Jump to content

Backdoor bot found. What should I do


Recommended Posts

Backdoor bot found on a full scan. Malwarebytes quarantined and deleted it. Am I infected and what should I do please?

 

Results in First.txt are:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-01-2015
Ran by JeanT (administrator) on JEAN on 22-01-2015 13:32:03
Running from C:\Documents and Settings\JeanT\Desktop
Loaded Profiles: JeanT (Available profiles: JeanT & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IBM Corp.) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
() C:\WINDOWS\system32\WLTRYSVC.EXE
(Dell Inc.) C:\WINDOWS\system32\BCMWLTRY.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Creative Technology Ltd) C:\Program Files\Creative\Mixer\CTSVolFE.exe
(Eastman Kodak Company) C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe
(Eastman Kodak Company) C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
(Microsoft® Corporation) C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
(Eastman Kodak Company) C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Sonic Solutions) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
(Vodafone) C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
(Canon Inc.) C:\Program Files\Canon\CAL\CALMAIN.exe
(Microsoft® Corporation) C:\Program Files\Common Files\Microsoft Shared\Works Shared\WksCal.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [igfxhkcmd] => C:\WINDOWS\system32\hkcmd.exe [77824 2005-12-13] (Intel Corporation)
HKLM\...\Run: [igfxpers] => C:\WINDOWS\system32\igfxpers.exe [118784 2005-12-13] (Intel Corporation)
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [761947 2006-03-08] (Synaptics, Inc.)
HKLM\...\Run: [CTSVolFE.exe] => C:\Program Files\Creative\Mixer\CTSVolFE.exe [57344 2005-02-23] (Creative Technology Ltd)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Conime] => C:\WINDOWS\system32\conime.exe [27648 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [EKStatusMonitor] => C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe [2844608 2012-10-15] (Eastman Kodak Company)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-09] (AVAST Software)
HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
HKU\S-1-5-21-4109387759-2306541775-4193789974-1005\...\MountPoints2: {47a70a2d-d983-11e0-97bc-0019b95fc28a} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-4109387759-2306541775-4193789974-1005\...\MountPoints2: {835af939-7209-11e1-98c7-0019b95fc28a} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-4109387759-2306541775-4193789974-1005\...\MountPoints2: {9e234093-d874-11e0-97ba-0019b95fc28a} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-4109387759-2306541775-4193789974-1005\...\MountPoints2: {c4e58a35-92d1-11e0-973b-0019b95fc28a} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-4109387759-2306541775-4193789974-1005\...\MountPoints2: {c4e58a38-92d1-11e0-973b-0019b95fc28a} - E:\setup_vmc_lite.exe /checkApplicationPresence
Startup: C:\Documents and Settings\JeanT\Start Menu\Programs\Startup\WKCALREM.LNK
ShortcutTarget: WKCALREM.LNK -> C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe (Microsoft® Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [s-1-5-21-4109387759-2306541775-4193789974-1005] => Internet Explorer proxy is enabled.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=2070905
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=2070905
HKU\S-1-5-21-4109387759-2306541775-4193789974-1005\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co.uk/hws/sb/dell-usuk/en/side.html?channel=uk
HKU\S-1-5-21-4109387759-2306541775-4193789974-1005\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=2070905
HKU\S-1-5-21-4109387759-2306541775-4193789974-1005\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKU\S-1-5-21-4109387759-2306541775-4193789974-1005\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-21-4109387759-2306541775-4193789974-1005 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-4109387759-2306541775-4193789974-1005 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2645238
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> c:\program files\google\googletoolbar1.dll (Google Inc.)
BHO: CBrowserHelperObject Object -> {CA6319C0-31B7-401E-A518-A07C3DB8F777} -> C:\Program Files\BAE\BAE.dll (Dell Inc.)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-4109387759-2306541775-4193789974-1005 -> &Google - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-4109387759-2306541775-4193789974-1005 -> No Name - {66F2E20D-0DA8-4C11-A9C8-DD8477B88ACD} -  No File
Toolbar: HKU\S-1-5-21-4109387759-2306541775-4193789974-1005 -> No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Documents and Settings\JeanT\Application Data\Mozilla\Firefox\Profiles\m5j1hywx.default
FF DefaultSearchUrl: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2611275&SearchSource=3&q={searchTerms}
FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2611275&q=
FF NetworkProxy: "type", 1
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin: @checkpoint.com/FFApi -> C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll No File
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Documents and Settings\JeanT\Application Data\Mozilla\Firefox\Profiles\m5j1hywx.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Documents and Settings\JeanT\Application Data\Mozilla\Firefox\Profiles\m5j1hywx.default\searchplugins\conduit.xml
FF Extension: No Name - C:\Documents and Settings\JeanT\Application Data\Mozilla\Firefox\Profiles\m5j1hywx.default\Extensions\nostmp [2011-08-27]
FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\JeanT\Application Data\Mozilla\Firefox\Profiles\m5j1hywx.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011-06-01]
FF Extension: Flashblock - C:\Documents and Settings\JeanT\Application Data\Mozilla\Firefox\Profiles\m5j1hywx.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2014-12-12]
FF Extension: ZoneAlarm  - C:\Documents and Settings\JeanT\Application Data\Mozilla\Firefox\Profiles\m5j1hywx.default\Extensions\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd} [2014-11-11]
FF Extension: BetterPrivacy - C:\Documents and Settings\JeanT\Application Data\Mozilla\Firefox\Profiles\m5j1hywx.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3} [2012-02-05]
FF Extension: Adobe DLM (powered by getPlus®) - C:\Documents and Settings\JeanT\Application Data\Mozilla\Firefox\Profiles\m5j1hywx.default\Extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2011-06-01]
FF Extension: BBC Radio Tuner - C:\Documents and Settings\JeanT\Application Data\Mozilla\Firefox\Profiles\m5j1hywx.default\Extensions\jid1-AzY1PPtK8QsrEQ@jetpack.xpi [2014-03-01]
FF Extension: Adblock Plus - C:\Documents and Settings\JeanT\Application Data\Mozilla\Firefox\Profiles\m5j1hywx.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-09-23]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-06-01]
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2011-06-01]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2011-05-31]

Chrome:
=======
CHR Profile: C:\Documents and Settings\JeanT\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Documents and Settings\JeanT\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-06]
CHR Extension: (Google Drive) - C:\Documents and Settings\JeanT\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-06]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\JeanT\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-01]
CHR Extension: (YouTube) - C:\Documents and Settings\JeanT\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-06]
CHR Extension: (Adblock Plus) - C:\Documents and Settings\JeanT\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-04-11]
CHR Extension: (Google Search) - C:\Documents and Settings\JeanT\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-06]
CHR Extension: (FlashBlock) - C:\Documents and Settings\JeanT\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gofhjkjmkpinhpoiabjplobcaignabnl [2014-04-11]
CHR Extension: (Google Wallet) - C:\Documents and Settings\JeanT\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-06]
CHR Extension: (Gmail) - C:\Documents and Settings\JeanT\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-06]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-26]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeActiveFileMonitor7.0; C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [169312 2008-09-16] (Adobe Systems Incorporated)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-26] (AVAST Software)
R2 CCALib8; C:\Program Files\Canon\CAL\CALMAIN.exe [96370 2007-01-31] (Canon Inc.) [File not signed]
S3 DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [70656 2007-03-19] () [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2011-06-01] (Macrovision Europe Ltd.) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [153376 2011-06-01] (Sun Microsystems, Inc.)
R2 Kodak AiO Network Discovery Service; C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe [395200 2012-10-19] (Eastman Kodak Company)
R2 Kodak AiO Status Monitor Service; C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [779200 2012-10-15] (Eastman Kodak Company)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 RapportMgmtService; C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe [1919256 2014-12-22] (IBM Corp.)
S3 RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [880640 2006-11-05] (Sonic Solutions) [File not signed]
R2 RoxWatch9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [159744 2006-11-05] (Sonic Solutions) [File not signed]
S4 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968 2008-08-13] (SupportSoft, Inc.)
S3 stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [73728 2006-09-14] (MicroVision Development, Inc.) [File not signed]
R2 VMCService; C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [14336 2008-10-09] (Vodafone) [File not signed]
R2 wltrysvc; C:\WINDOWS\System32\bcmwltry.exe [1253376 2006-10-31] (Dell Inc.) [File not signed]
S3 SwPrv; C:\WINDOWS\system32\dllhost.exe /Processid:{2F130D52-0BDB-47EB-AF81-1E09BA7E21E7}

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
R1 APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [16128 2005-08-12] (Dell Inc) [File not signed]
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-11-26] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [70384 2014-11-26] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55240 2014-11-26] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-11-26] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [787800 2014-11-26] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [423784 2014-11-26] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57928 2014-11-26] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [206248 2014-11-26] ()
R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [604928 2006-11-02] (Broadcom Corporation)
S3 DSproct; C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys [4736 2006-10-05] (Gteko Ltd.) [File not signed]
R3 HSFHWAZL; C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys [201600 2005-07-21] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [1035008 2005-07-21] (Conexant Systems, Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R1 omci; C:\WINDOWS\System32\DRIVERS\omci.sys [17153 2004-02-13] (Dell Inc) [File not signed]
R1 RapportCerberus_80120; C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_80120.sys [472792 2015-01-13] (IBM Corp.)
R1 RapportEI; C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys [251640 2014-12-22] (IBM Corp.)
S3 RapportIaso; c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso.sys [152152 2015-01-13] (IBM Corp.)
R0 RapportKELL; C:\WINDOWS\System32\Drivers\RapportKELL.sys [208856 2014-12-22] (IBM Corp.)
R1 RapportPG; C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [332696 2014-12-22] (IBM Corp.)
R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1156648 2006-03-24] (SigmaTel, Inc.)
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U5 Tcpip6; C:\Windows\System32\Drivers\Tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
U1 WS2IFSL; No ImagePath

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-22 13:32 - 2015-01-22 13:33 - 00020114 _____ () C:\Documents and Settings\JeanT\Desktop\FRST.txt
2015-01-22 13:31 - 2015-01-22 13:32 - 00000000 ____D () C:\FRST
2015-01-22 13:30 - 2015-01-22 13:30 - 01118208 _____ (Farbar) C:\Documents and Settings\JeanT\Desktop\FRST.exe
2015-01-15 18:29 - 2015-01-15 18:30 - 00000000 ____D () C:\14228ca028fd9e6e3855ab6533
2015-01-15 18:29 - 2015-01-15 18:29 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-01-15 18:29 - 2015-01-15 18:29 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
2015-01-15 18:10 - 2015-01-15 18:10 - 00021181 _____ () C:\Documents and Settings\JeanT\My Documents\lights.odt
2015-01-15 18:04 - 2015-01-15 18:04 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-12-31 14:42 - 2014-12-31 14:42 - 00421742 _____ () C:\Documents and Settings\JeanT\My Documents\Go outdoors order.odt
2014-12-30 18:24 - 2014-12-30 18:24 - 00021185 _____ () C:\Documents and Settings\JeanT\My Documents\jean text.odt
2014-12-28 18:41 - 2014-12-28 18:41 - 00046328 _____ () C:\Documents and Settings\JeanT\My Documents\Lakeland order ice scrapper.odt

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-22 13:32 - 2011-05-31 20:26 - 00000000 ____D () C:\Documents and Settings\JeanT\Local Settings\Temp
2015-01-22 13:02 - 2014-04-06 09:27 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-22 12:59 - 2012-07-07 18:37 - 00000364 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2015-01-22 12:57 - 2004-08-11 16:07 - 00524888 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-01-22 12:53 - 2013-01-23 19:44 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Kodak
2015-01-22 12:53 - 2004-08-11 16:13 - 01335575 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-22 12:53 - 2004-08-11 16:09 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2015-01-22 12:53 - 2004-08-11 16:09 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2015-01-22 12:53 - 2004-08-11 16:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2015-01-22 12:52 - 2014-04-06 09:27 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-22 12:52 - 2004-08-11 16:20 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-22 11:46 - 2011-05-31 20:26 - 00000178 ___SH () C:\Documents and Settings\JeanT\ntuser.ini
2015-01-22 11:46 - 2011-05-31 20:26 - 00000000 ____D () C:\Documents and Settings\JeanT
2015-01-22 11:46 - 2004-08-11 16:20 - 00032624 _____ () C:\WINDOWS\SchedLgU.Txt
2015-01-20 15:49 - 2011-06-01 08:51 - 00000000 ____D () C:\Documents and Settings\JeanT\My Documents\Car
2015-01-20 15:49 - 2011-05-31 21:56 - 00002052 _____ () C:\WINDOWS\QUICKEN.INI
2015-01-20 15:49 - 2004-08-11 16:11 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp
2015-01-19 18:41 - 2013-02-15 19:29 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2799494$
2015-01-19 17:04 - 2014-04-06 09:29 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2015-01-19 11:56 - 2012-05-21 11:35 - 00000000 ____D () C:\Documents and Settings\JeanT\My Documents\Utilities
2015-01-15 18:05 - 2012-09-23 14:44 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-14 15:35 - 2013-07-29 20:56 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-14 15:30 - 2011-06-01 14:23 - 110348472 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-01-13 14:29 - 2013-08-01 20:30 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Trusteer Endpoint Protection
2015-01-08 17:05 - 2011-05-31 20:33 - 00000000 __SHD () C:\WINDOWS\CSC
2015-01-07 21:38 - 2004-08-11 16:13 - 00000000 __SHD () C:\Documents and Settings\All Users\DRM
2015-01-07 21:32 - 2004-08-11 16:11 - 00059777 _____ () C:\WINDOWS\wmsetup.log
2015-01-07 18:48 - 2011-06-01 09:32 - 00000000 ____D () C:\Documents and Settings\JeanT\My Documents\Russell
2014-12-25 21:58 - 2013-01-28 17:19 - 00701616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-12-25 21:58 - 2011-06-02 17:17 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-12-25 21:56 - 2011-05-31 20:55 - 00000000 ____D () C:\Documents and Settings\JeanT\Local Settings\Application Data\Adobe

==================== Files in the root of some directories =======
2011-05-31 20:57 - 2011-06-01 10:05 - 0000206 ____N () C:\Documents and Settings\JeanT\Application Data\wklnhst.dat
2011-07-22 13:42 - 2014-06-01 19:24 - 0026112 ____N () C:\Documents and Settings\JeanT\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-05-31 21:04 - 2011-05-31 21:05 - 0000592 ____N () C:\Documents and Settings\JeanT\Local Settings\Application Data\FASTWiz.html
2011-05-31 21:02 - 2011-05-31 21:02 - 0030206 ____N () C:\Documents and Settings\JeanT\Local Settings\Application Data\FASTWiz.log
2013-01-23 20:02 - 2013-08-05 17:28 - 0030414 ____N () C:\Documents and Settings\JeanT\Local Settings\Application Data\installer.log
2013-01-23 20:02 - 2013-01-23 20:02 - 0000230 ____N () C:\Documents and Settings\JeanT\Local Settings\Application Data\LaunchHomeCenter.log

Some content of TEMP:
====================
C:\Documents and Settings\JeanT\Local Settings\Temp\ffunzip.exe
C:\Documents and Settings\JeanT\Local Settings\Temp\tbZone.dll
C:\Documents and Settings\JeanT\Local Settings\Temp\Uninstall.exe
C:\Documents and Settings\JeanT\Local Settings\Temp\vsinit.dll
C:\Documents and Settings\JeanT\Local Settings\Temp\vsutil.dll
C:\Documents and Settings\JeanT\Local Settings\Temp\zauninst.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

 

Results of Additional.txt

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-01-2015
Ran by JeanT at 2015-01-22 13:33:47
Running from C:\Documents and Settings\JeanT\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Flash Player ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 9.0.124.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 7.0 (HKLM\...\Adobe Photoshop Elements 7) (Version: 7.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.01) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.01 - Adobe Systems Incorporated)
aioscnnr (Version: 7.6.11.10 - Your Company Name) Hidden
Avast Free Antivirus (HKLM\...\avast) (Version: 10.0.2208 - AVAST Software)
BBC iPlayer Downloads (HKLM\...\{476A047B-BDA1-4B37-BB40-0710C7E9EB61}) (Version: 1.4.1 - BBC)
Broadcom Management Programs (HKLM\...\{26E1BFB0-E87E-4696-9F89-B467F01F81E5}) (Version: 8.65.05 - Broadcom Corporation)
C4USelfUpdater (Version: 1.00.0000 - Your Company Name) Hidden
Canon Camera Access Library (HKLM\...\CAL) (Version: 8.4.0.1 - )
Canon Camera Support Core Library (HKLM\...\CSCLIB) (Version: 7.3.1.6 - )
Canon G.726 WMP-Decoder (HKLM\...\Canon G.726 WMP-Decoder) (Version: 1.1.0.4 - )
CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM\...\CANON iMAGE GATEWAY Task) (Version: 1.4.0.8 - )
Canon Internet Library for ZoomBrowser EX (HKLM\...\Canon Internet Library for ZoomBrowser EX) (Version: 1.6.0.3 - )
Canon MovieEdit Task for ZoomBrowser EX (HKLM\...\MovieEditTask) (Version: 2.5.0.15 - )
Canon RAW Image Task for ZoomBrowser EX (HKLM\...\RAW Image Task) (Version: 0.9.3.9 - )
Canon Utilities CameraWindow (HKLM\...\CameraWindowLauncher) (Version: 7.0.0.8 - )
Canon Utilities CameraWindow DC (HKLM\...\CameraWindowDC) (Version: 7.0.0.15 - )
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX (HKLM\...\CameraWindowDVC5) (Version: 5.4.5.17 - )
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (HKLM\...\CameraWindowDVC6) (Version: 6.4.1.15 - )
Canon Utilities EOS Utility (HKLM\...\EOS Utility) (Version: 1.1.0.8 - )
Canon Utilities MyCamera (HKLM\...\MyCamera) (Version: 6.4.0.5 - )
Canon Utilities MyCamera DC (HKLM\...\MyCameraDC) (Version: 7.0.0.5 - )
Canon Utilities PhotoStitch (HKLM\...\PhotoStitch) (Version: 3.1.20.44 - )
Canon Utilities RemoteCapture DC (HKLM\...\RemoteCaptureDC) (Version: 3.0.1.8 - )
Canon Utilities RemoteCapture Task for ZoomBrowser EX (HKLM\...\RemoteCaptureTask) (Version: 1.7.1.9 - )
Canon Utilities ZoomBrowser EX (HKLM\...\ZoomBrowser EX) (Version: 6.0.0.246 - )
Canon ZoomBrowser EX Memory Card Utility (HKLM\...\ZoomBrowser EX Memory Card Utility) (Version: 1.0.0.19 - )
CCleaner (HKLM\...\CCleaner) (Version: 3.11 - Piriform)
center (Version: 6.2.5.0 - Eastman Kodak Company) Hidden
Conexant HDA D110 MDC V.92 Modem (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3) (Version:  - )
DAO 3.5 (HKLM\...\DAO 3.5) (Version:  - )
Dell Support Center (Support Software) (HKLM\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.2.08298 - Dell)
Dell System Restore (HKLM\...\{74F7662C-B1DB-489E-A8AC-07A06B24978B}) (Version: 2.00.0000 - Dell Inc.)
Dell Wireless WLAN Card (HKLM\...\Broadcom 802.11b Network Adapter) (Version: 4.100.15.8 - Dell Inc.)
DellSupport (HKLM\...\{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}) (Version: 6.0.3075 - Dell)
Digital Line Detect (HKLM\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.15 - BVRP Software, Inc)
essentials (Version: 6.0.14.0 - Eastman Kodak Company) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.99 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version:  - )
Google Toolbar for Internet Explorer (Version: 4.0.0.002 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
High Definition Audio Driver Package - KB835221 (HKLM\...\KB835221WXP) (Version: 20040219.000000 - Microsoft Corporation)
Intel® Graphics Media Accelerator Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4446 - )
J2SE Runtime Environment 5.0 Update 6 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0150060}) (Version: 1.5.0.60 - Sun Microsystems, Inc.)
Java 6 Update 22 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216022FF}) (Version: 6.0.220 - Oracle)
Kodak AIO Printer (Version: 7.0.3.0 - Eastman Kodak Company) Hidden
KODAK AiO Software (HKLM\...\{E0F274B7-592B-4669-8FB8-8D9825A09858}) (Version: 7.6.12.20 - Eastman Kodak Company)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
MediaDirect (HKLM\...\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}) (Version: 4.7 - Dell)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
Mixer (HKLM\...\MIXERLITE) (Version:  - )
Modem Helper (HKLM\...\{7F142D56-3326-11D5-B229-002078017FBF}) (Version: 3.01 - BVRP Software)
MozBackup 1.4.10 (HKLM\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Firefox 35.0 (x86 en-GB) (HKLM\...\Mozilla Firefox 35.0 (x86 en-GB)) (Version: 35.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 6.0 Parser (HKLM\...\{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}) (Version: 6.10.1129.0 - Microsoft Corporation)
NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.23 - BVRP Software, Inc)
ocr (Version: 6.2.3.50 - Eastman Kodak Company) Hidden
OpenOffice.org 3.3 (HKLM\...\{3E171899-0175-47CC-84C4-562ACDD4C021}) (Version: 3.3.9567 - OpenOffice.org)
OutlookAddinSetup (HKLM\...\{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}) (Version: 1.0.0 - CyberLink)
OverDrive Media Console (HKLM\...\{7326DA0C-C09B-491C-81FF-6DA12B2256BB}) (Version: 3.3.0 - OverDrive, Inc.)
PreReq (Version: 6.2.3.0 - Eastman Kodak Company) Hidden
PrintProjects (HKLM\...\PrintProjects) (Version: 1.0.0.9282 - RocketLife Inc.)
Quicken Deluxe 2000 (HKLM\...\Quicken Deluxe 2000) (Version:  - )
QuickSet (HKLM\...\{C5074CC4-0E26-4716-A307-960272A90040}) (Version: 8.1.10 - Dell Computer Corporation)
Rapport (Version: 3.5.1404.61 - Trusteer) Hidden
Recuva (HKLM\...\Recuva) (Version: 1.44 - Piriform)
Roxio Creator Audio (HKLM\...\{83FFCFC7-88C6-41c6-8752-958A45325C82}) (Version: 3.3.0 - Roxio)
Roxio Creator BDAV Plugin (HKLM\...\{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}) (Version: 3.3.0 - Roxio)
Roxio Creator Copy (HKLM\...\{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}) (Version: 3.3.0 - Roxio)
Roxio Creator Data (HKLM\...\{0D397393-9B50-4c52-84D5-77E344289F87}) (Version: 3.3.0 - Roxio)
Roxio Creator DE (HKLM\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.3.0 - Roxio)
Roxio Creator Tools (HKLM\...\{0394CDC8-FABD-4ed8-B104-03393876DFDF}) (Version: 3.3.0 - Roxio)
Roxio Drag-to-Disc (HKLM\...\{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}) (Version: 9.0 - Roxio)
Roxio Express Labeler (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 2.1.0 - Roxio)
Roxio MyDVD DE (HKLM\...\{D639085F-4B6E-4105-9F37-A0DBB023E2FB}) (Version: 9.0.116 - Roxio, Inc.)
Roxio Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 3.0.0 - Roxio)
SatSYNC (HKLM\...\{3C499A5A-EF17-4FE0-995B-1EFC34D426C1}) (Version: 2.34.0048 - Satmap Systems Ltd)
SearchAssist (HKLM\...\SearchAssist) (Version:  - )
Skype™ 6.16 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Sonic Activation Module (Version: 1.0 - Sonic Solutions) Hidden
Sound Blaster Audigy ADVANCED MB Demo (HKLM\...\CTMBDemo_Audigy) (Version:  - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 8.2.4.6 - Synaptics)
TomTom HOME (HKLM\...\{EC5F4C1B-F838-4CB7-8561-8F809296428B}) (Version: 2.9.5 - TomTom)
TomTom HOME Visual Studio Merge Modules (HKLM\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Trusteer Endpoint Protection (HKLM\...\Rapport_msi) (Version: 3.5.1404.61 - Trusteer)
URL Assistant (HKLM\...\{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}) (Version:  - )
Vodafone Mobile Connect Lite (HKLM\...\{C656142F-EFE1-44CD-BFAD-6CBC6DCB9860}) (Version: 9.3.5.11690 - Vodafone)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Installer 3.1 (KB893803) (HKLM\...\KB893803v2) (Version:  - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format Runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

04-12-2014 13:29:39 System Checkpoint
11-12-2014 21:09:37 System Checkpoint
12-12-2014 20:50:43 Software Distribution Service 3.0
13-12-2014 19:36:21 Installed Rapport
15-12-2014 08:11:21 System Checkpoint
17-12-2014 15:50:14 System Checkpoint
20-12-2014 15:39:37 System Checkpoint
22-12-2014 10:38:22 System Checkpoint
23-12-2014 19:41:02 System Checkpoint
26-12-2014 18:27:49 System Checkpoint
28-12-2014 17:54:29 System Checkpoint
29-12-2014 18:07:01 System Checkpoint
31-12-2014 13:40:28 System Checkpoint
01-01-2015 16:40:48 System Checkpoint
02-01-2015 17:58:35 System Checkpoint
03-01-2015 18:09:04 System Checkpoint
05-01-2015 13:40:57 System Checkpoint
08-01-2015 18:51:08 System Checkpoint
13-01-2015 14:28:47 Installed Rapport
14-01-2015 15:30:09 Software Distribution Service 3.0
15-01-2015 18:09:59 Removed Microsoft Silverlight
18-01-2015 18:11:40 System Checkpoint
20-01-2015 17:37:12 System Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2004-08-11 16:00 - 2004-08-04 04:00 - 00000734 ____N C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe

==================== Loaded Modules (whitelisted) =============

2007-09-05 14:23 - 2006-10-31 20:48 - 00020480 ____N () C:\WINDOWS\System32\WLTRYSVC.EXE
2007-09-05 14:23 - 2006-10-31 20:48 - 00757760 ____N () C:\WINDOWS\System32\bcm1xsup.dll
2015-01-22 10:27 - 2015-01-22 10:27 - 02913280 _____ () C:\Program Files\AVAST Software\Avast\defs\15012201\algo.dll
2013-12-23 20:18 - 2014-11-26 16:26 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2006-11-05 09:28 - 2006-11-05 09:28 - 04587520 ____R () C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\ROXIPP41.dll
2004-08-11 16:00 - 2007-04-02 12:49 - 00355112 _____ () C:\WINDOWS\system32\msjetoledb40.dll
2015-01-15 18:04 - 2015-01-15 18:04 - 03925104 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Documents and Settings\JeanT\My Documents\aaa:Roxio EMC Stream
AlternateDataStreams: C:\Documents and Settings\JeanT\My Documents\Accomm:Roxio EMC Stream
AlternateDataStreams: C:\Documents and Settings\JeanT\My Documents\Bob:Roxio EMC Stream
AlternateDataStreams: C:\Documents and Settings\JeanT\My Documents\Camera:Roxio EMC Stream
AlternateDataStreams: C:\Documents and Settings\JeanT\My Documents\Canon Utilities:Roxio EMC Stream
AlternateDataStreams: C:\Documents and Settings\JeanT\My Documents\Car:Roxio EMC Stream
AlternateDataStreams: C:\Documents and Settings\JeanT\My Documents\Caravan:Roxio EMC Stream
AlternateDataStreams: C:\Documents and Settings\JeanT\My Documents\Computer:Roxio EMC Stream
AlternateDataStreams: C:\Documents and Settings\JeanT\My Documents\Council Tax:Roxio EMC Stream
AlternateDataStreams: C:\Documents and Settings\JeanT\My Documents\Cycle:Roxio EMC Stream
AlternateDataStreams: C:\Documents and Settings\JeanT\My Documents\Dance:Roxio EMC Stream
AlternateDataStreams: C:\Documents and Settings\JeanT\My Documents\DIY:Roxio EMC Stream
AlternateDataStreams: C:\Documents and Settings\JeanT\My Documents\e trex GPS:Roxio EMC Stream
AlternateDataStreams: C:\Documents and Settings\JeanT\My Documents\Exercise:Roxio EMC Stream
AlternateDataStreams: C:\Documents and Settings\JeanT\My Documents\Favorites from work:Roxio EMC Stream
AlternateDataStreams: C:\Documents and Settings\JeanT\My Documents\Finance:Roxio EMC Stream
AlternateDataStreams: C:\Documents and Settings\JeanT\My Documents\Garden:Roxio EMC Stream
AlternateDataStreams: C:\Documents and Settings\JeanT\My Documents\Gas:Roxio EMC Stream
AlternateDataStreams: C:\Documents and Settings\JeanT\My Documents\Health:Roxio EMC Stream
AlternateDataStreams: C:\Documents and Settings\JeanT\My Documents\House Insurance:Roxio EMC Stream
AlternateDataStreams: C:\Documents and Settings\JeanT\My Documents\Old computer files:Roxio EMC Stream
AlternateDataStreams: C:\Documents and Settings\JeanT\My Documents\Open Office3:Roxio EMC Stream
AlternateDataStreams: C:\Documents and Settings\JeanT\My Documents\PFGI_71:Roxio EMC Stream
AlternateDataStreams: C:\Documents and Settings\JeanT\My Documents\Phones:Roxio EMC Stream
AlternateDataStreams: C:\Documents and Settings\JeanT\My Documents\Photo software:Roxio EMC Stream
AlternateDataStreams: C:\Documents and Settings\JeanT\My Documents\Printer cd:Roxio EMC Stream
AlternateDataStreams: C:\Documents and Settings\JeanT\My Documents\Quicken backup:Roxio EMC Stream
AlternateDataStreams: C:\Documents and Settings\JeanT\My Documents\QW2000UKDLX:Roxio EMC Stream
AlternateDataStreams: C:\Documents and Settings\JeanT\My Documents\Russell:Roxio EMC Stream
AlternateDataStreams: C:\Documents and Settings\JeanT\My Documents\Sailing:Roxio EMC Stream
AlternateDataStreams: C:\Documents and Settings\JeanT\My Documents\Sudoku:Roxio EMC Stream
AlternateDataStreams: C:\Documents and Settings\JeanT\My Documents\Television:Roxio EMC Stream
AlternateDataStreams: C:\Documents and Settings\JeanT\My Documents\Walking Gear:Roxio EMC Stream
AlternateDataStreams: C:\Documents and Settings\JeanT\My Documents\Walks:Roxio EMC Stream
AlternateDataStreams: C:\Documents and Settings\JeanT\My Documents\Wedding:Roxio EMC Stream
AlternateDataStreams: C:\Documents and Settings\JeanT\My Documents\WinZip orig:Roxio EMC Stream
AlternateDataStreams: C:\Documents and Settings\JeanT\My Documents\Work:Roxio EMC Stream

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Billminder.lnk => C:\WINDOWS\pss\Billminder.lnkCommon Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Broadcom Wireless Manager UI => C:\WINDOWS\system32\WLTRAY.exe
MSCONFIG\startupreg: ctfmon.exe => C:\WINDOWS\system32\ctfmon.exe
MSCONFIG\startupreg: Dell QuickSet => C:\Program Files\Dell\QuickSet\quickset.exe
MSCONFIG\startupreg: DellSupport => "C:\Program Files\DellSupport\DSAgnt.exe" /startup
MSCONFIG\startupreg: DellSupportCenter => "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
MSCONFIG\startupreg: dscactivate => "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
MSCONFIG\startupreg: IgfxTray =>
MSCONFIG\startupreg: ISUSPM Startup => C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
MSCONFIG\startupreg: ISUSScheduler => "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
MSCONFIG\startupreg: KernelFaultCheck => %systemroot%\system32\dumprep 0 -k
MSCONFIG\startupreg: MobileConnect => %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
MSCONFIG\startupreg: ModemOnHold => C:\Program Files\NetWaiting\netWaiting.exe
MSCONFIG\startupreg: PCMService => "C:\Program Files\Dell\MediaDirect\PCMService.exe"
MSCONFIG\startupreg: RoxioDragToDisc => "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
MSCONFIG\startupreg: RoxWatchTray => "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
MSCONFIG\startupreg: SigmatelSysTrayApp =>
MSCONFIG\startupreg: SunJavaUpdateSched =>
MSCONFIG\startupreg: TomTomHOME.exe => "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" -s

========================= Accounts: ==========================

Administrator (S-1-5-21-4109387759-2306541775-4193789974-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
Guest (S-1-5-21-4109387759-2306541775-4193789974-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-4109387759-2306541775-4193789974-1004 - Limited - Disabled)
JeanT (S-1-5-21-4109387759-2306541775-4193789974-1005 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\JeanT
SUPPORT_388945a0 (S-1-5-21-4109387759-2306541775-4193789974-1002 - Limited - Disabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/22/2015 00:53:24 PM) (Source: VMCService) (EventID: 0) (User: )
Description: conflictManagerTypeValue

Error: (01/21/2015 11:34:29 AM) (Source: VMCService) (EventID: 0) (User: )
Description: conflictManagerTypeValue

Error: (01/20/2015 07:35:58 PM) (Source: VMCService) (EventID: 0) (User: )
Description: System.Runtime.InteropServices.COMException (0x80010002): Call was canceled by the message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED))
   at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo)
   at System.Management.ManagementScope.InitializeGuts(Object o)
   at System.Management.ManagementScope.Initialize()
   at System.Management.ManagementObject.Initialize(Boolean getObject)
   at System.Management.ManagementClass.GetInstances(EnumerationOptions options)
   at System.Management.ManagementClass.GetInstances()
   at VMC.WindowsService.Core.WMIClasses.GetLoggedOnUser_Orig(String& domain, String& user)
   at VMC.WindowsService.Core.WindowsServiceCore.DeviceEvent_Orig()
   at VMC.WindowsService.Core.WindowsServiceCore.Checking()

Error: (01/20/2015 02:56:11 PM) (Source: VMCService) (EventID: 0) (User: )
Description: conflictManagerTypeValue

Error: (01/19/2015 06:44:17 PM) (Source: VMCService) (EventID: 0) (User: )
Description: conflictManagerTypeValue

Error: (01/19/2015 02:02:10 PM) (Source: VMCService) (EventID: 0) (User: )
Description: conflictManagerTypeValue

Error: (01/19/2015 11:25:09 AM) (Source: VMCService) (EventID: 0) (User: )
Description: conflictManagerTypeValue

Error: (01/18/2015 04:29:48 PM) (Source: VMCService) (EventID: 0) (User: )
Description: conflictManagerTypeValue

Error: (01/15/2015 06:32:36 PM) (Source: VMCService) (EventID: 0) (User: )
Description: conflictManagerTypeValue

Error: (01/15/2015 06:13:24 PM) (Source: VMCService) (EventID: 0) (User: )
Description: conflictManagerTypeValue


System errors:
=============
Error: (01/19/2015 06:46:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HTTP SSL service failed to start due to the following error:
%%1053

Error: (01/19/2015 06:46:00 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the HTTP SSL service to connect.

Error: (01/13/2015 02:27:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The IMAPI CD-Burning COM Service service failed to start due to the following error:
%%1053

Error: (01/13/2015 02:27:12 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.

Error: (01/11/2015 05:03:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HTTP SSL service failed to start due to the following error:
%%1053

Error: (01/11/2015 05:03:10 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the HTTP SSL service to connect.

Error: (01/10/2015 10:27:23 AM) (Source: 0) (EventID: 1) (User: )
Description: 0xC0000001HarddiskVolume2

Error: (12/23/2014 06:08:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HTTP SSL service failed to start due to the following error:
%%1053

Error: (12/23/2014 06:08:37 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the HTTP SSL service to connect.

Error: (12/22/2014 04:05:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Application Layer Gateway Service service failed to start due to the following error:
%%1053


Microsoft Office Sessions:
=========================
Error: (01/22/2015 00:53:24 PM) (Source: VMCService) (EventID: 0) (User: )
Description: conflictManagerTypeValue

Error: (01/21/2015 11:34:29 AM) (Source: VMCService) (EventID: 0) (User: )
Description: conflictManagerTypeValue

Error: (01/20/2015 07:35:58 PM) (Source: VMCService) (EventID: 0) (User: )
Description: System.Runtime.InteropServices.COMException (0x80010002): Call was canceled by the message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED))
   at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo)
   at System.Management.ManagementScope.InitializeGuts(Object o)
   at System.Management.ManagementScope.Initialize()
   at System.Management.ManagementObject.Initialize(Boolean getObject)
   at System.Management.ManagementClass.GetInstances(EnumerationOptions options)
   at System.Management.ManagementClass.GetInstances()
   at VMC.WindowsService.Core.WMIClasses.GetLoggedOnUser_Orig(String& domain, String& user)
   at VMC.WindowsService.Core.WindowsServiceCore.DeviceEvent_Orig()
   at VMC.WindowsService.Core.WindowsServiceCore.Checking()

Error: (01/20/2015 02:56:11 PM) (Source: VMCService) (EventID: 0) (User: )
Description: conflictManagerTypeValue

Error: (01/19/2015 06:44:17 PM) (Source: VMCService) (EventID: 0) (User: )
Description: conflictManagerTypeValue

Error: (01/19/2015 02:02:10 PM) (Source: VMCService) (EventID: 0) (User: )
Description: conflictManagerTypeValue

Error: (01/19/2015 11:25:09 AM) (Source: VMCService) (EventID: 0) (User: )
Description: conflictManagerTypeValue

Error: (01/18/2015 04:29:48 PM) (Source: VMCService) (EventID: 0) (User: )
Description: conflictManagerTypeValue

Error: (01/15/2015 06:32:36 PM) (Source: VMCService) (EventID: 0) (User: )
Description: conflictManagerTypeValue

Error: (01/15/2015 06:13:24 PM) (Source: VMCService) (EventID: 0) (User: )
Description: conflictManagerTypeValue


==================== Memory info ===========================

Processor: Genuine Intel® CPU T2130 @ 1.86GHz
Percentage of memory in use: 49%
Total physical RAM: 2038.37 MB
Available physical RAM: 1028.14 MB
Total Pagefile: 3930.81 MB
Available Pagefile: 3069.72 MB
Total Virtual: 2047.88 MB
Available Virtual: 1933.34 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:106.7 GB) (Free:6.83 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 111.8 GB) (Disk ID: 41AB2316)
Partition 1: (Not Active) - (Size=86 MB) - (Type=DE)
Partition 2: (Active) - (Size=106.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=2 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=3 GB) - (Type=DB)

==================== End Of Log ============================

Link to post
Share on other sites

Helllo,

My name is Argus and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.




warning.gif Rules and policies

We won't support any piracy.
That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!
The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.

 

 

 

 

 

Download 51a5f31352b88-icon_MBAR.pngMalwarebytes Anti-Rootkit to your desktop.

  • Double-click the icon to start the tool.
  • It will ask you where to extract it, then it will start.
  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Click in the introduction screen "next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder and paste the content of the following files in your next reply:
    • "mbar-log-{date} (xx-xx-xx).txt"
    • "system-log.txt"

 

 

Link to post
Share on other sites

This way we will check what cause BSOD.


Download WhoCrashed from here:
http://www.resplendence.com/download/whocrashedSetup.exe

This program will try to verify the analysis, which is the cause of driver error.
Note: This program requires installation.



Double-click to start the installation, and click Next .

  • Check I accept the agreement and then the Next .
    The program install to that location, and under that name by the program you offer.
  • Click Next and in the next window, click Next
  • Check Create a Desktop Icon and then click Next and then Install .



    After you've installed WhoCrashed program, run it.

      Note: If you get message that it look like this:

    34snr14.jpg

    Click Download the requested file from the Microsoft site now and wait for the process to
    download additional files and installation is complete.





    >> When the program starts, click Analyze .
    When scanning is done,click OK .
  • Right-click on the area of the page with the report and select Select All, .
  • Right-click on the area of the page with the report and select copy
  • Open a new Notepad and select past to copy the contents of the logo in the notepad.

Now you can close the program.

Please attach here notepad with that logreport.

 

Link to post
Share on other sites

Is there an uninsatller for this as on searching my computer I have a number of things relating to it

 

MBAR-1.08.3.1004.EXE-06732950.pf
MBAR.EXE-260840E2.pf
MBAR.EXE-37C91221.pf

all in c\windows\prefetch

In c\program files I have a mbar folder with what appears to be the antiroot kit files

sorry but I am not very technical
 

Link to post
Share on other sites

Download 51a5f31352b88-icon_MBAR.pngMalwarebytes Anti-Rootkit to your desktop.

 

 

 

Download DelFix by Xplode and save it to your desktop.

  • Run the tool by right click on the 51a5ce45263de-delfix.png icon and Run as administrator option.
  • Make sure that these ones are checked:
    • Remove disinfection tools
  • Push Run and wait until the tool completes his work.
  • All tools we used should be gone. Tool will create an report for you (C:\DelFix.txt)

]The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix

Tool deletes old system restore points and create a fresh system restore point after cleaning.

 

Link to post
Share on other sites

I ran the exe with remove disinfection tools and this is the report

 

# DelFix v10.8 - Logfile created 23/01/2015 at 15:20:26
# Updated 29/07/2014 by Xplode
# Username : JeanT - JEAN
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\Documents and Settings\JeanT\Desktop\Addition.txt
Deleted : C:\Documents and Settings\JeanT\Desktop\FRST.txt
Deleted : C:\Documents and Settings\JeanT\Desktop\HijackThis.exe
Deleted : C:\Documents and Settings\JeanT\My Documents\Downloads\unhide.exe
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis

########## - EOF - ##########

 

I has not deleted the antiroot files.

Link to post
Share on other sites

Download 51a5f31352b88-icon_MBAR.pngMalwarebytes Anti-Rootkit to your desktop.

  • Double-click the icon to start the tool.
  • It will ask you where to extract it, then it will start.
  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Click in the introduction screen "next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder and paste the content of the following files in your next reply:
    • "mbar-log-{date} (xx-xx-xx).txt"
    • "system-log.txt"


Link to post
Share on other sites

Sorry but I don't understand. Do you want me to attempt to download and install the Antiroot kit again. I thought I was trying to deleted the antiroot from my system. I thought I was using DelFix to do this but it didn't remove it.

 

 

Yes. It must be on the desktop

Link to post
Share on other sites

Argus

 

I can't install the antiroot kit. I am getting a blue screen with driver overrun stack based buffer.

 

I exited Malwarebytes and disabled my antivirus. I can down load the antiroot and when I run it, it installed the mbar folders on my desktop and then I get a blue screen with "driver overrun stack error message and then I have to switch off my computer. Everythime I try running mbar is crashing my computer.

Link to post
Share on other sites

I will look out my key as I have the paid for version.

 

Given my earlier mistakers, just to be clear

 

1. Uninstall Malwarebytes

2.Disable Avast antivirus

3. Download malware antiroot kit and install on my desktop

4. Run antiroot

5. post report

6. Re enable Avast antivirus

7 Down load and install malwarebytes

Link to post
Share on other sites

  • 1 month later...
  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.