Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows XP, white screen w "Please connect to the internet....",


  • This topic is locked This topic is locked
54 replies to this topic

#1 gazorninplotz

gazorninplotz

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:03:55 PM

Posted 23 May 2013 - 04:39 PM

Hi --

 

I ssume that my PC has a virus.  The administrator account has been taken over, I cannot use task manager, and cannot interact with any programs -  The problem persists in safe mode.  The screen is completely filled with a nonclosable white window with only the message "Please connect to the internet....".  I can only use the PC in safe mode with command prompt.

 

Where do I start?

 

Thanks,

 

G

 



BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:03:55 PM

Posted 23 May 2013 - 08:34 PM

I'll report this topic to appropriate helpers.

Hold on there....


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:06:55 PM

Posted 25 May 2013 - 03:33 PM

Hello gazorninplotz, and welcome to Bleeping Computer!

My name is bloopie and I'll be helping you with your problems as best I can! :thumbup2:

A few things to keep in mind while we are working together:
  • If you have since resolved the original problem you were having, I would appreciate it if you let me know.
  • If you are unsure about any of the steps just post what you can and I will guide you!
  • Please tell me if you have your original Windows CD/DVD available.
  • Please copy and paste all logs here unless otherwise instructed!
  • Upon completing the steps below I will review your topic an do my best to resolve your issues.
==========

Since you are able to boot into safemode w/command prompt, I will ask for a log from a tool that can only be posted in the Malware Removal Logs forum, which is where I have moved this topic to. This topic will stay here and I will continue assisting you until the end.

Now, let's get to business!

==========

For the next steps, you will need a flashdrive and a clean computer, to download and transfer tools to that flashdrive...and then transfer those tools again to the infected machine:

Please download Farbar Recovery Scan Tool and save it to the flash drive.

Note: Your version should be the 32-bit version!

Now plug the flash drive into the infected PC, and boot into safemode with command prompt.

Once in the Command Prompt:
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • On it's first run FRST will make 2 logs (FRST.txt, and Attach.txt) on the flash drive. Please copy and paste both logs to your next reply.
==========

Let me know if you have any trouble with the above steps!

bloopie

#4 gazorninplotz

gazorninplotz
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:03:55 PM

Posted 25 May 2013 - 04:59 PM

Hi -

 

Thanks for your reply.  Attempting to run FRSt produces a window title"AutoIt Error" with the message "Unable to open the script file".  Nothing further occurs after closing the error window..  Attempted multiple times - same result.  

 

I do not have a Windows CD.   The PC was a business machine which came with a certificate and serial #, but no disks.

 

G



#5 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:06:55 PM

Posted 25 May 2013 - 05:58 PM

Hello again,

Could you please try to disconnect your computer from the internet (disconnect your ethernet cable), and then try booting normally...if there is success there, then please try to run FRST from normal mode and post the log for me.

If you still have problems with that, please post back and let me know!

bloopie

#6 gazorninplotz

gazorninplotz
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:03:55 PM

Posted 25 May 2013 - 06:47 PM

Hi  -

 

I was only connected via USB wi-fi and I unplugged that soon after the problem started.  I can only run programs from safe mode command line w/ or w/out connection.  No change.

 

G. 



#7 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:06:55 PM

Posted 25 May 2013 - 10:11 PM

Hello again,

 

Maybe you downloaded the wrong version of FRST? Try downloading both versions of FRST, and see if either one works posting the logs if produced.

 

==========

 

If neither version works, then let's try this:

 

  1. Launch Safe Mode w/ command prompt.
  2. At the prompt type cd \ and press Enter (note the space between cd and \)
  3. The prompt will change to C:\> if it wasn't already.
  4. Type cd users and press Enter.  The prompt will change to C:\Users
  5. Type dir and press Enter.  It will list the folders.  Look for your username in the list.
  6. Type cd "username" and press Enter.  Replace "username" with your username in quotes (e.g. cd "gazorninplotz")
  7. Type cd appdata and press Enter.  The prompt should change to C:\users\username\AppData\>
  8. Type cd roaming and press Enter.  The prompt should change to C:\users\username\AppData\Roaming\>
  9. Type ren skype.dat skype.old and press Enter.  If there is no message and it just returns to a prompt, reboot and try to boot normally and it should be disabled (note...NOT removed, just disabled from locking you out).  If you get an error message, write the error message here.

 

Let me know how it goes.

 

bloopie



#8 gazorninplotz

gazorninplotz
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:03:55 PM

Posted 25 May 2013 - 10:41 PM

Hi -

 

Every download is a slow one right now, but I will get both FRSTs and try again.  In the meantime, I can tell you that there is no users subdirectory in c:\.  Can you please doublecheck that directory structure?  How about under "Documents and Settings"? There aew subdirectories there for "All Users", "Administrator", and me.  Even so, as of yet, I can find no skype.dat in any subdirectories. 



#9 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:06:55 PM

Posted 25 May 2013 - 11:45 PM

Hello again,

 

Okay thanks. I was just checking for a specific variant of this infection which you may not have.

 

but I will get both FRSTs and try again.

 

Please do! The tool should run from the command prompt as instructed earlier. If it doesn't work, then there's a problem. Please tell me exactly what the error message is when you try to run FRST.

 

bloopie


Edited by bloopie, 25 May 2013 - 11:53 PM.


#10 gazorninplotz

gazorninplotz
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:03:55 PM

Posted 26 May 2013 - 10:19 AM

Hi -

 

Quite a lot has changed since last night.  First of all, my PC is now working.  I was not able to get FRST to run last night.  I ran chkdsk and then started explorer from the command line.  Manual searching yielded only one oddity in the startup directory for All Users.  Instead of an executable file or shortcut, I found the file orbit.old.  As if Orbit Downloader had stopped halfway through an update.  However, I was not performing an update when the system failed, nor any time in the recent past for that matter.

 

I rebooted and for the first time in days no white window appeared.  I scanned for viruses and reconnected to the internet.  I redownloded FRST directly and was able to run this copy.  Although I am back up, I will go ahead and post the logs anyway, in case their is useful information in them.

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-05-2013 01
Ran by G (administrator) on 26-05-2013 07:28:49
Running from C:\Documents and Settings\G\Desktop
Microsoft Windows XP Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 7
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
 
(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2013\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgcsrvx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgidsagent.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgwdsvc.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure 
 
Search\vToolbarUpdater\15.1.0\ToolbarUpdater.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgui.exe
(AVG Secure Search) C:\Program Files\AVG SafeGuard toolbar\vprot.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgemcx.exe
(BitTorrent, Inc.) C:\Program Files\uTorrent\uTorrent.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\2.1.121\SSScheduler.exe
(Microsoft® Corporation) C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
(Orbitdownloader.com) C:\Program Files\Orbitdownloader\orbitdm.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Realtek Semiconductor Corp.) C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe
(Orbitdownloader.com) C:\Program Files\Orbitdownloader\orbitnet.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Program Files\Windows NT\Accessories\wordpad.exe
(Google Inc.) C:\Documents and Settings\G\Local Settings\Application 
 
Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\G\Local Settings\Application 
 
Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\G\Local Settings\Application 
 
Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\G\Local Settings\Application 
 
Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\G\Local Settings\Application 
 
Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\G\Local Settings\Application 
 
Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\G\Local Settings\Application 
 
Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\G\Local Settings\Application 
 
Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\G\Local Settings\Application 
 
Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\G\Local Settings\Application 
 
Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\G\Local Settings\Application 
 
Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\G\Local Settings\Application 
 
Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\G\Local Settings\Application 
 
Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\G\Local Settings\Application 
 
Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\G\Local Settings\Application 
 
Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\G\Local Settings\Application 
 
Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\G\Local Settings\Application 
 
Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\G\Local Settings\Application 
 
Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\G\Local Settings\Application 
 
Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\G\Local Settings\Application 
 
Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\G\Local Settings\Application 
 
Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\G\Local Settings\Application 
 
Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\G\Local Settings\Application 
 
Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\G\Local Settings\Application 
 
Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\G\Local Settings\Application 
 
Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\G\Local Settings\Application 
 
Data\Google\Chrome\Application\chrome.exe
(Farbar) C:\Documents and Settings\G\Desktop\FRST.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe [143360 2003-07-30] 
 
(Analog Devices, Inc.)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 
 
2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [155648 2006-01-12] (Nero AG)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application 
 
Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [421888 
 
2012-04-18] (Apple Inc.)
HKLM\...\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k [x]
HKLM\...\Run: [UpdatePDRShortCut] "C:\Program 
 
Files\CyberLink\PowerDirector10\MUITransfer\MUIStartMenu.exe" "C:\Program 
 
Files\CyberLink\PowerDirector10" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\10.0" 
 
[222504 2010-09-17] (CyberLink Corp.)
HKLM\...\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe [24576 2000-07-13] 
 
(Microsoft® Corporation)
HKLM\...\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers 
 
[311350 2000-07-13] (Microsoft® Corporation)
HKLM\...\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe 
 
[28739 2000-07-13] (Microsoft® Corporation)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" 
 
[252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY [4408368 2013-04-29] 
 
(AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [vProt] "C:\Program Files\AVG SafeGuard toolbar\vprot.exe" [1223344 2013-05-26] 
 
(AVG Secure Search)
HKLM Group Policy restriction on software: 
 
%HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache%OLK* 
 
<====== ATTENTION
HKLM\...\Winlogon: [System] 
HKCU\...\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [1667584 2004-08-04] 
 
(Microsoft Corporation)
HKCU\...\Run: [Steam] "F:\Program Files\Valve\Steam\Steam.exe" -silent [x]
HKCU\...\Run: [Google Update] "C:\Documents and Settings\G\Local Settings\Application 
 
Data\Google\Update\GoogleUpdate.exe" /c [116648 2012-06-02] (Google Inc.)
HKCU\...\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"  /MINIMIZED [969104 2013-01-23] 
 
(BitTorrent, Inc.)
MountPoints2: {1746466e-560a-11e1-9a9a-000ffe2939cc} - C:\WINDOWS\system32\RunDLL32.EXE 
 
Shell32.DLL,ShellExec_RunDLL launcher.exe
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan 
 
Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security 
 
Scan\2.1.121\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE 
 
(Microsoft Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar 
 
Reminders.lnk
ShortcutTarget: Microsoft Works Calendar Reminders.lnk -> C:\Program Files\Common Files\Microsoft 
 
Shared\Works Shared\wkcalrem.exe (Microsoft® Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Orbit.lnk
ShortcutTarget: Orbit.lnk -> C:\Program Files\Orbitdownloader\orbitdm.exe (Orbitdownloader.com)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\REALTEK 11n USB Wireless 
 
LAN Utility.lnk
ShortcutTarget: REALTEK 11n USB Wireless LAN Utility.lnk -> C:\Program Files\REALTEK\11n USB 
 
Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.)
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msnbc.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = 
 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM SearchScopes: DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
 
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
 
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
 
BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program 
 
Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common 
 
Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program 
 
Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program 
 
Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program 
 
Files\Orbitdownloader\GrabPro.dll ()
Toolbar: HKLM - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
Toolbar: HKCU -Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program 
 
Files\Orbitdownloader\GrabPro.dll ()
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft 
 
Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Handler: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\System32\msvidctl.dll 
 
(Microsoft Corporation)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG 
 
Secure Search\ViProtocolInstaller\15.1.0\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\G\Application 
 
Data\Mozilla\Firefox\Profiles\2eclxahc.default
FF SearchEngine: AVG Secure Search
FF Homepage: 
 
hxxp://mysearch.avg.com/?cid={3A16F931-7EB7-4860-8BC3-550D223B7EBA}&mid=Unknown&lang=en&ds=AVG&pr
 
=fr&d=2013-05-26 01:14:55&v=15.1.0.2&pid=safeguard&sg=&sap=hp
FF Keyword.URL: user_pref("keyword.URL", "");
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - 
 
C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.1.0\\npsitesafety.dll (AVG 
 
Technologies)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program 
 
Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll 
 
(Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.15.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle 
 
Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.15.2 - C:\Program 
 
Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe 
 
Systems Inc.)
FF Extension: No Name - C:\Documents and Settings\G\Application 
 
Data\Mozilla\Firefox\Profiles\2eclxahc.default\Extensions\{35379F86-8CCB-4724-AE33-4278DE266C70}
 
Chrome: 
=======
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Documents and Settings\G\Local Settings\Application 
 
Data\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\G\Local Settings\Application 
 
Data\Google\Chrome\Application\27.0.1453.94\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\G\Local Settings\Application 
 
Data\Google\Chrome\Application\27.0.1453.94\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
CHR Plugin: (Orbit Downloader) - C:\Documents and Settings\G\Local Settings\Application 
 
Data\Google\Chrome\Application\plugins\nporbit.dll ( )
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll 
 
(Adobe Systems Inc.)
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft 
 
Corporation)
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft 
 
Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media 
 
Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Google Update) - C:\Documents and Settings\G\Local Settings\Application 
 
Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Extension: (YouTube) - C:\Documents and Settings\G\Local Settings\Application 
 
Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Documents and Settings\G\Local Settings\Application 
 
Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Gmail) - C:\Documents and Settings\G\Local Settings\Application 
 
Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
 
========================== Services (Whitelisted) =================
 
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2013\avgidsagent.exe [4937264 2013-05-14] (AVG 
 
Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2013\avgwdsvc.exe [283136 2013-04-18] (AVG Technologies CZ, 
 
s.r.o.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\2.1.121\McCHSvc.exe [227232 
 
2010-09-02] (McAfee, Inc.)
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [247152 2010-08-19] ()
R2 SoundMAX Agent Service (default); C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [45056 
 
2002-09-20] (Analog Devices, Inc.)
R2 vToolbarUpdater15.1.0; C:\Program Files\Common Files\AVG Secure 
 
Search\vToolbarUpdater\15.1.0\ToolbarUpdater.exe [1008816 2013-05-26] (AVG Secure Search)
R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program 
 
Files\Java\jre7\lib\deploy\jqs\jqs.conf" [x]
 
==================== Drivers (Whitelisted) ====================
 
R2 AegisP; C:\Windows\System32\DRIVERS\AegisP.sys [21361 2012-06-02] (Cisco Systems, Inc.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [208184 2013-03-29] (AVG 
 
Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [60216 2013-02-08] (AVG Technologies CZ, 
 
s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22328 2013-03-01] (AVG Technologies 
 
CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [170808 2013-02-08] (AVG Technologies CZ, 
 
s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [245048 2013-02-08] (AVG Technologies CZ, 
 
s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [96568 2013-02-08] (AVG Technologies CZ, 
 
s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [39224 2013-02-08] (AVG Technologies CZ, 
 
s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [182072 2013-03-21] (AVG Technologies CZ, 
 
s.r.o.)
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [34592 2013-05-26] (AVG Technologies)
S3 b57w2k; C:\Windows\System32\DRIVERS\b57xp32.sys [176640 2008-07-25] (Broadcom Corporation)
S3 Blfp; C:\Windows\System32\DRIVERS\baspxp32.sys [98816 2008-06-06] (Broadcom Corporation)
S2 Parclass; C:\Windows\System32\Drivers\Parclass.sys [20272 2003-02-10] (Microsoft Corporation)
S3 Secdrv; C:\Windows\System32\DRIVERS\secdrv.sys [27440 2001-08-18] ()
S4 Abiosdsk; No ImagePath
S4 abp480n5; No ImagePath
S4 adpu160m; No ImagePath
S4 Aha154x; No ImagePath
S4 aic78u2; No ImagePath
S4 aic78xx; No ImagePath
S4 AliIde; No ImagePath
S4 amsint; No ImagePath
S4 asc; No ImagePath
S4 asc3350p; No ImagePath
S4 asc3550; No ImagePath
S4 Atdisk; No ImagePath
S4 cd20xrnt; No ImagePath
S4 Changer; No ImagePath
S4 CmdIde; No ImagePath
S4 Cpqarray; No ImagePath
U4 dac2w2k; No ImagePath
S4 dac960nt; No ImagePath
S4 dpti2o; No ImagePath
S4 hpn; No ImagePath
S4 hpt3xx; No ImagePath
S4 i2omgmt; No ImagePath
S4 i2omp; No ImagePath
S4 ini910u; No ImagePath
S4 IntelIde; No ImagePath
S4 lbrtfdc; No ImagePath
S4 mraid35x; No ImagePath
S4 PCIDump; No ImagePath
S4 PDCOMP; No ImagePath
S4 PDFRAME; No ImagePath
S4 PDRELI; No ImagePath
S4 PDRFRAME; No ImagePath
S4 perc2; No ImagePath
S4 perc2hib; No ImagePath
S4 ql1080; No ImagePath
S4 Ql10wnt; No ImagePath
S4 ql12160; No ImagePath
S4 ql1240; No ImagePath
S4 ql1280; No ImagePath
S4 Simbad; No ImagePath
S4 Sparrow; No ImagePath
S4 symc810; No ImagePath
S4 symc8xx; No ImagePath
S4 sym_hi; No ImagePath
S4 sym_u3; No ImagePath
S4 TosIde; No ImagePath
S4 ugyut; System32\drivers\bqtqfacv.sys [x]
S4 ultra; No ImagePath
S4 ViaIde; No ImagePath
S4 WDICA; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-05-26 07:26 - 2013-05-26 07:26 - 00000000 ____D C:\FRST
2013-05-26 07:22 - 2013-05-26 04:19 - 01354985 ____A (Farbar) C:\Documents and 
 
Settings\G\Desktop\FRST.exe
2013-05-26 01:34 - 2013-05-26 01:34 - 02027138 ____A C:\Documents and Settings\G\My 
 
Documents\AutoRuns.arn
2013-05-26 00:51 - 2013-05-26 01:37 - 00000000 ____D C:\Documents and Settings\All 
 
Users\Application Data\MFAData
2013-05-26 00:51 - 2013-05-26 00:51 - 00000000 ____D C:\Documents and Settings\G\Local 
 
Settings\Application Data\MFAData
2013-05-22 01:24 - 2013-05-22 01:24 - 00000000 ____D C:\Windows\ERDNT
2013-05-22 01:23 - 2013-05-22 01:24 - 00000000 ____D C:\Qoobox
2013-05-21 02:03 - 2013-05-25 23:36 - 00000000 ____D C:\Documents and Settings\G\Local 
 
Settings\Application Data\KB3280669
2013-05-14 10:18 - 2013-05-14 10:18 - 00000719 ____A C:\Documents and Settings\All 
 
Users\Desktop\VLC media player.lnk
2013-04-30 19:06 - 2013-05-04 01:31 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-04-30 17:26 - 2013-04-30 17:26 - 00000000 ____D C:\Program Files\Citrix
2013-04-30 17:24 - 2013-04-30 17:24 - 00061304 ____A C:\Documents and Settings\G\g2mdlhlpx.exe
 
==================== One Month Modified Files and Folders ========
 
2013-05-26 07:28 - 2012-06-05 18:27 - 00000000 ____D C:\Documents and Settings\G\Application 
 
Data\uTorrent
2013-05-26 07:26 - 2013-05-26 07:26 - 00000000 ____D C:\FRST
2013-05-26 07:24 - 2012-06-02 14:36 - 00000000 ____D C:\Documents and Settings\G\Application 
 
Data\Orbit
2013-05-26 06:33 - 2012-06-02 14:07 - 00001002 ____A 
 
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-2077806209-839522115-1003UA.job
2013-05-26 05:43 - 2012-06-02 14:26 - 00002330 ____A C:\Documents and Settings\G\Desktop\Google 
 
Chrome.lnk
2013-05-26 04:19 - 2013-05-26 07:22 - 01354985 ____A (Farbar) C:\Documents and 
 
Settings\G\Desktop\FRST.exe
2013-05-26 03:21 - 2012-01-01 17:54 - 00402010 ____A C:\Windows\WindowsUpdate.log
2013-05-26 03:19 - 2012-01-01 10:13 - 00356120 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-26 03:16 - 2012-06-02 14:13 - 00000000 ____A C:\Windows\RTacDbg.txt
2013-05-26 03:15 - 2012-01-01 17:24 - 00000062 __ASH C:\Documents and 
 
Settings\NetworkService\Local Settings\desktop.ini
2013-05-26 03:15 - 2012-01-01 17:24 - 00000062 __ASH C:\Documents and Settings\LocalService\Local 
 
Settings\desktop.ini
2013-05-26 03:15 - 2012-01-01 17:24 - 00000062 __ASH C:\Documents and Settings\G\Local 
 
Settings\desktop.ini
2013-05-26 03:15 - 2012-01-01 17:21 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-05-26 03:15 - 2001-08-18 05:00 - 00013742 ____A C:\Windows\System32\wpa.dbl
2013-05-26 03:00 - 2012-06-05 22:41 - 00000000 ____D C:\Program Files\Hulu Downloader
2013-05-26 02:38 - 2012-01-04 01:46 - 00000015 ____A C:\Windows\popcinfo.dat
2013-05-26 01:38 - 2013-05-26 00:51 - 00000000 ____D C:\Documents and Settings\G\Local 
 
Settings\Application Data\Avg2013
2013-05-26 01:37 - 2013-05-26 00:51 - 00000000 ____D C:\Documents and Settings\All 
 
Users\Application Data\MFAData
2013-05-26 01:34 - 2013-05-26 01:34 - 02027138 ____A C:\Documents and Settings\G\My 
 
Documents\AutoRuns.arn
2013-05-26 01:33 - 2012-06-02 14:07 - 00000950 ____A 
 
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-2077806209-839522115-1003Core.job
2013-05-25 23:36 - 2013-05-21 02:03 - 00000000 ____D C:\Documents and Settings\G\Local 
 
Settings\Application Data\KB3280669
2013-05-25 21:55 - 2012-01-01 17:24 - 00000278 ___SH C:\Documents and Settings\G\ntuser.ini
2013-05-25 21:48 - 2012-07-23 10:23 - 00000000 ____D C:\Documents and Settings\G\Application 
 
Data\vlc
2013-05-22 12:15 - 2012-01-01 17:24 - 00032394 ____A C:\Windows\SchedLgU.Txt
2013-05-22 01:24 - 2013-05-22 01:24 - 00000000 ____D C:\Windows\ERDNT
2013-05-22 01:24 - 2013-05-22 01:23 - 00000000 ____D C:\Qoobox
2013-05-20 18:59 - 2012-01-11 23:16 - 00229888 ____A C:\Documents and Settings\G\Local 
 
Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-05-20 18:38 - 2012-01-01 21:44 - 00000000 ____D C:\Documents and Settings\G\Application 
 
Data\Vso
2013-05-20 13:00 - 2012-06-16 08:36 - 00000000 ____D C:\Documents and Settings\G\Local 
 
Settings\Application Data\CutePDF Writer
2013-05-16 19:37 - 2012-01-01 10:15 - 00000159 ____A C:\Windows\wiadebug.log
2013-05-16 19:37 - 2012-01-01 10:15 - 00000049 ____A C:\Windows\wiaservc.log
2013-05-14 10:39 - 2012-11-26 09:21 - 00000000 ____D C:\Documents and Settings\G\Application 
 
Data\dvdcss
2013-05-14 10:18 - 2013-05-14 10:18 - 00000719 ____A C:\Documents and Settings\All 
 
Users\Desktop\VLC media player.lnk
2013-05-08 13:12 - 2013-01-06 20:21 - 00000038 ____A C:\Windows\AviSplitter.INI
2013-05-08 13:12 - 2005-01-04 16:26 - 00000116 ____A C:\Windows\NeroDigital.ini
2013-05-04 01:31 - 2013-04-30 19:06 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-05-04 01:30 - 2012-06-03 16:49 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-04-30 17:26 - 2013-04-30 17:26 - 00000000 ____D C:\Program Files\Citrix
2013-04-30 17:24 - 2013-04-30 17:24 - 00061304 ____A C:\Documents and Settings\G\g2mdlhlpx.exe
2013-04-26 23:00 - 2012-01-04 14:07 - 00000000 ____D C:\DVDFab
 
Other Malware:
===========
C:\Documents and Settings\G\g2mdlhlpx.exe
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe
[2001-08-18 05:00] - [2004-08-04 01:56] - 1032192 ____A (Microsoft Corporation) 
 
a0732187050030ae399b241436565e64 
 
C:\Windows\System32\winlogon.exe
[2001-08-18 05:00] - [2004-08-04 01:56] - 0502272 ____A (Microsoft Corporation) 
 
01c3346c241652f43aed8e2149881bfe 
 
C:\Windows\System32\svchost.exe
[2001-08-18 05:00] - [2004-08-04 01:56] - 0014336 ____A (Microsoft Corporation) 
 
8f078ae4ed187aaabc0a305146de6716 
 
C:\Windows\System32\services.exe
[2001-08-18 05:00] - [2004-08-04 01:56] - 0108032 ____A (Microsoft Corporation) 
 
c6ce6eec82f187615d1002bb3bb50ed4 
 
C:\Windows\System32\User32.dll
[2001-08-18 05:00] - [2004-08-04 01:56] - 0577024 ____A (Microsoft Corporation) 
 
c72661f8552ace7c5c85e16a3cf505c4 
 
C:\Windows\System32\userinit.exe
[2001-08-18 05:00] - [2004-08-04 01:56] - 0024576 ____A (Microsoft Corporation) 
 
39b1ffb03c2296323832acbae50d2aff 
 
C:\Windows\System32\Drivers\volsnap.sys
[2001-08-18 05:00] - [2004-08-04 00:00] - 0052352 ____A (Microsoft Corporation) 
 
ee4660083deba849ff6c485d944b379b 
 
 
==================== End Of Log ============================

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 26-05-2013 01
Ran by G at 2013-05-26 07:29:24 Run:
Running from C:\Documents and Settings\G\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Installed Programs =======================
 
µTorrent (Version: 3.1.3)
7-Zip 9.20
Adobe AIR (Version: 3.1.0.4880)
Adobe Flash Player 11 ActiveX (Version: 11.2.202.235)
Adobe Flash Player 11 Plugin (Version: 11.1.102.55)
Adobe Reader X (10.1.4) (Version: 10.1.4)
Alabama Smith in Escape From Pompeii 1.00
Apple Application Support (Version: 2.1.7)
Apple Software Update (Version: 2.1.3.127)
Art Effects for PDR10 (Version: 2.0)
Audacity 1.2.6
AVG 2013 (Version: 13.0.3184)
AVG 2013 (Version: 13.0.3343)
AVG 2013 (Version: 2013.0.3343)
AVI Player
BeCyPDFMetaEdit (Version: 2.37.0)
Bejeweled 1.23
Broadcom Management Programs (Version: 11.67.01)
Broadcom NetXtreme Ethernet Controller (Version: 11.32.03)
Comical 0.8
CutePDF Writer 3.0
CyberLink PowerDirector 10 (Version: 10.0.0.1005)
CyberLink WaveEditor (Version: 1.0.1.3320)
DVD Shrink 3.2
DVDFab 8.2.2.8 (26/02/2013) Qt
DVDFab Platinum 3.1.7.0
DVD-lab PRO 2.5
eMachineShop
FBReader for Windows
FormatFactory 3.00 (Version: 3.00)
Foxit Reader (Version: 5.4.4.1128)
Free MP4 to VOB Converter 1.0.2 (Version: 1.0.2)
Google Chrome (Version: 27.0.1453.94)
GoToMeeting 5.5.0.1132 (Version: 5.5.0.1132)
Half-Life® (Version: 1.0.0.0)
Heretic II
Hulu Downloader 2.4.8.9
Inkscape 0.48.2 (Version: 0.48.2)
Intel® Graphics Media Accelerator Driver
IrfanView (remove only) (Version: 4.35)
Java 7 Update 15 (Version: 7.0.150)
Java Auto Updater (Version: 2.1.9.0)
JFDuke3D 20051009 (Version: 20051009)
Malwarebytes Anti-Malware version 1.61.0.1400 (Version: 1.61.0.1400)
McAfee Security Scan Plus (Version: 2.1.121.2)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Media Content (Version: 10.0.2619.0)
Microsoft Office XP Professional with FrontPage (Version: 10.0.2627.01)
Microsoft VC9 runtime libraries (Version: 2.0.0)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Works 6.0 (Version: 06.00.1829)
MinGW-Get version 0.5-beta-20120426-1 (Version: 0.5-beta-20120426-1)
Mozilla Firefox 18.0.1 (x86 en-US) (Version: 18.0.1)
Mozilla Maintenance Service (Version: 18.0.1)
Nero Suite
OpenAL
Orbit Downloader
Picasa 3 (Version: 3.9)
PowerDVD
QuickTime (Version: 7.72.80.56)
RarZilla Free Unrar (Version: 4.80)
REALTEK Wireless LAN Driver and Utility (Version: 1.00.0175)
Revo Uninstaller 1.94 (Version: 1.94)
Scratch (Version: 1.4.0.0)
SmartSound Quicktracks 5 (Version: 5.1.8)
Software Version Updater (Version: 1.1.3.6)
SoundMAX (Version: 5.12.01.4070)
Steam™ (Version: 1.0.0.0)
StreamTransport version: 1.0.2.2171
Update for Windows XP (KB932823-v3) (Version: 3)
VLC media player 2.0.6 (Version: 2.0.6)
VobSub v2.23 (Remove Only)
WebFldrs XP (Version: 9.50.5318)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (Version: 1.0)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows XP Service Pack 2 (Version: 20040803.231319)
 
==================== Restore Points  =========================
 
26-02-2013 05:52:47 System Checkpoint
27-02-2013 18:51:33 System Checkpoint
02-03-2013 04:26:11 System Checkpoint
03-03-2013 17:52:41 System Checkpoint
05-03-2013 01:02:50 System Checkpoint
07-03-2013 18:48:27 System Checkpoint
08-03-2013 19:19:01 System Checkpoint
09-03-2013 19:33:19 System Checkpoint
12-03-2013 09:00:36 System Checkpoint
15-03-2013 02:25:26 System Checkpoint
17-03-2013 00:23:37 System Checkpoint
18-03-2013 02:16:10 System Checkpoint
19-03-2013 05:09:26 System Checkpoint
21-03-2013 13:56:44 System Checkpoint
22-03-2013 17:47:42 System Checkpoint
26-03-2013 07:09:33 System Checkpoint
27-03-2013 19:20:34 System Checkpoint
29-03-2013 08:17:23 System Checkpoint
31-03-2013 09:15:19 System Checkpoint
01-04-2013 10:02:27 System Checkpoint
02-04-2013 11:02:12 System Checkpoint
03-04-2013 12:02:20 System Checkpoint
04-04-2013 13:02:21 System Checkpoint
08-04-2013 09:07:05 System Checkpoint
09-04-2013 09:28:38 System Checkpoint
11-04-2013 08:30:00 System Checkpoint
13-04-2013 06:38:24 System Checkpoint
14-04-2013 07:51:16 Installed REALTEK 11n USB Wireless LAN Software
15-04-2013 07:58:02 System Checkpoint
23-04-2013 23:44:28 System Checkpoint
25-04-2013 09:21:19 System Checkpoint
26-04-2013 10:36:23 System Checkpoint
28-04-2013 11:26:48 System Checkpoint
29-04-2013 12:10:15 System Checkpoint
01-05-2013 06:35:56 System Checkpoint
02-05-2013 09:43:09 System Checkpoint
03-05-2013 10:23:55 System Checkpoint
10-05-2013 09:48:51 System Checkpoint
11-05-2013 09:49:06 System Checkpoint
13-05-2013 19:35:52 System Checkpoint
15-05-2013 08:46:53 System Checkpoint
16-05-2013 09:32:40 System Checkpoint
17-05-2013 10:32:31 System Checkpoint
19-05-2013 10:30:29 System Checkpoint
26-05-2013 07:06:26 System Checkpoint
 
 
==================== Faulty Device Manager Devices =============
 
Name: Broadcom NetXtreme Gigabit Ethernet
Description: Broadcom NetXtreme Gigabit Ethernet
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Broadcom
Service: b57w2k
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the 
 
Enable Device wizard. Follow the instructions.
 
Name: PS/2 Compatible Mouse
Description: PS/2 Compatible Mouse
Class Guid: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers 
 
installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a 
 
new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be 
 
resolved.
 
Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Class Guid: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers 
 
installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a 
 
new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be 
 
resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/21/2013 02:11:37 AM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 5.1.2600.2180, faulting module , version 
 
0.0.0.0, fault address 0x00000000.
Processing media-specific event for [svchost.exe!ws!]
 
Error: (05/21/2013 02:08:00 AM) (Source: Application Error) (User: )
Description: Faulting application svchost.exe, version 5.1.2600.2180, faulting module , version 
 
0.0.0.0, fault address 0x00000000.
Processing media-specific event for [svchost.exe!ws!]
 
Error: (05/09/2013 00:12:49 AM) (Source: Application Error) (User: )
Description: Faulting application winbej.exe, version 1.2.3.0, faulting module unknown, version 
 
0.0.0.0, fault address 0x00d7258c.
Processing media-specific event for [winbej.exe!ws!]
 
Error: (04/25/2013 09:58:02 AM) (Source: Application Error) (User: )
Description: Faulting application orbitdm.exe, version 4.1.1.13, faulting module ntdll.dll, 
 
version 5.1.2600.2180, fault address 0x000111de.
Processing media-specific event for [orbitdm.exe!ws!]
 
Error: (04/13/2013 11:00:06 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 7.0.5730.13, hang module hungapp, version 
 
0.0.0.0, hang address 0x00000000.
 
Error: (04/04/2013 05:22:39 PM) (Source: Application Error) (User: )
Description: Faulting application orbitdm.exe, version 4.1.1.13, faulting module ntdll.dll, 
 
version 5.1.2600.2180, fault address 0x000111de.
Processing media-specific event for [orbitdm.exe!ws!]
 
Error: (04/04/2013 05:01:47 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 7.0.5730.13, faulting module mshtml.dll, 
 
version 7.0.5730.13, fault address 0x0008a64a.
Processing media-specific event for [iexplore.exe!ws!]
 
Error: (04/01/2013 01:36:37 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 7.0.5730.13, faulting module mshtml.dll, 
 
version 7.0.5730.13, fault address 0x000a0906.
Processing media-specific event for [iexplore.exe!ws!]
 
 
System errors:
=============
Error: (05/26/2013 03:16:06 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
i8042prt
 
Error: (05/25/2013 11:36:43 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
i8042prt
 
Error: (05/25/2013 09:54:59 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments 
 
""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error: (05/25/2013 09:45:10 PM) (Source: DCOM) (User: UNIVERSA-Y984DC)
Description: DCOM got error "%%1084" attempting to start the service netman with arguments ""
in order to run the server:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}
 
Error: (05/25/2013 02:47:50 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments 
 
""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error: (05/25/2013 02:35:57 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
AFD
Fips
i8042prt
intelppm
IPSec
MRxSmb
NetBIOS
NetBT
RasAcd
Rdbss
Tcpip
 
Error: (05/25/2013 02:35:57 PM) (Source: Service Control Manager) (User: )
Description: The IPSEC Services service depends on the IPSEC driver service which failed to start 
 
because of the following error: 
%%31
 
Error: (05/25/2013 02:35:57 PM) (Source: Service Control Manager) (User: )
Description: The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment 
 
service which failed to start because of the following error: 
%%31
 
Error: (05/25/2013 02:35:57 PM) (Source: Service Control Manager) (User: )
Description: The DNS Client service depends on the TCP/IP Protocol Driver service which failed to 
 
start because of the following error: 
%%31
 
Error: (05/25/2013 02:35:57 PM) (Source: Service Control Manager) (User: )
Description: The DHCP Client service depends on the NetBios over Tcpip service which failed to 
 
start because of the following error: 
%%31
 
 
Microsoft Office Sessions:
=========================
Error: (05/21/2013 02:11:37 AM) (Source: Application Error)(User: )
Description: svchost.exe5.1.2600.21800.0.0.000000000
 
Error: (05/21/2013 02:08:00 AM) (Source: Application Error)(User: )
Description: svchost.exe5.1.2600.21800.0.0.000000000
 
Error: (05/09/2013 00:12:49 AM) (Source: Application Error)(User: )
Description: winbej.exe1.2.3.0unknown0.0.0.000d7258c
 
Error: (04/25/2013 09:58:02 AM) (Source: Application Error)(User: )
Description: orbitdm.exe4.1.1.13ntdll.dll5.1.2600.2180000111de
 
Error: (04/13/2013 11:00:06 PM) (Source: Application Hang)(User: )
Description: iexplore.exe7.0.5730.13hungapp0.0.0.000000000
 
Error: (04/04/2013 05:22:39 PM) (Source: Application Error)(User: )
Description: orbitdm.exe4.1.1.13ntdll.dll5.1.2600.2180000111de
 
Error: (04/04/2013 05:01:47 PM) (Source: Application Error)(User: )
Description: iexplore.exe7.0.5730.13mshtml.dll7.0.5730.130008a64a
 
Error: (04/01/2013 01:36:37 PM) (Source: Application Error)(User: )
Description: iexplore.exe7.0.5730.13mshtml.dll7.0.5730.13000a0906
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 82%
Total physical RAM: 2039.43 MB
Available physical RAM: 354.14 MB
Total Pagefile: 3929.1 MB
Available Pagefile: 2180.22 MB
Total Virtual: 2047.88 MB
Available Virtual: 1948.07 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:74.53 GB) (Free:16.12 GB) NTFS ==>[Drive with boot components (Windows 
 
XP)]
Drive h: (FreeAgent GoFlex Drive) (Fixed) (Total:1863.01 GB) (Free:10.38 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 75 GB) (Disk ID: CD2CCD2C)
Partition 1: (Active) - (Size=75 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 1863 GB) (Disk ID: 7412EE03)
Partition 1: (Not Active) - (Size=-198626934272) - (Type=07 NTFS)
 
==================== End Of Log ============================


#11 gazorninplotz

gazorninplotz
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:03:55 PM

Posted 26 May 2013 - 10:23 AM

Some additional points -

 

My administrator rights are back - I can now run Task Manager and Registry Editor, which I could not do until the reboot last night.  AVG finds no current virus.  When my machine stopped working, I was not downloading nor updating anything.  I was browsing using Internet Explorer, although my usual browser is Google Chrome.  I have not tried Internet Explorer since regaining access.



#12 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:06:55 PM

Posted 26 May 2013 - 04:14 PM

Hello again,
 
Glad it's working again! :)
 
Thanks for that information, and for the logs, but I must issue a warning!
 
Quickly looking the logs over, I must warn you that your drive could be failing. Please ensure that you have all of your important data backed up before we proceed. If your drive does fail, you will need a Windows Installation disc and a product key code to reinstall the operating system...if it comes to that...but I want you to be prepared for the worst just in case!
 
For now, please make sure that you're not worried about losing any information on the disc you have currently installed. If so, back it up.
 
There is not much malware showing in your log, just a few things I would like to clean up soon if your drive passes some tests.
 
==========
 
To gather some more information, I'd like to get a report from Speccy:
 
Please Publish a Snapshot using Speccy, and post a link to it in this thread.
This is a convenient and accurate way of providing us with details of your computer specifications.
If you cannot get on-line to publish the information, and wish to attach it as a text file to your post, then please edit it to ensure that you do not include your Windows Key.
 
bloopie

#13 gazorninplotz

gazorninplotz
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:03:55 PM

Posted 26 May 2013 - 05:03 PM

Hi - 

 

I did SPECCY - but the results are actually full of my  personal information - user name is my full name.  It is not comforting to see that on a website.  How do I get that file off the web?

 

 

I will send it as text in a short while after I edit my info out.

 

Thanks



#14 gazorninplotz

gazorninplotz
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:03:55 PM

Posted 26 May 2013 - 05:12 PM

OK its ready - except it states above to remove my Windows Key - what section is that in? I do not see it.



#15 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:06:55 PM

Posted 26 May 2013 - 05:22 PM

Hello again,

You can also send the Speccy report to me via PM, and I will edit out any information you do not want posted. Or you can edit that information out yourself if you do not even want me to see it.

That choice is ultimately yours to make, and I totally respect your privacy overall, regardless of what's been posted.

==========

I am only here to help, not to display any personal information that you do not want posted!

Just bear in mind that the output will not display anything more than what you have designated your computer name to display, and possibly your Windows Key code. Feel free to edit those out before you post the speccy info as you wish. If not, I will gladly edit that out for you.

bloopie




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users