Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

a variant of win 64 browse fox.cl


  • This topic is locked This topic is locked
11 replies to this topic

#1 norm11

norm11

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:07:30 AM

Posted 31 January 2015 - 06:29 PM

Malwarebytes Ant-imalware is poping up on the right bottom of my screen non stop  telling me Malicious Webside Blocked.

c:\program files (x86)Mozilla Firefox\firefox.exe. OR

c:\program files\tixati\tixati.exe

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-01-2015 01
Ran by norma (administrator) on INGRID-PC on 31-01-2015 16:17:36
Running from C:\Users\norma\Desktop
Loaded Profiles: norma (Available profiles: norma)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
() C:\Program Files (x86)\Syncios\SynciosDeviceService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(VideoLAN) C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
(Tixati Software Inc.) C:\Program Files\tixati\tixati.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7981088 2009-07-20] (Realtek Semiconductor)
HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2199840 2014-04-30] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-07-31] (AVAST Software)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Syncios device service] => C:\Program Files (x86)\Syncios\SynciosDeviceService.exe [736768 2014-08-12] ()
HKU\S-1-5-21-3060193818-780826043-819785903-1003\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2014-10-14] (Microsoft Corporation)
HKU\S-1-5-21-3060193818-780826043-819785903-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

AutoConfigURL: [S-1-5-21-3060193818-780826043-819785903-1003] => file://C:\Program Files (x86)\AdvanceElite\bin\Pac8807.js
HKU\S-1-5-21-3060193818-780826043-819785903-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
URLSearchHook: HKU\S-1-5-21-3060193818-780826043-819785903-1003 - (No Name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No File
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -  No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\norma\AppData\Roaming\Mozilla\Firefox\Profiles\hgi1nho3.default
FF DefaultSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-10-24]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-31]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-31] (AVAST Software)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [625184 2009-04-19] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [207904 2009-04-19] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1618888 2014-04-30] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21009352 2014-04-30] (NVIDIA Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 EPSON_PM_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-31] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-31] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-31] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-31] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-11-21] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-31] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-31] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-31] ()
S3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-31] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19744 2014-04-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 cleanhlp; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-31 16:17 - 2015-01-31 16:18 - 00015407 _____ () C:\Users\norma\Desktop\FRST.txt
2015-01-31 16:17 - 2015-01-31 16:17 - 00000000 ____D () C:\FRST
2015-01-31 16:15 - 2015-01-31 16:15 - 02130944 _____ (Farbar) C:\Users\norma\Desktop\FRST64.exe
2015-01-31 16:07 - 2015-01-31 16:07 - 00020536 _____ () C:\Users\norma\Desktop\[Private] Private Gold #177  Anal Mansion Secrets [2014-04] [MP4][1280x720][Split Scenes].torrent
2015-01-31 16:04 - 2015-01-31 16:04 - 00010812 _____ () C:\Users\norma\Desktop\[Adult Cinema]DP My Wife With Me 6 2015 WEB-DL(1).torrent
2015-01-31 16:02 - 2015-01-31 16:15 - 00000000 ____D () C:\Users\norma\AppData\Roaming\tixati
2015-01-31 16:01 - 2015-01-31 16:01 - 00000748 _____ () C:\Users\norma\Desktop\Tixati.lnk
2015-01-31 16:01 - 2015-01-31 16:01 - 00000000 ____D () C:\Users\norma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tixati
2015-01-31 16:01 - 2015-01-31 16:01 - 00000000 ____D () C:\Program Files\tixati
