Computer Hope
Software => Computer viruses and spyware => Topic started by: that10pin on February 14, 2012, 10:01:22 AM
-
Received a dialog box stating that my virus software had denied a Malware file access onto my computer and what action I want to take. I clicked delete and my computer froze. The only way to shut down was with power button. Now when I boot I get a black screen with a blinking bar in the upper left corner of the screen. When I try to reboot in the safe mode I get the same thing. I tried my recovery disk that I made years ago but same results. Any help would be appreciated.
Bob
-
Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.
1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.
If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
We are going to be using a Windows Recovery Environment to help disinfect the system so it may boot again.
Download the OTLPE Standard REATOGO Windows Recovery Environment. - Place a blank CD-R disc in to your CD burning drive.
- Download OTLPEStd.exe (http://oldtimer.geekstogo.com/OTLPEStd.exe) and double-click on it to burn to a CD using an ISO Burner. One can be found here. (http://iso-burner.com/)
- Reboot your system using the boot CD you just created.
- Note : If you do not know how to set your computer to boot from CD follow the steps here (http://www.hiren.info/pages/bios-boot-cdrom)
- Your system should now display a REATOGO-X-PE desktop.
- Double-click on the OTLPE icon.
- When asked "Do you wish to load the remote registry", select Yes
- When asked "Do you wish to load remote user profile(s) for scanning", select Yes
- Ensure the box "Automatically Load All Remaining Users" is checked and press OK
- OTL should now start. Change the following settings
- Change Drivers to Non-Microsoft
- Press Run Scan to start the scan.
- When finished, the file will be saved in drive C:\_OTL\MovedFiles
- Copy this file to your USB drive if you do not have internet connection on this system
- Please post the contents of the OTL.txt file in your reply.
You may have to change your BIOS boot menu to allow the computer to boot from the disk. Instructions on how to do that are below. This will get your computer started. Please do the scan and post the logs. Then you can save all your important data just in case everything goes south.
If you do not know how to set your computer to boot from CD follow the steps here (http://www.hiren.info/pages/bios-boot-cdrom)
-
Hi Dave here is the file. Hope this helps.
OTL logfile created on: 2/14/2012 3:56:09 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 83.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = E: | %SystemRoot% = E:\WINDOWS | %ProgramFiles% = E:\Program Files
Drive C: | 5.01 Gb Total Space | 1.02 Gb Free Space | 20.31% Space Free | Partition Type: NTFS
Drive D: | 67.74 Gb Total Space | 66.48 Gb Free Space | 98.14% Space Free | Partition Type: NTFS
Drive E: | 39.06 Gb Total Space | 10.07 Gb Free Space | 25.79% Space Free | Partition Type: NTFS
Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled] -- -- (HidServ)
SRV - File not found [On_Demand] -- -- (AppMgmt)
SRV - File not found [Auto] -- -- (AGWinService)
SRV - [2012/02/12 23:00:35 | 001,564,368 | ---- | M] () [Auto] -- E:\Program Files\Guard-ICQ\GuardICQ.exe -- *Blocked Russian URL*)
SRV - [2011/11/01 11:33:54 | 004,363,040 | ---- | M] (Emsi Software GmbH) [Auto] -- D:\Program Files\Tall Emu\Online Armor\oasrv.exe -- (SvcOnlineArmor)
SRV - [2011/11/01 11:33:52 | 000,207,936 | ---- | M] (Emsi Software GmbH) [Auto] -- D:\Program Files\Tall Emu\Online Armor\oacat.exe -- (OAcat)
SRV - [2011/10/19 15:56:36 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- E:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/10/19 15:56:24 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- E:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto] -- E:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto] -- E:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/10/20 21:18:26 | 000,071,096 | ---- | M] () [Auto] -- D:\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto] -- E:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2002/12/24 13:01:22 | 000,065,536 | ---- | M] (Sony Corporation) [On_Demand] -- E:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\Software\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - E:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - E:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Administrator_ON_E\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
IE - HKU\Administrator_ON_E\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\LocalService_ON_E\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
IE - HKU\LocalService_ON_E\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\NetworkService_ON_E\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
IE - HKU\NetworkService_ON_E\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Robert_Giunta_ON_E\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\Robert_Giunta_ON_E\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.inbox.com/homepage.aspx?tbid=80114&lng=en
IE - HKU\Robert_Giunta_ON_E\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\Robert_Giunta_ON_E\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\Robert_Giunta_ON_E\..\URLSearchHook: {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - E:\Program Files\AIM Search\AOLSearch.dll (America Online, Inc.)
IE - HKU\Robert_Giunta_ON_E\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - E:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKU\Robert_Giunta_ON_E\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - E:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\Robert_Giunta_ON_E\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - E:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
IE - HKU\Robert_Giunta_ON_E\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Robert_Giunta_ON_E\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: E:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: E:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: E:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: D:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: E:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: E:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: E:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: E:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: E:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: E:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: E:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/11/12 23:32:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/15 22:18:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/11 22:53:17 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Netscape 7.02\Extensions\\Components: C:\Program Files\Netscape\Netscape\Components [2009/02/01 22:52:38 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Netscape 7.02\Extensions\\Plugins: C:\Program Files\Netscape\Netscape\Plugins [2009/02/02 10:39:02 | 000,000,000 | ---D | M]
[2011/11/11 15:22:37 | 000,000,000 | ---D | M] (No name found) -- E:\Program Files\Mozilla Firefox\extensions
[2012/01/15 22:18:34 | 000,121,816 | ---- | M] (Mozilla Foundation) -- E:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/10/06 20:18:35 | 000,091,552 | ---- | M] (Coupons, Inc.) -- E:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2010/10/06 20:18:37 | 000,091,552 | ---- | M] (Coupons, Inc.) -- E:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/11 15:22:33 | 000,002,040 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\twitter.xml
O1 HOSTS File: ([2009/06/14 22:01:33 | 000,307,157 | R--- | M]) - E:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 10574 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - E:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (AOLSearchHook Class) - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - E:\Program Files\AIM Search\AOLSearch.dll (America Online, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - E:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - E:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O2 - BHO: (Inbox Toolbar) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - E:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O2 - BHO: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - E:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - E:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - E:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - E:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - E:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - E:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKU\Robert_Giunta_ON_E\..\Toolbar\ShellBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - E:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKU\Robert_Giunta_ON_E\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - E:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKU\Robert_Giunta_ON_E\..\Toolbar\WebBrowser: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - E:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\Robert_Giunta_ON_E\..\Toolbar\WebBrowser: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - E:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O3 - HKU\Robert_Giunta_ON_E\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [@OnlineArmor GUI] D:\Program Files\Tall Emu\Online Armor\OAui.exe (Emsi Software GmbH)
O4 - HKLM..\Run: [avgnt] E:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [dvd43] E:\Program Files\dvd43\DVD43_Tray.exe ()
O4 - HKLM..\Run: [ezShieldProtector for Px] E:\WINDOWS\system32\ezSP_Px.exe (Easy Systems Japan Ltd.)
O4 - HKLM..\Run: [Google Quick Search Box] E:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKU\Robert_Giunta_ON_E..\Run: [Desktop Calendar] E:\Program Files\Desktop Calendar\Desktop Calendar.exe (Tinnes Software)
O4 - HKU\Robert_Giunta_ON_E..\Run: [Weather] D:\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_E\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_E\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_E\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Robert_Giunta_ON_E\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - E:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - E:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - E:\Program Files\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - E:\Program Files\ICQ7.7\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - E:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/betapit/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1233542856218 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {C52439A0-2693-4E40-B141-9F9AD5257241} https://ediagnostics.lexmark.com/serval.cab (Lexmark eDiagnostics Class)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - Reg Error: Value error. File not found
O18 - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - E:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - Reg Error: Value error. File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - E:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - E:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - D:\Program Files\Tall Emu\Online Armor\oaevent.dll (Emsi Software GmbH)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - File not found - -- [ NTFS ]
O32 - AutoRun File - File not found - -- [ NTFS ]
O32 - AutoRun File - [2005/06/03 17:10:13 | 000,000,000 | ---- | M] () - D:\.autoreg -- [ NTFS ]
O32 - AutoRun File - [2006/02/01 15:19:20 | 000,000,090 | ---- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O32 - AutoRun File - [2003/08/13 22:08:11 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\setupSNK.exe -- [2004/08/04 00:56:58 | 000,028,672 | ---- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2012/02/12 23:05:40 | 000,000,000 | -HSD | C] -- E:\Documents and Settings\LocalService\IETldCache
[2012/02/12 23:00:48 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Start Menu\Programs\ICQ7.7
[2012/02/12 23:00:48 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Robert Giunta\Application Data\ICQ Search
[2012/02/12 23:00:39 | 000,000,000 | ---D | C] -- E:\Documents and Settings\LocalService\Application Data\{DCD48218-E972-4d0c-9E5F-43462BC13E3B}
[2012/02/12 23:00:35 | 000,000,000 | ---D | C] -- E:\Program Files\Guard-ICQ
[2012/02/12 23:00:31 | 000,000,000 | ---D | C] -- E:\Program Files\ICQ6Toolbar
[2012/02/12 23:00:22 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\ICQ
[2012/02/12 22:58:51 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Robert Giunta\Application Data\ICQ
[2012/02/12 22:58:37 | 000,000,000 | ---D | C] -- E:\Program Files\ICQ7.7
[2012/02/08 17:15:00 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2012/02/08 17:13:57 | 000,000,000 | -HSD | C] -- E:\WINDOWS\system32\config\systemprofile\IETldCache
[2012/01/24 16:45:39 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Start Menu\Programs\Yahoo! Messenger
[2012/01/24 15:06:36 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Robert Giunta\Application Data\Inbox Toolbar
[2012/01/24 15:06:36 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Start Menu\Programs\Inbox Toolbar
[2012/01/24 15:06:33 | 000,000,000 | ---D | C] -- E:\Program Files\Inbox Toolbar
[2009/02/01 23:57:13 | 000,047,360 | ---- | C] (VSO Software) -- E:\Documents and Settings\Robert Giunta\Application Data\pcouffin.sys
