TechSpot

Automatic updates keeps disabling

By Dalores
Sep 8, 2015
  1. Think I have virus/malware on computer. Computer is running very slow, I have run my antivirus but nothing picked up and not sure what else to try?
     
  2. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. Dalores

    Dalores TS Rookie Topic Starter Posts: 25

    Thanks for the info Broni I am still considering what to do. But If I did a reformat/reinstall would I need the disk for the operating system as I dont have this?
     
  4. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    What Windows version is it?
     
  5. Dalores

    Dalores TS Rookie Topic Starter Posts: 25

    Its XP I dont have any of the original software for OS or open office. So would it be better to try and clean or could I back them up to disk? Thanks
     
  6. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Follow steps from my original reply and we'll see what's there.
     
  7. Dalores

    Dalores TS Rookie Topic Starter Posts: 25

    Addition logs are..

    Additional scan result of Farbar Recovery Scan Tool (x86) Version:10-09-2015 01
    Ran by Dell Laptop (2015-09-12 14:51:12)
    Running from C:\Documents and Settings\Dell Laptop\My Documents\Downloads
    Microsoft Windows XP Professional Service Pack 3 (X86) (2015-07-09 12:35:20)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-1214440339-2049760794-1417001333-500 - Administrator - Enabled)
    ASPNET (S-1-5-21-1214440339-2049760794-1417001333-1004 - Limited - Enabled)
    Dell Laptop (S-1-5-21-1214440339-2049760794-1417001333-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Dell Laptop
    Guest (S-1-5-21-1214440339-2049760794-1417001333-501 - Limited - Disabled)
    HelpAssistant (S-1-5-21-1214440339-2049760794-1417001333-1000 - Limited - Disabled)
    SUPPORT_388945a0 (S-1-5-21-1214440339-2049760794-1417001333-1002 - Limited - Disabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Bitdefender Antivirus (Enabled - Up to date) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
    FW: Bitdefender Firewall (Disabled) {4055920F-2E99-48A8-A270-4243D2B8F242}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Flash Player 18 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
    Bitdefender Internet Security 2015 (HKLM\...\Bitdefender) (Version: 18.23.0.1604 - Bitdefender)
    C-Major Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 42xx - SigmaTel)
    Conexant D110 MDC V.92 Modem (HKLM\...\CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1) (Version: - )
    Google Chrome (HKLM\...\Google Chrome) (Version: 45.0.2454.85 - Google Inc.)
    Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6710.2136 - Google Inc.)
    Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
    Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
    Google Update Helper (Version: 1.3.28.13 - Google Inc.) Hidden
    Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - )
    Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
    Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
    Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
    Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
    OpenOffice 4.1.1 (HKLM\...\{86F2B095-3998-41D5-833D-1C5075300950}) (Version: 4.11.9775 - Apache Software Foundation)
    QuickSet (HKLM\...\{C5074CC4-0E26-4716-A307-960272A90040}) (Version: 7.1.10 - )
    WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
    Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
    Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== Restore Points =========================

    09-07-2015 15:03:20 System Checkpoint
    09-07-2015 15:07:05 Installed C-Major Audio
    09-07-2015 15:07:58 DriverPack Solution 12.3
    09-07-2015 15:22:09 Software Distribution Service 3.0
    09-07-2015 15:44:28 Installed QuickSet
    09-07-2015 15:45:44 Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    09-07-2015 15:46:04 Installed OpenOffice 4.1.1
    04-08-2015 19:06:15 Software Distribution Service 3.0
    09-08-2015 16:18:11 System Checkpoint
    14-08-2015 18:02:26 Software Distribution Service 3.0
    14-08-2015 19:46:56 Installed Windows XP Wdf01009.
    15-08-2015 19:36:26 Software Distribution Service 3.0
    20-08-2015 20:25:50 System Checkpoint
    21-08-2015 20:27:04 System Checkpoint
    23-08-2015 20:24:17 System Checkpoint
    24-08-2015 22:02:29 System Checkpoint
    25-08-2015 22:08:10 System Checkpoint
    26-08-2015 19:41:52 Software Distribution Service 3.0
    27-08-2015 18:59:10 Software Distribution Service 3.0
    27-08-2015 19:29:53 Installed Windows Media Player 11
    27-08-2015 19:30:50 Installed Windows XP Wudf01000.
    27-08-2015 19:35:24 Installed Windows XP MSCompPackV1.
    27-08-2015 19:38:53 Software Distribution Service 3.0
    27-08-2015 22:56:16 Software Distribution Service 3.0
    28-08-2015 11:01:03 Software Distribution Service 3.0
    29-08-2015 21:33:58 Software Distribution Service 3.0
    31-08-2015 14:55:25 System Checkpoint
    03-09-2015 20:13:21 System Checkpoint
    06-09-2015 14:52:42 System Checkpoint
    08-09-2015 13:31:12 System Checkpoint
    09-09-2015 16:40:09 System Checkpoint
    09-09-2015 18:32:02 Software Distribution Service 3.0
    10-09-2015 19:31:37 System Checkpoint
    11-09-2015 21:41:05 System Checkpoint

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2008-04-14 12:00 - 2008-04-14 12:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
    127.0.0.1 localhost

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
    Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe

    ==================== Loaded Modules (Whitelisted) ==============

    2015-08-14 19:44 - 2014-08-27 16:30 - 00204280 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\txmlutil.dll
    2015-08-14 19:42 - 2013-09-03 14:29 - 00095088 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\bdmetrics.dll
    2015-08-14 19:44 - 2015-06-22 16:22 - 00003072 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\UI\accessl.ui
    2015-08-14 19:44 - 2012-10-29 14:22 - 00130656 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\bdfwcore.dll
    2015-09-04 17:55 - 2015-09-04 17:56 - 00748120 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_01042_004\ashttpbr.mdl
    2015-09-04 17:55 - 2015-09-04 17:56 - 00635368 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_01042_004\ashttpdsp.mdl
    2015-09-04 17:55 - 2015-09-04 17:56 - 02298776 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_01042_004\ashttpph.mdl
    2015-09-04 17:55 - 2015-09-04 17:56 - 01197736 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_01042_004\ashttprbl.mdl
    2015-07-09 15:44 - 2006-06-29 12:13 - 00073728 _____ () C:\Program Files\Dell\QuickSet\dadkeyb.dll
    2008-04-14 12:00 - 2008-04-14 12:00 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
    2008-04-14 12:00 - 2008-04-14 12:00 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
    2015-07-12 21:55 - 2014-02-10 13:44 - 04592128 _____ () C:\Documents and Settings\Dell Laptop\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
    2015-07-12 21:55 - 2014-02-10 13:44 - 00112128 _____ () C:\Documents and Settings\Dell Laptop\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
    2015-09-04 00:07 - 2015-08-28 01:17 - 16393032 _____ () C:\Program Files\Google\Chrome\Application\45.0.2454.85\PepperFlash\pepflashplayer.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-1214440339-2049760794-1417001333-1003\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Dell Laptop\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    DNS Servers: 192.168.1.254
    sharedaccess Firewall Service is not running.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)


    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome

    ==================== Faulty Device Manager Devices =============

    Could not list Devices. Check "winmgmt" service or repair WMI.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (07/09/2015 03:06:37 PM) (Source: PerfNet) (EventID: 2002) (User: )
    Description: Unable to open the Redirector service. Redirector performance data
    will not be returned. Error code returned is in data DWORD 0.


    System errors:
    =============
    Error: (09/12/2015 11:47:18 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The IPSEC Services service terminated with the following error:
    %%1747

    Error: (09/12/2015 10:49:23 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The IPSEC Services service terminated with the following error:
    %%1747

    Error: (09/12/2015 10:00:22 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The IPSEC Services service terminated with the following error:
    %%1747

    Error: (09/11/2015 06:17:40 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The IPSEC Services service terminated with the following error:
    %%1747

    Error: (09/11/2015 10:21:56 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The IPSEC Services service terminated with the following error:
    %%1747

    Error: (09/10/2015 06:20:08 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The IPSEC Services service terminated with the following error:
    %%1747

    Error: (09/10/2015 01:31:50 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The IPSEC Services service terminated with the following error:
    %%1747

    Error: (09/10/2015 01:31:26 PM) (Source: Dhcp) (EventID: 1002) (User: )
    Description: The IP address lease 192.168.1.82 for the Network Card with network address 00166F58CA6E has been
    denied by the DHCP server 192.168.1.254 (The DHCP Server sent a DHCPNACK message).

    Error: (09/10/2015 11:23:54 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The IPSEC Services service terminated with the following error:
    %%1747

    Error: (09/09/2015 11:35:56 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The IPSEC Services service terminated with the following error:
    %%1747


    Microsoft Office:
    =========================
    Error: (07/09/2015 03:06:37 PM) (Source: PerfNet) (EventID: 2002) (User: )
    Description:


    ==================== Memory info ===========================

    Processor: Intel(R) Pentium(R) M processor 1.73GHz
    Percentage of memory in use: 45%
    Total physical RAM: 2039.37 MB
    Available physical RAM: 1106.65 MB
    Total Virtual: 2640.78 MB
    Available Virtual: 1688.73 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:55.89 GB) (Free:45.79 GB) NTFS ==>[drive with boot components (Windows XP)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows XP) (Size: 55.9 GB) (Disk ID: 07980797)
    Partition 1: (Active) - (Size=55.9 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================
     
  8. Dalores

    Dalores TS Rookie Topic Starter Posts: 25

    FRST logs are..

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:10-09-2015 01
    Ran by Dell Laptop (administrator) on DELL-FBCB568978 (12-09-2015 14:42:16)
    Running from C:\Documents and Settings\Dell Laptop\My Documents\Downloads
    Loaded Profiles: Dell Laptop (Available Profiles: Dell Laptop)
    Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
    Internet Explorer Version 8 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe
    (Dell Inc.) C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
    (Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe
    (Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
    (Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
    (Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
    (Dell Inc) C:\Program Files\Dell\QuickSet\quickset.exe
    (Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe
    (Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe
    (Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxapps.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [Dell QuickSet] => C:\Program Files\Dell\QuickSet\quickset.exe [1032192 2006-06-29] (Dell Inc)
    HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe [1865664 2015-06-12] (Bitdefender)
    HKU\S-1-5-21-1214440339-2049760794-1417001333-1003\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2015-07-09] (Google Inc.)
    HKU\S-1-5-21-1214440339-2049760794-1417001333-1003\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe [671400 2015-06-12] (Bitdefender)
    SecurityProviders: msapsspc.dll, schannel.dll, credssp.dll, digest.dll, msnsspc.dll

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
    Tcpip\..\Interfaces\{C4637806-50F7-44D3-8FB3-F2EAD637BD8F}: [DhcpNameServer] 192.168.1.254

    Internet Explorer:
    ==================
    HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-19\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-20\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-1214440339-2049760794-1417001333-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-1214440339-2049760794-1417001333-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-gb/?ocid=iehp
    BHO: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll [2015-04-03] (Bitdefender)
    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-08-04] (Google Inc.)
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-08-04] (Google Inc.)
    Toolbar: HKLM - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll [2015-04-03] (Bitdefender)
    Toolbar: HKU\S-1-5-21-1214440339-2049760794-1417001333-1003 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-08-04] (Google Inc.)
    Toolbar: HKU\S-1-5-21-1214440339-2049760794-1417001333-1003 -> Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll [2015-04-03] (Bitdefender)

    FireFox:
    ========
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-30] (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-30] (Google Inc.)
    FF HKLM\...\Firefox\Extensions: [bdwteff@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdwteff
    FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender 2015\bdwteff [2015-08-14]
    FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext
    FF Extension: Bitdefender Antispam Toolbar - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext [2015-08-14]

    Chrome:
    =======
    CHR Profile: C:\Documents and Settings\Dell Laptop\Local Settings\Application Data\Google\Chrome\User Data\Default
    CHR Extension: (Google Docs) - C:\Documents and Settings\Dell Laptop\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-09]
    CHR Extension: (Google Drive) - C:\Documents and Settings\Dell Laptop\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-09]
    CHR Extension: (No Name) - C:\Documents and Settings\Dell Laptop\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-07-09]
    CHR Extension: (Google Search) - C:\Documents and Settings\Dell Laptop\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-07-09]
    CHR Extension: (Bitdefender Wallet) - C:\Documents and Settings\Dell Laptop\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fabcmochhfpldjekobfaaggijgohadih [2015-08-14]
    CHR Extension: (Google Docs Offline) - C:\Documents and Settings\Dell Laptop\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-04]
    CHR Extension: (Chrome Hotword Shared Module) - C:\Documents and Settings\Dell Laptop\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-04]
    CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\Dell Laptop\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-09]
    CHR Extension: (Gmail) - C:\Documents and Settings\Dell Laptop\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-09]
    CHR HKLM\...\Chrome\Extension: [fabcmochhfpldjekobfaaggijgohadih] - https://clients2.google.com/service/update2/crx

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 aspnet_state; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [32768 2004-07-15] (Microsoft Corporation) [File not signed]
    S3 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender 2015\bdparentalservice.exe [69880 2014-12-09] (Bitdefender)
    R2 NICCONFIGSVC; C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe [376832 2006-06-29] (Dell Inc.) [File not signed]
    R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe [54424 2014-10-27] (Bitdefender)
    R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe [1306416 2015-06-18] (Bitdefender)

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R1 APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [16128 2005-08-12] (Dell Inc) [File not signed]
    R0 avc3; C:\WINDOWS\System32\DRIVERS\avc3.sys [1129792 2015-05-28] (BitDefender)
    R3 avchv; C:\WINDOWS\System32\DRIVERS\avchv.sys [252184 2015-05-29] (BitDefender)
    R3 avckf; C:\WINDOWS\System32\DRIVERS\avckf.sys [610624 2015-05-28] (BitDefender)
    R3 Bdfndisf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf.sys [116816 2015-08-14] (BitDefender LLC)
    R1 bdftdif; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdftdif.sys [131432 2012-02-07] (BitDefender LLC)
    S3 BDSandBox; C:\WINDOWS\system32\drivers\bdsandbox.sys [66832 2015-01-09] (BitDefender SRL)
    R1 bdselfpr; C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys [135600 2013-07-26] (BitDefender LLC)
    R0 gzflt; C:\WINDOWS\System32\DRIVERS\gzflt.sys [173832 2015-04-29] (BitDefender LLC)
    R3 HSFHWICH; C:\WINDOWS\System32\DRIVERS\HSFHWICH.sys [208384 2005-05-03] (Conexant Systems, Inc.)
    R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.SYS [1033728 2005-05-03] (Conexant Systems, Inc.)
    R0 mv61xxmm; C:\WINDOWS\system32\Drivers\mv61xxmm.sys [14184 2012-11-14] (Marvell Semiconductor Inc.)
    R0 mv64xxmm; C:\WINDOWS\system32\Drivers\mv64xxmm.sys [5632 2012-11-14] (Marvell Semiconductor Inc.) [File not signed]
    R0 mvxxmm; C:\WINDOWS\system32\Drivers\mvxxmm.sys [14184 2012-11-14] (Marvell Semiconductor Inc.)
    R3 STAC97; C:\WINDOWS\System32\drivers\STAC97.sys [273168 2005-03-10] (SigmaTel, Inc.)
    R0 trufos; C:\WINDOWS\System32\DRIVERS\trufos.sys [422664 2015-06-02] (BitDefender S.R.L.)
    R3 w29n51; C:\WINDOWS\System32\DRIVERS\w29n51.sys [2216064 2009-11-11] (Intel® Corporation)
    S4 IntelIde; no ImagePath
    U5 MRxSmb; C:\Windows\System32\Drivers\MRxSmb.sys [457856 2012-11-14] (Microsoft Corporation)
    U1 WS2IFSL; no ImagePath

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-09-12 14:37 - 2015-09-12 14:37 - 00000654 _____ C:\Documents and Settings\Dell Laptop\Desktop\Shortcut to FRST.lnk
    2015-09-12 14:35 - 2015-09-12 14:42 - 00000000 ____D C:\FRST
    2015-09-09 18:32 - 2015-09-09 18:32 - 00000000 ____D C:\4ca7bb495c754f1b96375831c2
    2015-08-29 21:34 - 2015-08-30 17:07 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834904-v2_WM11$
    2015-08-29 21:33 - 2015-08-29 21:34 - 00004180 _____ C:\WINDOWS\KB2834904-v2.log
    2015-08-27 22:56 - 2015-08-27 22:56 - 00005752 _____ C:\WINDOWS\KB954155.log
    2015-08-27 22:56 - 2015-08-27 22:56 - 00005717 _____ C:\WINDOWS\KB978695.log
    2015-08-27 22:56 - 2015-08-27 22:56 - 00005660 _____ C:\WINDOWS\KB975558.log
    2015-08-27 22:56 - 2015-08-27 22:56 - 00005360 _____ C:\WINDOWS\KB2378111.log
    2015-08-27 19:35 - 2015-08-27 22:59 - 00000000 __HDC C:\WINDOWS\$NtUninstallMSCompPackV1$
    2015-08-27 19:35 - 2015-08-27 19:36 - 00003956 _____ C:\WINDOWS\MSCompPackV1.log
    2015-08-27 19:35 - 2007-07-27 23:11 - 00016760 ____N (Microsoft Corporation) C:\WINDOWS\system32\spmsg.dll
    2015-08-27 19:34 - 2015-08-27 22:59 - 00000000 __HDC C:\WINDOWS\$NtUninstallwmp11$
    2015-08-27 19:34 - 2015-08-27 19:34 - 00000000 ____D C:\Program Files\Windows Media Connect 2
    2015-08-27 19:33 - 2015-08-27 19:35 - 00017183 _____ C:\WINDOWS\wmp11.log
    2015-08-27 19:32 - 2015-08-28 10:56 - 00002560 _____ C:\WINDOWS\spupdsvc.log
    2015-08-27 19:31 - 2015-08-27 22:59 - 00000000 __HDC C:\WINDOWS\$NtUninstallWMFDist11$
    2015-08-27 19:31 - 2015-08-27 19:33 - 00028713 _____ C:\WINDOWS\WMFDist11.log
    2015-08-27 19:30 - 2015-08-27 22:59 - 00000000 __HDC C:\WINDOWS\$NtUninstallWudf01000$
    2015-08-27 19:30 - 2015-08-27 19:31 - 00009790 _____ C:\WINDOWS\Wudf01000Inst.log
    2015-08-27 19:16 - 2015-08-27 19:20 - 00000000 ____D C:\Documents and Settings\Dell Laptop\My Documents\Videos Splash Court
    2015-08-27 19:14 - 2015-08-27 21:05 - 00000000 ____D C:\Documents and Settings\Dell Laptop\My Documents\Phone Photos
    2015-08-27 01:12 - 2015-08-27 19:01 - 00002888 _____ C:\WINDOWS\COM+.log
    2015-08-26 19:51 - 2015-08-26 19:53 - 00000000 ____D C:\WINDOWS\system32\URTTemp
    2015-08-26 19:51 - 2015-08-26 19:51 - 00000000 ____D C:\WINDOWS\Microsoft.NET
    2015-08-15 19:55 - 2015-08-15 19:55 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\bdch
    2015-08-15 19:50 - 2015-09-09 02:23 - 00008608 _____ C:\Documents and Settings\Dell Laptop\debug.log
    2015-08-15 19:35 - 2015-08-15 19:35 - 00000385 _____ C:\Documents and Settings\Dell Laptop\Application Datauser_gensett.xml
    2015-08-14 20:25 - 2015-08-14 20:25 - 00000385 _____ C:\WINDOWS\system32\user_gensett.xml
    2015-08-14 20:05 - 2015-08-14 20:05 - 00072704 _____ (BitDefender) C:\WINDOWS\system32\Drivers\bdvedisk.sys
    2015-08-14 19:50 - 2015-08-14 19:50 - 01213123 _____ C:\Documents and Settings\All Users\Application Data\1439575580.bdinstall.bin
    2015-08-14 19:48 - 2015-08-14 19:48 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\QuickScan
    2015-08-14 19:47 - 2015-08-27 19:30 - 00000000 ____D C:\WINDOWS\system32\LogFiles
    2015-08-14 19:47 - 2015-08-14 19:47 - 00001817 _____ C:\Documents and Settings\All Users\Desktop\Bitdefender Internet Security 2015.lnk
    2015-08-14 19:47 - 2015-08-14 19:47 - 00000000 ____H C:\WINDOWS\system32\Drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
    2015-08-14 19:47 - 2015-08-14 19:47 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
    2015-08-14 19:47 - 2015-08-14 19:47 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Bitdefender 2015
    2015-08-14 19:46 - 2015-08-15 19:49 - 00000000 __HDC C:\WINDOWS\$NtUninstallWdf01009$
    2015-08-14 19:46 - 2015-08-14 19:47 - 00004121 _____ C:\WINDOWS\Wdf01009Inst.log
    2015-08-14 19:46 - 2008-11-07 18:55 - 00026144 _____ (Microsoft Corporation) C:\WINDOWS\system32\spupdsvc.exe
    2015-08-14 19:46 - 2008-11-07 18:55 - 00016928 ____N (Microsoft Corporation) C:\WINDOWS\system32\spmsgXP_2k3.dll
    2015-08-14 19:45 - 2015-08-15 19:48 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\BDLogging
    2015-08-14 19:45 - 2015-05-29 09:56 - 01470720 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01009.dll
    2015-08-14 19:44 - 2015-01-09 11:58 - 00066832 _____ (BitDefender SRL) C:\WINDOWS\system32\Drivers\bdsandbox.sys
    2015-08-14 19:44 - 2015-01-09 11:44 - 00074000 _____ (BitDefender SRL) C:\WINDOWS\system32\bdsandboxuiskin.dll
    2015-08-14 19:44 - 2015-01-09 11:44 - 00026624 _____ (BitDefender SRL) C:\WINDOWS\system32\bdsandboxuh.dll
    2015-08-14 19:44 - 2013-11-13 15:41 - 00116688 _____ (BitDefender LLC) C:\WINDOWS\system32\Drivers\bdfndisf.sys
    2015-08-14 19:44 - 2007-04-11 11:11 - 00511328 _____ (Microsoft Corporation) C:\WINDOWS\capicom.dll
    2015-08-14 19:42 - 2015-05-29 09:50 - 00252184 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avchv.sys
    2015-08-14 19:42 - 2015-05-28 14:32 - 01129792 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avc3.sys
    2015-08-14 19:42 - 2015-05-28 13:17 - 00610624 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avckf.sys
    2015-08-14 18:25 - 2015-08-14 19:51 - 00000000 ____D C:\Documents and Settings\Dell Laptop\Application Data\Bitdefender
    2015-08-14 18:25 - 2015-08-14 18:25 - 00000000 ____D C:\0444159eae948b94b47def195a
    2015-08-14 18:02 - 2015-08-14 18:03 - 00000000 ____D C:\cde6fd1e94e424a27e882bb9328f

