[pewsey80]

I have a Toshiba Satellite ProA300 laptop. I had a trojan on my computer this morning that my virus software could not get rid of. Now I have a blue screen that says
0x0000007B (0xba4cf524, 0xc0000034, 0x0000000, 0x00000000)

Please help as I don;t know where to start and my wife has 10 years of work on the computer..Can I use a cd with software on it. Where can I get it from? Can I get it for free?

Many Thanks

[Advertisements]

Hi - If all else fails this may allow you to back up your data to a CD or USB drive. The stop code indicates that there is no boot disc, but that may be the malware. Did your antivirus give a name to the infection ?

Please print these instruction out so that you know what you are doing

File details OTLPENet.exe
Bytes=126,850,486
MB=120.9
MD5=8A7C5BA1C92552ADDCC5E468D0AA069A

• Download OTLPENet.exe to your desktop
• Ensure that you have a blank CD in the drive
• Double click OTLPENet.exe and this will then open imgburn to burn the file to CD
  
• Reboot your system using the boot CD you just created.
  Note : If you do not know how to set your computer to boot from CD follow the steps here
• As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads
  
  
• Your system should now display a Reatogo desktop.
  Note : as you are running from CD it is not exactly speedy
• Double-click on the OTLPE icon.
• Select the Windows folder of the infected drive if it asks for a location
• When asked "Do you wish to load the remote registry", select Yes
• When asked "Do you wish to load remote user profile(s) for scanning", select Yes
• Ensure the box "Automatically Load All Remaining Users" is checked and press OK
• OTL should now start.
• Drag and drop this attached scan.txt into the Custom scans and fixes box
  
• Press Run Scan to start the scan.
• When finished, the file will be saved in drive C:\OTL.txt
• Copy this file to your USB drive if you do not have internet connection on this system.
• Right click the file and select send to : select the USB drive.
• Confirm that it has copied to the USB drive by selecting it
• You can backup any files that you wish from this OS
• Please post the contents of the C:\OTL.txt file in your reply.

[Essexboy]

Hi - If all else fails this may allow you to back up your data to a CD or USB drive. The stop code indicates that there is no boot disc, but that may be the malware. Did your antivirus give a name to the infection ?

Please print these instruction out so that you know what you are doing

File details OTLPENet.exe
Bytes=126,850,486
MB=120.9
MD5=8A7C5BA1C92552ADDCC5E468D0AA069A

• Download OTLPENet.exe to your desktop
• Ensure that you have a blank CD in the drive
• Double click OTLPENet.exe and this will then open imgburn to burn the file to CD
  
• Reboot your system using the boot CD you just created.
  Note : If you do not know how to set your computer to boot from CD follow the steps here
• As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads
  
  
• Your system should now display a Reatogo desktop.
  Note : as you are running from CD it is not exactly speedy
• Double-click on the OTLPE icon.
• Select the Windows folder of the infected drive if it asks for a location
• When asked "Do you wish to load the remote registry", select Yes
• When asked "Do you wish to load remote user profile(s) for scanning", select Yes
• Ensure the box "Automatically Load All Remaining Users" is checked and press OK
• OTL should now start.
• Drag and drop this attached scan.txt into the Custom scans and fixes box
  
• Press Run Scan to start the scan.
• When finished, the file will be saved in drive C:\OTL.txt
• Copy this file to your USB drive if you do not have internet connection on this system.
• Right click the file and select send to : select the USB drive.
• Confirm that it has copied to the USB drive by selecting it
• You can backup any files that you wish from this OS
• Please post the contents of the C:\OTL.txt file in your reply.

[pewsey80]

Drag and drop this attached scan.txt into the Custom scans and fixes box
scan.txt ( 706bytes ) Number of downloads: 1

I don;t understand this part. Can you help me?

Cheers

Steve

[Essexboy]

For sure, the scan text is a small file that I need you to download and then copy to the reatogo desktop via USB or cd, then drag and drop that to the custom scan section. If for some reason you cannot do that then just run the OTL normal scan and post the log back here

[pewsey80]

Just doing a run scan now. Do you think I can fix this problem and get my files off for my wife and have her laptop up and running by tonight?

Many Thanks

Will post when scan finished

Steve

[Essexboy]

I am the eternal optimist

[pewsey80]

OTL logfile created on: 7/2/2010 11:13:34 PM - Run
OTLPE by OldTimer - Version 3.1.39.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 130.15 Gb Free Space | 87.32% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 433.24 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - [2009/12/08 10:00:36 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/05/14 11:54:22 | 000,020,680 | ---- | M] (ESET) [On_Demand] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/05/14 11:47:54 | 000,731,840 | ---- | M] (ESET) [Auto] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2008/08/20 12:38:30 | 000,860,160 | ---- | M] (Intel® Corporation) [Auto] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008/08/20 12:28:34 | 000,348,160 | ---- | M] (Intel® Corporation) [Auto] -- C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe -- (WLANKEEPER) Intel®
SRV - [2008/08/20 12:18:34 | 000,905,216 | ---- | M] (Intel® Corporation) [Auto] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor)
SRV - [2008/08/20 12:08:02 | 000,466,944 | ---- | M] (Intel® Corporation) [Auto] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2007/04/12 21:50:00 | 000,590,712 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\CCM\CcmExec.exe -- (CcmExec)
SRV - [2007/04/12 21:50:00 | 000,251,256 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\CCM\clicomp\RemCtrl\Wuser32.exe -- (Wuser32)
SRV - [2007/03/20 12:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3)
SRV - [2007/02/12 12:43:00 | 000,065,536 | ---- | M] (O2Micro International) [Auto] -- C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe -- (o2flash)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2009/05/14 11:49:32 | 000,094,360 | ---- | M] (ESET) [Kernel | System] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2009/05/14 11:47:14 | 000,107,256 | ---- | M] (ESET) [Kernel | System] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009/05/14 11:41:10 | 000,114,472 | ---- | M] (ESET) [File_System | Auto] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2009/02/11 12:16:30 | 000,732,160 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (CnxtHdAudAddService)
DRV - [2008/12/12 05:33:58 | 006,048,768 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2008/09/10 03:33:43 | 000,285,952 | ---- | M] (Marvell) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2008/08/28 19:34:30 | 003,632,384 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel®
DRV - [2008/08/04 07:32:26 | 000,011,904 | ---- | M] (Intel Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2008/04/14 08:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/03/04 05:12:00 | 000,048,600 | ---- | M] (O2Micro ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\o2media.sys -- (O2MDRDR)
DRV - [2007/11/01 13:26:00 | 000,989,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/11/01 13:25:00 | 000,731,520 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/11/01 13:25:00 | 000,211,456 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007/05/29 06:01:00 | 000,006,912 | ---- | M] (TOSHIBA) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\QIOMem.sys -- (QIOMem)
DRV - [2007/04/12 21:50:00 | 000,023,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\CCM\PrepDrv.sys -- (prepdrvr)
DRV - [2006/02/08 22:50:00 | 000,011,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\kbstuff5.sys -- (kbstuff)
DRV - [2006/02/08 22:50:00 | 000,008,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\idisw2km.sys -- (idisw2km)
DRV - [2006/01/12 12:21:18 | 000,031,872 | ---- | M] (Quanta Computer, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\qkbfiltr.sys -- (qkbfiltr)
DRV - [2005/06/10 17:42:00 | 000,005,504 | ---- | M] (Quanta Computer Corp) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BoiHwSetup.sys -- (BoiHwsetup)
DRV - [2005/05/05 10:27:38 | 000,007,936 | ---- | M] (Quanta Computer, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\qmofiltr.sys -- (qmofiltr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://portal
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\ashra.217_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://portal
IE - HKU\ashra.217_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\ashra.217_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


IE - HKU\josh_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://portal
IE - HKU\josh_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\josh_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


IE - HKU\Louise.Norbury_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://portal
IE - HKU\Louise.Norbury_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://portal
IE - HKU\Louise.Norbury_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\Louise.Norbury_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\Louise.Norbury_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577

IE - HKU\meat.cleaver_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://portal
IE - HKU\meat.cleaver_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\meat.cleaver_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010/01/12 11:56:28 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2008/04/14 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\ashra.217_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\Louise.Norbury_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel® Corporation)
O4 - HKLM..\Run: [ojlglsth] C:\Documents and Settings\Louise.Norbury\Local Settings\Application Data\ojjimfhpu\gfouniqtssd.exe ()
O4 - HKLM..\Run: [Toshiba Controls Utility] C:\Program Files\TOSHIBA\Controls\VolumeIndicator.exe (TOSHIBA Inc.)
O4 - HKLM..\Run: [Toshiba Hotkey Utility] C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe (TOSHIBA Inc.)
O4 - HKU\Louise.Norbury_ON_C..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\Louise.Norbury_ON_C..\Run: [ojlglsth] C:\Documents and Settings\Louise.Norbury\Local Settings\Application Data\ojjimfhpu\gfouniqtssd.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\shortcut_PaperCut.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMSAppLogo5ChannelNotify = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideShutdownScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonType = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\ashra.217_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\ashra.217_ON_C\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\ashra.217_ON_C\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\ashra.217_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\ashra.217_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRun = 1
O7 - HKU\ashra.217_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogOff = 1
O7 - HKU\ashra.217_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O7 - HKU\ashra.217_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisablePersonalDirChange = 1
O7 - HKU\ashra.217_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 1 = \\bombur\cdrom$\phil\firewall.vbs
O7 - HKU\ict.user_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\ict.user_ON_C\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\ict.user_ON_C\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\ict.user_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\ict.user_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogOff = 1
O7 - HKU\ict.user_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O7 - HKU\josh_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\josh_ON_C\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\josh_ON_C\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\josh_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\josh_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRun = 1
O7 - HKU\josh_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogOff = 1
O7 - HKU\josh_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O7 - HKU\josh_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisablePersonalDirChange = 1
O7 - HKU\josh_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 1 = \\bombur\cdrom$\phil\firewall.vbs
O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Louise.Norbury_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\Louise.Norbury_ON_C\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\Louise.Norbury_ON_C\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\Louise.Norbury_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Louise.Norbury_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogOff = 1
O7 - HKU\Louise.Norbury_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 1
O7 - HKU\Louise.Norbury_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
O7 - HKU\Louise.Norbury_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\Louise.Norbury_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetConnectDisconnect = 1
O7 - HKU\Louise.Norbury_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoManageMyComputerVerb = 1
O7 - HKU\Louise.Norbury_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 1
O7 - HKU\Louise.Norbury_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 1
O7 - HKU\Louise.Norbury_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoComputersNearMe = 1
O7 - HKU\Louise.Norbury_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPublishingWizard = 1
O7 - HKU\Louise.Norbury_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoOnlinePrintsWizard = 1
O7 - HKU\Louise.Norbury_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 1
O7 - HKU\Louise.Norbury_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuEjectPC = 1
O7 - HKU\Louise.Norbury_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\Louise.Norbury_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 1
O7 - HKU\Louise.Norbury_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O7 - HKU\Louise.Norbury_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRun = 1
O7 - HKU\Louise.Norbury_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisablePersonalDirChange = 1
O7 - HKU\Louise.Norbury_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 1 = \\bombur\cdrom$\phil\firewall.vbs
O7 - HKU\Louise.Norbury_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\Louise.Norbury_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConnectHomeDirToRoot = 1
O7 - HKU\Louise.Norbury_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 1
O7 - HKU\meat.cleaver_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\meat.cleaver_ON_C\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\meat.cleaver_ON_C\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\meat.cleaver_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\meat.cleaver_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRun = 1
O7 - HKU\meat.cleaver_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogOff = 1
O7 - HKU\meat.cleaver_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O7 - HKU\meat.cleaver_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 1 = \\bombur\cdrom$\phil\firewall.vbs
O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1260354654658 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = newcollege.ac.uk
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (IWPDGINA.DLL) - C:\WINDOWS\System32\IWPDGINA.dll (Intel® Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/12/08 05:38:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/07/02 10:44:01 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/07/02 02:00:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Louise.Norbury\Local Settings\Application Data\ESET
[2010/07/02 01:37:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Louise.Norbury\Local Settings\Application Data\ojjimfhpu
[4 C:\Documents and Settings\Louise.Norbury\*.tmp files -> C:\Documents and Settings\Louise.Norbury\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/07/02 23:00:51 | 006,029,312 | -H-- | M] () -- C:\Documents and Settings\Louise.Norbury\NTUSER.DAT
[2010/07/02 10:53:56 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2010/07/02 10:53:56 | 000,237,568 | -H-- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2010/07/02 10:53:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/02 10:53:35 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/02 10:53:32 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Louise.Norbury\ntuser.ini
[2010/07/02 07:51:14 | 000,502,838 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/02 07:51:14 | 000,429,002 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/02 07:51:14 | 000,066,508 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/07/02 07:47:25 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/07/02 07:46:52 | 000,000,463 | ---- | M] () -- C:\WINDOWS\SMSCFG.ini
[2010/07/02 07:46:01 | 3211,186,176 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/29 16:35:00 | 000,000,332 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/06/16 10:09:33 | 000,047,190 | RHS- | M] () -- C:\Documents and Settings\Louise.Norbury\ntuser.pol
[2010/06/16 04:02:20 | 000,000,244 | ---- | M] () -- C:\WINDOWS\hpbafd.ini
[2010/06/14 04:01:07 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[4 C:\Documents and Settings\Louise.Norbury\*.tmp files -> C:\Documents and Settings\Louise.Norbury\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/01 07:31:08 | 000,000,024 | ---- | C] () -- C:\Documents and Settings\Louise.Norbury\nar2010i1.txt
[2010/03/01 07:31:08 | 000,000,024 | ---- | C] () -- C:\Documents and Settings\Louise.Norbury\nar2010i.txt
[2010/02/06 03:44:40 | 000,000,592 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/01/13 03:43:07 | 000,036,864 | ---- | C] () -- C:\Documents and Settings\Louise.Norbury\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/14 07:18:41 | 000,000,244 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2009/12/09 08:23:01 | 000,047,190 | RHS- | C] () -- C:\Documents and Settings\Louise.Norbury\ntuser.pol
[2009/12/09 08:23:01 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\Louise.Norbury\ntuser.dat.LOG
[2009/12/09 08:23:01 | 000,000,278 | -HS- | C] () -- C:\Documents and Settings\Louise.Norbury\ntuser.ini
[2009/12/09 08:23:00 | 006,029,312 | -H-- | C] () -- C:\Documents and Settings\Louise.Norbury\NTUSER.DAT
[2009/12/09 07:54:32 | 000,159,096 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/12/09 06:18:09 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/12/09 06:13:57 | 000,008,020 | RHS- | C] () -- C:\Documents and Settings\ict.user\ntuser.pol
[2009/12/09 06:13:56 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\ict.user\ntuser.ini
[2009/12/09 06:13:54 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\ict.user\ntuser.dat.LOG
[2009/12/09 06:13:51 | 000,786,432 | -H-- | C] () -- C:\Documents and Settings\ict.user\NTUSER.DAT
[2009/12/09 05:38:19 | 000,009,602 | RHS- | C] () -- C:\Documents and Settings\ashra.217\ntuser.pol
[2009/12/09 05:38:17 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\ashra.217\ntuser.ini
[2009/12/09 05:38:16 | 000,073,728 | -H-- | C] () -- C:\Documents and Settings\ashra.217\ntuser.dat.LOG
[2009/12/09 05:38:15 | 001,048,576 | -H-- | C] () -- C:\Documents and Settings\ashra.217\NTUSER.DAT
[2009/12/08 11:00:42 | 000,009,602 | RHS- | C] () -- C:\Documents and Settings\josh\ntuser.pol
[2009/12/08 11:00:40 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\josh\ntuser.ini
[2009/12/08 11:00:39 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\josh\ntuser.dat.LOG
[2009/12/08 11:00:38 | 000,524,288 | -H-- | C] () -- C:\Documents and Settings\josh\NTUSER.DAT
[2009/12/08 10:12:17 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2009/12/08 09:48:50 | 000,000,463 | ---- | C] () -- C:\WINDOWS\SMSCFG.ini
[2009/12/08 06:32:04 | 000,009,602 | RHS- | C] () -- C:\Documents and Settings\meat.cleaver\ntuser.pol
[2009/12/08 06:32:03 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\meat.cleaver\ntuser.ini
[2009/12/08 06:32:02 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\meat.cleaver\ntuser.dat.LOG
[2009/12/08 06:32:01 | 000,786,432 | -H-- | C] () -- C:\Documents and Settings\meat.cleaver\NTUSER.DAT
[2009/12/08 05:41:37 | 000,262,144 | -H-- | C] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2009/12/08 05:41:37 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\LocalService\ntuser.dat.LOG
[2009/12/08 05:41:37 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\LocalService\ntuser.ini
[2009/12/08 05:41:28 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\NetworkService\ntuser.dat.LOG
[2009/12/08 05:41:28 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\NetworkService\ntuser.ini
[2009/12/08 05:41:27 | 000,237,568 | -H-- | C] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2009/07/21 03:45:58 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v5016.dll
[2009/06/17 09:32:06 | 000,000,051 | ---- | C] () -- C:\WINDOWS\KeyScript.ini
[2009/03/02 15:10:48 | 000,067,584 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/12/07 15:08:06 | 000,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/12/07 15:08:04 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/11/06 13:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/09/16 16:23:26 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2007/12/18 09:47:00 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\TPeculiarity.dll
[2007/12/14 12:01:00 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\tsbwls.dll
[2007/07/10 13:10:12 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2003/01/07 11:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/10/28 12:42:30 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[1998/10/10 19:07:38 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll

========== LOP Check ==========

[2009/12/09 06:12:53 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\OpenOffice.org
[2009/07/10 14:50:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Louise.Norbury\Application Data\Hermitech Laboratory
[2009/07/10 14:36:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Louise.Norbury\Application Data\InterVideo
[2010/04/30 16:19:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Louise.Norbury\Application Data\TeamViewer
[2010/06/29 16:35:00 | 000,000,332 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job

========== Purity Check ==========


< End of report >

Attached Files

•  OTL.Txt   61.55KB   128 downloads

[pewsey80]

What do I do next and how can I get the bad malware/trojan from the computer...Is this the next task?

[Essexboy]

Start OTLPE as you did previously from CD
Copy the attached Fix.txt to a USB

• Insert your USB drive with fix.txt on it
• Start OTLPE
• Drag and drop fix.txt into the Custom scans and fixes box
• If you cannot drag and drop for some reason. Then press the Run Fix button and a dialogue box will pop up asking for the location - select the file on your USB drive
• Then click the Run Fix button at the top
• Let the program run unhindered, reboot when it is done to normal mode if possible
• Then post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

[pewsey80]

Let the program run unhindered, reboot when it is done to normal mode if possible
Then post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

A little confused over this part.
I have done it up to this part. But don;t know what you mean when you say reboot in normal mode and then post a new otl log???

[pewsey80]

========== OTL ==========
HKU\Louise.Norbury_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\Louise.Norbury_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ojlglsth not found.
File C:\Documents and Settings\Louise.Norbury\Local Settings\Application Data\ojjimfhpu\gfouniqtssd.exe not found.
Registry value HKEY_USERS\Louise.Norbury_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\ojlglsth not found.
File C:\Documents and Settings\Louise.Norbury\Local Settings\Application Data\ojjimfhpu\gfouniqtssd.exe not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Infodelivery\ not found.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Infodelivery\ not found.
Registry key HKEY_USERS\ashra.217_ON_C\Software\Policies\Microsoft\Internet Explorer\Infodelivery\ not found.
Registry value HKEY_USERS\ashra.217_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\1 not found.
Registry key HKEY_USERS\ict.user_ON_C\Software\Policies\Microsoft\Internet Explorer\Infodelivery\ not found.
Registry key HKEY_USERS\josh_ON_C\Software\Policies\Microsoft\Internet Explorer\Infodelivery\ not found.
Registry value HKEY_USERS\josh_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\1 not found.
Registry key HKEY_USERS\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\Infodelivery\ not found.
Registry key HKEY_USERS\Louise.Norbury_ON_C\Software\Policies\Microsoft\Internet Explorer\Infodelivery\ not found.
Registry value HKEY_USERS\Louise.Norbury_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\1 not found.
Registry value HKEY_USERS\Louise.Norbury_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools not found.
Registry key HKEY_USERS\meat.cleaver_ON_C\Software\Policies\Microsoft\Internet Explorer\Infodelivery\ not found.
Registry value HKEY_USERS\meat.cleaver_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\1 not found.
Registry key HKEY_USERS\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\Infodelivery\ not found.
Folder C:\Documents and Settings\Louise.Norbury\Local Settings\Application Data\ojjimfhpu\ not found.
========== FILES ==========
File\Folder C:\WINDOWS\tasks\At*.job not found.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator

User: All Users

User: ashra.217
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: ict.user
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: josh
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Louise.Norbury
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: meat.cleaver
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

Total Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: ashra.217
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: ict.user
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: josh
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Louise.Norbury
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: meat.cleaver
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTLPE by OldTimer - Version 3.1.39.0 log created on 07032010_032127

[pewsey80]

I hope I have done it right....

[pewsey80]

What next Essex boy

[Essexboy]

Can you now get into normal mode on the computer ? I.e. remove the CD reboot does it start windows normally ?

[pewsey80]

Just trying now...