[2 E:\WINDOWS\*.tmp files -> E:\WINDOWS\*.tmp -> ]
[1 E:\WINDOWS\System32\*.tmp files -> E:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/02/13 23:17:01 | 000,000,250 | ---- | M] () -- E:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2012/02/13 23:16:00 | 000,000,492 | ---- | M] () -- E:\WINDOWS\tasks\HP Photo Creations Communicator.job
[2012/02/13 23:13:00 | 000,000,886 | ---- | M] () -- E:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/13 23:08:00 | 000,000,464 | ---- | M] () -- E:\WINDOWS\tasks\At3.job
[2012/02/13 22:21:00 | 000,000,472 | ---- | M] () -- E:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2012/02/13 22:15:21 | 000,000,882 | ---- | M] () -- E:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/13 22:15:06 | 000,002,048 | --S- | M] () -- E:\WINDOWS\bootstat.dat
[2012/02/13 22:15:04 | 1610,010,624 | -HS- | M] () -- E:\hiberfil.sys
[2012/02/13 22:13:33 | 000,000,211 | RHS- | M] () -- E:\boot.ini
[2012/02/12 23:00:48 | 000,001,505 | ---- | M] () -- E:\Documents and Settings\Robert Giunta\Application Data\Microsoft\Internet Explorer\Quick Launch\ICQ7.7.lnk
[2012/02/12 23:00:48 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Start Menu\Programs\ICQ7.7
[2012/02/12 22:49:09 | 000,001,158 | ---- | M] () -- E:\WINDOWS\System32\wpa.dbl
[2012/02/11 21:57:24 | 000,002,499 | ---- | M] () -- E:\Documents and Settings\Robert Giunta\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Excel.lnk
[2012/02/10 20:40:00 | 000,000,464 | ---- | M] () -- E:\WINDOWS\tasks\At2.job
[2012/02/10 14:00:00 | 000,000,464 | ---- | M] () -- E:\WINDOWS\tasks\At4.job
[2012/02/08 17:15:00 | 000,001,915 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2012/02/08 17:15:00 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2012/02/08 15:19:40 | 000,752,382 | ---- | M] () -- E:\Documents and Settings\Robert Giunta\My Documents\ANGBIZON.wmf.BMP
[2012/02/08 15:05:20 | 000,000,158 | ---- | M] () -- E:\Documents and Settings\Robert Giunta\My Documents\Real 1950s Rock &Roll, Rockabilly dance from lindy hop !.URL
[2012/02/08 10:10:00 | 000,000,464 | ---- | M] () -- E:\WINDOWS\tasks\At1.job
[2012/02/03 23:18:04 | 000,001,791 | ---- | M] () -- E:\Documents and Settings\Robert Giunta\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/01/25 23:09:17 | 000,001,813 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012/01/24 16:46:37 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- E:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/01/24 16:45:40 | 000,000,818 | ---- | M] () -- E:\Documents and Settings\Robert Giunta\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2012/01/24 16:45:39 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Start Menu\Programs\Yahoo! Messenger
[2012/01/24 15:07:05 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Start Menu\Programs\Inbox Toolbar
[2012/01/20 15:29:26 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Start Menu\Programs\1Click DVD Copy 5
[2012/01/20 12:59:04 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2 E:\WINDOWS\*.tmp files -> E:\WINDOWS\*.tmp -> ]
[1 E:\WINDOWS\System32\*.tmp files -> E:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/02/12 23:00:48 | 000,001,505 | ---- | C] () -- E:\Documents and Settings\Robert Giunta\Application Data\Microsoft\Internet Explorer\Quick Launch\ICQ7.7.lnk
[2012/02/08 17:15:00 | 000,001,915 | ---- | C] () -- E:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2012/02/08 15:19:40 | 000,752,382 | ---- | C] () -- E:\Documents and Settings\Robert Giunta\My Documents\ANGBIZON.wmf.BMP
[2012/02/08 15:04:45 | 000,000,158 | ---- | C] () -- E:\Documents and Settings\Robert Giunta\My Documents\Real 1950s Rock &Roll, Rockabilly dance from lindy hop !.URL
[2012/01/24 16:45:40 | 000,000,818 | ---- | C] () -- E:\Documents and Settings\Robert Giunta\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2011/02/13 22:28:21 | 000,040,296 | ---- | C] () -- E:\WINDOWS\System32\drivers\oahlp32.sys
[2009/06/29 20:29:59 | 000,105,556 | -H-- | C] () -- E:\WINDOWS\System32\mlfcache.dat
[2009/03/23 16:46:18 | 000,002,560 | ---- | C] () -- E:\WINDOWS\_MSRSTRT.EXE
[2009/02/09 23:34:30 | 000,001,793 | ---- | C] () -- E:\WINDOWS\System32\fxsperf.ini
[2009/02/04 16:28:31 | 001,294,336 | ---- | C] () -- E:\WINDOWS\System32\MGIIpl2A6.dll
[2009/02/04 16:28:31 | 001,261,568 | ---- | C] () -- E:\WINDOWS\System32\MGIIpl2M6.dll
[2009/02/04 16:28:31 | 001,228,800 | ---- | C] () -- E:\WINDOWS\System32\MGIIpl2M5.dll
[2009/02/04 16:28:31 | 001,105,920 | ---- | C] () -- E:\WINDOWS\System32\MGIIpl2P6.dll
[2009/02/04 16:28:30 | 001,052,672 | ---- | C] () -- E:\WINDOWS\System32\MGIIpl2P5.dll
[2009/02/04 16:28:02 | 000,000,002 | ---- | C] () -- E:\WINDOWS\PhotoSuite.ini
[2009/02/04 16:27:58 | 001,093,632 | ---- | C] () -- E:\WINDOWS\System32\MGIIpl2PX.dll
[2009/02/04 16:27:58 | 000,122,880 | ---- | C] () -- E:\WINDOWS\System32\JPEGLIB.DLL
[2009/02/04 16:27:58 | 000,122,880 | ---- | C] () -- E:\WINDOWS\System32\EnrouteStitch.dll
[2009/02/04 16:27:58 | 000,020,480 | ---- | C] () -- E:\WINDOWS\System32\MGIIpl2.dll
[2009/02/04 16:27:57 | 000,332,800 | ---- | C] () -- E:\WINDOWS\System32\FPXLIB.DLL
[2009/02/03 23:13:45 | 000,013,824 | ---- | C] () -- E:\Documents and Settings\Robert Giunta\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/02 16:10:48 | 000,339,968 | ---- | C] () -- E:\WINDOWS\System32\pythoncom25.dll
[2009/02/02 16:10:48 | 000,114,688 | ---- | C] () -- E:\WINDOWS\System32\pywintypes25.dll
[2009/02/02 15:45:28 | 000,000,376 | ---- | C] () -- E:\WINDOWS\ODBC.INI
[2009/02/02 11:14:11 | 000,205,864 | ---- | C] () -- E:\WINDOWS\System32\drivers\OADriver.sys
[2009/02/02 09:29:15 | 000,000,073 | ---- | C] () -- E:\WINDOWS\PICTURM8.ini
[2009/02/01 23:57:13 | 000,087,608 | ---- | C] () -- E:\Documents and Settings\Robert Giunta\Application Data\inst.exe
[2009/02/01 23:57:13 | 000,007,887 | ---- | C] () -- E:\Documents and Settings\Robert Giunta\Application Data\pcouffin.cat
[2009/02/01 23:57:13 | 000,001,144 | ---- | C] () -- E:\Documents and Settings\Robert Giunta\Application Data\pcouffin.inf
[2009/02/01 23:44:19 | 000,000,000 | ---- | C] () -- E:\WINDOWS\nsreg.dat
[2009/02/01 22:07:32 | 000,004,569 | ---- | C] () -- E:\WINDOWS\System32\secupd.dat
[2009/02/01 21:28:37 | 000,000,490 | ---- | C] () -- E:\WINDOWS\lexstat.ini
[2009/02/01 21:16:47 | 000,000,791 | ---- | C] () -- E:\WINDOWS\System32\Px.ini
[2004/07/10 18:55:38 | 000,252,416 | ---- | C] () -- E:\WINDOWS\System32\wsiShared.dll
[2004/02/23 15:02:49 | 000,000,182 | ---- | C] () -- E:\WINDOWS\System32\EBPPORT4.DAT
[2004/02/23 15:02:49 | 000,000,040 | ---- | C] () -- E:\WINDOWS\System32\EAL.INI
[2003/08/15 14:30:45 | 000,000,052 | ---- | C] () -- E:\WINDOWS\intuprof.ini
[2003/08/15 14:30:37 | 000,000,608 | ---- | C] () -- E:\WINDOWS\QUICKEN.INI
[2003/08/15 14:26:07 | 000,019,968 | ---- | C] () -- E:\WINDOWS\System32\CPUINF32.DLL
[2003/08/15 14:25:00 | 000,262,416 | ---- | C] () -- E:\WINDOWS\System32\ASFV2.DLL
[2003/08/15 14:23:32 | 000,524,288 | ---- | C] () -- E:\WINDOWS\System32\TDI-SonyOMG.dll
[2003/08/15 14:21:10 | 000,009,192 | ---- | C] () -- E:\WINDOWS\mozver.dat
[2003/08/14 20:18:13 | 000,000,061 | ---- | C] () -- E:\WINDOWS\smscfg.ini
[2003/08/14 19:31:15 | 000,006,550 | ---- | C] () -- E:\WINDOWS\jautoexp.dat
[2003/08/14 19:29:04 | 000,526,184 | ---- | C] () -- E:\WINDOWS\q329692.exe
[2003/08/14 19:28:34 | 000,289,128 | ---- | C] () -- E:\WINDOWS\q329390.exe
[2003/08/14 19:28:26 | 000,495,464 | ---- | C] () -- E:\WINDOWS\q329115.exe
[2003/08/14 19:25:39 | 000,381,288 | ---- | C] () -- E:\WINDOWS\q329048.exe
[2003/08/14 19:25:32 | 000,214,888 | ---- | C] () -- E:\WINDOWS\q329834.exe
[2003/08/14 19:25:00 | 000,711,528 | ---- | C] () -- E:\WINDOWS\q323255_wxp_sp2_x86_enu.exe
[2003/08/14 19:21:52 | 000,236,392 | ---- | C] () -- E:\WINDOWS\q329112.exe
[2003/08/14 19:19:59 | 000,363,520 | ---- | C] () -- E:\WINDOWS\System32\psisdecd.dll
[2003/08/13 22:12:16 | 000,000,800 | ---- | C] () -- E:\WINDOWS\orun32.ini
[2003/08/13 22:09:13 | 000,002,048 | --S- | C] () -- E:\WINDOWS\bootstat.dat
[2003/08/13 22:06:40 | 000,021,640 | ---- | C] () -- E:\WINDOWS\System32\emptyregdb.dat
[2003/08/13 21:59:36 | 000,397,312 | ---- | C] () -- E:\WINDOWS\System32\ati2evxx.exe
[2003/08/13 21:59:36 | 000,086,016 | ---- | C] () -- E:\WINDOWS\System32\ati2evxx.dll
[2003/08/13 21:59:23 | 000,126,976 | ---- | C] () -- E:\WINDOWS\System32\e1000msg.dll
[2003/08/13 21:59:22 | 000,012,288 | ---- | C] () -- E:\WINDOWS\System32\e100bmsg.dll
[2003/08/13 21:58:19 | 000,036,864 | ---- | C] () -- E:\WINDOWS\System32\cbldrm.dll
[2003/08/13 21:58:18 | 000,000,682 | ---- | C] () -- E:\WINDOWS\System32\oeminfo.ini
[2003/08/13 21:58:08 | 000,457,916 | ---- | C] () -- E:\WINDOWS\System32\perfh009.dat
[2003/08/13 21:58:08 | 000,272,128 | ---- | C] () -- E:\WINDOWS\System32\perfi009.dat
[2003/08/13 21:58:08 | 000,078,384 | ---- | C] () -- E:\WINDOWS\System32\perfc009.dat
[2003/08/13 21:58:08 | 000,028,626 | ---- | C] () -- E:\WINDOWS\System32\perfd009.dat
[2003/08/13 21:58:07 | 013,107,200 | ---- | C] () -- E:\WINDOWS\System32\oembios.bin
[2003/08/13 21:58:07 | 000,004,530 | ---- | C] () -- E:\WINDOWS\System32\oembios.dat
[2003/08/13 21:58:06 | 000,000,741 | ---- | C] () -- E:\WINDOWS\System32\noise.dat
[2003/08/13 21:58:04 | 000,673,088 | ---- | C] () -- E:\WINDOWS\System32\mlang.dat
[2003/08/13 21:58:04 | 000,046,258 | ---- | C] () -- E:\WINDOWS\System32\mib.bin
[2003/08/13 21:58:01 | 000,218,003 | ---- | C] () -- E:\WINDOWS\System32\dssec.dat
[2003/08/13 21:57:58 | 000,001,804 | ---- | C] () -- E:\WINDOWS\System32\dcache.bin
[2003/08/13 15:03:51 | 000,004,161 | ---- | C] () -- E:\WINDOWS\ODBCINST.INI
[2003/08/13 15:03:16 | 000,419,840 | ---- | C] () -- E:\WINDOWS\System32\FNTCACHE.DAT
[2003/03/11 17:53:00 | 000,001,796 | ---- | C] () -- E:\WINDOWS\System32\SNDefs.dat
[2002/04/02 19:08:34 | 000,311,108 | ---- | C] () -- E:\WINDOWS\ml-cleanup.exe
========== LOP Check ==========
[2012/01/20 17:03:31 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\1Click DVD Copy
[2009/02/02 15:55:17 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\acccore
[2009/02/02 16:11:12 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\agi
[2010/07/26 22:18:16 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\AIM
[2009/02/02 15:56:17 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\AIM Toolbar
[2011/06/19 22:24:53 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\BVRP Software
[2012/02/12 23:00:30 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\ICQ
[2012/01/20 15:29:21 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\LGSI
[2010/01/16 14:41:18 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\OnlineArmor
[2009/08/26 22:05:50 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\TEMP
[2009/02/02 15:55:21 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/10/03 21:58:14 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Visan
[2009/02/18 15:24:08 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\vsosdk
[2010/05/16 22:27:45 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/02/02 15:27:58 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/06/21 15:26:16 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2012/02/13 22:21:00 | 000,000,472 | ---- | M] () -- E:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2012/02/08 10:10:00 | 000,000,464 | ---- | M] () -- E:\WINDOWS\Tasks\At1.job
[2012/02/10 20:40:00 | 000,000,464 | ---- | M] () -- E:\WINDOWS\Tasks\At2.job
[2012/02/13 23:08:00 | 000,000,464 | ---- | M] () -- E:\WINDOWS\Tasks\At3.job
[2012/02/10 14:00:00 | 000,000,464 | ---- | M] () -- E:\WINDOWS\Tasks\At4.job
[2011/11/21 15:32:46 | 000,000,284 | ---- | M] () -- E:\WINDOWS\Tasks\prismShakeIcon.job
[2012/02/13 23:17:01 | 000,000,250 | ---- | M] () -- E:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 125 bytes -> E:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >
-
* Open OTL
* Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.
:OTL
IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\Robert_Giunta_ON_E\..\URLSearchHook: - Reg Error: Key error. File not found
O4 - HKLM..\Run: [] File not found
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - Reg Error: Value error. File not found
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - Reg Error: Value error. File not found
:Files
E:\WINDOWS\tasks\At3.job
E:\WINDOWS\tasks\At2.job
E:\WINDOWS\tasks\At4.job
E:\WINDOWS\tasks\At1.job
E:\WINDOWS\Tasks\At1.job
E:\WINDOWS\Tasks\At2.job
E:\WINDOWS\Tasks\At3.job
E:\WINDOWS\Tasks\At4.job
:COMMANDS
[resethosts]
[purity]
[start explorer]
* Click Run Fix
* OTLI2 may ask to reboot the machine. Please do so if asked.
* Click OK
* A report will open. Copy and Paste that report in your next reply.
****************************************************************
You should save all your important data using the OTLPE disk. I don't see much malware in the logs. Can you also try booting with your Recovery disk and see what happens now?
Download MBAM (below) and save it on a USB memory stick or CD and transfer it to your computer and try to run a scan.
(http://i424.photobucket.com/albums/pp322/digistar/mbamicontw5.gif) Please download Malwarebytes Anti-Malware from here. (http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe)
Double Click mbam-setup.exe to install the application.
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Full Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
- Please save the log to a location you will remember.
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy and paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
-
Hi Dave,
Don't know if I'm doing this correctly? Copied and pasted it to word, and when I tried to paste it to the Custom scan and Fixes box did not get paste on the right click, it was greyed out. Tell me what I'm doing wrong.
Thanks Bob
-
Was able to paste into Custom Scan and Fixes and also copy. Was unable to send it to my thumb drive in order to post in reply.
-
Hi Dave,
I keep trying, but for some reason it doesn't recognize my thumb drive when I select Send To. The only that appears is 31/2 floppy and Word Pad.
-
Double-click on My Computer. Can you see your USB drive there? If so, select the Word file where you saved the log, select Copy and then click on your USB thumb drive and select Paste. Then you should be able to copy and paste it in this thread.
-
It's not there, but if you go to device manager it shows there. It also shows in the notification bar. I don't understand because I was able to see the drive with the first file I posted.
-
It's not there, but if you go to device manager it shows there. It also shows in the notification bar. I don't understand because I was able to see the drive with the first file I posted.
Did you try a different USB port or another memory stick?
You could try transfer the files using a CD-RW. You can erase if after each use.
-
Hi Dave,
Tried two flash drives with same results. Now when I insert the flash drives they don't even flash and no icon in the notification area. I have three windows opened on the task bar and unable to close. Went into task manager and tried to end programs there but still no luck. Tried to end processes and still no luck. It's getting real crazy and frustrating.
-
Please try this. If it doesn't get your USB ports working you will have to use a CD-RW.
1.Click Start, and then click Run.
Note If you are running Windows Vista, click Start, and then use the Start Search box.
2.Type devmgmt.msc, and then click OK. Device Manager opens.
3.In Device Manager, click your computer so that it is highlighted.
4.Click Action, and then click Scan for hardware changes.
5.Check the USB device to see whether it is working.
-
I would if I could. I have the Task Manager Widow open with 7 end program OTLPE running,2 OTLPE not reponding, 1 Run Scanner and the hour glass so I can't really do anything. I guess I'm really screwing up this computer? I click end program and nothing happens. If you can come up with another idea please let me know and then I can do what you said in your last reply.
-
I think I've wasted enough of your time, so I'm going to throw in the towel in on this one. The computer is old and 90% of the important things I backed up. Thank you for taking the time to try and help me. Bob
-
Are you going to re-format and re-install your OS? If you need help, let me know.
-
Hi Dave,
Thanks again for all your help, but I'm going to trash it. It was 8 years old and I've been wanting a new desktop anyway. Again thanks.
Bob
-
You're welcome. Good luck.