I would appreciate it if you would use the Edit feature when you have a few words to add. When you make a new post, I get email notification for every one. I got 4 from your replies above.
Please download
OTMovit by Old Timer and save to your desktop.
- Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
- Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
Code:
:Files
C:\Documents and Settings\NetworkService\Local Settings\Application Data\bxi.exe
C:\Documents and Settings\NetworkService\Local Settings\Application Data\fpv.exe
C:\Documents and Settings\NetworkService\Local Settings\Application Data\otq.exe
C:\Documents and Settings\NetworkService\Local Settings\Application Data\sjm.exe
C:\WINDOWS\system32\charprep.dll
C:\WINDOWS\temp\3.tmp
C:\WINDOWS\temp\3F.tmp
C:\WINDOWS\temp\_33.tmp
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
- Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
- Click the red Moveit! button.
- A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
- Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose
Yes.
======================================
The Qoobox entries have been quarantined by Combofix. They are not active in the system and will moved later/.
The System Volume entries are restore points. They are not active in the system and will be removed later.
=================================================
One Esst entry is in the Java cache. It will need to be emptied:
To clear the Java Plug-in cache:
[1]. Click Start > Control Panel.
[2]. Double-click the Java icon in the control panel. The Java Control Panel appears.
[3].Click Settings under Temporary Internet Files.The Temporary Files Settings dialog box appears.
[4] Click Delete Files.The Delete Temporary Files dialog box appears.
There are three options on this window to clear the cache.Check all.
- . Delete Files
- .View Applications
- .View Applets
[5]. Click OK on Delete Temporary Files window.
Note: This deletes all the Downloaded Applications and Applets from the cache.
[6]. Click Apply> OK on Temporary Files Settings window.
Note: If you want to delete a specific application and applet from the cache, click on View Application and View Applet options respectively.
=============================================
1.NOTE: If, for some reason, Combofix refuses to run, try one of the following:
1. Run Combofix from Safe Mode.
2. Delete Combofix file, download fresh one, but
rename combofix.exe to
bahyi.exe BEFORE saving it to your desktop.
Do NOT run it yet.
3. Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
- Rkill.com
- Rkill.scr
- Rkill.pif
- Rkill.exe
- Double-click on the Rkill desktop icon to run the tool.
- If using Vista or Windows 7 right-click on it and choose Run As Administrator.
- A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
- If not, delete the file, then download and use the one provided in Link 2.
- If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
- Do not reboot until instructed.
- If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run then try to immediately run the following>>>>.
Please download
exeHelper by Raktor and save it to your desktop.
- Double-click on exeHelper.com or exeHelper.scr to run the fix tool.
- A black window should pop up, press any key to close once the fix is completed.
- A log file called exehelperlog.txt will be created and should open at the end of the scan)
- A copy of that log will also be saved in the directory where you ran exeHelper.com
- Copy and paste the contents of exehelperlog.txt in your next reply.
Note: If the window shows a message that says "Error deleting file", please re-run the tool again before posting a log and then post the two logs together (they both will be in the one file).
Rkill instructions
*************************************
Once you've gotten one of them to run,
immediately run
bahyi. exe by double clicking on it.
If normal mode still doesn't work, run
BOTH tools from safe mode.
In case #2, please post BOTH logs, rKill and Combofix.