1.

Solve : WindowsVista fails to start, and an odd login screen.?

Answer»

Greetings.

This morning when I decided to restart my Computer it ran some sort of check/test.(Something about checking a disk for consistency)
Afterwords I was left with a blank screen and a cursor. I waited a bit before growing impatient and restarting it again.(That was probably a mistake.)

This time I was greated with this message:
Quote

Windows Error recovery

Windows failed to start. A recent hardware or software change might be the cause

If windows files have been damaged or configured incorrectly, Startup Repair can help dignose and fix the problem. If power was interrupted during startup,  choose start windows normally.
(Use the arrow keys to hilight your choise.)

Launch Startup Reapair (recomended)
Start Windows Normally

Seconds until the highlited choise will be selected automaticaly: xx
Description: xx

Starting windows normally eventually brings me back to the same message.
Launching Startup Repair, as well as trying to enter Safe Mode or trying to revert to a previous configuration, brings me to a login screen where the only thing I can select is an account called "Other User", and my account is missing. When I select "Other User" it asks for a  User name and Password. Mine do not work.


I'm using Windows Vista Home Premium.
Also, I should note that I'm currently using my Playstion 3 to surf the web. Which makes using this website very awkward, and impossible on some pages, so I apologise if a solution to my problem was already available.

edit:
Just realised how little information Is in this post.
Since I can really do anything with my computer at the moment I'll have to go by memory for most things:
I'll try to add stuff as I remember/figure it out.

It is a Desktop. Dell Inspiron .
Last time I installed updated or anything like that was sometime late last year.
Also have not added any hardware.

I run daily virus scans with AVG free 8.5. If something seems weird I also sometimes use Malware Bits.
I did have a rather nasty trojan awhile ago. Messed up my Windows Explorer, but I was pretty sure I had repaired that.Just using guest as a username gets me a Welcome screen, and it looks like it is loading, eventually it takes to the "The specified domain either does not exist or could not be contacted." message that I get when I try anything else.Ok, I've managed to trade one probalem for another.
I booted up my Windows Vista installation disk to see if it could help.
Used the repair option.

Now instead of getting the previous message I get a Blue Screen of Death. Trying to boot in safe mode just gets me a black screen with a cursor.

The STOP code was:
Quote
0x0000001e (0xFFFFFFFFC0000005, 0xFFFFFA8005C7ACE0, 0x0000000000000000, 0(?)0000000000023000)

The (?) is there because that's when the code started wraping around, and a portion of the left half of the screen was being cut off.
Seems like it was only one character for each line, so it is probably just missing the "x".

I am going to try and investigate this myself. I just thought it was a good idea to come here and update my situation.STOP: 0x0000001E or KMODE_EXCEPTION_NOT_HANDLED may be related to insufficient hard drive space.
Do you remember, if it may be the issue? Quote from: Broni on January 28, 2011, 08:29:44 PM
STOP: 0x0000001E or KMODE_EXCEPTION_NOT_HANDLED may be related to insufficient hard drive space.
Do you remember, if it may be the issue?
Possibly, but I doubt it. I'm not the kind of guy that has hundreds of songs on his computer or anything like that.
Hopefully that is the problem. As it would mean my stuff wasn't wiped.

Anyway to check without windows?Let's see, if we can look at your computer booting from an external source.

Please download OTLPE  (filesize 120,9 MB)

  • When downloaded double click on OTLPENet.exe and make sure there is a blank CD in your CD drive. This will automatically create a bootable CD.
  • Reboot your system using the boot CD you just created.
    • Note : If you do not know how to set your computer to boot from CD follow the steps HERE
  • Your system should now display a REATOGO-X-PE desktop.
  • Depending on your type of internet connection, you should be able to get online as well so you can access this topic more easily.
  • Double-click on the OTLPE icon.
  • When asked Do you wish to load the remote registry, select Yes
  • When asked Do you wish to load remote user profile(s) for scanning, select Yes
  • Ensure the box Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start.
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive if you do not have internet connection on this system
  • Please post the contents of the OTL.txt file in your reply.
So FAR my attempts  to access another computer have been futile, but it looks like I'll have another chance this friday.Ok, I have another computer to work with, but my rewritable CDs are not being recognised.
They're labeled "Memorex CD-RW 4x 700MB 80 min".

Going to try again.

edit: It is being recognised now, but everytime I try to burn it I get "Failed to send CUE Sheet!  Reason: Illegal Mode For This Track"

Am I using the wrong kind of disk or something?It has to be CDR, not CDRW.Ok, I've got the REATOGO-X-PE thing working, but when I double-click the OTLPE icon it prompts me to choose a directory. Nothing about remote registries.

And when I choose my C: Drive I get the message "Target is not windows 2000 or later". Which is odd because I'm 100% sure I was using Vista. Don't know how I could be mistaken about that.

At least I can see my stuff is still there. At least is appears to be at first glance. Quote
when I choose my C: Drive I get the message "Target is not windows 2000 or later".
Select a folder, where Windows is actually installed.
In most cases, that would be C:\WindowsThis situation has made me a bit paranoid/extra careful don't really want to do too much when I'm not sure what exactly it is I'm doing.

Anyway, here is the scan results:
Quote
OTL logfile created on: 2/7/2011 12:24:37 PM - Run
OTLPE by OldTimer - Version 3.1.44.3     Folder = X:\Programs\OTLPE
64bit-Windows Vista (TM) Home Premium SERVICE Pack 1 (Version = 6.0.6001) - Type = System
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 581.10 Gb Total Space | 375.23 Gb Free Space | 64.57% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 6.34 Gb Free Space | 42.28% Space Free | Partition Type: NTFS
Drive X: | 436.55 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet003
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010/05/04 21:15:10 | 000,202,752 | ---- | M] (AMD) [Auto] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2008/12/18 13:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/08/16 20:13:38 | 000,025,832 | ---- | M] (BioWare) [On_Demand] -- C:\Program Files (x86)\Steam\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/09/10 11:05:12 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files (x86)\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009/09/10 11:05:10 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files (x86)\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/07/16 16:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2008/11/03 18:15:32 | 000,242,424 | ---- | M] (WildTangent, Inc.) [On_Demand] -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/07/27 13:03:13 | 000,069,632 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2010/05/04 21:47:08 | 006,789,632 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV:64bit: - [2010/05/04 21:47:08 | 006,789,632 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010/05/04 21:47:08 | 006,789,632 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/05/04 20:23:24 | 000,221,184 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/03/09 05:20:50 | 000,120,848 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/09/10 11:05:23 | 000,133,640 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\Windows\System32\Drivers\avgtdia.sys -- (AvgTdiA)
DRV:64bit: - [2009/09/10 11:05:20 | 000,427,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\Windows\System32\Drivers\avgldx64.sys -- (AvgLdx64)
DRV:64bit: - [2009/09/10 11:05:19 | 000,033,416 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- C:\Windows\System32\Drivers\avgmfx64.sys -- (AvgMfx64)
DRV:64bit: - [2009/04/28 13:26:52 | 001,152,000 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009/01/13 07:39:42 | 000,188,416 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2009/01/13 06:12:14 | 000,226,832 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Disabled] -- C:\Windows\system32\drivers\ahcix64s.sys -- (ahcix64s)
DRV:64bit: - [2008/01/20 21:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\e1e6032e.sys -- (e1express) Intel(R)
DRV:64bit: - [2007/11/14 02:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot] -- C:\Windows\System32\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2007/10/09 23:58:28 | 000,112,512 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2007/08/17 10:17:46 | 012,582,272 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\snp2sxp.sys -- (SNP2STD) USB2.0 PC Camera (SNP2STD)
DRV:64bit: - [2006/09/18 16:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- C:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV - [2007/08/17 10:18:28 | 012,274,432 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\SysWOW64\drivers\snp2sxp.sys -- (SNP2STD) USB2.0 PC Camera (SNP2STD)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=Z007&form=ZGAPHP
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.bing.com/?pc=Z007&form=ZGAPHP
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:59274
 
 
[2011/01/19 14:51:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/01/13 20:52:32 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/12/16 11:15:07 | 000,001,919 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing-zugo.xml
 
O1 HOSTS File: ([2006/09/18 16:37:24 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg64.dll (Google Inc.)
O2 - BHO: (ATLAS Toolbar) - {3C6301ED-0F78-4AF2-8150-D9C052361A8E} - C:\Program Files (x86)\ATLAS V14\ATLIECP.DLL (FUJITSU LIMITED)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (WhiteSmoke Toolbar) - {52794457-af6c-4c50-9def-f2e24f4c8889} - C:\Program Files (x86)\whitesmoketoolbar\whitesmoketoolbarX.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (ATLAS Toolbar) - {3C6301ED-0F78-4AF2-8150-D9C052361A8E} - C:\Program Files (x86)\ATLAS V14\ATLIECP.DLL (FUJITSU LIMITED)
O3 - HKLM\..\Toolbar: (WhiteSmoke Toolbar) - {52794457-af6c-4c50-9def-f2e24f4c8889} - C:\Program Files (x86)\whitesmoketoolbar\whitesmoketoolbarX.dll ()
O3:64bit: - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [snp2std] C:\Windows\vsnp2std.exe (Sonix)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher]  File not found
O4 - HKLM..\Run: [ATICustomerCare]  File not found
O4 - HKLM..\Run: [AVG8_TRAY]  File not found
O4 - HKLM..\Run: [cftmon]  File not found
O4 - HKLM..\Run: [HDAudDeck]  File not found
O4 - HKLM..\Run: [Microsoft Default Manager]  File not found
O4 - HKLM..\Run: [PDVDDXSrv]  File not found
O4 - HKLM..\Run: [StartCCC]  File not found
O4 - HKLM..\Run: [SunJavaUpdateSched]  File not found
O4 - HKU\.DEFAULT..\Run: [Dnexabamisabam]  File not found
O4:64bit: - HKLM..\RunOnce: [*WerKernelReporting] C:\Windows\System32\WerFault.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Cake\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Default\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Default User\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\ROB\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O9 - Extra Button: ATLAS Translation - {B7707A72-4355-11D4-82BD-00000EBBEF8D} - C:\Program Files (x86)\ATLAS V14\atlscript.html ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\System32\avgrssta.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [ = exefile] -- "%1" %*
O37 - HKLM\...com [ = comfile] -- "%1" %*
O37 - HKLM\...exe [ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/01/28 20:51:10 | 000,000,000 | ---D | C] -- C:\Temp
[2011/01/21 12:08:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\dieselmine
[2011/01/13 20:47:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2011/01/11 23:09:30 | 000,462,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
[2011/01/11 23:09:29 | 000,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbc32.dll
[2011/01/11 23:09:26 | 001,251,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
[2009/09/25 21:37:38 | 000,151,552 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnp2std.dll
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011/02/05 17:39:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/02/05 17:39:27 | 4294,041,600 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/05 17:39:03 | 390,891,529 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/01/23 13:00:37 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/01/23 13:00:37 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/01/23 12:28:35 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/01/23 12:17:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At13.job
[2011/01/23 11:17:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At12.job
[2011/01/23 10:16:59 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At11.job
[2011/01/23 09:16:59 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At10.job
[2011/01/23 08:16:59 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At9.job
[2011/01/23 08:10:39 | 070,432,519 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2011/01/23 07:16:59 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At8.job
[2011/01/23 06:16:59 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At7.job
[2011/01/23 05:17:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At6.job
[2011/01/23 04:16:59 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At5.job
[2011/01/23 03:16:59 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At4.job
[2011/01/23 02:17:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At3.job
[2011/01/23 01:16:59 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At2.job
[2011/01/23 00:17:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At1.job
[2011/01/22 23:16:59 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At24.job
[2011/01/22 22:28:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/01/22 22:16:59 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At23.job
[2011/01/22 21:16:59 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At22.job
[2011/01/22 20:16:59 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At21.job
[2011/01/22 19:16:59 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At20.job
[2011/01/22 18:16:59 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At19.job
[2011/01/22 17:16:59 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At18.job
[2011/01/22 16:17:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At17.job
[2011/01/22 15:17:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At16.job
[2011/01/22 14:17:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At15.job
[2011/01/22 13:17:01 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At14.job
[2011/01/21 12:11:31 | 000,004,096 | ---- | M] () -- C:\Windows\d3dx.dat
[2011/01/13 05:45:08 | 000,613,032 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/01/13 05:45:08 | 000,107,990 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011/02/05 17:33:38 | 4294,041,600 | -HS- | C] () -- C:\hiberfil.sys
[2011/01/21 12:11:31 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2010/11/25 11:42:07 | 000,721,356 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/07/27 12:42:36 | 000,781,312 | ---- | C] () -- C:\Windows\SysWow64\RGSS102J.dll
[2010/07/27 12:42:36 | 000,778,752 | ---- | C] () -- C:\Windows\SysWow64\RGSS102E.dll
[2010/07/27 12:42:36 | 000,771,584 | ---- | C] () -- C:\Windows\SysWow64\RGSS100J.dll
[2010/07/27 12:42:36 | 000,761,856 | ---- | C] () -- C:\Windows\SysWow64\RGSS104J.dll
[2010/07/27 12:42:36 | 000,758,272 | ---- | C] () -- C:\Windows\SysWow64\RGSS104E.dll
[2010/07/27 12:42:36 | 000,685,056 | ---- | C] () -- C:\Windows\SysWow64\RGSS103J.dll
[2010/07/26 19:53:38 | 000,056,320 | ---- | C] () -- C:\Windows\SysWow64\iyvu9_32.dll
[2010/05/24 09:26:32 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2010/04/12 17:51:36 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2009/09/25 21:37:39 | 012,274,432 | ---- | C] () -- C:\Windows\SysWow64\drivers\snp2sxp.sys
[2009/09/25 21:37:39 | 000,025,472 | ---- | C] () -- C:\Windows\SysWow64\drivers\sncamd.sys
[2009/09/25 21:37:39 | 000,015,497 | ---- | C] () -- C:\Windows\snp2std.ini
[2009/09/10 15:37:34 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009/09/10 15:37:34 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009/09/10 15:37:33 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2008/10/22 04:29:06 | 000,173,550 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2008/10/07 08:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008/10/07 08:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 21:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2006/11/02 10:02:31 | 000,197,632 | ---- | C] () -- C:\Windows\SysWow64\ir32_32.dll
 
========== LOP Check ==========
 
[2011/01/23 00:17:00 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2011/01/23 09:16:59 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At10.job
[2011/01/23 10:16:59 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At11.job
[2011/01/23 11:17:00 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At12.job
[2011/01/23 12:17:00 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At13.job
[2011/01/22 13:17:01 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At14.job
[2011/01/22 14:17:00 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At15.job
[2011/01/22 15:17:00 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At16.job
[2011/01/22 16:17:00 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At17.job
[2011/01/22 17:16:59 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At18.job
[2011/01/22 18:16:59 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At19.job
[2011/01/23 01:16:59 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At2.job
[2011/01/22 19:16:59 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At20.job
[2011/01/22 20:16:59 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At21.job
[2011/01/22 21:16:59 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At22.job
[2011/01/22 22:16:59 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At23.job
[2011/01/22 23:16:59 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At24.job
[2011/01/23 02:17:00 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At3.job
[2011/01/23 03:16:59 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At4.job
[2011/01/23 04:16:59 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At5.job
[2011/01/23 05:17:00 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At6.job
[2011/01/23 06:16:59 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At7.job
[2011/01/23 07:16:59 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At8.job
[2011/01/23 08:16:59 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\At9.job
[2011/01/23 13:00:10 | 000,032,576 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >
Quote
don't really want to do too much when I'm not sure what exactly it is I'm doing
That's smart of you. Asking won't hurt

It looks like you're infected with TDSS rootkit and WhiteSmoke trojan.

Do this on the computer you are posting from:
Copy the text in the codebox below:


Code: [Select]:OTL
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:59274
[2010/12/16 11:15:07 | 000,001,919 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing-zugo.xml
O2 - BHO: (WhiteSmoke Toolbar) - {52794457-af6c-4c50-9def-f2e24f4c8889} - C:\Program Files (x86)\whitesmoketoolbar\whitesmoketoolbarX.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (WhiteSmoke Toolbar) - {52794457-af6c-4c50-9def-f2e24f4c8889} - C:\Program Files (x86)\whitesmoketoolbar\whitesmoketoolbarX.dll ()
O4 - HKU\.DEFAULT..\Run: [Dnexabamisabam]  File not found
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2011/01/23 12:17:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At13.job
[2011/01/23 11:17:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At12.job
[2011/01/23 10:16:59 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At11.job
[2011/01/23 09:16:59 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At10.job
[2011/01/23 08:16:59 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At9.job
[2011/01/23 07:16:59 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At8.job
[2011/01/23 06:16:59 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At7.job
[2011/01/23 05:17:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At6.job
[2011/01/23 04:16:59 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At5.job
[2011/01/23 03:16:59 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At4.job
[2011/01/23 02:17:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At3.job
[2011/01/23 01:16:59 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At2.job
[2011/01/23 00:17:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At1.job
[2011/01/22 23:16:59 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At24.job
[2011/01/22 22:16:59 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At23.job
[2011/01/22 21:16:59 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At22.job
[2011/01/22 20:16:59 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At21.job
[2011/01/22 19:16:59 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At20.job
[2011/01/22 18:16:59 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At19.job
[2011/01/22 17:16:59 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At18.job
[2011/01/22 16:17:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At17.job
[2011/01/22 15:17:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At16.job
[2011/01/22 14:17:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At15.job
[2011/01/22 13:17:01 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\At14.job


:Services

:Reg

:Files
C:\Program Files (x86)\whitesmoketoolbar


:Commands
[purity]
[emptytemp]

Open Notepad and paste it.
Save the document as Fix.txt on to a USB flash drive


On the infected computer the following...

Run OTLPE

  • Insert USB stick and find the file Fix.txt. Drag the file Fix.txt and drop it under the Custom Scans/Fixes box at the bottom.

    • (The content of Fix.txt should appear in the box)
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the log produced (you'll need to transfer it with USB stick)
  • Attempt to reboot normally into Windows.
Attempting to boot normally got me the same BSOD.

Here's the log:
Quote
========== OTL ==========
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing-zugo.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{52794457-af6c-4c50-9def-f2e24f4c8889}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{52794457-af6c-4c50-9def-f2e24f4c8889}\ deleted successfully.
C:\Program Files (x86)\whitesmoketoolbar\whitesmoketoolbarX.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{52794457-af6c-4c50-9def-f2e24f4c8889} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{52794457-af6c-4c50-9def-f2e24f4c8889}\ not found.
File C:\Program Files (x86)\whitesmoketoolbar\whitesmoketoolbarX.dll not found.
Registry key HKEY_USERS\.DEFAULT\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run not found.
C:\Windows\SysWow64\lspA5D1.tmp deleted successfully.
C:\Windows\Tasks\At13.job moved successfully.
C:\Windows\Tasks\At12.job moved successfully.
C:\Windows\Tasks\At11.job moved successfully.
C:\Windows\Tasks\At10.job moved successfully.
C:\Windows\Tasks\At9.job moved successfully.
C:\Windows\Tasks\At8.job moved successfully.
C:\Windows\Tasks\At7.job moved successfully.
C:\Windows\Tasks\At6.job moved successfully.
C:\Windows\Tasks\At5.job moved successfully.
C:\Windows\Tasks\At4.job moved successfully.
C:\Windows\Tasks\At3.job moved successfully.
C:\Windows\Tasks\At2.job moved successfully.
C:\Windows\Tasks\At1.job moved successfully.
C:\Windows\Tasks\At24.job moved successfully.
C:\Windows\Tasks\At23.job moved successfully.
C:\Windows\Tasks\At22.job moved successfully.
C:\Windows\Tasks\At21.job moved successfully.
C:\Windows\Tasks\At20.job moved successfully.
C:\Windows\Tasks\At19.job moved successfully.
C:\Windows\Tasks\At18.job moved successfully.
C:\Windows\Tasks\At17.job moved successfully.
C:\Windows\Tasks\At16.job moved successfully.
C:\Windows\Tasks\At15.job moved successfully.
C:\Windows\Tasks\At14.job moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Program Files (x86)\whitesmoketoolbar\components folder moved successfully.
C:\Program Files (x86)\whitesmoketoolbar\chrome\skin\searchbar folder moved successfully.
C:\Program Files (x86)\whitesmoketoolbar\chrome\skin\options folder moved successfully.
C:\Program Files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels\images folder moved successfully.
C:\Program Files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton\panels folder moved successfully.
C:\Program Files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton\icons folder moved successfully.
C:\Program Files (x86)\whitesmoketoolbar\chrome\skin\lib\weatherbutton folder moved successfully.
C:\Program Files (x86)\whitesmoketoolbar\chrome\skin\lib\uwa folder moved successfully.
C:\Program Files (x86)\whitesmoketoolbar\chrome\skin\lib\radio\images folder moved successfully.
C:\Program Files (x86)\whitesmoketoolbar\chrome\skin\lib\radio\css folder moved successfully.
C:\Program Files (x86)\whitesmoketoolbar\chrome\skin\lib\radio folder moved successfully.
C:\Program Files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\images folder moved successfully.
C:\Program Files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\default\scripts folder moved successfully.
C:\Program Files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\default\images folder moved successfully.
C:\Program Files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\default\css folder moved successfully.
C:\Program Files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\default folder moved successfully.
C:\Program Files (x86)\whitesmoketoolbar\chrome\skin\lib\panels\css folder moved successfully.
C:\Program Files (x86)\whitesmoketoolbar\chrome\skin\lib\panels folder moved successfully.
C:\Program Files (x86)\whitesmoketoolbar\chrome\skin\lib folder moved successfully.
C:\Program Files (x86)\whitesmoketoolbar\chrome\skin\DTXWizard\skin\icon_library\Basics folder moved successfully.
C:\Program Files (x86)\whitesmoketoolbar\chrome\skin\DTXWizard\skin\icon_library folder moved successfully.
C:\Program Files (x86)\whitesmoketoolbar\chrome\skin\DTXWizard\skin folder moved successfully.
C:\Program Files (x86)\whitesmoketoolbar\chrome\skin\DTXWizard folder moved successfully.
C:\Program Files (x86)\whitesmoketoolbar\chrome\skin folder moved successfully.
C:\Program Files (x86)\whitesmoketoolbar\chrome\data\weather folder moved successfully.
C:\Program Files (x86)\whitesmoketoolbar\chrome\data\search folder moved successfully.
C:\Program Files (x86)\whitesmoketoolbar\chrome\data\rss folder moved successfully.
C:\Program Files (x86)\whitesmoketoolbar\chrome\data\dynamicElements folder moved successfully.
C:\Program Files (x86)\whitesmoketoolbar\chrome\data folder moved successfully.
C:\Program Files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\scripts folder moved successfully.
C:\Program Files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\images folder moved successfully.
C:\Program Files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin\css folder moved successfully.
C:\Program Files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\skin folder moved successfully.
C:\Program Files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\js folder moved successfully.
C:\Program Files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\images folder moved successfully.
C:\Program Files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube\css folder moved successfully.
C:\Program Files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.YouTube folder moved successfully.
C:\Program Files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\scripts folder moved successfully.
C:\Program Files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images folder moved successfully.
C:\Program Files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\css folder moved successfully.
C:\Program Files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin folder moved successfully.
C:\Program Files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.WebTV folder moved successfully.
C:\Program Files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\scripts folder moved successfully.
C:\Program Files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\images folder moved successfully.
C:\Program Files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin\css folder moved successfully.
C:\Program Files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\skin folder moved successfully.
C:\Program Files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\js folder moved successfully.
C:\Program Files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\images folder moved successfully.
C:\Program Files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter\css folder moved successfully.
C:\Program Files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Twitter folder moved successfully.
C:\Program Files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\scripts folder moved successfully.
C:\Program Files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\images folder moved successfully.
C:\Program Files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin\css folder moved successfully.
C:\Program Files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook\skin folder moved successfully.
C:\Program Files (x86)\whitesmoketoolbar\chrome\content\widgets\net.vmn.www.Facebook folder moved successfully.
C:\Program Files (x86)\whitesmoketoolbar\chrome\content\widgets folder moved successfully.
C:\Program Files (x86)\whitesmoketoolbar\chrome\content\newtab\images folder moved successfully.
C:\Program Files (x86)\whitesmoketoolbar\chrome\content\newtab folder moved successfully.
C:\Program Files (x86)\whitesmoketoolbar\chrome\content\modules folder moved successfully.
C:\Program Files (x86)\whitesmoketoolbar\chrome\content\lib folder moved successfully.
C:\Program Files (x86)\whitesmoketoolbar\chrome\content folder moved successfully.
C:\Program Files (x86)\whitesmoketoolbar\chrome folder moved successfully.
C:\Program Files (x86)\whitesmoketoolbar folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Cake
->Temp folder emptied: 47569 bytes
->Temporary Internet Files folder emptied: 2223838 bytes
->Flash cache emptied: 56504 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: Rob
->Temp folder emptied: 189287374 bytes
->Temporary Internet Files folder emptied: 39931104 bytes
->Java cache emptied: 69505877 bytes
->FireFox cache emptied: 105923008 bytes
->Flash cache emptied: 403117 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 85322095 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33237 bytes
 
Total Files Cleaned = 470.00 mb
 
 
OTLPE by OldTimer - Version 3.1.44.3 log created on 02072011_130920
I've seen that whitesmoke thing before. I thought I had taken care of it before. Guess not.Please download NTBR by noahdfear and save it to your Desktop.
File size: 2.44 MB (2,565,432 bytes)

  • Place a blank CD in your CD drive.
  • Double click on NTBR_CD.exe file and a folder of the same name will appear.
  • Open the folder and double click on  BurnItCD.cmd file. If your CD drive will open, simply close it back.
  • Follow the prompts to burn the CD.
  • Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)
  • If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.
  • Insert the newly created CD into your infected PC and reboot your computer.
  • Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!
  • Read the warning and then continue as prompted.
  • You first need to select your keyboard layout - press Enter for English.
  • Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK
  • On the following screen enter 5 to select Install Standard MBR code.
  • Enter 1 to overwrite the infected MBR Code with the Standard MBR code.
  • When asked to confirm please do so.
  • Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD.
  • Eject the disc and then press ctrl+alt+del to reboot the PC.
Attempt to boot normally.


**Important note to Dell users - fixing the MBR may prevent access to the Dell Restore Utility, which allows you to press a key on startup and revert your computer to a factory delivered state. If this is Dell computer, let me know before proceeding.


Discussion

No Comment Found

Related InterviewSolutions