TechSpot

Used Malware to remove worm, now

Inactive
By msta999
Jul 20, 2010
  1. Hi,

    I got a worm on my Dell insperon, so I went to one of the self help forums, sorry don't remember which one, but some one else had the same problem. So I followed the instructions someone posted for them. I used a Malware removal tool in quick scan, like the instructions said and it helped a lot. So I did a complete hardware scan, which came up with more "little monsters" and I clicked the remove button, which said I needed to reboot. So I did a reboot, but now I only get a black screen with a blinking underscore line in the top left corner. I have try'd removing the battery for a while, no change. I even try'd putting in my startup disc on a reboot, and I do see windows starting but it goes back to a black screen. Any ideas of what to do now? I have a lot of info on there I'd like to recover if possible. I have thought about just bying a new hard drive, but have also heard, some of these programs hide in the Ram mem.
     
  2. Broni

    Broni Malware Annihilator Posts: 47,704   +268

  3. msta999

    msta999 TS Rookie Topic Starter Posts: 99

    I can't do any of the steps, because I only have a black screen to work with. I'm looking for a way to get back into windows and then I'll be glad to follow the steps listed.
     
  4. Broni

    Broni Malware Annihilator Posts: 47,704   +268

    Let's see, if we can look at your computer booting from an external source.

    Using good computer, please download OTLPE (filesize 120,9 MB)

    • When downloaded double click on OTLPENet.exe and make sure there is a blank CD in your CD drive. This will automatically create a bootable CD.
    • Reboot your bad computer using the boot CD you just created.
      • Note : If you do not know how to set your computer to boot from CD follow the steps here
    • Your system should now display a REATOGO-X-PE desktop.
    • Depending on your type of internet connection, you should be able to get online as well so you can access this topic more easily.
    • Double-click on the OTLPE icon.
    • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
    • OTL should now start.
    • Press Run Scan to start the scan.
    • When finished, the file will be saved in drive C:\OTL.txt
    • Copy this file to your USB drive if you do not have internet connection on this system
    • Please post the contents of the OTL.txt file in your reply.
     
  5. msta999

    msta999 TS Rookie Topic Starter Posts: 99

    Thanks! I'm off to work, I work grave, and will do this tomorrow evening.
     
  6. Broni

    Broni Malware Annihilator Posts: 47,704   +268

    Not a problem :)
     
  7. msta999

    msta999 TS Rookie Topic Starter Posts: 99

    I try'd to down load OTLPE, but I just get a forgidden message.

    ComboFix is the program I ran, that caused my computer screen to go black after a reboot...if memory serves me correctly.
     
  8. Broni

    Broni Malware Annihilator Posts: 47,704   +268

    You should never run Combofix on your own. It's a very powerful tool and need to know what you're doing.

    OTLPE server has been down. I'll PM you with an alternative solution in a few minutes.
     
  9. msta999

    msta999 TS Rookie Topic Starter Posts: 99

    Ok, I downloaded the program to our newer windows 7 computer, copied it to a dvd (don't have a cd) and try'd to boot it in the dell laptop, but nothing happened. I turned it on several times, but all ended the same, still the black screen. I did notice, for just a second on boot up, there is a F2 = setup and a F12. I went into F12 and ran system test or something like that, and it had me install my system drivers disc and ran some test, but it didn't make any difference. Could there be a problem with the disc, since it is a dvd and not a cd or that it was copied on a windows 7 computer? Not sure what to do now.
     
  10. Broni

    Broni Malware Annihilator Posts: 47,704   +268

    I'm not sure if DVD will work.
    What do you mean by "copied"?
    You're supposed to:
     
  11. msta999

    msta999 TS Rookie Topic Starter Posts: 99

    Sorry, I didn't mean coppied, I ment....well I made the dvd on a windows 7 computer. I'll get some cd's tomorrow, I had to go into work early today....again.
     
     
  12. Broni

    Broni Malware Annihilator Posts: 47,704   +268

    No problem :)
     
  13. msta999

    msta999 TS Rookie Topic Starter Posts: 99

    Hey! It worked! I'm running the scan now.
     
  14. msta999

    msta999 TS Rookie Topic Starter Posts: 99

    OTL logfile created on: 7/23/2010 5:37:53 PM - Run
    OTLPE by OldTimer - Version 3.1.39.0 Folder = X:\Programs\OTLPE
    Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1,023.00 Mb Total Physical Memory | 768.00 Mb Available Physical Memory | 75.00% Memory free
    907.00 Mb Paging File | 806.00 Mb Available in Paging File | 89.00% Paging File free
    Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 149.04 Gb Total Space | 113.08 Gb Free Space | 75.87% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded
    Drive X: | 433.24 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: REATOGO
    Current User Name: SYSTEM
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: All users
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Standard
    Using ControlSet: ControlSet001

    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Disabled] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
    SRV - [2009/11/19 15:26:54 | 000,455,944 | ---- | M] () [Auto] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
    SRV - [2009/07/21 17:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
    SRV - [2009/05/13 19:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
    SRV - [2007/12/27 19:39:30 | 000,166,520 | ---- | M] () [Auto] -- C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe -- (BlueSoleil Hid Service)
    SRV - [2007/12/27 19:39:20 | 000,051,816 | ---- | M] () [Auto] -- C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe -- (Start BT in service)
    SRV - [2006/11/03 22:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
    DRV - File not found [Kernel | Boot] -- -- (tnttfi)
    DRV - File not found [Kernel | Boot] -- -- (psowlet)
    DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
    DRV - File not found [Kernel | System] -- -- (PCIDump)
    DRV - File not found [Kernel | On_Demand] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS -- (MRESP50a64)
    DRV - File not found [Kernel | On_Demand] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS -- (MRESP50)
    DRV - File not found [Kernel | On_Demand] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
    DRV - File not found [Kernel | On_Demand] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
    DRV - File not found [Kernel | On_Demand] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS -- (MREMP50a64)
    DRV - File not found [Kernel | On_Demand] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS -- (MREMP50)
    DRV - File not found [Kernel | System] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System] -- -- (i2omgmt)
    DRV - File not found [Kernel | System] -- -- (Changer)
    DRV - File not found [Kernel | On_Demand] -- C:\DOCUME~1\Matt\LOCALS~1\Temp\catchme.sys -- (catchme)
    DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\Drivers\btwusb.sys -- (BTWUSB)
    DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\DRIVERS\btwhid.sys -- (btwhid)
    DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\DRIVERS\btwdndis.sys -- (BTWDNDIS)
    DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\DRIVERS\btport.sys -- (BTDriver)
    DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\btaudio.sys -- (btaudio)
    DRV - [2010/07/19 12:32:26 | 000,054,016 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ovtd.sys -- (ixoyuu)
    DRV - [2010/02/02 09:50:19 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
    DRV - [2009/05/11 13:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
    DRV - [2009/03/30 13:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
    DRV - [2009/02/13 15:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
    DRV - [2008/12/28 16:56:45 | 000,043,672 | ---- | M] (Oak Technology Inc.) [Kernel | System] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
    DRV - [2008/03/13 09:51:52 | 000,057,536 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
    DRV - [2008/03/13 09:50:02 | 000,072,000 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
    DRV - [2007/09/05 16:03:00 | 000,049,664 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
    DRV - [2007/06/25 01:56:54 | 000,038,920 | ---- | M] (IVT Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btcusb.sys -- (Btcsrusb)
    DRV - [2007/06/25 01:56:40 | 000,027,656 | ---- | M] (IVT Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio)
    DRV - [2007/06/25 01:56:34 | 000,034,312 | ---- | M] (IVT Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\blueletaudio.sys -- (BlueletAudio)
    DRV - [2007/06/18 23:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
    DRV - [2007/03/06 00:59:04 | 000,018,320 | ---- | M] (IVT Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btnetdrv.sys -- (BT)
    DRV - [2007/03/06 00:56:18 | 000,035,600 | ---- | M] (IVT Corporation.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\BTHidMgr.sys -- (BTHidMgr)
    DRV - [2007/03/06 00:55:12 | 000,020,880 | ---- | M] (IVT Corporation.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\vbtenum.sys -- (BTHidEnum)
    DRV - [2007/03/06 00:53:18 | 000,044,304 | ---- | M] (IVT Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\VcommMgr.sys -- (VcommMgr)
    DRV - [2007/03/06 00:52:18 | 000,034,448 | ---- | M] (IVT Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\VComm.sys -- (VComm)
    DRV - [2005/11/10 14:54:56 | 000,402,944 | R--- | M] (Belkin Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BLKWGU.sys -- (BLKWGU(Belkin)) Belkin Wireless G USB Network Adapter(Belkin)
    DRV - [2004/10/25 16:40:58 | 000,017,664 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ZDPSp50.sys -- (ZDPSp50)
    DRV - [2003/08/29 08:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BCMSM.sys -- (BCMModem)
    DRV - [2003/04/25 21:10:52 | 000,220,176 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97) Audio Driver (WDM)
    DRV - [2002/12/17 15:41:36 | 000,042,368 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
    DRV - [2002/11/08 02:31:36 | 000,539,392 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
    DRV - [2002/10/09 14:20:52 | 000,017,153 | ---- | M] (Dell Computer Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\omci.sys -- (OMCI)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========



    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\Matt_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\Matt_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\systemprofile_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/03/12 15:19:14 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/24 00:15:03 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/04 19:41:04 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.5\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/07/17 20:49:50 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.5\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

    [2010/07/18 13:25:55 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2009/08/04 14:19:05 | 000,003,700 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fast.png
    [2009/08/04 14:19:05 | 000,001,963 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fast.xml

    O1 HOSTS File: ([2010/07/16 16:22:04 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Verizon Broadband Toolbar) - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\Program Files\verizon_broad\verizon_broad.dll (Verizon Online. )
    O3 - HKLM\..\Toolbar: (Verizon Broadband Toolbar) - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\Program Files\verizon_broad\verizon_broad.dll (Verizon Online. )
    O3 - HKLM\..\Toolbar: (ZeroBar) - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll ()
    O3 - HKU\Matt_ON_C\..\Toolbar\WebBrowser: (Verizon Broadband Toolbar) - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\Program Files\verizon_broad\verizon_broad.dll (Verizon Online. )
    O3 - HKU\Matt_ON_C\..\Toolbar\WebBrowser: (ZeroBar) - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll ()
    O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
    O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
    O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\Matt_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\Matt_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\Matt_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\systemprofile_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon FiOS Installer.cab (Support.com Configuration Class)
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
    O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.238.128.12
    O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008/12/28 16:33:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
     
  15. msta999

    msta999 TS Rookie Topic Starter Posts: 99

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/07/18 00:48:35 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2010/07/16 19:32:39 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache
    [2010/07/16 16:30:43 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
    [2010/07/16 16:30:03 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\NetworkService\Cookies
    [2010/07/16 16:29:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matt\Local Settings\Application Data\PCHealth
    [2010/07/16 16:21:22 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\proquota.exe
    [2010/07/16 16:21:22 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\proquota.exe
    [2010/07/16 14:02:21 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2010/07/16 13:54:48 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2010/07/16 13:54:48 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2010/07/16 13:54:48 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2010/07/16 13:54:48 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2010/07/16 13:54:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2010/07/16 13:49:34 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2010/07/16 13:42:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32\config\systemprofile\Application Data\VERIZON_BROAD
    [2010/07/16 13:38:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
    [2010/07/16 13:38:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
    [2010/07/16 11:35:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matt\Application Data\Malwarebytes
    [2010/07/16 11:35:40 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/07/16 11:35:36 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/07/16 11:35:36 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2010/07/16 11:30:51 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Defender
    [2010/07/16 09:07:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\NetworkService\Favorites
    [2010/07/15 20:57:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
    [2010/07/15 20:57:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
    [2010/07/14 15:08:12 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
    [2010/07/04 19:46:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matt\Local Settings\Application Data\Microsoft Help
    [2010/07/04 19:32:59 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
    [2010/07/04 18:53:00 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Matt\My Documents\My Data Sources
    [2010/07/04 18:45:50 | 000,730,824 | ---- | C] (ammara.com) -- C:\WINDOWS\System32\DBPix20.ocx
    [2010/07/04 18:45:50 | 000,000,000 | ---D | C] -- C:\Program Files\DBPix 2.0.3
    [2010/07/04 17:42:46 | 000,000,000 | ---D | C] -- C:\Program Files\Reloaders Reference
    [2010/06/28 04:38:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matt\Application Data\vlc
    [2010/06/28 04:31:58 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
    [2010/06/27 17:38:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matt\Desktop\Shotshell Load Data
    [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [41 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [20 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2010/07/19 12:33:30 | 000,229,376 | ---- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
    [2010/07/19 12:33:30 | 000,229,376 | ---- | M] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
    [2010/07/19 12:33:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/07/19 12:33:09 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2010/07/19 12:33:05 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Matt\ntuser.ini
    [2010/07/19 12:33:04 | 009,699,328 | ---- | M] () -- C:\Documents and Settings\Matt\ntuser.dat
    [2010/07/19 12:32:55 | 003,775,658 | -H-- | M] () -- C:\Documents and Settings\Matt\Local Settings\Application Data\IconCache.db
    [2010/07/19 12:32:26 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\ovtd.sys
    [2010/07/19 11:44:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2010/07/19 09:44:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2010/07/19 05:10:20 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
    [2010/07/19 04:57:17 | 000,005,397 | ---- | M] () -- C:\Documents and Settings\Matt\Desktop\MEC.htm
    [2010/07/18 15:13:51 | 000,003,827 | ---- | M] () -- C:\Documents and Settings\Matt\Desktop\Bear Tracker.htm
    [2010/07/16 23:04:34 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-839522115-152049171-1708537768-1004.job
    [2010/07/16 23:04:32 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-839522115-152049171-1708537768-1004.job
    [2010/07/16 23:04:08 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-18.job
    [2010/07/16 19:39:14 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
    [2010/07/16 19:39:13 | 004,980,736 | -H-- | M] () -- C:\Documents and Settings\Administrator\ntuser.dat
    [2010/07/16 19:39:11 | 003,184,656 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
    [2010/07/16 16:22:16 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
    [2010/07/16 16:22:04 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2010/07/16 14:02:29 | 000,000,281 | RHS- | M] () -- C:\boot.ini
    [2010/07/16 13:42:33 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-18.job
    [2010/07/16 13:41:42 | 000,000,150 | ---- | M] () -- C:\zrpt.xml
    [2010/07/16 13:41:04 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\perf73845.dat
    [2010/07/16 13:38:32 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2010/07/16 11:31:05 | 000,022,520 | ---- | M] () -- C:\Documents and Settings\Matt\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    [2010/07/16 11:30:04 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/07/16 11:23:05 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Ccanewiyohu.dat
    [2010/07/16 11:23:05 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Ldidakiwikiso.bin
    [2010/07/16 11:21:08 | 000,026,112 | ---- | M] () -- C:\Documents and Settings\Matt\My Documents\Virtumonde.doc
    [2010/07/16 01:10:34 | 000,042,496 | ---- | M] () -- C:\Documents and Settings\Matt\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/07/16 00:07:11 | 000,000,092 | ---- | M] () -- C:\WINDOWS\wininit.ini
    [2010/07/07 20:44:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2010/07/06 12:55:42 | 000,130,888 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [41 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [20 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2010/07/23 17:37:32 | 000,008,192 | -H-- | C] () -- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
    [2010/07/19 12:32:26 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\ovtd.sys
    [2010/07/19 04:57:16 | 000,005,397 | ---- | C] () -- C:\Documents and Settings\Matt\Desktop\MEC.htm
    [2010/07/18 15:13:48 | 000,003,827 | ---- | C] () -- C:\Documents and Settings\Matt\Desktop\Bear Tracker.htm
    [2010/07/16 14:02:28 | 000,000,211 | ---- | C] () -- C:\Boot.bak
    [2010/07/16 14:02:23 | 000,260,272 | ---- | C] () -- C:\cmldr
    [2010/07/16 13:54:48 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2010/07/16 13:54:48 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2010/07/16 13:54:48 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2010/07/16 13:54:48 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2010/07/16 13:54:48 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2010/07/16 13:42:32 | 000,000,288 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-18.job
    [2010/07/16 13:42:32 | 000,000,280 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-18.job
    [2010/07/16 13:41:39 | 000,000,150 | ---- | C] () -- C:\zrpt.xml
    [2010/07/16 13:41:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\perf73845.dat
    [2010/07/16 13:38:32 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2010/07/16 11:33:58 | 000,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
    [2010/07/16 11:21:07 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\Matt\My Documents\Virtumonde.doc
    [2010/07/16 00:07:11 | 000,000,092 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2010/07/15 20:02:30 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Ccanewiyohu.dat
    [2010/07/15 20:02:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Ldidakiwikiso.bin
    [2010/06/28 04:32:02 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
    [2010/06/28 04:32:02 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
    [2009/04/06 06:12:30 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Administrator\hpothb07.tif
    [2009/04/06 06:12:30 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Administrator\hpothb07.dat
    [2009/04/06 06:12:24 | 000,000,253 | -H-- | C] () -- C:\Documents and Settings\LocalService\hpothb07.tif
    [2009/04/06 06:12:24 | 000,000,167 | -H-- | C] () -- C:\Documents and Settings\LocalService\hpothb07.dat
    [2009/04/06 06:12:19 | 000,000,253 | -H-- | C] () -- C:\Documents and Settings\Matt\hpothb07.tif
    [2009/04/06 06:12:19 | 000,000,159 | -H-- | C] () -- C:\Documents and Settings\Matt\hpothb07.dat
    [2009/01/07 00:56:54 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2009/01/02 01:27:30 | 009,699,328 | ---- | C] () -- C:\Documents and Settings\Matt\ntuser.dat
    [2009/01/02 01:27:29 | 003,313,664 | ---- | C] () -- C:\WINDOWS\system32\config\systemprofile\ntuser.dat
    [2008/12/31 05:08:38 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Administrator\ntuser.ini
    [2008/12/31 05:08:37 | 000,098,304 | -H-- | C] () -- C:\Documents and Settings\Administrator\ntuser.dat.LOG
    [2008/12/31 05:08:36 | 004,980,736 | -H-- | C] () -- C:\Documents and Settings\Administrator\ntuser.dat
    [2008/12/29 21:56:44 | 000,042,496 | ---- | C] () -- C:\Documents and Settings\Matt\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2008/12/28 16:44:28 | 000,028,672 | -H-- | C] () -- C:\Documents and Settings\Matt\ntuser.dat.LOG
    [2008/12/28 16:44:28 | 000,000,278 | -HS- | C] () -- C:\Documents and Settings\Matt\ntuser.ini
    [2008/12/28 16:43:37 | 000,229,376 | ---- | C] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
    [2008/12/28 16:43:37 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\LocalService\ntuser.dat.LOG
    [2008/12/28 16:43:37 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\LocalService\ntuser.ini
    [2008/12/28 16:43:36 | 000,229,376 | ---- | C] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
    [2008/12/28 16:43:36 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\NetworkService\ntuser.dat.LOG
    [2008/12/28 16:43:36 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\NetworkService\ntuser.ini
    [2008/02/19 02:33:34 | 000,446,352 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
    [2005/07/12 18:44:42 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
    [2004/03/23 20:38:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
    [2003/01/07 19:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

    ========== LOP Check ==========

    [2009/12/23 21:56:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\GARMIN
    [2008/12/28 21:06:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\MSNInstaller
    [2010/03/28 11:58:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Thunderbird
    [2010/07/19 05:10:20 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

    ========== Purity Check ==========


    < End of report >
     
  16. Broni

    Broni Malware Annihilator Posts: 47,704   +268

    Cool :)


    Do this on the computer you are posting from:
    Copy the text in the codebox below:


    Code:
    :OTL
    DRV - File not found [Kernel | Boot] -- -- (tnttfi)
    DRV - File not found [Kernel | Boot] -- -- (psowlet)
    DRV - [2010/07/19 12:32:26 | 000,054,016 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ovtd.sys -- (ixoyuu)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [41 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [20 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
    [2010/07/16 11:23:05 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Ccanewiyohu.dat
    [2010/07/16 11:23:05 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Ldidakiwikiso.bin
    
    
    :Services
    
    :Reg
    
    :Files
    C:\WINDOWS\system32\drivers\ovtd.sys
    
    
    :Commands
    [purity]
    [emptytemp]
    
    Open Notepad and paste it.
    Save the document as Fix.txt on to a USB flash drive


    On the infected computer the following...

    Run OTLPE

    • Insert USB stick and find the file Fix.txt. Drag the file Fix.txt and drop it under the Custom Scans/Fixes box at the bottom.
      • (The content of Fix.txt should appear in the box)
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post the log produced (you'll need to transfer it with USB stick)
    • Attempt to reboot normally into windows.
     
  17. msta999

    msta999 TS Rookie Topic Starter Posts: 99

    Error: Unable to interpret <DRV - File not found [Kernel | Boot] -- -- (tnttfi)> in the current context!
    Error: Unable to interpret <DRV - File not found [Kernel | Boot] -- -- (psowlet)> in the current context!
    Error: Unable to interpret <DRV - [2010/07/19 12:32:26 | 000,054,016 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ovtd.sys -- (ixoyuu)> in the current context!
    Error: Unable to interpret <O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.> in the current context!
    Error: Unable to interpret <[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]> in the current context!
    Error: Unable to interpret <[41 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]> in the current context!
    Error: Unable to interpret <[20 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]> in the current context!
    Error: Unable to interpret <[2010/07/16 11:23:05 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Ccanewiyohu.dat> in the current context!
    Error: Unable to interpret <[2010/07/16 11:23:05 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Ldidakiwikiso.bin> in the current context!
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    C:\WINDOWS\system32\drivers\ovtd.sys moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 41085 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes

    User: Matt
    ->Temp folder emptied: 21829 bytes
    ->Temporary Internet Files folder emptied: 2462937 bytes
    ->Java cache emptied: 68651271 bytes
    ->FireFox cache emptied: 149880235 bytes
    ->Google Chrome cache emptied: 67519082 bytes
    ->Flash cache emptied: 186612 bytes

    User: NetworkService
    ->Temp folder emptied: 5188 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 5807 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 1145933 bytes
    %systemroot%\System32 .tmp files removed: 15099789 bytes
    %systemroot%\System32\dllcache .tmp files removed: 9276416 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 75692 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 259047 bytes

    Total Files Cleaned = 300.00 mb


    OTLPE by OldTimer - Version 3.1.39.0 log created on 07232010_184302

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...
     
  18. msta999

    msta999 TS Rookie Topic Starter Posts: 99

    I did what your wrote above. What ever happened happened quick, once I clicked it. It asked to reboot so I restarted the computer and it is just a black screen again.
     
  19. Broni

    Broni Malware Annihilator Posts: 47,704   +268

    No. You didn't copy a whole script.
    Most likely, you missed a "colon" in front of "OTL" (1st line).

    Please redo.
     
  20. msta999

    msta999 TS Rookie Topic Starter Posts: 99

    I have the disc back in and will try this again. Thanks for being patient with me.

    Is it normal for the disc to take about 10 min. to get to the desk top?
     
  21. Broni

    Broni Malware Annihilator Posts: 47,704   +268

    OTLPE takes a while to load. Be patient.

    Not a problem :)
     
  22. msta999

    msta999 TS Rookie Topic Starter Posts: 99

    ========== OTL ==========
    Service\Driver key tnttfi not found.
    Service\Driver key psowlet not found.
    Service\Driver key ixoyuu not found.
    File C:\WINDOWS\system32\drivers\ovtd.sys not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
    File/Folder C:\WINDOWS\*.tmp not found.
    File/Folder C:\WINDOWS\System32\*.tmp not found.
    File/Folder C:\WINDOWS\System32\dllcache\*.tmp not found.
    File C:\WINDOWS\Ccanewiyohu.dat not found.
    File C:\WINDOWS\Ldidakiwikiso.bin not found.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    File\Folder C:\WINDOWS\system32\drivers\ovtd.sys not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    -> No Temporary Internet Files cache folder defined!

    User: All Users
    -> No Temporary Internet Files cache folder defined!

    User: Default User
    -> No Temporary Internet Files cache folder defined!

    User: LocalService
    -> No Temporary Internet Files cache folder defined!

    User: Matt
    -> No Temporary Internet Files cache folder defined!

    User: NetworkService
    -> No Temporary Internet Files cache folder defined!

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

    Total Files Cleaned = 0.00 mb


    OTLPE by OldTimer - Version 3.1.39.0 log created on 07232010_232125
     
  23. Broni

    Broni Malware Annihilator Posts: 47,704   +268

    Try to restart normally and tell me what happens.
     
  24. msta999

    msta999 TS Rookie Topic Starter Posts: 99

    Did a restart and the black screen is back.
     
  25. msta999

    msta999 TS Rookie Topic Starter Posts: 99

    Well, the first restart, it said "Amount of system mem. has changed. Strike F1 to continue, F2 to run the setup utility"....but niether key worked. had to reboot and then just the black screen.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.