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-09-12 14:48 - 2015-07-09 15:02 - 00000000 ____D C:\Documents and Settings\Dell Laptop\Local Settings\Temp
    2015-09-12 14:16 - 2015-07-09 15:38 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2015-09-12 14:06 - 2015-07-09 15:38 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2015-09-12 11:55 - 2015-07-09 13:28 - 01258306 _____ C:\WINDOWS\WindowsUpdate.log
    2015-09-12 11:47 - 2015-07-09 15:38 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2015-09-12 11:46 - 2015-07-09 15:34 - 00000234 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
    2015-09-12 11:46 - 2015-07-09 15:01 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2015-09-12 10:59 - 2015-07-09 15:02 - 00000178 ___SH C:\Documents and Settings\Dell Laptop\ntuser.ini
    2015-09-12 10:59 - 2015-07-09 15:01 - 00032562 _____ C:\WINDOWS\SchedLgU.Txt
    2015-09-10 11:24 - 2015-07-09 15:38 - 00000000 ____D C:\Documents and Settings\Dell Laptop\Local Settings\Application Data\Google
    2015-09-07 17:01 - 2015-07-09 13:38 - 00974816 _____ C:\WINDOWS\setupapi.log
    2015-09-04 00:07 - 2015-07-09 15:40 - 00001813 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
    2015-08-29 21:34 - 2015-07-09 13:39 - 00294534 _____ C:\WINDOWS\iis6.log
    2015-08-29 21:34 - 2015-07-09 13:39 - 00246525 _____ C:\WINDOWS\FaxSetup.log
    2015-08-29 21:34 - 2015-07-09 13:39 - 00153105 _____ C:\WINDOWS\ocgen.log
    2015-08-29 21:34 - 2015-07-09 13:39 - 00118439 _____ C:\WINDOWS\tsoc.log
    2015-08-29 21:34 - 2015-07-09 13:39 - 00093997 _____ C:\WINDOWS\comsetup.log
    2015-08-29 21:34 - 2015-07-09 13:39 - 00081486 _____ C:\WINDOWS\msmqinst.log
    2015-08-29 21:34 - 2015-07-09 13:39 - 00055215 _____ C:\WINDOWS\ntdtcsetup.log
    2015-08-29 21:34 - 2015-07-09 13:39 - 00043944 _____ C:\WINDOWS\netfxocm.log
    2015-08-29 21:34 - 2015-07-09 13:39 - 00017637 _____ C:\WINDOWS\MedCtrOC.log
    2015-08-29 21:34 - 2015-07-09 13:39 - 00013070 _____ C:\WINDOWS\tabletoc.log
    2015-08-29 21:34 - 2015-07-09 13:39 - 00001374 _____ C:\WINDOWS\imsins.log
    2015-08-27 22:56 - 2015-07-09 13:24 - 00018700 _____ C:\WINDOWS\wmsetup.log
    2015-08-27 19:36 - 2015-07-09 15:02 - 00000788 _____ C:\Documents and Settings\Dell Laptop\Start Menu\Programs\Windows Media Player.lnk
    2015-08-27 19:36 - 2015-07-09 13:39 - 00001374 _____ C:\WINDOWS\imsins.BAK
    2015-08-27 19:35 - 2015-07-09 13:31 - 00023392 _____ C:\WINDOWS\system32\nscompat.tlb
    2015-08-27 19:35 - 2015-07-09 13:31 - 00016832 _____ C:\WINDOWS\system32\amcompat.tlb
    2015-08-27 19:34 - 2015-07-09 13:32 - 00000000 ____D C:\WINDOWS\Help
    2015-08-27 19:34 - 2008-04-14 12:00 - 00000507 _____ C:\WINDOWS\win.ini
    2015-08-27 19:33 - 2015-07-09 13:29 - 00000000 __SHD C:\Documents and Settings\All Users\DRM
    2015-08-27 19:28 - 2008-04-14 12:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
    2015-08-27 19:01 - 2015-07-09 13:24 - 00000000 ____D C:\WINDOWS\Registration
    2015-08-27 19:00 - 2015-07-09 13:39 - 00428472 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2015-08-26 18:36 - 2012-11-14 21:25 - 132039072 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt.exe
    2015-08-18 00:16 - 2008-04-14 12:00 - 00778440 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
    2015-08-18 00:16 - 2008-04-14 12:00 - 00142536 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
    2015-08-15 19:50 - 2015-07-09 15:02 - 00000000 ____D C:\Documents and Settings\Dell Laptop
    2015-08-15 19:49 - 2015-07-09 15:25 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2922229$
    2015-08-15 19:49 - 2015-07-09 15:24 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2934207$
    2015-08-15 19:49 - 2015-07-09 15:24 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2930275$
    2015-08-15 19:49 - 2015-07-09 15:24 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2929961$
    2015-08-15 19:49 - 2015-07-09 15:24 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2916036$
    2015-08-15 19:49 - 2015-07-09 15:24 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2914368$
    2015-08-15 19:49 - 2015-07-09 15:24 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2904266$
    2015-08-15 19:49 - 2015-07-09 15:24 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893294$
    2015-08-15 19:49 - 2015-07-09 15:23 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2900986$
    2015-08-15 19:49 - 2015-07-09 15:23 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2898715$
    2015-08-15 19:49 - 2015-07-09 15:23 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2892075$
    2015-08-15 19:49 - 2015-07-09 15:23 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876331$
    2015-08-15 19:49 - 2015-07-09 15:23 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876217$
    2015-08-15 19:49 - 2015-07-09 15:23 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868626$
    2015-08-15 19:49 - 2015-07-09 15:23 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2864063$
    2015-08-15 19:49 - 2015-07-09 15:23 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862335$
    2015-08-15 19:49 - 2015-07-09 15:23 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862330$
    2015-08-15 19:49 - 2015-07-09 15:23 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862152$
    2015-08-15 19:49 - 2015-07-09 15:23 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2859537$
    2015-08-15 19:49 - 2015-07-09 15:23 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2847311$
    2015-08-15 19:49 - 2015-07-09 15:23 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2803821-v2_WM9$
    2015-08-15 19:49 - 2015-07-09 15:22 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2850869$
    2015-08-15 19:49 - 2015-07-09 15:22 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834886$
    2015-08-15 19:49 - 2015-07-09 15:22 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2820917$
    2015-08-15 19:49 - 2015-07-09 15:22 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2807986$
    2015-08-15 19:49 - 2015-07-09 15:22 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2802968$
    2015-08-15 19:49 - 2015-07-09 15:22 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2780091$
    2015-08-15 19:49 - 2015-07-09 15:22 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2770660$
    2015-08-15 19:49 - 2015-07-09 15:22 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2757638$
    2015-08-15 19:49 - 2015-07-09 13:32 - 00000000 ___SD C:\WINDOWS\Offline Web Pages
    2015-08-14 19:48 - 2015-07-12 21:54 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Bitdefender
    2015-08-14 19:47 - 2015-07-09 13:38 - 00184925 _____ C:\WINDOWS\setupact.log

    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

    ==================== End of FRST.txt ============================
     
  9. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2
    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
    [​IMG] Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
    NOTE. If you already have MBAM 2.0 installed scroll down.
    • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
    • Click Finish.
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.
    If you already have MBAM 2.0 installed:
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.
    How to get logs:
    (Export log to save as txt)
    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Export'.
    • Click 'Text file (*.txt)'
    • In the Save File dialog box which appears, click on Desktop.
    • In the File name: box type a name for your scan log.
    • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
    • Click Ok
    • Attach that saved log to your next reply.
    (Copy to clipboard for pasting into forum replies or tickets)
    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Copy to Clipboard'
    • Paste the contents of the clipboard into your reply.
    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.
    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
     
  10. Dalores

    Dalores TS Rookie Topic Starter Posts: 25

    Report from RogueKiller


    RogueKiller V10.10.4.0 [Sep 4 2015] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/software/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
    Started in : Normal mode
    User : Dell Laptop [Administrator]
    Started from : C:\Documents and Settings\Dell Laptop\My Documents\Downloads\RogueKiller.exe
    Mode : Delete -- Date : 09/13/2015 22:06:43

    ¤¤¤ Processes : 0 ¤¤¤

    ¤¤¤ Registry : 0 ¤¤¤

    ¤¤¤ Tasks : 0 ¤¤¤

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ Hosts File : 1 ¤¤¤
    [C:\WINDOWS\system32\drivers\etc\hosts] 127.0.0.1 localhost

    ¤¤¤ Antirootkit : 58 (Driver: Loaded) ¤¤¤
    [IAT:Inl(Hook.IEAT)] (explorer.exe) KERNEL32.dll - CreateThread : Unknown @ 0x63002231 (jmp 0xe67f1b2a|jmp 0xffffe452|call 0x1fe)
    [IAT:Inl(Hook.IEAT)] (explorer.exe) KERNEL32.dll - FindNextFileW : Unknown @ 0x63003239 (jmp 0xe67f4224|jmp 0xffffd44a|call 0x1fe)
    [IAT:Inl(Hook.IEAT)] (explorer.exe) KERNEL32.dll - DeviceIoControl : Unknown @ 0x63003109 (jmp 0xe6801ae0|jmp 0xffffd57a|call 0x1fe)
    [IAT:Inl(Hook.IEAT)] (explorer.exe) USER32.dll - PostMessageW : Unknown @ 0x63003eb1 (jmp 0xe4beb1e6|jmp 0xffffc7d2|call 0x1fe)
    [IAT:Inl(Hook.IEAT)] (explorer.exe) USER32.dll - GetMessageW : Unknown @ 0x63003d81 (jmp 0xe4beabbb|jmp 0xffffc902|call 0x1fe)
    [IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNEL32.dll) ntdll.dll - NtCreateFile : Unknown @ 0x63003071 (jmp 0xe66f5fbe|jmp 0xffffd612|call 0x1fe)
    [IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNEL32.dll) ntdll.dll - NtDeviceIoControlFile : Unknown @ 0x63003531 (jmp 0xe66f62ae|jmp 0xffffd152|call 0x1fe)
    [IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNEL32.dll) ntdll.dll - NtSetSystemInformation : Unknown @ 0x63002c49 (jmp 0xe66f4ee6|jmp 0xffffda3a|call 0x1fe)
    [IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNEL32.dll) ntdll.dll - NtOpenProcess : Unknown @ 0x63001e09 (jmp 0xe66f4806|jmp 0xffffe87a|call 0x1fe)
    [IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNEL32.dll) ntdll.dll - NtDuplicateObject : Unknown @ 0x63001f39 (jmp 0xe66f4c96|jmp 0xffffe74a|call 0x1fe)
    [IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNEL32.dll) ntdll.dll - NtSetInformationProcess : Unknown @ 0x63002b19 (jmp 0xe66f4e76|jmp 0xffffdb6a|call 0x1fe)
    [IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNEL32.dll) ntdll.dll - NtMapViewOfSection : Unknown @ 0x630016e9 (jmp 0xe66f41c6|jmp 0xffffef9a|call 0x1fe)
    [IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNEL32.dll) ntdll.dll - NtUnmapViewOfSection : Unknown @ 0x63001781 (jmp 0xe66f386e|jmp 0xffffef02|call 0x1fe)
    [IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNEL32.dll) ntdll.dll - NtWriteVirtualMemory : Unknown @ 0x63001cd9 (jmp 0xe66f3d26|jmp 0xffffe9aa|call 0x1fe)
    [IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNEL32.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x63002a81 (jmp 0xe66f4c0e|jmp 0xffffdc02|call 0x1fe)
    [IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNEL32.dll) ntdll.dll - RtlEqualSid : Unknown @ 0x63003b21 (jmp 0xe66ec02f|jmp 0xffffcb62|call 0x1fe)
    [IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNEL32.dll) ntdll.dll - NtQueryInformationToken : Unknown @ 0x63003a89 (jmp 0xe66f6266|jmp 0xffffcbfa|call 0x1fe)
    [IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNEL32.dll) ntdll.dll - NtOpenProcessToken : Unknown @ 0x630039f1 (jmp 0xe66f63de|jmp 0xffffcc92|call 0x1fe)
    [IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNEL32.dll) ntdll.dll - NtCreateThread : Unknown @ 0x63001a79 (jmp 0xe66f48c6|jmp 0xffffec0a|call 0x1fe)
    [IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNEL32.dll) ntdll.dll - NtCreateProcessEx : Unknown @ 0x63001ba9 (jmp 0xe66f4a46|jmp 0xffffeada|call 0x1fe)
    [IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNEL32.dll) ntdll.dll - NtAdjustPrivilegesToken : Unknown @ 0x63002fd9 (jmp 0xe66f60c6|jmp 0xffffd6aa|call 0x1fe)
    [IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNEL32.dll) ntdll.dll - RtlCreateProcessParameters : Unknown @ 0x630028b9 (jmp 0xe66dee7e|jmp 0xffffddca|call 0x1fe)
    [IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNEL32.dll) ntdll.dll - NtSetContextThread : Unknown @ 0x63001d71 (jmp 0xe66f41be|jmp 0xffffe912|call 0x1fe)
    [IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNEL32.dll) ntdll.dll - NtSuspendThread : Unknown @ 0x63002069 (jmp 0xe66f4226|jmp 0xffffe61a|call 0x1fe)
    [IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNEL32.dll) ntdll.dll - NtQueueApcThread : Unknown @ 0x63001ea1 (jmp 0xe66f44fe|jmp 0xffffe7e2|call 0x1fe)
    [IAT:Inl(Hook.IEAT)] (explorer.exe @ avcuf32.dll) KERNEL32.dll - CreateToolhelp32Snapshot : Unknown @ 0x63001fd1 (jmp 0xe679b62a|jmp 0xffffe6b2|call 0x1fe)
    [IAT:Inl(Hook.IEAT)] (explorer.exe @ ADVAPI32.dll) KERNEL32.dll - FindFirstFileExW : Unknown @ 0x630031a1 (jmp 0xe67f4684|jmp 0xffffd4e2|call 0x1fe)
    [IAT:Inl(Hook.IEAT)] (explorer.exe @ ADVAPI32.dll) KERNEL32.dll - CreateProcessInternalW : Unknown @ 0x63001c41 (jmp 0xe67e9655|jmp 0xffffea42|call 0x1fe)
    [IAT:Inl(Hook.IEAT)] (explorer.exe @ RPCRT4.dll) ADVAPI32.dll - OpenServiceW : Unknown @ 0x630023f9 (jmp 0xeb21b3fc|jmp 0xffffe28a|call 0x1fe)
    [IAT:Inl(Hook.IEAT)] (explorer.exe @ RPCRT4.dll) ADVAPI32.dll - CloseServiceHandle : Unknown @ 0x630026f1 (jmp 0xeb21ba0c|jmp 0xffffdf92|call 0x1fe)
    [IAT:Inl(Hook.IEAT)] (explorer.exe @ msvcrt.dll) KERNEL32.dll - GetStartupInfoA : Unknown @ 0x63003bb9 (jmp 0xe6801cc7|jmp 0xffffcaca|call 0x1fe)
    [IAT:Inl(Hook.IEAT)] (explorer.exe @ ole32.dll) ADVAPI32.dll - CryptAcquireContextW : Unknown @ 0x63003369 (jmp 0xeb21b3d0|jmp 0xffffd31a|call 0x1fe)
    [IAT:Inl(Hook.IEAT)] (explorer.exe @ ole32.dll) USER32.dll - SetWindowsHookExW : Unknown @ 0x630018b1 (jmp 0xe4bd96a2|jmp 0xffffedd2|call 0x1fe)
    [IAT:Inl(Hook.IEAT)] (explorer.exe @ SHLWAPI.dll) USER32.dll - GetMessageA : Unknown @ 0x63003ce9 (jmp 0xe4bdc5be|jmp 0xffffc99a|call 0x1fe)
    [IAT:Inl(Hook.IEAT)] (explorer.exe @ SHLWAPI.dll) USER32.dll - PostMessageA : Unknown @ 0x63003e19 (jmp 0xe4bd931c|jmp 0xffffc86a|call 0x1fe)
    [IAT:Inl(Hook.IEAT)] (explorer.exe @ SHLWAPI.dll) USER32.dll - SetWindowsHookExA : Unknown @ 0x63001819 (jmp 0xe4bd0608|jmp 0xffffee6a|call 0x1fe)
    [IAT:Inl(Hook.IEAT)] (explorer.exe @ CRYPT32.dll) ADVAPI32.dll - CryptAcquireContextA : Unknown @ 0x630032d1 (jmp 0xeb21b994|jmp 0xffffd3b2|call 0x1fe)
    [IAT:Inl(Hook.IEAT)] (explorer.exe @ CRYPT32.dll) ADVAPI32.dll - CryptGetHashParam : Unknown @ 0x63003791 (jmp 0xeb2199dd|jmp 0xffffcef2|call 0x1fe)
    [IAT:Inl(Hook.IEAT)] (explorer.exe @ CRYPT32.dll) ADVAPI32.dll - CryptHashData : Unknown @ 0x63003829 (jmp 0xeb219d8b|jmp 0xffffce5a|call 0x1fe)
    [IAT:Inl(Hook.IEAT)] (explorer.exe @ CRYPT32.dll) ADVAPI32.dll - CryptCreateHash : Unknown @ 0x63003661 (jmp 0xeb2199f0|jmp 0xffffd022|call 0x1fe)
    [IAT:Inl(Hook.IEAT)] (explorer.exe @ CRYPT32.dll) ADVAPI32.dll - CryptExportKey : Unknown @ 0x630036f9 (jmp 0xeb1f1b00|jmp 0xffffcf8a|call 0x1fe)
    [IAT:Inl(Hook.IEAT)] (explorer.exe @ CRYPT32.dll) ADVAPI32.dll - CryptImportKey : Unknown @ 0x630038c1 (jmp 0xeb2196d0|jmp 0xffffcdc2|call 0x1fe)
    [IAT:Inl(Hook.IEAT)] (explorer.exe @ CRYPT32.dll) ADVAPI32.dll - CryptGenKey : Unknown @ 0x63003401 (jmp 0xeb1f1bb8|jmp 0xffffd282|call 0x1fe)
    [IAT:Inl(Hook.IEAT)] (explorer.exe @ CRYPT32.dll) ADVAPI32.dll - CryptEncrypt : Unknown @ 0x63003499 (jmp 0xeb215139|jmp 0xffffd1ea|call 0x1fe)
    [IAT:Inl(Hook.IEAT)] (explorer.exe @ CRYPT32.dll) ADVAPI32.dll - ChangeServiceConfigA : Unknown @ 0x630025c1 (jmp 0xeb1cb758|jmp 0xffffe0c2|call 0x1fe)
    [IAT:Inl(Hook.IEAT)] (explorer.exe @ CRYPT32.dll) ADVAPI32.dll - ControlService : Unknown @ 0x63002491 (jmp 0xeb20da88|jmp 0xffffe1f2|call 0x1fe)
    [IAT:Inl(Hook.IEAT)] (explorer.exe @ NETAPI32.dll) ADVAPI32.dll - OpenServiceA : Unknown @ 0x63002361 (jmp 0xeb20d6fb|jmp 0xffffe322|call 0x1fe)
    [IAT:Inl(Hook.IEAT)] (explorer.exe @ NETAPI32.dll) ADVAPI32.dll - ChangeServiceConfigW : Unknown @ 0x63002659 (jmp 0xeb1cb658|jmp 0xffffe02a|call 0x1fe)
    [IAT:Inl(Hook.IEAT)] (explorer.exe @ WININET.dll) ADVAPI32.dll - CreateWellKnownSid : Unknown @ 0x63003959 (jmp 0xeb20e7bc|jmp 0xffffcd2a|call 0x1fe)
    [IAT:Inl(Hook.IEAT)] (explorer.exe @ WININET.dll) KERNEL32.dll - MoveFileExA : Unknown @ 0x63002d79 (jmp 0xe67a3d46|jmp 0xffffd90a|call 0x1fe)
    [IAT:Inl(Hook.IEAT)] (explorer.exe @ WININET.dll) KERNEL32.dll - MoveFileExW : Unknown @ 0x63002e11 (jmp 0xe67cd716|jmp 0xffffd872|call 0x1fe)
    [IAT:Inl(Hook.IEAT)] (explorer.exe @ SHELL32.dll) KERNEL32.dll - MoveFileWithProgressW : Unknown @ 0x63002f41 (jmp 0xe67e47bb|jmp 0xffffd742|call 0x1fe)
    [IAT:Inl(Hook.IEAT)] (explorer.exe @ SETUPAPI.dll) ADVAPI32.dll - DeleteService : Unknown @ 0x63002529 (jmp 0xeb1cb078|jmp 0xffffe15a|call 0x1fe)
    [IAT:Inl(Hook.IEAT)] (explorer.exe @ SETUPAPI.dll) ADVAPI32.dll - CreateServiceW : Unknown @ 0x630029e9 (jmp 0xeb1cb640|jmp 0xffffdc9a|call 0x1fe)
    [IAT:Inl(Hook.IEAT)] (explorer.exe @ WS2HELP.dll) ADVAPI32.dll - CreateServiceA : Unknown @ 0x63002951 (jmp 0xeb1cb740|jmp 0xffffdd32|call 0x1fe)
    [IAT:Inl(Hook.IEAT)] (explorer.exe @ WS2HELP.dll) ntdll.dll - NtLoadDriver : Unknown @ 0x63002bb1 (jmp 0xe66f573e|jmp 0xffffdad2|call 0x1fe)
    [IAT:Inl(Hook.IEAT)] (explorer.exe @ OLEACC.dll) KERNEL32.dll - WriteProcessMemory : Unknown @ 0x630022c9 (jmp 0xe68000b6|jmp 0xffffe3ba|call 0x1fe)
    [IAT:Inl(Hook.IEAT)] (explorer.exe @ MPR.dll) KERNEL32.dll - DefineDosDeviceW : Unknown @ 0x63002ce1 (jmp 0xe67e1d6b|jmp 0xffffd9a2|call 0x1fe)

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: IC25N060ATMR04-0 +++++
    --- User ---
    [MBR] 382164d936d45a14d0fa3824faf0609c
    [BSP] b6b77ceeaafa61b6c442fc7072ce8e74 : Windows XP|VT.Unknown MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 57231 MB [Windows XP Bootstrap | Windows XP Bootloader]
    User = LL1 ... OK
    User = LL2 ... OK
     
  11. Dalores

    Dalores TS Rookie Topic Starter Posts: 25

    Malwarebytes No threats were detected.
     
  12. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Go on...
     
  13. Dalores

    Dalores TS Rookie Topic Starter Posts: 25

    Log from the adwcleaner



    # AdwCleaner v5.007 - Logfile created 14/09/2015 at 18:13:48
    # Updated 08/09/2015 by Xplode
    # Database : 2015-09-10.1 [Server]
    # Operating system : Microsoft Windows XP Service Pack 3 (x86)
    # Username : Dell Laptop - DELL-FBCB568978
    # Running from : C:\Documents and Settings\Dell Laptop\My Documents\Downloads\adwcleaner_5.007 (1).exe
    # Option : Cleaning
    # Support : http://toolslib.net/forum

    ***** [ Services ] *****


    ***** [ Folders ] *****


    ***** [ Files ] *****


    ***** [ Shortcuts ] *****


    ***** [ Scheduled tasks ] *****


    ***** [ Registry ] *****

    [-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
    [-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1

    ***** [ Web browsers ] *****

    [-] [C:\Documents and Settings\Dell Laptop\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : uk.ask.com

    *************************

    :: Winsock settings cleared

    ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [975 bytes] ##########
     
  14. Dalores

    Dalores TS Rookie Topic Starter Posts: 25

    To complete last step unsure how I shut down my protection/? I went into security settings and wouldnt let me switch off firewall or antivirus and there is nothing to switch off bitdefender AV. Thanks
     
  15. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Turn off BitDefender antivirus.
     
  16. Dalores

    Dalores TS Rookie Topic Starter Posts: 25

    Junkware log..

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 7.6.1 (09.08.2015:1)
    OS: Microsoft Windows XP x86
    Ran by Dell Laptop on 14/09/2015 at 20:53:53.25
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services

    Successfully deleted: [Service] bdsandbox [Reboot required]



    ~~~ Tasks



    ~~~ Registry Values

    Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
    Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer



    ~~~ Files



    ~~~ Folders



    ~~~ Chrome


    [C:\Documents and Settings\Dell Laptop\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences] - default search provider reset

    [C:\Documents and Settings\Dell Laptop\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

    [C:\Documents and Settings\Dell Laptop\Local Settings\Application Data\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

    [C:\Documents and Settings\Dell Laptop\Local Settings\Application Data\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
    []





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 14/09/2015 at 21:07:43.42
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  17. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  18. Dalores

    Dalores TS Rookie Topic Starter Posts: 25

    Hi, I downloaded the Combofix and started to disable my AV etc my laptop kept freezing and bleeping. I ran Combofix and it was scanning for 3 hours and didnt complete, I deleted that version then downloaded another tried it again today and it was running for over 2 hours no end insight. Im not sure if something is interfering with the programme? the clock was still working.
    Should I download Rkill ?
     
    Last edited: Sep 16, 2015
  19. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Give it a shot.
     
  20. Dalores

    Dalores TS Rookie Topic Starter Posts: 25

    Hi, I tried ComboFix following instructions above but could not complete the scan, it stalled both times and laptop started bleeping again. I have attached the log from Rkill.

    Rkill 2.8.2 by Lawrence Abrams (Grinler)
    http://www.bleepingcomputer.com/
    Copyright 2008-2015 BleepingComputer.com
    More Information about Rkill can be found at this link:
    http://www.bleepingcomputer.com/forums/topic308364.html

    Program started at: 09/17/2015 07:14:03 PM in x86 mode. (Safe Mode)
    Windows Version: Microsoft Windows XP Service Pack 3

    Checking for Windows services to stop:

    * No malware services found to stop.

    Checking for processes to terminate:

    * No malware processes found to kill.

    Checking Registry for malware related settings:

    * No issues found in the Registry.

    Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

    Performing miscellaneous checks:

    * Windows Firewall Disabled

    [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = dword:00000000
     
  21. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Make sure you checkmark Addition.txt box.
    • Press Scan button.
    • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
     
  22. Dalores

    Dalores TS Rookie Topic Starter Posts: 25

    Addition log..

    Additional scan result of Farbar Recovery Scan Tool (x86) Version:10-09-2015 01
    Ran by Dell Laptop (2015-09-18 22:18:21)
    Running from C:\Documents and Settings\Dell Laptop\My Documents\Downloads
    Microsoft Windows XP Professional Service Pack 3 (X86) (2015-07-09 12:35:20)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-1214440339-2049760794-1417001333-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
    ASPNET (S-1-5-21-1214440339-2049760794-1417001333-1004 - Limited - Enabled)
    Dell Laptop (S-1-5-21-1214440339-2049760794-1417001333-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Dell Laptop
    Guest (S-1-5-21-1214440339-2049760794-1417001333-501 - Limited - Disabled)
    HelpAssistant (S-1-5-21-1214440339-2049760794-1417001333-1000 - Limited - Disabled)
    SUPPORT_388945a0 (S-1-5-21-1214440339-2049760794-1417001333-1002 - Limited - Disabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Bitdefender Antivirus (Enabled - Up to date) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
    FW: Bitdefender Firewall (Disabled) {4055920F-2E99-48A8-A270-4243D2B8F242}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Flash Player 18 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
    Bitdefender Internet Security 2015 (HKLM\...\Bitdefender) (Version: 18.23.0.1604 - Bitdefender)
    C-Major Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 42xx - SigmaTel)
    Conexant D110 MDC V.92 Modem (HKLM\...\CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1) (Version: - )
    Google Chrome (HKLM\...\Google Chrome) (Version: 45.0.2454.93 - Google Inc.)
    Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6710.2136 - Google Inc.)
    Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
    Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
    Google Update Helper (Version: 1.3.28.15 - Google Inc.) Hidden
    Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - )
    Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
    Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
    Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
    Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
    OpenOffice 4.1.1 (HKLM\...\{86F2B095-3998-41D5-833D-1C5075300950}) (Version: 4.11.9775 - Apache Software Foundation)
    QuickSet (HKLM\...\{C5074CC4-0E26-4716-A307-960272A90040}) (Version: 7.1.10 - )
    WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
    Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
    Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== Restore Points =========================

    09-07-2015 15:03:20 System Checkpoint
    09-07-2015 15:07:05 Installed C-Major Audio
    09-07-2015 15:07:58 DriverPack Solution 12.3
    09-07-2015 15:22:09 Software Distribution Service 3.0
    09-07-2015 15:44:28 Installed QuickSet
    09-07-2015 15:45:44 Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    09-07-2015 15:46:04 Installed OpenOffice 4.1.1
    04-08-2015 19:06:15 Software Distribution Service 3.0
    09-08-2015 16:18:11 System Checkpoint
    14-08-2015 18:02:26 Software Distribution Service 3.0
    14-08-2015 19:46:56 Installed Windows XP Wdf01009.
    15-08-2015 19:36:26 Software Distribution Service 3.0
    20-08-2015 20:25:50 System Checkpoint
    21-08-2015 20:27:04 System Checkpoint
    23-08-2015 20:24:17 System Checkpoint
    24-08-2015 22:02:29 System Checkpoint
    25-08-2015 22:08:10 System Checkpoint
    26-08-2015 19:41:52 Software Distribution Service 3.0
    27-08-2015 18:59:10 Software Distribution Service 3.0
    27-08-2015 19:29:53 Installed Windows Media Player 11
    27-08-2015 19:30:50 Installed Windows XP Wudf01000.
    27-08-2015 19:35:24 Installed Windows XP MSCompPackV1.
    27-08-2015 19:38:53 Software Distribution Service 3.0
    27-08-2015 22:56:16 Software Distribution Service 3.0
    28-08-2015 11:01:03 Software Distribution Service 3.0
    29-08-2015 21:33:58 Software Distribution Service 3.0
    31-08-2015 14:55:25 System Checkpoint
    03-09-2015 20:13:21 System Checkpoint
    06-09-2015 14:52:42 System Checkpoint
    08-09-2015 13:31:12 System Checkpoint
    09-09-2015 16:40:09 System Checkpoint
    09-09-2015 18:32:02 Software Distribution Service 3.0
    10-09-2015 19:31:37 System Checkpoint
    11-09-2015 21:41:05 System Checkpoint
    14-09-2015 19:29:09 System Checkpoint
    14-09-2015 20:40:06 JRT Pre-Junkware Removal
    14-09-2015 20:54:00 JRT Pre-Junkware Removal
    15-09-2015 15:05:14 15 sept
    16-09-2015 17:46:48 System Checkpoint

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2008-04-14 12:00 - 2008-04-14 12:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
    127.0.0.1 localhost

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
    Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe

    ==================== Loaded Modules (Whitelisted) ==============

    2015-08-14 19:44 - 2014-08-27 16:30 - 00204280 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\txmlutil.dll
    2015-08-14 19:42 - 2013-09-03 14:29 - 00095088 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\bdmetrics.dll
    2015-08-14 19:44 - 2015-06-22 16:22 - 00003072 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\UI\accessl.ui
    2015-08-14 19:44 - 2012-10-29 14:22 - 00130656 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\bdfwcore.dll
    2015-09-04 17:55 - 2015-09-04 17:56 - 00748120 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_01042_004\ashttpbr.mdl
    2015-09-04 17:55 - 2015-09-04 17:56 - 00635368 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_01042_004\ashttpdsp.mdl
    2015-09-04 17:55 - 2015-09-04 17:56 - 02298776 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_01042_004\ashttpph.mdl
    2015-09-04 17:55 - 2015-09-04 17:56 - 01197736 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_01042_004\ashttprbl.mdl
    2015-07-09 15:44 - 2006-06-29 12:13 - 00073728 _____ () C:\Program Files\Dell\QuickSet\dadkeyb.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-1214440339-2049760794-1417001333-1003\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Dell Laptop\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    DNS Servers: Media is not connected to internet.
    sharedaccess Firewall Service is not running.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)


    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome

    ==================== Faulty Device Manager Devices =============

    Name: Intel(R) PRO/Wireless 2200BG Network Connection
    Description: Intel(R) PRO/Wireless 2200BG Network Connection
    Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Manufacturer: Intel Corporation
    Service: w29n51
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

    Could not list Devices. Check "winmgmt" service or repair WMI.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (09/15/2015 04:54:58 PM) (Source: ESENT) (EventID: 455) (User: )
    Description: wuaueng.dll (2524) SUS20ClientDataStore: Error -1032 (0xfffffbf8) occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

    Error: (09/15/2015 04:54:58 PM) (Source: ESENT) (EventID: 489) (User: )
    Description: wuauclt (2524) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

    Error: (09/15/2015 04:54:48 PM) (Source: ESENT) (EventID: 455) (User: )
    Description: wuaueng.dll (2524) SUS20ClientDataStore: Error -1032 (0xfffffbf8) occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

    Error: (09/15/2015 04:54:48 PM) (Source: ESENT) (EventID: 489) (User: )
    Description: wuauclt (2524) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

    Error: (09/14/2015 09:29:50 PM) (Source: SecurityCenter) (EventID: 1802) (User: )
    Description: The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus and Firewall.

    Error: (09/14/2015 09:13:13 PM) (Source: SecurityCenter) (EventID: 1802) (User: )
    Description: The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus and Firewall.

    Error: (09/14/2015 09:13:12 PM) (Source: WinMgmt) (EventID: 28) (User: )
    Description: WinMgmt could not initialize the core parts. This could be due to a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient disk space or insufficient memory.

    Error: (07/09/2015 03:06:37 PM) (Source: PerfNet) (EventID: 2002) (User: )
    Description: Unable to open the Redirector service. Redirector performance data
    will not be returned. Error code returned is in data DWORD 0.


    System errors:
    =============
    Error: (09/18/2015 09:09:53 PM) (Source: 0) (EventID: 7) (User: )
    Description: \Device\Harddisk0\D

    Error: (09/18/2015 09:09:23 PM) (Source: 0) (EventID: 7) (User: )
    Description: \Device\Harddisk0\D

    Error: (09/18/2015 09:08:53 PM) (Source: 0) (EventID: 7) (User: )
    Description: \Device\Harddisk0\D

    Error: (09/18/2015 09:08:23 PM) (Source: 0) (EventID: 7) (User: )
    Description: \Device\Harddisk0\D

    Error: (09/18/2015 09:07:50 PM) (Source: 0) (EventID: 7) (User: )
    Description: \Device\Harddisk0\D

    Error: (09/18/2015 09:07:19 PM) (Source: 0) (EventID: 7) (User: )
    Description: \Device\Harddisk0\D

    Error: (09/18/2015 09:06:48 PM) (Source: 0) (EventID: 7) (User: )
    Description: \Device\Harddisk0\D

    Error: (09/18/2015 09:06:18 PM) (Source: 0) (EventID: 7) (User: )
    Description: \Device\Harddisk0\D

    Error: (09/18/2015 09:05:47 PM) (Source: 0) (EventID: 7) (User: )
    Description: \Device\Harddisk0\D

    Error: (09/18/2015 09:05:17 PM) (Source: 0) (EventID: 7) (User: )
    Description: \Device\Harddisk0\D


    Microsoft Office:
    =========================
    Error: (09/15/2015 04:54:58 PM) (Source: ESENT) (EventID: 455) (User: )
    Description: wuaueng.dll2524SUS20ClientDataStore: C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log-1032 (0xfffffbf8)

    Error: (09/15/2015 04:54:58 PM) (Source: ESENT) (EventID: 489) (User: )
    Description: wuauclt2524C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.

    Error: (09/15/2015 04:54:48 PM) (Source: ESENT) (EventID: 455) (User: )
    Description: wuaueng.dll2524SUS20ClientDataStore: C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log-1032 (0xfffffbf8)

    Error: (09/15/2015 04:54:48 PM) (Source: ESENT) (EventID: 489) (User: )
    Description: wuauclt2524C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.

    Error: (09/14/2015 09:29:50 PM) (Source: SecurityCenter) (EventID: 1802) (User: )
    Description:

    Error: (09/14/2015 09:13:13 PM) (Source: SecurityCenter) (EventID: 1802) (User: )
    Description:

    Error: (09/14/2015 09:13:12 PM) (Source: WinMgmt) (EventID: 28) (User: )
    Description:

    Error: (07/09/2015 03:06:37 PM) (Source: PerfNet) (EventID: 2002) (User: )
    Description:


    ==================== Memory info ===========================

    Processor: Intel(R) Pentium(R) M processor 1.73GHz
    Percentage of memory in use: 34%
    Total physical RAM: 2039.37 MB
    Available physical RAM: 1337.36 MB
    Total Virtual: 2640.78 MB
    Available Virtual: 2049.02 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:55.89 GB) (Free:45.31 GB) NTFS ==>[drive with boot components (Windows XP)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows XP) (Size: 55.9 GB) (Disk ID: 07980797)
    Partition 1: (Active) - (Size=55.9 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================
     
  23. Dalores

    Dalores TS Rookie Topic Starter Posts: 25

    FRST log..

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:10-09-2015 01
    Ran by Dell Laptop (administrator) on DELL-FBCB568978 (18-09-2015 22:11:17)
    Running from C:\Documents and Settings\Dell Laptop\My Documents\Downloads
    Loaded Profiles: Dell Laptop (Available Profiles: Dell Laptop & Administrator)
    Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
    Internet Explorer Version 8 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe
    (Dell Inc.) C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
    (Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe
    (Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
    (Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
    (Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
    (Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
    (Dell Inc) C:\Program Files\Dell\QuickSet\quickset.exe
    (Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe
    (Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe
    (Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxapps.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [Dell QuickSet] => C:\Program Files\Dell\QuickSet\quickset.exe [1032192 2006-06-29] (Dell Inc)
    HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe [1865664 2015-06-12] (Bitdefender)
    HKU\S-1-5-21-1214440339-2049760794-1417001333-1003\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2015-07-09] (Google Inc.)
    HKU\S-1-5-21-1214440339-2049760794-1417001333-1003\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe [671400 2015-06-12] (Bitdefender)
    SecurityProviders: msapsspc.dll, schannel.dll, credssp.dll, digest.dll, msnsspc.dll
    ShellExecuteHooks: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ]

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)


    Internet Explorer:
    ==================
    HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-19\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-20\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-1214440339-2049760794-1417001333-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-gb/?ocid=iehp
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
    BHO: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll [2015-04-03] (Bitdefender)
    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-08-04] (Google Inc.)
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-08-04] (Google Inc.)
    Toolbar: HKLM - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll [2015-04-03] (Bitdefender)
    Toolbar: HKU\S-1-5-21-1214440339-2049760794-1417001333-1003 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-08-04] (Google Inc.)
    Toolbar: HKU\S-1-5-21-1214440339-2049760794-1417001333-1003 -> Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll [2015-04-03] (Bitdefender)

    FireFox:
    ========
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
    FF HKLM\...\Firefox\Extensions: [bdwteff@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdwteff
    FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender 2015\bdwteff [2015-08-14]
    FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext
    FF Extension: Bitdefender Antispam Toolbar - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext [2015-08-14]

    Chrome:
    =======
    CHR Profile: C:\Documents and Settings\Dell Laptop\Local Settings\Application Data\Google\Chrome\User Data\Default
    CHR Extension: (Google Docs) - C:\Documents and Settings\Dell Laptop\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-09]
    CHR Extension: (Google Drive) - C:\Documents and Settings\Dell Laptop\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-09]
    CHR Extension: (No Name) - C:\Documents and Settings\Dell Laptop\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-07-09]
    CHR Extension: (Google Search) - C:\Documents and Settings\Dell Laptop\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-07-09]
    CHR Extension: (Bitdefender Wallet) - C:\Documents and Settings\Dell Laptop\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fabcmochhfpldjekobfaaggijgohadih [2015-08-14]
    CHR Extension: (Google Docs Offline) - C:\Documents and Settings\Dell Laptop\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-04]
    CHR Extension: (Chrome Hotword Shared Module) - C:\Documents and Settings\Dell Laptop\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-04]
    CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\Dell Laptop\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-09]
    CHR Extension: (Gmail) - C:\Documents and Settings\Dell Laptop\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-09]
    CHR HKLM\...\Chrome\Extension: [fabcmochhfpldjekobfaaggijgohadih] - https://clients2.google.com/service/update2/crx

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 aspnet_state; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [32768 2004-07-15] (Microsoft Corporation) [File not signed]
    S3 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender 2015\bdparentalservice.exe [69880 2014-12-09] (Bitdefender)
    R2 NICCONFIGSVC; C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe [376832 2006-06-29] (Dell Inc.) [File not signed]
    S2 PEVSystemStart; C:\Claire.exe [0 2015-09-17] () <==== ATTENTION (zero byte File/Folder)
    R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe [54424 2014-10-27] (Bitdefender)
    R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe [1306416 2015-06-18] (Bitdefender)

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R1 APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [16128 2005-08-12] (Dell Inc) [File not signed]
    R0 avc3; C:\WINDOWS\System32\DRIVERS\avc3.sys [1129792 2015-05-28] (BitDefender)
    R3 avchv; C:\WINDOWS\System32\DRIVERS\avchv.sys [252184 2015-05-29] (BitDefender)
    R3 avckf; C:\WINDOWS\System32\DRIVERS\avckf.sys [610624 2015-05-28] (BitDefender)
    R3 Bdfndisf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf.sys [116816 2015-08-14] (BitDefender LLC)
    R1 bdftdif; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdftdif.sys [131432 2012-02-07] (BitDefender LLC)
    R1 bdselfpr; C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys [135600 2013-07-26] (BitDefender LLC)
    R0 gzflt; C:\WINDOWS\System32\DRIVERS\gzflt.sys [173832 2015-04-29] (BitDefender LLC)
    R3 HSFHWICH; C:\WINDOWS\System32\DRIVERS\HSFHWICH.sys [208384 2005-05-03] (Conexant Systems, Inc.)
    R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.SYS [1033728 2005-05-03] (Conexant Systems, Inc.)
    R0 mv61xxmm; C:\WINDOWS\system32\Drivers\mv61xxmm.sys [14184 2012-11-14] (Marvell Semiconductor Inc.)
    R0 mv64xxmm; C:\WINDOWS\system32\Drivers\mv64xxmm.sys [5632 2012-11-14] (Marvell Semiconductor Inc.) [File not signed]
    R0 mvxxmm; C:\WINDOWS\system32\Drivers\mvxxmm.sys [14184 2012-11-14] (Marvell Semiconductor Inc.)
    R3 STAC97; C:\WINDOWS\System32\drivers\STAC97.sys [273168 2005-03-10] (SigmaTel, Inc.)
    R0 trufos; C:\WINDOWS\System32\DRIVERS\trufos.sys [422664 2015-06-02] (BitDefender S.R.L.)
    S3 w29n51; C:\WINDOWS\System32\DRIVERS\w29n51.sys [2216064 2009-11-11] (Intel® Corporation)
    U5 Browser; C:\WINDOWS\system32\svchost.exe [14336 2008-04-14] (Microsoft Corporation)
    S3 catchme; \??\C:\DOCUME~1\DELLLA~1\LOCALS~1\Temp\catchme.sys [X]
    S4 IntelIde; no ImagePath
    U5 Messenger; C:\WINDOWS\system32\svchost.exe [14336 2008-04-14] (Microsoft Corporation)
    U5 MRxSmb; C:\Windows\System32\Drivers\MRxSmb.sys [457856 2012-11-14] (Microsoft Corporation)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-09-17 19:15 - 2015-09-17 19:18 - 00000000 ___SD C:\Claire.exe1982C
    2015-09-17 13:55 - 2015-09-17 13:57 - 00000000 ___SD C:\Claire.exe1349C
    2015-09-17 12:58 - 2015-09-17 13:00 - 00000000 ___SD C:\Claire.exe
    2015-09-17 12:55 - 2015-09-17 12:55 - 00000000 ____D C:\Documents and Settings\Dell Laptop\Local Settings\Application Data\bdch
    2015-09-17 12:47 - 2015-09-17 12:47 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Bitdefender
    2015-09-17 12:45 - 2015-09-17 12:48 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
    2015-09-17 12:45 - 2015-09-17 12:45 - 00000000 ____D C:\Documents and Settings\Administrator
    2015-09-17 12:45 - 2015-07-09 13:38 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Temp
    2015-09-17 12:45 - 2015-07-09 13:31 - 00001599 _____ C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
    2015-09-17 12:45 - 2015-07-09 13:31 - 00000792 _____ C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk
    2015-09-17 12:45 - 2015-07-09 13:31 - 00000000 __SHD C:\Documents and Settings\Administrator\IETldCache
    2015-09-17 12:45 - 2015-07-09 13:31 - 00000000 ___RD C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
    2015-09-17 12:19 - 2015-09-17 12:19 - 00000688 _____ C:\Documents and Settings\Dell Laptop\Desktop\Shortcut to Claire.exe.lnk
    2015-09-17 12:18 - 2015-09-17 12:18 - 00000659 _____ C:\Documents and Settings\Dell Laptop\Desktop\Shortcut to rkill.lnk
    2015-09-16 21:38 - 2015-09-16 21:38 - 00023349 _____ C:\Documents and Settings\Dell Laptop\My Documents\ComboFix.odt
    2015-09-16 21:38 - 2015-09-16 21:38 - 00000562 _____ C:\Documents and Settings\Dell Laptop\Desktop\ComboFix Instructions.lnk
    2015-09-15 19:14 - 2015-07-09 18:46 - 00000303 _____ C:\Boot.bak
    2015-09-15 19:13 - 2015-09-15 19:14 - 00000000 _RSHD C:\cmdcons
    2015-09-15 19:13 - 2004-08-03 23:00 - 00260272 __RSH C:\cmldr
    2015-09-15 19:08 - 2015-09-15 19:08 - 00000000 ____D C:\Qoobox
    2015-09-15 19:08 - 2011-06-26 07:45 - 00256000 _____ C:\WINDOWS\PEV.exe
    2015-09-15 19:08 - 2010-11-07 18:20 - 00208896 _____ C:\WINDOWS\MBR.exe
    2015-09-15 19:08 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
    2015-09-15 19:08 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
    2015-09-15 19:08 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
    2015-09-15 19:08 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
    2015-09-15 19:08 - 2000-08-31 01:00 - 00098816 _____ C:\WINDOWS\sed.exe
    2015-09-15 19:08 - 2000-08-31 01:00 - 00080412 _____ C:\WINDOWS\grep.exe
    2015-09-15 19:08 - 2000-08-31 01:00 - 00068096 _____ C:\WINDOWS\zip.exe
    2015-09-15 15:38 - 2015-09-15 15:38 - 00000000 ____D C:\WINDOWS\erdnt
    2015-09-15 10:54 - 2015-09-18 22:17 - 00000000 ____D C:\Documents and Settings\Dell Laptop\Local Settings\Temp
    2015-09-14 21:16 - 2015-09-14 21:16 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Application Data\bdch
    2015-09-14 18:45 - 2015-09-14 18:45 - 00000647 _____ C:\Documents and Settings\Dell Laptop\Desktop\Junkdefender 5th.lnk
    2015-09-14 17:57 - 2015-09-14 17:57 - 00000738 _____ C:\Documents and Settings\Dell Laptop\Desktop\adwcleaner 4th.lnk
    2015-09-13 22:54 - 2015-09-14 18:13 - 00000000 ____D C:\AdwCleaner
    2015-09-13 22:41 - 2015-09-13 22:41 - 00000693 _____ C:\Documents and Settings\Dell Laptop\Desktop\RogueKiller 2nd.lnk
    2015-09-13 22:17 - 2015-09-13 22:17 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2015-09-13 21:44 - 2015-09-13 21:44 - 00035064 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
    2015-09-13 21:43 - 2015-09-13 22:15 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\RogueKiller
    2015-09-12 14:37 - 2015-09-12 14:37 - 00000654 _____ C:\Documents and Settings\Dell Laptop\Desktop\Farbar 1st.lnk
    2015-09-12 14:35 - 2015-09-18 22:11 - 00000000 ____D C:\FRST
    2015-09-09 18:32 - 2015-09-09 18:32 - 00000000 ____D C:\4ca7bb495c754f1b96375831c2
    2015-08-29 21:34 - 2015-08-30 17:07 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834904-v2_WM11$
    2015-08-29 21:33 - 2015-08-29 21:34 - 00004180 _____ C:\WINDOWS\KB2834904-v2.log
    2015-08-27 22:56 - 2015-08-27 22:56 - 00005752 _____ C:\WINDOWS\KB954155.log
    2015-08-27 22:56 - 2015-08-27 22:56 - 00005717 _____ C:\WINDOWS\KB978695.log
    2015-08-27 22:56 - 2015-08-27 22:56 - 00005660 _____ C:\WINDOWS\KB975558.log
    2015-08-27 22:56 - 2015-08-27 22:56 - 00005360 _____ C:\WINDOWS\KB2378111.log
    2015-08-27 19:35 - 2015-08-27 22:59 - 00000000 __HDC C:\WINDOWS\$NtUninstallMSCompPackV1$
    2015-08-27 19:35 - 2015-08-27 19:36 - 00003956 _____ C:\WINDOWS\MSCompPackV1.log
    2015-08-27 19:35 - 2007-07-27 23:11 - 00016760 ____N (Microsoft Corporation) C:\WINDOWS\system32\spmsg.dll
    2015-08-27 19:34 - 2015-08-27 22:59 - 00000000 __HDC C:\WINDOWS\$NtUninstallwmp11$
    2015-08-27 19:34 - 2015-08-27 19:34 - 00000000 ____D C:\Program Files\Windows Media Connect 2
    2015-08-27 19:33 - 2015-08-27 19:35 - 00017183 _____ C:\WINDOWS\wmp11.log
    2015-08-27 19:32 - 2015-08-28 10:56 - 00002560 _____ C:\WINDOWS\spupdsvc.log
    2015-08-27 19:31 - 2015-08-27 22:59 - 00000000 __HDC C:\WINDOWS\$NtUninstallWMFDist11$
    2015-08-27 19:31 - 2015-08-27 19:33 - 00028713 _____ C:\WINDOWS\WMFDist11.log
    2015-08-27 19:30 - 2015-08-27 22:59 - 00000000 __HDC C:\WINDOWS\$NtUninstallWudf01000$
    2015-08-27 19:30 - 2015-08-27 19:31 - 00009790 _____ C:\WINDOWS\Wudf01000Inst.log
    2015-08-27 19:16 - 2015-08-27 19:20 - 00000000 ____D C:\Documents and Settings\Dell Laptop\My Documents\Videos Splash Court
    2015-08-27 19:14 - 2015-09-17 22:40 - 00000000 ____D C:\Documents and Settings\Dell Laptop\My Documents\Phone Photos
    2015-08-27 01:12 - 2015-08-27 19:01 - 00002888 _____ C:\WINDOWS\COM+.log
    2015-08-26 19:51 - 2015-08-26 19:53 - 00000000 ____D C:\WINDOWS\system32\URTTemp
    2015-08-26 19:51 - 2015-08-26 19:51 - 00000000 ____D C:\WINDOWS\Microsoft.NET

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-09-18 22:16 - 2015-07-09 15:38 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2015-09-18 22:15 - 2015-07-09 15:38 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2015-09-18 22:10 - 2015-07-09 13:38 - 00986261 _____ C:\WINDOWS\setupapi.log
    2015-09-18 19:15 - 2015-07-09 15:38 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2015-09-18 17:07 - 2015-07-09 15:34 - 00000234 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
    2015-09-18 17:07 - 2015-07-09 13:28 - 01607108 _____ C:\WINDOWS\WindowsUpdate.log
    2015-09-18 17:06 - 2015-07-09 15:01 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2015-09-17 23:05 - 2015-07-09 15:02 - 00000178 ___SH C:\Documents and Settings\Dell Laptop\ntuser.ini
    2015-09-17 23:05 - 2015-07-09 15:01 - 00032560 _____ C:\WINDOWS\SchedLgU.Txt
    2015-09-17 00:44 - 2015-07-09 13:42 - 00000216 _____ C:\WINDOWS\wiadebug.log
    2015-09-17 00:44 - 2015-07-09 13:42 - 00000050 _____ C:\WINDOWS\wiaservc.log
    2015-09-16 14:08 - 2015-07-09 15:40 - 00001813 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
    2015-09-15 19:14 - 2015-07-09 13:37 - 00000420 __RSH C:\boot.ini
    2015-09-12 15:13 - 2015-08-15 19:50 - 00008701 _____ C:\Documents and Settings\Dell Laptop\debug.log
    2015-09-10 11:24 - 2015-07-09 15:38 - 00000000 ____D C:\Documents and Settings\Dell Laptop\Local Settings\Application Data\Google
    2015-08-29 21:34 - 2015-07-09 13:39 - 00294534 _____ C:\WINDOWS\iis6.log
    2015-08-29 21:34 - 2015-07-09 13:39 - 00246525 _____ C:\WINDOWS\FaxSetup.log
    2015-08-29 21:34 - 2015-07-09 13:39 - 00153105 _____ C:\WINDOWS\ocgen.log
    2015-08-29 21:34 - 2015-07-09 13:39 - 00118439 _____ C:\WINDOWS\tsoc.log
    2015-08-29 21:34 - 2015-07-09 13:39 - 00093997 _____ C:\WINDOWS\comsetup.log
    2015-08-29 21:34 - 2015-07-09 13:39 - 00081486 _____ C:\WINDOWS\msmqinst.log
    2015-08-29 21:34 - 2015-07-09 13:39 - 00055215 _____ C:\WINDOWS\ntdtcsetup.log
    2015-08-29 21:34 - 2015-07-09 13:39 - 00043944 _____ C:\WINDOWS\netfxocm.log
    2015-08-29 21:34 - 2015-07-09 13:39 - 00017637 _____ C:\WINDOWS\MedCtrOC.log
    2015-08-29 21:34 - 2015-07-09 13:39 - 00013070 _____ C:\WINDOWS\tabletoc.log
    2015-08-29 21:34 - 2015-07-09 13:39 - 00001374 _____ C:\WINDOWS\imsins.log
    2015-08-27 22:56 - 2015-07-09 13:24 - 00018700 _____ C:\WINDOWS\wmsetup.log
    2015-08-27 19:36 - 2015-07-09 15:02 - 00000788 _____ C:\Documents and Settings\Dell Laptop\Start Menu\Programs\Windows Media Player.lnk
    2015-08-27 19:36 - 2015-07-09 13:39 - 00001374 _____ C:\WINDOWS\imsins.BAK
    2015-08-27 19:35 - 2015-07-09 13:31 - 00023392 _____ C:\WINDOWS\system32\nscompat.tlb
    2015-08-27 19:35 - 2015-07-09 13:31 - 00016832 _____ C:\WINDOWS\system32\amcompat.tlb
    2015-08-27 19:34 - 2015-07-09 13:32 - 00000000 ____D C:\WINDOWS\Help
    2015-08-27 19:34 - 2008-04-14 12:00 - 00000507 _____ C:\WINDOWS\win.ini
    2015-08-27 19:33 - 2015-07-09 13:29 - 00000000 __SHD C:\Documents and Settings\All Users\DRM
    2015-08-27 19:30 - 2015-08-14 19:47 - 00000000 ____D C:\WINDOWS\system32\LogFiles
    2015-08-27 19:28 - 2008-04-14 12:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
    2015-08-27 19:01 - 2015-07-09 13:24 - 00000000 ____D C:\WINDOWS\Registration
    2015-08-27 19:00 - 2015-07-09 13:39 - 00428472 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2015-08-26 18:36 - 2012-11-14 21:25 - 132039072 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt.exe

    Some files in TEMP:
    ====================
    C:\Documents and Settings\Dell Laptop\Local Settings\Temp\catchme.dll


    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

    ==================== End of FRST.txt ============================
     
  24. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    We'll go back to your FRST logs but what worries me a bit are number of these errors in Event Viewer:

    EventID: 7 error usually means hard drive bad block(s).

    1. Click Start, click Run, type chkdsk /r, and then click OK.
    2. At the command prompt, type Y to let the disk scanner run when you restart the computer.
    3. Chkdsk will run.
    4. Reboot
    5. Download ListChkdskResult.exe (by SleepyDude) from the link below:
    https://dl.dropboxusercontent.com/u/12354842/My Tools/ListChkdskResult.exe
    6. Double click on it to run it. It will take a few seconds to scan, then it will open a Notepad window with the log. Copy and paste the contents of this into your next post
     
  25. Dalores

    Dalores TS Rookie Topic Starter Posts: 25

    I tried this but would not work, a black box flashed up but would not run also had more bleeping.
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...