7f1a4beec99ae86136111b16f20b730a71f6 2014/12/15 14:10:48 10192 records - OK
tnrAVnUjE2 9.0 0adad4ac08299ee2a6e07b33363a1d879c8f5436 2014/12/08 14:08:57 14500 records - OK
uXpjWYpdnkhMG 9.0 591a09f1189eaffe4a7b116b81a453bbccbf38fd 2014/12/01 14:11:11 12965 records - OK
PdaDFUv9 9.0 ff306751677b955148a951c32dcf80cb3e5045fb 2014/11/24 14:10:16 16188 records - OK
1g5xWZZO2 9.0 287d06b168e83271aca389c34754dfd8c88c4c9e 2014/11/17 14:10:43 14676 records - OK
m0tVGcyz 9.0 5706c05b0acb8a91833610be569d054df016720f 2014/11/10 14:08:47 7343 records - OK
jzVeuAOl7kLj0O 9.0 6f304afcbb5533521bbde7012b510848d2e599b6 2014/11/03 14:07:01 6146 records - OK
mPgOLVb2loW 9.0 eeebf2d591071c8e325f7c9e59526c454cacf8db 2014/10/27 13:08:23 6044 records - OK
oPjs3Kvn 9.0 469d8f18c75d5cef4ca98287ca0a280f4fcb17e3 2014/10/20 13:09:12 5207 records - OK
nlKaFeqqOSbSKw 9.0 baa61e57099d2bf119d1d475012816a9a04f3f54 2014/10/13 13:09:12 5850 records - OK
p1oaZZl0oVZ 9.0 e805122898a9a5fcc9035140245ec2c33ea6cd7b 2014/10/06 13:09
  • 0

#15
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,017 posts

Good news. :thumbsup:

 

 

OPTION [Automatic Apply Actions] NO

 

Did you allow Dr Web to fix what it found?

 

If not, please run the scan again and let it fix what it finds. :)

 

After that

 

We need to have another look to make sure there is nothing more to do and then, all going well, we will go to clearing away the tools we have been using.

 

Please run another FRST scan with the Addition.txt box ticked and post back the two logs generated - FRST.txt and Addition.txt.

 

Finally in this post

 

Please download Farbar Service Scanner and run.
 

  • Make sure the following options are checked:

     
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center/Action Center
  • Windows Update
  • Windows Defender
  • Other Services
  • Press Scan
  • A log (FSS.txt) will be created in the same directory the tool is run.
  • Copy and paste the log back here.

 

So when you return please post

  • tell me that Dr Web has fixed what it found
  • FRST.txt
  • Addition.txt
  • FSS.txt

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP