[Dimi73]

yep home SP2

[Dimi73]

combofix did not prompt the rec cons was installed though..

god i am so useless...

[cybertech]

Don't be so tough on yourself!

Go forward and run ComboFix. Post the resulting log.

I have used ComboFix a number of times and Recovery Console is a GREAT tool but if things go bad you can still install it from your CD... Now that I know you have that.

[Dimi73]

ok i log out of this page and run it now.. i'll be back asap with the log.. thanks for your patience with me.. :-)

[Dimi73]

hello again,

when i double clicked on combofix and then hit "run" a blue screen opened with a blinking cursor for 10 mins and nothing loaded form combofix.. what shall i do? It does not seem to work..

[cybertech]

ComboFix takes some time to get anything you can see happening. I would suggest leaving it run for at least 30 minutes. If nothing happens it is likely not going to run. It is very important to have all anti-virus and anti-malware programs disabled. Also you do not want to be attempting any actions on the machine mouse or keyboard unless prompted by the program.

If you have done all of that and the program is not producing anything do this instead:
Download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.

1. Close any open browsers.
2. If your Real protection or Antivirus intervenes with OTScanIt, allow it to run.
3. Open the OTScanit folder and double-click on OTScanit.exe to start the program.
4. Now click the Run Scan button on the toolbar.
5. The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
6. When the scan is complete Notepad will open with the report file loaded in it.
7. Save that notepad file

If the log is too large to post, use the Reply button, scroll down to the attachments section and attach the notepad file here.



I am going off line for the evening so take your time.

[Dimi73]

ok I will run it tomorrow and let you know.

You'll have either the Combofix log or the OTSscanit log.

Thanks again for all your help!

HAve a nice evening.. its 1.10 am here so i will go sleep.. :-)

Speak tomorrow.

[cybertech]

Sounds like a good plan.

[cybertech]

Sounds like a good plan.

[Dimi73]

Hi CyberTech,

comboFix did not load after 35 mins so I did OTSanIt and I attach the notepad.

Hope this helps.

Dimi

[cybertech]

Start OTScanIt. Copy/Paste the information in the Quote box below into the pane where it says "Paste fix here" and then click the Run Fix button.

Quote:

[Kill Explorer]
[Unregister Dlls]
[Registry - Non-Microsoft Only]
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\
YN -> {00f81716-ff97-4ee7-9948-cf0409937a65} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {1DAAA7F9-BEC6-43AD-A0F7-8BB587E4841B} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {46369611-fcc3-4d35-b135-ae5f7f73f3a8} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {514A5C49-0C7D-42c3-A71B-38864A269B7A} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {9076DF37-732D-4B73-9039-892D830E43D1} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {C91B127E-1CC9-4D31-980E-9AD4D560A283} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\{CCA281CA-C863-46ef-9331-5C8D4460577F} [HKEY_LOCAL_MACHINE] -> [@btrez.dll,-4015]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
YN -> {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
[Files/Folders - Created Within 30 days]
NY -> acgaiyuq.ini -> %SystemRoot%\System32\acgaiyuq.ini
NY -> arcedjen.ini -> %SystemRoot%\System32\arcedjen.ini
NY -> baespbwr.dll -> %SystemRoot%\System32\baespbwr.dll
NY -> baespbwr.dll_old -> %SystemRoot%\System32\baespbwr.dll_old
NY -> buxbgcrg.dll -> %SystemRoot%\System32\buxbgcrg.dll
NY -> buxbgcrg.dll_old -> %SystemRoot%\System32\buxbgcrg.dll_old
NY -> cpxuphsc.ini -> %SystemRoot%\System32\cpxuphsc.ini
NY -> cuxsmqfr.dll -> %SystemRoot%\System32\cuxsmqfr.dll
NY -> cvphfmdp.dll -> %SystemRoot%\System32\cvphfmdp.dll
NY -> cvphfmdp.dll_old -> %SystemRoot%\System32\cvphfmdp.dll_old
NY -> dtcevyqr.dll -> %SystemRoot%\System32\dtcevyqr.dll
NY -> fjyymbmn.ini -> %SystemRoot%\System32\fjyymbmn.ini
NY -> fsftgkqu.dll_old -> %SystemRoot%\System32\fsftgkqu.dll_old
NY -> fuytsqbl.ini -> %SystemRoot%\System32\fuytsqbl.ini
NY -> fxehmsjc.dll -> %SystemRoot%\System32\fxehmsjc.dll
NY -> hgGyaaXq.dll -> %SystemRoot%\System32\hgGyaaXq.dll
NY -> klnfalut.dll_old -> %SystemRoot%\System32\klnfalut.dll_old
NY -> mhcljihw.ini -> %SystemRoot%\System32\mhcljihw.ini
NY -> mwbkbfya.exe -> %SystemRoot%\System32\mwbkbfya.exe
NY -> podgrfjd.dll -> %SystemRoot%\System32\podgrfjd.dll
NY -> qXaayGgh.ini -> %SystemRoot%\System32\qXaayGgh.ini
NY -> rXEKnnmp.ini -> %SystemRoot%\System32\rXEKnnmp.ini
NY -> rXEKnnmp.ini2 -> %SystemRoot%\System32\rXEKnnmp.ini2
NY -> uflysmin.ini -> %SystemRoot%\System32\uflysmin.ini
NY -> vcvwrqsb.dll_old -> %SystemRoot%\System32\vcvwrqsb.dll_old
NY -> vgpmxftq.dll_old -> %SystemRoot%\System32\vgpmxftq.dll_old
NY -> vtdincon.dll_old -> %SystemRoot%\System32\vtdincon.dll_old
NY -> wojgbipb.exe -> %SystemRoot%\System32\wojgbipb.exe
NY -> xbdjriji.dll_old -> %SystemRoot%\System32\xbdjriji.dll_old
NY -> xhnxfgsx.dll_old -> %SystemRoot%\System32\xhnxfgsx.dll_old
NY -> BMe39b682d.xml -> %SystemRoot%\BMe39b682d.xml
NY -> cookies.ini -> %SystemRoot%\cookies.ini
NY -> pskt.ini -> %SystemRoot%\pskt.ini
[Files/Folders - Modified Within 30 days]
NY -> lvuvc.hs -> %SystemRoot%\System32\drivers\lvuvc.hs
NY -> 2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
NY -> 4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
[Empty Temp Folders]
[Start Explorer]
[Reboot]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. CLick the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new OTScanIt scan.

I will review the information when it comes back in.


Follow these steps to uninstall Combofix and tools used in the removal of malware

• Click START then RUN
• Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
  

Click here to download Dr.Web CureIt and save it to your desktop.

• Doubleclick the drweb-cureit.exe file and Allow to run the express scan
• This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
• Once the short scan has finished, mark the drives that you want to scan.
• Select all drives. A red dot shows which drives have been chosen.
• Click the green arrow at the right, and the scan will start.
• Click 'Yes to all' if it asks if you want to cure/move the file.
• When the scan has finished, look if you can click next icon next to the files found:
• If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
  
  This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
• After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
• Save the report to your desktop. The report will be called DrWeb.csv
• Close Dr.Web Cureit.
• Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
• After reboot, post the contents of the log from Dr.Web you saved previously in your next reply along with a new Hijack This log.

[Dimi73]

Hi Cybertech

Here is the OTS Fix log:

Explorer killed successfully
[Registry - Non-Microsoft Only]
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{00f81716-ff97-4ee7-9948-cf0409937a65}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00f81716-ff97-4ee7-9948-cf0409937a65}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{1DAAA7F9-BEC6-43AD-A0F7-8BB587E4841B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1DAAA7F9-BEC6-43AD-A0F7-8BB587E4841B}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{46369611-fcc3-4d35-b135-ae5f7f73f3a8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{46369611-fcc3-4d35-b135-ae5f7f73f3a8}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{514A5C49-0C7D-42c3-A71B-38864A269B7A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{514A5C49-0C7D-42c3-A71B-38864A269B7A}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{9076DF37-732D-4B73-9039-892D830E43D1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9076DF37-732D-4B73-9039-892D830E43D1}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{C91B127E-1CC9-4D31-980E-9AD4D560A283}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C91B127E-1CC9-4D31-980E-9AD4D560A283}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{CCA281CA-C863-46ef-9331-5C8D4460577F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCA281CA-C863-46ef-9331-5C8D4460577F}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\Contains\Files\ not found.
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\Contains\Files\ not found.
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ deleted successfully.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\Contains\Files\ not found.
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\Contains\Files\ not found.
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\Contains\Files\ not found.
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\Contains\Files\ not found.
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\Contains\Files\ not found.
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
[Files/Folders - Created Within 30 days]
C:\WINDOWS\System32\acgaiyuq.ini moved successfully.
C:\WINDOWS\System32\arcedjen.ini moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\baespbwr.dll
C:\WINDOWS\System32\baespbwr.dll NOT unregistered.
C:\WINDOWS\System32\baespbwr.dll moved successfully.
C:\WINDOWS\System32\baespbwr.dll_old moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\buxbgcrg.dll
C:\WINDOWS\System32\buxbgcrg.dll NOT unregistered.
C:\WINDOWS\System32\buxbgcrg.dll moved successfully.
C:\WINDOWS\System32\buxbgcrg.dll_old moved successfully.
C:\WINDOWS\System32\cpxuphsc.ini moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\cuxsmqfr.dll
C:\WINDOWS\System32\cuxsmqfr.dll NOT unregistered.
C:\WINDOWS\System32\cuxsmqfr.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\cvphfmdp.dll
C:\WINDOWS\System32\cvphfmdp.dll NOT unregistered.
C:\WINDOWS\System32\cvphfmdp.dll moved successfully.
C:\WINDOWS\System32\cvphfmdp.dll_old moved successfully.
LoadLibrary failed for C:\WINDOWS\System32\dtcevyqr.dll
C:\WINDOWS\System32\dtcevyqr.dll NOT unregistered.
C:\WINDOWS\System32\dtcevyqr.dll moved successfully.
C:\WINDOWS\System32\fjyymbmn.ini moved successfully.
C:\WINDOWS\System32\fsftgkqu.dll_old moved successfully.
C:\WINDOWS\System32\fuytsqbl.ini moved successfully.
LoadLibrary failed for C:\WINDOWS\System32\fxehmsjc.dll
C:\WINDOWS\System32\fxehmsjc.dll NOT unregistered.
C:\WINDOWS\System32\fxehmsjc.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\System32\hgGyaaXq.dll
C:\WINDOWS\System32\hgGyaaXq.dll NOT unregistered.
C:\WINDOWS\System32\hgGyaaXq.dll moved successfully.
C:\WINDOWS\System32\klnfalut.dll_old moved successfully.
C:\WINDOWS\System32\mhcljihw.ini moved successfully.
C:\WINDOWS\System32\mwbkbfya.exe moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\podgrfjd.dll
C:\WINDOWS\System32\podgrfjd.dll NOT unregistered.
C:\WINDOWS\System32\podgrfjd.dll moved successfully.
C:\WINDOWS\System32\qXaayGgh.ini moved successfully.
C:\WINDOWS\System32\rXEKnnmp.ini moved successfully.
C:\WINDOWS\System32\rXEKnnmp.ini2 moved successfully.
C:\WINDOWS\System32\uflysmin.ini moved successfully.
C:\WINDOWS\System32\vcvwrqsb.dll_old moved successfully.
C:\WINDOWS\System32\vgpmxftq.dll_old moved successfully.
C:\WINDOWS\System32\vtdincon.dll_old moved successfully.
C:\WINDOWS\System32\wojgbipb.exe moved successfully.
C:\WINDOWS\System32\xbdjriji.dll_old moved successfully.
C:\WINDOWS\System32\xhnxfgsx.dll_old moved successfully.
C:\WINDOWS\BMe39b682d.xml moved successfully.
C:\WINDOWS\cookies.ini moved successfully.
C:\WINDOWS\pskt.ini moved successfully.
[Files/Folders - Modified Within 30 days]
C:\WINDOWS\System32\drivers\lvuvc.hs moved successfully.
[Empty Temp Folders]
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
RecycleBin -> emptied.
Explorer started successfully
< End of fix log >
OTScanIt by OldTimer - Version 1.0.14.3 fix logfile created on 05242008_200201

Files moved on Reboot...
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat moved successfully.

I am now closing this and will post another OTScanIt asap.

Dimi

[cybertech]

Your machine is quite infected. I would like you to run DrWebCureIt too since you can not run ComboFix.

[Dimi73]

Hello again! :-)

i attached the new OTS Scan - now off to download the Drweb

Dimi

[cybertech]

OK, good!