Blue Screen and Reboot During Full System Scan

[Gottlob]

I'll be more than happy to run it, IF I can find it!  I've looked on the Net, and all the sites in Google that advertise "Download OTL" give you the run-around, and all the download icons take you to some other software.  Could you possibly mail a copy to gottlob@frontier.com?

[Gottlob]

wHOSE "otl" SHOULD i BE LOOKING FOR, AND WHERE SHOULD i LOOK?  oNE ENTRY IN gOOGLE SAYS THERE ARE 29 DIFFERENT FILES WITH THAT NAME, AND ONLY ONE IS SAFE.

[essexboy]

Download OTL  to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Select All Users
  
• Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
consrv.dll
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
C:\Windows\assembly\tmp\U\*.* /s
%Temp%\smtmp\1\*.*
%Temp%\smtmp\2\*.*
%Temp%\smtmp\3\*.*
%Temp%\smtmp\4\*.*
>C:\commands.txt echo list vol /raw /hide /c
/wait
>C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
/wait
type c:\diskreport.txt /c
/wait
erase c:\commands.txt /hide /c
/wait
erase c:\diskreport.txt /hide /c
CREATERESTOREPOINT

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    
  • Post both logs

[Gottlob]

Attached are the two logfiles.

[essexboy]

There are some very suspect toolbars and search engines - Ilivid, Searchqu etc.. There are also some failed windows updates - have you recieved any lately ?

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  

  :OTL
  SRV - File not found [Auto | Stopped] -- C:\Program Files\Moon Secure Antivirus\msavcore.exe -- (msav)
  IE - HKCU\..\SearchScopes\{AE422668-27E8-6F60-04EE-4C2D5A6DDD73}: "URL" = http://bw.startnow.com/s/?q={searchTerms}&src=defsearch&provider=bing&provider_name=bing&provider_code=Z105&partner_id=339&product_id=679&affiliate_id=&channel=&toolbar_id=200&toolbar_version=2.1.0&install_country=US&install_date=20110731&user_guid=30AC861C4E384BE2BA31B4D37303422F&machine_id=e00f9b2f6c9f7148f16edc90d49998b2&browser=IE&os=win&os_version=5.1-x86-SP3&iesrc={referrer:source}
  IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.facemoods.com/?a=fmtgl
  FF - prefs.js..keyword.URL: "http://www.searchqu.com/web?src=ffb&appid=119&systemid=406&sr=0&q="
  FF - prefs.js..network.proxy.http: "127.0.0.1"
  FF - prefs.js..network.proxy.http_port: 53495
  [2011/08/31 19:58:14 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wqe7zq9n.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
  [2011/06/24 20:51:05 | 000,000,000 | ---D | M] (myBabylon EnglishBB Community Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wqe7zq9n.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}(2)
  [2012/03/21 18:47:49 | 000,000,000 | ---D | M] (Facemoods) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wqe7zq9n.default\extensions\ffxtlbr@Facemoods.com
  O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
  O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
  O3 - HKLM\..\Toolbar: (StartNow Toolbar) - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll File not found
  O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
  O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll (facemoods.com)
  O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
  O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
  O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
  O4 - HKLM..\Run: [facemoods] C:\Program Files\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe (facemoods.com)
  O4 - HKCU..\Run: [JP595IR86O] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Mb1.exe File not found
  O4 - HKCU..\Run: [XFSrPYgcG] C:\WINDOWS\System32\control.exe (Microsoft Corporation)
  O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Desktop Alert.lnk = C:\Program Files\Desktop Alert\liveonline_3270223.exe ()
  O20 - AppInit_DLLs: (C:\PROGRA~1\WI371A~1\Datamngr\datamngr.dll) - C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)
  O20 - AppInit_DLLs: (C:\PROGRA~1\WI371A~1\Datamngr\IEBHO.dll) - C:\Program Files\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
  O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - No CLSID value found.
  [2012/03/21 19:10:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\facemoods.com
  [2012/03/21 18:47:46 | 000,000,000 | ---D | C] -- C:\Program Files\facemoods.com
  [2012/03/24 13:19:36 | 000,000,314 | -HS- | M] () -- C:\WINDOWS\tasks\NFNAZTHZ.job
  [2012/03/21 19:10:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\facemoods.com
  [2011/09/06 09:17:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PriceGong
  
  
  :Files
  ipconfig /flushdns /c
  C:\Program Files\Windows iLivid Toolbar
  C:\Program Files\facemoods.com
  C:\Program Files\StartNow Toolbar
  
  :Commands
  [purity]
  [resethosts]
  [emptytemp]
  [CREATERESTOREPOINT]
  [Reboot]
• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

[Gottlob]

A couple of weeks ago I used OTL as instructed; however, it hung, and after several hours I had to shut down.  When I rebooted, I got the famous blue screen, and had to go to Last Known Good Configuration.  When I did that, I found that Windows had been wrecked (essentially).  I also found that a memory stick has probably been blown.  For this reason I must suggest that OTL at best is suitable only to experienced programmers, and I'm not so sure it's safe even for them.

[essexboy]

This is the first time that this has occured.  OTL will not delete any windows system files unless explicitly ordered to, and it in no way can affect a USB drive

And reviewing the files requested for deletion, none are in any way related to windows or it operational files/registry 

So as to what happened I have no idea

[peter tron]

hi,

i have just had the same problem.

all i could read from the blue screen before it re-booted was 'myql more or less equal'(?) . something like that.

my pc has been on for about 20mins since the last time it rebooted. should i perform another full system scan and as soon as it reboots, send you the most recent minidump file, or is it fine to send you the most recent one i have?

how do upload a minidump file to you, as i assume you're going to ask me to do so?

here's hoping..

cheers!

barry.

[essexboy]

What caused the problem ? as from what you have posted it seems to be mysql which is a database programme

[Gottlob]

As I said above, OTL hung (Locked up), so eventually there was nothing to do but shut down and try to restart.  That's when I found myself in trouble.  I make no claim of expert knowledge as to what happened, but because of all the grief I had with that program, I can assure you that I won't be using OTL (or much of any other "fix" program unless I have a reasonable understanding of what it does and how it does it.  Meanwhile, my desktop computer is now in a repair shop, and will likely need new RAM, so I'm working from a laptop with my desktop keyboard attached.

[essexboy]

OTL has no access to or any way to mess with either RAM or any hardware

It is a software programme which means it will not be able to do anything to hardware.  If you require new RAM then mayhap that was the cause of the original problem ?/