Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91699 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Won't Boot [Solved]


  • This topic is locked This topic is locked
38 replies to this topic

#16 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 04 November 2013 - 04:39 PM

Hi,
 
If you need to run this in Safe Mode please do so and once complete please let me know how your system is running.
 
ttLR1ki.jpg
 
Run OTL.exe

  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
     
    :Services
     
    :Files
    C:\Downloads\cbsidlm-tr1_14-Steam-SEO-97526.exe 
    C:\Downloads\playalotgames_d146490.exe 
    C:\Software\AVStoDVD_251_Install.exe 
    C:\Software\dvdburning_d165404.exe 
    C:\Software\m4a-to-mp3-converter.exe
    D:\Documents and Settings\Bob\Local Settings\Temp\AskSLib.dll 
    D:\Software\m4a-to-mp3-converter.exe
    ipconfig /flushdns /c
     
    :Commands
    [emptytemp]
    [start explorer]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

Posted Image
 
 

    Advertisements

Register to Remove


#17 Shelby68GT500

Shelby68GT500

    Authentic Member

  • Authentic Member
  • PipPip
  • 82 posts

Posted 04 November 2013 - 05:46 PM

Jeff,  Ok, did as you requested (but I didn't check the LOP and Purity boxes on the "Fix" scan, as I didn't note that until I was further along in the process) and have posted the log below.  I did have to reboot into safe mode again as after the windows splash screen, it went all black...

 

Thanks, Bob

 

OTL logfile created on: 11/4/2013 6:29:51 PM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = D:\Documents and Settings\Paddy\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.00 Gb Total Physical Memory | 2.71 Gb Available Physical Memory | 90.29% Memory free
4.84 Gb Paging File | 4.74 Gb Available in Paging File | 97.81% Paging File free
Paging file location(s): D:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
Drive C: | 465.75 Gb Total Space | 395.99 Gb Free Space | 85.02% Space Free | Partition Type: NTFS
Drive D: | 298.08 Gb Total Space | 186.08 Gb Free Space | 62.43% Space Free | Partition Type: NTFS
Drive K: | 3.73 Gb Total Space | 2.49 Gb Free Space | 66.91% Space Free | Partition Type: FAT32
 
Computer Name: MUDDY | User Name: Paddy | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - D:\Documents and Settings\Paddy\Desktop\OTL.exe (OldTimer Tools)
PRC - D:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
PRC - D:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe (McAfee, Inc.)
PRC - D:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
PRC - D:\WINDOWS\explorer.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - D:\Program Files\NVIDIA Corporation\nview\nvShell.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (Steam Client Service) -- D:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (nvUpdatusService) -- D:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (mfevtp) -- D:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
SRV - (mfefire) -- D:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SRV - (McAPExe) -- D:\Program Files\McAfee\MSC\McAPExe.exe (McAfee, Inc.)
SRV - (mfecore) -- D:\Program Files\Common Files\Mcafee\AMCore\mcshield.exe (McAfee, Inc.)
SRV - (McODS) -- D:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (MSK80Service) -- D:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McProxy) -- D:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (mcpltsvc) -- D:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNaiAnn) -- D:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McMPFSvc) -- D:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (HomeNetSvc) -- D:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (JavaQuickStarterService) -- D:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- D:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (McAfee SiteAdvisor Service) -- D:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (IntuitUpdateServiceV4) -- D:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit Inc.)
SRV - (MOBKbackup) -- D:\Program Files\McAfee Online Backup\MOBKbackup.exe (McAfee, Inc.)
SRV - (PCPitstop Scheduling) -- D:\Program Files\PCPitstop\PCPitstopScheduleService.exe (PC Pitstop LLC)
SRV - (Pml Driver HPZ12) -- D:\WINDOWS\system32\HPZipm12.exe (HP)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WDICA) --  File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (ldfalul) -- System32\drivers\vtkly.sys File not found
DRV - (lbrtfdc) --  File not found
DRV - (i2omgmt) --  File not found
DRV - (Changer) --  File not found
DRV - (cerc6) --  File not found
DRV - (catchme) -- D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys File not found
DRV - (cfwids) -- D:\WINDOWS\system32\drivers\cfwids.sys (McAfee, Inc.)
DRV - (mfetdi2k) -- D:\WINDOWS\system32\drivers\mfetdi2k.sys (McAfee, Inc.)
DRV - (mfehidk) -- D:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfendiskmp) -- D:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (mfendisk) -- D:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (mfefirek) -- D:\WINDOWS\system32\drivers\mfefirek.sys (McAfee, Inc.)
DRV - (mfebopk) -- D:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- D:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- D:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (HipShieldK) -- D:\WINDOWS\system32\drivers\HipShieldK.sys (McAfee, Inc.)
DRV - (mfencrk) -- D:\WINDOWS\system32\drivers\mfencrk.sys (McAfee, Inc.)
DRV - (mfencbdc) -- D:\WINDOWS\system32\drivers\mfencbdc.sys (McAfee, Inc.)
DRV - (McPvDrv) -- D:\WINDOWS\system32\drivers\McPvDrv.sys (McAfee, Inc.)
DRV - (MOBKFilter) -- D:\WINDOWS\system32\drivers\MOBK.sys (Mozy, Inc.)
DRV - (MSTAPE) -- D:\WINDOWS\system32\drivers\mstape.sys (Microsoft Corporation)
DRV - (AVCSTRM) -- D:\WINDOWS\system32\drivers\avcstrm.sys (Microsoft Corporation)
DRV - (scsiscan) -- D:\WINDOWS\system32\drivers\scsiscan.sys (Microsoft Corporation)
DRV - (RTLE8023xp) -- D:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation                           )
DRV - (IntcAzAudAddService) -- D:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (Diag69xp) -- D:\WINDOWS\system32\drivers\diag69xp.sys (Realtek Semiconductor Corporation)
DRV - (RTLVLAN) -- D:\WINDOWS\system32\drivers\RTLVLAN.SYS (Realtek Semiconductor Corporation)
DRV - (LANPkt) -- D:\WINDOWS\system32\drivers\LANPkt.sys (Realtek Semiconductor Corporation)
DRV - (ICAM3NT5) -- D:\WINDOWS\system32\drivers\Icam3.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: D:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: D:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: d:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: D:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: D:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: D:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: D:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: D:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: D:\Program Files\McAfee\SiteAdvisor [2013/10/04 13:52:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: D:\Program Files\McAfee\MSK [2013/11/02 11:25:55 | 000,000,000 | ---D | M]
 
[2013/08/15 18:03:48 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\Paddy\Application Data\Mozilla\Extensions
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = D:\Program Files\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = D:\Program Files\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = D:\Program Files\Google\Chrome\Application\28.0.1500.95\pdf.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Adobe Acrobat (Enabled) = D:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = D:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = D:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = D:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = D:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U15 (Enabled) = D:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = D:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Java Deployment Toolkit 7.0.150.3 (Enabled) = D:\WINDOWS\system32\npDeployJava1.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = d:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL
CHR - Extension: Docs = D:\Documents and Settings\Paddy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: Google Drive = D:\Documents and Settings\Paddy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: YouTube = D:\Documents and Settings\Paddy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = D:\Documents and Settings\Paddy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: SiteAdvisor = D:\Documents and Settings\Paddy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.6.2.1341_0\
CHR - Extension: Gmail = D:\Documents and Settings\Paddy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2013/11/01 10:14:31 | 000,000,027 | ---- | M]) - D:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - d:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - d:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O4 - HKLM..\Run: [APSDaemon] D:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [mcpltui_exe] D:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [mcui_exe] D:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] D:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] D:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Nvtmru] D:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] D:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
O4 - HKCU..\Run: [Steam] D:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] D:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O4 - Startup: D:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O4 - Startup: D:\Documents and Settings\Paddy\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = D:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://pcpitstop.com...t/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1353524644140 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcp.../PCPitStop2.cab (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EC33F931-3CDF-4D9B-80A0-6F6A1A87BDE7}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - D:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - d:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - d:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - d:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (D:\WINDOWS\system32\userinit.exe) - D:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: D:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: D:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/10/04 09:54:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/11/04 18:29:19 | 000,602,112 | ---- | C] (OldTimer Tools) -- D:\Documents and Settings\Paddy\Desktop\OTL.exe
[2013/11/04 09:38:29 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Paddy\Application Data\Malwarebytes
[2013/11/04 09:38:21 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/11/04 09:38:20 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Malwarebytes
[2013/11/04 09:38:19 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbam.sys
[2013/11/04 09:38:19 | 000,000,000 | ---D | C] -- D:\Program Files\Malwarebytes' Anti-Malware
[2013/11/04 09:34:28 | 000,000,000 | ---D | C] -- D:\WINDOWS\ERUNT
[2013/11/02 11:34:08 | 000,000,000 | -HSD | C] -- D:\RECYCLER
[2013/11/02 11:20:29 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Paddy\Local Settings\Application Data\NVIDIA
[2013/11/01 10:15:48 | 000,000,000 | ---D | C] -- D:\WINDOWS\temp
[2013/11/01 10:04:10 | 000,000,000 | -HSD | C] -- D:\WINDOWS\CSC
[2013/11/01 09:06:25 | 000,518,144 | ---- | C] (SteelWerX) -- D:\WINDOWS\SWREG.exe
[2013/11/01 09:06:25 | 000,406,528 | ---- | C] (SteelWerX) -- D:\WINDOWS\SWSC.exe
[2013/11/01 09:06:25 | 000,212,480 | ---- | C] (SteelWerX) -- D:\WINDOWS\SWXCACLS.exe
[2013/11/01 09:06:25 | 000,060,416 | ---- | C] (NirSoft) -- D:\WINDOWS\NIRCMD.exe
[2013/11/01 09:06:18 | 000,000,000 | ---D | C] -- D:\Qoobox
[2013/11/01 09:05:59 | 000,000,000 | ---D | C] -- D:\WINDOWS\erdnt
[2013/11/01 08:00:57 | 000,000,000 | ---D | C] -- D:\AdwCleaner
[2013/10/25 11:36:24 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Start Menu\Programs\NVIDIA Corporation
[2013/10/25 11:36:04 | 000,000,000 | ---D | C] -- D:\Program Files\AGEIA Technologies
[2013/10/25 11:35:11 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
[2013/10/25 11:35:02 | 015,709,984 | ---- | C] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvcpl.dll
[2013/10/25 11:35:02 | 000,209,184 | ---- | C] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvmctray.dll
[2013/10/25 11:35:02 | 000,054,272 | ---- | C] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvwddi.dll
[2013/10/25 11:31:04 | 009,457,664 | ---- | C] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvopencl.dll
[2013/10/25 11:31:04 | 001,049,888 | ---- | C] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvdispco3233158.dll
[2013/10/25 11:31:04 | 000,893,728 | ---- | C] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvdispgenco3233158.dll
[2013/10/25 11:18:16 | 000,000,000 | ---D | C] -- D:\NVIDIA
[2013/10/25 11:16:07 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\NVIDIA
[2013/10/17 22:19:54 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\XPSViewer
[2013/10/17 22:19:50 | 000,000,000 | ---D | C] -- D:\Program Files\MSBuild
[2013/10/17 22:19:44 | 000,000,000 | ---D | C] -- D:\Program Files\Reference Assemblies
[2013/10/17 22:19:17 | 000,597,504 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2013/10/17 22:19:17 | 000,575,488 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2013/10/17 22:19:17 | 000,117,760 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\prntvpt.dll
[2013/10/17 22:19:17 | 000,089,088 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2013/10/17 22:19:16 | 001,676,288 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\xpssvcs.dll
[2013/10/17 22:19:16 | 001,676,288 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\xpssvcs.dll
 
========== Files - Modified Within 30 Days ==========
 
[2013/11/04 18:28:31 | 000,002,206 | ---- | M] () -- D:\WINDOWS\System32\wpa.dbl
[2013/11/04 18:28:10 | 000,002,048 | --S- | M] () -- D:\WINDOWS\bootstat.dat
[2013/11/04 10:01:45 | 000,000,664 | ---- | M] () -- D:\WINDOWS\System32\d3d9caps.dat
[2013/11/04 09:38:21 | 000,000,784 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/11/03 09:59:41 | 000,000,876 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/03 09:56:08 | 000,001,142 | ---- | M] () -- D:\WINDOWS\System32\nvAppTimestamps
[2013/11/03 08:39:29 | 000,503,082 | ---- | M] () -- D:\WINDOWS\System32\perfh009.dat
[2013/11/03 08:39:28 | 000,088,480 | ---- | M] () -- D:\WINDOWS\System32\perfc009.dat
[2013/11/03 08:38:52 | 000,000,880 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/02 20:05:00 | 000,000,830 | ---- | M] () -- D:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/11/01 10:14:31 | 000,000,027 | ---- | M] () -- D:\WINDOWS\System32\drivers\etc\hosts
[2013/10/28 08:00:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Paddy\Desktop\OTL.exe
[2013/10/25 11:34:49 | 001,125,540 | ---- | M] () -- D:\WINDOWS\System32\nvdrsdb0.bin
[2013/10/25 11:34:49 | 000,000,001 | ---- | M] () -- D:\WINDOWS\System32\nvdrssel.bin
[2013/10/25 11:34:46 | 001,125,540 | ---- | M] () -- D:\WINDOWS\System32\nvdrsdb1.bin
[2013/10/18 07:15:36 | 000,138,848 | ---- | M] () -- D:\WINDOWS\System32\FNTCACHE.DAT
[2013/10/15 19:32:54 | 022,171,648 | ---- | M] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvoglnt.dll
[2013/10/15 19:32:54 | 017,551,360 | ---- | M] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvcompiler.dll
[2013/10/15 19:32:54 | 009,498,624 | ---- | M] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvcuda.dll
[2013/10/15 19:32:54 | 009,457,664 | ---- | M] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvopencl.dll
[2013/10/15 19:32:54 | 004,077,440 | ---- | M] (NVIDIA Corporation) -- D:\WINDOWS\System32\nv4_disp.dll
[2013/10/15 19:32:54 | 003,555,144 | ---- | M] () -- D:\WINDOWS\System32\nvdata.data
[2013/10/15 19:32:54 | 002,951,968 | ---- | M] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvcuvid.dll
[2013/10/15 19:32:54 | 002,747,168 | ---- | M] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvcuvenc.dll
[2013/10/15 19:32:54 | 002,631,680 | ---- | M] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvapi.dll
[2013/10/15 19:32:54 | 001,049,888 | ---- | M] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvdispco3233158.dll
[2013/10/15 19:32:54 | 000,893,728 | ---- | M] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvdispgenco3233158.dll
[2013/10/15 19:32:54 | 000,018,598 | ---- | M] () -- D:\WINDOWS\System32\nvinfo.pb
[2013/10/15 17:26:39 | 000,054,272 | ---- | M] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvwddi.dll
[2013/10/15 17:26:37 | 015,709,984 | ---- | M] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvcpl.dll
[2013/10/15 17:26:36 | 000,209,184 | ---- | M] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvmctray.dll
[2013/10/09 20:33:34 | 000,001,374 | ---- | M] () -- D:\WINDOWS\imsins.BAK
 
========== Files Created - No Company Name ==========
 
[2013/11/04 10:01:45 | 000,000,664 | ---- | C] () -- D:\WINDOWS\System32\d3d9caps.dat
[2013/11/04 09:38:21 | 000,000,784 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/11/01 09:06:25 | 000,256,000 | ---- | C] () -- D:\WINDOWS\PEV.exe
[2013/11/01 09:06:25 | 000,208,896 | ---- | C] () -- D:\WINDOWS\MBR.exe
[2013/11/01 09:06:25 | 000,098,816 | ---- | C] () -- D:\WINDOWS\sed.exe
[2013/11/01 09:06:25 | 000,080,412 | ---- | C] () -- D:\WINDOWS\grep.exe
[2013/11/01 09:06:25 | 000,068,096 | ---- | C] () -- D:\WINDOWS\zip.exe
[2013/10/25 13:39:42 | 000,001,142 | ---- | C] () -- D:\WINDOWS\System32\nvAppTimestamps
[2013/03/14 02:18:08 | 000,759,834 | ---- | C] () -- D:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-854245398-1177238915-1417001333-1005-0.dat
[2013/03/04 21:32:28 | 000,764,510 | ---- | C] () -- D:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-854245398-1177238915-1417001333-1003-0.dat
[2013/03/04 21:32:27 | 000,146,382 | ---- | C] () -- D:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2013/03/04 11:02:35 | 000,000,590 | ---- | C] () -- D:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2013/01/11 14:36:42 | 000,004,608 | ---- | C] () -- D:\Documents and Settings\Paddy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/01/11 14:32:48 | 000,004,142 | ---- | C] () -- D:\WINDOWS\estwn323.ini
[2013/01/11 14:09:21 | 000,000,021 | ---- | C] () -- D:\WINDOWS\Epscan2.INI
[2012/12/06 14:59:39 | 000,000,128 | ---- | C] () -- D:\Documents and Settings\Paddy\Local Settings\Application Data\fusioncache.dat
[2012/12/01 12:45:42 | 000,104,194 | ---- | C] () -- D:\WINDOWS\hpoins04.dat
[2012/12/01 12:45:42 | 000,017,176 | ---- | C] () -- D:\WINDOWS\hpomdl04.dat
[2012/11/29 14:02:18 | 000,112,640 | ---- | C] () -- D:\WINDOWS\System32\ff_vfw.dll
[2012/11/21 14:13:45 | 000,003,072 | ---- | C] () -- D:\WINDOWS\System32\iacenc.dll
[2012/11/21 13:52:57 | 001,125,540 | ---- | C] () -- D:\WINDOWS\System32\nvdrsdb1.bin
[2012/11/21 13:52:57 | 001,125,540 | ---- | C] () -- D:\WINDOWS\System32\nvdrsdb0.bin
[2012/11/21 13:52:57 | 000,000,001 | ---- | C] () -- D:\WINDOWS\System32\nvdrssel.bin
[2012/11/21 13:41:08 | 000,049,152 | ---- | C] () -- D:\WINDOWS\System32\ChCfg.exe
[2012/11/21 13:31:32 | 000,876,544 | ---- | C] () -- D:\WINDOWS\System32\TEACico2.dll
[2012/02/09 22:40:00 | 003,555,144 | ---- | C] () -- D:\WINDOWS\System32\nvdata.data
 
========== ZeroAccess Check ==========
 
[2012/11/27 20:51:26 | 000,000,227 | RHS- | M] () -- D:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2012/08/30 15:29:36 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 07:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
< End of report >


#18 Shelby68GT500

Shelby68GT500

    Authentic Member

  • Authentic Member
  • PipPip
  • 82 posts

Posted 04 November 2013 - 05:55 PM

Jeff, It seems like I can tell immediately when I reboot if it will come up normally or not.  When I get the initial Dell screen just as the boot process is starting, if I have any artifacting at all, it won't boot normally.  Now, it will go to safe mode, even with the artifacting.  I've just shut down OTL and rebooted again, trying to bring it up normally and it has frozen on the Windows XP splash screen.

 

Bob



#19 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 05 November 2013 - 06:24 AM

First open a command prompt > Click Start > Run > and type cmd and press Enter.
This will open the command prompt.
 
Copy the contents of the code box > right click in the command window and select paste >> Press Enter (do one line at a time if there are more than one)

chkdsk /r /f

Follow and accept any prompts.

 

Close the Command Prompt box.

 

Let me know exactly how your system is running.  :)


Posted Image
 
 

#20 Shelby68GT500

Shelby68GT500

    Authentic Member

  • Authentic Member
  • PipPip
  • 82 posts

Posted 05 November 2013 - 07:36 AM

Jeff,  Ok, had to boot into safe mode (video resolution seems to now be fixed at 640x480 and cannot be changed) to get to the command prompt.  Ran chkdsk /r /f and received the response of:

 

The type of file system is NTFS

Cannot lock current drive.

 

Chkdsk cannot run because the volume is in use by another process.  Would you like to schedule this volume to be checked the next time the system restarts? (Y/N)

 

That is the first time I've ever seen a response like that from Chkdsk...

 

Thanks again for your help.

 

Bob



#21 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 05 November 2013 - 09:10 AM

Just go ahead and select Yes and then chkdsk will run on a reboot.


Posted Image
 
 

#22 Shelby68GT500

Shelby68GT500

    Authentic Member

  • Authentic Member
  • PipPip
  • 82 posts

Posted 05 November 2013 - 10:32 AM

Jeff,  Entered Y and then closed the command window and restarted (normally).  System got to the Windows splash screen and then just went black.  Cycled power to it and selected safe mode with command prompt.  Pages of "greek" characters scrolled past and then stopped with various of these greek characters just randomly blinking.  The HD does appear to be doing something though, so I'm just letting it run doing that until I see something else come up or I hear something from you. 

 

Thanks again, Bob



#23 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 05 November 2013 - 10:36 AM

Hi Bob,

 

Please reboot your system and let me know exactly what happens.


Posted Image
 
 

#24 Shelby68GT500

Shelby68GT500

    Authentic Member

  • Authentic Member
  • PipPip
  • 82 posts

Posted 05 November 2013 - 10:44 AM

Jeff, Rebooted the machine and allowed it to try and come up normally.  At the very inital Dell screen, had pincushion artifacts, then various greek characters interdispersed with the normal text upon bootup (dos screen), then the windows splash screen appeared with some artifacting while the progress bar was moving left to right.  Progress bar then froze and the screen went black and remains that way. No activity on the HD LED currently.

 

Bob



#25 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 05 November 2013 - 10:49 AM

I just want to clarify...you can not boot to Windows at all now?  


Posted Image
 
 

    Advertisements

Register to Remove


#26 Shelby68GT500

Shelby68GT500

    Authentic Member

  • Authentic Member
  • PipPip
  • 82 posts

Posted 05 November 2013 - 10:59 AM

Jeff, Just rebooted again (with all the standard artifacting and greek characters) and selected safe mode with networking.  Got the full page of text interdispersed with greek characters that shift and flash.  The HD LED is active, so I'm thinking that it was/is still attempting to run the chkdsk and I just didn't give it enough time before before rebooting the past few times.  So, as of right now, it does not appear that I can even get into safe mode, at least not at the moment.  I'm going to just let this run for awhile and see if anything changes unless you want me to try something else.

 

Thanks again, Bob



#27 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 05 November 2013 - 11:06 AM

No let it run for a bit and see what happens.  


Posted Image
 
 

#28 Shelby68GT500

Shelby68GT500

    Authentic Member

  • Authentic Member
  • PipPip
  • 82 posts

Posted 05 November 2013 - 12:47 PM

Jeff, It ran for over an hour and then froze at the artifacted windows splash screen.  It sat on that for probably 10 minutes or so before automatically rebooting by itself.  I was able to get it into safe mode during that boot cycle and that is where I sit currently.  Still also not able to change my resolution from 640x480.

 

Bob



#29 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 05 November 2013 - 02:40 PM

Ok I am wondering if we are dealing with a failing hard drive.  
 
Let's check that out.  
 
Please download HD Tune (the free version not the trial), run an error scan on your primary harddrive (full not quick) and report back if any blocks aren't green. It tests your hard drive for bad sectors.


Posted Image
 
 

#30 Shelby68GT500

Shelby68GT500

    Authentic Member

  • Authentic Member
  • PipPip
  • 82 posts

Posted 05 November 2013 - 05:34 PM

Jeff, Ran the HD Tune on both drives in my system and they both came up with every block green. Possibly RAM?

 

Bob


Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users