Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

dell winXP recovery [Solved]


  • This topic is locked This topic is locked

#1
sallyw

sallyw

    Member

  • Member
  • PipPip
  • 58 posts
Hi
Another instance of winXP needing recover. This is a dell optiplex gx520.

i ran chkdsk /r from winxp pro installation disk. could not get past the cursor in the corner.

i've read other replies to similar posts and have downloaded and have followed these instructions:
1.Download Farbar Recovery Scan Tool and save it to a flash drive.

2.Download ListParts and save it to the same flash drive.

3.Download OTLPENet.exe to your desktop on a working computer

4.Ensure that you have a blank CD in the drive

5.Double click OTLPENet.exe and this will then open imgburn to burn the file to CD


6.Reboot your infected system using the boot CD you just created.
Note : If you do not know how to set your computer to boot from CD follow the steps here

7.As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads


8.Your system should now display a Reatogo desktop.
Note : as you are running from CD it is not exactly speedy


9.Hook up the flash drive to the computer

10.Run FRST by navigating to the flash drive then open FRST.exe

11.The tool will start to run.

12.When the tool opens click Yes to disclaimer.

13.Press Scan button.

14.It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply


15.Run ListParts by navigating to the flash drive then open ListParts.exe

16.Press the Scan button.

17.When finished scanning it will make a log Result.txt on your flash drive.

I have the FRST.txt and Result.txt files available.

thx,
SallyW
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you post the logs please

Also what was the sequence of events leading to the non-booting
  • 0

#3
sallyw

sallyw

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
thx 4 quick response! have attached files and added to post.

The computer had one of the never ending popup malware viruses. (Please let me know if i should go to another forum.) I installed MS malicious removal, MS security essentials (from MS, not the hoax) and Windows defender. The computer had sophos with very outdated data and owner didn't understand need for update :(. i made mistake of clicking a tiny window that said, you need to restart for change to take effect. that was it. won't boot to windows. tried recovery repair 3 times without success.

thx,
SallyW

Attached File  FRST.txt   27.73KB   184 downloadsAttached File  Result.txt   2.19KB   186 downloads

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 30-10-2012
Ran by SYSTEM at 03-11-2012 14:15:39
Running from D:\
Microsoft Windows XP (X86) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe [1404928 2004-10-14] (Analog Devices, Inc.)
HKLM\...\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe [77824 2005-10-14] (Intel Corporation)
HKLM\...\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe [114688 2005-10-14] (Intel Corporation)
HKLM\...\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [63048 2010-05-31] (LogMeIn, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [248552 2010-05-14] (Sun Microsystems, Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35760 2010-09-23] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM\...\Run: [Sophos AutoUpdate Monitor] C:\Program Files\Sophos\AutoUpdate\almon.exe [439536 2010-09-21] (Sophos Plc)
HKLM\...\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [54576 2009-11-18] (Hewlett-Packard)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [947176 2012-09-12] (Microsoft Corporation)
HKLM\...\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide [866584 2006-11-03] (Microsoft Corporation)
HKU\admin\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
HKU\Administrator\...\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [1695232 2008-04-14] (Microsoft Corporation)
HKU\Administrator\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
Winlogon\Notify\LMIinit: LMIinit.dll (LogMeIn, Inc.)
Winlogon\Notify\WgaLogon: WgaLogon.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
AppInit_DLLs: C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Services (Whitelisted) ===================

2 Eventlog; C:\Windows\System32\services.exe [110592 2009-02-06] (Microsoft Corporation)
2 SAVAdminService; "C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe" [163056 2010-10-08] (Sophos Plc)
2 SAVService; "C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe" [97520 2010-06-04] (Sophos Plc)
2 Sophos AutoUpdate Service; "C:\Program Files\Sophos\AutoUpdate\ALsvc.exe" [232472 2012-04-11] (Sophos Plc)
2 swi_service; "C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe" [1543704 2012-02-21] (Sophos Plc)
2 WinDefend; "C:\Program Files\Windows Defender\MsMpEng.exe" [13592 2006-11-03] (Microsoft Corporation)
3 FontCache3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [x]
3 idsvc; "c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" [x]
2 JavaQuickStarterService; "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" [x]
2 MsMpSvc; "c:\Program Files\Microsoft Security Client\MsMpEng.exe" [x]
4 NetTcpPortSharing; "c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" [x]

==================== Drivers (Whitelisted) ====================

3 ati2mtag; C:\Windows\System32\DRIVERS\ati2mtag.sys [701440 2004-08-04] (ATI Technologies Inc.)
3 b57w2k; C:\Windows\System32\DRIVERS\b57xp32.sys [132608 2005-03-17] (Broadcom Corporation)
3 E1000; C:\Windows\System32\DRIVERS\e1000325.sys [163840 2005-06-29] (Intel Corporation)
3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [49920 2009-08-27] (HP)
3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2009-08-27] (HP)
3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21568 2009-08-27] (HP)
3 ialm; C:\Windows\System32\DRIVERS\ialmnt5.sys [1302812 2005-10-14] (Intel Corporation)
0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [193552 2012-08-30] (Microsoft Corporation)
1 SAVOnAccessControl; C:\Windows\System32\DRIVERS\savonaccesscontrol.sys [153344 2010-10-08] (Sophos Plc)
1 SAVOnAccessFilter; C:\Windows\System32\DRIVERS\savonaccessfilter.sys [24064 2010-10-08] (Sophos Plc)
3 senfilt; C:\Windows\System32\drivers\senfilt.sys [732928 2004-09-17] (Creative Technology Ltd.)
4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [14976 2008-05-23] (Sophos Plc)
1 wvcgffsy; \??\C:\WINDOWS\system32\drivers\wvcgffsy.sys [43600 2012-10-30] (Microsoft Corporation)
3 {6080A529-897E-4629-A488-ABA0C29B635E}; C:\Windows\System32\drivers\ialmsbw.sys [113504 2003-04-15] (Intel Corporation)
3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}; C:\Windows\System32\drivers\ialmkchw.sys [78752 2003-04-15] (Intel Corporation)
4 Abiosdsk; [x]
4 abp480n5; [x]
4 adpu160m; [x]
3 aeaudio; C:\Windows\System32\drivers\aeaudio.sys [x]
4 Aha154x; [x]
4 aic78u2; [x]
4 aic78xx; [x]
4 AliIde; [x]
4 amsint; [x]
4 asc; [x]
4 asc3350p; [x]
4 asc3550; [x]
4 Atdisk; [x]
4 cd20xrnt; [x]
1 Changer; [x]
4 CmdIde; [x]
4 Cpqarray; [x]
4 dac2w2k; [x]
4 dac960nt; [x]
4 dpti2o; [x]
4 hpn; [x]
4 hpt3xx; [x]
1 i2omgmt; [x]
4 i2omp; [x]
4 ini910u; [x]
4 IntelIde; [x]
1 lbrtfdc; [x]
4 LMIRfsClientNP; [x]
4 mraid35x; [x]
1 PCIDump; [x]
3 PDCOMP; [x]
3 PDFRAME; [x]
3 PDRELI; [x]
3 PDRFRAME; [x]
4 perc2; [x]
4 perc2hib; [x]
4 ql1080; [x]
4 Ql10wnt; [x]
4 ql12160; [x]
4 ql1240; [x]
4 ql1280; [x]
4 Simbad; [x]
4 Sparrow; [x]
4 symc810; [x]
4 symc8xx; [x]
4 sym_hi; [x]
4 sym_u3; [x]
4 TosIde; [x]
4 ultra; [x]
4 ViaIde; [x]
3 WDICA; [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2012-11-03 14:15 - 2012-11-03 14:15 - 00000000 ____D C:\FRST
2012-11-03 06:44 - 2012-11-03 06:44 - 00002974 ____N C:\bootex.log
2012-10-30 10:11 - 2012-10-30 10:11 - 00000639 ____A C:\Windows\wmsetup.log
2012-10-30 10:11 - 2012-10-30 10:11 - 00000000 ____D C:\Documents and Settings\janet\Local Settings\Application Data\LogMeIn
2012-10-30 10:11 - 2004-08-04 03:56 - 00221184 ____A (Microsoft Corporation) C:\Windows\System32\wmpns.dll
2012-10-30 10:10 - 2012-10-30 10:13 - 00000178 __ASH C:\Documents and Settings\janet\ntuser.ini
2012-10-30 10:10 - 2012-10-30 10:10 - 00070368 ____A C:\Documents and Settings\janet\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2012-10-30 10:10 - 2012-10-30 10:10 - 00000062 __ASH C:\Documents and Settings\janet\Local Settings\desktop.ini
2012-10-30 10:10 - 2011-10-11 03:04 - 00000000 ___HD C:\Documents and Settings\janet\Local Settings\Application Data\Microsoft Help
2012-10-30 10:10 - 2010-11-10 04:00 - 00000000 __SHD C:\Documents and Settings\janet\IETldCache
2012-10-30 10:10 - 2005-04-11 10:05 - 00000062 __ASH C:\Documents and Settings\janet\Application Data\desktop.ini
2012-10-30 09:55 - 2012-10-30 09:56 - 10669952 ____A (Malwarebytes Corporation ) C:\Documents and Settings\Administrator\Desktop\mbam-setup-1.65.1.1000.exe
2012-10-30 09:50 - 2012-10-30 09:50 - 00000000 ____D C:\Program Files\Windows Defender
2012-10-30 09:36 - 2012-10-30 09:36 - 00000384 ___AH C:\Windows\Tasks\Microsoft Antimalware Scheduled Scan.job
2012-10-30 09:36 - 2012-10-30 09:36 - 00000366 ___AH C:\Windows\Tasks\MpIdleTask.job
2012-10-30 09:30 - 2012-10-30 09:30 - 00043600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\wvcgffsy.sys
2012-10-30 09:28 - 2012-05-31 12:25 - 00237072 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-10-30 09:26 - 2012-10-30 09:26 - 00001945 ____A C:\Windows\epplauncher.mif
2012-10-30 09:26 - 2012-10-30 09:26 - 00000000 ____D C:\Windows\LastGood
2012-10-30 09:25 - 2012-10-30 09:26 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-10-25 13:02 - 2012-10-25 13:02 - 00000368 ___AH C:\Documents and Settings\All Users\Application Data\gkU5shlaKelapZ
2012-10-25 13:02 - 2012-10-25 13:02 - 00000168 ___AH C:\Documents and Settings\All Users\Application Data\-gkU5shlaKelapZr
2012-10-25 13:02 - 2012-10-25 13:02 - 00000144 ___AH C:\Documents and Settings\All Users\Application Data\-gkU5shlaKelapZ
2012-10-21 01:16 - 2012-10-20 01:16 - 00444586 __RAH C:\Windows\System32\Drivers\etc\hosts.20121021-011640.backup
2012-10-20 01:16 - 2012-10-19 01:18 - 00444586 __RAH C:\Windows\System32\Drivers\etc\hosts.20121020-011630.backup
2012-10-19 01:18 - 2012-08-21 01:17 - 00444056 __RAH C:\Windows\System32\Drivers\etc\hosts.20121019-011814.backup
2012-10-18 13:44 - 2012-10-18 14:26 - 00016769 ___AH C:\Documents and Settings\Administrator\Desktop\NAME TAGS ON FILE (preprinted) 10.18.12.xls.xlsx
2012-10-18 09:52 - 2012-10-21 09:46 - 00000000 ____D C:\Program Files\Mozilla Firefox
2012-10-16 09:29 - 2012-10-16 09:39 - 00143771 ___AH C:\Documents and Settings\Administrator\Desktop\Copy of Burlington Commercial Bus - small - midsize.xlsx
2012-10-11 15:52 - 2012-10-11 15:52 - 00000000 __HDC C:\Windows\$NtUninstallKB2724197$
2012-10-11 15:48 - 2012-10-11 15:48 - 00004954 ___AH C:\Windows\KB2756822.log
2012-10-11 15:48 - 2012-10-11 15:48 - 00000000 __HDC C:\Windows\$NtUninstallKB2756822$
2012-10-11 15:47 - 2012-10-11 15:47 - 00000000 __HDC C:\Windows\$NtUninstallKB2749655$
2012-10-11 15:47 - 2012-10-11 15:47 - 00000000 __HDC C:\Windows\$NtUninstallKB2661254-v2$
2012-10-11 08:41 - 2012-10-11 15:52 - 00014804 ___AH C:\Windows\KB2724197.log
2012-10-11 08:40 - 2012-10-11 15:47 - 00013415 ___AH C:\Windows\KB2749655.log
2012-10-11 08:40 - 2012-10-11 15:47 - 00013308 ___AH C:\Windows\KB2661254-v2.log

