-
Content Count
262 -
Joined
-
Last visited
Content Type
Profiles
Forums
Calendar
Posts posted by jwbirdsong
-
-
Please visit the webpage HERE for instructions for downloading and running ComboFix.
Post the log from ComboFix once you done that.
-
Well, I can again access internet through browser.
I was hoping that would be the case.
Using Internet Explorer please do an online scan with Kaspersky Online Scanner
Click on Kaspersky Online Scanner
Click "I accept"
You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
- The program will launch and then start to download the latest definition files.
- Once the scanner is installed and the definitions downloaded, click Next.
- Now click on Scan Settings
- In the scan settings make sure that the following are selected:
- Scan using the following Anti-Virus database:
- Extended (If available otherwise Standard)
[*]Scan Options:
- Scan Archives
- Scan Mail Bases
- Extended (If available otherwise Standard)
[*]Click OK
[*]Now under select a target to scan select My Computer
[*]The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
[*]Now click on the Save report button.
[*]Call it Kaspersky.txt
[*]Expand the arrow beside "file types" and save as .txt file.
[*]Save the file to your desktop.
[*]Copy and paste that information in your next post.
- Scan using the following Anti-Virus database:
*Note
If you have Internet Explorer 7 installed:
If you have trouble getting past the initial download you may need to use the "zoom" tool at bottom right of the scanner window and increase it to 125% to see and press the "accept" button.
Page will reload and you should be able to carry on scan.
If the KAV log has your email all over it -- please attach it rather than copy/paste.
Run a fresh Combofix log
Post [*]KAV results[*]Combofix log
in your next reply.
- The program will launch and then start to download the latest definition files.
-
Logs looking LOTS better. Are you still getting redirects/blocked sites? You seem to have 2 AV running at one. One is a MUST but two can/will lead to problems. If you wish to use AVG and Norton360..make sure Norton AV is disable.
This could have been some of the blocked site issue.
No overt sign of any malware left but the log is wayy old...my fault.
Please post
- Fresh HJT
- Fresh OTViewIt
- description of any problems issues you are still having
in your reply
- Fresh HJT
-
Sorry your post has sat unanswered for so long .For a variety of reasons I've been unable to reply. I will post as soon after work today as possible
-
Sorry your post has sat unanswered for so long .For a variety of reasons I've been unable to reply. I will post as soon after work today as possible
-
Please download the OTMoveIt3 by OldTimer.
- Save it to your desktop.
- Please click OTMoveIt3 and then click >> run.
- Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
:files
C:\WINDOWS\System32\uniq.tll
C:\WINDOWS\System32\frmwrk32.exe
C:WINDOWS\System32\pcload.exe
C:\Documents and Settings\tom 1\Desktop\kjgjo.exe
C:\Documents and Settings\tom 1\Desktop\SDFix.exe
C:\WINDOWS\System32\*.tmp
C:\WINDOWS\*.tmp
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Framework Windows"=-
:Commands
[EmptyTemp]
[Reboot] - Return to OTMoveIt3, right click in the "Paste Instructions for items to be Moved" window (under the yellow bar) and choose Paste.
- Click the red Moveit! button.
- Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
- Close OTMoveIt3
Note: If an item cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
After rebooting please run the F-Secure Online Scanner
Note: This Scanner is for Internet Explorer Only!
- Click on the Start Scanning button at bottom of page.
- Accept the License Agreement and the ActiveX install.
- Once the ActiveX installs,Click Full System Scan
- Once the download completes,the scan will begin automatically.
- The scan will take some time to finish,so please be patient.
- When the scan completes, click the Automatic cleaning (recommended) button.
- Click the Show Report button and Copy&Paste the entire report to your Desktop for posting.
Please post
- C:\_OTMoveIt\MovedFiles\date_time_ran_OtMoveIt.log
- F-Secure log
- New OtViewIt logs(s)
in your reply here.
- Save it to your desktop.
-
Yeah you've got some ugly infections w/ some probably renamed files. Let's sort this out efficently.
Please go HERE and follow the directions for Downloading and running Combofix. Post it's log once done.
-
Step 1
Please download ATF Cleaner by Atribune.
- Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browser
- Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
- Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
Step 2
Download OTViewIt to your desktop.
- Close all windows and open it
- Click Run Scan and let the program run uninterrupted
- It will produce two logs for you, one will pop up called OTViewIt.txt, the other will be saved on your desktop and called Extras. Post both those logs here. You can ATTACH both of these if needed.
- You may need to use two posts to get it all on the forum or ATTACH OTviewit logs
Please post
- OTViewIt logs
in your reply. You can ATTACH one if needed.
EDIT: IMMEDIATLY after a reboot try MBAM again and npost a log from that if able.
- Double-click ATF-Cleaner.exe to run the program.
-
Please visit the webpage HERE for instructions for downloading and running ComboFix.
Post the log from ComboFix once you done that.
-
Please visit the webpage HERE for instructions for downloading and running ComboFix.
Post the log from ComboFix once you done that.
-
Step 1
Please download ATF Cleaner by Atribune.
- Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browser
- Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
- Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
Step 2
Download Malwarebytes' Anti-Malware from Here or Here
Double Click mbam-setup.exe to install the application.
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Quick Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy&Paste the entire report in your next reply along with a the following log.
Step 3
Download OTViewIt to your desktop.
- Close all windows and open it
- Click Run Scan and let the program run uninterrupted
- It will produce two logs for you, one will pop up called OTViewIt.txt, the other will be saved on your desktop and called Extras. Post both those logs here.
- You may need to use two posts to get it all on the forum
- Double-click ATF-Cleaner.exe to run the program.
-
Step 1
Please download ATF Cleaner by Atribune.
- Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browser
- Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
- Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
Step 2
Download OTViewIt to your desktop.
- Close all windows and open it
- Click Run Scan and let the program run uninterrupted
- It will produce two logs for you, one will pop up called OTViewIt.txt, the other will be saved on your desktop and called Extras. Post both those logs here.
- You may need to use two posts to get it all on the forum
- Double-click ATF-Cleaner.exe to run the program.
-
Step 1
Please download ATF Cleaner by Atribune.
- Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browser
- Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
- Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
Step 2
Download Malwarebytes' Anti-Malware from Here or Here
Double Click mbam-setup.exe to install the application.
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Quick Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy&Paste the entire report in your next reply along with a the following log.
Step 3
Download OTViewIt to your desktop.
- Close all windows and open it
- Click Run Scan and let the program run uninterrupted
- It will produce two logs for you, one will pop up called OTViewIt.txt, the other will be saved on your desktop and called Extras. Post both those logs here.
- You may need to use two posts or you can ATTACH the OTView logs.
Please post
- MBAM log
- OtViewit log (can be attached)
in your next post.
- Double-click ATF-Cleaner.exe to run the program.
-
Are you still getting the popups or just now looking for a clean bill of health. LOOKS like MBAM got rid of any issues. SAS runs clean (After MBAM run?) If you are still having issues post the following logs.
Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click ddsto run the tool.
- When done, DDS will open two (2) logs
- DDS.txt
- Attach.txt
[*]Save both reports to your desktop.
- DDS.txt
-- Note: The screen instructions will indicate the attach.txt must be zipped before attaching to your forum post. Instead, we want you to just include attach.txt as an attachment to upload using the "Browse" button in the text editor when making your reply. No need to zip it.
In your next reply post
- DDS.txt
- Attach.txt <<---- Attached
in your next reply.
- When done, DDS will open two (2) logs
-
Start by downloading Malwarebytes' Anti-Malware from Here or Here
Double Click mbam-setup.exe to install the application.
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Quick Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy&Paste the entire report in your next reply along with a DDS logs (instructions follow).
Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click ddsto run the tool.
- When done, DDS will open two (2) logs
- DDS.txt
- Attach.txt
[*]Save both reports to your desktop.
- DDS.txt
-- Note: The screen instructions will indicate the attach.txt must be zipped before attaching to your forum post. Instead, we want you to just include attach.txt as an attachment to upload using the "Browse" button in the text editor when making your reply. No need to zip it.
In your next reply post
- MBAM log
- DDS.txt
- Attach.txt
in your next reply.
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
-
Try the last version that supports Win98 available from HERE and see if it will "reset" your sytem back to compatable settings.
-
Sorry, guess the reply from Samuel John threw me off somehow.
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only
- Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browser
- Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
- Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
REBOOT
Next download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.
- Close any open browsers.
- If your Real protection or Antivirus intervenes with OTScanIt, allow it to run.
- Open the OTScanit folder and double-click on OTScanit.exe to start the program.
(Vista users, please right click on OtScanIt.exe and select "Run as an Administrator") - Leave all the setting to the default except as noted below
- Change the setting under BOTH files created and file modified within to 90 days.
- Under Additional Scans sections, check the following
- Reg - BotCheck
- File - Additional Folder Scan
- Reg - BotCheck
[*]Now click the Run Scan button on the toolbar.
[*]The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
[*]When the scan is complete Notepad will open with the report file loaded in it.
[*]Save that notepad file
- Change the setting under BOTH files created and file modified within to 90 days.
Since the log is too large to post, use the ADDREPLY button, then scroll down to the attachments section and attach the notepad file here.
- Double-click ATF-Cleaner.exe to run the program.
-
Start OtScanIt. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.
[Kill Explorer]
[Unregister Dlls]
[Processes - Non-Microsoft Only]
YY -> servupdate.exe -> %SystemRoot%\system32\servupdate.exe
[Win32 Services - Non-Microsoft Only]
YY -> (TASKMNGR) Windows Task Services [Win32_Own | Auto | Stopped] -> %SystemRoot%\system\taskmngr.exe
[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> Windows USB Monitor -> %SystemRoot%\system32\servupdate.exe [servupdate.exe]
< RunServices [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
YY -> Windows USB Monitor -> %SystemRoot%\system32\servupdate.exe [servupdate.exe]
[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > ->
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\System32\servupdate.exe -> C:\WINDOWS\system32\servupdate.exe [C:\WINDOWS\System32\servupdate.exe:*:Enabled:Windows USB Monitor]
[Files/Folders - Created Within 30 days]
NY -> av.exe -> %SystemRoot%\System32\av.exe
NY -> servupdate.exe -> %SystemRoot%\System32\servupdate.exe
NY -> 2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
[Files Created - Additional Folder Scans - Non-Microsoft Only]
NY -> @Alternate Data Stream - 135 bytes -> %AllUsersProfile%\Application Data\TEMP:DFC5A2B2
[Files/Folders - Modified Within 90 days]
NY -> 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
NY -> i -> %SystemRoot%\System32\i
NY -> servupdate.exe -> %SystemRoot%\System32\servupdate.exe
NY -> 2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
NY -> 1 C:\Documents and Settings\Josh Stegall\Local Settings\Temp\is-IMRJR.tmp\_isetup\*.tmp files -> C:\Documents and Settings\Josh Stegall\Local Settings\Temp\is-IMRJR.tmp\_isetup\*.tmp
NY -> 1 C:\Documents and Settings\Josh Stegall\Local Settings\Temp\is-LV4V0.tmp\_isetup\*.tmp files -> C:\Documents and Settings\Josh Stegall\Local Settings\Temp\is-LV4V0.tmp\_isetup\*.tmp
NY -> 12 C:\Documents and Settings\Josh Stegall\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Josh Stegall\Local Settings\Temp\*.tmp
[Empty Temp Folders]
[Start Explorer]
[ZipFiles]
[Reboot]The fix should only take a very short time. You run will take a few minutes because I'm zipping up some files for submition.
When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix.
If it reboots this may not happen. You need to manually find the file. it is at Desktop\OTScanIt\MovedFiles4112008_163441.log or what ever yours is named(Date/Time you ran the fix)
In your case there will also be a 04112008_163441.ZIP there also. Please upload this zip file to HERE then continue with the following.
Please run the F-Secure Online Scanner
Note: This Scanner is for Internet Explorer Only!
- Click on the Start Scanning button at bottom of page.
- Accept the License Agreement and the ActiveX install.
- Once the ActiveX installs,Click Full System Scan
- Once the download completes,the scan will begin automatically.
- The scan will take some time to finish,so please be patient.
- When the scan completes, click the Automatic cleaning (recommended) button.
- Click the Show Report button and Copy&Paste the entire report to your Desktop for later posting.
Please post
- OTscan it "results" log (described above)
- F-Secure log
- Fresh OtScanIt log made after F-secure
in your next reply here
- Click on the Start Scanning button at bottom of page.
-
Still infected.
Next download Malwarebytes' Anti-Malware from Here or Here
Double Click mbam-setup.exe to install the application.
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Quick Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy&Paste the entire report in your next reply along with a fresh HijackThis log.
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only
- Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browser
- Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
- Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
REBOOT
Next download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.
- Close any open browsers.
- If your Real protection or Antivirus intervenes with OTScanIt, allow it to run.
- Open the OTScanit folder and double-click on OTScanit.exe to start the program.
(Vista users, please right click on OtScanIt.exe and select "Run as an Administrator") - Leave all the setting to the default except as noted below
- Check the box for Scan all user accounts
- Under Additional Scans sections, check the following
- Reg - BotCheck
- File - Additional Folder Scan
- Reg - BotCheck
[*]Now click the Run Scan button on the toolbar.
[*]The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
[*]When the scan is complete Notepad will open with the report file loaded in it.
[*]Save that notepad file
- Check the box for Scan all user accounts
Since the log is too large to post, use the ADDREPLY button, scroll down to the attachments section and attach the notepad file here.
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
-
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only
- Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browser
- Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
- Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
REBOOT
Next download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.
- Close any open browsers.
- If your Real protection or Antivirus intervenes with OTScanIt, allow it to run.
- Open the OTScanit folder and double-click on OTScanit.exe to start the program.
(Vista users, please right click on OtScanIt.exe and select "Run as an Administrator") - Leave all the setting to the default except as noted below
- Under Additional Scans sections, check the following
- Reg - BotCheck
- File - Additional Folder Scan
[*]Now click the Run Scan button on the toolbar.
[*]The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
[*]When the scan is complete Notepad will open with the report file loaded in it.
[*]Save that notepad file
- Reg - BotCheck
Since the log is too large to post, use the ADDREPLY button, scroll down to the attachments section and attach the notepad file here.
- Double-click ATF-Cleaner.exe to run the program.
-
About the only MAJOR issue left on your computer seems to be that you have 2 Anti Virus programs installed. (AVG and McAfee) While one is a MUST have, two can/will cause issues like slow down, errors, blue screenm and can actually be like having none installed at all. You should choose one and uninstall the other.
Start OtScanIt. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.
[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > ->
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\E:\Documents and Settings\Travis Hawkins\Desktop\hfs.exe -> E:\Documents and Settings\Travis Hawkins\Desktop\hfs.exe [E:\Documents and Settings\Travis Hawkins\Desktop\hfs.exe:*:Enabled:hfs]
[Files/Folders - Created Within 30 days]
NY -> SrchSTS.exe -> %SystemRoot%\System32\SrchSTS.exe
NY -> swreg.exe -> %SystemRoot%\System32\swreg.exe
NY -> swxcacls.exe -> %SystemRoot%\System32\swxcacls.exe
NY -> VACFix.exe -> %SystemRoot%\System32\VACFix.exe
NY -> VCCLSID.exe -> %SystemRoot%\System32\VCCLSID.exe
NY -> WS2Fix.exe -> %SystemRoot%\System32\WS2Fix.exe
NY -> 4 E:\WINDOWS\*.tmp files -> E:\WINDOWS\*.tmp
[Files/Folders - Modified Within 30 days]
NY -> 1 E:\WINDOWS\System32\*.tmp files -> E:\WINDOWS\System32\*.tmp
NY -> 4 E:\WINDOWS\*.tmp files -> E:\WINDOWS\*.tmp
NY -> catchme.exe -> E:\Documents and Settings\Travis Hawkins\Local Settings\Temp\Rar$EX03.687\OTScanIt\catchme.exe
NY -> catchme.exe -> E:\Documents and Settings\Travis Hawkins\Local Settings\Temp\Rar$EX17.234\OTScanIt\catchme.exe
[Empty Temp Folders]The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix.
If it reboots this may not happen. If you need to manually find the file it is at Desktop\OTScanIt\MovedFiles4082008_163441.log or what ever yours is named(Date/Time you ran the fix)
Please run the F-Secure Online Scanner
Note: This Scanner is for Internet Explorer Only!
- Click on the Start Scanning button at bottom of page.
- Accept the License Agreement and the ActiveX install.
- Once the ActiveX installs,Click Full System Scan
- Once the download completes,the scan will begin automatically.
- The scan will take some time to finish,so please be patient.
- When the scan completes, click the Automatic cleaning (recommended) button.
- Click the Show Report button and Copy&Paste the entire report to your Desktop for later posting.
Please post
- OTscan it "results" log (described above)
- F-Secure log
- Fresh OtScanIt log made after F-secure
in your next reply here
- Click on the Start Scanning button at bottom of page.
-
If you can post the MBAM and then ATTACH the OtScanIt. It's to long to post.
-
Download Malwarebytes' Anti-Malware from Here or Here
Double Click mbam-setup.exe to install the application.
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Quick Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy&Paste the entire report in your next reply.
Also do the following
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only
- Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browser
- Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
- Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
REBOOT
Next download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.
- Close any open browsers.
- If your Real protection or Antivirus intervenes with OTScanIt, allow it to run.
- Open the OTScanit folder and double-click on OTScanit.exe to start the program.
- Leave all the setting to the default except as noted below
- Check the box for Scan all user accounts
- Under Additional Scans sections, check the following
- Reg - BotCheck
- File - Additional Folder Scan
- Reg - BotCheck
[*]Now click the Run Scan button on the toolbar.
[*]The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
[*]When the scan is complete Notepad will open with the report file loaded in it.
[*]Save that notepad file
- Check the box for Scan all user accounts
If the log is too large to post, use the ADDREPLY button, scroll down to the attachments section and attach the notepad file here.
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
-
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
Hjt Log - Help Me Please!
in Malware Removal
Posted
Please download OTCleanIt and save it to Desktop.
Please read these excellent articles by miekiemoes :
Help! My computer is slow!
How to prevent Malware