Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

excessive disk accesses, now recovery console wants admin password


  • This topic is locked This topic is locked
2 replies to this topic

#1 Gumby83

Gumby83

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:12 PM

Posted 30 June 2013 - 07:31 PM

Help!  I have a vintage IBM R51 laptop running XPSP3.  Yesterday I updated Mozilla Firefox to the latest version and things went to hell.  The update took a couple of hours, which was my first sign thing were going sideways.

 

Normal boot process takes forever, with continuous disk accesses.  I can barely get the systme manager window open.

I can safe boot, but cannot run AVG to see if there is a virus.  AVG reports an error and closes.  This is the paid for AVG, not the free version.

 

If I try to start the XP Recovery Console, it asks if I want to start Windows on drve C:, but then prompts for an Administrator password.

I NEVER set up an administrator password.

 

I am not even sure this problem is a virus, but I am sure I need help (PLEASE!)

 

I was able to run FRST (from BartPE) and here are the results:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 30-06-2013 03
Ran by SYSTEM on 30-06-2013 18:54:31
Running from D:\BleepingComuter
Microsoft Windows XP (X86) OS Language:
Internet Explorer Version 8
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1323008 2008-07-04] (Synaptics, Inc.)
HKLM\...\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent [x]
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: []  [x]
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY [4408368 2013-04-29] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\igfxcui: igfxsrvc.dll (Intel Corporation)
HKU\Alison\...\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [ 2008-04-14] (Microsoft Corporation)
HKU\Alison\...\Run: [IBM RecordNow!]  [x]
HKU\Alison\...\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [x]
HKU\Alison\...\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe [x]
HKU\Ford\...\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [ 2008-04-14] (Microsoft Corporation)
HKU\Ford\...\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [x]
HKU\Home Laptop\...\Run: [LG LinkAir]  [x]
HKU\Home Laptop\...\Run: []  [x]
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
ShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
BootExecute: autocheck autochk * lsdeleteC:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart

========================== Services (Whitelisted) =================

S2 AVGIDSAgent; C:\Program Files\AVG\AVG2013\avgidsagent.exe [4937264 2013-05-14] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files\AVG\AVG2013\avgwdsvc.exe [283136 2013-04-18] (AVG Technologies CZ, s.r.o.)
S2 Crypkey License; C:\Windows\System32\crypserv.exe [69632 2006-09-21] (CrypKey (Canada) Ltd.)
S4 Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2152152 2011-10-27] (Lavasoft Limited)
S2 LkCitadelServer; C:\WINDOWS\system32\lkcitdl.exe [695136 2008-06-17] (National Instruments, Inc.)
S2 lkClassAds; C:\WINDOWS\system32\lkads.exe [40488 2008-06-17] (National Instruments Corporation)
S2 lkTimeSync; C:\WINDOWS\system32\lktsrv.exe [50736 2008-06-17] (National Instruments Corporation)
S2 mxssvr; C:\Program Files\National Instruments\MAX\nimxs.exe [12696 2009-10-20] (National Instruments Corporation)
S2 ni488enumsvc; C:\Windows\system32\nipalsm.exe [12696 2008-08-22] (National Instruments Corporation)
S2 NIDomainService; C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe [213552 2008-06-17] (National Instruments Corporation)
S2 niSvcLoc; C:\WINDOWS\system32\nisvcloc.exe [13896 2009-06-04] (National Instruments Corporation)
S2 PCToolsSSDMonitorSvc; C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe [794272 2012-08-21] (PC Tools)
S4 HidServ; %SystemRoot%\System32\hidserv.dll [x]
S2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf" [x]

==================== Drivers (Whitelisted) ====================

S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [208184 2013-03-29] (AVG Technologies CZ, s.r.o.)
S0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [60216 2013-02-08] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22328 2013-03-01] (AVG Technologies CZ, s.r.o.)
S1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [170808 2013-02-08] (AVG Technologies CZ, s.r.o.)
S0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [245048 2013-02-08] (AVG Technologies CZ, s.r.o.)
S0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [96568 2013-02-08] (AVG Technologies CZ, s.r.o.)
S0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [39224 2013-02-08] (AVG Technologies CZ, s.r.o.)
S1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [182072 2013-03-21] (AVG Technologies CZ, s.r.o.)
S2 cvintdrv; C:\Windows\System32\Drivers\cvintdrv.sys [4096 2009-08-03] ()
S3 FlashUSB; C:\Windows\System32\DRIVERS\FlashUSB.sys [16896 2010-05-12] (Danish Wireless Design A/S)
S3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [9344 2009-04-17] (GARMIN Corp.)
S3 HSFHWICH; C:\Windows\System32\DRIVERS\HSFHWICH.sys [247808 2006-08-29] (Conexant Systems, Inc.)
S3 HSF_DPV; C:\Windows\System32\DRIVERS\HSF_DPV.sys [990592 2006-08-29] (Conexant Systems, Inc.)
S3 ialm; C:\Windows\System32\DRIVERS\ialmnt5.sys [773565 2004-11-02] (Intel Corporation)
S3 Lavasoft Kernexplorer; C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [15232 2011-08-18] ()
S0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [64512 2011-08-18] (Lavasoft AB)
S3 LgBttPort; C:\Windows\System32\DRIVERS\lgbtport.sys [12160 2009-09-29] (LG Electronics Inc.)
S3 lgbusenum; C:\Windows\System32\DRIVERS\lgbtbus.sys [10496 2009-09-29] (LG Electronics Inc.)
S3 LGVMODEM; C:\Windows\System32\DRIVERS\lgvmodem.sys [12928 2009-09-29] (LG Electronics Inc.)
S1 NetworkX; C:\Windows\system32\ckldrv.sys [31846 2006-01-10] ()
S3 ni488k; C:\Windows\System32\DRIVERS\ni488k.sys [222288 2009-12-15] (National Instruments Corporation)
S3 ni488lock; C:\WINDOWS\system32\drivers\ni488lock.sys [17480 2009-12-15] (National Instruments Corporation)
S3 nipalfwedl; C:\Windows\System32\drivers\nipalfwedl.sys [11904 2009-10-31] (National Instruments Corporation)
S0 NIPALK; C:\Windows\System32\drivers\nipalk.sys [597592 2009-10-31] (National Instruments Corporation)
S3 nipalusbedl; C:\Windows\System32\drivers\nipalusbedl.sys [11896 2009-10-31] (National Instruments Corporation)
S0 nipbcfk; C:\Windows\System32\drivers\nipbcfk.sys [15448 2009-07-07] (National Instruments Corporation)
S3 nmwcdnsu; C:\Windows\System32\drivers\nmwcdnsu.sys [137600 2011-05-18] (Nokia)
S3 nmwcdnsuc; C:\Windows\System32\drivers\nmwcdnsuc.sys [8576 2011-05-18] (Nokia)
S3 PRODIGY; C:\Windows\System32\Drivers\PRODIGY.SYS [32377 2006-08-29] (B-phreaks)
S3 Rasirda; C:\Windows\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
S2 RIOUSB; C:\Windows\System32\Drivers\RioUsb.sys [15152 1999-10-27] (RioPort.Com)
S3 SMSIVZAM5; C:\PROGRA~1\Verizon Wireless\VZAccess Manager\SMSIVZAM5.SYS [32408 2009-05-25] (Smith Micro Inc.)
S3 swmsflt; C:\Windows\System32\drivers\swmsflt.sys [28288 2009-01-14] ()
S3 usbbus; C:\Windows\System32\DRIVERS\lgusbbus.sys [13056 2011-02-14] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgusbdiag.sys [20864 2011-02-14] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgusbmodem.sys [25216 2011-02-14] (LG Electronics Inc.)
S3 w29n51; C:\Windows\System32\DRIVERS\w29n51.sys [2216064 2008-01-07] (Intel® Corporation)
S4 Abiosdsk; No ImagePath
S4 abp480n5; No ImagePath
S4 adpu160m; No ImagePath
S4 Aha154x; No ImagePath
S4 aic78u2; No ImagePath
S4 aic78xx; No ImagePath
S4 AliIde; No ImagePath
S4 amsint; No ImagePath
S4 asc; No ImagePath
S4 asc3350p; No ImagePath
S4 asc3550; No ImagePath
S4 Atdisk; No ImagePath
S4 cd20xrnt; No ImagePath
S1 Changer; No ImagePath
S4 CmdIde; No ImagePath
S4 Cpqarray; No ImagePath
S4 dac2w2k; No ImagePath
S4 dac960nt; No ImagePath
S4 dpti2o; No ImagePath
S4 hpn; No ImagePath
S4 hpt3xx; No ImagePath
S1 i2omgmt; No ImagePath
S4 i2omp; No ImagePath
S4 ini910u; No ImagePath
S4 IntelIde; No ImagePath
S1 lbrtfdc; No ImagePath
S4 mraid35x; No ImagePath
S1 PCIDump; No ImagePath
S3 PDCOMP; No ImagePath
S3 PDFRAME; No ImagePath
S3 PDRELI; No ImagePath
S3 PDRFRAME; No ImagePath
S4 perc2; No ImagePath
S4 perc2hib; No ImagePath
S4 ql1080; No ImagePath
S4 Ql10wnt; No ImagePath
S4 ql12160; No ImagePath
S4 ql1240; No ImagePath
S4 ql1280; No ImagePath
S4 Simbad; No ImagePath
S4 Sparrow; No ImagePath
S4 symc810; No ImagePath
S4 symc8xx; No ImagePath
S4 sym_hi; No ImagePath
S4 sym_u3; No ImagePath
S4 TosIde; No ImagePath
S4 ultra; No ImagePath
S4 ViaIde; No ImagePath
S3 WDICA; No ImagePath

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-30 20:50 - 2013-06-30 20:50 - 00006274 ____A C:\AdwCleaner[S1].txt
2013-06-30 20:49 - 2013-06-30 20:50 - 00006260 ____A C:\AdwCleaner[R1].txt
2013-06-30 20:41 - 2013-06-30 20:41 - 00000935 ____A C:\Documents and Settings\Home Laptop\Desktop\Revo Uninstaller.lnk
2013-06-30 20:41 - 2013-06-30 20:41 - 00000000 ____D C:\Program Files\VS Revo Group
2013-06-30 18:44 - 2013-06-30 18:44 - 00004210 ____N C:\bootex.log
2013-06-30 14:30 - 2013-06-30 18:36 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-06-21 10:20 - 2012-04-16 22:20 - 34627104 ____A C:\Documents and Settings\All Users\Documents\flvplayer-setup.exe
2013-06-21 10:19 - 2013-05-24 19:37 - 00033124 ____A C:\Documents and Settings\All Users\Documents\PVP_LOGO.svg
2013-06-20 23:31 - 2013-06-20 23:34 - 00000000 ____D C:\Documents and Settings\Home Laptop\My Documents\GLS
2013-06-19 12:53 - 2013-06-13 02:48 - 00094632 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2013-06-19 12:53 - 2013-06-13 02:43 - 00263592 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-06-19 12:53 - 2013-06-13 02:43 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-06-19 12:53 - 2013-06-13 02:43 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-06-19 12:53 - 2013-06-13 02:35 - 00144896 ____A (Oracle Corporation) C:\Windows\System32\javacpl.cpl
2013-06-19 12:52 - 2013-06-19 12:53 - 00004761 ____A C:\Windows\System32\jupdate-1.7.0_25-b16.log
2013-06-16 20:15 - 2013-06-16 20:15 - 00000000 __HDC C:\Windows\$NtUninstallKB2839229$
2013-06-16 20:12 - 2013-06-16 20:14 - 00014842 ____A C:\Windows\KB2838727-IE8.log
2013-06-16 20:00 - 2013-06-16 20:00 - 00000000 __HDC C:\Windows\$NtUninstallKB2808679$
2013-06-16 19:54 - 2013-06-16 20:15 - 00020428 ____A C:\Windows\KB2839229.log
2013-06-16 19:48 - 2013-06-16 20:00 - 00012961 ____A C:\Windows\KB2808679.log
2013-06-12 19:06 - 2013-06-12 19:06 - 00000000 ____D C:\FRST
2013-06-12 11:04 - 2013-06-12 11:04 - 00000000 ____D C:\Documents and Settings\Home Laptop\Application Data\AVG2013
2013-06-12 10:56 - 2013-06-12 10:56 - 00000702 ____A C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk
2013-06-12 10:56 - 2013-06-12 10:56 - 00000000 ____D C:\Documents and Settings\Home Laptop\Application Data\TuneUp Software
2013-06-12 10:49 - 2013-06-12 11:00 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVG2013
2013-06-12 09:00 - 2013-06-12 12:14 - 00000000 ____D C:\Documents and Settings\Home Laptop\Local Settings\Application Data\Avg2013
2013-06-12 09:00 - 2013-06-12 09:00 - 00000000 ____D C:\Documents and Settings\Home Laptop\Local Settings\Application Data\MFAData
2013-06-11 23:03 - 2013-06-11 23:03 - 09089416 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerInstaller.exe
2013-06-10 16:33 - 2013-06-10 16:33 - 00000000 ____D C:\Documents and Settings\Home Laptop\My Documents\PapaCHL
2013-06-05 02:03 - 2013-06-05 02:03 - 00012790 ____A C:\Windows\KB2847204-IE8.log
2013-06-05 02:02 - 2013-06-05 02:02 - 00013744 ____A C:\Windows\KB2820197.log
2013-06-05 02:02 - 2013-06-05 02:02 - 00000000 __HDC C:\Windows\$NtUninstallKB2829361$
2013-06-05 02:02 - 2013-06-05 02:02 - 00000000 __HDC C:\Windows\$NtUninstallKB2820197$
2013-06-05 01:57 - 2013-06-05 02:01 - 00013729 ____A C:\Windows\KB2829530-IE8.log
2013-06-05 01:36 - 2013-06-05 01:36 - 00008222 ____A C:\Windows\KB2632503-IE8.log
2013-06-05 01:34 - 2013-06-05 01:36 - 00008187 ____A C:\Windows\KB2510531-IE8.log
2013-06-05 01:29 - 2013-06-05 02:02 - 00017192 ____A C:\Windows\KB2829361.log
2013-06-05 01:20 - 2013-06-05 01:20 - 00000000 __SHD C:\Documents and Settings\Home Laptop\PrivacIE

==================== One Month Modified Files and Folders ========

2013-06-30 21:03 - 2012-04-03 21:28 - 00000830 ___AC C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-30 21:01 - 2010-04-02 16:25 - 01064041 ___AC C:\Windows\WindowsUpdate.log
2013-06-30 20:57 - 2010-04-02 08:15 - 00000159 ___AC C:\Windows\wiadebug.log
2013-06-30 20:57 - 2010-04-02 08:15 - 00000049 ___AC C:\Windows\wiaservc.log
2013-06-30 20:57 - 2001-08-23 12:00 - 00001299 ___AC C:\Windows\win.ini
2013-06-30 20:54 - 2010-04-02 14:42 - 00000062 _ASHC C:\Documents and Settings\LocalService\Local Settings\desktop.ini
2013-06-30 20:52 - 2012-04-19 22:27 - 00000266 ___AC C:\Windows\Tasks\RMAutoUpdate.job
2013-06-30 20:52 - 2010-12-01 17:50 - 00065244 ____A C:\aaw7boot.log
2013-06-30 20:52 - 2010-04-02 14:44 - 00000062 _ASHC C:\Documents and Settings\Home Laptop\Local Settings\desktop.ini
2013-06-30 20:52 - 2010-04-02 14:42 - 00000062 _ASHC C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
2013-06-30 20:52 - 2010-04-02 14:34 - 00000006 __AHC C:\Windows\Tasks\SA.DAT
2013-06-30 20:51 - 2011-12-08 18:04 - 00002684 ___AC C:\Windows\errord.log
2013-06-30 20:51 - 2010-04-02 14:44 - 00000278 __SHC C:\Documents and Settings\Home Laptop\ntuser.ini
2013-06-30 20:50 - 2013-06-30 20:50 - 00006274 ____A C:\AdwCleaner[S1].txt
2013-06-30 20:50 - 2013-06-30 20:49 - 00006260 ____A C:\AdwCleaner[R1].txt
2013-06-30 20:48 - 2013-01-03 03:48 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2013-06-30 20:41 - 2013-06-30 20:41 - 00000935 ____A C:\Documents and Settings\Home Laptop\Desktop\Revo Uninstaller.lnk
2013-06-30 20:41 - 2013-06-30 20:41 - 00000000 ____D C:\Program Files\VS Revo Group
2013-06-30 19:18 - 2011-01-29 16:59 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData
2013-06-30 18:50 - 2012-04-25 23:26 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-06-30 18:44 - 2013-06-30 18:44 - 00004210 ____N C:\bootex.log
2013-06-30 18:36 - 2013-06-30 14:30 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-06-30 02:38 - 2001-08-23 12:00 - 00002206 ___AC C:\Windows\System32\wpa.dbl
2013-06-30 02:36 - 2010-04-02 14:42 - 00032388 ____A C:\Windows\SchedLgU.Txt
2013-06-30 02:27 - 2010-04-04 15:27 - 00000060 ___AC C:\Windows\wpd99.drv
2013-06-30 02:22 - 2010-04-04 15:27 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\pdf995
2013-06-27 15:01 - 2010-07-15 03:47 - 00000486 ___AC C:\Windows\Tasks\Ad-Aware Update (Weekly).job
2013-06-27 12:06 - 2010-04-02 08:10 - 47710208 ____A C:\Windows\System32\config\software.rmbak
2013-06-27 12:04 - 2013-04-30 14:48 - 04857856 ____A C:\Windows\System32\config\default.rrr
2013-06-27 12:04 - 2011-01-16 16:35 - 00237568 ____A C:\Documents and Settings\NetworkService\s-1-5-20.rrr
2013-06-27 12:04 - 2011-01-16 16:35 - 00237568 ____A C:\Documents and Settings\LocalService\s-1-5-19.rrr
2013-06-26 16:27 - 2011-09-19 18:14 - 00000000 ____D C:\Documents and Settings\Home Laptop\My Documents\NSS103815
2013-06-26 16:13 - 2010-04-03 14:15 - 00000000 ____D C:\Documents and Settings\Ford\My Documents\Folder of Knowledge
2013-06-23 15:37 - 2010-08-16 17:37 - 00000000 ____D C:\Documents and Settings\Home Laptop\My Documents\Tech Stuff
2013-06-21 13:22 - 2011-06-29 19:41 - 00027400 ___AC C:\Documents and Settings\Home Laptop\Application Data\GDIPFONTCACHEV1.DAT
2013-06-21 11:10 - 2012-04-16 22:51 - 00000000 ____D C:\Documents and Settings\Home Laptop\Application Data\Applian FLV and Media Player
2013-06-20 23:34 - 2013-06-20 23:31 - 00000000 ____D C:\Documents and Settings\Home Laptop\My Documents\GLS
2013-06-19 12:53 - 2013-06-19 12:52 - 00004761 ____A C:\Windows\System32\jupdate-1.7.0_25-b16.log
2013-06-19 12:53 - 2010-09-10 01:55 - 00000000 ____D C:\Program Files\Java
2013-06-18 21:51 - 2012-12-04 15:52 - 00000000 ____D C:\Documents and Settings\Home Laptop\My Documents\Uncle Jimmy
2013-06-16 21:13 - 2010-04-02 17:35 - 00000000 ____D C:\Windows\Microsoft.NET
2013-06-16 21:01 - 2010-04-02 08:12 - 00612882 ___AC C:\Windows\System32\PerfStringBackup.INI
2013-06-16 20:18 - 2010-04-02 17:59 - 73381792 ___AC (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-16 20:15 - 2013-06-16 20:15 - 00000000 __HDC C:\Windows\$NtUninstallKB2839229$
2013-06-16 20:15 - 2013-06-16 19:54 - 00020428 ____A C:\Windows\KB2839229.log
2013-06-16 20:15 - 2010-04-02 16:23 - 00299389 ___AC C:\Windows\netfxocm.log
2013-06-16 20:15 - 2010-04-02 16:22 - 00085498 ___AC C:\Windows\tabletoc.log
2013-06-16 20:15 - 2010-04-02 16:07 - 00120019 ___AC C:\Windows\medctroc.Log
2013-06-16 20:15 - 2010-04-02 08:13 - 01965708 ___AC C:\Windows\iis6.log
2013-06-16 20:15 - 2010-04-02 08:13 - 00797105 ___AC C:\Windows\tsoc.log
2013-06-16 20:15 - 2010-04-02 08:13 - 00586076 ___AC C:\Windows\comsetup.log
2013-06-16 20:15 - 2010-04-02 08:13 - 00544922 ___AC C:\Windows\msmqinst.log
2013-06-16 20:15 - 2010-04-02 08:13 - 00356690 ___AC C:\Windows\ntdtcsetup.log
2013-06-16 20:15 - 2010-04-02 08:13 - 00096884 ___AC C:\Windows\ocmsn.log
2013-06-16 20:15 - 2010-04-02 08:13 - 00086797 ___AC C:\Windows\msgsocm.log
2013-06-16 20:15 - 2010-04-02 08:13 - 00001374 ____A C:\Windows\imsins.log
2013-06-16 20:15 - 2010-04-02 08:12 - 01714661 ___AC C:\Windows\FaxSetup.log
2013-06-16 20:15 - 2010-04-02 08:12 - 00856781 ___AC C:\Windows\ocgen.log
2013-06-16 20:14 - 2013-06-16 20:12 - 00014842 ____A C:\Windows\KB2838727-IE8.log
2013-06-16 20:14 - 2010-04-02 08:13 - 00001374 ____A C:\Windows\imsins.BAK
2013-06-16 20:13 - 2010-04-02 16:41 - 00311717 ___AC C:\Windows\updspapi.log
2013-06-16 20:12 - 2013-04-15 16:48 - 00000000 ____D C:\Windows\ie8updates
2013-06-16 20:00 - 2013-06-16 20:00 - 00000000 __HDC C:\Windows\$NtUninstallKB2808679$
2013-06-16 20:00 - 2013-06-16 19:48 - 00012961 ____A C:\Windows\KB2808679.log
2013-06-16 15:55 - 2010-12-07 16:15 - 00000000 ____D C:\Documents and Settings\Home Laptop\My Documents\Ali's Stuff
2013-06-14 21:04 - 2013-01-31 14:14 - 00036698 ____A C:\Windows\setupapi.log
2013-06-13 02:48 - 2013-06-19 12:53 - 00094632 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2013-06-13 02:48 - 2012-07-26 23:08 - 00867240 ___AC (Oracle Corporation) C:\Windows\System32\npdeployJava1.dll
2013-06-13 02:48 - 2010-09-10 01:56 - 00789416 ___AC (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2013-06-13 02:43 - 2013-06-19 12:53 - 00263592 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-06-13 02:43 - 2013-06-19 12:53 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-06-13 02:43 - 2013-06-19 12:53 - 00175016 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-06-13 02:35 - 2013-06-19 12:53 - 00144896 ____A (Oracle Corporation) C:\Windows\System32\javacpl.cpl
2013-06-12 19:06 - 2013-06-12 19:06 - 00000000 ____D C:\FRST
2013-06-12 12:14 - 2013-06-12 09:00 - 00000000 ____D C:\Documents and Settings\Home Laptop\Local Settings\Application Data\Avg2013
2013-06-12 11:07 - 2010-04-03 15:19 - 00000000 ____D C:\Program Files\AVG
2013-06-12 11:04 - 2013-06-12 11:04 - 00000000 ____D C:\Documents and Settings\Home Laptop\Application Data\AVG2013
2013-06-12 11:03 - 2010-12-01 17:47 - 00000000 ___HD C:\$AVG
2013-06-12 11:00 - 2013-06-12 10:49 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVG2013
2013-06-12 10:56 - 2013-06-12 10:56 - 00000702 ____A C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk
2013-06-12 10:56 - 2013-06-12 10:56 - 00000000 ____D C:\Documents and Settings\Home Laptop\Application Data\TuneUp Software
2013-06-12 09:00 - 2013-06-12 09:00 - 00000000 ____D C:\Documents and Settings\Home Laptop\Local Settings\Application Data\MFAData
2013-06-12 01:11 - 2012-11-09 02:58 - 00000780 ____A C:\Windows\setupact.log
2013-06-12 00:59 - 2010-04-07 19:15 - 00020992 ___AC C:\Documents and Settings\Home Laptop\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-06-12 00:26 - 2011-12-11 16:55 - 00000000 ____D C:\Documents and Settings\Home Laptop\My Documents\Ford's Different Stuff
2013-06-11 23:03 - 2013-06-11 23:03 - 09089416 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerInstaller.exe
2013-06-11 23:03 - 2012-04-03 21:28 - 00692104 ___AC (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-11 23:03 - 2011-05-18 15:10 - 00071048 ___AC (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-06-10 16:33 - 2013-06-10 16:33 - 00000000 ____D C:\Documents and Settings\Home Laptop\My Documents\PapaCHL
2013-06-05 02:35 - 2010-04-02 08:11 - 00151584 ___AC C:\Windows\System32\FNTCACHE.DAT
2013-06-05 02:03 - 2013-06-05 02:03 - 00012790 ____A C:\Windows\KB2847204-IE8.log
2013-06-05 02:02 - 2013-06-05 02:02 - 00013744 ____A C:\Windows\KB2820197.log
2013-06-05 02:02 - 2013-06-05 02:02 - 00000000 __HDC C:\Windows\$NtUninstallKB2829361$
2013-06-05 02:02 - 2013-06-05 02:02 - 00000000 __HDC C:\Windows\$NtUninstallKB2820197$
2013-06-05 02:02 - 2013-06-05 01:29 - 00017192 ____A C:\Windows\KB2829361.log
2013-06-05 02:02 - 2010-04-02 16:23 - 00000000 ___HD C:\Windows\$hf_mig$
2013-06-05 02:01 - 2013-06-05 01:57 - 00013729 ____A C:\Windows\KB2829530-IE8.log
2013-06-05 01:36 - 2013-06-05 01:36 - 00008222 ____A C:\Windows\KB2632503-IE8.log
2013-06-05 01:36 - 2013-06-05 01:34 - 00008187 ____A C:\Windows\KB2510531-IE8.log
2013-06-05 01:20 - 2013-06-05 01:20 - 00000000 __SHD C:\Documents and Settings\Home Laptop\PrivacIE
2013-06-01 00:50 - 2010-04-03 14:03 - 00000000 ___HD C:\Documents and Settings\Ford\My Documents\Outlook

==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points (XP) =====================

RP: -> 2013-06-30 13:46 - 028672 _restore{5906036F-1D69-4E5B-97E5-2BF8BC9885C6}\RP264

RP: -> 2013-06-29 13:14 - 028672 _restore{5906036F-1D69-4E5B-97E5-2BF8BC9885C6}\RP263

RP: -> 2013-06-28 12:14 - 028672 _restore{5906036F-1D69-4E5B-97E5-2BF8BC9885C6}\RP262

RP: -> 2013-06-27 12:01 - 028672 _restore{5906036F-1D69-4E5B-97E5-2BF8BC9885C6}\RP261

RP: -> 2013-06-26 19:20 - 028672 _restore{5906036F-1D69-4E5B-97E5-2BF8BC9885C6}\RP260

RP: -> 2013-06-25 18:20 - 028672 _restore{5906036F-1D69-4E5B-97E5-2BF8BC9885C6}\RP259

RP: -> 2013-06-24 17:21 - 028672 _restore{5906036F-1D69-4E5B-97E5-2BF8BC9885C6}\RP258

RP: -> 2013-06-23 16:54 - 028672 _restore{5906036F-1D69-4E5B-97E5-2BF8BC9885C6}\RP257

RP: -> 2013-06-22 16:27 - 028672 _restore{5906036F-1D69-4E5B-97E5-2BF8BC9885C6}\RP256

RP: -> 2013-06-21 15:30 - 028672 _restore{5906036F-1D69-4E5B-97E5-2BF8BC9885C6}\RP255

RP: -> 2013-06-20 14:36 - 028672 _restore{5906036F-1D69-4E5B-97E5-2BF8BC9885C6}\RP254

RP: -> 2013-06-19 12:52 - 028672 _restore{5906036F-1D69-4E5B-97E5-2BF8BC9885C6}\RP253

RP: -> 2013-06-18 20:22 - 028672 _restore{5906036F-1D69-4E5B-97E5-2BF8BC9885C6}\RP252

RP: -> 2013-06-17 20:15 - 028672 _restore{5906036F-1D69-4E5B-97E5-2BF8BC9885C6}\RP251

RP: -> 2013-06-16 19:58 - 028672 _restore{5906036F-1D69-4E5B-97E5-2BF8BC9885C6}\RP250

RP: -> 2013-06-16 13:36 - 028672 _restore{5906036F-1D69-4E5B-97E5-2BF8BC9885C6}\RP249

RP: -> 2013-06-15 13:11 - 028672 _restore{5906036F-1D69-4E5B-97E5-2BF8BC9885C6}\RP248

RP: -> 2013-06-14 12:53 - 028672 _restore{5906036F-1D69-4E5B-97E5-2BF8BC9885C6}\RP247

RP: -> 2013-06-13 12:16 - 028672 _restore{5906036F-1D69-4E5B-97E5-2BF8BC9885C6}\RP246

RP: -> 2013-06-12 11:02 - 028672 _restore{5906036F-1D69-4E5B-97E5-2BF8BC9885C6}\RP245

RP: -> 2013-06-12 10:51 - 028672 _restore{5906036F-1D69-4E5B-97E5-2BF8BC9885C6}\RP244

RP: -> 2013-06-12 10:48 - 028672 _restore{5906036F-1D69-4E5B-97E5-2BF8BC9885C6}\RP243

RP: -> 2013-06-12 10:48 - 028672 _restore{5906036F-1D69-4E5B-97E5-2BF8BC9885C6}\RP242

RP: -> 2013-06-11 21:44 - 028672 _restore{5906036F-1D69-4E5B-97E5-2BF8BC9885C6}\RP241

RP: -> 2013-06-10 19:49 - 028672 _restore{5906036F-1D69-4E5B-97E5-2BF8BC9885C6}\RP240

RP: -> 2013-06-10 12:13 - 028672 _restore{5906036F-1D69-4E5B-97E5-2BF8BC9885C6}\RP239

RP: -> 2013-06-09 11:29 - 028672 _restore{5906036F-1D69-4E5B-97E5-2BF8BC9885C6}\RP238

RP: -> 2013-06-08 02:45 - 028672 _restore{5906036F-1D69-4E5B-97E5-2BF8BC9885C6}\RP237

RP: -> 2013-06-07 01:45 - 028672 _restore{5906036F-1D69-4E5B-97E5-2BF8BC9885C6}\RP236

RP: -> 2013-06-06 01:41 - 028672 _restore{5906036F-1D69-4E5B-97E5-2BF8BC9885C6}\RP235


==================== Memory info ===========================

Percentage of memory in use: 21%
Total physical RAM: 758.42 MB
Available physical RAM: 594.99 MB
Total Pagefile: 713.93 MB
Available Pagefile: 649.38 MB
Total Virtual: 2047.88 MB
Available Virtual: 1995.16 MB

==================== Drives ================================

Drive b: (RAMDisk) (Fixed) (Total:0.03 GB) (Free:0.03 GB) FAT
Drive c: () (Fixed) (Total:37.26 GB) (Free:10.83 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (USB DRIVE) (Removable) (Total:7.47 GB) (Free:4.59 GB) FAT32
Drive x: (BartPE) (CDROM) (Total:0.15 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 37 GB) (Disk ID: E90BE90B)
Partition 1: (Active) - (Size=37 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 7 GB) (Disk ID: FDC01076)
Partition 1: (Active) - (Size=7 GB) - (Type=0B)

==================== End Of Log ============================

 



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:12 AM

Posted 05 July 2013 - 07:35 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/499735 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:12 AM

Posted 05 July 2013 - 07:44 PM

You have stated that you no longer need help with this issue, therefore I am closing this topic. If that is not the case and you need or wish to continue with this topic, please send any Moderator a Personal Message (PM) that you would like this topic re-opened.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users