also @ TechSpot: Microsoft Surface RT drops to $199... for schools and colleges

Used Malware to remove worm, now

Discussion in 'Virus and Malware Removal' started by msta999, Jul 20, 2010.

Page 2 of 4

  1. Broni Malware Annihilator Posts: 40,045   +187

    OTLPE takes a while to load. Be patient.

    Not a problem :)
    Broni, Jul 23, 2010
    #21

  2. msta999 Newcomer, in training Posts: 99

    ========== OTL ==========
    Service\Driver key tnttfi not found.
    Service\Driver key psowlet not found.
    Service\Driver key ixoyuu not found.
    File C:\WINDOWS\system32\drivers\ovtd.sys not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
    File/Folder C:\WINDOWS\*.tmp not found.
    File/Folder C:\WINDOWS\System32\*.tmp not found.
    File/Folder C:\WINDOWS\System32\dllcache\*.tmp not found.
    File C:\WINDOWS\Ccanewiyohu.dat not found.
    File C:\WINDOWS\Ldidakiwikiso.bin not found.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    File\Folder C:\WINDOWS\system32\drivers\ovtd.sys not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    -> No Temporary Internet Files cache folder defined!

    User: All Users
    -> No Temporary Internet Files cache folder defined!

    User: Default User
    -> No Temporary Internet Files cache folder defined!

    User: LocalService
    -> No Temporary Internet Files cache folder defined!

    User: Matt
    -> No Temporary Internet Files cache folder defined!

    User: NetworkService
    -> No Temporary Internet Files cache folder defined!

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

    Total Files Cleaned = 0.00 mb


    OTLPE by OldTimer - Version 3.1.39.0 log created on 07232010_232125
    msta999, Jul 23, 2010
    #22

  3. Broni Malware Annihilator Posts: 40,045   +187

    Try to restart normally and tell me what happens.
    Broni, Jul 23, 2010
    #23

  4. msta999 Newcomer, in training Posts: 99

    Did a restart and the black screen is back.
    msta999, Jul 23, 2010
    #24

  5. msta999 Newcomer, in training Posts: 99

    Well, the first restart, it said "Amount of system mem. has changed. Strike F1 to continue, F2 to run the setup utility"....but niether key worked. had to reboot and then just the black screen.
    msta999, Jul 23, 2010
    #25

  6. Broni Malware Annihilator Posts: 40,045   +187

    Boot one more time to OTLPE, run OTL and post fresh log.
    Maybe, I missed something.
    Broni, Jul 23, 2010
    #26
     

  7. msta999 Newcomer, in training Posts: 99

    I'm doing it.
    msta999, Jul 23, 2010
    #27

  8. Broni Malware Annihilator Posts: 40,045   +187

    OK..................
    Broni, Jul 23, 2010
    #28

  9. Broni Malware Annihilator Posts: 40,045   +187

    With this error: "amount of system memory has changed", you may actually have some RAM issue.
    In addition to OTL log...
    What Dell model is it?
    Desktop, or laptop?
    Do you have more than 1 stick of RAM installed?
    Broni, Jul 23, 2010
    #29

  10. msta999 Newcomer, in training Posts: 99

    Inspiron 5100
    Laptop
    2 512 ram sticks.

    OTL logfile created on: 7/24/2010 12:57:55 AM - Run
    OTLPE by OldTimer - Version 3.1.39.0 Folder = X:\Programs\OTLPE
    Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    511.00 Mb Total Physical Memory | 316.00 Mb Available Physical Memory | 62.00% Memory free
    459.00 Mb Paging File | 341.00 Mb Available in Paging File | 74.00% Paging File free
    Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 149.04 Gb Total Space | 113.37 Gb Free Space | 76.07% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded
    Drive X: | 433.24 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: REATOGO
    Current User Name: SYSTEM
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: All users
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Standard
    Using ControlSet: ControlSet001

    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Disabled] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
    SRV - [2009/11/19 15:26:54 | 000,455,944 | ---- | M] () [Auto] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
    SRV - [2009/07/21 17:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
    SRV - [2009/05/13 19:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
    SRV - [2007/12/27 19:39:30 | 000,166,520 | ---- | M] () [Auto] -- C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe -- (BlueSoleil Hid Service)
    SRV - [2007/12/27 19:39:20 | 000,051,816 | ---- | M] () [Auto] -- C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe -- (Start BT in service)
    SRV - [2006/11/03 22:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
    DRV - File not found [Kernel | System] -- -- (PCIDump)
    DRV - File not found [Kernel | On_Demand] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS -- (MRESP50a64)
    DRV - File not found [Kernel | On_Demand] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS -- (MRESP50)
    DRV - File not found [Kernel | On_Demand] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
    DRV - File not found [Kernel | On_Demand] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
    DRV - File not found [Kernel | On_Demand] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS -- (MREMP50a64)
    DRV - File not found [Kernel | On_Demand] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS -- (MREMP50)
    DRV - File not found [Kernel | System] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System] -- -- (i2omgmt)
    DRV - File not found [Kernel | System] -- -- (Changer)
    DRV - File not found [Kernel | On_Demand] -- C:\DOCUME~1\Matt\LOCALS~1\Temp\catchme.sys -- (catchme)
    DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\Drivers\btwusb.sys -- (BTWUSB)
    DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\DRIVERS\btwhid.sys -- (btwhid)
    DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\DRIVERS\btwdndis.sys -- (BTWDNDIS)
    DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\DRIVERS\btport.sys -- (BTDriver)
    DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\btaudio.sys -- (btaudio)
    DRV - [2010/02/02 09:50:19 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
    DRV - [2009/05/11 13:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
    DRV - [2009/03/30 13:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
    DRV - [2009/02/13 15:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
    DRV - [2008/12/28 16:56:45 | 000,043,672 | ---- | M] (Oak Technology Inc.) [Kernel | System] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
    DRV - [2008/03/13 09:51:52 | 000,057,536 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
    DRV - [2008/03/13 09:50:02 | 000,072,000 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
    DRV - [2007/09/05 16:03:00 | 000,049,664 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
    DRV - [2007/06/25 01:56:54 | 000,038,920 | ---- | M] (IVT Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btcusb.sys -- (Btcsrusb)
    DRV - [2007/06/25 01:56:40 | 000,027,656 | ---- | M] (IVT Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio)
    DRV - [2007/06/25 01:56:34 | 000,034,312 | ---- | M] (IVT Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\blueletaudio.sys -- (BlueletAudio)
    DRV - [2007/06/18 23:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
    DRV - [2007/03/06 00:59:04 | 000,018,320 | ---- | M] (IVT Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btnetdrv.sys -- (BT)
    DRV - [2007/03/06 00:56:18 | 000,035,600 | ---- | M] (IVT Corporation.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\BTHidMgr.sys -- (BTHidMgr)
    DRV - [2007/03/06 00:55:12 | 000,020,880 | ---- | M] (IVT Corporation.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\vbtenum.sys -- (BTHidEnum)
    DRV - [2007/03/06 00:53:18 | 000,044,304 | ---- | M] (IVT Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\VcommMgr.sys -- (VcommMgr)
    DRV - [2007/03/06 00:52:18 | 000,034,448 | ---- | M] (IVT Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\VComm.sys -- (VComm)
    DRV - [2005/11/10 14:54:56 | 000,402,944 | R--- | M] (Belkin Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BLKWGU.sys -- (BLKWGU(Belkin)) Belkin Wireless G USB Network Adapter(Belkin)
    DRV - [2004/10/25 16:40:58 | 000,017,664 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ZDPSp50.sys -- (ZDPSp50)
    DRV - [2003/08/29 08:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BCMSM.sys -- (BCMModem)
    DRV - [2003/04/25 21:10:52 | 000,220,176 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97) Audio Driver (WDM)
    DRV - [2002/12/17 15:41:36 | 000,042,368 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
    DRV - [2002/11/08 02:31:36 | 000,539,392 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
    DRV - [2002/10/09 14:20:52 | 000,017,153 | ---- | M] (Dell Computer Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\omci.sys -- (OMCI)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========



    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/03/12 15:19:14 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/24 00:15:03 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/04 19:41:04 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.5\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/07/17 20:49:50 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.5\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

    [2010/07/18 13:25:55 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2009/08/04 14:19:05 | 000,003,700 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fast.png
    [2009/08/04 14:19:05 | 000,001,963 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fast.xml

    O1 HOSTS File: ([2010/07/16 16:22:04 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (Verizon Broadband Toolbar) - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\Program Files\verizon_broad\verizon_broad.dll (Verizon Online. )
    O3 - HKLM\..\Toolbar: (Verizon Broadband Toolbar) - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\Program Files\verizon_broad\verizon_broad.dll (Verizon Online. )
    O3 - HKLM\..\Toolbar: (ZeroBar) - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll ()
    O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
    O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
    O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
    O4 - Startup: Error locating startup folders.
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon FiOS Installer.cab (Support.com Configuration Class)
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
    O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.238.128.12
    O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008/12/28 16:33:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    msta999, Jul 23, 2010
    #30

  11. msta999 Newcomer, in training Posts: 99

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/07/23 18:43:03 | 000,552,960 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe
    [2010/07/23 18:43:03 | 000,000,000 | ---D | C] -- C:\_OTL
    [2010/07/18 00:48:35 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2010/07/16 16:30:43 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
    [2010/07/16 16:21:22 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\proquota.exe
    [2010/07/16 16:21:22 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\proquota.exe
    [2010/07/16 14:02:21 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2010/07/16 13:54:48 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2010/07/16 13:54:48 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2010/07/16 13:54:48 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2010/07/16 13:54:48 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2010/07/16 13:54:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2010/07/16 13:49:34 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2010/07/16 13:42:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32\config\systemprofile\Application Data\VERIZON_BROAD
    [2010/07/16 13:38:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
    [2010/07/16 11:35:40 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/07/16 11:35:36 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/07/16 11:35:36 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2010/07/16 11:30:51 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Defender
    [2010/07/14 15:08:12 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
    [2010/07/04 19:32:59 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
    [2010/07/04 18:45:50 | 000,730,824 | ---- | C] (ammara.com) -- C:\WINDOWS\System32\DBPix20.ocx
    [2010/07/04 18:45:50 | 000,000,000 | ---D | C] -- C:\Program Files\DBPix 2.0.3
    [2010/07/04 17:42:46 | 000,000,000 | ---D | C] -- C:\Program Files\Reloaders Reference
    [2010/06/28 04:31:58 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack

    ========== Files - Modified Within 30 Days ==========

    [2010/07/19 12:33:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/07/19 12:33:09 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2010/07/19 11:44:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2010/07/19 09:44:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2010/07/19 05:10:20 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
    [2010/07/16 23:04:34 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-839522115-152049171-1708537768-1004.job
    [2010/07/16 23:04:32 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-839522115-152049171-1708537768-1004.job
    [2010/07/16 23:04:08 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-18.job
    [2010/07/16 16:22:16 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
    [2010/07/16 16:22:04 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2010/07/16 14:02:29 | 000,000,281 | RHS- | M] () -- C:\boot.ini
    [2010/07/16 13:42:33 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-18.job
    [2010/07/16 13:41:42 | 000,000,150 | ---- | M] () -- C:\zrpt.xml
    [2010/07/16 13:41:04 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\perf73845.dat
    [2010/07/16 13:38:32 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2010/07/16 11:30:04 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/07/16 00:07:11 | 000,000,092 | ---- | M] () -- C:\WINDOWS\wininit.ini
    [2010/07/07 20:44:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2010/07/06 12:55:42 | 000,130,888 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2010/07/04 08:44:04 | 000,552,960 | R--- | M] (OldTimer Tools) -- C:\OTLPE.exe

    ========== Files Created - No Company Name ==========

    [2010/07/23 17:37:32 | 000,001,024 | -H-- | C] () -- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
    [2010/07/16 14:02:28 | 000,000,211 | ---- | C] () -- C:\Boot.bak
    [2010/07/16 14:02:23 | 000,260,272 | ---- | C] () -- C:\cmldr
    [2010/07/16 13:54:48 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2010/07/16 13:54:48 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2010/07/16 13:54:48 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2010/07/16 13:54:48 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2010/07/16 13:54:48 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2010/07/16 13:42:32 | 000,000,288 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-18.job
    [2010/07/16 13:42:32 | 000,000,280 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-18.job
    [2010/07/16 13:41:39 | 000,000,150 | ---- | C] () -- C:\zrpt.xml
    [2010/07/16 13:41:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\perf73845.dat
    [2010/07/16 13:38:32 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2010/07/16 11:33:58 | 000,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
    [2010/07/16 00:07:11 | 000,000,092 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2010/06/28 04:32:02 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
    [2010/06/28 04:32:02 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
    [2009/01/07 00:56:54 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2009/01/02 01:27:29 | 003,313,664 | ---- | C] () -- C:\WINDOWS\system32\config\systemprofile\ntuser.dat
    [2008/02/19 02:33:34 | 000,446,352 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
    [2005/07/12 18:44:42 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
    [2004/03/23 20:38:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
    [2003/01/07 19:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

    ========== LOP Check ==========

    [2010/07/19 05:10:20 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

    ========== Purity Check ==========


    < End of report >
    msta999, Jul 23, 2010
    #31

  12. Broni Malware Annihilator Posts: 40,045   +187

    Yeah, as far, as I can tell, we removed all visible bad entries, so we have to move to RAM issue.

    Turn the laptop off.
    Remove one RAM stick and try to start laptop normally.
    If that doesn't work, switch sticks and try again.
    Also, try different slots with each stick.
    So, you have 4 combination to try.
    Broni, Jul 23, 2010
    #32

  13. msta999 Newcomer, in training Posts: 99

    Thanks, I'm doing that now.
    msta999, Jul 24, 2010
    #33

  14. Broni Malware Annihilator Posts: 40,045   +187

    Cool :).............
    Broni, Jul 24, 2010
    #34

  15. msta999 Newcomer, in training Posts: 99

    I just took both 512 ram chips out and put the original 256 back in. Try'd it in both slots. I still get the black screen.
    msta999, Jul 24, 2010
    #35

  16. msta999 Newcomer, in training Posts: 99

    Will that OTLPE disc let me do a restore?.....just a thought.
    msta999, Jul 24, 2010
    #36

  17. Broni Malware Annihilator Posts: 40,045   +187

    No, but it'll allow you to backup your data.

    I did some search regarding Dell Inspiron 5100 and it looks like this particular model has some issues:
    http://www.google.com/search?source...fai=CnjHPH2lKTJLTG4PSiAPy14DDBAAAAKoEBU_QgNOb
    http://forums.techguy.org/windows-xp/522679-amount-memory-system-has-changed.html
    http://forum.notebookreview.com/dell/188794-amount-system-memory-may-have-changed.html

    I'm 99% sure, we're not dealing with any infection.
    I mean, it's possible, your computer is not totally clean, but it's not your culprit at this moment.
    OTL log shows everything what starts, when your computer boots and I don't see anything malicious there.
    Broni, Jul 24, 2010
    #37

  18. msta999 Newcomer, in training Posts: 99

    OK, I'll see if I can get to my bookmarks and pic's. It sounds like your saying a new hardrive will not fix this? Is that correct?

    Funny this happened after I ran that program. Is that the cause or is this just a fluke?
    msta999, Jul 24, 2010
    #38

  19. Broni Malware Annihilator Posts: 40,045   +187

    I believe, it's a pure coincidence.

    I'm not saying anything for sure.
    It's simply impossible to say for sure.

    Do you have any disks, that came with the laptop?
    Do you know, if there is recovery partition there?

    But....first things first. Take your time and backup your data before you try anything else.
    Broni, Jul 24, 2010
    #39

  20. msta999 Newcomer, in training Posts: 99

    It doesn't look like I can back anything up. When it asks me to choose a location to place my back up, it does not give me a usb option. I have my external hardrive attached, but it doesn't show up.
    msta999, Jul 24, 2010
    #40
Page 2 of 4
Topic Status:
Not open for further replies.

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...

Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.