2015-01-31 13:38 - 2015-01-31 13:38 - 00001030 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2015-01-31 13:38 - 2015-01-31 13:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-01-31 11:11 - 2015-01-31 11:23 - 116224000 _____ () C:\Users\norma\Desktop\YouPorn_-_Three_men_do_more_than_DP_to_this_redhead.mpg
2015-01-31 11:09 - 2015-01-31 11:19 - 93949952 _____ () C:\Users\norma\Desktop\YouPorn - FILLED PUSSYS COMPILATION.mpg
2015-01-31 11:08 - 2015-01-31 11:14 - 52828160 _____ () C:\Users\norma\Desktop\YouPorn - la session des ejaculations buccales.mpg
2015-01-31 11:06 - 2015-01-31 11:29 - 220733440 _____ () C:\Users\norma\Desktop\YouPorn - Sexy ladies and horny guys in the music room bleep each other.mpg
2015-01-31 11:05 - 2015-01-31 11:20 - 139843584 _____ () C:\Users\norma\Desktop\YouPorn - Look who s cumming at dinner.mpg
2015-01-31 11:04 - 2015-01-31 11:05 - 06536297 _____ () C:\Users\norma\Desktop\YouPorn - Blonde Dp Double Creampie.mp4
2015-01-29 10:18 - 2015-01-29 10:32 - 127520768 _____ () C:\Users\norma\Desktop\YouPorn - HarmonyVision busty wife bleeped anal.mpg
2015-01-29 10:17 - 2015-01-29 10:31 - 127606784 _____ () C:\Users\norma\Desktop\YouPorn - Harmony Vision Sex Club Hardcore raunchy sex.mpg
2015-01-29 10:15 - 2015-01-29 10:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-29 10:14 - 2015-01-29 10:30 - 146472960 _____ () C:\Users\norma\Desktop\YouPorn - HarmonyVision Intense DP for beautiful Jessica.mpg
2015-01-29 10:12 - 2015-01-29 10:16 - 126556160 _____ () C:\Users\norma\Desktop\YouPorn%20-%20HARMONY%20VISION%20Funky%20Anal%20Tiffany%20Doll.mpg
2015-01-25 17:17 - 2015-01-25 18:52 - 873736192 _____ () C:\Users\norma\Downloads\YouPorn - GRAZIE ZIA full movie direct by Silvio Bandinelli.mpg
2015-01-24 14:13 - 2015-01-24 14:13 - 00000000 ____D () C:\ProgramData\Emsisoft
2015-01-24 12:54 - 2015-01-26 10:04 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2015-01-23 18:01 - 2015-01-23 18:03 - 02347384 _____ (ESET) C:\Users\norma\Desktop\esetsmartinstaller_enu.exe
2015-01-23 17:49 - 2015-01-23 17:49 - 01707939 _____ (Thisisu) C:\Users\norma\Desktop\JRT.exe
2015-01-23 17:46 - 2015-01-31 10:31 - 00001344 _____ () C:\Windows\setupact.log
2015-01-23 17:46 - 2015-01-23 17:46 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-23 17:45 - 2015-01-26 10:04 - 00000648 _____ () C:\Windows\PFRO.log
2015-01-23 17:38 - 2015-01-23 17:48 - 00000000 ____D () C:\AdwCleaner
2015-01-23 17:37 - 2015-01-23 17:38 - 02186752 _____ () C:\Users\norma\Desktop\AdwCleaner.exe
2015-01-23 17:35 - 2015-01-25 19:35 - 00002772 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-01-23 17:35 - 2015-01-23 17:35 - 00000786 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-01-23 17:35 - 2015-01-23 17:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-01-23 17:35 - 2015-01-23 17:35 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-18 20:31 - 2015-01-18 20:32 - 00001498 _____ () C:\DelFix.txt
2015-01-18 20:30 - 2015-01-18 20:30 - 00000000 __SHD () C:\Users\norma\AppData\Local\EmieUserList
2015-01-18 20:30 - 2015-01-18 20:30 - 00000000 __SHD () C:\Users\norma\AppData\Local\EmieSiteList
2015-01-18 20:30 - 2015-01-18 20:30 - 00000000 __SHD () C:\Users\norma\AppData\Local\EmieBrowserModeList
2015-01-17 19:20 - 2015-01-17 19:20 - 00000000 ____D () C:\Users\norma\AppData\Roaming\dvdcss
2015-01-17 16:51 - 2015-01-17 16:53 - 00000090 _____ () C:\ProgramData\PS.log
2015-01-17 08:57 - 2014-12-18 20:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-17 08:57 - 2014-12-18 18:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-17 08:57 - 2014-12-11 22:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-17 08:57 - 2014-12-11 22:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-17 08:57 - 2014-12-11 22:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-17 08:57 - 2014-12-11 22:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-17 08:57 - 2014-12-11 22:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-17 08:57 - 2014-12-11 22:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-17 08:57 - 2014-12-11 22:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-17 08:57 - 2014-12-11 10:47 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-17 08:57 - 2014-12-05 21:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-17 08:57 - 2014-12-05 20:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-17 08:57 - 2014-12-05 20:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-01 15:45 - 2015-01-24 20:18 - 00000000 ____D () C:\Users\norma\Desktop\Download

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-31 15:59 - 2012-10-15 09:57 - 01550839 _____ () C:\Windows\WindowsUpdate.log
2015-01-31 13:41 - 2013-04-07 09:59 - 00000000 ____D () C:\Users\norma\AppData\Roaming\vlc
2015-01-31 13:38 - 2013-04-06 20:05 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2015-01-31 13:07 - 2014-12-13 13:08 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-31 10:39 - 2009-07-13 21:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-31 10:39 - 2009-07-13 21:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-31 10:32 - 2013-11-12 15:48 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-01-31 10:31 - 2012-10-19 07:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-31 10:31 - 2012-10-15 09:57 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-31 10:31 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-26 09:59 - 2013-02-15 09:07 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-01-26 09:56 - 2010-08-26 19:25 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-01-25 10:05 - 2014-10-09 10:21 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-25 10:05 - 2014-10-09 10:21 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-25 10:05 - 2012-10-16 00:39 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-24 19:57 - 2014-10-09 10:21 - 00003906 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-01-24 19:57 - 2013-01-10 10:48 - 00003254 _____ () C:\Windows\System32\Tasks\{9F009640-7883-41B9-B78C-DD0CEAACF63D}
2015-01-24 19:57 - 2012-10-15 13:15 - 00003232 _____ () C:\Windows\System32\Tasks\SidebarExecute
2015-01-24 19:56 - 2014-12-25 12:17 - 00003888 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-01-24 19:56 - 2014-10-09 10:21 - 00003654 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-01-24 19:56 - 2012-10-16 00:39 - 00003770 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-24 17:59 - 2012-10-15 13:31 - 00000000 ____D () C:\Users\norma\AppData\Roaming\Mozilla
2015-01-24 14:42 - 2012-10-16 00:39 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-24 14:42 - 2012-10-16 00:39 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-23 17:35 - 2014-01-22 16:05 - 00000000 ____D () C:\Windows\Minidump
2015-01-23 17:35 - 2007-07-11 18:49 - 00000000 ____D () C:\Windows\Panther
2015-01-23 15:18 - 2014-12-13 13:08 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-23 15:18 - 2014-12-13 13:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-23 15:18 - 2014-12-13 13:08 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-23 10:18 - 2009-07-13 22:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-18 19:17 - 2014-10-12 15:10 - 00000000 ____D () C:\Users\norma\Desktop\New folder
2015-01-17 20:31 - 2013-08-14 22:12 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-17 20:26 - 2012-10-16 11:06 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-17 17:02 - 2010-08-26 19:19 - 00000000 ____D () C:\Program Files (x86)\EgisTec MyWinLocker
2015-01-17 16:57 - 2012-10-19 08:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvisoft
2015-01-17 16:56 - 2010-08-26 19:10 - 00000000 ____D () C:\ProgramData\WildTangent
2015-01-17 16:56 - 2010-08-26 19:10 - 00000000 ____D () C:\Program Files (x86)\Acer Games
2015-01-17 16:56 - 2009-07-13 22:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-01-17 16:54 - 2012-10-15 10:09 - 00000000 ____D () C:\ProgramData\CyberLink
2015-01-17 16:54 - 2010-08-26 18:56 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-01-17 16:49 - 2013-01-10 10:55 - 00000000 ____D () C:\ProgramData\Skype
2015-01-17 16:43 - 2010-08-26 19:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2015-01-17 16:43 - 2010-08-26 19:17 - 00000000 ____D () C:\Program Files (x86)\Acer
2015-01-08 09:55 - 2012-10-15 13:39 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2014-10-30 09:15 - 2014-11-06 10:20 - 0000090 _____ () C:\Users\norma\AppData\Roaming\WB.CFG
2013-07-04 10:30 - 2014-01-24 09:23 - 0006656 _____ () C:\Users\norma\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-10-15 10:09 - 2012-10-15 10:13 - 0015545 _____ () C:\ProgramData\ArcadeDeluxe4.log
2015-01-17 16:51 - 2015-01-17 16:53 - 0000090 _____ () C:\ProgramData\PS.log

Some content of TEMP:
====================
C:\Users\norma\AppData\Local\Temp\Quarantine.exe
C:\Users\norma\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-24 11:21

==================== End Of Log ============================

 

Attached Files



BC AdBot (Login to Remove)

 


m

#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:30 AM

Posted 02 February 2015 - 10:17 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.


start

CloseProcesses:

(Tixati Software Inc.) C:\Program Files\tixati\tixati.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
AutoConfigURL: [S-1-5-21-3060193818-780826043-819785903-1003] => file://C:\Program Files (x86)\AdvanceElite\bin\Pac8807.js
URLSearchHook: HKU\S-1-5-21-3060193818-780826043-819785903-1003 - (No Name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No File
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
S2 EPSON_PM_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE [X]
S3 cleanhlp; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [X]
C:\Program Files\tixati
C:\Program Files (x86)\AdvanceElite

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

How is the computer running now?

#3 norm11

norm11
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:07:30 AM

Posted 03 February 2015 - 01:50 PM

THANKS for Help Nasdaq Here the Reports. Running good But tixati program  was remove??

 

Running from C:\Users\norma\Desktop
Loaded Profiles: norma &  (Available profiles: norma)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start

CloseProcesses:

(Tixati Software Inc.) C:\Program Files\tixati\tixati.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
AutoConfigURL: [S-1-5-21-3060193818-780826043-819785903-1003] => file://C:\Program Files (x86)\AdvanceElite\bin\Pac8807.js
URLSearchHook: HKU\S-1-5-21-3060193818-780826043-819785903-1003 - (No Name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No File
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
S2 EPSON_PM_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE [X]
S3 cleanhlp; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [X]
C:\Program Files\tixati
C:\Program Files (x86)\AdvanceElite
*****************

Processes closed successfully.
C:\Program Files\tixati\tixati.exe => No running process found
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKU\S-1-5-21-3060193818-780826043-819785903-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\AutoConfigURL => value deleted successfully.
HKU\S-1-5-21-3060193818-780826043-819785903-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value deleted successfully.
HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => Key not found.
"HKCR\PROTOCOLS\Handler\skype4com" => Key deleted successfully.
HKCR\CLSID\{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} => Key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
EPSON_PM_RPCV4_01 => Service deleted successfully.
cleanhlp => Service deleted successfully.
C:\Program Files\tixati => Moved successfully.
"C:\Program Files (x86)\AdvanceElite" => File/Directory not found.


The system needed a reboot.

==== End of Fixlog 11:21:29 ====

 

# AdwCleaner v4.108 - Report created 23/01/2015 at 17:38:45
# Updated 17/01/2015 by Xplode
# Database : 2015-01-23.3 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : norma - INGRID-PC
# Running from : C:\Users\norma\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v35.0 (x86 en-US)


*************************

AdwCleaner[R0].txt - [613 octets] - [23/01/2015 17:38:45]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [672 octets] ##########



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:30 AM

Posted 03 February 2015 - 02:15 PM

Re install the program and let me know if you still have issues with this computer.

#5 norm11

norm11
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:07:30 AM

Posted 04 February 2015 - 04:22 PM

Look ok for now.



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:30 AM

Posted 05 February 2015 - 09:46 AM

Download Security Check by screen317 from here
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

How is the computer running now?

======

#7 norm11

norm11
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:07:30 AM

Posted 05 February 2015 - 02:04 PM

Working good got this warning once .Malwarebytes Ant-imalware block c:\program files (x86)Mozilla Firefox\firefox.exe

 

 

Results of screen317's Security Check version 0.99.96  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 MVPS Hosts File  
  Java 64-bit 8 Update 31  
 Adobe Flash Player 16.0.0.296  
 Adobe Reader XI  
 Mozilla Firefox (35.0.1)
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````
 



#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:30 AM

Posted 06 February 2015 - 08:27 AM

This may help in eliminating that MBAM message.

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F
===

#9 norm11

norm11
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:07:30 AM

Posted 07 February 2015 - 10:28 PM

Working very good right now. what is  ( destop.ini ) popping up in my folder alll the time??



#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:30 AM

Posted 08 February 2015 - 08:34 AM

what is ( destop.ini ) popping up in my folder alll the time??

Nothing to worry about all folders have such a file.
They are operating system files to not show up you must Hide you System Files.

Reverse the instruction on this page if you wish to hide them.
http://windows.microsoft.com/en-ca/windows/show-hidden-files#show-hidden-files=windows-7

===

If all is well.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#11 norm11

norm11
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:07:30 AM

Posted 08 February 2015 - 10:06 PM

THANKS for your help nasdaq. Take care hey.



#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:30 AM

Posted 09 February 2015 - 09:39 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users