Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

boot failure


  • This topic is locked This topic is locked
473 replies to this topic

#1 willlig

willlig

  • Members
  • 401 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:55 PM

Posted 09 July 2013 - 10:22 PM

Hi. When trying to boot from a flash drive including Hitman, I got "Failed to boot", giving "Non-NTFS partition or encrypted disk detected". Please help, I need to rescue my computer. Running Windows XP.  Thanks.



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:55 PM

Posted 14 July 2013 - 10:25 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/500603 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 willlig

willlig
  • Topic Starter

  • Members
  • 401 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:55 PM

Posted 17 July 2013 - 09:13 PM

Thanks. I was already at the point of trying to boot the computer using the flash drive that has Hitman on it, to try and remove the FBI malware. I wanted to know, because of those 2 messages I received when I chose what type of boot method to use, if this seems like I should make the flash drive bootable or if you think there is something else that should be done. Wonders XP, Home Edition, Service Pack 3, 32 bit. Thank you.

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,407 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:55 AM

Posted 18 July 2013 - 09:32 AM

Greetings willlig and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please complete the following for me.

===================================================

Farbar's Recovery Scan Tool Using Windows XP Recovery Console

--------------------

Creating an Artellos XP Recovery Console CD
  • Please click here to go to the ARCDC download page
  • Right click on Latest EXE Download and select Save Link As...
  • Save it to your desktop as ARCDC.exe
  • Double click ARCDC.exe, select Run, then OK
  • You see 6 options. Please pick: Windows Professional SP2 & SP3 (If you do not have SP2 & SP3 installed please select the option that applies (i.e. SP2) . <<< IMPORTANT)
  • Click Yes on the License Agreement
  • Select Use Default Files
  • It is normal to see numerous black screens flash and disappear
  • Click Burn on the Your ISO is created! screen
  • A BurnCDCC window will open
  • The File Image box should automatically be populated with the XPRC.iso file path on your desktop. If not, browse to the file and double click it
  • The Device box should list your CD/DVD
  • Insert a CD into the CD device then click Start
  • Once completed close the program and remove the CD
  • Download Farbar's Recovery Scan Tool for 32 bit systems and save it on your USB device. Insert it into your infected computer
  • Insert the newly created Artellos XP Recovery Console CD in the computer's optical disk drive tray
  • Start or re-start the computer so that it boots from the CD. You may be prompted to "Press any key". (If you don't get this you have to change the boot order from the BIOS)
  • When the Welcome to Setup screen appears, press the R key on your keyboard to start the Recovery Console.
  • The Recovery Console will start and ask you which Windows installation you would like to log on to. If you have just one Windows installation (typical), type 1 and press enter. If you have multiple Windows installations (less typical), it will list each one. Enter the number associated with the operating system of concern
  • You will be prompted for the Administrator's password. If there is no password simply press ENTER. If a password is required but you don't know it see this.
  • Please continue with the following steps once you are presented with a C:\Windows> prompt. If you do not see this prompt, stop here and advise me of that fact
----------

Running Farbar's Recovery Scan Tool
  • In the command prompt type in dir e:\, press Enter, then see if the FRST program is listed

Note: You may need to type in different letters to locate the FRST program (ex. f: g: etc.)

  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter

Note: Replace letter e with the drive letter of your flash drive.

  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:
  • FRST log

Edited by Oh My, 10 September 2013 - 09:47 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,407 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:55 AM

Posted 22 July 2013 - 08:36 AM

Greetings,

===================================================

3 Day Bump

It has been more than 3 days since my last post.
  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 willlig

willlig
  • Topic Starter

  • Members
  • 401 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:55 PM

Posted 23 July 2013 - 10:23 AM

Thank you for the reminder. I haven't yet had the opportunity to attemp the removal per the instructions because of some urgent family business. I will eventually make the attempt and let you know how it goes. Thanks again

 

 

Mod Edit:  Related MRL topic at .http://www.bleepingcomputer.com/forums/t/500594/booting-from-usb-drive/#entry3100051 - Hamluis.


Edited by hamluis, 23 July 2013 - 12:15 PM.


#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,407 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:55 AM

Posted 23 July 2013 - 12:30 PM

OK, thanks for letting me know. Family first.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,407 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:55 AM

Posted 02 August 2013 - 08:13 AM

Greetings,

Are we able to begin to make some progress or is life still hectic? If this is still a tough time maybe we should close the topic and you can repost when things settle down.

===================================================

3 Day Bump

It has been more than 3 days since my last post.
  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,407 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:55 AM

Posted 04 August 2013 - 02:24 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,407 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:55 AM

Posted 26 August 2013 - 06:29 PM

This topic has been re-opened at the request of the person who originally posted.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 willlig

willlig
  • Topic Starter

  • Members
  • 401 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:55 PM

Posted 26 August 2013 - 07:29 PM

Thanks. Here is the FRST scan:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-08-2013 01
Ran by Dorinne (administrator) on 26-08-2013 20:14:03
Running from C:\Documents and Settings\Dorinne\Local Settings\Temporary Internet Files\Content.IE5\U17PBZ05
Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Dritek System Inc.) C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
(Acer Inc.) C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Crawler.com) C:\Program Files\PCPowerSpeed\PCPowerTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
() C:\Program Files\AVG SafeGuard toolbar\vprot.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Inbox.com, Inc.) C:\PROGRA~1\REBATE~1\REBATE~1.EXE
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Intel Corporation) C:\WINDOWS\system32\igfxext.exe
(Symantec Corporation) C:\Program Files\Norton PC Checkup\Engine\2.0.8.13\SymcPCCULaunchSvc.exe
(Symantec Corporation) C:\Program Files\Norton PC Checkup\Engine\2.0.8.13\ccSvcHst.exe
() C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe
(Realtek Semiconductor Corp.) C:\DOCUME~1\Dorinne\LOCALS~1\Temp\RtkBtMnt.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\DOCUME~1\Dorinne\LOCALS~1\Temp\DTLocker+-E\DTLplus_Launcher.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
(Farbar) C:\Documents and Settings\Dorinne\Local Settings\Temporary Internet Files\Content.IE5\U17PBZ05\FRST[1].exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [LaunchApp] - Alaunch [x]
HKLM\...\Run: [AzMixerSel] - C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe [53248 2006-07-17] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1044480 2008-04-24] (Synaptics, Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated)
HKLM\...\Run: [IMJPMIG8.1] - C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [208952 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [MSPY2002] - C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [59392 2008-04-14] ()
HKLM\...\Run: [PHIME2002ASync] - C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [PHIME2002A] - C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [M3000Mnt] - Rundll32.exe M3000Rmv.dll ,WinMainRmv /StartStillMnt [x]
HKLM\...\Run: [LManager] - C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE [821768 2008-05-13] (Dritek System Inc.)
HKLM\...\Run: [eRecoveryService] - C:\Acer\Empowering Technology\eRecovery\eRAgent.exe [425984 2008-05-22] (Acer Inc.)
HKLM\...\Run: [NBKeyScan] - "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [x]
HKLM\...\Run: [RTHDCPL] - C:\Windows\RTHDCPL.EXE [16862720 2008-05-16] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Alcmtr] - C:\Windows\ALCMTR.EXE [69632 2005-05-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [PCPowerSpeed] - C:\Program Files\PCPowerSpeed\PCPowerTray.exe [374880 2013-04-01] (Crawler.com)
HKLM\...\Run: [IntelliPoint] - c:\Program Files\Microsoft IntelliPoint\ipoint.exe [1808784 2011-04-13] (Microsoft Corporation)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2011-07-05] (Apple Inc.)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM\...\Run: [vProt] - C:\Program Files\AVG SafeGuard toolbar\vprot.exe [1100616 2013-08-26] ()
HKLM\...\Command Processor:  <======= ATTENTION
HKCU\...\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 [x]
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [13351304 2010-09-02] (Skype Technologies S.A.)
HKCU\...\Run: [RebateInformer] - C:\PROGRA~1\REBATE~1\REBATE~1.EXE [1038984 2013-08-06] (Inbox.com, Inc.)
HKCU\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
MountPoints2: {51d66ab8-0e9e-11e3-ae21-00226984c619} - E:\DTLplus_Launcher.exe
MountPoints2: {6c913f08-d81c-11dd-ac3e-00226984c619} - D:\LaunchU3.exe -a
HKU\Default User\...\RunOnce: [AcerScrSav] - C:\WINDOWS\Acer\run_NB.exe [ 2007-07-23] ()
HKU\Default User\...\RunOnce: [NeroHomeFirstStart] - "C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe" [x]
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
ShortcutTarget: InterVideo WinCinema Manager.lnk -> C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe (InterVideo Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language
HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: Inbox Toolbar - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\PROGRA~1\INBOXT~1\Inbox.dll (Inbox.com, Inc.)
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg.com/search?cid={5DCB1D32-7807-484C-8AF1-323FC76DA9AF}&mid=Unknown&lang=en&ds=co011&pr=sa&d=2013-08-26 18:38:09&v=14.0.0.12&pid=safeguard&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
SearchScopes: HKCU - {31CF9EBE-5755-4a1d-AC25-2834D952D9B4} URL = http://search.pdfcreator-toolbar.org/search?p=Q&ts=ne&w={searchTerms}&csrc=search-field
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg.com/search?cid={5DCB1D32-7807-484C-8AF1-323FC76DA9AF}&mid=Unknown&lang=en&ds=co011&pr=sa&d=2013-08-26 18:38:09&v=14.0.0.12&pid=safeguard&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {C04B7D22-5AEC-4561-8F49-27F6269208F6} URL = http://toolbar.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80106&lng=en
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\4.1.0.32\coIEPlg.dll (Symantec Corporation)
BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\4.1.0.32\IPSBHO.DLL (Symantec Corporation)
BHO: AppGraffiti - {6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} - C:\PROGRA~1\APPGRA~1\APPGRA~1.DLL (Omega Partners Ltd)
BHO: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\14.0.0.12\AVG SafeGuard toolbar_toolbar.dll ()
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
BHO: No Name - {CCB69577-088B-4004-9ED8-FF5BCC83A039} - C:\PROGRA~1\REBATE~1\RebateI.dll (Inbox.com, Inc.)
BHO: Inbox Toolbar - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\PROGRA~1\INBOXT~1\Inbox.dll (Inbox.com, Inc.)
Toolbar: HKLM - PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.1.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM - &Inbox Toolbar - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\PROGRA~1\INBOXT~1\Inbox.dll (Inbox.com, Inc.)
Toolbar: HKLM - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\14.0.0.12\AVG SafeGuard toolbar_toolbar.dll ()
Toolbar: HKCU -PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
Toolbar: HKCU -Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.1.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU -&Inbox Toolbar - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\PROGRA~1\INBOXT~1\Inbox.dll (Inbox.com, Inc.)
Toolbar: HKCU -No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~1\INBOXT~1\Inbox.dll (Inbox.com, Inc.)
Handler: ipp - No CLSID Value -
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msdaipp - No CLSID Value -
Handler: rebinfo - {AF808758-C780-404C-A4EE-4526323FD9B6} - C:\PROGRA~1\REBATE~1\RebateI.dll (Inbox.com, Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\14.0.1\ViProtocol.dll ()
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

========================== Services (Whitelisted) =================

S2 N360; C:\Program Files\Norton 360\Engine\4.2.0.12\diMaster.dll [135032 2010-04-29] (Symantec Corporation)
R2 Norton PC Checkup Application Launcher; C:\Program Files\Norton PC Checkup\Engine\2.0.8.13\SymcPCCULaunchSvc.exe [120248 2010-11-23] (Symantec Corporation)
R2 PCCUJobMgr; C:\Program Files\Norton PC Checkup\Engine\2.0.8.13\diMaster.dll [132984 2009-08-29] (Symantec Corporation)
R2 vToolbarUpdater14.0.1; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe [945480 2013-08-26] ()
S3 AppMgmt; %SystemRoot%\System32\appmgmts.dll [x]

==================== Drivers (Whitelisted) ====================

R3 AR5416; C:\Windows\System32\DRIVERS\athw.sys [1312576 2008-05-20] (Atheros Communications, Inc.)
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [31576 2013-08-26] (AVG Technologies)
R1 BHDrvx86; C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20101123.003\BHDrvx86.sys [691248 2010-11-23] (Symantec Corporation)
R1 ccHP; C:\Windows\system32\drivers\N360\0402000.00C\ccHPx86.sys [501888 2010-02-25] (Symantec Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [371248 2011-01-07] (Symantec Corporation)
S3 IDSxpx86; C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20110107.002\IDSxpx86.sys [341944 2010-12-01] (Symantec Corporation)
R3 int15.sys; C:\Acer\Empowering Technology\eRecovery\int15.sys [69632 2005-01-13] ()
R3 M3000Srv; C:\Windows\System32\Drivers\M3000KNT.sys [254976 2008-05-05] ()
S3 NAVENG; C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20110108.002\NAVENG.SYS [86008 2011-01-07] (Symantec Corporation)
S3 NAVEX15; C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20110108.002\NAVEX15.SYS [1360760 2011-01-07] (Symantec Corporation)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
S3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [21784 2011-04-13] (Microsoft Corporation)
S3 SRTSP; C:\Windows\system32\drivers\N360\0401000.020\SRTSP.SYS [325680 2010-02-26] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360\0402000.00C\SRTSPX.SYS [43696 2010-04-21] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360\0402000.00C\SYMDS.SYS [328752 2010-02-03] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360\0402000.00C\SYMEFA.SYS [173104 2010-04-21] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT.SYS [124976 2011-01-07] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360\0402000.00C\Ironx86.SYS [116784 2010-04-29] (Symantec Corporation)
S3 SYMTDI; C:\Windows\system32\drivers\N360\0401000.020\SYMTDI.SYS [362032 2010-02-03] (Symantec Corporation)
S3 EraserUtilDrvI10; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI10.sys [x]
S3 MREMP50; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [x]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [x]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x]
S3 MRESP50; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [x]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [x]
U1 WS2IFSL;

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-08-26 18:38 - 2013-08-26 18:39 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVG SafeGuard toolbar
2013-08-26 18:38 - 2013-08-26 18:38 - 00000000 ____D C:\Documents and Settings\Dorinne\Local Settings\Application Data\AVG SafeGuard toolbar
2013-08-26 18:38 - 2013-08-26 18:38 - 00000000 ____D C:\Documents and Settings\Dorinne\Application Data\AVG SafeGuard toolbar
2013-08-26 18:38 - 2013-08-26 18:38 - 00000000 ____D C:\Documents and Settings\Dorinne\Application Data\0D0S1L2Z1P1B0T1P1B2Z
2013-08-26 18:38 - 2013-08-26 18:37 - 00031576 _____ (AVG Technologies) C:\WINDOWS\system32\Drivers\avgtpx86.sys
2013-08-26 18:37 - 2013-08-26 18:38 - 00000000 ____D C:\Program Files\Common Files\AVG Secure Search
2013-08-26 18:37 - 2013-08-26 18:37 - 00000767 _____ C:\Documents and Settings\All Users\Desktop\Open It!.lnk
2013-08-26 18:37 - 2013-08-26 18:37 - 00000412 _____ C:\WINDOWS\Tasks\At1.job
2013-08-26 18:37 - 2013-08-26 18:37 - 00000000 ____D C:\Program Files\OpenIt
2013-08-26 18:37 - 2013-08-26 18:37 - 00000000 ____D C:\Program Files\AVG SafeGuard toolbar
2013-08-26 18:37 - 2013-08-26 18:37 - 00000000 ____D C:\Documents and Settings\Dorinne\Application Data\DSite
2013-08-26 18:34 - 2013-08-26 18:34 - 00004088 _____ C:\WINDOWS\KB2850869.log
2013-08-26 18:33 - 2013-08-26 18:34 - 00004430 _____ C:\WINDOWS\KB2859537.log
2013-08-06 21:47 - 2013-08-06 21:52 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-08-06 21:36 - 2013-08-06 21:36 - 00014244 _____ C:\WINDOWS\KB2834904.log
2013-08-06 21:36 - 2013-08-06 21:36 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834904_WM11$
2013-08-06 21:34 - 2013-08-06 21:34 - 00014121 _____ C:\WINDOWS\KB2834886.log
2013-08-06 21:34 - 2013-08-06 21:34 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2850851$
2013-08-06 21:34 - 2013-08-06 21:34 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834886$
2013-08-06 21:33 - 2013-08-06 21:33 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2845187$
2013-08-06 21:21 - 2013-08-06 21:21 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2839229$
2013-08-06 21:14 - 2013-08-06 21:14 - 00015106 _____ C:\WINDOWS\KB2820197.log
2013-08-06 21:14 - 2013-08-06 21:14 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2820917$
2013-08-06 21:14 - 2013-08-06 21:14 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2820197$
2013-08-06 21:13 - 2013-08-06 21:14 - 00015360 _____ C:\WINDOWS\KB2846071-IE8.log
2013-08-06 21:13 - 2013-08-06 21:13 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2813345$

==================== One Month Modified Files and Folders =======

2013-08-26 20:13 - 2013-08-26 20:13 - 00000000 ____D C:\FRST
2013-08-26 20:05 - 2008-08-15 16:37 - 01805412 _____ C:\WINDOWS\WindowsUpdate.log
2013-08-26 20:04 - 2009-01-02 11:14 - 00000000 ____D C:\Documents and Settings\Dorinne\Application Data\Skype
2013-08-26 20:04 - 2008-08-15 16:37 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-08-26 20:04 - 2008-08-15 06:33 - 00000159 _____ C:\WINDOWS\wiadebug.log
2013-08-26 20:04 - 2008-08-15 06:33 - 00000049 _____ C:\WINDOWS\wiaservc.log
2013-08-26 20:03 - 2008-12-28 04:50 - 00000178 ___SH C:\Documents and Settings\Dorinne\ntuser.ini
2013-08-26 20:03 - 2008-08-15 16:37 - 00032612 _____ C:\WINDOWS\SchedLgU.Txt
2013-08-26 20:03 - 2008-08-15 15:59 - 00004774 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-08-26 19:36 - 2013-03-31 17:20 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-08-26 18:39 - 2013-08-26 18:38 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVG SafeGuard toolbar
2013-08-26 18:38 - 2013-08-26 18:38 - 00000000 ____D C:\Documents and Settings\Dorinne\Local Settings\Application Data\AVG SafeGuard toolbar
2013-08-26 18:38 - 2013-08-26 18:38 - 00000000 ____D C:\Documents and Settings\Dorinne\Application Data\AVG SafeGuard toolbar
2013-08-26 18:38 - 2013-08-26 18:38 - 00000000 ____D C:\Documents and Settings\Dorinne\Application Data\0D0S1L2Z1P1B0T1P1B2Z
2013-08-26 18:38 - 2013-08-26 18:37 - 00000000 ____D C:\Program Files\Common Files\AVG Secure Search
2013-08-26 18:37 - 2013-08-26 18:38 - 00031576 _____ (AVG Technologies) C:\WINDOWS\system32\Drivers\avgtpx86.sys
2013-08-26 18:37 - 2013-08-26 18:37 - 00000767 _____ C:\Documents and Settings\All Users\Desktop\Open It!.lnk
2013-08-26 18:37 - 2013-08-26 18:37 - 00000412 _____ C:\WINDOWS\Tasks\At1.job
2013-08-26 18:37 - 2013-08-26 18:37 - 00000000 ____D C:\Program Files\OpenIt
2013-08-26 18:37 - 2013-08-26 18:37 - 00000000 ____D C:\Program Files\AVG SafeGuard toolbar
2013-08-26 18:37 - 2013-08-26 18:37 - 00000000 ____D C:\Documents and Settings\Dorinne\Application Data\DSite
2013-08-26 18:34 - 2013-08-26 18:34 - 00004088 _____ C:\WINDOWS\KB2850869.log
2013-08-26 18:34 - 2013-08-26 18:33 - 00004430 _____ C:\WINDOWS\KB2859537.log
2013-08-26 18:25 - 2009-11-02 11:15 - 00742724 _____ C:\WINDOWS\setupapi.log
2013-08-26 18:23 - 2011-04-27 20:09 - 00000000 ____D C:\Program Files\RebateInformer
2013-08-26 18:18 - 2008-08-15 16:37 - 00001158 _____ C:\WINDOWS\system32\wpa.dbl
2013-08-26 18:11 - 2011-04-27 20:09 - 00000000 ____D C:\Documents and Settings\Dorinne\Application Data\PCPowerSpeed
2013-08-06 22:03 - 2008-08-15 13:44 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2013-08-06 21:52 - 2013-08-06 21:47 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-08-06 21:43 - 2008-12-27 16:24 - 00000000 ____D C:\Documents and Settings\Dorinne\Local Settings\Application Data\Adobe
2013-08-06 21:42 - 2013-03-31 17:20 - 00692104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-08-06 21:42 - 2011-08-06 13:48 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-08-06 21:37 - 2011-04-27 20:09 - 00000000 ____D C:\Program Files\AppGraffiti
2013-08-06 21:37 - 2008-08-15 15:55 - 00248696 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-08-06 21:36 - 2013-08-06 21:36 - 00014244 _____ C:\WINDOWS\KB2834904.log
2013-08-06 21:36 - 2013-08-06 21:36 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834904_WM11$
2013-08-06 21:36 - 2008-08-15 16:19 - 00694841 _____ C:\WINDOWS\tsoc.log
2013-08-06 21:36 - 2008-08-15 16:19 - 00286583 _____ C:\WINDOWS\iis6.log
2013-08-06 21:36 - 2008-08-15 13:53 - 01818686 _____ C:\WINDOWS\FaxSetup.log
2013-08-06 21:36 - 2008-08-15 13:53 - 00871965 _____ C:\WINDOWS\ocgen.log
2013-08-06 21:36 - 2008-08-15 13:53 - 00612382 _____ C:\WINDOWS\comsetup.log
2013-08-06 21:36 - 2008-08-15 13:53 - 00370041 _____ C:\WINDOWS\ntdtcsetup.log
2013-08-06 21:36 - 2008-08-15 13:53 - 00100065 _____ C:\WINDOWS\ocmsn.log
2013-08-06 21:36 - 2008-08-15 13:53 - 00090481 _____ C:\WINDOWS\msgsocm.log
2013-08-06 21:36 - 2008-08-15 13:53 - 00001355 _____ C:\WINDOWS\imsins.log
2013-08-06 21:34 - 2013-08-06 21:34 - 00014121 _____ C:\WINDOWS\KB2834886.log
2013-08-06 21:34 - 2013-08-06 21:34 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2850851$
2013-08-06 21:34 - 2013-08-06 21:34 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834886$
2013-08-06 21:34 - 2013-07-20 13:35 - 00021743 _____ C:\WINDOWS\KB2850851.log
2013-08-06 21:34 - 2008-08-15 13:53 - 00001355 _____ C:\WINDOWS\imsins.BAK
2013-08-06 21:33 - 2013-08-06 21:33 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2845187$
2013-08-06 21:33 - 2013-07-20 13:35 - 00020576 _____ C:\WINDOWS\KB2845187.log
2013-08-06 21:21 - 2013-08-06 21:21 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2839229$
2013-08-06 21:21 - 2013-07-20 13:33 - 00022235 _____ C:\WINDOWS\KB2839229.log
2013-08-06 21:21 - 2008-08-15 16:42 - 00000000 ____D C:\I386
2013-08-06 21:14 - 2013-08-06 21:14 - 00015106 _____ C:\WINDOWS\KB2820197.log
2013-08-06 21:14 - 2013-08-06 21:14 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2820917$
2013-08-06 21:14 - 2013-08-06 21:14 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2820197$
2013-08-06 21:14 - 2013-08-06 21:13 - 00015360 _____ C:\WINDOWS\KB2846071-IE8.log
2013-08-06 21:14 - 2013-07-20 13:31 - 00023085 _____ C:\WINDOWS\KB2820917.log
2013-08-06 21:14 - 2008-08-15 13:53 - 00188941 _____ C:\WINDOWS\updspapi.log
2013-08-06 21:14 - 2008-08-15 13:53 - 00000000 ___HD C:\WINDOWS\$hf_mig$
2013-08-06 21:13 - 2013-08-06 21:13 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2813345$
2013-08-06 21:13 - 2013-07-20 13:30 - 00016943 _____ C:\WINDOWS\KB2813345.log
2013-08-06 21:13 - 2009-11-02 10:36 - 00000000 ____D C:\WINDOWS\ie8updates
2013-08-06 21:06 - 2009-09-17 03:10 - 00000000 ____D C:\WINDOWS\system32\XPSViewer

Files to move or delete:
====================
C:\Documents and Settings\Default User\Local Settings\Temp\RtkBtMnt.exe
C:\DOCUME~1\Dorinne\LOCALS~1\Temp\DTLocker+-E-ParaDelay.exe
C:\DOCUME~1\Dorinne\LOCALS~1\Temp\HitmanPro_x64.exe
C:\DOCUME~1\Dorinne\LOCALS~1\Temp\Kickstarter.exe
C:\DOCUME~1\Dorinne\LOCALS~1\Temp\RtkBtMnt.exe
C:\DOCUME~1\Dorinne\LOCALS~1\Temp\is357113909\AVG_Safeguard.exe
C:\DOCUME~1\Dorinne\LOCALS~1\Temp\is357113909\nss_handler.exe
C:\DOCUME~1\Dorinne\LOCALS~1\Temp\is357113909\OpenItSetup.exe
C:\DOCUME~1\Dorinne\LOCALS~1\Temp\is357113909\SymCCIS.dll
C:\DOCUME~1\Dorinne\LOCALS~1\Temp\is357113909\uninstaller.exe
C:\DOCUME~1\Dorinne\LOCALS~1\Temp\is357113909\wajam_validate.exe
C:\DOCUME~1\Dorinne\LOCALS~1\Temp\DTLocker+-E\DTLplus_Launcher.exe
C:\DOCUME~1\Dorinne\LOCALS~1\Temp\avg_a01868\avg-secure-search-installer.exe
C:\DOCUME~1\Dorinne\LOCALS~1\Temp\avg_a01868\ProgFiles\AVG SafeGuard toolbar\lip.exe
C:\DOCUME~1\Dorinne\LOCALS~1\Temp\avg_a01868\ProgFiles\AVG SafeGuard toolbar\PostInstall.exe
C:\DOCUME~1\Dorinne\LOCALS~1\Temp\avg_a01868\ProgFiles\AVG SafeGuard toolbar\Uninstall.exe
C:\DOCUME~1\Dorinne\LOCALS~1\Temp\avg_a01868\ProgFiles\AVG SafeGuard toolbar\vprot.exe
C:\DOCUME~1\Dorinne\LOCALS~1\Temp\avg_a01868\ProgFiles\AVG SafeGuard toolbar\14.0.0.12\AVG SafeGuard toolbar_toolbar.dll
C:\DOCUME~1\Dorinne\LOCALS~1\Temp\avg_a01868\ConfigFiles\avguidx.dll
C:\DOCUME~1\Dorinne\LOCALS~1\Temp\avg_a01868\ConfigFiles\MachineIdCreator.exe
C:\DOCUME~1\Dorinne\LOCALS~1\Temp\avg_a01868\CommonFiles\AVG SafeGuard toolbar\avgdttbx.dll
C:\DOCUME~1\Dorinne\LOCALS~1\Temp\avg_a01868\CommonFiles\AVG SafeGuard toolbar\AVGRewardsWorker.dll
C:\DOCUME~1\Dorinne\LOCALS~1\Temp\avg_a01868\CommonFiles\AVG SafeGuard toolbar\DriverInstaller.exe
C:\DOCUME~1\Dorinne\LOCALS~1\Temp\avg_a01868\CommonFiles\AVG SafeGuard toolbar\DriverInstaller_64.exe
C:\DOCUME~1\Dorinne\LOCALS~1\Temp\avg_a01868\CommonFiles\AVG SafeGuard toolbar\npsitesafety.dll
C:\DOCUME~1\Dorinne\LOCALS~1\Temp\avg_a01868\CommonFiles\AVG SafeGuard toolbar\ScriptHelper.exe
C:\DOCUME~1\Dorinne\LOCALS~1\Temp\avg_a01868\CommonFiles\AVG SafeGuard toolbar\SiteSafety.dll
C:\DOCUME~1\Dorinne\LOCALS~1\Temp\avg_a01868\CommonFiles\AVG SafeGuard toolbar\ToolbarUpdater.exe
C:\DOCUME~1\Dorinne\LOCALS~1\Temp\avg_a01868\CommonFiles\AVG SafeGuard toolbar\ViProtocol.dll
C:\DOCUME~1\Dorinne\LOCALS~1\Temp\6.dir\InstallFlashPlayer.exe
C:\DOCUME~1\Dorinne\LOCALS~1\Temp\5.dir\InstallFlashPlayer.exe
C:\DOCUME~1\Dorinne\LOCALS~1\Temp\4.dir\InstallFlashPlayer.exe
C:\Windows\Tasks\At1.job

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

 



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,407 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:55 AM

Posted 27 August 2013 - 02:05 PM

Greetings and welcome back.

You initially said you were trying to boot from a flash drive. I am assuming your are unable to boot your computer normally, correct?

Could you tell me if you are aware of this program on your computer:

C:\Program Files\OpenIt

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix

--------------------
  • From a clean computer press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it on the flashdrive as fixlist.txt
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
Toolbar: HKCU -No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Handler: ipp - No CLSID Value -
Handler: msdaipp - No CLSID Value -
2013-08-26 18:37 - 2013-08-26 18:37 - 00000767 _____ C:\Documents and Settings\All Users\Desktop\Open It!.lnk
2013-08-26 18:37 - 2013-08-26 18:37 - 00000412 _____ C:\WINDOWS\Tasks\At1.job
2013-08-26 18:37 - 2013-08-26 18:37 - 00000000 ____D C:\Program Files\OpenIt
C:\Documents and Settings\Default User\Local Settings\Temp\RtkBtMnt.exe
C:\DOCUME~1\Dorinne\LOCALS~1\Temp\DTLocker+-E-ParaDelay.exe
C:\DOCUME~1\Dorinne\LOCALS~1\Temp\HitmanPro_x64.exe
C:\DOCUME~1\Dorinne\LOCALS~1\Temp\Kickstarter.exe
C:\DOCUME~1\Dorinne\LOCALS~1\Temp\RtkBtMnt.exe
C:\DOCUME~1\Dorinne\LOCALS~1\Temp\is357113909
C:\DOCUME~1\Dorinne\LOCALS~1\Temp\DTLocker+-E\DTLplus_Launcher.exe
C:\DOCUME~1\Dorinne\LOCALS~1\Temp\avg_a01868\avg-secure-search-installer.exe
C:\DOCUME~1\Dorinne\LOCALS~1\Temp\avg_a01868\ProgFiles\AVG SafeGuard toolbar
C:\DOCUME~1\Dorinne\LOCALS~1\Temp\avg_a01868\ConfigFiles\avguidx.dll
C:\DOCUME~1\Dorinne\LOCALS~1\Temp\avg_a01868\ConfigFiles\MachineIdCreator.exe
C:\DOCUME~1\Dorinne\LOCALS~1\Temp\avg_a01868\CommonFiles\AVG SafeGuard toolbar
C:\DOCUME~1\Dorinne\LOCALS~1\Temp\6.dir\InstallFlashPlayer.exe
C:\DOCUME~1\Dorinne\LOCALS~1\Temp\5.dir\InstallFlashPlayer.exe
C:\DOCUME~1\Dorinne\LOCALS~1\Temp\4.dir\InstallFlashPlayer.exe
C:\Windows\Tasks\At1.job
  • Insert the USB device into your infected computer
  • Boot your computer with the Artellos disc you previously created
  • Run FRST as you did the first time and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the flashdrive (Fixlog.txt). Copy and paste that information in your reply.
  • Please attempt to boot your computer into Normal Mode, or if not, Safe Mode
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Do you recognize the program
  • Farbar log
  • Did your computer boot?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 willlig

willlig
  • Topic Starter

  • Members
  • 401 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:55 PM

Posted 27 August 2013 - 06:22 PM

Hi. Thanks. I was originally trying to boot from a flash drive with Hitman on it because of the FBI malware. I could try to boot in normal mode but I still have the FBI thing. Each time we correspond there turns out to be another different set of instructions so now I don't know what to do. If there ever was a situation that required phone support, it seems like this is it, but I guess you guys aren't able to offer that, right?

#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,407 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:55 AM

Posted 27 August 2013 - 07:02 PM

No, unfortunately we are limited to this correspondence.

Did you attempt to follow the instructions I posted?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 willlig

willlig
  • Topic Starter

  • Members
  • 401 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:55 PM

Posted 31 August 2013 - 12:28 PM

When tryingto create the Artellos CD, the drive keeps rejecting the disc and a message comes up that says "insert a blank CD"  What type of disc should I be able to use for this? Hopefully it's not a different problem..






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users