==================== 3 Months Modified Files ==================

2012-11-03 06:44 - 2012-11-03 06:44 - 00002974 ____N C:\bootex.log
2012-10-30 10:13 - 2012-10-30 10:10 - 00000178 __ASH C:\Documents and Settings\janet\ntuser.ini
2012-10-30 10:13 - 2006-07-13 18:36 - 01794078 ___AH C:\Windows\WindowsUpdate.log
2012-10-30 10:13 - 2005-04-11 14:23 - 00032604 ___AH C:\Windows\SchedLgU.Txt
2012-10-30 10:13 - 2005-04-11 14:15 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-10-30 10:11 - 2012-10-30 10:11 - 00000639 ____A C:\Windows\wmsetup.log
2012-10-30 10:10 - 2012-10-30 10:10 - 00070368 ____A C:\Documents and Settings\janet\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2012-10-30 10:10 - 2012-10-30 10:10 - 00000062 __ASH C:\Documents and Settings\janet\Local Settings\desktop.ini
2012-10-30 10:10 - 2005-04-11 14:23 - 00000178 __ASH C:\Documents and Settings\Administrator\ntuser.ini
2012-10-30 10:10 - 2002-06-25 15:34 - 00002206 ___AH C:\Windows\System32\wpa.dbl
2012-10-30 10:09 - 2010-10-15 18:48 - 00000422 ___AH C:\Windows\Tasks\User_Feed_Synchronization-{1B691BCB-CB03-420E-AEBE-3972E42590E6}.job
2012-10-30 09:56 - 2012-10-30 09:55 - 10669952 ____A (Malwarebytes Corporation ) C:\Documents and Settings\Administrator\Desktop\mbam-setup-1.65.1.1000.exe
2012-10-30 09:36 - 2012-10-30 09:36 - 00000384 ___AH C:\Windows\Tasks\Microsoft Antimalware Scheduled Scan.job
2012-10-30 09:36 - 2012-10-30 09:36 - 00000366 ___AH C:\Windows\Tasks\MpIdleTask.job
2012-10-30 09:30 - 2012-10-30 09:30 - 00043600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\wvcgffsy.sys
2012-10-30 09:26 - 2012-10-30 09:26 - 00001945 ____A C:\Windows\epplauncher.mif
2012-10-30 09:18 - 2010-10-22 16:18 - 00072792 ___AH C:\Windows\setupapi.log
2012-10-30 09:18 - 2010-09-21 13:58 - 00000438 ___AH C:\Windows\Tasks\User_Feed_Synchronization-{82430B39-5619-42F3-87FB-FC9C20140316}.job
2012-10-30 09:14 - 2005-04-11 14:23 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
2012-10-30 09:14 - 2005-04-11 14:23 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini
2012-10-30 09:14 - 2005-04-11 14:23 - 00000062 __ASH C:\Documents and Settings\Administrator\Local Settings\desktop.ini
2012-10-25 13:02 - 2012-10-25 13:02 - 00000368 ___AH C:\Documents and Settings\All Users\Application Data\gkU5shlaKelapZ
2012-10-25 13:02 - 2012-10-25 13:02 - 00000168 ___AH C:\Documents and Settings\All Users\Application Data\-gkU5shlaKelapZr
2012-10-25 13:02 - 2012-10-25 13:02 - 00000144 ___AH C:\Documents and Settings\All Users\Application Data\-gkU5shlaKelapZ
2012-10-25 12:58 - 2010-10-15 16:03 - 00131072 ___AH C:\Windows\System32\config\OAlerts.evt
2012-10-25 10:00 - 2010-10-15 16:03 - 00002459 ___AH C:\Documents and Settings\Administrator\Desktop\Microsoft Excel 2010.lnk
2012-10-23 13:02 - 2010-10-15 16:03 - 00002501 ___AH C:\Documents and Settings\Administrator\Desktop\Microsoft Word 2010.lnk
2012-10-21 01:16 - 2010-10-15 16:52 - 00000346 ___AH C:\Windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
2012-10-21 00:30 - 2010-10-15 16:52 - 00000330 ___AH C:\Windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
2012-10-20 23:06 - 2010-10-15 21:30 - 00000518 ___AH C:\Windows\Tasks\Auslogics Disk Defrag Disk Defrag Console Defragmentation.job
2012-10-20 01:16 - 2012-10-21 01:16 - 00444586 __RAH C:\Windows\System32\Drivers\etc\hosts.20121021-011640.backup
2012-10-19 01:18 - 2012-10-20 01:16 - 00444586 __RAH C:\Windows\System32\Drivers\etc\hosts.20121020-011630.backup
2012-10-18 15:29 - 2010-10-22 15:56 - 00000216 ___AH C:\Windows\wiadebug.log
2012-10-18 15:29 - 2010-10-22 15:56 - 00000050 ___AH C:\Windows\wiaservc.log
2012-10-18 14:26 - 2012-10-18 13:44 - 00016769 ___AH C:\Documents and Settings\Administrator\Desktop\NAME TAGS ON FILE (preprinted) 10.18.12.xls.xlsx
2012-10-16 11:22 - 2012-03-22 11:35 - 00000470 ___AH C:\Documents and Settings\Administrator\Desktop\shared documents on BACC President (Director).lnk
2012-10-16 09:39 - 2012-10-16 09:29 - 00143771 ___AH C:\Documents and Settings\Administrator\Desktop\Copy of Burlington Commercial Bus - small - midsize.xlsx
2012-10-11 15:52 - 2012-10-11 08:41 - 00014804 ___AH C:\Windows\KB2724197.log
2012-10-11 15:52 - 2010-10-15 21:56 - 00726852 ___AH C:\Windows\iis6.log
2012-10-11 15:52 - 2010-10-15 21:56 - 00680126 ___AH C:\Windows\FaxSetup.log
2012-10-11 15:52 - 2010-10-15 21:56 - 00325160 ___AH C:\Windows\ocgen.log
2012-10-11 15:52 - 2010-10-15 21:56 - 00310310 ___AH C:\Windows\tsoc.log
2012-10-11 15:52 - 2010-10-15 21:56 - 00223477 ___AH C:\Windows\comsetup.log
2012-10-11 15:52 - 2010-10-15 21:56 - 00205214 ___AH C:\Windows\msmqinst.log
2012-10-11 15:52 - 2010-10-15 21:56 - 00135578 ___AH C:\Windows\ntdtcsetup.log
2012-10-11 15:52 - 2010-10-15 21:56 - 00119130 ___AH C:\Windows\netfxocm.log
2012-10-11 15:52 - 2010-10-15 21:56 - 00046750 ___AH C:\Windows\MedCtrOC.log
2012-10-11 15:52 - 2010-10-15 21:56 - 00037620 ___AH C:\Windows\ocmsn.log
2012-10-11 15:52 - 2010-10-15 21:56 - 00034210 ___AH C:\Windows\tabletoc.log
2012-10-11 15:52 - 2010-10-15 21:56 - 00033990 ___AH C:\Windows\msgsocm.log
2012-10-11 15:52 - 2010-10-15 21:56 - 00001393 ___AH C:\Windows\imsins.log
2012-10-11 15:48 - 2012-10-11 15:48 - 00004954 ___AH C:\Windows\KB2756822.log
2012-10-11 15:48 - 2010-10-15 21:56 - 00001393 ___AH C:\Windows\imsins.BAK
2012-10-11 15:48 - 2007-02-23 19:53 - 00737562 __AHC C:\Windows\System32\TZLog.log
2012-10-11 15:47 - 2012-10-11 08:40 - 00013415 ___AH C:\Windows\KB2749655.log
2012-10-11 15:47 - 2012-10-11 08:40 - 00013308 ___AH C:\Windows\KB2661254-v2.log
2012-10-11 15:47 - 2010-10-15 21:56 - 00050558 ___AH C:\Windows\updspapi.log
2012-09-29 19:54 - 2010-10-15 16:19 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-09-28 00:32 - 2006-07-13 19:40 - 62968832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-09-25 15:08 - 2012-09-25 15:06 - 00015859 ___AH C:\Windows\KB2744842-IE8.log
2012-09-12 16:43 - 2012-09-12 16:42 - 00006706 ___AH C:\Windows\KB2736233.log
2012-09-11 08:34 - 2007-01-29 04:58 - 00046080 ___AH (Microsoft Corporation) C:\Windows\System32\tzchange.exe
2012-08-30 22:03 - 2012-08-30 22:03 - 00193552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\MpFilter.sys
2012-08-28 20:44 - 2007-06-27 10:34 - 11111424 ___HC (Microsoft Corporation) C:\Windows\System32\dllcache\ieframe.dll
2012-08-28 20:44 - 2006-11-08 01:03 - 11111424 ___AH (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-08-28 11:14 - 2012-06-14 09:59 - 00521728 ___HC (Microsoft Corporation) C:\Windows\System32\dllcache\jsdbgui.dll
2012-08-28 11:14 - 2010-09-21 13:38 - 00743424 ___HC (Microsoft Corporation) C:\Windows\System32\dllcache\iedvtool.dll
2012-08-28 11:14 - 2010-09-21 13:38 - 00247808 ___HC (Microsoft Corporation) C:\Windows\System32\dllcache\ieproxy.dll
2012-08-28 11:14 - 2010-09-21 13:38 - 00012800 ___HC (Microsoft Corporation) C:\Windows\System32\dllcache\xpshims.dll
2012-08-28 11:14 - 2007-06-27 10:34 - 02000384 ___HC (Microsoft Corporation) C:\Windows\System32\dllcache\iertutil.dll
2012-08-28 11:14 - 2007-06-27 10:34 - 00630272 ___HC (Microsoft Corporation) C:\Windows\System32\dllcache\msfeeds.dll
2012-08-28 11:14 - 2007-06-27 10:34 - 00055296 ___HC (Microsoft Corporation) C:\Windows\System32\dllcache\msfeedsbs.dll
2012-08-28 11:14 - 2006-11-08 01:03 - 00630272 ___AH (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-08-28 11:14 - 2006-11-08 01:03 - 00055296 ___AH (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-08-28 11:14 - 2006-11-07 07:27 - 00387584 ___HC (Microsoft Corporation) C:\Windows\System32\dllcache\iedkcs32.dll
2012-08-28 11:14 - 2006-10-17 16:05 - 01469440 ___HC (Microsoft Corporation) C:\Windows\System32\dllcache\inetcpl.cpl
2012-08-28 11:14 - 2006-10-17 16:05 - 00105984 __AHC (Microsoft Corporation) C:\Windows\System32\dllcache\url.dll
2012-08-28 11:14 - 2006-10-17 16:04 - 00206848 ___HC (Microsoft Corporation) C:\Windows\System32\dllcache\occache.dll
2012-08-28 11:14 - 2006-10-17 15:57 - 02000384 ___AH (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-28 11:14 - 2006-05-19 11:08 - 06008832 ___HC (Microsoft Corporation) C:\Windows\System32\dllcache\mshtml.dll
2012-08-28 11:14 - 2006-05-10 01:23 - 01212416 ___HC (Microsoft Corporation) C:\Windows\System32\dllcache\urlmon.dll
2012-08-28 11:14 - 2006-05-10 01:23 - 00916992 ___HC (Microsoft Corporation) C:\Windows\System32\dllcache\wininet.dll
2012-08-28 11:14 - 2006-05-10 01:23 - 00611840 ___HC (Microsoft Corporation) C:\Windows\System32\dllcache\mstime.dll
2012-08-28 11:14 - 2006-05-10 01:23 - 00067072 ___HC (Microsoft Corporation) C:\Windows\System32\dllcache\mshtmled.dll
2012-08-28 11:14 - 2006-05-10 01:22 - 00184320 ___HC (Microsoft Corporation) C:\Windows\System32\dllcache\iepeers.dll
2012-08-28 11:14 - 2006-05-10 01:22 - 00025600 ___HC (Microsoft Corporation) C:\Windows\System32\dllcache\jsproxy.dll
2012-08-28 11:14 - 2005-04-11 15:27 - 06008832 ___AH (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-28 11:14 - 2005-04-11 15:27 - 01469440 ____H (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-08-28 11:14 - 2005-04-11 15:27 - 00611840 ____H (Microsoft Corporation) C:\Windows\System32\mstime.dll
2012-08-28 11:14 - 2005-04-11 15:27 - 00387584 ____H (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-08-28 11:14 - 2005-04-11 15:27 - 00184320 ___AH (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-08-28 11:14 - 2005-04-11 15:27 - 00067072 ____H (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-28 11:14 - 2005-04-11 15:27 - 00043520 ___HC (Microsoft Corporation) C:\Windows\System32\dllcache\licmgr10.dll
2012-08-28 11:14 - 2005-04-11 15:27 - 00043520 ____H (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-08-28 11:14 - 2005-04-11 15:26 - 01212416 ___AH (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-28 11:14 - 2005-04-11 15:26 - 00916992 ___AH (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-28 11:14 - 2005-04-11 15:26 - 00105984 ___AH (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-28 11:14 - 2002-06-25 15:20 - 00206848 ____H (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-08-28 11:14 - 2002-06-25 15:09 - 00025600 ___AH (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-28 08:07 - 2006-11-07 07:26 - 00174080 ___HC (Microsoft Corporation) C:\Windows\System32\dllcache\ie4uinit.exe
2012-08-28 08:07 - 2006-07-13 18:24 - 00385024 ___AH (Microsoft Corporation) C:\Windows\System32\html.iec
2012-08-28 08:07 - 2005-04-11 15:27 - 00174080 ____H (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-08-24 09:53 - 2009-12-24 02:59 - 00177664 ___HC (Microsoft Corporation) C:\Windows\System32\dllcache\wintrust.dll
2012-08-24 09:53 - 2002-06-25 15:33 - 00177664 ___AH (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-08-21 09:33 - 2008-10-24 09:16 - 02148864 ___HC (Microsoft Corporation) C:\Windows\System32\dllcache\ntkrnlmp.exe
2012-08-21 09:33 - 2002-06-25 15:19 - 02148864 ___AH (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-08-21 09:29 - 2008-10-24 09:16 - 02192896 ___HC (Microsoft Corporation) C:\Windows\System32\dllcache\ntoskrnl.exe
2012-08-21 08:58 - 2008-10-24 09:16 - 02069632 ___HC (Microsoft Corporation) C:\Windows\System32\dllcache\ntkrnlpa.exe
2012-08-21 08:58 - 2008-10-24 09:16 - 02027520 ___HC (Microsoft Corporation) C:\Windows\System32\dllcache\ntkrpamp.exe
2012-08-21 08:58 - 2002-06-25 15:19 - 02027520 ___AH (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2012-08-21 01:17 - 2012-10-19 01:18 - 00444056 __RAH C:\Windows\System32\Drivers\etc\hosts.20121019-011814.backup
2012-08-20 10:39 - 2005-04-11 10:04 - 00269392 ___AH C:\Windows\System32\FNTCACHE.DAT
2012-08-16 15:12 - 2012-08-16 09:11 - 00018018 ___AH C:\Windows\KB2712808.log
2012-08-16 15:11 - 2012-08-16 15:11 - 00012937 ___AH C:\Windows\KB2731847.log
2012-08-16 15:09 - 2012-08-16 09:10 - 00017612 ___AH C:\Windows\KB2705219.log
2012-08-16 15:08 - 2012-08-16 15:08 - 00011546 ___AH C:\Windows\KB2723135.log
2012-08-16 15:05 - 2012-08-16 15:04 - 00015910 ___AH C:\Windows\KB2722913-IE8.log
2012-08-16 14:07 - 2010-10-15 16:03 - 00002507 ___AH C:\Documents and Settings\Administrator\Desktop\Microsoft Publisher 2010.lnk
2012-08-07 12:04 - 2012-06-28 11:18 - 00183819 ___AH C:\Documents and Settings\Administrator\Desktop\Burlington Commercial Bus Rev 6.28.12 by noempl.xls.xlsx


