Solve : Blank Screen...?

1.	Solve : Blank Screen...?
Answer» Hi everyone Basically, my problem is this: When I press the on button on my PC desktop (Windows XP) it, as normal, goes to the 'Compaq' screen. After this, expecting the Windows XP loading screen, it instead stays on a blank screen. I have tried logging on in to Safe Mode but it does the same thing, staying on the blank screen. I am literally clueless. Any help will be much appreciated. Thanks Quote from: bobbylelat on February 02, 2011, 02:39:13 PM I have tried logging on in to Safe Mode but it does the same thing, staying on the blank screen. So you get to the screen with the list of options where you can choose safe mode. Is that right? Quote from: JJ 3000 on February 02, 2011, 02:55:48 PM So you get to the screen with the list of options where you can choose safe mode. Is that right? Yes, that's right.What is new or different since the last time everything worked properly (ie, new hw, new sw, virus, error, etc)? Quote from: Allan on February 02, 2011, 03:05:02 PM What is new or different since the last time everything worked properly (ie, new hw, new sw, virus, error, etc)? The last time everything was up and running I remember having to block two things via COMODO but I can't remember what they were. Nothing strange happened after blocking them, it was running fine and I shut the computer down as normal. Have you tried Last Known Good Configuration?Let's see, if we can look at your computer booting from an external source. Please download OTLPE (filesize 120,9 MB) When downloaded double click on OTLPENet.exe and make sure there is a blank CD in your CD drive. This will automatically create a bootable CD. Reboot your system using the boot CD you just created. Note : If you do not know how to set your computer to boot from CD follow the steps HERE Your system should now display a REATOGO-X-PE desktop. Depending on your type of internet connection, you should be able to get online as well so you can access this topic more easily. Double-click on the OTLPE icon. When asked Do you wish to load the remote registry, select Yes When asked Do you wish to load remote user profile(s) for scanning, select Yes Ensure the box Automatically Load All Remaining Users" is checked and press OK OTL should now start. Press Run Scan to start the scan. When finished, the file will be saved in drive C:\OTL.txt Copy this file to your USB drive if you do not have internet connection on this system Please post the contents of the OTL.txt file in your reply. Quote from: Broni on February 02, 2011, 03:51:16 PM Let's see, if we can look at your computer booting from an external source. Please download OTLPE (filesize 120,9 MB) When downloaded double click on OTLPENet.exe and make sure there is a blank CD in your CD drive. This will automatically create a bootable CD. Reboot your system using the boot CD you just created. Note : If you do not know how to set your computer to boot from CD follow the steps HERE Your system should now display a REATOGO-X-PE desktop. Depending on your type of internet connection, you should be able to get online as well so you can access this topic more easily. Double-click on the OTLPE icon. When asked Do you wish to load the remote registry, select Yes When asked Do you wish to load remote user profile(s) for scanning, select Yes Ensure the box Automatically Load All Remaining Users" is checked and press OK OTL should now start. Press Run Scan to start the scan. When finished, the file will be saved in drive C:\OTL.txt Copy this file to your USB drive if you do not have internet connection on this system Please post the contents of the OTL.txt file in your reply. I have tried this, but after clicking 'Yes' to the 'Do you wish to load remote registry' an error pops up saying: Registry Access Error, ret=1016: An I/O operation initiated by the registry failed unrecoverably. The registry could not read in, or write out, or flush, one of the files that contain the system's image of the registry.Please, try again and answer "no" to that question. Quote from: Broni on February 03, 2011, 05:02:31 PM Please, try again and answer "no" to that question. It worked this time! Here is the OTL reading: OTL logfile created on: 2/4/2011 6:27:10 PM - Run OTLPE by OldTimer - Version 3.1.44.2 Folder = X:\Programs\OTLPE Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM Internet EXPLORER (Version = 6.0.2900.2180) Locale: 00000409 \| Country: United States \| Language: ENU \| Date Format: M/d/yyyy 503.00 Mb Total Physical Memory \| 290.00 Mb Available Physical Memory \| 58.00% Memory free 455.00 Mb Paging File \| 325.00 Mb Available in Paging File \| 71.00% Paging File free Paging file location(s): C:\pagefile.sys 756 1512 [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\WINDOWS \| %ProgramFiles% = C:\Program Files Drive C: \| 18.64 Gb Total Space \| 1.52 Gb Free Space \| 8.15% Space Free \| Partition Type: NTFS Drive X: \| 436.55 Mb Total Space \| 0.00 Mb Free Space \| 0.00% Space Free \| Partition Type: CDFS Computer Name: REATOGO \| User Name: SYSTEM Boot Mode: Normal \| Scan Mode: All users \| Quick Scan Company Name Whitelist: On \| Skip Microsoft Files: On \| No Company Name Whitelist: On \| File Age = 30 Days Using ControlSet: ControlSet002 ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand] -- -- (TermService) SRV - File not found [On_Demand] -- -- (SQLAgent$SONY_MEDIAMGR) SRV - File not found [On_Demand] -- -- (MSSQL$SONY_MEDIAMGR) SRV - File not found [Auto] -- -- (McciCMService) SRV - File not found [Disabled] -- -- (HidServ) SRV - [2010/03/16 16:19:25 \| 000,723,632 \| ---- \| M] (COMODO) [Auto] -- C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe -- (cmdAgent) SRV - [2004/04/19 01:12:08 \| 000,045,056 \| ---- \| M] ( ) [Auto] -- C:\WINDOWS\System32\slserv.exe -- (SLService) SRV - [2004/03/29 11:08:16 \| 000,049,152 \| ---- \| M] () [Auto] -- C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe -- (Belkin Wireless USB Network Adapter Service) SRV - [2002/09/20 10:50:10 \| 000,045,056 \| ---- \| M] (Analog Devices, Inc.) [Auto] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default)) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel \| On_Demand] -- -- (WDICA) DRV - File not found [Kernel \| Auto] -- -- (RGFILERW) DRV - File not found [Kernel \| On_Demand] -- -- (QCMerced) DRV - File not found [Kernel \| On_Demand] -- -- (PDRFRAME) DRV - File not found [Kernel \| On_Demand] -- -- (PDRELI) DRV - File not found [Kernel \| On_Demand] -- -- (PDFRAME) DRV - File not found [Kernel \| On_Demand] -- -- (PDCOMP) DRV - File not found [Kernel \| System] -- -- (PCIDump) DRV - File not found [Kernel \| On_Demand] -- -- (MRESP50a64) DRV - File not found [Kernel \| On_Demand] -- -- (MRESP50) DRV - File not found [Kernel \| On_Demand] -- -- (MRENDIS5) DRV - File not found [Kernel \| On_Demand] -- -- (MREMPR5) DRV - File not found [Kernel \| On_Demand] -- -- (MREMP50a64) DRV - File not found [Kernel \| On_Demand] -- -- (MREMP50) DRV - File not found [Kernel \| On_Demand] -- -- (LVUSBSta) DRV - File not found [Kernel \| System] -- -- (lbrtfdc) DRV - File not found [Kernel \| System] -- -- (i2omgmt) DRV - File not found [Kernel \| On_Demand] -- -- (EverestDriver) DRV - File not found [Kernel \| System] -- -- (Changer) DRV - [2010/06/24 07:46:12 \| 000,028,256 \| ---- \| M] (Applian Technologies Inc.) [Kernel \| On_Demand] -- C:\WINDOWS\system32\drivers\appliand.sys -- (appliandMP) DRV - [2010/06/24 07:46:12 \| 000,028,256 \| ---- \| M] (Applian Technologies Inc.) [Kernel \| On_Demand] -- C:\WINDOWS\system32\drivers\appliand.sys -- (appliand) DRV - [2010/03/16 16:19:49 \| 000,087,104 \| ---- \| M] (COMODO) [Kernel \| Boot] -- C:\WINDOWS\system32\drivers\inspect.sys -- (Inspect) DRV - [2010/03/16 16:19:49 \| 000,025,160 \| ---- \| M] (COMODO) [Kernel \| System] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp) DRV - [2010/03/16 16:19:48 \| 000,134,344 \| ---- \| M] (COMODO) [File_System \| System] -- C:\WINDOWS\system32\drivers\cmdguard.sys -- (cmdGuard) DRV - [2010/01/01 12:45:45 \| 000,040,448 \| ---- \| M] () [Kernel \| Disabled] -- C:\WINDOWS\system32\drivers\H8SRTftjcbqppak.sys -- (H8SRTd.sys) DRV - [2007/12/11 04:52:12 \| 000,026,784 \| ---- \| M] (RapidSolution Software AG) [Kernel \| On_Demand] -- C:\WINDOWS\system32\drivers\tbhsd.sys -- (tbhsd) DRV - [2007/08/02 16:51:47 \| 000,021,120 \| ---- \| M] (NCH Swift Sound) [Kernel \| On_Demand] -- C:\WINDOWS\system32\drivers\nchssvad.sys -- (NCHSSVAD) DRV - [2006/12/27 16:16:19 \| 000,028,672 \| ---- \| M] () [Kernel \| On_Demand] -- C:\WINDOWS\system32\drivers\CO_Mon.sys -- (CO_Mon) DRV - [2005/11/21 00:48:20 \| 000,016,512 \| ---- \| M] (Adaptec) [Kernel \| Auto] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32) DRV - [2005/08/02 18:00:36 \| 000,232,192 \| ---- \| M] (Ralink Technology, Corp.) [Kernel \| On_Demand] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73) DRV - [2005/02/16 01:43:20 \| 000,028,800 \| ---- \| M] (Cypress Semiconductor) [Kernel \| On_Demand] -- C:\WINDOWS\system32\drivers\CyUsbNT.sys -- (CyUsbNT) DRV - [2004/08/03 18:07:56 \| 000,059,264 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM) DRV - [2004/04/30 04:38:42 \| 000,632,784 \| ---- \| M] ( ) [Kernel \| On_Demand] -- C:\WINDOWS\system32\drivers\slntamr.sys -- (Slntamr) DRV - [2004/04/30 03:56:04 \| 001,321,952 \| ---- \| M] ( ) [Kernel \| On_Demand] -- C:\WINDOWS\system32\drivers\mtlstrm.sys -- (Mtlstrm) DRV - [2004/04/18 22:50:20 \| 000,013,912 \| ---- \| M] ( ) [Kernel \| Boot] -- C:\WINDOWS\system32\drivers\RecAgent.sys -- (RecAgent) DRV - [2004/04/18 22:34:36 \| 000,095,760 \| ---- \| M] ( ) [Kernel \| On_Demand] -- C:\WINDOWS\system32\drivers\slnthal.sys -- (SlNtHal) DRV - [2004/04/18 22:33:24 \| 000,230,656 \| ---- \| M] ( ) [Kernel \| On_Demand] -- C:\WINDOWS\system32\drivers\mtlmnt5.sys -- (Mtlmnt5) DRV - [2004/04/18 22:15:12 \| 000,180,664 \| ---- \| M] ( ) [Kernel \| On_Demand] -- C:\WINDOWS\system32\drivers\ntmtlfax.sys -- (NtMtlFax) DRV - [2004/04/18 22:04:48 \| 000,013,312 \| ---- \| M] ( ) [Kernel \| On_Demand] -- C:\WINDOWS\system32\drivers\slwdmsup.sys -- (SlWdmSup) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sp/http://uk.search.yahoo.com/ IE - HKLM\Software\Microsoft\Internet Explorer\Search,CustomSearch = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/cs/http://uk.docs.yahoo.com/info/bt_side.html IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\eMusic Download Manager\Extensions\\Components: C:\Program Files\eMusic Download Manager\xulrunner\components [2010/10/21 14:12:34 \| 000,000,000 \| ---D \| M] FF - HKLM\software\mozilla\eMusic Download Manager\Extensions\\Plugins: C:\Program Files\eMusic Download Manager\xulrunner\plugins [2010/10/21 14:13:20 \| 000,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/21 14:12:34 \| 000,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/21 14:13:20 \| 000,000,000 \| ---D \| M] [2011/02/02 07:13:08 \| 000,000,000 \| ---D \| M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2006/10/15 09:11:48 \| 000,000,000 \| ---D \| M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2006/11/18 09:14:04 \| 000,114,688 \| ---- \| M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll [2008/09/30 10:10:54 \| 000,284,248 \| ---- \| M] (Musicnotes, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npmusicn.dll [2007/07/31 16:27:00 \| 000,000,782 \| ---- \| M] () -- C:\Program Files\Mozilla Firefox\searchplugins\conduit.xml O1 HOSTS File: ([2007/09/14 08:28:08 \| 000,178,727 \| R--- \| M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 babe.the-killer.bz O1 - Hosts: 127.0.0.1 www.babe.the-killer.bz O1 - Hosts: 127.0.0.1 babe.k-lined.com O1 - Hosts: 127.0.0.1 www.babe.k-lined.com O1 - Hosts: 127.0.0.1 did.i-used.cc O1 - Hosts: 127.0.0.1 www.did.i-used.cc O1 - Hosts: 127.0.0.1 coolwwwsearch.com O1 - Hosts: 127.0.0.1 www.coolwwwsearch.com O1 - Hosts: 127.0.0.1 coolwebsearch.com O1 - Hosts: 127.0.0.1 www.coolwebsearch.com O1 - Hosts: 127.0.0.1 hi.studioaperto.net O1 - Hosts: 127.0.0.1 www.hi.studioaperto.net O1 - Hosts: 127.0.0.1 wazzupnet.com O1 - Hosts: 127.0.0.1 www.wazzupnet.com O1 - Hosts: 127.0.0.1 gueb.com O1 - Hosts: 127.0.0.1 www.gueb.com O1 - Hosts: 127.0.0.1 kabex.com O1 - Hosts: 127.0.0.1 www.kabex.com O1 - Hosts: 127.0.0.1 hityou.com O1 - Hosts: 127.0.0.1 www.hityou.com O1 - Hosts: 127.0.0.1 miosearch.com O1 - Hosts: 127.0.0.1 www.miosearch.com O1 - Hosts: 127.0.0.1 blue-elefant.com O1 - Hosts: 127.0.0.1 www.blue-elefant.com O1 - Hosts: 6348 more lines... O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com) O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\Comodo\COMODO Internet Security\cfp.exe (COMODO) O4 - HKLM..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe (adi) O4 - HKLM..\Run: [KernelFaultCheck] File not found O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [Regen] File not found O4 - HKLM..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe (Analog Devices, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EPSON Status Monitor 3 Environment Check.lnk = File not found O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe (Logitech) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe (Orbitdownloader.com) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra 'Tools' menuitem : Sun Java CONSOLE - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_11.dll (Sun Microsystems, Inc.) O9 - Extra Button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation) O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - CLSID or File not found. O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005/08/27 05:29:22 \| 000,000,000 \| ---- \| M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2006/03/24 06:06:41 \| 000,000,053 \| R--- \| M] () - X:\AUTORUN.INF -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk ) - File not found O35 - HKLM\..comfile [open] -- "%1" % O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [ = comfile] -- "%1" %* O37 - HKLM\...exe [ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011/02/02 14:36:48 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia [2011/02/02 14:36:21 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe [2005/12/10 07:58:45 \| 000,015,040 \| ---- \| C] ( ) -- C:\WINDOWS\System32\drivers\winddx.sys [2004/04/30 04:38:42 \| 000,632,784 \| ---- \| C] ( ) -- C:\WINDOWS\System32\drivers\slntamr.sys [2004/04/30 03:56:04 \| 001,321,952 \| ---- \| C] ( ) -- C:\WINDOWS\System32\drivers\mtlstrm.sys [2004/04/18 22:50:20 \| 000,013,912 \| ---- \| C] ( ) -- C:\WINDOWS\System32\drivers\RecAgent.sys [2004/04/18 22:34:36 \| 000,095,760 \| ---- \| C] ( ) -- C:\WINDOWS\System32\drivers\slnthal.sys [2004/04/18 22:33:24 \| 000,230,656 \| ---- \| C] ( ) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys [2004/04/18 22:15:12 \| 000,180,664 \| ---- \| C] ( ) -- C:\WINDOWS\System32\drivers\ntmtlfax.sys [2004/04/18 22:04:48 \| 000,013,312 \| ---- \| C] ( ) -- C:\WINDOWS\System32\drivers\slwdmsup.sys [5 C:\WINDOWS\System32\.tmp files -> C:\WINDOWS\System32\.tmp -> ] [5 C:\WINDOWS\.tmp files -> C:\WINDOWS\.tmp -> ] [1 C:\WINDOWS\System32\dllcache\.tmp files -> C:\WINDOWS\System32\dllcache\.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011/02/02 14:46:21 \| 001,474,832 \| ---- \| M] () -- C:\WINDOWS\System32\drivers\sfi.dat [2011/02/02 14:46:20 \| 000,002,048 \| --S- \| M] () -- C:\WINDOWS\bootstat.dat [2011/02/02 14:40:33 \| 000,000,884 \| ---- \| M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2011/02/02 13:50:03 \| 000,000,260 \| ---- \| M] () -- C:\WINDOWS\tasks\WGASetup.job [2011/02/02 13:46:23 \| 000,000,278 \| ---- \| M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-515967899-1801674531-682003330-1004.job [2011/02/02 13:46:20 \| 000,000,880 \| ---- \| M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2011/02/01 17:50:37 \| 000,002,206 \| ---- \| M] () -- C:\WINDOWS\System32\wpa.dbl [2011/01/24 19:06:23 \| 000,000,191 \| ---- \| M] () -- C:\WINDOWS\sc.INI [2011/01/20 15:15:03 \| 000,000,286 \| ---- \| M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-515967899-1801674531-682003330-1004.job [5 C:\WINDOWS\System32\.tmp files -> C:\WINDOWS\System32\.tmp -> ] [5 C:\WINDOWS\.tmp files -> C:\WINDOWS\.tmp -> ] [1 C:\WINDOWS\System32\dllcache\.tmp files -> C:\WINDOWS\System32\dllcache\.tmp -> ] ========== Files Created - No Company Name ========== [2010/01/01 12:45:45 \| 000,040,448 \| ---- \| C] () -- C:\WINDOWS\System32\drivers\H8SRTftjcbqppak.sys [2009/12/31 12:58:21 \| 000,000,260 \| ---- \| C] () -- C:\WINDOWS\_delis32.ini [2009/05/28 14:56:05 \| 000,383,238 \| ---- \| C] () -- C:\WINDOWS\System32\libmp3lame-0.dll [2009/05/03 08:22:32 \| 000,000,455 \| ---- \| C] () -- C:\WINDOWS\REGENUNINS.INI [2009/05/03 08:22:21 \| 000,003,893 \| ---- \| C] () -- C:\WINDOWS\REGCALL.INI [2008/12/21 13:28:06 \| 000,000,031 \| ---- \| C] () -- C:\WINDOWS\System32\wfwindowp32.dll [2008/12/19 10:35:27 \| 000,000,082 \| ---- \| C] () -- C:\WINDOWS\MPLAYER.INI [2008/12/19 10:32:44 \| 001,680,896 \| ---- \| C] () -- C:\WINDOWS\System32\LTCLR13n.dll [2008/12/19 10:32:44 \| 000,338,944 \| ---- \| C] () -- C:\WINDOWS\System32\lffpx7.dll [2008/12/19 10:32:44 \| 000,122,880 \| ---- \| C] () -- C:\WINDOWS\System32\LFKODAK.DLL [2008/05/25 09:02:32 \| 000,000,014 \| ---- \| C] () -- C:\WINDOWS\System32\SystemInfo32.sys [2008/03/19 19:10:15 \| 000,040,960 \| ---- \| C] () -- C:\WINDOWS\System32\B11gUSB.dll [2008/03/19 19:10:14 \| 000,094,208 \| ---- \| C] () -- C:\WINDOWS\System32\GTW32N50.dll [2008/03/14 07:27:21 \| 000,144,896 \| ---- \| C] () -- C:\Documents and Settings\Bobby\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008/02/15 19:19:49 \| 000,765,952 \| ---- \| C] () -- C:\WINDOWS\System32\xvidcore.dll [2008/02/15 19:19:49 \| 000,139,264 \| ---- \| C] () -- C:\WINDOWS\System32\xvidvfw.dll [2007/08/02 17:09:45 \| 000,000,191 \| ---- \| C] () -- C:\WINDOWS\sc.INI [2007/06/02 08:59:12 \| 000,007,680 \| ---- \| C] () -- C:\WINDOWS\System32\CNMVS6s.DLL [2007/05/23 12:47:51 \| 000,000,067 \| ---- \| C] () -- C:\WINDOWS\A1 DVD Audio Ripper.INI [2007/05/23 12:30:58 \| 000,000,066 \| ---- \| C] () -- C:\WINDOWS\#1 DVD Audio Ripper.INI [2007/04/04 09:59:59 \| 000,000,033 \| ---- \| C] () -- C:\WINDOWS\LVMMail.INI [2006/12/27 16:16:18 \| 000,028,672 \| ---- \| C] () -- C:\WINDOWS\System32\drivers\CO_Mon.sys [2006/11/17 13:38:35 \| 000,012,288 \| ---- \| C] () -- C:\WINDOWS\impborl.dll [2006/09/20 11:51:18 \| 000,262,144 \| ---- \| C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll [2006/09/20 11:51:18 \| 000,112,640 \| ---- \| C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll [2006/09/12 09:41:38 \| 000,029,696 \| ---- \| C] () -- C:\WINDOWS\System32\pthread.dll [2006/02/07 18:30:48 \| 000,000,241 \| ---- \| C] () -- C:\WINDOWS\QSync.INI [2006/01/07 14:56:08 \| 000,003,028 \| ---- \| C] () -- C:\WINDOWS\cdplayer.ini [2006/01/03 13:11:26 \| 000,000,094 \| ---- \| C] () -- C:\WINDOWS\AWSHKWV.INI [2006/01/03 13:11:26 \| 000,000,035 \| ---- \| C] () -- C:\WINDOWS\A5W.INI [2005/12/16 05:44:46 \| 000,065,536 \| ---- \| C] () -- C:\WINDOWS\System32\YCRWin32.dll [2005/12/12 07:18:23 \| 000,000,000 \| ---- \| C] () -- C:\WINDOWS\iPlayer.INI [2005/12/10 13:37:07 \| 000,000,285 \| ---- \| C] () -- C:\WINDOWS\SIERRA.INI [2005/12/10 11:48:10 \| 000,000,000 \| ---- \| C] () -- C:\WINDOWS\pcfriend.INI [2005/12/10 11:21:17 \| 000,000,049 \| ---- \| C] () -- C:\WINDOWS\NeroDigital.ini [2005/12/10 07:58:45 \| 000,528,384 \| ---- \| C] () -- C:\WINDOWS\System32\SLLights.dll [2005/12/10 07:58:45 \| 000,208,896 \| ---- \| C] () -- C:\WINDOWS\System32\amr_cpl.dll [2005/12/10 07:58:45 \| 000,135,168 \| ---- \| C] () -- C:\WINDOWS\System32\SLMOHServ.dll [2005/08/27 06:18:30 \| 000,004,161 \| ---- \| C] () -- C:\WINDOWS\ODBCINST.INI [2005/08/27 06:17:16 \| 000,000,376 \| ---- \| C] () -- C:\WINDOWS\ODBC.INI [2005/08/27 05:45:35 \| 000,000,044 \| ---- \| C] () -- C:\WINDOWS\System32\msssc.dll [2004/04/19 01:44:48 \| 000,196,608 \| ---- \| C] () -- C:\WINDOWS\System32\slextspk.dll [2004/04/19 01:16:46 \| 000,049,152 \| ---- \| C] () -- C:\WINDOWS\System32\coinst.dll [2004/04/19 01:11:06 \| 000,163,840 \| ---- \| C] () -- C:\WINDOWS\System32\SLGen.dll [2004/03/23 10:49:48 \| 000,131,072 \| ---- \| C] () -- C:\WINDOWS\System32\sfarkxt.dll [2004/03/23 10:49:47 \| 000,068,096 \| ---- \| C] () -- C:\WINDOWS\System32\SFARKL.DLL [2002/10/15 17:54:04 \| 000,153,088 \| ---- \| C] () -- C:\WINDOWS\System32\unrar.dll [1999/01/27 08:39:06 \| 000,065,024 \| ---- \| C] () -- C:\WINDOWS\System32\indounin.dll [1999/01/22 13:46:56 \| 000,065,536 \| ---- \| C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL [1997/06/13 02:56:08 \| 000,056,832 \| ---- \| C] () -- C:\WINDOWS\System32\Iyvu9_32.dll ========== LOP Check ========== [2010/11/03 12:23:53 \| 000,000,280 \| ---- \| M] () -- C:\WINDOWS\Tasks\videopadDowngrade.job [2010/11/03 12:23:55 \| 000,000,280 \| ---- \| M] () -- C:\WINDOWS\Tasks\videopadShakeIcon.job [2011/02/02 13:50:03 \| 000,000,260 \| ---- \| M] () -- C:\WINDOWS\Tasks\WGASetup.job ========== Purity Check ========== < End of report > Do this on the computer you are posting from: Copy the text in the codebox below: Code: [Select]:OTL O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O4 - HKLM..\Run: [KernelFaultCheck] File not found O4 - HKLM..\Run: [Regen] File not found O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - CLSID or File not found. [5 C:\WINDOWS\System32\.tmp files -> C:\WINDOWS\System32\.tmp -> ] [5 C:\WINDOWS\.tmp files -> C:\WINDOWS\.tmp -> ] [1 C:\WINDOWS\System32\dllcache\.tmp files -> C:\WINDOWS\System32\dllcache\.tmp -> ] [2010/01/01 12:45:45 \| 000,040,448 \| ---- \| C] () -- C:\WINDOWS\System32\drivers\H8SRTftjcbqppak.sys :Services :Reg :Files :Commands [purity] [emptytemp] Open Notepad and paste it. Save the document as Fix.txt on to a USB flash drive On the infected computer the following... Run OTLPE Insert USB stick and find the file Fix.txt. Drag the file Fix.txt and drop it under the Custom Scans/Fixes box at the bottom. (The content of Fix.txt should appear in the box) Then click the Run Fix button at the top Let the program run unhindered, reboot the PC when it is done Post the log produced (you'll need to transfer it with USB stick) Attempt to reboot normally into Windows. Hi, I've tried to log in back to Windows but it is still staying on the blank screen. The log reads: Quote ========== OTL ========== Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Regen deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ not found. Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} C:\WINDOWS\Downloaded Program Files\erma.inf not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found. Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found. File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found. Starting removal of ActiveX control Microsoft XML Parser for Java Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF . Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found. Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\CDBurn deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\ not found. C:\WINDOWS\System32\CONFIG.TMP deleted successfully. C:\WINDOWS\System32\SET80.tmp deleted successfully. C:\WINDOWS\System32\SETBA.tmp deleted successfully. C:\WINDOWS\System32\SETBF.tmp deleted successfully. C:\WINDOWS\System32\SETC6.tmp deleted successfully. C:\WINDOWS\msdownld.tmp folder deleted successfully. C:\WINDOWS\SB2C5BF26.tmp deleted successfully. C:\WINDOWS\SET3.tmp deleted successfully. C:\WINDOWS\SET4.tmp deleted successfully. C:\WINDOWS\SET8.tmp deleted successfully. C:\WINDOWS\System32\dllcache\psapi.dll.tmp deleted successfully. C:\WINDOWS\system32\drivers\H8SRTftjcbqppak.sys moved successfully. ========== SERVICES/DRIVERS ========== ========== REGISTRY ========== ========== FILES ========== ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 234487511 bytes ->Temporary Internet Files folder emptied: 530401161 bytes ->Java cache emptied: 4950966 bytes ->FireFox cache emptied: 23674210 bytes ->Flash cache emptied: 2647818 bytes User: All Users User: Bobby ->Temp folder emptied: 955176201 bytes ->Temporary Internet Files folder emptied: 45628992 bytes ->Java cache emptied: 13669281 bytes ->FireFox cache emptied: 88000714 bytes ->Flash cache emptied: 325085 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 0 bytes User: LocalService ->Temp folder emptied: 65984 bytes ->Temporary Internet Files folder emptied: 49286 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 722 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 9375997 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 64801154 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes Total Files Cleaned = 1,882.00 mb OTLPE by OldTimer - Version 3.1.44.2 log created on 02042011_195407 As far, as I can tell, you're infected with TDSS rootkit. Let's try our CD one more time... Do this on the computer you are posting from: Copy the text in the codebox below: Code: [Select]:OTL :Services H8SRTd H8SRT :Reg [-HKEY_LOCAL_MACHINE\SOFTWARE\H8SRT] [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\H8SRTd.sys] :Files C:\Windows\System32\H8SRTftjcbqppak.dll C:\Windows\System32\H8SRTftjcbqppak.dat C:\Windows\System32\srcr.dat C:\WINDOWS\system32\drivers\H8SRTftjcbqppak.sys :Commands [purity] [emptytemp] Open Notepad and paste it. Save the document as Fix.txt on to a USB flash drive On the infected computer the following... Run OTLPE Insert USB stick and find the file Fix.txt. Drag the file Fix.txt and drop it under the Custom Scans/Fixes box at the bottom. (The content of Fix.txt should appear in the box) Then click the Run Fix button at the top Let the program run unhindered, reboot the PC when it is done Post the log produced (you'll need to transfer it with USB stick) Attempt to reboot normally into Windows. Nope, the screen is still blank upon reboot. Here is the log: Quote ========== OTL ========== ========== SERVICES/DRIVERS ========== Service\Driver key H8SRTd not found. Service\Driver key H8SRT not found. ========== REGISTRY ========== Registry key HKEY_LOCAL_MACHINE\SOFTWARE\H8SRT\ not found. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\H8SRTd.sys\ not found. ========== FILES ========== File\Folder C:\Windows\System32\H8SRTftjcbqppak.dll not found. File\Folder C:\Windows\System32\H8SRTftjcbqppak.dat not found. File\Folder C:\Windows\System32\srcr.dat not found. File\Folder C:\WINDOWS\system32\drivers\H8SRTftjcbqppak.sys not found. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: All Users User: Bobby ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes Total Files Cleaned = 0.00 mb OTLPE by OldTimer - Version 3.1.44.2 log created on 02042011_211752 I greatly appreciate all of your help by the way You're welcome Please download NTBR by noahdfear and save it to your Desktop. File size: 2.44 MB (2,565,432 bytes) Place a blank CD in your CD drive. Double click on NTBR_CD.exe file and a folder of the same name will appear. Open the folder and double click on BurnItCD.cmd file. If your CD drive will open, simply close it back. Follow the prompts to BURN the CD. Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE) If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm. Insert the newly created CD into your infected PC and reboot your computer. Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this! Read the warning and then continue as prompted. You first need to select your keyboard layout - press Enter for English. Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK On the following screen enter 5 to select Install Standard MBR code. Enter 1 to overwrite the infected MBR Code with the Standard MBR code. When asked to confirm please do so. Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD. Eject the disc and then press ctrl+alt+del to reboot the PC. See, if it'll boot. **Important note to Dell users - fixing the MBR may prevent access to the Dell Restore Utility, which allows you to press a key on startup and revert your computer to a factory delivered state. If this is Dell computer, let me know before proceeding.

Answer»

Hi everyone

Basically, my problem is this:

When I press the on button on my PC desktop (Windows XP) it, as normal, goes to the 'Compaq' screen. After this, expecting the Windows XP loading screen, it instead stays on a blank screen. I have tried logging on in to Safe Mode but it does the same thing, staying on the blank screen. I am literally clueless. Any help will be much appreciated. Thanks Quote from: bobbylelat on February 02, 2011, 02:39:13 PM

I have tried logging on in to Safe Mode but it does the same thing, staying on the blank screen.

So you get to the screen with the list of options where you can choose safe mode. Is that right? Quote from: JJ 3000 on February 02, 2011, 02:55:48 PM

So you get to the screen with the list of options where you can choose safe mode. Is that right?

Yes, that's right.What is new or different since the last time everything worked properly (ie, new hw, new sw, virus, error, etc)? Quote from: Allan on February 02, 2011, 03:05:02 PM

What is new or different since the last time everything worked properly (ie, new hw, new sw, virus, error, etc)?

The last time everything was up and running I remember having to block two things via COMODO but I can't remember what they were. Nothing strange happened after blocking them, it was running fine and I shut the computer down as normal. Have you tried Last Known Good Configuration?Let's see, if we can look at your computer booting from an external source.

Please download OTLPE (filesize 120,9 MB)

When downloaded double click on OTLPENet.exe and make sure there is a blank CD in your CD drive. This will automatically create a bootable CD.
Reboot your system using the boot CD you just created.

Note : If you do not know how to set your computer to boot from CD follow the steps HERE

Your system should now display a REATOGO-X-PE desktop.
Depending on your type of internet connection, you should be able to get online as well so you can access this topic more easily.
Double-click on the OTLPE icon.
When asked Do you wish to load the remote registry, select Yes
When asked Do you wish to load remote user profile(s) for scanning, select Yes
Ensure the box Automatically Load All Remaining Users" is checked and press OK
OTL should now start.
Press Run Scan to start the scan.
When finished, the file will be saved in drive C:\OTL.txt
Copy this file to your USB drive if you do not have internet connection on this system
Please post the contents of the OTL.txt file in your reply.

Quote from: Broni on February 02, 2011, 03:51:16 PM

Let's see, if we can look at your computer booting from an external source.

Please download OTLPE (filesize 120,9 MB)

When downloaded double click on OTLPENet.exe and make sure there is a blank CD in your CD drive. This will automatically create a bootable CD.
Reboot your system using the boot CD you just created.
Note : If you do not know how to set your computer to boot from CD follow the steps HERE
Your system should now display a REATOGO-X-PE desktop.
Depending on your type of internet connection, you should be able to get online as well so you can access this topic more easily.
Double-click on the OTLPE icon.
When asked Do you wish to load the remote registry, select Yes
When asked Do you wish to load remote user profile(s) for scanning, select Yes
Ensure the box Automatically Load All Remaining Users" is checked and press OK
OTL should now start.
Press Run Scan to start the scan.
When finished, the file will be saved in drive C:\OTL.txt
Copy this file to your USB drive if you do not have internet connection on this system
Please post the contents of the OTL.txt file in your reply.

I have tried this, but after clicking 'Yes' to the 'Do you wish to load remote registry' an error pops up saying:

Registry Access Error, ret=1016:

An I/O operation initiated by the registry failed unrecoverably. The registry could not read in, or write out, or flush, one of the files that contain the system's image of the registry.Please, try again and answer "no" to that question. Quote from: Broni on February 03, 2011, 05:02:31 PM

Please, try again and answer "no" to that question.

It worked this time!

Here is the OTL reading:

OTL logfile created on: 2/4/2011 6:27:10 PM - Run
OTLPE by OldTimer - Version 3.1.44.2 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM
Internet EXPLORER (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.00 Mb Total Physical Memory | 290.00 Mb Available Physical Memory | 58.00% Memory free
455.00 Mb Paging File | 325.00 Mb Available in Paging File | 71.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18.64 Gb Total Space | 1.52 Gb Free Space | 8.15% Space Free | Partition Type: NTFS
Drive X: | 436.55 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet002

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand] -- -- (TermService)
SRV - File not found [On_Demand] -- -- (SQLAgent$SONY_MEDIAMGR)
SRV - File not found [On_Demand] -- -- (MSSQL$SONY_MEDIAMGR)
SRV - File not found [Auto] -- -- (McciCMService)
SRV - File not found [Disabled] -- -- (HidServ)
SRV - [2010/03/16 16:19:25 | 000,723,632 | ---- | M] (COMODO) [Auto] -- C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2004/04/19 01:12:08 | 000,045,056 | ---- | M] ( ) [Auto] -- C:\WINDOWS\System32\slserv.exe -- (SLService)
SRV - [2004/03/29 11:08:16 | 000,049,152 | ---- | M] () [Auto] -- C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe -- (Belkin Wireless USB Network Adapter Service)
SRV - [2002/09/20 10:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | Auto] -- -- (RGFILERW)
DRV - File not found [Kernel | On_Demand] -- -- (QCMerced)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand] -- -- (MRESP50a64)
DRV - File not found [Kernel | On_Demand] -- -- (MRESP50)
DRV - File not found [Kernel | On_Demand] -- -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand] -- -- (MREMPR5)
DRV - File not found [Kernel | On_Demand] -- -- (MREMP50a64)
DRV - File not found [Kernel | On_Demand] -- -- (MREMP50)
DRV - File not found [Kernel | On_Demand] -- -- (LVUSBSta)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand] -- -- (EverestDriver)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2010/06/24 07:46:12 | 000,028,256 | ---- | M] (Applian Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\appliand.sys -- (appliandMP)
DRV - [2010/06/24 07:46:12 | 000,028,256 | ---- | M] (Applian Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\appliand.sys -- (appliand)
DRV - [2010/03/16 16:19:49 | 000,087,104 | ---- | M] (COMODO) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\inspect.sys -- (Inspect)
DRV - [2010/03/16 16:19:49 | 000,025,160 | ---- | M] (COMODO) [Kernel | System] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2010/03/16 16:19:48 | 000,134,344 | ---- | M] (COMODO) [File_System | System] -- C:\WINDOWS\system32\drivers\cmdguard.sys -- (cmdGuard)
DRV - [2010/01/01 12:45:45 | 000,040,448 | ---- | M] () [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\H8SRTftjcbqppak.sys -- (H8SRTd.sys)
DRV - [2007/12/11 04:52:12 | 000,026,784 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2007/08/02 16:51:47 | 000,021,120 | ---- | M] (NCH Swift Sound) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nchssvad.sys -- (NCHSSVAD)
DRV - [2006/12/27 16:16:19 | 000,028,672 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\CO_Mon.sys -- (CO_Mon)
DRV - [2005/11/21 00:48:20 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2005/08/02 18:00:36 | 000,232,192 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2005/02/16 01:43:20 | 000,028,800 | ---- | M] (Cypress Semiconductor) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\CyUsbNT.sys -- (CyUsbNT)
DRV - [2004/08/03 18:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2004/04/30 04:38:42 | 000,632,784 | ---- | M] ( ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\slntamr.sys -- (Slntamr)
DRV - [2004/04/30 03:56:04 | 001,321,952 | ---- | M] ( ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mtlstrm.sys -- (Mtlstrm)
DRV - [2004/04/18 22:50:20 | 000,013,912 | ---- | M] ( ) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\RecAgent.sys -- (RecAgent)
DRV - [2004/04/18 22:34:36 | 000,095,760 | ---- | M] ( ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\slnthal.sys -- (SlNtHal)
DRV - [2004/04/18 22:33:24 | 000,230,656 | ---- | M] ( ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mtlmnt5.sys -- (Mtlmnt5)
DRV - [2004/04/18 22:15:12 | 000,180,664 | ---- | M] ( ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ntmtlfax.sys -- (NtMtlFax)
DRV - [2004/04/18 22:04:48 | 000,013,312 | ---- | M] ( ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\slwdmsup.sys -- (SlWdmSup)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sp/*http://uk.search.yahoo.com/
IE - HKLM\Software\Microsoft\Internet Explorer\Search,CustomSearch = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/cs/*http://uk.docs.yahoo.com/info/bt_side.html
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\eMusic Download Manager\Extensions\\Components: C:\Program Files\eMusic Download Manager\xulrunner\components [2010/10/21 14:12:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\eMusic Download Manager\Extensions\\Plugins: C:\Program Files\eMusic Download Manager\xulrunner\plugins [2010/10/21 14:13:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/21 14:12:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/21 14:13:20 | 000,000,000 | ---D | M]

[2011/02/02 07:13:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2006/10/15 09:11:48 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2006/11/18 09:14:04 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2008/09/30 10:10:54 | 000,284,248 | ---- | M] (Musicnotes, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npmusicn.dll
[2007/07/31 16:27:00 | 000,000,782 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\conduit.xml

O1 HOSTS File: ([2007/09/14 08:28:08 | 000,178,727 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1   babe.the-killer.bz
O1 - Hosts: 127.0.0.1   www.babe.the-killer.bz
O1 - Hosts: 127.0.0.1   babe.k-lined.com
O1 - Hosts: 127.0.0.1   www.babe.k-lined.com
O1 - Hosts: 127.0.0.1   did.i-used.cc
O1 - Hosts: 127.0.0.1   www.did.i-used.cc
O1 - Hosts: 127.0.0.1   coolwwwsearch.com
O1 - Hosts: 127.0.0.1   www.coolwwwsearch.com
O1 - Hosts: 127.0.0.1   coolwebsearch.com
O1 - Hosts: 127.0.0.1   www.coolwebsearch.com
O1 - Hosts: 127.0.0.1   hi.studioaperto.net
O1 - Hosts: 127.0.0.1   www.hi.studioaperto.net
O1 - Hosts: 127.0.0.1   wazzupnet.com
O1 - Hosts: 127.0.0.1   www.wazzupnet.com
O1 - Hosts: 127.0.0.1   gueb.com
O1 - Hosts: 127.0.0.1   www.gueb.com
O1 - Hosts: 127.0.0.1   kabex.com
O1 - Hosts: 127.0.0.1   www.kabex.com
O1 - Hosts: 127.0.0.1   hityou.com
O1 - Hosts: 127.0.0.1   www.hityou.com
O1 - Hosts: 127.0.0.1   miosearch.com
O1 - Hosts: 127.0.0.1   www.miosearch.com
O1 - Hosts: 127.0.0.1   blue-elefant.com
O1 - Hosts: 127.0.0.1   www.blue-elefant.com
O1 - Hosts: 6348 more lines...
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\Comodo\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe (adi)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [Regen] File not found
O4 - HKLM..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EPSON Status Monitor 3 Environment Check.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe (Logitech)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe (Orbitdownloader.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java CONSOLE - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_11.dll (Sun Microsystems, Inc.)
O9 - Extra Button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - CLSID or File not found.
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/27 05:29:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [ = comfile] -- "%1" %*
O37 - HKLM\...exe [ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/02 14:36:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/02/02 14:36:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2005/12/10 07:58:45 | 000,015,040 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\winddx.sys
[2004/04/30 04:38:42 | 000,632,784 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slntamr.sys
[2004/04/30 03:56:04 | 001,321,952 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\mtlstrm.sys
[2004/04/18 22:50:20 | 000,013,912 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\RecAgent.sys
[2004/04/18 22:34:36 | 000,095,760 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slnthal.sys
[2004/04/18 22:33:24 | 000,230,656 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys
[2004/04/18 22:15:12 | 000,180,664 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\ntmtlfax.sys
[2004/04/18 22:04:48 | 000,013,312 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slwdmsup.sys
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/02/02 14:46:21 | 001,474,832 | ---- | M] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2011/02/02 14:46:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/02/02 14:40:33 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/02/02 13:50:03 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2011/02/02 13:46:23 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-515967899-1801674531-682003330-1004.job
[2011/02/02 13:46:20 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/02/01 17:50:37 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/01/24 19:06:23 | 000,000,191 | ---- | M] () -- C:\WINDOWS\sc.INI
[2011/01/20 15:15:03 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-515967899-1801674531-682003330-1004.job
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/01 12:45:45 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\drivers\H8SRTftjcbqppak.sys
[2009/12/31 12:58:21 | 000,000,260 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2009/05/28 14:56:05 | 000,383,238 | ---- | C] () -- C:\WINDOWS\System32\libmp3lame-0.dll
[2009/05/03 08:22:32 | 000,000,455 | ---- | C] () -- C:\WINDOWS\REGENUNINS.INI
[2009/05/03 08:22:21 | 000,003,893 | ---- | C] () -- C:\WINDOWS\REGCALL.INI
[2008/12/21 13:28:06 | 000,000,031 | ---- | C] () -- C:\WINDOWS\System32\wfwindowp32.dll
[2008/12/19 10:35:27 | 000,000,082 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI
[2008/12/19 10:32:44 | 001,680,896 | ---- | C] () -- C:\WINDOWS\System32\LTCLR13n.dll
[2008/12/19 10:32:44 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2008/12/19 10:32:44 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2008/05/25 09:02:32 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\SystemInfo32.sys
[2008/03/19 19:10:15 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\B11gUSB.dll
[2008/03/19 19:10:14 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2008/03/14 07:27:21 | 000,144,896 | ---- | C] () -- C:\Documents and Settings\Bobby\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/02/15 19:19:49 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/02/15 19:19:49 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/08/02 17:09:45 | 000,000,191 | ---- | C] () -- C:\WINDOWS\sc.INI
[2007/06/02 08:59:12 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS6s.DLL
[2007/05/23 12:47:51 | 000,000,067 | ---- | C] () -- C:\WINDOWS\A1 DVD Audio Ripper.INI
[2007/05/23 12:30:58 | 000,000,066 | ---- | C] () -- C:\WINDOWS\#1 DVD Audio Ripper.INI
[2007/04/04 09:59:59 | 000,000,033 | ---- | C] () -- C:\WINDOWS\LVMMail.INI
[2006/12/27 16:16:18 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\drivers\CO_Mon.sys
[2006/11/17 13:38:35 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2006/09/20 11:51:18 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2006/09/20 11:51:18 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2006/09/12 09:41:38 | 000,029,696 | ---- | C] () -- C:\WINDOWS\System32\pthread.dll
[2006/02/07 18:30:48 | 000,000,241 | ---- | C] () -- C:\WINDOWS\QSync.INI
[2006/01/07 14:56:08 | 000,003,028 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/01/03 13:11:26 | 000,000,094 | ---- | C] () -- C:\WINDOWS\AWSHKWV.INI
[2006/01/03 13:11:26 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI
[2005/12/16 05:44:46 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2005/12/12 07:18:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2005/12/10 13:37:07 | 000,000,285 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2005/12/10 11:48:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2005/12/10 11:21:17 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/12/10 07:58:45 | 000,528,384 | ---- | C] () -- C:\WINDOWS\System32\SLLights.dll
[2005/12/10 07:58:45 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\amr_cpl.dll
[2005/12/10 07:58:45 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\SLMOHServ.dll
[2005/08/27 06:18:30 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/27 06:17:16 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/08/27 05:45:35 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2004/04/19 01:44:48 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\slextspk.dll
[2004/04/19 01:16:46 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\coinst.dll
[2004/04/19 01:11:06 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\SLGen.dll
[2004/03/23 10:49:48 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\sfarkxt.dll
[2004/03/23 10:49:47 | 000,068,096 | ---- | C] () -- C:\WINDOWS\System32\SFARKL.DLL
[2002/10/15 17:54:04 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[1999/01/27 08:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1999/01/22 13:46:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1997/06/13 02:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== LOP Check ==========

[2010/11/03 12:23:53 | 000,000,280 | ---- | M] () -- C:\WINDOWS\Tasks\videopadDowngrade.job
[2010/11/03 12:23:55 | 000,000,280 | ---- | M] () -- C:\WINDOWS\Tasks\videopadShakeIcon.job
[2011/02/02 13:50:03 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

========== Purity Check ==========

< End of report >
Do this on the computer you are posting from:
Copy the text in the codebox below:

Code: [Select]:OTL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [Regen] File not found
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - CLSID or File not found.
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[2010/01/01 12:45:45 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\drivers\H8SRTftjcbqppak.sys

:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]

Open Notepad and paste it.
Save the document as Fix.txt on to a USB flash drive

On the infected computer the following...

Run OTLPE

Insert USB stick and find the file Fix.txt. Drag the file Fix.txt and drop it under the Custom Scans/Fixes box at the bottom.
- (The content of Fix.txt should appear in the box)
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Post the log produced (you'll need to transfer it with USB stick)
Attempt to reboot normally into Windows.

Hi,

I've tried to log in back to Windows but it is still staying on the blank screen.

The log reads:

Quote

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Regen deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\CDBurn deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\ not found.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\System32\SET80.tmp deleted successfully.
C:\WINDOWS\System32\SETBA.tmp deleted successfully.
C:\WINDOWS\System32\SETBF.tmp deleted successfully.
C:\WINDOWS\System32\SETC6.tmp deleted successfully.
C:\WINDOWS\msdownld.tmp folder deleted successfully.
C:\WINDOWS\SB2C5BF26.tmp deleted successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET4.tmp deleted successfully.
C:\WINDOWS\SET8.tmp deleted successfully.
C:\WINDOWS\System32\dllcache\psapi.dll.tmp deleted successfully.
C:\WINDOWS\system32\drivers\H8SRTftjcbqppak.sys moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 234487511 bytes
->Temporary Internet Files folder emptied: 530401161 bytes
->Java cache emptied: 4950966 bytes
->FireFox cache emptied: 23674210 bytes
->Flash cache emptied: 2647818 bytes

User: All Users

User: Bobby
->Temp folder emptied: 955176201 bytes
->Temporary Internet Files folder emptied: 45628992 bytes
->Java cache emptied: 13669281 bytes
->FireFox cache emptied: 88000714 bytes
->Flash cache emptied: 325085 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 49286 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 722 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 9375997 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 64801154 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes

Total Files Cleaned = 1,882.00 mb

OTLPE by OldTimer - Version 3.1.44.2 log created on 02042011_195407

As far, as I can tell, you're infected with TDSS rootkit.

Let's try our CD one more time...

Do this on the computer you are posting from:
Copy the text in the codebox below:

Code: [Select]:OTL

:Services
H8SRTd
H8SRT

:Reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\H8SRT]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\H8SRTd.sys]

:Files
C:\Windows\System32\H8SRTftjcbqppak.dll
C:\Windows\System32\H8SRTftjcbqppak.dat
C:\Windows\System32\srcr.dat
C:\WINDOWS\system32\drivers\H8SRTftjcbqppak.sys

:Commands
[purity]
[emptytemp]

Open Notepad and paste it.
Save the document as Fix.txt on to a USB flash drive

On the infected computer the following...

Run OTLPE

Insert USB stick and find the file Fix.txt. Drag the file Fix.txt and drop it under the Custom Scans/Fixes box at the bottom.
- (The content of Fix.txt should appear in the box)
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Post the log produced (you'll need to transfer it with USB stick)
Attempt to reboot normally into Windows.

Nope, the screen is still blank upon reboot.

Here is the log:

Quote

========== OTL ==========
========== SERVICES/DRIVERS ==========
Service\Driver key H8SRTd not found.
Service\Driver key H8SRT not found.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\H8SRT\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\H8SRTd.sys\ not found.
========== FILES ==========
File\Folder C:\Windows\System32\H8SRTftjcbqppak.dll not found.
File\Folder C:\Windows\System32\H8SRTftjcbqppak.dat not found.
File\Folder C:\Windows\System32\srcr.dat not found.
File\Folder C:\WINDOWS\system32\drivers\H8SRTftjcbqppak.sys not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Bobby
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

Total Files Cleaned = 0.00 mb

OTLPE by OldTimer - Version 3.1.44.2 log created on 02042011_211752

I greatly appreciate all of your help by the way You're welcome

Please download NTBR by noahdfear and save it to your Desktop.
File size: 2.44 MB (2,565,432 bytes)

Place a blank CD in your CD drive.
Double click on NTBR_CD.exe file and a folder of the same name will appear.
Open the folder and double click on BurnItCD.cmd file. If your CD drive will open, simply close it back.
Follow the prompts to BURN the CD.

Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)
If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.

Insert the newly created CD into your infected PC and reboot your computer.
Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!
Read the warning and then continue as prompted.
You first need to select your keyboard layout - press Enter for English.
Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK
On the following screen enter 5 to select Install Standard MBR code.
Enter 1 to overwrite the infected MBR Code with the Standard MBR code.
When asked to confirm please do so.
Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD.
Eject the disc and then press ctrl+alt+del to reboot the PC.

See, if it'll boot.

**Important note to Dell users - fixing the MBR may prevent access to the Dell Restore Utility, which allows you to press a key on startup and revert your computer to a factory delivered state. If this is Dell computer, let me know before proceeding.

Solve : Blank Screen...?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment