Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Boot to black screen with cursor [Solved]

Started by Jhackofalltrades , Dec 16 2012 04:34 AM

  • This topic is locked This topic is locked

#61
Jhackofalltrades
Posted 18 January 2013 - 08:24 AM

Jhackofalltrades

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
Things like to hang up for me, this time b/c I'm running a new and unfamiliar firewall. OTL ran, hung up on shutdown just prior to reboot, sorta hung up after reboot during the start up process. This is the log that it generated:

All processes killed
========== COMMANDS ==========
System Restore Service not available.
========== FILES ==========
C:\Documents and Settings\Karen\My Documents\Karen's Downloads Go Here, Binkles\couponprinter.exe moved successfully.
C:\Documents and Settings\Karen\My Documents\Karen's Downloads Go Here, Binkles\IE7ProSetup_2.5.1.exe moved successfully.
C:\Program Files\RealArcade\Installer\GameHouse-Installer_amg-bigfootchasingshadows_gamehouse_.exe moved successfully.
C:\Program Files\RealArcade\Installer\GameHouse-Installer_amg-midnightmysteriessalemwitchtrials_gamehouse_.exe moved successfully.
C:\Program Files\RealArcade\Installer\gamehouse.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 2911 bytes

User: Administrator.DILBERT
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56543 bytes

User: Administrator.DILBERT.000
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56543 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56516 bytes

User: Karen
->Temp folder emptied: 105719423 bytes
->Temporary Internet Files folder emptied: 59276082 bytes
->Java cache emptied: 2676204 bytes
->FireFox cache emptied: 466723561 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 19129416 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 26133922 bytes
->Flash cache emptied: 19137 bytes

User: NetworkService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 1827204 bytes
->Flash cache emptied: 95653 bytes

User: Philip
->Temp folder emptied: 280250369 bytes
->Temporary Internet Files folder emptied: 64410899 bytes
->Java cache emptied: 6856103 bytes
->FireFox cache emptied: 1277112743 bytes
->Google Chrome cache emptied: 13246374 bytes
->Flash cache emptied: 279490622 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2651900 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 27392 bytes
Windows Temp folder emptied: 4046774 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 15428168 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 7078850 bytes

Total Files Cleaned = 2,511.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 01182013_083335

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

-----------------------------------------------------------

Then I ran the OTL for the quick scan

OTL logfile created on: 1/18/2013 9:03:25 AM - Run 6
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Philip\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.35 Gb Available Physical Memory | 67.58% Memory free
3.35 Gb Paging File | 2.86 Gb Available in Paging File | 85.52% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 255.31 Gb Free Space | 54.82% Space Free | Partition Type: NTFS

Computer Name: DILBERT | User Name: Philip | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/14 03:53:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Philip\Desktop\OTL.exe
PRC - [2012/12/05 04:15:58 | 000,916,960 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/10/06 03:08:21 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012/10/02 15:02:10 | 004,463,864 | ---- | M] (Emsisoft GmbH) -- C:\Program Files\Online Armor\oasrv.exe
PRC - [2012/10/02 15:02:10 | 002,415,104 | ---- | M] (Emsisoft GmbH) -- C:\Program Files\Online Armor\oaui.exe
PRC - [2012/10/02 15:02:06 | 001,248,144 | ---- | M] (Emsisoft GmbH) -- C:\Program Files\Online Armor\oahlp.exe
PRC - [2012/10/02 15:02:04 | 000,216,072 | ---- | M] (Emsisoft GmbH) -- C:\Program Files\Online Armor\oacat.exe
PRC - [2011/05/28 13:46:56 | 000,353,168 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
PRC - [2011/02/07 11:56:11 | 000,138,192 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2006/02/28 07:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/08/24 16:12:14 | 000,057,344 | ---- | M] ( ) -- C:\WINDOWS\system32\slserv.exe


========== Modules (No Company Name) ==========

MOD - [2013/01/18 08:24:33 | 014,586,888 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll
MOD - [2012/12/05 04:15:58 | 002,397,152 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/08/27 21:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/08/27 21:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/05/28 13:46:58 | 000,347,024 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 4\madexcept_.bpl
MOD - [2011/05/28 13:46:58 | 000,179,088 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 4\madbasic_.bpl
MOD - [2011/05/28 13:46:58 | 000,046,480 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 4\maddisAsm_.bpl
MOD - [2011/02/07 11:56:11 | 000,138,192 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - File not found [Auto | Stopped] -- C:\Program Files\AGI\common\win32\PythonService.exe -- (AGWinService)
SRV - File not found [Auto | Stopped] -- C:\Program Files\AGI\core\3.2\AGCoreService.exe -- (AGCoreService)
SRV - [2013/01/18 08:24:33 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/05 04:15:58 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/06 03:08:21 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/10/02 15:02:10 | 004,463,864 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- C:\Program Files\Online Armor\oasrv.exe -- (SvcOnlineArmor)
SRV - [2012/10/02 15:02:04 | 000,216,072 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- C:\Program Files\Online Armor\oacat.exe -- (OAcat)
SRV - [2012/07/03 12:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/05/28 13:46:56 | 000,353,168 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService)
SRV - [2011/03/16 09:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/02/07 11:56:11 | 000,138,192 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2010/08/24 04:38:18 | 000,092,008 | ---- | M] (TomTom) [On_Demand | Stopped] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2004/10/20 09:40:04 | 000,010,328 | ---- | M] (America Online) [On_Demand | Stopped] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)
SRV - [2004/10/15 15:54:14 | 000,100,016 | ---- | M] (America Online, Inc) [On_Demand | Stopped] -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe -- (AOL TopSpeedMonitor)
SRV - [2004/08/24 16:12:14 | 000,057,344 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\slserv.exe -- (SLService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Unknown (0) | On_Demand | Unknown] -- System32\Drivers\TfKbMon.sys -- (TfKbMon)
DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SABKUTIL.sys -- (SABKUTIL)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\3.tmp -- (MEMSWEEP2)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [File_System | Boot | Stopped] -- system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Philip\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2012/10/02 15:03:04 | 000,044,992 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\oahlp32.sys -- (oahlpXX)
DRV - [2012/10/02 15:02:34 | 000,031,920 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OAnet.sys -- (OAnet)
DRV - [2012/10/02 15:02:34 | 000,027,648 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OAmon.sys -- (OAmon)
DRV - [2012/10/02 15:02:32 | 000,208,320 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\system32\drivers\OADriver.sys -- (OADevice)
DRV - [2012/03/02 15:03:00 | 000,025,216 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2012/03/02 15:03:00 | 000,020,864 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2012/03/02 15:03:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2011/10/25 22:01:40 | 007,412,736 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2010/05/28 06:04:52 | 000,014,896 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/04/27 15:57:28 | 000,066,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2010/04/27 15:57:28 | 000,015,048 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2010/04/27 15:57:22 | 000,022,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2010/04/27 13:01:26 | 000,037,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/06/30 10:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2008/12/11 08:38:22 | 000,159,600 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2008/08/01 17:36:26 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008/08/01 17:36:20 | 000,054,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008/07/03 16:03:14 | 004,745,216 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2008/05/20 18:53:36 | 000,093,696 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2008/02/27 12:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BANTExt.sys -- (BANTExt)
DRV - [2008/01/25 19:01:00 | 000,132,096 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvgts.sys -- (nvgts)
DRV - [2007/09/28 13:30:57 | 000,019,345 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMPR5.sys -- (MREMPR5)
DRV - [2007/09/28 13:30:49 | 000,018,003 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5)
DRV - [2007/06/29 13:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2006/12/28 11:44:44 | 000,084,992 | R--- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdAud.sys -- (HdAudAddService)
DRV - [2006/07/01 21:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005/02/23 13:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/08/24 15:51:26 | 000,650,632 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\slntamr.sys -- (Slntamr)
DRV - [2004/08/24 15:43:18 | 000,014,520 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\RecAgent.sys -- (RecAgent)
DRV - [2004/08/24 15:40:28 | 000,229,720 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mtlmnt5.sys -- (Mtlmnt5)
DRV - [2004/08/24 15:35:14 | 000,100,240 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slnthal.sys -- (SlNtHal)
DRV - [2004/08/24 15:33:32 | 001,395,376 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mtlstrm.sys -- (Mtlstrm)
DRV - [2004/08/24 15:24:14 | 000,013,216 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\slwdmsup.sys -- (SlWdmSup)
DRV - [2003/01/10 16:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {E4C1C287-8FEA-4F2A-BA25-6C68D7630F52}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{E4C1C287-8FEA-4F2A-BA25-6C68D7630F52}: "URL" = http://www.google.co...&rlz=1I7GGLL_en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "google-feed.net"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.pardus.at/index.php"
FF - prefs.js..extensions.enabledAddons: btpersonas%40brandthunder.com:1.6.2.8
FF - prefs.js..extensions.enabledAddons: flvmoviesdownloader%40rzll:1.43
FF - prefs.js..extensions.enabledAddons: PardusCopilot%40mozilla.doslash.org:1.1.5
FF - prefs.js..extensions.enabledAddons: puc%40fantamondi.it:1.2.3
FF - prefs.js..extensions.enabledAddons: unplug%40compunach:2.052
FF - prefs.js..extensions.enabledAddons: %7B000F1EA4-5E08-4564-A29B-29076F63A37A%7D:1.0.3.171
FF - prefs.js..extensions.enabledAddons: %7BEDA7B1D7-F793-4e03-B074-E6F303317FB0%7D:1.2.7
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.13
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.4.3rc2
FF - prefs.js..extensions.enabledAddons: %7B0b457cAA-602d-484a-8fe7-c1d894a011ba%7D:0.98.28
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.6
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..extensions.enabledItems: {75623d5d-4683-402a-b610-ac4bab767c86}:3.0.3
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.2
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.1
FF - prefs.js..extensions.enabledItems: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.88
FF - prefs.js..extensions.enabledItems: [email protected]:1.1.6
FF - prefs.js..extensions.enabledItems: [email protected]:1.1.4
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.7.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Karen\Application Data\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\WINDOWS\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.)
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\5yl0bayj.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Philip\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/12/05 04:15:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/12/05 04:15:54 | 000,000,000 | ---D | M]

[2008/10/17 17:06:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Philip\Application Data\Mozilla\Extensions
[2013/01/18 08:22:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\5yl0bayj.default\extensions
[2012/07/30 03:54:38 | 000,000,000 | ---D | M] () -- C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\5yl0bayj.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}
[2013/01/16 02:06:50 | 000,000,000 | ---D | M] (FireShot) -- C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\5yl0bayj.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2013/01/16 02:06:49 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\5yl0bayj.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/12/12 02:59:05 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\5yl0bayj.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(2)
[2012/09/27 04:13:42 | 000,000,000 | ---D | M] ("Default Theme Engine - Personas Interactive") -- C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\5yl0bayj.default\extensions\[email protected]
[2011/10/29 10:10:41 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\5yl0bayj.default\extensions\[email protected]
[2010/01/22 02:27:09 | 000,000,000 | ---D | M] ("FTSTrader") -- C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\5yl0bayj.default\extensions\ftstrader@torx
[2012/06/09 21:26:28 | 000,014,838 | ---- | M] () (No name found) -- C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\5yl0bayj.default\extensions\[email protected]
[2011/06/10 07:17:10 | 000,031,415 | ---- | M] () (No name found) -- C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\5yl0bayj.default\extensions\[email protected]
[2011/05/28 06:56:03 | 000,063,696 | ---- | M] () (No name found) -- C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\5yl0bayj.default\extensions\[email protected]
[2012/09/27 04:13:42 | 000,142,851 | ---- | M] () (No name found) -- C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\5yl0bayj.default\extensions\[email protected]
[2013/01/16 02:06:49 | 000,533,430 | ---- | M] () (No name found) -- C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\5yl0bayj.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013/01/18 08:22:18 | 000,266,840 | ---- | M] () (No name found) -- C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\5yl0bayj.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2012/05/04 23:32:01 | 000,091,556 | ---- | M] () (No name found) -- C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\5yl0bayj.default\extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0}.xpi
[2012/12/05 04:15:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/12/05 04:15:54 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/12/05 04:15:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2012/12/05 04:15:58 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/11/19 16:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2009/11/19 16:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2010/03/20 03:55:06 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\mozilla firefox\plugins\npPandoWebInst.dll
[2012/08/29 11:26:12 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/12 10:36:07 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google Custom Search ()
CHR - default_search_provider: search_url = http://landing.savet...q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Karen\Local Settings\Application Data\Google\Chrome\Application\8.0.552.224\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Documents and Settings\Karen\Local Settings\Application Data\Google\Chrome\Application\8.0.552.224\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Karen\Local Settings\Application Data\Google\Chrome\Application\8.0.552.224\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U20 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: Pando Web Installer (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Documents and Settings\Karen\Application Data\Move Networks\plugins\npqmp071503000010.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Karen\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: TVU Web Player for FireFox (Enabled) = C:\WINDOWS\system32\TVUAx\npTVUAx.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2012/08/15 03:33:52 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [@OnlineArmor GUI] C:\Program Files\Online Armor\OAui.exe (Emsisoft GmbH)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - Startup: C:\Documents and Settings\Philip\Start Menu\Programs\Startup\JL Alpine Advent Calendar.lnk = C:\Program Files\JL Alpine Advent Calendar\JL Alpine Advent Calendar.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_20.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: amazon.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: carboniteaddon.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([windowsupdate] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([www.update] http in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemyds...t Installer.cab (Support.com Configuration Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1274685273609 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1352878580937 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7} http://3979.mcdtt.co...hecker_8000.cab (OCXDownloadChecker Control)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {DBAFE6AD-DC14-45DF-A3F7-F8832289A1CD} http://3979.mcdtt.co...adFile_8100.cab (DownloadFile Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ABA3E625-ED42-4856-AA31-087C7FD95685}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Philip\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Philip\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Online Armor\oaevent.dll (Emsisoft GmbH)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/22 09:36:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/16 16:16:38 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Philip\Recent
[2013/01/16 02:19:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Philip\Application Data\OnlineArmor
[2013/01/16 02:19:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\OnlineArmor
[2013/01/16 02:18:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Online Armor
[2013/01/16 02:18:41 | 000,031,920 | ---- | C] (Emsisoft) -- C:\WINDOWS\System32\drivers\OAnet.sys
[2013/01/16 02:18:41 | 000,027,648 | ---- | C] (Emsisoft) -- C:\WINDOWS\System32\drivers\OAmon.sys
[2013/01/16 02:18:38 | 000,000,000 | ---D | C] -- C:\Program Files\Online Armor
[2013/01/16 02:12:37 | 030,185,256 | ---- | C] (Emsisoft GmbH ) -- C:\Documents and Settings\Philip\Desktop\OnlineArmorSetup.exe
[2013/01/15 06:07:16 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/01/14 04:12:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak
[2013/01/14 03:53:51 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Philip\Desktop\tdsskiller.exe
[2013/01/14 03:53:38 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Philip\Desktop\OTL.exe
[2013/01/13 07:14:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2013/01/11 04:15:08 | 000,065,024 | ---- | C] (Systemintegrasjon AS) -- C:\MbrFix.exe

========== Files - Modified Within 30 Days ==========

[2013/01/18 08:49:49 | 000,000,812 | ---- | M] () -- C:\Documents and Settings\Philip\Start Menu\Programs\Startup\JL Alpine Advent Calendar.lnk
[2013/01/18 08:49:04 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cd92c7b49420c3.job
[2013/01/18 08:49:04 | 000,000,394 | ---- | M] () -- C:\WINDOWS\tasks\ProgramUpdateCheck.job
[2013/01/18 08:49:04 | 000,000,378 | ---- | M] () -- C:\WINDOWS\tasks\FreeFileViewerUpdateChecker.job
[2013/01/18 08:49:04 | 000,000,272 | ---- | M] () -- C:\WINDOWS\tasks\ASC4_PerformanceMonitor.job
[2013/01/18 08:48:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/01/18 08:24:34 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/01/18 08:23:15 | 000,001,330 | ---- | M] () -- C:\Documents and Settings\Philip\Desktop\desktoptab.reg
[2013/01/18 08:21:33 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/01/18 05:34:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-789336058-861567501-1801674531-1005Core1cc03f46f882a40.job
[2013/01/16 02:35:53 | 000,881,914 | ---- | M] () -- C:\Documents and Settings\Philip\Desktop\SecurityCheck.exe
[2013/01/16 02:18:54 | 000,485,108 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/01/16 02:18:54 | 000,090,066 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/01/16 02:16:31 | 030,185,256 | ---- | M] (Emsisoft GmbH ) -- C:\Documents and Settings\Philip\Desktop\OnlineArmorSetup.exe
[2013/01/16 02:00:07 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\TEMP
[2013/01/15 06:02:51 | 000,403,608 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/01/15 06:01:26 | 000,554,087 | ---- | M] () -- C:\Documents and Settings\Philip\Desktop\AdwCleaner.exe
[2013/01/15 05:58:48 | 000,001,215 | ---- | M] () -- C:\Documents and Settings\Philip\Desktop\Custom scans and fixes.rtf
[2013/01/14 04:49:41 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/01/14 03:54:02 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Philip\Desktop\tdsskiller.exe
[2013/01/14 03:53:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Philip\Desktop\OTL.exe
[2013/01/11 03:43:16 | 000,000,512 | ---- | M] () -- C:\newMBR.bin
[2013/01/11 03:43:10 | 000,065,024 | ---- | M] (Systemintegrasjon AS) -- C:\MbrFix.exe
[2013/01/09 08:43:21 | 000,000,512 | ---- | M] () -- C:\Physical0MBR.bin

========== Files Created - No Company Name ==========

[2013/01/18 08:23:15 | 000,001,330 | ---- | C] () -- C:\Documents and Settings\Philip\Desktop\desktoptab.reg
[2013/01/16 02:35:52 | 000,881,914 | ---- | C] () -- C:\Documents and Settings\Philip\Desktop\SecurityCheck.exe
[2013/01/16 02:18:41 | 000,208,320 | ---- | C] () -- C:\WINDOWS\System32\drivers\OADriver.sys
[2013/01/16 02:18:41 | 000,044,992 | ---- | C] () -- C:\WINDOWS\System32\drivers\oahlp32.sys
[2013/01/15 08:46:39 | 000,001,215 | ---- | C] () -- C:\Documents and Settings\Philip\Desktop\Custom scans and fixes.rtf
[2013/01/15 06:05:55 | 000,554,087 | ---- | C] () -- C:\Documents and Settings\Philip\Desktop\AdwCleaner.exe
[2013/01/11 04:15:08 | 000,000,512 | ---- | C] () -- C:\newMBR.bin
[2013/01/09 08:43:21 | 000,000,512 | ---- | C] () -- C:\Physical0MBR.bin
[2012/12/12 02:34:29 | 000,111,872 | ---- | C] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2012/08/15 03:45:58 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/07/30 05:58:24 | 000,000,063 | ---- | C] () -- C:\Documents and Settings\Philip\jagex_cl_runescape_LIVE1.dat
[2012/07/30 04:28:41 | 000,000,062 | ---- | C] () -- C:\Documents and Settings\Philip\jagex_cl_runescape_LIVE.dat
[2011/12/24 21:18:49 | 000,038,399 | ---- | C] () -- C:\WINDOWS\DIIUnin.dat
[2011/10/25 21:21:48 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\OpenVideo.dll
[2011/10/25 21:21:34 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\OVDecoder.dll
[2011/08/19 19:18:49 | 000,000,010 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011/05/23 05:42:22 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2011/05/04 16:28:03 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/05/04 16:28:03 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/05/04 16:28:03 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/05/04 16:28:03 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/05/04 16:28:03 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/04/22 14:50:57 | 000,093,396 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/03/29 22:29:10 | 008,676,883 | ---- | C] () -- C:\WINDOWS\System32\mp3Media2.dll
[2011/03/21 18:56:22 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\OVDecode.dll
[2010/08/02 07:18:00 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Philip\Local Settings\Application Data\prvlcl.dat
[2010/03/23 01:06:08 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Philip\Local Settings\Application Data\fusioncache.dat
[2010/02/14 02:10:59 | 000,000,032 | R--- | C] () -- C:\Documents and Settings\All Users\hash.dat
[2008/10/19 21:14:44 | 000,029,794 | ---- | C] () -- C:\Documents and Settings\Philip\1.zor
[2008/10/19 18:00:44 | 000,000,033 | ---- | C] () -- C:\Documents and Settings\Philip\Untitled.zor
[2008/07/24 05:21:50 | 000,236,032 | ---- | C] () -- C:\Documents and Settings\Philip\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2008/07/22 09:50:49 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2006/02/28 07:00:00 | 001,492,480 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 04:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/11/17 05:18:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2010/06/18 18:58:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/08/06 04:29:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2011/10/09 15:33:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games
[2011/11/26 11:02:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Brainiversity2
[2012/09/17 02:26:03 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2012/09/17 03:18:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonEPP
[2012/09/17 11:49:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJ
[2012/09/17 10:36:00 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2012/09/17 13:25:44 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEPPEX
[2012/09/17 03:18:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEPPEX2
[2012/09/17 03:18:09 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJMyPrinter
[2013/01/14 03:55:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJPLM
[2012/09/17 11:17:34 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2012/09/17 03:18:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJSolutionMenuEX
[2012/09/17 02:31:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJWSpt
[2009/10/12 05:27:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CCP
[2011/10/08 01:48:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\dingogames
[2012/03/24 04:33:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA Core
[2012/03/24 04:35:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2010/10/01 05:30:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Enkord
[2011/05/04 17:02:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fallout3
[2011/11/03 00:20:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2012/11/19 03:54:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2010/01/27 13:30:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin Games
[2011/08/17 06:15:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Karen's Power Tools
[2008/07/23 18:16:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2010/12/20 18:44:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2010/10/21 05:34:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MySQL
[2011/10/15 16:23:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
[2013/01/16 02:29:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OnlineArmor
[2010/07/26 03:47:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2012/03/03 00:30:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rising
[2008/12/24 06:29:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Stardock
[2011/02/12 10:23:09 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\System Restore
[2010/10/26 18:31:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2012/05/04 22:46:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2009/10/08 04:37:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YNAB
[2011/05/04 17:02:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{1EB63B4B-5639-4477-8E24-05C31B5F8019}
[2011/04/22 14:18:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/03/24 04:50:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2012/08/10 19:18:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philip\Application Data\.minecraft
[2012/05/30 01:12:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philip\Application Data\Amazon
[2012/06/28 05:04:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philip\Application Data\Artweaver
[2012/10/02 01:17:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philip\Application Data\Canon
[2011/10/08 01:48:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philip\Application Data\dingogames
[2010/01/04 04:47:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philip\Application Data\eMusic
[2010/10/20 03:28:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philip\Application Data\FireShot
[2011/07/19 05:36:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philip\Application Data\Free Download Manager
[2012/02/18 00:13:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philip\Application Data\IObit
[2010/12/10 21:21:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philip\Application Data\JacquieLawsonAdventCalendar
[2012/12/11 04:35:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philip\Application Data\JLAdventCalendarAlpine2012
[2011/12/03 08:45:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philip\Application Data\JLAdventCalendarLondon2011
[2012/10/06 02:56:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philip\Application Data\Kongregate
[2010/07/28 20:50:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philip\Application Data\LolClient
[2010/09/26 07:41:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philip\Application Data\Maxisoft
[2011/05/23 05:43:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philip\Application Data\MinMaxGames
[2011/08/31 06:15:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philip\Application Data\Mp3tag
[2013/01/16 02:19:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philip\Application Data\OnlineArmor
[2012/05/17 04:26:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philip\Application Data\Oracle
[2008/07/24 02:51:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philip\Application Data\PCToolsFirewallPlus
[2010/02/12 18:56:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philip\Application Data\runic games
[2012/12/10 05:55:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philip\Application Data\SecondLife
[2012/08/07 04:06:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philip\Application Data\Sony Online Entertainment
[2012/10/06 20:14:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philip\Application Data\splitscreen
[2008/12/24 06:42:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philip\Application Data\Stardock
[2008/10/28 08:02:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philip\Application Data\SuperNZB
[2010/03/23 01:07:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philip\Application Data\Turbine
[2012/09/01 18:22:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philip\Application Data\UDP Software
[2012/08/06 07:57:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philip\Application Data\Unity
[2012/07/21 06:45:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philip\Application Data\uTorrent
[2011/05/04 16:11:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philip\Application Data\vol_toolbar
[2010/05/28 15:08:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philip\Application Data\Windows Desktop Search
[2010/05/24 03:30:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philip\Application Data\Windows Search
[2009/05/24 01:45:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philip\Application Data\yess

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C31F31E6

< End of report >

I uninstalled IObit. Ran the reg file from desktop, no immediate change. Rebooting now. if successful, I'll post something. If not, I'm crshing hard into the bed. been a loooooonnnnnnnngggggggg day for me.
  • 0

Advertisements

#62
Jhackofalltrades
Posted 18 January 2013 - 08:33 AM

Jhackofalltrades

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
Desktop tabs are still absent. When I reboot, there's a screen that allows me to select which operating system that I want to boot to. The current choices were 1, Windows XP Home Edition, and Windows Recovery Console. It defaults to 1. Okay, see you tomorrow. It's been a rather odd time for me. Is it just me or is my set of problems a particularly resilient strain of problems?
  • 0

#63
Buddierdl
Posted 20 January 2013 - 03:34 PM

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hi Jhackofalltrades,

Desktop tabs are still absent.


Could you please take a screenshot of this to show me. To take a screenshot, open up the problem window, then press the "PrntScrn" button on your keyboard. Then open up Microsoft Paint and press control-v to paste the image into the paint palette. You can then save the picture and attach it to your next post.

When I reboot, there's a screen that allows me to select which operating system that I want to boot to. The current choices were 1, Windows XP Home Edition, and Windows Recovery Console. It defaults to 1. Okay, see you tomorrow. It's been a rather odd time for me. Is it just me or is my set of problems a particularly resilient strain of problems?


We had a fun time getting the computer to boot because of the corrupt MBR, but now it's not too bad. We only have a little bit left to take care of.

As for the boot options, the Recovery Console is an option that allows you to repair your computer if its not bootable. You can select XP when you boot, or just leave it go and it should automatically boot to XP in a few seconds.

We need to check system restore:

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the all of the options are checked:

    Posted Image
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

  • 0

#64
Jhackofalltrades
Posted 21 January 2013 - 04:30 AM

Jhackofalltrades

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
Okay this is the FSS log requested.

============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys
[2006-02-28 07:00] - [2006-02-28 07:00] - 0162816 ____A (Microsoft Corporation) 0C80E410CD2F47134407EE7DD19CC86B

C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys
[2006-02-28 07:00] - [2006-02-28 07:00] - 0074752 ____A (Microsoft Corporation) 64537AA5C003A6AFEEE1DF819062D0D1

C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll
[2006-02-28 07:00] - [2006-02-28 07:00] - 0331264 ____A (Microsoft Corporation) 36CC8C01B5E50163037BEF56CB96DEFF

C:\WINDOWS\system32\netman.dll
[2006-02-28 07:00] - [2006-02-28 07:00] - 0198144 ____A (Microsoft Corporation) DAB9E6C7105D2EF49876FE92C524F565

C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll
[2006-02-28 07:00] - [2006-02-28 07:00] - 0081408 ____A (Microsoft Corporation) 4D59DAA66C60858CDF4F67A900F42D4A

C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll
[2006-02-28 07:00] - [2006-02-28 07:00] - 0060416 ____A (Microsoft Corporation) 10654F9DDCEA9C46CFB77554231BE73B

C:\WINDOWS\system32\svchost.exe
[2006-02-28 07:00] - [2006-02-28 07:00] - 0014336 ____A (Microsoft Corporation) 8F078AE4ED187AAABC0A305146DE6716

C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) OAmon(8) pctgntdi(10) Tcpip(4)
0x0700000005000000030000000400000008000000060000000A00000007000000
IpSec Tag value is correct.

**** End of log ****

I hope I zipped this thing right. I've never zipped anything before, just don't like the additional step. If it fails, lemme know and I'll post a link. Eh screw it, link's right here if it fails. http://img145.images.../lackoftabs.png

If you'll notice under the 'i' in display properties, there is a funny little tab thingy. That's the high light that you'd get if you have tabbed to a selection. Sitting invisibly next to it are the rest of the tabs in order. I must currently hunt for them to access them. As you can see from the tabbed target area, it's not a large area that I must hit, but it's done after a few tries.

Attached Files


  • 0

#65
Buddierdl
Posted 21 January 2013 - 07:50 AM

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
I believe you only pasted the bottom of the log. Could you check and make sure you got it all?
  • 0

#66
Jhackofalltrades
Posted 22 January 2013 - 02:51 AM

Jhackofalltrades

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
derp....


Farbar Service Scanner Version: 16-01-2013
Ran by Philip (administrator) on 21-01-2013 at 05:20:58
Running from "C:\Documents and Settings\Philip\Desktop"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is offline
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys
[2006-02-28 07:00] - [2006-02-28 07:00] - 0162816 ____A (Microsoft Corporation) 0C80E410CD2F47134407EE7DD19CC86B

C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys
[2006-02-28 07:00] - [2006-02-28 07:00] - 0074752 ____A (Microsoft Corporation) 64537AA5C003A6AFEEE1DF819062D0D1

C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll
[2006-02-28 07:00] - [2006-02-28 07:00] - 0331264 ____A (Microsoft Corporation) 36CC8C01B5E50163037BEF56CB96DEFF

C:\WINDOWS\system32\netman.dll
[2006-02-28 07:00] - [2006-02-28 07:00] - 0198144 ____A (Microsoft Corporation) DAB9E6C7105D2EF49876FE92C524F565

C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll
[2006-02-28 07:00] - [2006-02-28 07:00] - 0081408 ____A (Microsoft Corporation) 4D59DAA66C60858CDF4F67A900F42D4A

C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll
[2006-02-28 07:00] - [2006-02-28 07:00] - 0060416 ____A (Microsoft Corporation) 10654F9DDCEA9C46CFB77554231BE73B

C:\WINDOWS\system32\svchost.exe
[2006-02-28 07:00] - [2006-02-28 07:00] - 0014336 ____A (Microsoft Corporation) 8F078AE4ED187AAABC0A305146DE6716

C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) OAmon(8) pctgntdi(10) Tcpip(4)
0x0700000005000000030000000400000008000000060000000A00000007000000
IpSec Tag value is correct.

**** End of log ****
  • 0

#67
Buddierdl
Posted 22 January 2013 - 09:10 AM

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hi Jhackofalltrades,

Please download this script and double-click on it to run it. Reboot when done and see if your tabs are back.

Also, let's make sure system restore is working. See if you can set a restore point.

To set up a restore point, follow these steps:
  • Close any programs that are open.
  • Click Start, point to All Programs, point to Accessories, point to System Tools, and then click System Restore. The System Restore Wizard opens.
  • Click Create a restore point, and then click Next.
  • In Restore point description box, type a description for the restore point. Use a description that is easy to understand.
    Note The date and time are automatically added to your restore point. Therefore, you do not have to use them in your description.
  • To finish creating this restore point, click the Create button. The System Restore Wizard notifies you when the restore point is created.

  • 0

#68
Jhackofalltrades
Posted 23 January 2013 - 04:45 AM

Jhackofalltrades

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
The script restored the tabs in display properties. Thank you. The system restore command seems to have created a system restore point.. My wife has been using the computer and hasn't seemed to have noticed anything major, but she was tired when I asked and doesn't use the computer so much since it's a little screwy right now.

I have had to reinstall Windows Media player to watch a DVD. Adobe AIR keeps wanting to run an update but fails the install. Every time that I shut down or reboot the system normally, there appear to be the same updates that try to install (and they appear to fail each time as well). Belarc Security Advisor says the following (I hope I'm copying the correct thing down) security updates are missing/not installed : http://support.microsoft.com/kb/2736416, http://support.micro....com/kb/2742596, http://support.micro....com/kb/2742597, http://support.micro....com/kb/2756918, and http://support.micro...com/kb/2687499. I zipped up the file and attached it if you wanted to see it. Lastly, IE refuses to completely access the windows update site at http://www.update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-us. It gives me the error code [Error number: 0x80090008] when I try to choose to download and install express updates.

Attached Files


  • 0

#69
Buddierdl
Posted 24 January 2013 - 07:48 AM

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hi Jhackofalltrades,

For windows updates, please visit this site, run the fixit, then see if you can run windows updates.

For Adobe AIR, do you know if you need this program? If not, just uninstall it. If you need it, try uninstalling from the "Add/Remove Programs" section of the control panel then reinstalling. You can get the installer from here.

Let me know if these fixes work and if there are any other problems.
  • 0

#70
Jhackofalltrades
Posted 25 January 2013 - 04:32 AM

Jhackofalltrades

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
The windows update site fixit failed to automatically fix the problem. I looked at the manual version and tried that. I stopped BITS and Windows update, then killed the qmgr*.dat files from the command prompt. From the \windows\system 32 dir, I began registering the BITS files and the Windows Update files. First time through (before reboot), the following commands failed to load when it asked me to enter them at the command prompt.

regSvr32
mshtml.dll was loaded, but the DllREgisterServer entry point was not found. This file can not be registered.
LoadLibrary ("wucltux.dll") failed - The specified module could not be found.
LoadLibrary ("wuwebv.dll") failed - The specified module could not be found.
netsh reset winsock
This command failed at the command prompt b/c "the following command was not found: reset winsock."

I'm posting this and rebooting now to see if that fixes things or if it's still broken.

Also Adobe AIR is used for a program that my wife likes. It doesn't want to uninstall from the control panel's add/remove program list. I'll try that on reboot as well, in case it's just screwy like that.
  • 0

Advertisements

#71
Jhackofalltrades
Posted 25 January 2013 - 05:03 AM

Jhackofalltrades

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
Adobe AIR didn't want to uninstall for an unspecified reason. It implied that I should check with the system administrator.

Microsoft update still fails automatically with the same 80090009 code as before. Ironically, that is the same code as the fixit failed with.

I went back to the fixit site to continue the manual version, stopping to do step 4 as instructed instead of skipping it. It asked me to type in the following command
Ren %systemroot%\SoftwareDistribution\DataStore *.bak
which failed with the error msg "The filename, directory name, or volume label syntax is incorrect. This failed when I typed it in all lowercase, then capitalized as in the command, then with c:\ replacing %systemroot%. Then I opened explorer, tracked down the softwaredistribution\datastore folder in c:\windows\. I put the code in as Ren C:\WINDOWS\SoftwareDistribution\Datastore *.bak and that failed too. I changed directories to c:\windows\system32 and tried the command again, that failed. All with the same error msg as above. Then I called it quits. Cause I don't know what I'm doing wrong. I'm going to reboot the system again now, without following the rest of the steps. If things appear more broken, I'll follow the rest, but I don't think they will since I'm not going to be re-registering something different than was before. BITS and windowsupdate should be obvious if they're not up on reset cause I'll just check the services. (having typed all that out... I do realize that sounds very stupid and impulsive. But it's already broken, I don't think I can break it more by doing this. It's not like I'm tearing out malware with TDSSkiller on advanced >.> )

  • 0

#72
Buddierdl
Posted 25 January 2013 - 11:52 AM

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hi Jhackofalltrades,

Let's try this fixit instead. Is you computer on a business network?

For Adobe AIR, try downloading the latest version here and tell me what happens when you run the installer
  • 0

#73
Jhackofalltrades
Posted 27 January 2013 - 03:15 AM

Jhackofalltrades

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
The new windows fixit failed saying "The Windows Installer Service could not be accessed. This can occur if you're running windows in Safe mode or if the Windows Installer is not correctly installed. Contact your support personnel for assistance." This occured with the firewall up and with it down.

My computer is on a home network, usually with one other computer (that runs rather slowly), but now also has a laptop hooked in b/c my main is still not very viable. Very little has been done to make the network an actual network. I hooked them all into the same router and they can see each other if I tell them the network name that I gave it.

It says that an error has occurred and that installation may not be allowed by your administrator. I made sure to shut down FF and that nothing else was running during this except the firewall.

Edited by Jhackofalltrades, 27 January 2013 - 03:17 AM.

  • 0

#74
Buddierdl
Posted 28 January 2013 - 10:05 AM

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts

It says that an error has occurred and that installation may not be allowed by your administrator. I made sure to shut down FF and that nothing else was running during this except the firewall.


Is this referring to when you tried to install Adobe AIR?



  • 0

#75
Buddierdl
Posted 28 January 2013 - 12:06 PM

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hi Jhackofalltrades,

Let's see if we can fix this. Please also see my question in the above post.

Open OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSIServer
/md5start
msiexec.*
/md5stop
  • Select the None button at the top of the window
  • [color=#1C2837]Click the Run Scan button. Post the log it produces in your next reply.

  • 0
Back to Computer Won't Boot - Malware Related · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Computer Won't Boot - Malware Related

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP