Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Malwarebytes has 300plus hits [Solved]

Started by flyboy1565 , Feb 21 2013 09:59 AM

  • This topic is locked This topic is locked

#16
Essexboy
Posted 21 February 2013 - 03:28 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
You can try last known good, if it does not work then we can use OTLPE/FRST on a USB
  • 0

Advertisements

#17
flyboy1565
Posted 21 February 2013 - 03:43 PM

flyboy1565

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 403 posts
last known didn't work, it just started to reboot.
  • 0

#18
flyboy1565
Posted 21 February 2013 - 03:47 PM

flyboy1565

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 403 posts
hey stupid question, how do i do this from the computer that is constantly restarting?
  • 0

#19
Essexboy
Posted 21 February 2013 - 03:50 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
You create the USB on another computer, then use the USB to boot the sick one :)
  • 0

#20
flyboy1565
Posted 21 February 2013 - 04:51 PM

flyboy1565

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 403 posts
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-02-2013 01
Ran by SYSTEM at 21-02-2013 14:46:55
Running from X:\
Microsoft Windows XP (X86) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe [64512 2005-08-05] (Microsoft Corporation)
HKLM\...\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE [x]
HKLM\...\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe [49152 2005-06-02] (Hewlett-Packard)
HKLM\...\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run [1605740 2005-09-21] (Hewlett-Packard Company)
HKLM\...\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM\...\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot [x]
HKLM\...\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN [53248 2002-02-05] (FUJI PHOTO FILM CO., LTD.)
HKLM\...\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe [442455 2005-08-24] (Motive, Inc.)
HKLM\...\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe [2042208 2013-02-21] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [KBD] C:\HP\KBD\KBD.EXE [61440 2005-02-02] (Hewlett-Packard Company)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" [136600 2009-08-11] (Sun Microsystems, Inc.)
HKLM\...\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k [x]
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421160 2010-12-13] (Apple Inc.)
HKLM\...\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" [x]
HKU\Administrator\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2004-08-10] (Microsoft Corporation)
HKU\Default User\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2004-08-10] (Microsoft Corporation)
HKU\HP_Administrator\...\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [1694208 2004-10-13] (Microsoft Corporation)
HKU\HP_Administrator\...\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background [x]
HKU\HP_Administrator\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2004-08-10] (Microsoft Corporation)
HKU\HP_Administrator\...\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 [x]
HKU\HP_Administrator\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-06-06] (Google Inc.)
HKU\HP_Administrator\...\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; MMBSearchToolbar 1.1; GTB6.5; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://www.cartoonne...itz/index.html" [468408 2009-07-31] (Adobe Systems, Inc.)
HKLM\...\runonceex: [] [x]
Winlogon\Notify\AtiExtEvent: Ati2evxx.dll (ATI Technologies Inc.)
Winlogon\Notify\avgrsstarter: avgrsstx.dll (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\vtuvwvv: vtuvwvv.dll [X]
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Lsa: [Authentication Packages] msv1_0 C:\WINDOWS\system32\vtsts.dll
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AT&T Self Support Tool.lnk
ShortcutTarget: AT&T Self Support Tool.lnk -> C:\Program Files\SBC Self Support Tool\bin\matcli.exe (Motive Communications, Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Exif Launcher.lnk
ShortcutTarget: Exif Launcher.lnk -> C:\Program Files\FinePixViewer\QuickDCF.exe (FUJI PHOTO FILM CO., LTD.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
ShortcutTarget: Kodak EasyShare software.lnk -> C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan.lnk
ShortcutTarget: McAfee Security Scan.lnk -> C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe (No File)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
ShortcutTarget: Updates from HP.lnk -> C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe (Hewlett-Packard)
Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk
ShortcutTarget: Pin.lnk -> C:\hp\bin\CLOAKER.EXE (Hewlett-Packard Co.)

==================== Services (Whitelisted) ===================

2 ARSVC; C:\WINDOWS\arservice.exe [58880 2005-08-03] (Microsoft)
3 AVG Security Toolbar Service; C:\Program Files\AVG\AVG8\Toolbar\ToolbarBroker.exe [167264 2011-11-10] ()
2 avg8wd; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [297752 2009-08-19] (AVG Technologies CZ, s.r.o.)
2 Eventlog; C:\Windows\System32\services.exe [110592 2009-02-06] (Microsoft Corporation)
3 getPlusHelper; C:\Program Files\NOS\bin\getPlus_Helper.dll [67360 2010-01-25] (NOS Microsystems Ltd.)
2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation)
2 Pml Driver HPZ12; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE [73728 2007-08-09] (HP)
2 vToolbarUpdater; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe [855904 2013-02-21] ()
3 AOL ACS; "C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe" [x]
3 FontCache3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [x]
3 idsvc; "c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" [x]
2 JavaQuickStarterService; "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" [x]
4 NetTcpPortSharing; "c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" [x]

==================== Drivers (Whitelisted) ====================

3 aracpi; C:\Windows\System32\DRIVERS\aracpi.sys [22784 2005-08-03] (Microsoft Corporation)
3 arhidfltr; C:\Windows\System32\DRIVERS\arhidfltr.sys [19200 2005-08-03] (Microsoft Corporation)
3 arkbcfltr; C:\Windows\System32\DRIVERS\arkbcfltr.sys [5376 2005-08-03] (Microsoft Corporation)
3 armoucfltr; C:\Windows\System32\DRIVERS\armoucfltr.sys [4992 2005-08-03] (Microsoft Corporation)
3 ARPolicy; C:\Windows\System32\DRIVERS\arpolicy.sys [10112 2005-08-03] (Microsoft Corporation)
3 ati2mtag; C:\Windows\System32\DRIVERS\ati2mtag.sys [1313792 2005-08-14] (ATI Technologies Inc.)
1 AvgLdx86; C:\Windows\System32\Drivers\avgldx86.sys [335240 2009-08-19] (AVG Technologies CZ, s.r.o.)
1 AvgMfx86; C:\Windows\System32\Drivers\avgmfx86.sys [27784 2009-08-19] (AVG Technologies CZ, s.r.o.)
1 AvgTdiX; C:\Windows\System32\Drivers\avgtdix.sys [108552 2009-06-07] (AVG Technologies CZ, s.r.o.)
3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2004-08-04] (Microsoft Corporation)
1 cdrbsdrv; C:\Windows\System32\Drivers\cdrbsdrv.sys [13567 2004-03-08] (B.H.A Corporation)
0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] ()
3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [138752 2005-01-08] (Windows ® Server 2003 DDK provider)
3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [51120 2005-03-08] (HP)
3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2005-03-08] (HP)
3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21744 2005-03-08] (HP)
3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys [40776 2013-02-21] (Malwarebytes Corporation)
2 MCSTRM; C:\Windows\System32\Drivers\MCSTRM.sys [8413 2006-07-20] (RealNetworks, Inc.)
3 NABTSFEC; C:\Windows\System32\DRIVERS\NABTSFEC.sys [85376 2004-08-04] (Microsoft Corporation)
3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2004-08-04] (Microsoft Corporation)
3 RTL8023xp; C:\Windows\System32\DRIVERS\Rtlnicxp.sys [74496 2005-03-04] (Realtek Semiconductor Corporation )
3 rtl8139; C:\Windows\System32\DRIVERS\RTL8139.SYS [20992 2004-08-04] (Realtek Semiconductor Corporation)
3 SLIP; C:\Windows\System32\DRIVERS\SLIP.sys [11136 2004-08-04] (Microsoft Corporation)
3 SONYPVU1; C:\Windows\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation)
0 speedfan; C:\Windows\System32\speedfan.sys [25240 2011-03-18] (Almico Software)
3 streamip; C:\Windows\System32\DRIVERS\StreamIP.sys [15360 2004-08-04] (Microsoft Corporation)
3 usbbus; C:\Windows\System32\DRIVERS\lgusbbus.sys [12416 2007-07-23] (LG Electronics Inc.)
3 UsbDiag; C:\Windows\System32\DRIVERS\lgusbdiag.sys [19840 2007-07-23] (LG Electronics Inc.)
3 USBModem; C:\Windows\System32\DRIVERS\lgusbmodem.sys [21632 2007-07-23] (LG Electronics Inc.)
3 wanatw; C:\Windows\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.)
3 WSTCODEC; C:\Windows\System32\DRIVERS\WSTCODEC.SYS [19328 2004-08-04] (Microsoft Corporation)
4 Abiosdsk; [x]
4 abp480n5; [x]
4 adpu160m; [x]
4 Aha154x; [x]
4 aic78u2; [x]
4 aic78xx; [x]
4 AliIde; [x]
4 amsint; [x]
4 asc; [x]
4 asc3350p; [x]
4 asc3550; [x]
4 Atdisk; [x]
3 BW2NDIS5; C:\Windows\System32\Drivers\BW2NDIS5.sys [x]
4 cd20xrnt; [x]
1 Changer; [x]
4 CmdIde; [x]
4 Cpqarray; [x]
4 dac2w2k; [x]
4 dac960nt; [x]
4 dpti2o; [x]
0 ftsata2; C:\Windows\System32\DRIVERS\ftsata2.sys [x]
4 hpn; [x]
1 i2omgmt; [x]
4 i2omp; [x]
4 ini910u; [x]
1 lbrtfdc; [x]
4 mraid35x; [x]
1 PCIDump; [x]
3 PDCOMP; [x]
3 PDFRAME; [x]
3 PDRELI; [x]
3 PDRFRAME; [x]
4 perc2; [x]
4 perc2hib; [x]
4 ql1080; [x]
4 Ql10wnt; [x]
4 ql12160; [x]
4 ql1240; [x]
4 ql1280; [x]
4 Simbad; [x]
3 SMNDIS5; \??\C:\PROGRA~1\VERIZO~1\VZACCE~1\SMNDIS5.SYS [x]
4 Sparrow; [x]
4 symc810; [x]
4 symc8xx; [x]
4 sym_hi; [x]
4 sym_u3; [x]
4 TosIde; [x]
4 ultra; [x]
3 WDICA; [x]

==================== NetSvcs (Whitelisted) ===================

NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)

==================== One Month Created Files and Folders ========

2013-02-21 15:02 - 2013-02-21 15:02 - 00040776 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
2013-02-21 14:46 - 2013-02-21 14:46 - 00000000 ____D C:\FRST
2013-02-21 13:53 - 2013-02-21 13:53 - 00000000 ____D C:\_OTL
2013-02-21 13:47 - 2013-02-21 13:47 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVG Secure Search
2013-02-21 12:49 - 2013-02-21 12:50 - 00015026 ____A C:\AdwCleaner[S1].txt
2013-02-21 12:49 - 2013-02-21 12:49 - 00587671 ____A C:\Documents and Settings\HP_Administrator\Desktop\adwcleaner0.exe
2013-02-21 01:48 - 2013-02-21 01:48 - 00063544 ____A C:\Documents and Settings\HP_Administrator\Desktop\Extras.Txt
2013-02-21 01:47 - 2013-02-21 01:47 - 00083658 ____A C:\Documents and Settings\HP_Administrator\Desktop\OTL.Txt
2013-02-21 01:19 - 2013-02-21 13:49 - 00000000 ____D C:\Program Files\Common Files\AVG Secure Search
2013-02-21 01:06 - 2013-02-21 01:06 - 00602112 ____A (OldTimer Tools) C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
2013-02-20 14:19 - 2013-02-16 22:53 - 02142960 ____A C:\Documents and Settings\HP_Administrator\Desktop\installspeedfan447.exe
2013-02-16 23:16 - 2013-02-16 23:16 - 00000693 ____A C:\Documents and Settings\Administrator\Desktop\SpeedFan.lnk
2013-02-16 23:15 - 2013-02-16 23:15 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\HPQ
2013-02-16 23:13 - 2013-02-16 23:16 - 00000045 ____A C:\Windows\System32\initdebug.nfo
2013-02-16 23:13 - 2013-02-16 23:16 - 00000000 ____D C:\Program Files\SpeedFan
2013-02-16 23:12 - 2013-02-16 23:12 - 00000000 __SHD C:\Documents and Settings\Administrator\IETldCache
2013-02-16 23:12 - 2013-02-16 22:53 - 02142960 ____A C:\Documents and Settings\Administrator\Desktop\installspeedfan447.exe
2013-02-16 23:09 - 2013-02-16 23:09 - 00000000 __SHD C:\Windows\CSC
2013-02-12 01:37 - 2013-02-21 14:48 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-02-12 01:37 - 2013-02-12 01:37 - 00697712 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-02-12 01:37 - 2013-02-12 01:37 - 00074096 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-02-11 23:34 - 2013-02-11 23:35 - 00000000 ____D C:\Program Files\Speccy
2013-02-11 23:33 - 2013-02-11 23:30 - 04812216 ____A (Piriform Ltd) C:\Documents and Settings\HP_Administrator\Desktop\system info.exe
2013-02-11 23:27 - 2013-02-11 23:27 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2013-02-11 23:27 - 2013-02-11 23:19 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-02-11 23:27 - 2012-12-14 19:49 - 00021104 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-02-11 23:25 - 2013-02-11 23:26 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Desktop\Software basic tools
2013-02-11 23:19 - 2013-02-11 23:19 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Application Data\Malwarebytes
2013-02-11 22:28 - 2004-08-04 03:56 - 00021504 ____A (Microsoft Corporation) C:\Windows\System32\hidserv.dll
2013-02-11 22:28 - 2004-08-04 03:56 - 00021504 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\hidserv.dll
2013-02-11 22:28 - 2004-08-04 01:58 - 00014848 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\kbdhid.sys
2013-02-11 22:28 - 2004-08-04 01:58 - 00014848 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\kbdhid.sys

==================== One Month Modified Files and Folders ========

2013-02-21 16:18 - 2006-01-27 23:19 - 00094208 ____A C:\Windows\DUMP6707.tmp
2013-02-21 15:15 - 2006-01-27 23:19 - 00094208 ____A C:\Windows\DUMP6b0e.tmp
2013-02-21 15:14 - 2005-12-02 11:28 - 00000366 ____A C:\Windows\Tasks\Symantec NetDetect.job
2013-02-21 15:02 - 2013-02-21 15:02 - 00040776 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
2013-02-21 15:00 - 2009-06-07 03:40 - 00000000 ___HD C:\$AVG8.VAULT$
2013-02-21 15:00 - 2009-06-07 03:34 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\avg8
2013-02-21 14:59 - 2009-08-08 14:54 - 00851238 ____A C:\logfile
2013-02-21 14:55 - 2009-08-08 14:54 - 01627136 ___RA C:\Documents and Settings\All Users\Documents\ESBK.mbb
2013-02-21 14:55 - 2009-08-08 14:54 - 00741376 ___RA C:\Documents and Settings\All Users\Documents\ESBK.mb
2013-02-21 14:52 - 2005-09-01 13:58 - 00000000 ____D C:\Windows\Registration
2013-02-21 14:51 - 2005-08-30 23:55 - 00000159 ____A C:\Windows\wiadebug.log
2013-02-21 14:51 - 2005-08-30 23:55 - 00000049 ____A C:\Windows\wiaservc.log
2013-02-21 14:50 - 2009-12-15 00:53 - 00000902 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-02-21 14:50 - 2006-01-27 23:41 - 00000062 __ASH C:\Documents and Settings\HP_Administrator\Local Settings\desktop.ini
2013-02-21 14:50 - 2005-12-02 10:02 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
2013-02-21 14:50 - 2005-12-02 10:02 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini
2013-02-21 14:50 - 2005-08-31 07:17 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-02-21 14:49 - 2006-01-27 23:41 - 00000178 ___SH C:\Documents and Settings\HP_Administrator\ntuser.ini
2013-02-21 14:49 - 2005-08-31 07:17 - 01495761 ____A C:\Windows\WindowsUpdate.log
2013-02-21 14:49 - 2005-08-31 07:17 - 00032558 ____A C:\Windows\SchedLgU.Txt
2013-02-21 14:48 - 2013-02-12 01:37 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-02-21 14:46 - 2013-02-21 14:46 - 00000000 ____D C:\FRST
2013-02-21 14:34 - 2005-12-02 10:32 - 00000000 ____D C:\Windows\System32\Lang
2013-02-21 14:24 - 2009-12-15 00:53 - 00000906 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-02-21 13:53 - 2013-02-21 13:53 - 00000000 ____D C:\_OTL
2013-02-21 13:49 - 2013-02-21 01:19 - 00000000 ____D C:\Program Files\Common Files\AVG Secure Search
2013-02-21 13:47 - 2013-02-21 13:47 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVG Secure Search
2013-02-21 12:50 - 2013-02-21 12:49 - 00015026 ____A C:\AdwCleaner[S1].txt
2013-02-21 12:49 - 2013-02-21 12:49 - 00587671 ____A C:\Documents and Settings\HP_Administrator\Desktop\adwcleaner0.exe
2013-02-21 01:48 - 2013-02-21 01:48 - 00063544 ____A C:\Documents and Settings\HP_Administrator\Desktop\Extras.Txt
2013-02-21 01:47 - 2013-02-21 01:47 - 00083658 ____A C:\Documents and Settings\HP_Administrator\Desktop\OTL.Txt
2013-02-21 01:21 - 2009-06-07 03:35 - 00000000 ____D C:\Windows\System32\Drivers\Avg
2013-02-21 01:06 - 2013-02-21 01:06 - 00602112 ____A (OldTimer Tools) C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
2013-02-21 00:54 - 2010-06-11 05:48 - 00000000 __HDC C:\Windows\$NtUninstallKB980218$
2013-02-20 20:37 - 2006-03-10 16:40 - 00001324 ____A C:\Windows\System32\d3d9caps.dat
2013-02-20 14:01 - 2009-11-13 00:56 - 00223895 ____A C:\Windows\setupapi.log
2013-02-20 14:01 - 2005-08-31 07:04 - 00357149 ____A C:\Windows\setupact.log
2013-02-20 13:52 - 2005-08-31 07:06 - 00001158 ____A C:\Windows\System32\wpa.dbl
2013-02-16 23:16 - 2013-02-16 23:16 - 00000693 ____A C:\Documents and Settings\Administrator\Desktop\SpeedFan.lnk
2013-02-16 23:16 - 2013-02-16 23:13 - 00000045 ____A C:\Windows\System32\initdebug.nfo
2013-02-16 23:16 - 2013-02-16 23:13 - 00000000 ____D C:\Program Files\SpeedFan
2013-02-16 23:16 - 2005-09-01 13:59 - 00000000 ____D C:\Windows\security
2013-02-16 23:16 - 2005-08-31 07:17 - 00000178 __ASH C:\Documents and Settings\Administrator\ntuser.ini
2013-02-16 23:15 - 2013-02-16 23:15 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\HPQ
2013-02-16 23:12 - 2013-02-16 23:12 - 00000000 __SHD C:\Documents and Settings\Administrator\IETldCache
2013-02-16 23:11 - 2005-08-31 07:16 - 00000062 __ASH C:\Documents and Settings\Administrator\Local Settings\desktop.ini
2013-02-16 23:09 - 2013-02-16 23:09 - 00000000 __SHD C:\Windows\CSC
2013-02-16 22:53 - 2013-02-20 14:19 - 02142960 ____A C:\Documents and Settings\HP_Administrator\Desktop\installspeedfan447.exe
2013-02-16 22:53 - 2013-02-16 23:12 - 02142960 ____A C:\Documents and Settings\Administrator\Desktop\installspeedfan447.exe
2013-02-12 01:37 - 2013-02-12 01:37 - 00697712 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-02-12 01:37 - 2013-02-12 01:37 - 00074096 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-02-11 23:35 - 2013-02-11 23:34 - 00000000 ____D C:\Program Files\Speccy
2013-02-11 23:30 - 2013-02-11 23:33 - 04812216 ____A (Piriform Ltd) C:\Documents and Settings\HP_Administrator\Desktop\system info.exe
2013-02-11 23:27 - 2013-02-11 23:27 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2013-02-11 23:26 - 2013-02-11 23:25 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Desktop\Software basic tools
2013-02-11 23:19 - 2013-02-11 23:27 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-02-11 23:19 - 2013-02-11 23:19 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Application Data\Malwarebytes


==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe
[2004-08-10 07:00] - [2007-06-13 05:23] - 1033216 ____A (Microsoft Corporation) 74709080f9d285fb2fb67b5c8519607b

C:\Windows\System32\winlogon.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\svchost.exe
[2004-08-10 07:00] - [2004-08-10 07:00] - 0014336 ____A (Microsoft Corporation) 8f078ae4ed187aaabc0a305146de6716

C:\Windows\System32\services.exe
[2004-08-10 07:00] - [2009-02-06 12:14] - 0110592 ____A (Microsoft Corporation) 37561f8d4160d62da86d24ae41fae8de

C:\Windows\System32\User32.dll
[2004-08-10 07:00] - [2007-03-08 10:36] - 0577536 ____A (Microsoft Corporation) b409909f6e2e8a7067076ed748abf1e7

C:\Windows\System32\userinit.exe
[2004-08-10 07:00] - [2004-08-10 07:00] - 0024576 ____A (Microsoft Corporation) 39b1ffb03c2296323832acbae50d2aff

C:\Windows\System32\Drivers\volsnap.sys
[2004-08-10 07:00] - [2004-08-10 07:00] - 0052352 ____A (Microsoft Corporation) ee4660083deba849ff6c485d944b379b


==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points (XP) =====================

RP: -> 2013-02-21 14:27 - 032768 _restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP49

RP: -> 2013-02-21 01:17 - 032768 _restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP48

RP: -> 2013-02-20 13:56 - 032768 _restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP47

RP: -> 2013-02-16 23:39 - 032768 _restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP46

RP: -> 2013-02-11 22:48 - 032768 _restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP45

RP: -> 2012-12-11 17:25 - 032768 _restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP44


==================== Memory info ===========================

Percentage of memory in use: 46%
Total physical RAM: 446.48 MB
Available physical RAM: 240.28 MB
Total Pagefile: 366.31 MB
Available Pagefile: 260.88 MB
Total Virtual: 2047.88 MB
Available Virtual: 1998.98 MB

==================== Partitions =============================

1 Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
2 Drive c: (HP_PAVILION) (Fixed) (Total:140.54 GB) (Free:100.24 GB) NTFS ==>[Drive with boot components (Windows XP)]
7 Drive h: (HP_RECOVERY) (Fixed) (Total:8.5 GB) (Free:1.11 GB) FAT32 ==>[Drive with boot components (Windows XP)]
9 Drive x: (ReatogoPE) (Removable) (Total:3.77 GB) (Free:3.43 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 149 GB 0 B

Partitions of Disk 0:
===============

The disk management services could not complete the operation.

=========================================================
==================== End Of Log ============================
  • 0

#21
Essexboy
Posted 22 February 2013 - 07:13 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK try this

Download the attached fixlist.txt to the same USB as FRST
[attachment=63369:fixlist.txt]
Run FRST as previously
Press the fix button
Once complete try to reboot to normal windows
  • 0

#22
flyboy1565
Posted 22 February 2013 - 11:58 PM

flyboy1565

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 403 posts
no, that didn't work. It is going through the splash screen excetp this time i see two small flashes of blue and then i see the hp splash screen again.

Just and FYI i got another computer that does this same exact then and i have done anything but plug it in. So maybe when we get this one you might be able to help with the other one.
  • 0

#23
flyboy1565
Posted 23 February 2013 - 12:02 AM

flyboy1565

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 403 posts
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 17-02-2013 01
Ran by SYSTEM at 2013-02-22 21:53:59 Run:1
Running from X:\

==============================================

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\vtuvwvv Key deleted successfully.

==== End of Fixlog ====
  • 0

#24
Essexboy
Posted 23 February 2013 - 05:11 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Delete the current fixlist.txt on the USB and replace with this one
[attachment=63395:fixlist.txt]

Then run FRST fix again and try normal boot again
  • 0

#25
flyboy1565
Posted 23 February 2013 - 08:55 AM

flyboy1565

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 403 posts
ok i delete the first copy of the fix and went to run the new one in the other comuter. I started it up and got a session5_intialization_failed
the technical infor is ***Stop:0x00000071
  • 0

Advertisements

#26
Essexboy
Posted 23 February 2013 - 09:17 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Was that before or after running the fixlist ?
  • 0

#27
flyboy1565
Posted 23 February 2013 - 09:27 AM

flyboy1565

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 403 posts
Before
  • 0

#28
Essexboy
Posted 23 February 2013 - 09:30 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Are you able to run FRST ? If so the next option would be to use FRST to go back to an early restore point and then clean it again without MBAM
  • 0

#29
flyboy1565
Posted 23 February 2013 - 09:34 AM

flyboy1565

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 403 posts
i reformatted the and put on the OTPLE on the flash drive again.
  • 0

#30
Essexboy
Posted 23 February 2013 - 09:38 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets go for a restore it will probably be faster

Download this fixlist.txt to the same USB as FRST
[attachment=63401:fixlist.txt]

Then run FRST as before and press fix, then boot to normal windows and run a fresh OTL scan
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP