Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

windowssafemode virus


  • This topic is locked This topic is locked

#1
wjbarth

wjbarth

    New Member

  • Member
  • Pip
  • 3 posts
My computer will start up to a black screen with a pop-up box stating that "Windows Boot Failure. Press 'OK' to fix boot failure". When exited out of the pop-up, a new pop-up appears "Windows Disk Diagnostic Tool will scan the system to identify performance issues", with two check boxes "check hard drive sectors" and "system integrity". Then another pop-up: "A problem with the hard drive has been detected. It is strongly recommended that you download and install the following certified software to fix detected hard drive errors. Do you want to download recommended software?". Then a program comes up called "WindowsSafemode"and starts to perform scans etc..

The computer wont let me do anything else... Please help, I need my computer for important stored on there!

Here is my otl log


OTL logfile created on: 3/7/2011 10:18:16 AM - Run
OTLPE by OldTimer - Version 3.1.45.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.00 Mb Total Physical Memory | 294.00 Mb Available Physical Memory | 59.00% Memory free
454.00 Mb Paging File | 321.00 Mb Available in Paging File | 71.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.33 Gb Total Space | 21.13 Gb Free Space | 30.47% Space Free | Partition Type: NTFS
Drive D: | 7.52 Gb Total Space | 6.08 Gb Free Space | 80.96% Space Free | Partition Type: FAT32
Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled] -- -- (HidServ)
SRV - [2006/10/05 20:41:08 | 000,167,936 | ---- | M] (Lenovo) [Auto] -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2006/10/05 20:40:32 | 000,053,248 | ---- | M] () [Auto] -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2006/07/11 18:04:42 | 000,015,872 | ---- | M] ( ) [Auto] -- C:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2006/07/11 17:52:52 | 000,023,552 | ---- | M] () [On_Demand] -- C:\WINDOWS\system32\psasrv.exe -- (PsaSrv)
SRV - [2006/06/12 20:26:10 | 001,119,888 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2006/06/08 20:00:00 | 000,029,184 | ---- | M] (Network Associates, Inc.) [Auto] -- C:\Program Files\Network Associates\VirusScan\vstskmgr.exe -- (McTaskManager)
SRV - [2006/06/08 12:08:35 | 000,214,720 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2006/05/15 18:24:33 | 002,086,592 | ---- | M] (Symantec Corporation) [On_Demand] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)
SRV - [2006/05/15 18:24:33 | 000,100,032 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2006/05/11 15:50:18 | 001,160,848 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2006/04/12 11:30:24 | 000,169,632 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2006/04/12 11:30:10 | 000,192,160 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2006/03/15 12:33:08 | 000,750,768 | ---- | M] (Symantec Corporation) [On_Demand] -- C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE -- (NSCService)
SRV - [2006/02/14 20:00:00 | 000,221,191 | ---- | M] (Network Associates, Inc.) [Auto] -- C:\Program Files\Network Associates\VirusScan\mcshield.exe -- (McShield)
SRV - [2006/02/05 01:03:40 | 000,046,752 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe -- (NPFMntor)
SRV - [2006/02/05 01:03:16 | 000,139,936 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Norton AntiVirus\navapsvc.exe -- (navapsvc)
SRV - [2006/01/17 12:37:24 | 000,266,295 | ---- | M] (Broadcom Corporation.) [Auto] -- C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2006/01/03 13:27:08 | 000,057,344 | ---- | M] (Lenovo) [Auto] -- C:\WINDOWS\system32\PMSveH.exe -- (PMSveH)
SRV - [2005/12/21 20:20:56 | 001,384,448 | ---- | M] () [Auto] -- C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe -- (TVT Backup Service)
SRV - [2005/12/14 13:51:12 | 000,622,700 | ---- | M] (Diskeeper Corporation) [Auto] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2005/10/05 19:14:12 | 000,239,216 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Common Files\Symantec Shared\ccProxy.exe -- (ccProxy)
SRV - [2005/08/26 16:22:48 | 000,198,368 | ---- | M] (Symantec Corporation) [On_Demand] -- C:\Program Files\Norton AntiVirus\SAVScan.exe -- (SAVScan)
SRV - [2005/05/06 23:27:24 | 000,083,584 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Norton Internet Security\ISSVC.exe -- (ISSVC)
SRV - [2005/04/20 20:28:56 | 000,083,568 | ---- | M] (Symantec Corporation) [On_Demand] -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2004/08/11 02:46:56 | 000,483,328 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Windows Media Connect\mswmccds.exe -- (WmcCds) Windows Media Connect (WMC)
SRV - [2004/08/10 23:50:42 | 000,028,160 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Windows Media Connect\mswmcls.exe -- (WmcCdsLs) Windows Media Connect (WMC)
SRV - [2004/08/06 03:50:00 | 000,102,463 | ---- | M] (Network Associates, Inc.) [Auto] -- C:\Program Files\Network Associates\Common Framework\FrameworkService.exe -- (McAfeeFramework)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [File_System | Boot] -- -- (ANCSQ)
DRV - [2006/09/11 03:00:00 | 000,387,432 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Program Files\Common Files\Symantec Shared\eengine\eectrl.sys -- (eeCtrl)
DRV - [2006/08/30 17:24:28 | 000,176,816 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20060901.084\SymIDSCo.sys -- (SYMIDSCO)
DRV - [2006/08/02 02:27:48 | 000,012,544 | ---- | M] (Intel Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006/07/11 17:52:50 | 000,017,536 | ---- | M] (Lenovo) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2006/06/12 20:26:10 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2006/06/08 20:00:00 | 000,116,864 | ---- | M] (McAfee Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\naiavf5x.sys -- (NaiAvFilter1)
DRV - [2006/06/08 20:00:00 | 000,058,464 | ---- | M] (Network Associates, Inc.) [Kernel | System] -- C:\WINDOWS\system32\drivers\mvstdi5x.sys -- (NaiAvTdi1)
DRV - [2006/06/08 20:00:00 | 000,008,448 | ---- | M] (Network Associates, Inc) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\entdrv51.sys -- (EntDrv51)
DRV - [2006/06/08 12:08:35 | 000,195,776 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2006/06/08 12:08:35 | 000,110,784 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2006/06/08 12:08:35 | 000,031,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
DRV - [2006/06/08 12:08:35 | 000,028,352 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS)
DRV - [2006/06/08 12:08:35 | 000,024,768 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2006/06/08 12:08:35 | 000,012,992 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2006/05/16 14:34:37 | 000,107,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2006/05/11 15:50:18 | 000,389,776 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2006/01/17 12:18:22 | 000,850,474 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2006/01/17 12:14:52 | 000,065,688 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/01/13 01:33:22 | 000,006,016 | ---- | M] () [Kernel | System] -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK)
DRV - [2006/01/11 04:42:00 | 000,007,168 | ---- | M] () [Kernel | System] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2005/12/21 19:14:58 | 000,012,544 | ---- | M] (IBM) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\ibmfilter.sys -- (ibmfilter)
DRV - [2005/12/21 16:09:50 | 000,010,240 | ---- | M] (Lenovo ) [Kernel | System] -- C:\WINDOWS\system32\drivers\PMHler.sys -- (PMHler)
DRV - [2005/12/12 18:08:44 | 001,124,097 | ---- | M] (Agere Systems) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/12/05 02:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2005/11/16 22:28:32 | 000,028,928 | ---- | M] (REDC) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/11/08 10:27:20 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)
DRV - [2005/11/01 20:08:00 | 000,308,992 | ---- | M] (REDC) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/11/01 19:54:50 | 000,051,584 | ---- | M] (REDC) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/09/30 13:11:42 | 000,078,720 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2005/01/07 19:07:16 | 000,145,920 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lenovo.com/us/en/
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Deborah_Diemont_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\Deborah_Diemont_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\Deborah_Diemont_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\Deborah_Diemont_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0




========== FireFox ==========


FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/08/23 20:21:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/02/24 13:42:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/02/17 06:04:10 | 000,000,000 | ---D | M]

[2011/02/17 05:56:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Deborah Diemont\Application Data\Mozilla\Extensions
[2011/02/17 05:56:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Deborah Diemont\Application Data\Mozilla\Firefox\Profiles\8boxyvxx.default\extensions
[2011/02/17 06:04:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008/04/21 14:32:13 | 000,000,000 | ---D | M] (Talkback) -- C:\Program Files\Mozilla Firefox\extensions\[email protected](2).org
[2007/09/11 20:09:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions(2)
[2007/09/10 22:38:58 | 000,000,000 | ---D | M] (Firefox (default)) -- C:\Program Files\Mozilla Firefox\extensions(2)\{972ce4c6-7e08-4474-a285-3208198ce6fd}(2)
[2007/09/11 20:09:50 | 000,000,000 | ---D | M] (Talkback) -- C:\Program Files\Mozilla Firefox\extensions(2)\[email protected](2).org

O1 HOSTS File: ([2004/08/04 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (CNisExtBho Class) - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
O2 - BHO: (CNavExtBho Class) - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Internet Security) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Norton AntiVirus) - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)
O3 - HKU\Deborah_Diemont_ON_C\..\Toolbar\WebBrowser: (Norton Internet Security) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
O3 - HKU\Deborah_Diemont_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe ()
O4 - HKLM..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe ()
O4 - HKLM..\Run: [cssauthe] C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauthe.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HdAShCut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [hpbdfawep] C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe ()
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LPManager] C:\Program Files\Lenovo\LenovoCare\LPMGR.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe (Network Associates, Inc.)
O4 - HKLM..\Run: [Network Associates Error Reporting Service] C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe (Network Associates, Inc.)
O4 - HKLM..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - HKLM..\Run: [PMHandler] C:\WINDOWS\system32\PMHandler.exe (Lenovo)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE (Network Associates, Inc.)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPHKMGR.exe ()
O4 - HKLM..\Run: [TPWAUDAP] C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe ()
O4 - HKLM..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe (Symantec Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Deborah_Diemont_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Deborah_Diemont_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra 'Tools' menuitem : IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe ()
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} http://www-307.ibm.c...rt/IbmEgath.cab (IBM Access Support)
O16 - DPF: {76E5AF9D-2B3E-4FEB-A31F-A9E63A27FA29} https://www-307.ibm....ntent/AcpIR.cab (IASRunner Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...all-142-win.cab (Java Plug-in 1.4.2)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/...all-142-win.cab (Java Plug-in 1.4.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: TaskMan - (C:\Documents and Settings\Deborah Diemont\yeawl.exe) - File not found
O20 - Winlogon\Notify\ACNotify: DllName - ACNotify.dll - C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll ()
O20 - Winlogon\Notify\tphotkey: DllName - tphklock.dll - C:\WINDOWS\System32\tphklock.dll ()
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/06/05 06:11:34 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{3c6a5472-5d90-11de-8a34-000fb0c85b25}\Shell\AutoRun\command - "" = E:\fakerica//shmekerica.exe
O33 - MountPoints2\{3c6a5472-5d90-11de-8a34-000fb0c85b25}\Shell\Explore\command - "" = E:\fakerica//shmekerica.exe
O33 - MountPoints2\{3c6a5472-5d90-11de-8a34-000fb0c85b25}\Shell\Open\command - "" = E:\fakerica//shmekerica.exe
O33 - MountPoints2\{4abe5674-0856-11e0-8d5c-000fb0c85b25}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4abe5674-0856-11e0-8d5c-000fb0c85b25}\Shell\AutoRun\command - "" = DVANAEST\\devojkica.exe
O33 - MountPoints2\{4abe5674-0856-11e0-8d5c-000fb0c85b25}\Shell\explore\command - "" = DVANAEST\\\devojkica.exe
O33 - MountPoints2\{4abe5674-0856-11e0-8d5c-000fb0c85b25}\Shell\open\command - "" = DVANAEST\\\devojkica.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: AppSecDll - (C:\Documents and Settings\All Users\Application Data\vRhJxFbQTomnoX.dll) - C:\Documents and Settings\All Users\Application Data\vRhJxFbQTomnoX.dll ()
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/04 10:33:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Deborah Diemont\Start Menu\Programs\Windows Safemode
[2011/03/04 10:32:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/03/03 05:42:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Deborah Diemont\Desktop\Salem Hyde Writers
[2011/02/25 13:14:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Deborah Diemont\Desktop\Slow Gen X
[2011/02/25 11:57:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Deborah Diemont\Desktop\Grimms Heroines
[2011/02/25 11:48:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Deborah Diemont\Desktop\Book, San C
[2011/02/19 10:49:12 | 000,000,000 | ---D | C] -- C:\pics
[2011/02/17 05:56:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Deborah Diemont\Application Data\Mozilla
[2006/08/15 16:33:21 | 010,310,760 | ---- | C] (Skype Technologies S.A. ) -- C:\Program Files\SkypeSetup.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/07 09:55:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/03/07 08:29:25 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/07 08:28:13 | 526,569,472 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/04 14:10:29 | 000,000,805 | ---- | M] () -- C:\Documents and Settings\Deborah Diemont\Desktop\Windows Safemode.lnk
[2011/03/03 13:16:32 | 000,000,512 | ---- | M] () -- C:\WINDOWS\randseed.rnd
[2011/02/24 13:43:58 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Deborah Diemont\Desktop\Microsoft Office Word 2003.lnk
[2011/02/19 10:57:36 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\Deborah Diemont\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/17 06:04:15 | 000,001,631 | ---- | M] () -- C:\Documents and Settings\Deborah Diemont\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/02/17 05:54:56 | 000,001,917 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/02/12 18:37:38 | 010,513,733 | ---- | M] () -- C:\Documents and Settings\Deborah Diemont\Desktop\090618_Guadalupe_007.v3lg.jpg.zip
[2011/02/06 07:30:44 | 008,737,611 | ---- | M] () -- C:\Documents and Settings\Deborah Diemont\Desktop\DiemontCover.printlg.pdf.zip
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/04 14:10:29 | 000,000,805 | ---- | C] () -- C:\Documents and Settings\Deborah Diemont\Desktop\Windows Safemode.lnk
[2011/03/04 14:08:33 | 526,569,472 | -HS- | C] () -- C:\hiberfil.sys
[2011/02/17 05:56:48 | 000,001,631 | ---- | C] () -- C:\Documents and Settings\Deborah Diemont\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/02/12 18:37:01 | 010,513,733 | ---- | C] () -- C:\Documents and Settings\Deborah Diemont\Desktop\090618_Guadalupe_007.v3lg.jpg.zip
[2011/02/06 07:30:23 | 008,737,611 | ---- | C] () -- C:\Documents and Settings\Deborah Diemont\Desktop\DiemontCover.printlg.pdf.zip
[2010/07/26 20:15:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2010/01/18 18:46:01 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\HPPLVS.dll
[2008/08/27 05:26:43 | 000,000,646 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/04/21 15:38:08 | 005,391,744 | ---- | C] () -- C:\Program Files\lj1020_1022-HB-pd-win32-en.exe
[2008/04/21 15:31:55 | 005,391,744 | ---- | C] () -- C:\Program Files\lj1020_1022-HB-pnp-win32-en.exe
[2008/02/07 10:05:18 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\hppatusg01.dll
[2007/09/11 20:44:48 | 000,430,080 | ---- | C] () -- C:\WINDOWS\System32\ZSHP1020.EXE
[2007/09/11 20:44:48 | 000,106,496 | R--- | C] () -- C:\WINDOWS\System32\vshp1020.dll
[2007/08/20 08:29:11 | 000,122,717 | ---- | C] () -- C:\WINDOWS\HPHins11.dat
[2007/08/20 08:29:11 | 000,013,767 | ---- | C] () -- C:\WINDOWS\hphmdl11.dat
[2006/12/12 14:55:42 | 000,006,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys
[2006/10/28 22:43:03 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Deborah Diemont\Application Data\PFP120JPR.{PB
[2006/10/28 22:43:03 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Deborah Diemont\Application Data\PFP120JCM.{PB
[2006/10/28 15:46:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/09/28 12:55:04 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\Deborah Diemont\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/08/15 16:35:38 | 003,729,168 | ---- | C] () -- C:\Program Files\yup.pdf
[2006/07/11 17:52:52 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\psasrv.exe
[2006/06/15 11:41:20 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2006/06/15 11:41:20 | 000,000,343 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2006/06/15 11:40:27 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2006/06/15 11:40:27 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2006/06/15 11:40:27 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2006/06/15 11:40:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\serauth2.dll
[2006/06/15 11:40:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\serauth1.dll
[2006/06/15 11:40:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nsprs.dll
[2006/06/07 07:51:12 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Deborah Diemont\Local Settings\Application Data\fusioncache.dat
[2006/06/06 17:32:44 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/06/04 15:21:13 | 000,006,580 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/06/04 15:21:13 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\9BD92CE578.sys
[2006/05/17 21:54:31 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/05/17 21:48:50 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\drivers\psasrv.exe
[2006/05/17 21:39:17 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/05/17 21:39:17 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/05/17 21:39:17 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/05/17 21:39:17 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/05/17 21:39:17 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/05/17 21:39:17 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/05/17 21:37:41 | 000,114,688 | ---- | C] () -- C:\WINDOWS\desktopset.exe
[2006/05/17 21:37:26 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006/05/17 21:35:52 | 000,000,032 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/05/17 21:06:52 | 000,002,481 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/01/19 14:46:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/01/17 12:31:30 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005/12/30 15:43:12 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\PMHlerIO.dll
[2005/12/23 15:47:32 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\PMEBLib.dll
[2005/05/23 10:22:24 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2005/05/23 10:22:24 | 000,004,547 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT
[2004/08/09 13:03:43 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/09 13:01:40 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/09 12:51:56 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/09 12:46:20 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/09 12:45:31 | 000,311,584 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/11/14 14:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[1980/01/01 02:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[1980/01/01 02:00:00 | 000,382,670 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[1980/01/01 02:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[1980/01/01 02:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[1980/01/01 02:00:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[1980/01/01 02:00:00 | 000,054,202 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[1980/01/01 02:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[1980/01/01 02:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[1980/01/01 02:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[1980/01/01 02:00:00 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\tphklock.dll
[1980/01/01 02:00:00 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[1980/01/01 02:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[1980/01/01 02:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[1980/01/01 02:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2006/05/17 21:36:36 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\IBM
[2006/05/17 21:36:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Deborah Diemont\Application Data\IBM
[2006/10/29 16:13:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Deborah Diemont\Application Data\InterVideo
[2006/06/07 07:52:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Deborah Diemont\Application Data\ThinkVantage

========== Purity Check ==========


< End of report >

Edited by wjbarth, 07 March 2011 - 10:10 AM.

  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there this is my third one this week so lets see if it goes as well :D

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O7 - HKU\Deborah_Diemont_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
    O20 - HKLM Winlogon: TaskMan - (C:\Documents and Settings\Deborah Diemont\yeawl.exe) - File not found
    O33 - MountPoints2\{3c6a5472-5d90-11de-8a34-000fb0c85b25}\Shell\AutoRun\command - "" = E:\fakerica//shmekerica.exe
    O33 - MountPoints2\{3c6a5472-5d90-11de-8a34-000fb0c85b25}\Shell\Explore\command - "" = E:\fakerica//shmekerica.exe
    O33 - MountPoints2\{3c6a5472-5d90-11de-8a34-000fb0c85b25}\Shell\Open\command - "" = E:\fakerica//shmekerica.exe
    O33 - MountPoints2\{4abe5674-0856-11e0-8d5c-000fb0c85b25}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{4abe5674-0856-11e0-8d5c-000fb0c85b25}\Shell\AutoRun\command - "" = DVANAEST\\devojkica.exe
    O33 - MountPoints2\{4abe5674-0856-11e0-8d5c-000fb0c85b25}\Shell\explore\command - "" = DVANAEST\\\devojkica.exe
    O33 - MountPoints2\{4abe5674-0856-11e0-8d5c-000fb0c85b25}\Shell\open\command - "" = DVANAEST\\\devojkica.exe
    O36 - AppCertDlls: AppSecDll - (C:\Documents and Settings\All Users\Application Data\vRhJxFbQTomnoX.dll) - C:\Documents and Settings\All Users\Application Data\vRhJxFbQTomnoX.dll ()
    [2011/03/04 10:33:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Deborah Diemont\Start Menu\Programs\Windows Safemode
    [2011/03/04 14:10:29 | 000,000,805 | ---- | C] () -- C:\Documents and Settings\Deborah Diemont\Desktop\Windows Safemode.lnk


    :Files
    ipconfig /flushdns /c
    C:\Documents and Settings\All Users\Application Data\vRhJxFbQTomnoX.dll
    C:\Documents and Settings\Deborah Diemont\yeawl.exe

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
  • 0

#3
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OOps sorry just noticed you were using OTLPE

Start OTLPE as you did previously from CD
Copy the attached Fix.txt to a USB
[attachment=48234:fix.txt]
  • Insert your USB drive with fix.txt on it
  • Start OTLPE
  • Drag and drop fix.txt into the Custom scans and fixes box
  • If you cannot drag and drop for some reason. Then press the Run Fix button and a dialogue box will pop up asking for the location - select the file on your USB drive
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done to normal mode if possible
  • Then post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

  • 0

#4
wjbarth

wjbarth

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Thanks for the help, I was able to repair problem, looking at your logs from this same problem and doing it manually. Thanks for your help, this problem can be closed.
  • 0

#5
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
If you are happy then I will leave the topic open for 24 hours just in case :D
  • 0

#6
wjbarth

wjbarth

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Happy.
  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
:D
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP