Inactive Used Malware to remove worm, now

[msta999]

Hi,

I got a worm on my Dell insperon, so I went to one of the self help forums, sorry don't remember which one, but some one else had the same problem. So I followed the instructions someone posted for them. I used a Malware removal tool in quick scan, like the instructions said and it helped a lot. So I did a complete hardware scan, which came up with more "little monsters" and I clicked the remove button, which said I needed to reboot. So I did a reboot, but now I only get a black screen with a blinking underscore line in the top left corner. I have try'd removing the battery for a while, no change. I even try'd putting in my startup disc on a reboot, and I do see windows starting but it goes back to a black screen. Any ideas of what to do now? I have a lot of info on there I'd like to recover if possible. I have thought about just bying a new hard drive, but have also heard, some of these programs hide in the Ram mem.

 

[Broni]

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/

 

[msta999]

I can't do any of the steps, because I only have a black screen to work with. I'm looking for a way to get back into windows and then I'll be glad to follow the steps listed.

 

[Broni]

Let's see, if we can look at your computer booting from an external source.

Using good computer, please download OTLPE (filesize 120,9 MB)

• When downloaded double click on OTLPENet.exe and make sure there is a blank CD in your CD drive. This will automatically create a bootable CD.
• Reboot your bad computer using the boot CD you just created.
  • Note : If you do not know how to set your computer to boot from CD follow the steps here
• Your system should now display a REATOGO-X-PE desktop.
• Depending on your type of internet connection, you should be able to get online as well so you can access this topic more easily.
• Double-click on the OTLPE icon.
• Ensure the box "Automatically Load All Remaining Users" is checked and press OK
• OTL should now start.
• Press Run Scan to start the scan.
• When finished, the file will be saved in drive C:\OTL.txt
• Copy this file to your USB drive if you do not have internet connection on this system
• Please post the contents of the OTL.txt file in your reply.

 

[msta999]

Thanks! I'm off to work, I work grave, and will do this tomorrow evening.

 

[Broni]

Not a problem

 

[msta999]

I try'd to down load OTLPE, but I just get a forgidden message.

ComboFix is the program I ran, that caused my computer screen to go black after a reboot...if memory serves me correctly.

 

[Broni]

You should never run Combofix on your own. It's a very powerful tool and need to know what you're doing.

OTLPE server has been down. I'll PM you with an alternative solution in a few minutes.

 

[msta999]

Ok, I downloaded the program to our newer windows 7 computer, copied it to a dvd (don't have a cd) and try'd to boot it in the dell laptop, but nothing happened. I turned it on several times, but all ended the same, still the black screen. I did notice, for just a second on boot up, there is a F2 = setup and a F12. I went into F12 and ran system test or something like that, and it had me install my system drivers disc and ran some test, but it didn't make any difference. Could there be a problem with the disc, since it is a dvd and not a cd or that it was copied on a windows 7 computer? Not sure what to do now.

 

[Broni]

I'm not sure if DVD will work.
What do you mean by "copied"?
You're supposed to:

double click on OTLPENet.exe and make sure there is a blank CD in your CD drive

 

[msta999]

Sorry, I didn't mean coppied, I ment....well I made the dvd on a windows 7 computer. I'll get some cd's tomorrow, I had to go into work early today....again.

 

[Broni]

No problem

 

[msta999]

Hey! It worked! I'm running the scan now.

 

[msta999]

OTL logfile created on: 7/23/2010 5:37:53 PM - Run
OTLPE by OldTimer - Version 3.1.39.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 768.00 Mb Available Physical Memory | 75.00% Memory free
907.00 Mb Paging File | 806.00 Mb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 113.08 Gb Free Space | 75.87% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 433.24 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2009/11/19 15:26:54 | 000,455,944 | ---- | M] () [Auto] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2009/07/21 17:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/13 19:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2007/12/27 19:39:30 | 000,166,520 | ---- | M] () [Auto] -- C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe -- (BlueSoleil Hid Service)
SRV - [2007/12/27 19:39:20 | 000,051,816 | ---- | M] () [Auto] -- C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe -- (Start BT in service)
SRV - [2006/11/03 22:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | Boot] -- -- (tnttfi)
DRV - File not found [Kernel | Boot] -- -- (psowlet)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS -- (MRESP50a64)
DRV - File not found [Kernel | On_Demand] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS -- (MRESP50)
DRV - File not found [Kernel | On_Demand] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | On_Demand] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS -- (MREMP50a64)
DRV - File not found [Kernel | On_Demand] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS -- (MREMP50)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- C:\DOCUME~1\Matt\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\Drivers\btwusb.sys -- (BTWUSB)
DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\DRIVERS\btwhid.sys -- (btwhid)
DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\DRIVERS\btwdndis.sys -- (BTWDNDIS)
DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\DRIVERS\btport.sys -- (BTDriver)
DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\btaudio.sys -- (btaudio)
DRV - [2010/07/19 12:32:26 | 000,054,016 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ovtd.sys -- (ixoyuu)
DRV - [2010/02/02 09:50:19 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/05/11 13:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/30 13:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/13 15:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/12/28 16:56:45 | 000,043,672 | ---- | M] (Oak Technology Inc.) [Kernel | System] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2008/03/13 09:51:52 | 000,057,536 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2008/03/13 09:50:02 | 000,072,000 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2007/09/05 16:03:00 | 000,049,664 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2007/06/25 01:56:54 | 000,038,920 | ---- | M] (IVT Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btcusb.sys -- (Btcsrusb)
DRV - [2007/06/25 01:56:40 | 000,027,656 | ---- | M] (IVT Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio)
DRV - [2007/06/25 01:56:34 | 000,034,312 | ---- | M] (IVT Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\blueletaudio.sys -- (BlueletAudio)
DRV - [2007/06/18 23:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/03/06 00:59:04 | 000,018,320 | ---- | M] (IVT Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btnetdrv.sys -- (BT)
DRV - [2007/03/06 00:56:18 | 000,035,600 | ---- | M] (IVT Corporation.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\BTHidMgr.sys -- (BTHidMgr)
DRV - [2007/03/06 00:55:12 | 000,020,880 | ---- | M] (IVT Corporation.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\vbtenum.sys -- (BTHidEnum)
DRV - [2007/03/06 00:53:18 | 000,044,304 | ---- | M] (IVT Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\VcommMgr.sys -- (VcommMgr)
DRV - [2007/03/06 00:52:18 | 000,034,448 | ---- | M] (IVT Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\VComm.sys -- (VComm)
DRV - [2005/11/10 14:54:56 | 000,402,944 | R--- | M] (Belkin Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BLKWGU.sys -- (BLKWGU(Belkin)) Belkin Wireless G USB Network Adapter(Belkin)
DRV - [2004/10/25 16:40:58 | 000,017,664 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ZDPSp50.sys -- (ZDPSp50)
DRV - [2003/08/29 08:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BCMSM.sys -- (BCMModem)
DRV - [2003/04/25 21:10:52 | 000,220,176 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97) Audio Driver (WDM)
DRV - [2002/12/17 15:41:36 | 000,042,368 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2002/11/08 02:31:36 | 000,539,392 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2002/10/09 14:20:52 | 000,017,153 | ---- | M] (Dell Computer Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\omci.sys -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Matt_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Matt_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\systemprofile_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/03/12 15:19:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/24 00:15:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/04 19:41:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.5\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/07/17 20:49:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.5\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2010/07/18 13:25:55 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/08/04 14:19:05 | 000,003,700 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fast.png
[2009/08/04 14:19:05 | 000,001,963 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fast.xml

O1 HOSTS File: ([2010/07/16 16:22:04 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Verizon Broadband Toolbar) - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\Program Files\verizon_broad\verizon_broad.dll (Verizon Online. )
O3 - HKLM\..\Toolbar: (Verizon Broadband Toolbar) - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\Program Files\verizon_broad\verizon_broad.dll (Verizon Online. )
O3 - HKLM\..\Toolbar: (ZeroBar) - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll ()
O3 - HKU\Matt_ON_C\..\Toolbar\WebBrowser: (Verizon Broadband Toolbar) - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\Program Files\verizon_broad\verizon_broad.dll (Verizon Online. )
O3 - HKU\Matt_ON_C\..\Toolbar\WebBrowser: (ZeroBar) - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll ()
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Matt_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\Matt_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Matt_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\systemprofile_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon FiOS Installer.cab (Support.com Configuration Class)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.238.128.12
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/12/28 16:33:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

[msta999]

========== Files/Folders - Created Within 30 Days ==========

[2010/07/18 00:48:35 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/07/16 19:32:39 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache
[2010/07/16 16:30:43 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2010/07/16 16:30:03 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\NetworkService\Cookies
[2010/07/16 16:29:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matt\Local Settings\Application Data\PCHealth
[2010/07/16 16:21:22 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\proquota.exe
[2010/07/16 16:21:22 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\proquota.exe
[2010/07/16 14:02:21 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/07/16 13:54:48 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/07/16 13:54:48 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/07/16 13:54:48 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/07/16 13:54:48 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/07/16 13:54:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/07/16 13:49:34 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/07/16 13:42:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32\config\systemprofile\Application Data\VERIZON_BROAD
[2010/07/16 13:38:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/07/16 13:38:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/07/16 11:35:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matt\Application Data\Malwarebytes
[2010/07/16 11:35:40 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/16 11:35:36 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/07/16 11:35:36 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/16 11:30:51 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Defender
[2010/07/16 09:07:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\NetworkService\Favorites
[2010/07/15 20:57:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/07/15 20:57:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/07/14 15:08:12 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2010/07/04 19:46:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matt\Local Settings\Application Data\Microsoft Help
[2010/07/04 19:32:59 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2010/07/04 18:53:00 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Matt\My Documents\My Data Sources
[2010/07/04 18:45:50 | 000,730,824 | ---- | C] (ammara.com) -- C:\WINDOWS\System32\DBPix20.ocx
[2010/07/04 18:45:50 | 000,000,000 | ---D | C] -- C:\Program Files\DBPix 2.0.3
[2010/07/04 17:42:46 | 000,000,000 | ---D | C] -- C:\Program Files\Reloaders Reference
[2010/06/28 04:38:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matt\Application Data\vlc
[2010/06/28 04:31:58 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2010/06/27 17:38:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matt\Desktop\Shotshell Load Data
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[41 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[20 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/07/19 12:33:30 | 000,229,376 | ---- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2010/07/19 12:33:30 | 000,229,376 | ---- | M] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2010/07/19 12:33:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/19 12:33:09 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/19 12:33:05 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Matt\ntuser.ini
[2010/07/19 12:33:04 | 009,699,328 | ---- | M] () -- C:\Documents and Settings\Matt\ntuser.dat
[2010/07/19 12:32:55 | 003,775,658 | -H-- | M] () -- C:\Documents and Settings\Matt\Local Settings\Application Data\IconCache.db
[2010/07/19 12:32:26 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\ovtd.sys
[2010/07/19 11:44:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/19 09:44:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/19 05:10:20 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/07/19 04:57:17 | 000,005,397 | ---- | M] () -- C:\Documents and Settings\Matt\Desktop\MEC.htm
[2010/07/18 15:13:51 | 000,003,827 | ---- | M] () -- C:\Documents and Settings\Matt\Desktop\Bear Tracker.htm
[2010/07/16 23:04:34 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-839522115-152049171-1708537768-1004.job
[2010/07/16 23:04:32 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-839522115-152049171-1708537768-1004.job
[2010/07/16 23:04:08 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-18.job
[2010/07/16 19:39:14 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/07/16 19:39:13 | 004,980,736 | -H-- | M] () -- C:\Documents and Settings\Administrator\ntuser.dat
[2010/07/16 19:39:11 | 003,184,656 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2010/07/16 16:22:16 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/16 16:22:04 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/07/16 14:02:29 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/07/16 13:42:33 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-18.job
[2010/07/16 13:41:42 | 000,000,150 | ---- | M] () -- C:\zrpt.xml
[2010/07/16 13:41:04 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\perf73845.dat
[2010/07/16 13:38:32 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/16 11:31:05 | 000,022,520 | ---- | M] () -- C:\Documents and Settings\Matt\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/07/16 11:30:04 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/16 11:23:05 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Ccanewiyohu.dat
[2010/07/16 11:23:05 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Ldidakiwikiso.bin
[2010/07/16 11:21:08 | 000,026,112 | ---- | M] () -- C:\Documents and Settings\Matt\My Documents\Virtumonde.doc
[2010/07/16 01:10:34 | 000,042,496 | ---- | M] () -- C:\Documents and Settings\Matt\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/16 00:07:11 | 000,000,092 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/07/07 20:44:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/07/06 12:55:42 | 000,130,888 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[41 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[20 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/23 17:37:32 | 000,008,192 | -H-- | C] () -- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
[2010/07/19 12:32:26 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\ovtd.sys
[2010/07/19 04:57:16 | 000,005,397 | ---- | C] () -- C:\Documents and Settings\Matt\Desktop\MEC.htm
[2010/07/18 15:13:48 | 000,003,827 | ---- | C] () -- C:\Documents and Settings\Matt\Desktop\Bear Tracker.htm
[2010/07/16 14:02:28 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/07/16 14:02:23 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/07/16 13:54:48 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/07/16 13:54:48 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/07/16 13:54:48 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/07/16 13:54:48 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/07/16 13:54:48 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/07/16 13:42:32 | 000,000,288 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-18.job
[2010/07/16 13:42:32 | 000,000,280 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-18.job
[2010/07/16 13:41:39 | 000,000,150 | ---- | C] () -- C:\zrpt.xml
[2010/07/16 13:41:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\perf73845.dat
[2010/07/16 13:38:32 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/16 11:33:58 | 000,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/07/16 11:21:07 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\Matt\My Documents\Virtumonde.doc
[2010/07/16 00:07:11 | 000,000,092 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/07/15 20:02:30 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Ccanewiyohu.dat
[2010/07/15 20:02:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Ldidakiwikiso.bin
[2010/06/28 04:32:02 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/06/28 04:32:02 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009/04/06 06:12:30 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Administrator\hpothb07.tif
[2009/04/06 06:12:30 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Administrator\hpothb07.dat
[2009/04/06 06:12:24 | 000,000,253 | -H-- | C] () -- C:\Documents and Settings\LocalService\hpothb07.tif
[2009/04/06 06:12:24 | 000,000,167 | -H-- | C] () -- C:\Documents and Settings\LocalService\hpothb07.dat
[2009/04/06 06:12:19 | 000,000,253 | -H-- | C] () -- C:\Documents and Settings\Matt\hpothb07.tif
[2009/04/06 06:12:19 | 000,000,159 | -H-- | C] () -- C:\Documents and Settings\Matt\hpothb07.dat
[2009/01/07 00:56:54 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/01/02 01:27:30 | 009,699,328 | ---- | C] () -- C:\Documents and Settings\Matt\ntuser.dat
[2009/01/02 01:27:29 | 003,313,664 | ---- | C] () -- C:\WINDOWS\system32\config\systemprofile\ntuser.dat
[2008/12/31 05:08:38 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2008/12/31 05:08:37 | 000,098,304 | -H-- | C] () -- C:\Documents and Settings\Administrator\ntuser.dat.LOG
[2008/12/31 05:08:36 | 004,980,736 | -H-- | C] () -- C:\Documents and Settings\Administrator\ntuser.dat
[2008/12/29 21:56:44 | 000,042,496 | ---- | C] () -- C:\Documents and Settings\Matt\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/28 16:44:28 | 000,028,672 | -H-- | C] () -- C:\Documents and Settings\Matt\ntuser.dat.LOG
[2008/12/28 16:44:28 | 000,000,278 | -HS- | C] () -- C:\Documents and Settings\Matt\ntuser.ini
[2008/12/28 16:43:37 | 000,229,376 | ---- | C] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2008/12/28 16:43:37 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\LocalService\ntuser.dat.LOG
[2008/12/28 16:43:37 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\LocalService\ntuser.ini
[2008/12/28 16:43:36 | 000,229,376 | ---- | C] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2008/12/28 16:43:36 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\NetworkService\ntuser.dat.LOG
[2008/12/28 16:43:36 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\NetworkService\ntuser.ini
[2008/02/19 02:33:34 | 000,446,352 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2005/07/12 18:44:42 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
[2004/03/23 20:38:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[2003/01/07 19:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2009/12/23 21:56:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\GARMIN
[2008/12/28 21:06:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\MSNInstaller
[2010/03/28 11:58:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Thunderbird
[2010/07/19 05:10:20 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========


