I think I have a virus

[BC_Programmer]

OTL is a program. It stands for Old-Timer Log (or something to that effect).

I believe SuperDave intended to include a link. Here is the download location for OTL:

http://oldtimer.geekstogo.com/OTL.exe

[indy777]

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{91C18ED5-5E1C-4AE5-A148-A861DE8C8E16} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91C18ED5-5E1C-4AE5-A148-A861DE8C8E16}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ not found.
File C:\Program Files\Dealio Toolbar\SearchSettings.dll not found.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected] not found.
File C:\Program Files\MyWebSearch\bar\firefox not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}\ not found.
File C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ not found.
File C:\Program Files\Dealio Toolbar\SearchSettings.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}\ not found.
File C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{98279C38-DE4B-4bcf-93C9-8EC26069D6F4} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98279C38-DE4B-4bcf-93C9-8EC26069D6F4}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\FBSSA not found.
File C:\Program Files\SGPSA\ie3sh.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings not found.
File C:\Program Files\Dealio Toolbar\SearchSettings.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\fajkmgwe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\M5T8QL3YW3 not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\QZAIB7KITK not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Weather not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\xvysnstx not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aol.com\objects\ not found.
========== FILES ==========
C:\Windows\MEMORY.DMP moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Error: Unable to interpret <[clearrestorepoints]> in the current context!
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: William Michels
->Temp folder emptied: 100259844 bytes
->Temporary Internet Files folder emptied: 54297998 bytes
->Java cache emptied: 32664134 bytes
->Flash cache emptied: 1989452 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4504918 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 185.00 mb
 
 
OTL by OldTimer - Version 3.2.14.1 log created on 09252010_114511

Files\Folders moved on Reboot...
File\Folder C:\Users\William Michels\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\CR91LW3Q\ing[1].php;psrch=0;logged_in=0;tpc=unetbootin;tpc=setup;tpc=system;tpc=softwaredist;aud=enduser_advanced;aud=endusers;aud=sysadmins;tile=1;sz=1400x600;ord=6663328961216726 not found!
File\Folder C:\Users\William Michels\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\CR91LW3Q\ing[1].php;psrch=0;logged_in=0;tpc=unetbootin;tpc=setup;tpc=system;tpc=softwaredist;aud=enduser_advanced;aud=endusers;aud=sysadmins;tile=1;sz=1400x600;ord=9075626969702412 not found!
File\Folder C:\Users\William Michels\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low(353)\Content.IE5\PZEKYEYZ\555_1284001766,11b1839e3a0befd,Miscellaneous,;;dc=d;kw=;tile=2;ord1=126213;sz=300x250,336x280;ppos=btf;contx=Miscellaneous;btg=;ord=9235851132317178[1] not found!
File\Folder C:\Users\William Michels\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low(353)\Content.IE5\PBV9KXK5\ns-10640074_1284001765,11b1839e3a0befd,Miscellaneous,;;dc=d;kw=;tile=2;ord1=504260;sz=300x100;ppos=atf;contx=Miscellaneous;btg=;ord=9235851132317178[1] not found!
File\Folder C:\Users\William Michels\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low(353)\Content.IE5\I1KBJV9R\1284001764,11b1839e3a0befd,Miscellaneous,;;dc=d;kw=;dcopt=ist;tile=1;ord1=588771;sz=728x90;ppos=atf;contx=Miscellaneous;btg=;ord=%209235851132317178[1] not found!
C:\Users\William Michels\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UBOMRKYO\ads[1].htm moved successfully.
C:\Users\William Michels\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UBOMRKYO\login[1].srf moved successfully.
C:\Users\William Michels\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\P90L14U0\ads[3].htm moved successfully.
C:\Users\William Michels\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\P90L14U0\topic345774[1].htm moved successfully.
C:\Users\William Michels\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AAMD7HAS\iframe[2].htm moved successfully.
C:\Users\William Michels\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8VI76J9J\iframescript[1].htm moved successfully.
C:\Users\William Michels\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8VI76J9J\topic,109812.15[1].html moved successfully.
C:\Users\William Michels\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

Registry entries deleted on Reboot...

Files\Folders moved on Reboot...
File\Folder C:\Users\William Michels\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\CR91LW3Q\ing[1].php;psrch=0;logged_in=0;tpc=unetbootin;tpc=setup;tpc=system;tpc=softwaredist;aud=enduser_advanced;aud=endusers;aud=sysadmins;tile=1;sz=1400x600;ord=6663328961216726 not found!
File\Folder C:\Users\William Michels\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\CR91LW3Q\ing[1].php;psrch=0;logged_in=0;tpc=unetbootin;tpc=setup;tpc=system;tpc=softwaredist;aud=enduser_advanced;aud=endusers;aud=sysadmins;tile=1;sz=1400x600;ord=9075626969702412 not found!
File\Folder C:\Users\William Michels\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low(353)\Content.IE5\PZEKYEYZ\555_1284001766,11b1839e3a0befd,Miscellaneous,;;dc=d;kw=;tile=2;ord1=126213;sz=300x250,336x280;ppos=btf;contx=Miscellaneous;btg=;ord=9235851132317178[1] not found!
File\Folder C:\Users\William Michels\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low(353)\Content.IE5\PBV9KXK5\ns-10640074_1284001765,11b1839e3a0befd,Miscellaneous,;;dc=d;kw=;tile=2;ord1=504260;sz=300x100;ppos=atf;contx=Miscellaneous;btg=;ord=9235851132317178[1] not found!
File\Folder C:\Users\William Michels\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low(353)\Content.IE5\I1KBJV9R\1284001764,11b1839e3a0befd,Miscellaneous,;;dc=d;kw=;dcopt=ist;tile=1;ord1=588771;sz=728x90;ppos=atf;contx=Miscellaneous;btg=;ord=%209235851132317178[1] not found!
File\Folder C:\Users\William Michels\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UBOMRKYO\ads[1].htm not found!
File\Folder C:\Users\William Michels\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UBOMRKYO\login[1].srf not found!
File\Folder C:\Users\William Michels\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\P90L14U0\ads[3].htm not found!
File\Folder C:\Users\William Michels\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\P90L14U0\topic345774[1].htm not found!
File\Folder C:\Users\William Michels\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AAMD7HAS\iframe[2].htm not found!
File\Folder C:\Users\William Michels\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8VI76J9J\iframescript[1].htm not found!
File\Folder C:\Users\William Michels\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8VI76J9J\topic,109812.15[1].html not found!
File\Folder C:\Users\William Michels\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat not found!

Registry entries deleted on Reboot...

[indy777]

I got the log from OTL using the infected computer and posted. Haven't got the Who Crashed log yet. Everything was going fine running the OTL and posting it on the forum. After reboot I get a message Microsoft updates are available, I clicked OK and the monitor went blank as before. This happens also when I try to run any anti virus or spyware. Very strange, it's like the computer shuts down the monitor similar to when I shut the computer down the on/off button will flash until I shut the monitor off. But in this case the computer is still on. I'll work on getting the Who Crashed log now.

[indy777]

I almost forgot, I checked all connections on the monitor, inside the computer, and even tried using a different monitor.

[indy777]

Crash dumps are enabled and no valid crash dumps have been found on your computer. In case your computer does experience sudden reboots it is likely these are caused by malfunctioning hardware, power failure or a thermal issue. To troubleshoot a thermal issue, check the temperature using your BIOS setup program, check for dust in CPU and motherboard fans and if your computer is portable make sure it's located on a hard surface. Otherwise it's suggested you contact the support department of the manufacturer of your system or test your system with a memory test utility for further investigation.

[SuperDave]

Also the programs that you referred to that need deleting I can not find in programs installed.

Please tell me which programs that are not in Add/Remove and I'll help you remove them.

I am not that familiar with the abbreviation OTL

OTL is a flexible, multipurpose, diagnostic, and malware removal tool. I'm sorry that I forgot the link. I thought we had already used OTL.

Crash dumps are enabled and no valid crash dumps have been found on your computer. In case your computer does experience sudden reboots it is likely these are caused by malfunctioning hardware, power failure or a thermal issue. To troubleshoot a thermal issue, check the temperature using your BIOS setup program, check for dust in CPU and motherboard fans and if your computer is portable make sure it's located on a hard surface. Otherwise it's suggested you contact the support department of the manufacturer of your system or test your system with a memory test utility for further investigation.

Did you do this troubleshooting as suggested such as cleaning the dust. You should install this program to test the temperatures.

Please download and install SpeedFan After you run it, please post the temperatures here.
*************************************
Open the Start Menu.

2. Click on the Computer button.

3. Right click on your hard drive and click on Properties.

4. Click on the Tools tab.

5. Click on Check Now under the Error checking section. (See circled in red below)



. Click on Continue in the UAC prompt.

7. Make sure both options are checked. (See screenshot below)
NOTE: The Automatically fix file system errors box will be checked by default.

8. Click on the Start button.



9. You will get a pop-up window saying, "Windows can't check this disk while it's use". (See screenshot below)

10. Click on the Schedule disk check button for chkdsk to run the next time you restart your computer.



11. Restart your computer.

[indy777]

I will do the Speed fan test but first let me give you a piece of info I just received. Remember I told you I got a new computer, it has Norton antivirus, I got a message saying I received an attack from my infected computer which is connected to the same internet access router. This might explain how my other laptop got infected instead of the memory stick I was using to transfer files. Norton caught it on this new computer. I saved the log and will post it if you want me to. It's quite lengthy

[SuperDave]

Routers have no harddrive or memory so they can't get infected. Some of them can be hacked but not infected. The only way your other computers can become infected is if you are sharing files between them.

[indy777]

So if I was using a memory stick to download logs from the infected computer and posting them on the clean one using the same stick it is possible that a virus could be transferred? Is that correct?

[SuperDave]

If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs.
You could also infect other computers if you have file-sharing.
Do you have the temperatures from SpeedFan? Do you still have the problem with your computer freezing/crashing?

[indy777]

I have given you the temps for Speedfan already but here they are from todays temps.
GPU  0c
Temp 1: 37c
   "      2: 128c
   "     3:  14c
Core: 16c
Fan speed: 1622

 
Also again I have disassembled and cleaned the inside of the computer and heat sink for the CPU.


I got it to restore to an earlier point in time but same thing happens when I try to run any spyware or virus programs. When I try to run any virus related software the computer reboots and after the HP blue screen it just locks up or freezes.

[SuperDave]

Ok. Let's try running this in Safe Mode.
Safe Mode

Please download Malwarebytes Anti-Malware from here.

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
• Please save the log to a location you will remember.
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

[indy777]

As I said in my previous posts I can't run any virus,spyware programs or even do any updates, the computer shuts down.

[reddevilggg]

He's asked you to try it in SAFE MODE!

[indy777]

I have tried it in the safe mode, sorry I should have said that.