Author Topic: WindowsVista fails to start, and an odd login screen. (Read 19230 times)

Somero · « **on:** January 23, 2011, 02:46:44 PM »

Greetings.

This morning when I decided to restart my Computer it ran some sort of check/test.(Something about checking a disk for consistency)
Afterwords I was left with a blank screen and a cursor. I waited a bit before growing impatient and restarting it again.(That was probably a mistake.)

This time I was greated with this message:

Quote

Windows Error recovery

Windows failed to start. A recent hardware or software change might be the cause

If windows files have been damaged or configured incorrectly, Startup Repair can help dignose and fix the problem. If power was interrupted during startup, choose start windows normally.
(Use the arrow keys to hilight your choise.)

Launch Startup Reapair (recomended)
Start Windows Normally

Seconds until the highlited choise will be selected automaticaly: xx
Description: xx

Starting windows normally eventually brings me back to the same message.
Launching Startup Repair, as well as trying to enter Safe Mode or trying to revert to a previous configuration, brings me to a login screen where the only thing I can select is an account called "Other User", and my account is missing. When I select "Other User" it asks for a User name and Password. Mine do not work.

I'm using Windows Vista Home Premium.
Also, I should note that I'm currently using my Playstion 3 to surf the web. Which makes using this website very awkward, and impossible on some pages, so I apologise if a solution to my problem was already available.

edit:
Just realised how little information Is in this post.
Since I can really do anything with my computer at the moment I'll have to go by memory for most things:
I'll try to add stuff as I remember/figure it out.

It is a Desktop. Dell Inspiron .
Last time I installed updated or anything like that was sometime late last year.
Also have not added any hardware.

I run daily virus scans with AVG free 8.5. If something seems weird I also sometimes use Malware Bits.
I did have a rather nasty trojan awhile ago. Messed up my Windows Explorer, but I was pretty sure I had repaired that.

Somero · « **Reply #1 on:** January 24, 2011, 08:38:14 AM »

Just using guest as a username gets me a Welcome screen, and it looks like it is loading, eventually it takes to the "The specified domain either does not exist or could not be contacted." message that I get when I try anything else.

Somero · « **Reply #2 on:** January 28, 2011, 05:12:59 PM »

Ok, I've managed to trade one probalem for another.
I booted up my Windows Vista installation disk to see if it could help.
Used the repair option.

Now instead of getting the previous message I get a Blue Screen of Death. Trying to boot in safe mode just gets me a black screen with a cursor.

The STOP code was:

Quote

0x0000001e (0xFFFFFFFFC0000005, 0xFFFFFA8005C7ACE0, 0x0000000000000000, 0(?)0000000000023000)

The (?) is there because that's when the code started wraping around, and a portion of the left half of the screen was being cut off.
Seems like it was only one character for each line, so it is probably just missing the "x".

I am going to try and investigate this myself. I just thought it was a good idea to come here and update my situation.

Broni · « **Reply #3 on:** January 28, 2011, 08:29:44 PM »

STOP: 0x0000001E or KMODE_EXCEPTION_NOT_HANDLED may be related to insufficient hard drive space.
Do you remember, if it may be the issue?

Somero · « **Reply #4 on:** January 29, 2011, 07:20:43 AM »

Quote from: Broni on January 28, 2011, 08:29:44 PM

STOP: 0x0000001E or KMODE_EXCEPTION_NOT_HANDLED may be related to insufficient hard drive space.
Do you remember, if it may be the issue?

Possibly, but I doubt it. I'm not the kind of guy that has hundreds of songs on his computer or anything like that.
Hopefully that is the problem. As it would mean my stuff wasn't wiped.

Anyway to check without windows?

Broni · « **Reply #5 on:** January 29, 2011, 09:32:30 AM »

Let's see, if we can look at your computer booting from an external source.

Please download OTLPE (filesize 120,9 MB)

When downloaded double click on OTLPENet.exe and make sure there is a blank CD in your CD drive. This will automatically create a bootable CD.
Reboot your system using the boot CD you just created.

Note : If you do not know how to set your computer to boot from CD follow the steps HERE

Your system should now display a REATOGO-X-PE desktop.
Depending on your type of internet connection, you should be able to get online as well so you can access this topic more easily.
Double-click on the OTLPE icon.
When asked Do you wish to load the remote registry, select Yes
When asked Do you wish to load remote user profile(s) for scanning, select Yes
Ensure the box Automatically Load All Remaining Users" is checked and press OK
OTL should now start.
Press Run Scan to start the scan.
When finished, the file will be saved in drive C:\OTL.txt
Copy this file to your USB drive if you do not have internet connection on this system
Please post the contents of the OTL.txt file in your reply.

Somero · « **Reply #6 on:** February 02, 2011, 11:05:34 AM »

So far my attempts to access another computer have been futile, but it looks like I'll have another chance this friday.

Somero · « **Reply #7 on:** February 05, 2011, 03:54:07 PM »

Ok, I have another computer to work with, but my rewritable CDs are not being recognised.
They're labeled "Memorex CD-RW 4x 700MB 80 min".

Going to try again.

edit: It is being recognised now, but everytime I try to burn it I get "Failed to send Cue Sheet! Reason: Illegal Mode For This Track"

Am I using the wrong kind of disk or something?

Broni · « **Reply #8 on:** February 05, 2011, 04:58:56 PM »

It has to be CDR, not CDRW.

Somero · « **Reply #9 on:** February 06, 2011, 12:17:02 PM »

Ok, I've got the REATOGO-X-PE thing working, but when I double-click the OTLPE icon it prompts me to choose a directory. Nothing about remote registries.

And when I choose my C: Drive I get the message "Target is not windows 2000 or later". Which is odd because I'm 100% sure I was using Vista. Don't know how I could be mistaken about that.

At least I can see my stuff is still there. At least is appears to be at first glance.

Broni · « **Reply #10 on:** February 06, 2011, 01:53:00 PM »

Quote

when I choose my C: Drive I get the message "Target is not windows 2000 or later".

Select a folder, where Windows is actually installed.
In most cases, that would be C:\Windows

Somero · « **Reply #11 on:** February 07, 2011, 10:32:26 AM »

This situation has made me a bit paranoid/extra careful don't really want to do too much when I'm not sure what exactly it is I'm doing.

Anyway, here is the scan results:

Quote

OTL logfile created on: 2/7/2011 12:24:37 PM - Run
OTLPE by OldTimer - Version 3.1.44.3 Folder = X:\Programs\OTLPE
64bit-Windows Vista (TM) Home Premium Service Pack 1 (Version = 6.0.6001) - Type = System
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 581.10 Gb Total Space | 375.23 Gb Free Space | 64.57% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 6.34 Gb Free Space | 42.28% Space Free | Partition Type: NTFS
Drive X: | 436.55 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet003

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/05/04 21:15:10 | 000,202,752 | ---- | M] (AMD) [Auto] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2008/12/18 13:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/08/16 20:13:38 | 000,025,832 | ---- | M] (BioWare) [On_Demand] -- C:\Program Files (x86)\Steam\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/09/10 11:05:12 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files (x86)\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009/09/10 11:05:10 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files (x86)\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/07/16 16:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2008/11/03 18:15:32 | 000,242,424 | ---- | M] (WildTangent, Inc.) [On_Demand] -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/07/27 13:03:13 | 000,069,632 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/05/04 21:47:08 | 006,789,632 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV:64bit: - [2010/05/04 21:47:08 | 006,789,632 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010/05/04 21:47:08 | 006,789,632 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/05/04 20:23:24 | 000,221,184 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/03/09 05:20:50 | 000,120,848 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/09/10 11:05:23 | 000,133,640 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\Windows\System32\Drivers\avgtdia.sys -- (AvgTdiA)
DRV:64bit: - [2009/09/10 11:05:20 | 000,427,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\Windows\System32\Drivers\avgldx64.sys -- (AvgLdx64)
DRV:64bit: - [2009/09/10 11:05:19 | 000,033,416 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- C:\Windows\System32\Drivers\avgmfx64.sys -- (AvgMfx64)
DRV:64bit: - [2009/04/28 13:26:52 | 001,152,000 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009/01/13 07:39:42 | 000,188,416 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2009/01/13 06:12:14 | 000,226,832 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Disabled] -- C:\Windows\system32\drivers\ahcix64s.sys -- (ahcix64s)
DRV:64bit: - [2008/01/20 21:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\e1e6032e.sys -- (e1express) Intel(R)
DRV:64bit: - [2007/11/14 02:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot] -- C:\Windows\System32\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2007/10/09 23:58:28 | 000,112,512 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2007/08/17 10:17:46 | 012,582,272 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\snp2sxp.sys -- (SNP2STD) USB2.0 PC Camera (SNP2STD)
DRV:64bit: - [2006/09/18 16:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- C:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV - [2007/08/17 10:18:28 | 012,274,432 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\SysWOW64\drivers\snp2sxp.sys -- (SNP2STD) USB2.0 PC Camera (SNP2STD)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=Z007&form=ZGAPHP
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.bing.com/?pc=Z007&form=ZGAPHP
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:59274

[2011/01/19 14:51:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/01/13 20:52:32 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/12/16 11:15:07 | 000,001,919 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing-zugo.xml

O1 HOSTS File: ([2006/09/18 16:37:24 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg64.dll (Google Inc.)
O2 - BHO: (ATLAS Toolbar) - {3C6301ED-0F78-4AF2-8150-D9C052361A8E} - C:\Program Files (x86)\ATLAS V14\ATLIECP.DLL (FUJITSU LIMITED)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (WhiteSmoke Toolbar) - {52794457-af6c-4c50-9def-f2e24f4c8889} - C:\Program Files (x86)\whitesmoketoolbar\whitesmoketoolbarX.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (ATLAS Toolbar) - {3C6301ED-0F78-4AF2-8150-D9C052361A8E} - C:\Program Files (x86)\ATLAS V14\ATLIECP.DLL (FUJITSU LIMITED)
O3 - HKLM\..\Toolbar: (WhiteSmoke Toolbar) - {52794457-af6c-4c50-9def-f2e24f4c8889} - C:\Program Files (x86)\whitesmoketoolbar\whitesmoketoolbarX.dll ()
O3:64bit: - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [snp2std] C:\Windows\vsnp2std.exe (Sonix)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] File not found
O4 - HKLM..\Run: [ATICustomerCare] File not found
O4 - HKLM..\Run: [AVG8_TRAY] File not found
O4 - HKLM..\Run: [cftmon] File not found
O4 - HKLM..\Run: [HDAudDeck] File not found
O4 - HKLM..\Run: [Microsoft Default Manager] File not found
O4 - HKLM..\Run: [PDVDDXSrv] File not found
O4 - HKLM..\Run: [StartCCC] File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] File not found
O4 - HKU\.DEFAULT..\Run: [Dnexabamisabam] File not found
O4:64bit: - HKLM..\RunOnce: [*WerKernelReporting] C:\Windows\System32\WerFault.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Cake\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Default\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Default User\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Rob\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O9 - Extra Button: ATLAS Translation - {B7707A72-4355-11D4-82BD-00000EBBEF8D} - C:\Program Files (x86)\ATLAS V14\atlscript.html ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\System32\avgrssta.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/28 20:51:10 | 000,000,000 | ---D | C] -- C:\Temp
[2011/01/21 12:08:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\dieselmine
[2011/01/13 20:47:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2011/01/11 23:09:30 | 000,462,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
[2011/01/11 23:09:29 | 000,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbc32.dll
[2011/01/11 23:09:26 | 001,251,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
[2009/09/25 21:37:38 | 000,151,552 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnp2std.dll
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/02/05 17:39:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/02/05 17:39:27 | 4294,041,600 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/05 17:39:03 | 390,891,529 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/01/23 13:00:37 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/01/23 13:00:37 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/01/23 12:28:35 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/01/23 12:17:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At13.job
[2011/01/23 11:17:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At12.job
[2011/01/23 10:16:59 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At11.job
[2011/01/23 09:16:59 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At10.job
[2011/01/23 08:16:59 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At9.job
[2011/01/23 08:10:39 | 070,432,519 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2011/01/23 07:16:59 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At8.job
[2011/01/23 06:16:59 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At7.job
[2011/01/23 05:17:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At6.job
[2011/01/23 04:16:59 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At5.job
[2011/01/23 03:16:59 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At4.job
[2011/01/23 02:17:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At3.job
[2011/01/23 01:16:59 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At2.job
[2011/01/23 00:17:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At1.job
[2011/01/22 23:16:59 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At24.job
[2011/01/22 22:28:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/01/22 22:16:59 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At23.job
[2011/01/22 21:16:59 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At22.job
[2011/01/22 20:16:59 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At21.job
[2011/01/22 19:16:59 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At20.job
[2011/01/22 18:16:59 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At19.job
[2011/01/22 17:16:59 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At18.job
[2011/01/22 16:17:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At17.job
[2011/01/22 15:17:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At16.job
[2011/01/22 14:17:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At15.job
[2011/01/22 13:17:01 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At14.job
[2011/01/21 12:11:31 | 000,004,096 | ---- | M] () -- C:\Windows\d3dx.dat
[2011/01/13 05:45:08 | 000,613,032 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/01/13 05:45:08 | 000,107,990 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/02/05 17:33:38 | 4294,041,600 | -HS- | C] () -- C:\hiberfil.sys
[2011/01/21 12:11:31 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2010/11/25 11:42:07 | 000,721,356 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/07/27 12:42:36 | 000,781,312 | ---- | C] () -- C:\Windows\SysWow64\RGSS102J.dll
[2010/07/27 12:42:36 | 000,778,752 | ---- | C] () -- C:\Windows\SysWow64\RGSS102E.dll
[2010/07/27 12:42:36 | 000,771,584 | ---- | C] () -- C:\Windows\SysWow64\RGSS100J.dll
[2010/07/27 12:42:36 | 000,761,856 | ---- | C] () -- C:\Windows\SysWow64\RGSS104J.dll
[2010/07/27 12:42:36 | 000,758,272 | ---- | C] () -- C:\Windows\SysWow64\RGSS104E.dll
[2010/07/27 12:42:36 | 000,685,056 | ---- | C] () -- C:\Windows\SysWow64\RGSS103J.dll
[2010/07/26 19:53:38 | 000,056,320 | ---- | C] () -- C:\Windows\SysWow64\iyvu9_32.dll
[2010/05/24 09:26:32 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2010/04/12 17:51:36 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2009/09/25 21:37:39 | 012,274,432 | ---- | C] () -- C:\Windows\SysWow64\drivers\snp2sxp.sys
[2009/09/25 21:37:39 | 000,025,472 | ---- | C] () -- C:\Windows\SysWow64\drivers\sncamd.sys
[2009/09/25 21:37:39 | 000,015,497 | ---- | C] () -- C:\Windows\snp2std.ini
[2009/09/10 15:37:34 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009/09/10 15:37:34 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009/09/10 15:37:33 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2008/10/22 04:29:06 | 000,173,550 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2008/10/07 08:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008/10/07 08:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 21:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2006/11/02 10:02:31 | 000,197,632 | ---- | C] () -- C:\Windows\SysWow64\ir32_32.dll

========== LOP Check ==========

[2011/01/23 00:17:00 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2011/01/23 09:16:59 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At10.job
[2011/01/23 10:16:59 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At11.job
[2011/01/23 11:17:00 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At12.job
[2011/01/23 12:17:00 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At13.job
[2011/01/22 13:17:01 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At14.job
[2011/01/22 14:17:00 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At15.job
[2011/01/22 15:17:00 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At16.job
[2011/01/22 16:17:00 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At17.job
[2011/01/22 17:16:59 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At18.job
[2011/01/22 18:16:59 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At19.job
[2011/01/23 01:16:59 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At2.job
[2011/01/22 19:16:59 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At20.job
[2011/01/22 20:16:59 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At21.job
[2011/01/22 21:16:59 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At22.job
[2011/01/22 22:16:59 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At23.job
[2011/01/22 23:16:59 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At24.job
[2011/01/23 02:17:00 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At3.job
[2011/01/23 03:16:59 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At4.job
[2011/01/23 04:16:59 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At5.job
[2011/01/23 05:17:00 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At6.job
[2011/01/23 06:16:59 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At7.job
[2011/01/23 07:16:59 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At8.job
[2011/01/23 08:16:59 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At9.job
[2011/01/23 13:00:10 | 000,032,576 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

Broni · « **Reply #12 on:** February 07, 2011, 10:42:13 AM »

Quote

don't really want to do too much when I'm not sure what exactly it is I'm doing

That's smart of you. Asking won't hurt

It looks like you're infected with TDSS rootkit and WhiteSmoke trojan.

Do this on the computer you are posting from:
Copy the text in the codebox below:

Code: [Select]

:OTL
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:59274
[2010/12/16 11:15:07 | 000,001,919 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing-zugo.xml
O2 - BHO: (WhiteSmoke Toolbar) - {52794457-af6c-4c50-9def-f2e24f4c8889} - C:\Program Files (x86)\whitesmoketoolbar\whitesmoketoolbarX.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (WhiteSmoke Toolbar) - {52794457-af6c-4c50-9def-f2e24f4c8889} - C:\Program Files (x86)\whitesmoketoolbar\whitesmoketoolbarX.dll ()
O4 - HKU\.DEFAULT..\Run: [Dnexabamisabam]  File not found
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2011/01/23 12:17:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At13.job
[2011/01/23 11:17:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At12.job
[2011/01/23 10:16:59 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At11.job
[2011/01/23 09:16:59 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At10.job
[2011/01/23 08:16:59 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At9.job
[2011/01/23 07:16:59 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At8.job
[2011/01/23 06:16:59 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At7.job
[2011/01/23 05:17:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At6.job
[2011/01/23 04:16:59 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At5.job
[2011/01/23 03:16:59 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At4.job
[2011/01/23 02:17:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At3.job
[2011/01/23 01:16:59 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At2.job
[2011/01/23 00:17:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At1.job
[2011/01/22 23:16:59 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At24.job
[2011/01/22 22:16:59 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At23.job
[2011/01/22 21:16:59 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At22.job
[2011/01/22 20:16:59 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At21.job
[2011/01/22 19:16:59 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At20.job
[2011/01/22 18:16:59 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At19.job
[2011/01/22 17:16:59 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At18.job
[2011/01/22 16:17:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At17.job
[2011/01/22 15:17:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At16.job
[2011/01/22 14:17:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At15.job
[2011/01/22 13:17:01 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At14.job


:Services

:Reg

:Files
C:\Program Files (x86)\whitesmoketoolbar


:Commands
[purity]
[emptytemp]

Open Notepad and paste it.
Save the document as Fix.txt on to a USB flash drive

On the infected computer the following...

Run OTLPE

Insert USB stick and find the file Fix.txt. Drag the file Fix.txt and drop it under the Custom Scans/Fixes box at the bottom.
- (The content of Fix.txt should appear in the box)
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Post the log produced (you'll need to transfer it with USB stick)
Attempt to reboot normally into Windows.

Somero · « **Reply #13 on:** February 07, 2011, 11:23:59 AM »

Attempting to boot normally got me the same BSOD.

Here's the log:

Quote

========== OTL ==========
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing-zugo.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{52794457-af6c-4c50-9def-f2e24f4c8889}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{52794457-af6c-4c50-9def-f2e24f4c8889}\ deleted successfully.
C:\Program Files (x86)\whitesmoketoolbar\whitesmoketoolbarX.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{52794457-af6c-4c50-9def-f2e24f4c8889} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{52794457-af6c-4c50-9def-f2e24f4c8889}\ not found.
File C:\Program Files (x86)\whitesmoketoolbar\whitesmoketoolbarX.dll not found.
Registry key HKEY_USERS\.DEFAULT\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run not found.
C:\Windows\SysWow64\lspA5D1.tmp deleted successfully.
C:\Windows\Tasks\At13.job moved successfully.
C:\Windows\Tasks\At12.job moved successfully.
C:\Windows\Tasks\At11.job moved successfully.
C:\Windows\Tasks\At10.job moved successfully.
C:\Windows\Tasks\At9.job moved successfully.
C:\Windows\Tasks\At8.job moved successfully.
C:\Windows\Tasks\At7.job moved successfully.
C:\Windows\Tasks\At6.job moved successfully.
C:\Windows\Tasks\At5.job moved successfully.
C:\Windows\Tasks\At4.job moved successfully.
C:\Windows\Tasks\At3.job moved successfully.
C:\Windows\Tasks\At2.job moved successfully.
C:\Windows\Tasks\At1.job moved successfully.
C:\Windows\Tasks\At24.job moved successfully.
C:\Windows\Tasks\At23.job moved successfully.
C:\Windows\Tasks\At22.job moved successfully.
C:\Windows\Tasks\At21.job moved successfully.
C:\Windows\Tasks\At20.job moved successfully.
C:\Windows\Tasks\At19.job moved successfully.
C:\Windows\Tasks\At18.job moved successfully.
C:\Windows\Tasks\At17.job moved successfully.
C:\Windows\Tasks\At16.job moved successfully.
C:\Windows\Tasks\At15.job moved successfully.
C:\Windows\Tasks\At14.job moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Program Files (x86)\whitesmoketoolbar\components folder moved successfully.
C:\Program Files (x86)\whitesmoketoolbar\chrome\skin\searchbar folder moved successfully.
C:\Program Files (x86)\whitesmoketoolbar\chrome\skin\options folder moved successfully.
C:\Program Files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images folder moved successfully.
C:\Program Files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels folder moved successfully.
C:\Program Files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton\icons folder moved successfully.
C:\Program Files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton folder moved successfully.
C:\Program Files (x86)\whitesmoketoolbar\chrome\skin\lib\uwa folder moved successfully.
C:\Program Files (x86)\whitesmoketoolbar\chrome\skin\lib\radio\images folder moved successfully.
C:\Program Files (x86)\whitesmoketoolbar\chrome\skin\lib\radio\css folder moved successfully.
C:\Program Files (x86)\whitesmoketoolbar\chrome\skin\lib\radio folder moved successfully.
C:\Program Files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images folder moved successfully.
C:\Program Files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\default\scripts folder moved successfully.
C:\Program Files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\default\images folder moved successfully.
C:\Program Files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\default\css folder moved successfully.
C:\Program Files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\default folder moved successfully.
C:\Program Files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\css folder moved successfully.
C:\Program Files (x86)\whitesmoketoolbar\chrome\skin\lib\panels folder moved successfully.
C:\Program Files (x86)\whitesmoketoolbar\chrome\skin\lib folder moved successfully.
C:\Program Files (x86)\whitesmoketoolbar\chrome\skin\DTXWizard\skin\icon_library\Basics folder moved successfully.
C:\Program Files (x86)\whitesmoketoolbar\chrome\skin\DTXWizard\skin\icon_library folder moved successfully.
C:\Program Files (x86)\whitesmoketoolbar\chrome\skin\DTXWizard\skin folder moved successfully.
C:\Program Files (x86)\whitesmoketoolbar\chrome\skin\DTXWizard folder moved successfully.
C:\Program Files (x86)\whitesmoketoolbar\chrome\skin folder moved successfully.
C:\Program Files (x86)\whitesmoketoolbar\chrome\data\weather folder moved successfully.
C:\Program Files (x86)\whitesmoketoolbar\chrome\data\search folder moved successfully.
C:\Program Files (x86)\whitesmoketoolbar\chrome\data\rss folder moved successfully.
C:\Program Files (x86)\whitesmoketoolbar\chrome\data\dynamicElements folder moved successfully.
C:\Program Files (x86)\whitesmoketoolbar\chrome\data folder moved successfully.
C:\Program Files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\scripts folder moved successfully.
C:\Program Files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\images folder moved successfully.
C:\Program Files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\css folder moved successfully.
C:\Program Files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin folder moved successfully.
C:\Program Files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\js folder moved successfully.
C:\Program Files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images folder moved successfully.
C:\Program Files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\css folder moved successfully.
C:\Program Files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube folder moved successfully.
C:\Program Files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\scripts folder moved successfully.
C:\Program Files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images folder moved successfully.
C:\Program Files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\css folder moved successfully.
C:\Program Files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin folder moved successfully.
C:\Program Files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV folder moved successfully.
C:\Program Files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\scripts folder moved successfully.
C:\Program Files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\images folder moved successfully.
C:\Program Files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\css folder moved successfully.
C:\Program Files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin folder moved successfully.
C:\Program Files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\js folder moved successfully.
C:\Program Files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images folder moved successfully.
C:\Program Files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\css folder moved successfully.
C:\Program Files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter folder moved successfully.
C:\Program Files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\scripts folder moved successfully.
C:\Program Files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\images folder moved successfully.
C:\Program Files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\css folder moved successfully.
C:\Program Files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin folder moved successfully.
C:\Program Files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook folder moved successfully.
C:\Program Files (x86)\whitesmoketoolbar\chrome\content\widgets folder moved successfully.
C:\Program Files (x86)\whitesmoketoolbar\chrome\content\newtab\images folder moved successfully.
C:\Program Files (x86)\whitesmoketoolbar\chrome\content\newtab folder moved successfully.
C:\Program Files (x86)\whitesmoketoolbar\chrome\content\modules folder moved successfully.
C:\Program Files (x86)\whitesmoketoolbar\chrome\content\lib folder moved successfully.
C:\Program Files (x86)\whitesmoketoolbar\chrome\content folder moved successfully.
C:\Program Files (x86)\whitesmoketoolbar\chrome folder moved successfully.
C:\Program Files (x86)\whitesmoketoolbar folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Cake
->Temp folder emptied: 47569 bytes
->Temporary Internet Files folder emptied: 2223838 bytes
->Flash cache emptied: 56504 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Rob
->Temp folder emptied: 189287374 bytes
->Temporary Internet Files folder emptied: 39931104 bytes
->Java cache emptied: 69505877 bytes
->FireFox cache emptied: 105923008 bytes
->Flash cache emptied: 403117 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 85322095 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33237 bytes

Total Files Cleaned = 470.00 mb

OTLPE by OldTimer - Version 3.1.44.3 log created on 02072011_130920

I've seen that whitesmoke thing before. I thought I had taken care of it before. Guess not.

Broni · « **Reply #14 on:** February 07, 2011, 11:27:17 AM »

Please download NTBR by noahdfear and save it to your Desktop.
File size: 2.44 MB (2,565,432 bytes)

Place a blank CD in your CD drive.
Double click on NTBR_CD.exe file and a folder of the same name will appear.
Open the folder and double click on BurnItCD.cmd file. If your CD drive will open, simply close it back.
Follow the prompts to burn the CD.

Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)
If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.

Insert the newly created CD into your infected PC and reboot your computer.
Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!
Read the warning and then continue as prompted.
You first need to select your keyboard layout - press Enter for English.
Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK
On the following screen enter 5 to select Install Standard MBR code.
Enter 1 to overwrite the infected MBR Code with the Standard MBR code.
When asked to confirm please do so.
Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD.
Eject the disc and then press ctrl+alt+del to reboot the PC.

Attempt to boot normally.

**Important note to Dell users - fixing the MBR may prevent access to the Dell Restore Utility, which allows you to press a key on startup and revert your computer to a factory delivered state. If this is Dell computer, let me know before proceeding.

Somero · « **Reply #15 on:** February 07, 2011, 12:02:05 PM »

Yeah, it is a dell.

Broni · « **Reply #16 on:** February 07, 2011, 12:25:12 PM »

Do you have recovery DVD?

Somero · « **Reply #17 on:** February 07, 2011, 12:42:01 PM »

I'm not sure. I have one disk for the OS and two for drivers.

Broni · « **Reply #18 on:** February 07, 2011, 12:43:43 PM »

What is the name of that one disk?

Somero · « **Reply #19 on:** February 07, 2011, 12:58:46 PM »

Reinstallation DVD
Windows Vista Home Premium 64BIT SP1

Broni · « **Reply #20 on:** February 07, 2011, 01:02:53 PM »

Good. You're safe in case we can't fix it.

Proceed with MBR fix CD.

Somero · « **Reply #21 on:** February 07, 2011, 02:08:35 PM »

After rebooting my pc I got the "Windows Error recovery Windows failed to start. A recent hardware or software change might be the cause" screen from the first.
I chose to start windows normally which just made the computer reboot. Now I only get the "Windows did not shutdown properly" screen with the safe mode options.

Safe mode does the same thing as the first post. Just a black screen with a cursor in the middle.

I should probably note that I accidentally did these steps twice:

Quote from: Broni on February 07, 2011, 11:27:17 AM

On the following screen enter 5 to select Install Standard MBR code.
Enter 1 to overwrite the infected MBR Code with the Standard MBR code.

Broni · « **Reply #22 on:** February 07, 2011, 02:14:34 PM »

Your system should now display a REATOGO-X-PE desktop.
Depending on your type of internet connection, you should be able to get online as well so you can access this topic more easily.
Double-click on the OTLPE icon.
Under the Custom Scan box paste this in:

/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
userinit.exe
explorer.exe
/md5stop
When asked Do you wish to load the remote registry, select Yes
When asked Do you wish to load remote user profile(s) for scanning, select Yes
Ensure the box Automatically Load All Remaining Users" is checked and press OK
OTL should now start.
Press Run Scan to start the scan.
When finished, the file will be saved in drive C:\OTL.txt
Copy this file to your USB drive if you do not have internet connection on this system
Please post the contents of the OTL.txt file in your reply.

Somero · « **Reply #23 on:** February 07, 2011, 03:19:59 PM »

Done:

Quote

OTL logfile created on: 2/7/2011 4:34:45 PM - Run
OTLPE by OldTimer - Version 3.1.44.3 Folder = X:\Programs\OTLPE
64bit-Windows Vista (TM) Home Premium Service Pack 1 (Version = 6.0.6001) - Type = System
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 581.10 Gb Total Space | 379.45 Gb Free Space | 65.30% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 6.34 Gb Free Space | 42.28% Space Free | Partition Type: NTFS
Drive X: | 436.55 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet003

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/05/04 21:15:10 | 000,202,752 | ---- | M] (AMD) [Auto] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2008/12/18 13:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/08/16 20:13:38 | 000,025,832 | ---- | M] (BioWare) [On_Demand] -- C:\Program Files (x86)\Steam\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/09/10 11:05:12 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files (x86)\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009/09/10 11:05:10 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files (x86)\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/07/16 16:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2008/11/03 18:15:32 | 000,242,424 | ---- | M] (WildTangent, Inc.) [On_Demand] -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/07/27 13:03:13 | 000,069,632 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/05/04 21:47:08 | 006,789,632 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV:64bit: - [2010/05/04 21:47:08 | 006,789,632 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010/05/04 21:47:08 | 006,789,632 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/05/04 20:23:24 | 000,221,184 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/03/09 05:20:50 | 000,120,848 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/09/10 11:05:23 | 000,133,640 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\Windows\System32\Drivers\avgtdia.sys -- (AvgTdiA)
DRV:64bit: - [2009/09/10 11:05:20 | 000,427,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\Windows\System32\Drivers\avgldx64.sys -- (AvgLdx64)
DRV:64bit: - [2009/09/10 11:05:19 | 000,033,416 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- C:\Windows\System32\Drivers\avgmfx64.sys -- (AvgMfx64)
DRV:64bit: - [2009/04/28 13:26:52 | 001,152,000 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009/01/13 07:39:42 | 000,188,416 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2009/01/13 06:12:14 | 000,226,832 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Disabled] -- C:\Windows\system32\drivers\ahcix64s.sys -- (ahcix64s)
DRV:64bit: - [2008/01/20 21:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\e1e6032e.sys -- (e1express) Intel(R)
DRV:64bit: - [2007/11/14 02:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot] -- C:\Windows\System32\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2007/10/09 23:58:28 | 000,112,512 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2007/08/17 10:17:46 | 012,582,272 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\snp2sxp.sys -- (SNP2STD) USB2.0 PC Camera (SNP2STD)
DRV:64bit: - [2006/09/18 16:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- C:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV - [2007/08/17 10:18:28 | 012,274,432 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\SysWOW64\drivers\snp2sxp.sys -- (SNP2STD) USB2.0 PC Camera (SNP2STD)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=Z007&form=ZGAPHP
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.bing.com/?pc=Z007&form=ZGAPHP
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =

IE - HKU\Cake_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKU\Cake_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
IE - HKU\Cake_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Rob_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKU\Rob_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.routerlogin.net/start.htm
IE - HKU\Rob_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Rob_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Rob_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKU\Rob_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:23012

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.tfw2005.com/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.429
FF - prefs.js..extensions.enabledItems: {7565A528-2B96-4E1A-A496-EB36C53D9A1D}:1.9.1
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..network.proxy.type: 4

[2009/09/10 10:03:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rob\AppData\Roaming\Mozilla\Extensions
[2011/01/19 14:51:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\hhw0hz6e.default\extensions
[2010/11/27 11:16:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\hhw0hz6e.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/19 14:51:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/01/13 20:52:32 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2009/12/21 10:40:35 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES (X86)\AVG\AVG8\FIREFOX
[2010/11/26 02:24:19 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\ROB\APPDATA\LOCAL\{7565A528-2B96-4E1A-A496-EB36C53D9A1D}

O1 HOSTS File: ([2006/09/18 16:37:24 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg64.dll (Google Inc.)
O2 - BHO: (ATLAS Toolbar) - {3C6301ED-0F78-4AF2-8150-D9C052361A8E} - C:\Program Files (x86)\ATLAS V14\ATLIECP.DLL (FUJITSU LIMITED)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (ATLAS Toolbar) - {3C6301ED-0F78-4AF2-8150-D9C052361A8E} - C:\Program Files (x86)\ATLAS V14\ATLIECP.DLL (FUJITSU LIMITED)
O3:64bit: - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3:64bit: - HKU\Rob_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\Rob_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [snp2std] C:\Windows\vsnp2std.exe (Sonix)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] File not found
O4 - HKLM..\Run: [ATICustomerCare] File not found
O4 - HKLM..\Run: [AVG8_TRAY] File not found
O4 - HKLM..\Run: [cftmon] File not found
O4 - HKLM..\Run: [HDAudDeck] File not found
O4 - HKLM..\Run: [Microsoft Default Manager] File not found
O4 - HKLM..\Run: [PDVDDXSrv] File not found
O4 - HKLM..\Run: [StartCCC] File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] File not found
O4 - HKU\.DEFAULT..\Run: [Dnexabamisabam] File not found
O4 - HKU\LocalService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\Rob_ON_C..\Run: [9TByimAf.exe] File not found
O4 - HKU\Rob_ON_C..\Run: [Aim] C:\Program Files (x86)\AIM\aim.exe (AOL Inc.)
O4 - HKU\Rob_ON_C..\Run: [DriverUpdaterPro] C:\Program Files (x86)\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe (iXi Tools)
O4 - HKU\Rob_ON_C..\Run: [HbiKFWCg.exe] File not found
O4 - HKU\Rob_ON_C..\Run: [K3XJKFJMY.exe] File not found
O4 - HKU\Rob_ON_C..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation)
O4 - HKU\Rob_ON_C..\Run: [Steam] C:\program files (x86)\steam\steam.exe (Valve Corporation)
O4 - HKU\Rob_ON_C..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\Rob_ON_C..\Run: [ukrpvito] File not found
O4 - HKU\Rob_ON_C..\Run: [WMPNSCFG] File not found
O4 - HKU\Rob_ON_C..\Run: [ZDNpaYca8L.exe] File not found
O4:64bit: - HKLM..\RunOnce: [*WerKernelReporting] C:\Windows\System32\WerFault.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Cake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\Cake_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Rob_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKU\Rob_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMovingBands = 0
O7 - HKU\Rob_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCloseDragDropBands = 0
O7 - HKU\Rob_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\Rob_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarsOnTaskbar = 0
O7 - HKU\Rob_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\Rob_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O7 - HKU\Rob_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0
O7 - HKU\Rob_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O8:64bit: - Extra context menu item: &Translate with ATLAS - C:\Program Files (x86)\ATLAS V14\atlscript.html ()
O8:64bit: - Extra context menu item: ATLAS Translation &Editor - C:\Program Files (x86)\ATLAS V14\AtlscriptEdit.html ()
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O8 - Extra context menu item: &Translate with ATLAS - C:\Program Files (x86)\ATLAS V14\atlscript.html ()
O8 - Extra context menu item: ATLAS Translation &Editor - C:\Program Files (x86)\ATLAS V14\AtlscriptEdit.html ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra Button: ATLAS Translation - {B7707A72-4355-11D4-82BD-00000EBBEF8D} - C:\Program Files (x86)\ATLAS V14\atlscript.html ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\System32\avgrssta.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{7c353698-98c8-11de-afc2-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{7c353698-98c8-11de-afc2-806e6f6e6963}\Shell\AutoRun\command - "" = E:\OblivionLauncher.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/07 13:09:20 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/01/28 20:51:10 | 000,000,000 | ---D | C] -- C:\Temp
[2011/01/21 12:13:39 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Roaming\dieselmine
[2011/01/21 12:08:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\dieselmine
[2011/01/20 10:33:41 | 000,000,000 | ---D | C] -- C:\Users\Rob\Desktop\[T-N]Kamen_Rider_OOO
[2011/01/13 20:47:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2011/01/11 23:09:30 | 000,462,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
[2011/01/11 23:09:29 | 000,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbc32.dll
[2011/01/11 23:09:26 | 001,251,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
[2009/09/25 21:37:38 | 000,151,552 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnp2std.dll

========== Files - Modified Within 30 Days ==========

[2011/02/07 15:57:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/02/07 15:57:24 | 268,435,456 | -HS- | M] () -- C:\Windows\System32\temppf.sys
[2011/02/07 13:17:16 | 390,576,137 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/01/23 13:00:37 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/01/23 13:00:37 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/01/23 12:36:00 | 061,128,144 | ---- | M] () -- C:\Users\Rob\Desktop\WTF_TFW2005_-_130_-_Jan_13_2011.mp3
[2011/01/23 12:28:35 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/01/23 08:10:39 | 070,432,519 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2011/01/22 22:28:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/01/22 17:35:27 | 052,619,176 | ---- | M] () -- C:\Users\Rob\Desktop\WTF_TFW2005_-_129_-_Jan_6_2011.mp3
[2011/01/22 10:24:23 | 041,103,672 | ---- | M] () -- C:\Users\Rob\Desktop\WTF_Primetime_-_03_-_Ancillary_and_On_Demand.mp3
[2011/01/21 15:28:52 | 000,215,552 | ---- | M] () -- C:\Users\Rob\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/21 12:11:31 | 000,004,096 | ---- | M] () -- C:\Windows\d3dx.dat
[2011/01/13 05:45:08 | 000,613,032 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/01/13 05:45:08 | 000,107,990 | ---- | M] () -- C:\Windows\System32\perfc009.dat

========== Files Created - No Company Name ==========

[2011/02/07 15:32:18 | 268,435,456 | -HS- | C] () -- C:\Windows\System32\temppf.sys
[2011/01/22 07:41:58 | 041,103,672 | ---- | C] () -- C:\Users\Rob\Desktop\WTF_Primetime_-_03_-_Ancillary_and_On_Demand.mp3
[2011/01/21 12:11:31 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2011/01/19 07:53:06 | 061,128,144 | ---- | C] () -- C:\Users\Rob\Desktop\WTF_TFW2005_-_130_-_Jan_13_2011.mp3
[2011/01/12 08:27:21 | 052,619,176 | ---- | C] () -- C:\Users\Rob\Desktop\WTF_TFW2005_-_129_-_Jan_6_2011.mp3
[2010/11/26 19:18:19 | 000,000,680 | ---- | C] () -- C:\Users\Cake\AppData\Local\d3d9caps.dat
[2010/11/26 02:24:21 | 000,000,120 | ---- | C] () -- C:\Users\Rob\AppData\Local\Gdovuramujoy.dat
[2010/11/26 02:24:21 | 000,000,000 | ---- | C] () -- C:\Users\Rob\AppData\Local\Rtenuwenuqavefog.bin
[2010/11/25 11:45:57 | 000,000,091 | ---- | C] () -- C:\Users\Rob\AppData\Local\fusioncache.dat
[2010/11/25 11:42:07 | 000,721,356 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/11/05 15:51:55 | 000,027,209 | ---- | C] () -- C:\Users\Rob\AppData\Local\dd_depcheckdotnetfx30.txt
[2010/11/05 15:51:44 | 000,002,526 | ---- | C] () -- C:\Users\Rob\AppData\Local\uxeventlog.txt
[2010/11/05 15:51:44 | 000,000,604 | ---- | C] () -- C:\Users\Rob\AppData\Local\dd_dotnetfx3error.txt
[2010/11/05 15:51:43 | 000,034,014 | ---- | C] () -- C:\Users\Rob\AppData\Local\dd_dotnetfx3install.txt
[2010/07/27 12:42:36 | 000,781,312 | ---- | C] () -- C:\Windows\SysWow64\RGSS102J.dll
[2010/07/27 12:42:36 | 000,778,752 | ---- | C] () -- C:\Windows\SysWow64\RGSS102E.dll
[2010/07/27 12:42:36 | 000,771,584 | ---- | C] () -- C:\Windows\SysWow64\RGSS100J.dll
[2010/07/27 12:42:36 | 000,761,856 | ---- | C] () -- C:\Windows\SysWow64\RGSS104J.dll
[2010/07/27 12:42:36 | 000,758,272 | ---- | C] () -- C:\Windows\SysWow64\RGSS104E.dll
[2010/07/27 12:42:36 | 000,685,056 | ---- | C] () -- C:\Windows\SysWow64\RGSS103J.dll
[2010/07/26 19:53:38 | 000,056,320 | ---- | C] () -- C:\Windows\SysWow64\iyvu9_32.dll
[2010/05/24 09:26:32 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2010/04/12 17:51:36 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2010/04/03 12:35:30 | 000,010,040 | -HS- | C] () -- C:\Users\Rob\AppData\Local\XORQ
[2009/12/26 22:53:59 | 000,007,052 | ---- | C] () -- C:\Users\Rob\AppData\Local\d3d9caps.dat
[2009/09/25 21:37:39 | 012,274,432 | ---- | C] () -- C:\Windows\SysWow64\drivers\snp2sxp.sys
[2009/09/25 21:37:39 | 000,025,472 | ---- | C] () -- C:\Windows\SysWow64\drivers\sncamd.sys
[2009/09/25 21:37:39 | 000,015,497 | ---- | C] () -- C:\Windows\snp2std.ini
[2009/09/10 15:37:34 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009/09/10 15:37:34 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009/09/10 15:37:33 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2009/09/10 10:13:55 | 000,215,552 | ---- | C] () -- C:\Users\Rob\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/22 04:29:06 | 000,173,550 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2008/10/07 08:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008/10/07 08:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 21:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2006/11/02 10:02:31 | 000,197,632 | ---- | C] () -- C:\Windows\SysWow64\ir32_32.dll

========== LOP Check ==========

[2010/09/11 08:40:16 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\.ABC
[2010/09/29 12:23:44 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\.minecraft
[2010/11/14 17:36:40 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\acccore
[2011/01/21 12:13:39 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\dieselmine
[2010/09/01 13:00:39 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Feedreader
[2010/08/05 13:13:20 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Fujitsu
[2010/09/26 20:49:43 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Graphic.lyAir.524A3AB5801B9AE08DEEB1BA295EDE84BDC333F2.1
[2009/10/04 01:15:02 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\IrfanView
[2010/04/02 17:33:48 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\SecondLife
[2009/10/17 19:03:20 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Smith Micro
[2009/09/10 17:14:32 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\SPORE
[2010/11/01 18:02:43 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\SystemRequirementsLab
[2011/01/12 08:22:34 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\WhiteSmokeTranslator
[2011/01/23 13:00:10 | 000,032,576 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< MD5 for: AGP440.SYS >
[2006/11/02 07:03:16 | 000,062,056 | ---- | M] (Microsoft Corporation) MD5=5CCDD13BC602AE33CD8B62D33C29AB72 --
[2008/01/20 21:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 --
[2008/01/20 21:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 --
[2008/01/20 21:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys
[2008/01/20 21:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/01/20 21:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC --
[2008/01/20 21:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2009/04/24 22:26:24 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=5EB9EF6EEC5D873E94992095A1719BF6 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_39c3f1ccf31998cb\atapi.sys
[2006/11/02 07:01:02 | 000,020,072 | ---- | M] (Microsoft Corporation) MD5=DF96CF8885724430024B7522E5C95722 --
[2009/04/11 02:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys
[2009/04/24 22:26:24 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=F988BB0690CD660318037908E9B8DBF7 --
[2009/04/24 22:26:24 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=F988BB0690CD660318037908E9B8DBF7 --
[2009/04/24 22:26:24 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=F988BB0690CD660318037908E9B8DBF7 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_393a5501d9fbf901\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 06:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\SysWOW64\cngaudit.dll
[2006/11/02 06:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: EXPLORER.EXE >
[2009/04/24 22:53:49 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe
[2009/04/24 22:53:48 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\SysWOW64\explorer.exe
[2009/04/24 22:53:48 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe
[2009/04/24 22:53:48 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe
[2009/04/24 22:53:47 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe
[2009/04/11 02:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe
[2009/04/24 22:53:48 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe
[2009/04/24 22:53:47 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\explorer.exe
[2009/04/24 22:53:47 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe
[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe
[2009/04/24 22:53:47 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe
[2009/04/24 22:53:48 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe
[2008/01/20 21:48:44 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe
[2008/01/20 21:49:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe

< MD5 for: IASTORV.SYS >
[2008/01/20 21:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 --
[2008/01/20 21:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 --
[2008/01/20 21:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys
[2006/11/02 06:51:48 | 000,280,680 | ---- | M] (Intel Corporation) MD5=72C3EE7EA3CD75A772E62AE0E5DF8B8C --

< MD5 for: NETLOGON.DLL >
[2008/01/20 21:51:03 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\SysWOW64\netlogon.dll
[2008/01/20 21:51:03 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll
[2009/04/11 01:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
[2009/04/11 02:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
[2008/01/20 21:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SysWOW64\netlogon.dll
[2008/01/20 21:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 07:02:51 | 000,048,232 | ---- | M] (NVIDIA Corporation) MD5=94C5334040A5D500897F4C5FD12AEEDE --
[2008/01/20 21:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA --
[2008/01/20 21:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA --
[2008/01/20 21:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/20 21:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SysWOW64\scecli.dll
[2008/01/20 21:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll
[2008/01/20 21:49:49 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\SysWOW64\scecli.dll
[2008/01/20 21:49:49 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll
[2009/04/11 01:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll
[2009/04/11 02:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\SoftwareDistribution\Download\fce438afafdfd7622141fad99a8dd451\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll

< MD5 for: USERINIT.EXE >
[2008/01/20 21:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008/01/20 21:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008/01/20 21:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysWOW64\userinit.exe
[2008/01/20 21:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe
< End of report >

Broni · « **Reply #24 on:** February 07, 2011, 06:14:27 PM »

Do this on the computer you are posting from:
Copy the text in the codebox below:

Code: [Select]

:OTL
O4 - HKLM..\Run: [Adobe Reader Speed Launcher]  File not found
O4 - HKLM..\Run: [ATICustomerCare]  File not found
O4 - HKLM..\Run: [AVG8_TRAY]  File not found
O4 - HKLM..\Run: [cftmon]  File not found
O4 - HKLM..\Run: [HDAudDeck]  File not found
O4 - HKLM..\Run: [Microsoft Default Manager]  File not found
O4 - HKLM..\Run: [PDVDDXSrv]  File not found
O4 - HKLM..\Run: [StartCCC]  File not found
O4 - HKLM..\Run: [SunJavaUpdateSched]  File not found
O4 - HKU\.DEFAULT..\Run: [Dnexabamisabam]  File not found
O4 - HKU\Rob_ON_C..\Run: [9TByimAf.exe]  File not found
O4 - HKU\Rob_ON_C..\Run: [HbiKFWCg.exe]  File not found
O4 - HKU\Rob_ON_C..\Run: [K3XJKFJMY.exe]  File not found
O4 - HKU\Rob_ON_C..\Run: [ukrpvito]  File not found
O4 - HKU\Rob_ON_C..\Run: [WMPNSCFG]  File not found
O4 - HKU\Rob_ON_C..\Run: [ZDNpaYca8L.exe]  File not found


:Commands
[purity]
[emptytemp]

Open Notepad and paste it.
Save the document as Fix.txt on to a USB flash drive

On the infected computer the following...

Run OTLPE

Insert USB stick and find the file Fix.txt. Drag the file Fix.txt and drop it under the Custom Scans/Fixes box at the bottom.
- (The content of Fix.txt should appear in the box)
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Post the log produced (you'll need to transfer it with USB stick)
Attempt to reboot normally into Windows.

Somero · « **Reply #25 on:** February 07, 2011, 07:06:37 PM »

Nothing is different when I try to boot normally.

Here's the log:

Quote

========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\ATICustomerCare deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\AVG8_TRAY deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\cftmon deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\HDAudDeck deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\Microsoft Default Manager deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\PDVDDXSrv deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\StartCCC deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_USERS\Rob_ON_C\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_USERS\Rob_ON_C\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_USERS\Rob_ON_C\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_USERS\Rob_ON_C\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_USERS\Rob_ON_C\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_USERS\Rob_ON_C\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Cake
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Rob
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes

Total Files Cleaned = 0.00 mb

OTLPE by OldTimer - Version 3.1.44.3 log created on 02072011_204922

Broni · « **Reply #26 on:** February 07, 2011, 07:09:58 PM »

Not good

If you have Vista DVD...

http://www.vistax64.com/tutorials/88236-repair-install-vista.html

If you don't have Vista DVD...

1. Create Vista Recovery Disc.

Option 1:
http://www.c4consulting.com.au/soluctions/vista/VISTA%20SOLUCTIONS.htm

Option 2:
Download Vista Recovery Disc iso image: http://neosmart.net/blog/2008/windows-vista-recovery-disc-download/
Burn it to CD, or DVD: http://neosmart.net/wiki/display/G/Burning+ISO+Images+to+a+CD+or+DVD

2. Boot from created disk.
At first screen click on Repair your computer:

This will bring you to a new screen where the repair process will look for all Windows Vista installations on your computer. When done you will be presented with the System Recovery Options dialog box:

After this, it will present you with a list of options including startup repair, system restore and command prompt:

Try System Restore, first.
If that doesn't work, try Startup Repair.

Somero · « **Reply #27 on:** February 07, 2011, 07:47:34 PM »

Yeah.. I have no previous state to restore to, and startup repair can't find anything wrong.

On top of that my other computer died again. That's a hardware issue though.(one that I thought was fixed)
So back to using my PS3.

I wonder if I project some electronics/mechanics destroying field. I have a similar effect on lawn care equipment.

Broni · « **Reply #28 on:** February 07, 2011, 07:54:26 PM »

Well, we tried...

If you'll be able to eventually start your computer, you can always use OTLPE CD to get your data off of that drive before you reinstall Windows.

Somero · « **Reply #29 on:** February 07, 2011, 08:12:08 PM »

Quote from: Broni on February 07, 2011, 07:54:26 PM

Well, we tried...

If you'll be able to eventually start your computer, you can always use OTLPE CD to get your data off of that drive before you reinstall Windows.

That's my plan.
Just have to find something with enough space.
Maybe I'll finally invest in an external hard drive.

That is 0 for 2, but I still have respect for you guys. Thanks for being patent with me.

Broni · « **Reply #30 on:** February 07, 2011, 08:14:44 PM »

You're welcome

Computer Hope Forum

News:

Author Topic: WindowsVista fails to start, and an odd login screen. (Read 19230 times)

Somero

Somero

Somero

Broni

Somero

Broni

Somero

Somero

Broni

Somero

Broni

Somero

Broni

Somero

Broni

Somero

Broni

Somero

Broni

Somero

Broni

Somero

Broni

Somero

Broni

Somero

Broni

Somero

Broni

Somero

Broni