Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

FBI Green Dot Moneypak Virus has locked my computer [Closed]


  • This topic is locked This topic is locked

#16
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
How is the computer behaving now ?


Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:OTL
O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll ()
[2012/12/08 23:06:32 | 000,000,000 | ---D | C] -- C:\Program Files\Web Assistant

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

Advertisements


#17
Aluckett

Aluckett

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Here is the latest quick scan output:
OTL logfile created on: 12/11/2012 11:45:18 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = E:\Documents and Settings\Owner.YOUR-6B8A726152\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

893.59 Mb Total Physical Memory | 433.96 Mb Available Physical Memory | 48.56% Memory free
2.12 Gb Paging File | 1.76 Gb Available in Paging File | 83.09% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 49.89 Gb Free Space | 66.95% Space Free | Partition Type: NTFS
Drive E: | 143.75 Gb Total Space | 97.55 Gb Free Space | 67.86% Space Free | Partition Type: NTFS
Drive F: | 5.28 Gb Total Space | 2.24 Gb Free Space | 42.44% Space Free | Partition Type: FAT32

Computer Name: AL-PC | User Name: AL | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/12/11 13:19:23 | 000,916,960 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/11/24 14:17:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- E:\Documents and Settings\Owner.YOUR-6B8A726152\Desktop\OTL.exe
PRC - [2012/09/13 08:26:52 | 001,006,448 | ---- | M] () -- C:\WINDOWS\system32\dmwu.exe
PRC - [2012/08/03 15:22:18 | 000,352,248 | ---- | M] (Verizon) -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
PRC - [2012/06/13 21:08:56 | 027,595,032 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\AL\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/12/11 13:19:22 | 002,397,152 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/11/14 17:22:21 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\31b7eef43a23e7c6e93594be583f3d08\System.ServiceProcess.ni.dll
MOD - [2012/11/14 17:20:43 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\41cac4885974d07de06f0b4fec9883f0\System.Configuration.ni.dll
MOD - [2012/11/14 16:53:48 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\d35b50eb6bb7b1bfb6592419d9feba47\System.Xml.ni.dll
MOD - [2012/11/14 16:50:24 | 007,977,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\90ad0c96693527ae685ff40019bb33b0\System.ni.dll
MOD - [2012/11/14 16:50:09 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\3add69b075f3da012fb97ce00cd795c0\mscorlib.ni.dll
MOD - [2012/09/13 08:26:52 | 001,006,448 | ---- | M] () -- C:\WINDOWS\system32\dmwu.exe
MOD - [2012/09/13 08:24:48 | 000,028,160 | ---- | M] () -- C:\WINDOWS\system32\ImHttpComm.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012/12/11 13:19:23 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/13 08:26:52 | 001,006,448 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\dmwu.exe -- (WebOptimizer)
SRV - [2012/08/03 15:22:18 | 000,352,248 | ---- | M] (Verizon) [Auto | Running] -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ADMINI~1.AL-\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2012/11/21 23:55:19 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2008/04/13 22:05:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139)
DRV - [2005/09/23 18:56:28 | 003,966,976 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2005/07/22 11:02:12 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/07/22 11:01:10 | 000,231,168 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2005/07/22 11:01:00 | 000,717,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {35CE37D6-BD17-4CD9-8B38-10991C734297}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{35CE37D6-BD17-4CD9-8B38-10991C734297}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {35CE37D6-BD17-4CD9-8B38-10991C734297}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{35CE37D6-BD17-4CD9-8B38-10991C734297}: "URL" = http://www.google.co...1I7ADFA_enUS461
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/12/11 13:19:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/11/12 10:56:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\AL\Application Data\Mozilla\Extensions
[2012/12/11 13:19:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/12/11 13:19:23 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/10/24 12:50:17 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/24 12:50:17 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\AL\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Documents and Settings\AL\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Gmail = C:\Documents and Settings\AL\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2012/12/11 23:34:58 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - Startup: C:\Documents and Settings\AL\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\AL\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.252.0.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5BBE297A-591D-4E6C-8592-DC87B2EEA02F}: DhcpNameServer = 192.168.1.1 71.252.0.12
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/11/15 10:58:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/06/17 04:41:16 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/12/11 13:19:11 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/12/09 17:16:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AL\My Documents\Downloads
[2012/11/23 20:38:03 | 000,000,000 | ---D | C] -- C:\FRST
[2012/11/12 10:55:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AL\Local Settings\Application Data\Mozilla
[2012/11/12 10:55:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AL\Application Data\Mozilla
[2012/11/12 10:55:32 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/11/12 10:55:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla

========== Files - Modified Within 30 Days ==========

[2012/12/11 23:37:05 | 000,000,874 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/11 23:37:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/12/11 23:34:58 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/12/11 23:21:06 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/12/11 23:13:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/12/11 22:48:11 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/12/11 18:27:32 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012/12/11 07:58:33 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/11/26 17:10:40 | 000,082,156 | ---- | M] () -- C:\Documents and Settings\AL\My Documents\Middle School AAP-FCPS meetings[1].pdf
[2012/11/21 23:55:19 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/11/16 08:04:45 | 000,192,184 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/11/16 07:35:19 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/11/15 05:34:59 | 000,144,817 | ---- | M] () -- C:\Documents and Settings\AL\My Documents\Robo Jacob's friend Ray photo
[2012/11/14 09:29:22 | 000,456,342 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/11/14 09:29:22 | 000,075,248 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/11/12 10:55:34 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\AL\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/11/12 10:55:34 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

========== Files Created - No Company Name ==========

[2012/11/26 17:10:40 | 000,082,156 | ---- | C] () -- C:\Documents and Settings\AL\My Documents\Middle School AAP-FCPS meetings[1].pdf
[2012/11/15 05:36:00 | 000,144,817 | ---- | C] () -- C:\Documents and Settings\AL\My Documents\Robo Jacob's friend Ray photo
[2012/11/12 10:55:34 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\AL\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/11/12 10:55:34 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012/11/12 10:55:34 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/10/21 08:49:56 | 000,000,072 | ---- | C] () -- C:\Documents and Settings\AL\Application Data\mbam.context.scan
[2012/08/22 12:45:28 | 001,006,448 | ---- | C] () -- C:\WINDOWS\System32\dmwu.exe
[2012/08/22 12:45:28 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\ImHttpComm.dll
[2012/06/16 19:16:58 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/06/16 19:16:58 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/06/16 19:16:58 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/06/16 19:16:58 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/06/16 19:16:58 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/06/15 04:02:49 | 000,767,928 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll0616.old
[2012/03/31 11:30:10 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD_Start.INI
[2012/02/15 08:11:58 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/12/14 03:05:32 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2011/12/08 21:08:32 | 000,032,768 | ---- | C] () -- C:\WINDOWS\unvise32.dll
[2011/11/27 18:41:39 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/11/27 05:42:26 | 000,015,872 | ---- | C] () -- C:\Documents and Settings\AL\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/15 11:01:11 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/11/15 10:55:54 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/11/15 04:46:29 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/11/15 04:45:20 | 000,192,184 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== ZeroAccess Check ==========

[2012/07/07 10:10:45 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2011/09/05 08:56:22 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 05:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/12/11 23:37:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\AL\Application Data\Dropbox
[2011/11/19 21:26:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\AL\Application Data\ICAClient
[2012/10/14 08:46:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\AL\Application Data\TaxCut
[2012/01/31 18:38:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\AL\Application Data\Windows Desktop Search
[2012/02/10 07:50:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\AL\Application Data\Windows Search
[2012/10/21 08:58:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\38532605394E7F6400003852EDB4819A
[2012/05/20 18:16:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TaxCut

========== Purity Check ==========



< End of report >

The computer seems to be working well, fast and clean. I appear to have the same functionality I had before Mr. Moneypak came along (which is compromised because I lost many start menu links a few months ago. For example, going to All Programs\Microsoft Office\ brings up one choice: Microsoft Office Tools\(empty)) I have a couple of questions:

1.) Does it matter which version of OTL is being run? The version in your screen, 53 something, shows a check box for "64-bit scans" which doesn't appear on the version 69 I have run the last few times.

2.) Boot sequence confuses me. When I access the boot menu on startup, the E:\ drive is on top on the list and highlighted. Hit enter, and the E:\ drive boots. However, in most instances, it appears the computer will boot the system on the C:\ drive, if left to its own devices and I don't intervene on the boot menu.

Feel like I've got a lot to learn and a lot to do to clean this computer up.

Thanks again for your guidance and patience thus far. You've got me well back in functioning shape. Al
  • 0

#18
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
As you are running XP the 64bit option will not be visible for you

What do you have on the E drive ?

You can alter the way windows boots so that you do not see that option

For the MSOffice tools folder you can create a new shortcut for that, or are you more than that missing ?
  • 0

#19
Aluckett

Aluckett

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Thanks for explaining the 64-bit question.

I figured out to access the Bios menu and tweak the order of the hard drives. In retrospect, it seems that should have been a little more obvious to me. I thought the order that appeared in the boot menu ruled.

On that E:\ drive, I did create a separate shortcut to Word. I access Excel by finding an Excel file and double clicking on it. I probably could do more of that for the other Office applications. The condition of that entire section is not good. After clicking "All Programs", a list of 19 applications initially appears, but most of the choices are "Empty" once I try to click through to access details if a selection should have sub-menu items. So, clicking up Microsoft Office brings up only Tools, then <empty>. "Games" is <empty>.

A computer guy where I worked helped me out maybe a year ago after a hard disk failure. Since I was concerned about trying to recover files and wasn't willing to just re-format the entire hard disk (many of the files got garbled or may have just had fragments, renamed in a recovery effort--Gateway's "PC Angel" appears to have been anything but), my recollection is that he suggested a temporary fix of partitioning the hard drive, so I could look at the old areas and copy recoverable or useable files over. He made the new partition bootable and installed our company version of Microsoft Office on the E:\drive, and some other programs were installed there by him or by me. Some recovered files and many created since then have been saved out to variants of "My Documents" on the E:\ drive, so it has become the default drive for over a year. However, there are a lot of old files on C:\, and the different combinations of "My Documents", users and temp files makes it disorganized and very confusing to find and re-group. At some point, I may need to just bite the bullet and re-format the hard drive. Maybe a backup hard drive is a solution.

The office computer guy is willing to take the computer in again and re-install the Office application. This may deal with part of the issue. I know I'm not giving you much to go on.

Do you have recommendations on Internet browsers? We had been using Internet Explorer, but lately have tended toward Mozilla Firefox or Google Chrome. And, obviously, I need to beef up anti-virus. Al
  • 0

#20
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Lets try this and see if we can get them back

Restore Accessories Program Files Menu

Please download this tool


You will need to unzip the tool first.

Once you've unzipped the tool, please double-click on it to run it.

Ensure that the following check boxes are checked (as seen in this image below):

Posted Image


Once they are, click on the Restore button.



Restore Admin Tools Program Files Menu

Please download this tool .

You will need to unzip the tool first.

Once you've unzipped the tool, please double-click on it to run it.

Click on the Restore Administrative Tools Items button.

As seen in this image below:

Posted Image


This next one will produce the necessary shortcut links which you can cut and paste into the start menu folder
Download the Repair.vbs file to your destop
Run the repair.vbs
It will ask for a folder name call it recovery
The tool will let you know when it is finished
On the desktop will be a recovery folder
Open the folder
Cut and Paste the links that you want to C:\documents and settings\your name\start menu

Posted Image


Posted Image
  • 0

#21
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP