[evilfantasy]

* Double-click OTMoveIt3.exe to run it.
* Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy)

Code:

:Processes
explorer.exe

:files
C:\WINDOWS\system32\wbem\grpconv.exe

:Commands
[purity]
[emptytemp]
[start explorer]

* Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
* Click the red Moveit! button.
* Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTMoveIt3

Note: If a file or folder cannot be moved immediately you may be asked to reboot your computer in order to finish the move process. If asked to reboot, choose Yes.

----------

Disable/Enable the System Restore Utility to flush old infected restore points

1) Right click the My Computer icon on the Desktop and click on Properties.
2) Click on the System Restore tab.
3) Put a check mark next to Turn off System Restore on All Drives
4) Click the OK button.
5) You will be prompted to restart the computer. Click the Yes button.

Now re-enable System Restore

To re-enable the System Restore Utility, follow steps one to five and on step three remove the check mark next to 'Turn off System Restore on All Drives'.

1) Right click the My Computer icon on the Desktop and click on Properties.
2) Click on the System Restore tab.
3) Remove the check mark next to Turn off System Restore on All Drives
4) Click the OK button.

----------

How is the computer running now?

[SevenYears]

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
C:\WINDOWS\system32\wbem\grpconv.exe moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\KEVINY~1\LOCALS~1\Temp\etilqs_l8L42Usr xiFxxsxEEszS scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\Kevin Young\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_d98.dat scheduled to be deleted on reboot.
Network Service Temp folder emptied.
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_544.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Kevin Young\Local Settings\Application Data\Mozilla\Firefox\Profiles\mn4a3uh9.default\Cac he\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Kevin Young\Local Settings\Application Data\Mozilla\Firefox\Profiles\mn4a3uh9.default\Cac he\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Kevin Young\Local Settings\Application Data\Mozilla\Firefox\Profiles\mn4a3uh9.default\Cac he\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Kevin Young\Local Settings\Application Data\Mozilla\Firefox\Profiles\mn4a3uh9.default\Cac he\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Kevin Young\Local Settings\Application Data\Mozilla\Firefox\Profiles\mn4a3uh9.default\url classifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Kevin Young\Local Settings\Application Data\Mozilla\Firefox\Profiles\mn4a3uh9.default\XUL .mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 04212009_190136

Files moved on Reboot...
File C:\DOCUME~1\KEVINY~1\LOCALS~1\Temp\etilqs_l8L42Usr xiFxxsxEEszS not found!
File C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_d98.dat not found!
File C:\WINDOWS\temp\Perflib_Perfdata_544.dat not found!
C:\Documents and Settings\Kevin Young\Local Settings\Application Data\Mozilla\Firefox\Profiles\mn4a3uh9.default\Cac he\_CACHE_001_ moved successfully.
C:\Documents and Settings\Kevin Young\Local Settings\Application Data\Mozilla\Firefox\Profiles\mn4a3uh9.default\Cac he\_CACHE_002_ moved successfully.
C:\Documents and Settings\Kevin Young\Local Settings\Application Data\Mozilla\Firefox\Profiles\mn4a3uh9.default\Cac he\_CACHE_003_ moved successfully.
C:\Documents and Settings\Kevin Young\Local Settings\Application Data\Mozilla\Firefox\Profiles\mn4a3uh9.default\Cac he\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Kevin Young\Local Settings\Application Data\Mozilla\Firefox\Profiles\mn4a3uh9.default\url classifier3.sqlite moved successfully.
C:\Documents and Settings\Kevin Young\Local Settings\Application Data\Mozilla\Firefox\Profiles\mn4a3uh9.default\XUL .mfl moved successfully.


Seems good...but who knows what will happen when I run another MBAM scan in a few days!

[evilfantasy]

Hopefully we found all of it this time.

Let me know...

[SevenYears]

I'm nearly crying.

Most recent version of MBAM.


Malwarebytes' Anti-Malware 1.36
Database version: 2022
Windows 5.1.2600 Service Pack 3

4/21/2009 9:10:11 PM
mbam-log-2009-04-21 (21-10-11).txt

Scan type: Quick Scan
Objects scanned: 83504
Time elapsed: 9 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\ComPlus Applications (Rogue.MalwareCleaner) -> Quarantined and deleted successfully.

Files Infected:
(No malicious items detected)

[evilfantasy]

Yea this is frustrating.

This log will be huge and I might not get to look at it tonight.

Download to your desktop ISeeYouXP.exe by ShadowPuterDude
Next double-click on ISeeYouXP.exe on your Desktop.

ISeeYouXP.exe will self-extract ISeeYouXP to C:\ISeeYouXP and place a .bat file on your Desktop.

Double-click ISeeYouXP.bat to run the script.

Once complete a log will be saved to the Desktop named ISeeYouXP.txt.

Post the following logs in your next reply:
ISeeYouXP.txt

If the ISeeYouXP .bat file does not extract to the Desktop. Double-click My Computer on the Desktop and navigate to the ISeeYouXP folder located in the C: drive. Double-click the ISeeYouXP.bat file to run the program.

Upload the file to File Dropper

Click Upload
Locate the file and double click it.
Copy the download link and post it back here.

[SevenYears]

*** ISeeYouXP.bat does not exist ***
You must follow directions for ISeeYouXP!
All files must be extracted from the ISeeYouXP.zip file.

*** locate.com does not exist **
You must follow directions for ISeeYouXP!
All files must be extracted from the ISeeYouXP.zip file.
Do not run ISeeYouXP.bat from inside the ZIP file.

*** grep.exe does not exist **
You must follow directions for ISeeYouXP!
All files must be extracted from the ISeeYouXP.zip file.
Do not run ISeeYouXP.bat from inside the ZIP file.

*** swreg.exe does not exist **
You must follow directions for ISeeYouXP!
All files must be extracted from the ISeeYouXP.zip file.
Do not run ISeeYouXP.bat from inside the ZIP file.

ISeeYouXP.bat failed to execute because it was not installed and run as instructed.
Also check possible error messages and fixes in the instructions for ISeeYouXP.

[evilfantasy]

Hmm. That's odd.

Try deleting the .bat file and the C:\ISeeYouXP

Then download and try again.

[SevenYears]

This is so annoying. It still will not run the way it should, as it keeps displaying the same error message in CMD after running the .bat.

[evilfantasy]

I have sent the owner of ISeeYouXP a message asking about this error. After he gets back to me we will go from there.

[evilfantasy]

OK I'm back.

Make sure you are letting ISeeYouXP install the way it is supposed to on the root of you C:\ drive. In other words let it install to C:\ISeeYouXP

You will then have a file at 'C:\ISeeYouXP' and also 'ISeeYouXP.bat' on your desktop.

Download to your desktop ISeeYouXP.exe by ShadowPuterDude
Next double-click on ISeeYouXP.exe on your Desktop.

ISeeYouXP.exe will self-extract ISeeYouXP to C:\ISeeYouXP and place a .bat file on your Desktop.

Double-click ISeeYouXP.bat to run the script.