< End of report >

 

[Broni]

Hey! It worked!

Cool


Do this on the computer you are posting from:
Copy the text in the codebox below:

:OTL
DRV - File not found [Kernel | Boot] -- -- (tnttfi)
DRV - File not found [Kernel | Boot] -- -- (psowlet)
DRV - [2010/07/19 12:32:26 | 000,054,016 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ovtd.sys -- (ixoyuu)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[41 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[20 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[2010/07/16 11:23:05 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Ccanewiyohu.dat
[2010/07/16 11:23:05 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Ldidakiwikiso.bin


:Services

:Reg

:Files
C:\WINDOWS\system32\drivers\ovtd.sys


:Commands
[purity]
[emptytemp]

Open Notepad and paste it.
Save the document as Fix.txt on to a USB flash drive


On the infected computer the following...

Run OTLPE

• Insert USB stick and find the file Fix.txt. Drag the file Fix.txt and drop it under the Custom Scans/Fixes box at the bottom.
  
  • (The content of Fix.txt should appear in the box)
• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Post the log produced (you'll need to transfer it with USB stick)
• Attempt to reboot normally into windows.

 

[msta999]

Error: Unable to interpret <DRV - File not found [Kernel | Boot] -- -- (tnttfi)> in the current context!
Error: Unable to interpret <DRV - File not found [Kernel | Boot] -- -- (psowlet)> in the current context!
Error: Unable to interpret <DRV - [2010/07/19 12:32:26 | 000,054,016 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ovtd.sys -- (ixoyuu)> in the current context!
Error: Unable to interpret <O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.> in the current context!
Error: Unable to interpret <[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]> in the current context!
Error: Unable to interpret <[41 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]> in the current context!
Error: Unable to interpret <[20 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]> in the current context!
Error: Unable to interpret <[2010/07/16 11:23:05 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Ccanewiyohu.dat> in the current context!
Error: Unable to interpret <[2010/07/16 11:23:05 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Ldidakiwikiso.bin> in the current context!
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\WINDOWS\system32\drivers\ovtd.sys moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41085 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Matt
->Temp folder emptied: 21829 bytes
->Temporary Internet Files folder emptied: 2462937 bytes
->Java cache emptied: 68651271 bytes
->FireFox cache emptied: 149880235 bytes
->Google Chrome cache emptied: 67519082 bytes
->Flash cache emptied: 186612 bytes

User: NetworkService
->Temp folder emptied: 5188 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 5807 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1145933 bytes
%systemroot%\System32 .tmp files removed: 15099789 bytes
%systemroot%\System32\dllcache .tmp files removed: 9276416 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 75692 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 259047 bytes

Total Files Cleaned = 300.00 mb


OTLPE by OldTimer - Version 3.1.39.0 log created on 07232010_184302

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

 

[msta999]

I did what your wrote above. What ever happened happened quick, once I clicked it. It asked to reboot so I restarted the computer and it is just a black screen again.

 

[Broni]

No. You didn't copy a whole script.
Most likely, you missed a "colon" in front of "OTL" (1st line).

Please redo.

 

[msta999]

I have the disc back in and will try this again. Thanks for being patient with me.

Is it normal for the disc to take about 10 min. to get to the desk top?

 

[Broni]

OTLPE takes a while to load. Be patient.

Thanks for being patient with me.

Not a problem

 

[msta999]

========== OTL ==========
Service\Driver key tnttfi not found.
Service\Driver key psowlet not found.
Service\Driver key ixoyuu not found.
File C:\WINDOWS\system32\drivers\ovtd.sys not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
File/Folder C:\WINDOWS\*.tmp not found.
File/Folder C:\WINDOWS\System32\*.tmp not found.
File/Folder C:\WINDOWS\System32\dllcache\*.tmp not found.
File C:\WINDOWS\Ccanewiyohu.dat not found.
File C:\WINDOWS\Ldidakiwikiso.bin not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File\Folder C:\WINDOWS\system32\drivers\ovtd.sys not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
-> No Temporary Internet Files cache folder defined!

User: All Users
-> No Temporary Internet Files cache folder defined!

User: Default User
-> No Temporary Internet Files cache folder defined!

User: LocalService
-> No Temporary Internet Files cache folder defined!

User: Matt
-> No Temporary Internet Files cache folder defined!

User: NetworkService
-> No Temporary Internet Files cache folder defined!

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

Total Files Cleaned = 0.00 mb


OTLPE by OldTimer - Version 3.1.39.0 log created on 07232010_232125

 

[Broni]

Try to restart normally and tell me what happens.

 

[msta999]

Did a restart and the black screen is back.

 

[msta999]

Well, the first restart, it said "Amount of system mem. has changed. Strike F1 to continue, F2 to run the setup utility"....but niether key worked. had to reboot and then just the black screen.