==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points (XP) =====================

RP: -> 2012-10-30 09:51 - 036864 _restore{5D9254FF-3847-4F96-A863-420E2FEC8E35}\RP564

RP: -> 2012-10-30 09:50 - 036864 _restore{5D9254FF-3847-4F96-A863-420E2FEC8E35}\RP563

RP: -> 2012-10-30 09:28 - 036864 _restore{5D9254FF-3847-4F96-A863-420E2FEC8E35}\RP562

RP: -> 2012-10-24 14:27 - 036864 _restore{5D9254FF-3847-4F96-A863-420E2FEC8E35}\RP561

RP: -> 2012-10-23 10:11 - 036864 _restore{5D9254FF-3847-4F96-A863-420E2FEC8E35}\RP560

RP: -> 2012-10-20 15:24 - 036864 _restore{5D9254FF-3847-4F96-A863-420E2FEC8E35}\RP559

RP: -> 2012-10-19 14:00 - 036864 _restore{5D9254FF-3847-4F96-A863-420E2FEC8E35}\RP558

RP: -> 2012-10-18 11:52 - 036864 _restore{5D9254FF-3847-4F96-A863-420E2FEC8E35}\RP557

RP: -> 2012-10-16 11:46 - 036864 _restore{5D9254FF-3847-4F96-A863-420E2FEC8E35}\RP556

RP: -> 2012-10-11 15:46 - 036864 _restore{5D9254FF-3847-4F96-A863-420E2FEC8E35}\RP555

RP: -> 2012-10-11 12:33 - 036864 _restore{5D9254FF-3847-4F96-A863-420E2FEC8E35}\RP554

RP: -> 2012-10-04 09:55 - 036864 _restore{5D9254FF-3847-4F96-A863-420E2FEC8E35}\RP553

RP: -> 2012-09-25 15:06 - 036864 _restore{5D9254FF-3847-4F96-A863-420E2FEC8E35}\RP552

RP: -> 2012-09-25 12:43 - 036864 _restore{5D9254FF-3847-4F96-A863-420E2FEC8E35}\RP551

RP: -> 2012-09-20 13:01 - 036864 _restore{5D9254FF-3847-4F96-A863-420E2FEC8E35}\RP550

RP: -> 2012-09-18 12:03 - 036864 _restore{5D9254FF-3847-4F96-A863-420E2FEC8E35}\RP549

RP: -> 2012-09-12 16:38 - 036864 _restore{5D9254FF-3847-4F96-A863-420E2FEC8E35}\RP548

RP: -> 2012-09-11 12:46 - 036864 _restore{5D9254FF-3847-4F96-A863-420E2FEC8E35}\RP547

RP: -> 2012-09-10 12:15 - 036864 _restore{5D9254FF-3847-4F96-A863-420E2FEC8E35}\RP546

RP: -> 2012-09-07 13:44 - 036864 _restore{5D9254FF-3847-4F96-A863-420E2FEC8E35}\RP545

RP: -> 2012-08-30 11:48 - 036864 _restore{5D9254FF-3847-4F96-A863-420E2FEC8E35}\RP544

RP: -> 2012-08-28 10:26 - 036864 _restore{5D9254FF-3847-4F96-A863-420E2FEC8E35}\RP543

RP: -> 2012-08-23 11:52 - 036864 _restore{5D9254FF-3847-4F96-A863-420E2FEC8E35}\RP542

RP: -> 2012-08-21 11:39 - 036864 _restore{5D9254FF-3847-4F96-A863-420E2FEC8E35}\RP541

RP: -> 2012-08-20 11:03 - 036864 _restore{5D9254FF-3847-4F96-A863-420E2FEC8E35}\RP540

RP: -> 2012-08-16 15:03 - 036864 _restore{5D9254FF-3847-4F96-A863-420E2FEC8E35}\RP539

RP: -> 2012-08-16 12:44 - 036864 _restore{5D9254FF-3847-4F96-A863-420E2FEC8E35}\RP538

RP: -> 2012-08-14 11:44 - 036864 _restore{5D9254FF-3847-4F96-A863-420E2FEC8E35}\RP537

RP: -> 2012-08-09 12:06 - 036864 _restore{5D9254FF-3847-4F96-A863-420E2FEC8E35}\RP536

RP: -> 2012-08-07 12:27 - 036864 _restore{5D9254FF-3847-4F96-A863-420E2FEC8E35}\RP535

RP: -> 2012-07-31 12:43 - 036864 _restore{5D9254FF-3847-4F96-A863-420E2FEC8E35}\RP534


==================== Memory info ===========================

Percentage of memory in use: 12%
Total physical RAM: 2038.07 MB
Available physical RAM: 1773.14 MB
Total Pagefile: 1868.77 MB
Available Pagefile: 1806.97 MB
Total Virtual: 2047.88 MB
Available Virtual: 2001.54 MB

==================== Partitions =============================

2 Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
3 Drive c: () (Fixed) (Total:74.5 GB) (Free:57.97 GB) NTFS ==>[Drive with boot components (Windows XP)]
4 Drive d: (TOUGHDRIVE) (Removable) (Total:1.87 GB) (Free:1.84 GB) FAT
5 Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 75 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 74 GB 32 KB
Partition 2 Unknown 9 MB 74 GB
=========================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 74 GB Healthy
=========================================================

Disk: 0
Partition 2
Type : 17 (Suspicious Type)
Hidden: Yes
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 Partition 9 MB Healthy
=========================================================
==================== End Of Log ============================
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets go for it.. There is a hidden partition set as boot, but it was only partially cured

Download Fix.txt to the same USB as Listparts

Run Listparts from the Reatogo desktop as before
Press Fix
When it is done close the notification pop up.
Click Scan and copy and paste the log (Result.txt) it makes on the flash drive.

