If the IRC was installed by you, that is great news 
It is not active, but it is still in system restore files.
As for next steps....
It is not active, but it is still in system restore files.
As for next steps....
Malware Infestation: Possible WM97/Luda-A Virus
- Thread starter emosamurai
- Start date
emosamurai
New member
Alright, I am scanning all computers as we speak, and I will post HJT logs of my computer and attach HJT logs of the rest as soon as they are all done scanning.
Thanks!!
Thanks!!
emosamurai
New member
Here is my Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:51:28 PM, on 1/16/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Safe mode with network support
Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ESET\ESET Smart Security\ecls.exe
C:\Program Files\mozilla firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\Crusty.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O20 - Winlogon Notify: avgwlntf - C:\Windows\
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlbk_device - - C:\Windows\system32\dlbkcoms.exe
O23 - Service: Dell Printer Status Watcher (DLPWD) - Dell Inc. - C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
O23 - Service: Dell Printer Status Database (DLSDB) - Dell Inc. - C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
--
End of file - 4578 bytes
Attached are 3 logs: ACCT is accounting.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:51:28 PM, on 1/16/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Safe mode with network support
Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ESET\ESET Smart Security\ecls.exe
C:\Program Files\mozilla firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\Crusty.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O20 - Winlogon Notify: avgwlntf - C:\Windows\
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlbk_device - - C:\Windows\system32\dlbkcoms.exe
O23 - Service: Dell Printer Status Watcher (DLPWD) - Dell Inc. - C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
O23 - Service: Dell Printer Status Database (DLSDB) - Dell Inc. - C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
--
End of file - 4578 bytes
Attached are 3 logs: ACCT is accounting.
Your log looks fine now 
ACCT has LogMeIn installed, this is a remote access program.
If you were aware of its presence, then there is no problem with it.
Drew-- Fine
Robert --- Fine.
Apart from the the comment above on the ACCT machine, they all look good.
I would recommend giving each a scan at the Kaspersky site though, as different scanners pick up different things.
ACCT has LogMeIn installed, this is a remote access program.
If you were aware of its presence, then there is no problem with it.
Drew-- Fine
Robert --- Fine.
Apart from the the comment above on the ACCT machine, they all look good.
I would recommend giving each a scan at the Kaspersky site though, as different scanners pick up different things.
emosamurai
New member
Can I attach KAS logs for each of them for you to analyze?
emosamurai
New member
Katana, my Kaspersky log is too big to post in 1 post and I don't want to take up 10 posts again, and it's too big to attach. I am going to upload it to a server and host it, and then attach it that way.
Here is the link: http://www.divshare.com/download/3500557-72c
Here is the link: http://www.divshare.com/download/3500557-72c
emosamurai
New member
I am still awaiting logs from the other computers. As soon as I get them, I will attach them as well.
emosamurai
New member
Here is the link for the ACCT KAS log:
http://www.divshare.com/download/3500662-2dd
http://www.divshare.com/download/3500662-2dd
emosamurai
New member
Your log is still showing heavy infection, we will deal with that in a moment.
ACCT is fine :bigthumb:
It looks like the infection tried to start on DREW machine unless Z:\ is a separate drive
Z:\$RECYCLE.BIN\$IBMIBWZ.vbs --> Virus.VBS.Agent.aj
Z:\$RECYCLE.BIN\$RBMIBWZ.vbs --> Virus.VBS.Agent.aj
Z:\$RECYCLE.BIN\Readme.vbs --> Virus.VBS.Agent.aj
Z:\$RECYCLE.BIN\$I7E9vbs --> Virus.VBS.Agent.aj
Z:\Recycled\Readme.vbs --> Virus.VBS.Agent.aj
Now then, your machine .... are you going to reformat it ?
ACCT is fine :bigthumb:
It looks like the infection tried to start on DREW machine unless Z:\ is a separate drive
Z:\$RECYCLE.BIN\$IBMIBWZ.vbs --> Virus.VBS.Agent.aj
Z:\$RECYCLE.BIN\$RBMIBWZ.vbs --> Virus.VBS.Agent.aj
Z:\$RECYCLE.BIN\Readme.vbs --> Virus.VBS.Agent.aj
Z:\$RECYCLE.BIN\$I7E9vbs --> Virus.VBS.Agent.aj
Z:\Recycled\Readme.vbs --> Virus.VBS.Agent.aj
Now then, your machine .... are you going to reformat it ?
emosamurai
New member
Z:/ is a shared separate drive that both DREW and I access. It's full of art files, .eps, .ai, .cdr, etc....It's an external hard drive.
What do you suggest? Trying to clean off my infection, or should I just reformat?
What do you suggest? Trying to clean off my infection, or should I just reformat?
emosamurai
New member
Thank you! I'll be awaiting your response.
OK, it looks like it just drops copies of itself everywhere.
Let's try this ( I take no responsibility if it doesn't work !!!!!!)
OTMoveIt
Please download the OTMoveIt2 by OldTimer.
Please attach the OTMI log to your reply
Let's try this ( I take no responsibility if it doesn't work !!!!!!)
OTMoveIt
Please download the OTMoveIt2 by OldTimer.
- Save it to your desktop.
- Please Right-Click OTMoveIt2.exe Run as Administrator
- Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
Code:C:\Program Files\adobe\Adobe Photoshop CS3\LegalNotices.vbs C:\Program Files\Common Files\Services\verisign.vbs C:\Program Files\GCC Elite Series\MenuData\Printer1.vbs C:\Program Files\GCC Elite Series\MenuData\Printer2.vbs C:\Program Files\GCC Elite Series\MenuData\Printer3.vbs C:\Program Files\GCC Elite Series\MenuData\Printer4.vbs C:\Program Files\Intel\Intel Matrix Storage Manager\Imsm_help_fig1_ENU.vbs C:\Program Files\Intel\Intel Matrix Storage Manager\Imsm_help_fig2_ENU.vbs C:\Program Files\iPod\Acknowledgements.vbs C:\Program Files\iTunes\About iTunes.vbs C:\Program Files\iTunes\Acknowledgements.vbs C:\Program Files\Java\jre1.6.0\LICENSE.vbs C:\Program Files\Java\jre1.6.0\LICENSE_de.vbs C:\Program Files\Java\jre1.6.0\LICENSE_es.vbs C:\Program Files\Java\jre1.6.0\LICENSE_fr.vbs C:\Program Files\Java\jre1.6.0\LICENSE_it.vbs C:\Program Files\Java\jre1.6.0\LICENSE_ja.vbs C:\Program Files\Java\jre1.6.0\LICENSE_ko.vbs C:\Program Files\Java\jre1.6.0\LICENSE_sv.vbs C:\Program Files\Java\jre1.6.0\LICENSE_zh_CN.vbs C:\Program Files\Java\jre1.6.0\LICENSE_zh_TW.vbs C:\Program Files\Last.fm\data\no_artist.vbs C:\Program Files\Last.fm\data\no_cover.vbs C:\Program Files\Microsoft CAPICOM 2.1.0.2\License\license.vbs C:\Program Files\Movie Maker\Shared\Sample1.vbs C:\Program Files\Movie Maker\Shared\Sample2.vbs C:\Program Files\Movie Maker\Shared\Sample3.vbs C:\Program Files\Movie Maker\Shared\Sample4.vbs C:\Program Files\mozilla firefox\plugins\WMP Firefox Plugin License.vbs C:\Program Files\mozilla firefox\res\arrow.vbs C:\Program Files\mozilla firefox\res\arrowd.vbs C:\Program Files\mozilla firefox\res\broken-image.vbs C:\Program Files\mozilla firefox\res\grabber.vbs C:\Program Files\mozilla firefox\res\loading-image.vbs C:\Program Files\mozilla firefox\res\table-add-column-after-active.vbs C:\Program Files\mozilla firefox\res\table-add-column-after-hover.vbs C:\Program Files\mozilla firefox\res\table-add-column-after.vbs C:\Program Files\mozilla firefox\res\table-add-column-before-active.vbs C:\Program Files\mozilla firefox\res\table-add-column-before-hover.vbs C:\Program Files\mozilla firefox\res\table-add-column-before.vbs C:\Program Files\mozilla firefox\res\table-add-row-after-active.vbs C:\Program Files\mozilla firefox\res\table-add-row-after-hover.vbs C:\Program Files\mozilla firefox\res\table-add-row-after.vbs C:\Program Files\mozilla firefox\res\table-add-row-before-active.vbs C:\Program Files\mozilla firefox\res\table-add-row-before-hover.vbs C:\Program Files\mozilla firefox\res\table-add-row-before.vbs C:\Program Files\mozilla firefox\res\table-remove-column-active.vbs C:\Program Files\mozilla firefox\res\table-remove-column-hover.vbs C:\Program Files\mozilla firefox\res\table-remove-column.vbs C:\Program Files\mozilla firefox\res\table-remove-row-active.vbs C:\Program Files\mozilla firefox\res\table-remove-row-hover.vbs C:\Program Files\mozilla firefox\res\table-remove-row.vbs C:\Program Files\Mozilla Thunderbird\res\grabber.vbs C:\Program Files\Mozilla Thunderbird\res\table-add-column-after-active.vbs C:\Program Files\Mozilla Thunderbird\res\table-add-column-after-hover.vbs C:\Program Files\Mozilla Thunderbird\res\table-add-column-after.vbs C:\Program Files\Mozilla Thunderbird\res\table-add-column-before-active.vbs C:\Program Files\Mozilla Thunderbird\res\table-add-column-before-hover.vbs C:\Program Files\Mozilla Thunderbird\res\table-add-column-before.vbs C:\Program Files\Mozilla Thunderbird\res\table-add-row-after-active.vbs C:\Program Files\Mozilla Thunderbird\res\table-add-row-after-hover.vbs C:\Program Files\Mozilla Thunderbird\res\table-add-row-after.vbs C:\Program Files\Mozilla Thunderbird\res\table-add-row-before-active.vbs C:\Program Files\Mozilla Thunderbird\res\table-add-row-before-hover.vbs C:\Program Files\Mozilla Thunderbird\res\table-add-row-before.vbs C:\Program Files\Mozilla Thunderbird\res\table-remove-column-active.vbs C:\Program Files\Mozilla Thunderbird\res\table-remove-column-hover.vbs C:\Program Files\Mozilla Thunderbird\res\table-remove-column.vbs C:\Program Files\Mozilla Thunderbird\res\table-remove-row-active.vbs C:\Program Files\Mozilla Thunderbird\res\table-remove-row-hover.vbs C:\Program Files\Mozilla Thunderbird\res\table-remove-row.vbs C:\Program Files\MWSnap\Lang\Chinese_BIG5.vbs C:\Program Files\MWSnap\Lang\CZECH.vbs C:\Program Files\MWSnap\Lang\Deutsch.vbs C:\Program Files\MWSnap\Lang\English.vbs C:\Program Files\MWSnap\Lang\Español.vbs C:\Program Files\MWSnap\Lang\Français.vbs C:\Program Files\MWSnap\Lang\Italiano.vbs C:\Program Files\MWSnap\Lang\Macedonian.vbs C:\Program Files\MWSnap\Lang\Magyar.vbs C:\Program Files\MWSnap\Lang\Nederlands.vbs C:\Program Files\MWSnap\Lang\Polski.vbs C:\Program Files\MWSnap\Lang\Russian.vbs C:\Program Files\MWSnap\Lang\Svenska.vbs C:\Program Files\QuickTime\QTSystem\QTJava.vbs C:\Program Files\Spybot - Search & Destroy\Dummies\dummy.dap.vbs C:\Program Files\Spybot - Search & Destroy\Dummies\dummy.default.vbs C:\Program Files\Spybot - Search & Destroy\Skins\Italia.vbs C:\Program Files\Spybot - Search & Destroy\Skins\Peace.vbs C:\Program Files\Spybot - Search & Destroy\Updates\clsid.vbs C:\Program Files\Spybot - Search & Destroy\Updates\desc.english.vbs C:\Program Files\Spybot - Search & Destroy\Updates\help.english.vbs C:\Program Files\Spybot - Search & Destroy\Updates\startup.vbs C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw120.vbs C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw32.vbs C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw48.vbs C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color120.vbs C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color32.vbs C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color48.vbs C:\ProgramData\Microsoft\User Account Pictures\guest.vbs C:\ProgramData\Microsoft\User Account Pictures\user.vbs C:\ProgramData\Spybot - Search & Destroy\Recovery\Hupigon.vbs C:\ProgramData\Spybot - Search & Destroy\Recovery\MicrosoftWindowsExplorer.vbs C:\ProgramData\Spybot - Search & Destroy\Recovery\MicrosoftWindowsExplorer1.vbs C:\ProgramData\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterTaskManager.vbs C:\ProgramData\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSystem.vbs - Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.
- Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
Code:C:\Girls.vbs /s C:\Money.vbs /s C:\LegalNotices.vbs /s C:\Readme.vbs /s - Return to OTMoveIt2, right click in the "Paste List Of Files/Patterns To Search For and Move" window (under the yellow bar) and choose Paste.
- Click the red Moveit! button.
- Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
- Close OTMoveIt2
Please attach the OTMI log to your reply
emosamurai
New member
emosamurai
New member
Alrighty, I'm going to let Kaspersky run through the night, I'm heading home now, but when I get in tomorrow morning, if anything pops up, can I still post the logs for you to check?
emosamurai
New member
Thanks for everything you've done for me today! I truly don't know how to thank you.
I'll let you know tomorrow how things are...
Have a great night!
-Dan in Texas
I'll let you know tomorrow how things are...
Have a great night!
-Dan in Texas