Reboot to normal windows

Download OTL to your Desktop
Secondary link
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

    Posted Image
  • Select All Users
  • Under the Custom Scan box paste this in

    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    winsock.*
    /md5stop
    CREATERESTOREPOINT

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

  • 0

#5
sallyw

sallyw

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
thx. ran OTL.exe scan and am posting results/logs

Attached File  OTL.Txt   73.05KB   165 downloadsAttached File  Extras.Txt   42.99KB   203 downloads

OTL logfile created on: 11/3/2012 5:06:41 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.37 Gb Available Physical Memory | 68.62% Memory free
3.83 Gb Paging File | 3.28 Gb Available in Paging File | 85.62% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 55.99 Gb Free Space | 75.16% Space Free | Partition Type: NTFS
Drive E: | 1.87 Gb Total Space | 1.84 Gb Free Space | 98.30% Space Free | Partition Type: FAT

Computer Name: MSOFFICE | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/03 15:57:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2012/09/12 17:25:22 | 000,280,088 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MpCmdRun.exe
PRC - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/09/12 17:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/07/16 14:26:13 | 000,136,616 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2012/07/16 14:25:32 | 000,374,184 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2012/04/11 10:43:09 | 000,232,472 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
PRC - [2012/02/21 07:48:21 | 001,543,704 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
PRC - [2010/12/13 19:11:25 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2010/10/08 11:15:13 | 000,163,056 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
PRC - [2010/09/21 12:16:17 | 000,439,536 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\AutoUpdate\ALMon.exe
PRC - [2010/06/04 07:23:16 | 000,097,520 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
PRC - [2010/05/31 11:31:10 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2009/03/08 04:31:54 | 000,013,312 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msfeedssync.exe
PRC - [2008/04/14 08:42:20 | 001,033,728 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV - [2012/10/18 09:52:58 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/07/16 14:26:13 | 000,136,616 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint)
SRV - [2012/07/16 14:25:32 | 000,374,184 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2012/04/11 10:43:09 | 000,232,472 | ---- | M] (Sophos Plc) [Auto | Running] -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service)
SRV - [2012/02/21 07:48:21 | 001,543,704 | ---- | M] (Sophos Plc) [Auto | Running] -- C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe -- (swi_service)
SRV - [2010/12/13 19:11:25 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2010/10/08 11:15:13 | 000,163,056 | ---- | M] (Sophos Plc) [Auto | Running] -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService)
SRV - [2010/06/04 07:23:16 | 000,097,520 | ---- | M] (Sophos Plc) [Auto | Running] -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\aeaudio.sys -- (aeaudio)
DRV - [2012/07/16 14:25:33 | 000,083,392 | -H-- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2010/10/08 11:14:59 | 000,153,344 | -H-- | M] (Sophos Plc) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\savonaccesscontrol.sys -- (SAVOnAccessControl)
DRV - [2010/10/08 11:14:59 | 000,024,064 | -H-- | M] (Sophos Plc) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\savonaccessfilter.sys -- (SAVOnAccessFilter)
DRV - [2010/05/31 11:31:12 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2010/05/31 11:31:10 | 000,047,640 | -H-- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/05/23 08:38:25 | 000,014,976 | -H-- | M] (Sophos Plc) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\SophosBootDriver.sys -- (SophosBootDriver)
DRV - [2005/03/17 19:30:10 | 000,132,608 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/09/17 12:02:54 | 000,732,928 | -H-- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/08/04 01:29:28 | 000,701,440 | -H-- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2358315832-351749593-787360149-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.burlingto...org/default.asp
IE - HKU\S-1-5-21-2358315832-351749593-787360149-500\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2358315832-351749593-787360149-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-2358315832-351749593-787360149-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}:4.1.3.1
FF - prefs.js..extensions.enabledAddons: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}:2.5.10.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2011/03/01 13:43:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/18 09:52:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/10/18 09:52:48 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2011/03/01 13:43:12 | 000,000,000 | ---D | M]

[2010/10/15 18:29:16 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2012/10/23 08:34:00 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\enpc1oi1.default\extensions
[2012/07/31 09:19:37 | 000,000,000 | -H-D | M] (IE Tab 2 (FF 3.6+)) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\enpc1oi1.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2012/07/30 12:05:35 | 000,020,591 | -H-- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\enpc1oi1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2012/10/18 09:52:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/15 21:40:39 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2012/10/18 09:52:59 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/10/15 21:40:39 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/09/20 14:54:57 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/18 09:52:55 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/10/21 01:16:41 | 000,444,586 | RH-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15272 more lines...
O2 - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll (Sophos Plc)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Program Files\Sophos\AutoUpdate\ALMon.exe (Sophos Plc)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2358315832-351749593-787360149-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1287186956187 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1287187851000 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5512FA5D-0507-458D-B499-748CC0961E6C}: DhcpNameServer = 75.75.75.75 75.75.76.76
O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Plc)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/04/11 14:16:03 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/11/03 17:03:56 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012/11/03 14:15:31 | 000,000,000 | ---D | C] -- C:\FRST
[2012/10/30 09:55:54 | 010,669,952 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup-1.65.1.1000.exe
[2012/10/30 09:50:14 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Defender
[2012/10/30 09:28:15 | 000,237,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2012/10/30 09:25:55 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2012/10/30 09:25:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/10/25 13:02:38 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\File Restore
[2012/10/18 09:52:47 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[51 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[30 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/11/03 17:10:07 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/11/03 17:09:53 | 000,000,366 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2012/11/03 17:09:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{1B691BCB-CB03-420E-AEBE-3972E42590E6}.job
[2012/11/03 17:07:03 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{82430B39-5619-42F3-87FB-FC9C20140316}.job
[2012/11/03 17:03:18 | 000,002,206 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/11/03 16:59:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/11/03 15:57:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012/10/30 09:56:05 | 010,669,952 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup-1.65.1.1000.exe
[2012/10/30 09:26:40 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/10/25 13:02:52 | 000,000,168 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\-gkU5shlaKelapZr
[2012/10/25 13:02:52 | 000,000,144 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\-gkU5shlaKelapZ
[2012/10/25 13:02:38 | 000,000,368 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\gkU5shlaKelapZ
[2012/10/25 10:00:58 | 000,002,459 | -H-- | M] () -- C:\Documents and Settings\Administrator\Desktop\Microsoft Excel 2010.lnk
[2012/10/23 13:02:33 | 000,002,501 | -H-- | M] () -- C:\Documents and Settings\Administrator\Desktop\Microsoft Word 2010.lnk
[2012/10/21 01:16:41 | 000,444,586 | RH-- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/10/21 01:16:41 | 000,000,346 | -H-- | M] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2012/10/21 00:30:00 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
[2012/10/20 23:06:50 | 000,000,518 | -H-- | M] () -- C:\WINDOWS\tasks\Auslogics Disk Defrag Disk Defrag Console Defragmentation.job
[2012/10/20 01:16:31 | 000,444,586 | RH-- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20121021-011640.backup
[2012/10/19 01:18:15 | 000,444,586 | RH-- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20121020-011630.backup
[2012/10/16 11:22:06 | 000,000,470 | -H-- | M] () -- C:\Documents and Settings\Administrator\Desktop\shared documents on BACC President (Director).lnk
[2012/10/11 15:48:36 | 000,001,393 | -H-- | M] () -- C:\WINDOWS\imsins.BAK
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[51 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[30 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/30 09:50:16 | 000,000,955 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Defender.lnk
[2012/10/30 09:36:17 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/10/30 09:36:16 | 000,000,366 | -H-- | C] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2012/10/30 09:26:40 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2012/10/30 09:26:18 | 000,001,698 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/10/25 13:02:52 | 000,000,168 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\-gkU5shlaKelapZr
[2012/10/25 13:02:52 | 000,000,144 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\-gkU5shlaKelapZ
[2012/10/25 13:02:28 | 000,000,368 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\gkU5shlaKelapZ
[2012/05/24 09:37:33 | 000,003,584 | -H-- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/15 20:02:06 | 000,003,072 | -H-- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/03/01 13:22:27 | 000,219,626 | -H-- | C] () -- C:\WINDOWS\hpwins21.dat.temp
[2011/03/01 13:22:26 | 000,000,428 | -H-- | C] () -- C:\WINDOWS\hpwmdl21.dat.temp

========== ZeroAccess Check ==========

[2008/10/24 12:32:51 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\System32\shdocvw.dll -- [2008/04/14 08:42:06 | 001,499,136 | -H-- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | -H-- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\wbemess.dll -- [2008/04/14 08:42:10 | 000,273,920 | -H-- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

========== Base Services ==========
SRV - [2008/04/14 08:42:14 | 000,044,544 | -H-- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\alg.exe -- (ALG)
SRV - [2008/04/14 08:42:12 | 000,006,656 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - [2008/04/14 08:42:04 | 000,409,088 | -H-- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\qmgr.dll -- (BITS)
SRV - [2012/07/06 09:58:51 | 000,078,336 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\browser.dll -- (Browser)
SRV - [2008/04/14 08:41:52 | 000,062,464 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\cryptsvc.dll -- (CryptSvc)
SRV - [2008/04/14 08:41:52 | 000,126,976 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dhcpcsvc.dll -- (Dhcp)
SRV - [2009/04/20 13:17:26 | 000,045,568 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dnsrslvr.dll -- (Dnscache)
SRV - [2009/02/06 07:11:05 | 000,110,592 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (Eventlog)
SRV - [2008/04/14 08:41:54 | 000,033,792 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\eapsvc.dll -- (EapHost)
SRV - [2009/07/27 19:17:41 | 000,135,168 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\shsvcs.dll -- (FastUserSwitchingCompatibility)
SRV - [2008/04/14 08:42:10 | 000,015,872 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\w3ssl.dll -- (HTTPFilter)
SRV - [2008/04/14 08:41:56 | 000,021,504 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\hidserv.dll -- (HidServ)
SRV - [2008/04/14 08:42:24 | 000,150,528 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\imapi.exe -- (ImapiService)
SRV - [2008/04/14 08:42:26 | 000,013,312 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (PolicyAgent)
SRV - [2008/04/14 08:41:54 | 000,023,552 | -H-- | M] (Microsoft Corp.) [Auto | Running] -- C:\WINDOWS\system32\dmserver.dll -- (dmserver)
SRV - [2008/04/14 08:42:18 | 000,224,768 | -H-- | M] (Microsoft Corp., Veritas Software) [On_Demand | Stopped] -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin)
SRV - [2008/04/14 08:42:18 | 000,005,120 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (SwPrv)
SRV - [2008/04/14 08:42:26 | 000,013,312 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (Netlogon)
SRV - [2008/04/14 08:42:02 | 000,198,144 | -H-- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\netman.dll -- (Netman)
SRV - [2008/06/20 12:02:47 | 000,245,248 | -H-- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\mswsock.dll -- (Nla)
SRV - [2009/02/06 07:11:05 | 000,110,592 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (PlugPlay)
SRV - [2010/08/17 09:17:06 | 000,058,880 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
SRV - [2008/04/14 08:42:26 | 000,013,312 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (ProtectedStorage)
SRV - [2008/04/14 08:42:04 | 000,088,576 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rasauto.dll -- (RasAuto)
SRV - [2008/04/14 08:42:04 | 000,186,368 | -H-- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\rasmans.dll -- (RasMan)
SRV - [2009/02/09 08:10:48 | 000,401,408 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (RpcSs)
SRV - [2008/04/14 08:42:04 | 000,435,200 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ntmssvc.dll -- (NtmsSvc)
SRV - [2008/04/14 08:42:06 | 000,018,944 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\seclogon.dll -- (seclogon)
SRV - [2008/04/14 08:42:26 | 000,013,312 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (SamSs)
SRV - [2008/04/14 08:42:12 | 000,080,896 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wscsvc.dll -- (wscsvc)
SRV - [2010/08/27 01:57:43 | 000,099,840 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srvsvc.dll -- (lanmanserver)
SRV - [2009/07/27 19:17:41 | 000,135,168 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (ShellHWDetection)
SRV - [2008/04/14 08:42:08 | 000,171,008 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srsvc.dll -- (srservice)
SRV - [2008/04/14 08:42:06 | 000,192,512 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\schedsvc.dll -- (Schedule)
SRV - [2008/04/14 08:41:58 | 000,013,824 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lmhsvc.dll -- (LmHosts)
SRV - [2008/04/14 08:42:08 | 000,249,856 | -H-- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\tapisrv.dll -- (TapiSrv)
SRV - [2008/04/14 08:42:08 | 000,295,424 | RH-- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\termsrv.dll -- (TermService)
SRV - [2009/07/27 19:17:41 | 000,135,168 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (Themes)
SRV - [2008/04/14 08:42:40 | 000,289,792 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\vssvc.exe -- (VSS)
SRV - [2008/04/14 08:41:52 | 000,042,496 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\audiosrv.dll -- (AudioSrv)
SRV - [2008/04/14 08:41:56 | 000,331,264 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ipnathlp.dll -- (SharedAccess)
SRV - [2008/04/14 08:42:10 | 000,333,824 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\wiaservc.dll -- (stisvc)
SRV - [2008/04/14 08:42:30 | 000,078,848 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\msiexec.exe -- (MSIServer)
SRV - [2008/04/14 08:42:10 | 000,144,896 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wbem\wmisvc.dll -- (winmgmt)
SRV - [2009/02/09 08:10:48 | 000,617,472 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\advapi32.dll -- (Wmi)
SRV - [2008/04/14 08:41:54 | 000,132,096 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\dot3svc.dll -- (Dot3svc)
SRV - [2008/04/14 08:42:12 | 000,483,840 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wzcsvc.dll -- (WZCSVC)
SRV - [2009/06/10 02:14:49 | 000,132,096 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wkssvc.dll -- (lanmanworkstation)

< %SYSTEMDRIVE%\*.exe >
[2010/10/15 17:50:07 | 006,216,032 | -H-- | M] (Microsoft Corporation) -- C:\windowsupdateagent30-x86.exe

< MD5 for: EXPLORER.EXE >
[2008/04/14 08:42:20 | 001,033,728 | -H-- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 08:42:20 | 001,033,728 | -H-- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 07:26:03 | 001,033,216 | -H-- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 06:23:07 | 001,033,216 | -H-- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/04 03:56:50 | 001,032,192 | -H-- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: SERVICES >
[2002/06/25 15:24:44 | 000,007,116 | -H-- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\WINDOWS\system32\drivers\etc\services

< MD5 for: SERVICES.EXE >
[2009/02/06 07:06:24 | 000,110,592 | -H-- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/14 08:42:36 | 000,108,544 | -H-- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2008/04/14 08:42:36 | 000,108,544 | -H-- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2009/02/06 07:11:05 | 000,110,592 | -H-- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 07:11:05 | 000,110,592 | -H-- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe
[2004/08/04 03:56:56 | 000,108,032 | -H-- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\$NtServicePackUninstall$\services.exe

< MD5 for: SERVICES.LNK >
[2005/04/11 14:16:09 | 000,001,602 | -H-- | M] () MD5=D644F89AFEA559BD4DAA769E4BC11B44 -- C:\Documents and Settings\Administrator\Local Settings\Temp\smtmp\1\Programs\Administrative Tools\Services.lnk

< MD5 for: SERVICES.MSC >
[2002/06/25 15:24:43 | 000,033,464 | -H-- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- C:\WINDOWS\system32\services.msc

< MD5 for: SERVICES.SBS >
[2011/03/01 09:58:46 | 000,034,818 | ---- | M] () MD5=62AFD4B2025CE6D4706B36F4C4808F9B -- C:\Program Files\Spybot - Search & Destroy\Includes\Services.sbs

< MD5 for: SVCHOST.EXE >
[2008/04/14 08:42:38 | 000,014,336 | -H-- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/14 08:42:38 | 000,014,336 | -H-- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 03:56:58 | 000,014,336 | -H-- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 03:56:58 | 000,024,576 | -H-- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 08:42:40 | 000,026,112 | -H-- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 08:42:40 | 000,026,112 | -H-- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 03:56:58 | 000,502,272 | -H-- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/14 08:42:40 | 000,507,904 | -H-- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 08:42:40 | 000,507,904 | -H-- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WINSOCK.DLL >
[2002/06/25 15:33:48 | 000,002,864 | -H-- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\WINDOWS\system32\winsock.dll

< End of report >
  • 0

#6
sallyw

sallyw

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
follow-up: the programs are not displayed when i click "all programs"
  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Aye I saw that on the FRST scan, so we will clear them now

  • Download RogueKiller and save it on your desktop.

    NOTE: If using IE8 or better Smartscreen Filter will need to be disabled
  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan
Posted Image

  • Wait for the end of the scan.
  • The report has been created on the desktop.
  • Click on the Delete button.
Posted Image
  • The report has been created on the desktop.

  • Next click on the ShortcutsFix
    Posted Image
  • The report has been created on the desktop.

Please post: All RKreport.txt text files located on your desktop.

THEN

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:OTL
[2012/10/25 13:02:38 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\File Restore
[2012/10/25 13:02:52 | 000,000,168 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\-gkU5shlaKelapZr
[2012/10/25 13:02:52 | 000,000,144 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\-gkU5shlaKelapZ
[2012/10/25 13:02:38 | 000,000,368 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\gkU5shlaKelapZ

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#8
sallyw

sallyw

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
completed rogue killer steps. posting RKReport files. next step OTL "fix". will post that report/log on completion.

Attached File  RKreport1_S_11032012_02d1804.txt   2.17KB   184 downloads
Attached File  RKreport2_D_11032012_02d1806.txt   2.25KB   197 downloads
Attached File  RKreport3_SC_11032012_02d1809.txt   1.29KB   178 downloads
  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
The bad partition is now history and you should have your menus and icons back :)

How is the computer running after the OTL fix ?
  • 0

#10
sallyw

sallyw

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
I cannot tell if OTL is doing anything - drive light is not on. it's been a while, should i worry?

the dialog box says "not responding".

thx,

SallyW

Edited by sallyw, 03 November 2012 - 04:57 PM.

  • 0

Advertisements


#11
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Ah OK if you have MBAM then do the following script instead. Stop OTL and then paste in the following fix and then press run fix

:OTL
[2012/10/25 13:02:38 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\File Restore
[2012/10/25 13:02:52 | 000,000,168 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\-gkU5shlaKelapZr
[2012/10/25 13:02:52 | 000,000,144 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\-gkU5shlaKelapZ
[2012/10/25 13:02:38 | 000,000,368 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\gkU5shlaKelapZ

:Commands
[resethosts]
[emptyjava]
[CREATERESTOREPOINT]
[Reboot]


  • 0

#12
sallyw

sallyw

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
something's not working - winxp opens but stalls and nothing happens. malwarebytes appears to be the only thing that loads before a complete standstill.

would it be a good idea to open in safe mode (?f8?) and disable malwarebytes in the start menu?

thx,
sally
  • 0

#13
sallyw

sallyw

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
i opened windows in safe mode and uninstalled malwarebytes. also disabled sophos so the only anti-virus running is MS security essentials. windows defender is also running.

i will now reboot and rerun otl with original instructions.
  • 0

#14
sallyw

sallyw

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
i uninstalled spybot and ran otl (per reply#9). all seems to be okay. spybot appeared to be telling me that all was not well. an unknown icon appeared and then disappeared in the application running area (lower right corner of screen). Once i removed spybot and disabled sophos in favor of MS security essentials, all appears to be okay.

thanks.

plan now to re-install malwarebytes.

will return computer to owner on monday and, if all goes well thru wednesday, report back to close this item.

SallyW
  • 0

#15
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Are all the menu items back now ?

Are there any further problems before I tidy up and remove my tools ?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP