Its your choice

No No I'm keen to carry on. But its just that we dont seem to be having much luck. I'm happy to go ahead as its a good learning experience for me if nothing else. As long as you are OK to continue. pleaes tell me something else i can try.
Kwisj

hi

Download RootRepeal.zip and unzip it to your Desktop.

• Double click RootRepeal.exe to start the program
• Click on the Report tab at the bottom of the program window
• Click the Scan button
• In the Select Scan dialog, check:
  • Drivers
  • Files
  • Processes
  • SSDT
  • Stealth Objects
  • Hidden Services
• Click the OK button
• In the next dialog, select all drives showing
• Click OK to start the scan
  

  Note: The scan can take some time. DO NOT run any other programs while the scan is running

• When the scan is complete, the Save Report button will become available
• Click this and save the report to your Desktop as RootRepeal.txt

If the report is not too long, post the contents of RootRepeal.txt in your next reply. If the report is very long, it will not be complete if you post it, so please attach it to your reply instead.

To attach a file, do the following:

• Click Add Reply
• Under the reply panel is the Attachments Panel
• Browse for the attachment file you want to upload, then click the green Upload button
• Once it has uploaded, click the Manage Current Attachments drop down box
• Click on to insert the attachment into your post

Hi thanks for continuing with this
here is the report. Kwisj
ROOTREPEAL © AD, 2007-2008
==================================================
Scan Time: 2009/05/22 20:11
Program Version: Version 1.2.3.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: 39087041.sys
Image Path: C:\WINDOWS\system32\DRIVERS\39087041.sys
Address: 0xAD068000 Size: 163840 File Visible: No
Status: -

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xACE33000 Size: 98304 File Visible: No
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBA5CA000 Size: 8192 File Visible: No
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xAA053000 Size: 45056 File Visible: No
Status: -

Hidden/Locked Files
-------------------
Path: C:\WINDOWS\Prefetch\ROOTREPEAL.EXE-3B214F87.pf
Status: Size mismatch (API: 15438, Raw: 15128)

Path: C:\WINDOWS\system32\drivers\fidbox.dat
Status: Size mismatch (API: 827424, Raw: 825376)

Path: C:\Documents and Settings\PORKY\Local Settings\Temp\etilqs_0PEjxVWKqlfYxAJlncZb
Status: Allocation size mismatch (API: 0, Raw: 4096)

Path: C:\Documents and Settings\PORKY\Local Settings\Temp\etilqs_hrMAPnRVb4aroxg8Hraw
Status: Allocation size mismatch (API: 12288, Raw: 16384)

Path: C:\Documents and Settings\PORKY\Local Settings\Temp\etilqs_nD4ZBuljHXwj8oMnEbPq
Status: Allocation size mismatch (API: 16384, Raw: 0)

SSDT
-------------------
#: 019 Function Name: NtAssignProcessToJobObject
Status: Hooked by "<unknown>" at address 0x894c0630

#: 122 Function Name: NtOpenProcess
Status: Hooked by "<unknown>" at address 0x894bfa60

#: 128 Function Name: NtOpenThread
Status: Hooked by "<unknown>" at address 0x894bfe80

#: 253 Function Name: NtSuspendProcess
Status: Hooked by "<unknown>" at address 0x894c0460

#: 254 Function Name: NtSuspendThread
Status: Hooked by "<unknown>" at address 0x894c0280

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "<unknown>" at address 0x894bfc90

#: 258 Function Name: NtTerminateThread
Status: Hooked by "<unknown>" at address 0x894c00b0

Stealth Objects
-------------------
Object: Hidden Code [ETHREAD: 0x89c0baf0]
Process: System Address: 0x894be790 Size: -

hi

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:



Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Hi here is the log. hope this is helpful. Its like the pc is fighting with me: reebooting and switching the antivirus off. its a real pain. thanks for you time


ComboFix 09-05-19.08 - PORKY 05/23/2009 9:35:56.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1649 [GMT 2:00]
Running from: C:\Documents and Settings\PORKY\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2009-04-23 to 2009-05-23 )))))))))))))))))))))))))))))))
.

2009-05-22 12:08:10 . 2009-05-23 07:37:08 2441248 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2009-05-22 08:39:15 . 2008-07-08 12:54:02 148496 ----a-w C:\WINDOWS\system32\drivers\80987497.sys
2009-05-21 19:05:02 . 2009-05-21 19:05:02 0 d-----w C:\WINDOWS\Sun
2009-05-21 18:52:43 . 2009-05-21 18:52:43 0 d-----w C:\_OTMoveIt
2009-05-20 16:01:16 . 2009-05-20 16:01:16 0 d-----w C:\WINDOWS\Cache
2009-05-20 11:14:19 . 2009-05-20 11:14:19 0 d-----w C:\Documents and Settings\etc
2009-05-20 11:13:33 . 2009-05-20 13:27:43 0 d-----w C:\Documents and Settings\PORKY\Application Data\Creative
2009-05-20 10:43:17 . 2003-03-05 10:19:28 15840 ----a-w C:\WINDOWS\system32\drivers\PfModNT.sys
2009-05-20 10:43:16 . 1999-11-18 01:00:00 25088 ------w C:\WINDOWS\system32\CTSVCCTL.EXE
2009-05-20 10:43:16 . 1999-12-13 01:01:00 44032 ------w C:\WINDOWS\system32\CTSVCCDA.EXE
2009-05-20 10:43:03 . 2009-05-20 11:08:19 0 d-----w C:\Program Files\Creative
2009-05-20 10:20:36 . 2009-05-20 10:20:38 0 d-----w C:\Program Files\Freecom Network Storage Assistant
2009-05-20 10:15:06 . 2008-04-14 00:12:09 221184 ----a-w C:\WINDOWS\system32\wmpns.dll
2009-05-20 10:15:02 . 2009-05-20 10:15:03 0 d-----w C:\Program Files\Windows Media Connect 2
2009-05-20 10:14:08 . 2009-05-20 10:14:32 0 d-----w C:\WINDOWS\system32\drivers\UMDF
2009-05-20 10:14:08 . 2009-05-22 18:02:29 0 d-----w C:\WINDOWS\system32\LogFiles
2009-05-20 09:26:58 . 2009-05-20 10:12:53 0 d-----w C:\Program Files\Winamp
2009-05-20 09:26:58 . 2009-05-20 10:12:54 0 d-----w C:\Documents and Settings\PORKY\Application Data\Winamp
2009-05-20 09:10:13 . 2009-05-20 09:10:14 0 d-----w C:\Program Files\Audacity
2009-05-20 08:36:42 . 2008-10-16 12:06:48 208744 ----a-w C:\WINDOWS\system32\muweb.dll
2009-05-20 08:36:42 . 2008-10-16 12:06:48 268648 ----a-w C:\WINDOWS\system32\mucltui.dll
2009-05-17 09:05:40 . 2009-05-17 09:05:40 0 d-----w C:\Program Files\Microsoft
2009-05-17 09:05:25 . 2009-05-17 09:05:25 0 d-----w C:\Program Files\Windows Live SkyDrive
2009-05-17 09:05:04 . 2009-05-17 09:05:35 0 d-----w C:\Program Files\Windows Live
2009-05-17 08:55:42 . 2009-05-17 08:55:42 0 d-----w C:\Program Files\Common Files\Windows Live
2009-05-17 08:21:50 . 2009-05-17 08:21:50 0 d-----w C:\Documents and Settings\PORKY\Application Data\Malwarebytes
2009-05-17 08:21:49 . 2009-04-06 13:32:46 15504 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
2009-05-17 08:21:47 . 2009-04-06 13:32:54 38496 ----a-w C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2009-05-17 08:21:45 . 2009-05-17 08:21:45 0 d-----w C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-05-17 08:21:45 . 2009-05-17 08:21:49 0 d-----w C:\Program Files\Malwarebytes' Anti-Malware
2009-05-17 08:18:48 . 2009-05-23 07:33:06 0 d-----w C:\Program Files\Autorun Eater
2009-05-11 14:32:12 . 2009-05-11 14:32:12 0 d-----w C:\Documents and Settings\PORKY\Local Settings\Application Data\GHISLER
2009-05-11 12:45:36 . 2009-05-11 12:45:36 0 d-----w C:\Program Files\File Shredder
2009-05-11 12:45:14 . 2009-05-11 12:46:26 0 d-----w C:\totalcmd

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-23 07:32:24 . 2009-05-22 12:08:10 19784 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2009-05-23 07:02:33 . 2009-04-18 08:30:52 0 d-----w C:\Program Files\LogMeIn
2009-05-21 23:02:19 . 2009-04-15 19:03:53 13688 ----a-w C:\Documents and Settings\PORKY\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-20 11:07:55 . 2009-04-15 19:07:59 0 d--h--w C:\Program Files\InstallShield Installation Information
2009-04-18 20:50:01 . 2009-04-18 20:50:01 0 d-----w C:\Program Files\JRE
2009-04-18 20:49:59 . 2009-04-18 20:49:58 0 d-----w C:\Program Files\OpenOffice.org 3
2009-04-18 20:49:43 . 2009-04-18 11:21:38 0 d-----w C:\Program Files\Java
2009-04-18 20:47:12 . 2009-04-18 20:47:17 410984 ----a-w C:\WINDOWS\system32\deploytk.dll
2009-04-15 22:36:05 . 2009-04-15 22:36:05 0 d-----w C:\Program Files\CCleaner
2009-04-15 22:17:51 . 2009-04-15 22:17:51 0 ----a-w C:\WINDOWS\nsreg.dat
2009-04-15 20:57:40 . 2009-04-15 20:57:40 0 d-----w C:\Program Files\Realtek
2009-04-15 20:57:36 . 2009-04-15 20:57:36 315392 ----a-w C:\WINDOWS\HideWin.exe
2009-04-15 20:55:18 . 2009-04-15 20:55:18 0 ----a-w C:\WINDOWS\ativpsrm.bin
2009-04-15 20:51:59 . 2009-04-15 20:51:59 0 d-----w C:\Program Files\My Company Name
2009-04-15 20:51:32 . 2009-04-15 20:46:44 0 d-----w C:\Program Files\ATI Technologies
2009-04-15 20:49:56 . 2009-04-15 20:49:56 0 d-----w C:\Program Files\Common Files\ATI Technologies
2009-04-15 20:47:16 . 2009-04-15 19:07:44 0 d-----w C:\Program Files\Common Files\InstallShield
2009-04-15 19:29:01 . 2009-04-15 19:29:01 0 d-----w C:\Program Files\ESET
2009-04-15 19:08:07 . 2009-04-15 19:07:59 0 d-----w C:\Program Files\ANI
2009-04-15 19:07:57 . 2009-04-15 19:07:57 0 d-----w C:\Program Files\Conceptronic
2009-04-15 18:58:26 . 2009-04-15 18:58:26 0 d-----w C:\Program Files\microsoft frontpage
2009-04-15 18:56:22 . 2009-04-15 18:56:22 21640 ----a-w C:\WINDOWS\system32\emptyregdb.dat
2009-03-19 09:45:38 . 2009-03-19 09:45:38 93848 ----a-w C:\WINDOWS\system32\drivers\epfwtdir.sys
2009-03-19 09:44:34 . 2009-03-19 09:44:34 107256 ----a-w C:\WINDOWS\system32\drivers\ehdrv.sys
2009-03-19 09:41:38 . 2009-03-19 09:41:38 113960 ----a-w C:\WINDOWS\system32\drivers\eamon.sys
2009-03-06 14:22:18 . 2004-08-04 01:07:00 284160 ----a-w C:\WINDOWS\system32\pdh.dll
2009-03-03 00:18:25 . 2004-08-04 01:07:00 826368 ----a-w C:\WINDOWS\system32\wininet.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-05-20_16.14.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-23 07:35:16 . 2009-05-23 07:35:16 16384 C:\WINDOWS\Temp\Perflib_Perfdata_184.dat
- 2009-04-15 19:49:07 . 2008-07-09 07:38:27 26488 C:\WINDOWS\system32\spupdsvc.exe
+ 2009-04-15 19:49:07 . 2007-07-27 07:41:38 26488 C:\WINDOWS\system32\spupdsvc.exe
+ 2002-04-15 20:47:06 . 2009-05-21 19:54:45 95072 C:\WINDOWS\system32\FNTCACHE.DAT
- 2002-04-15 20:47:06 . 2009-05-20 08:28:32 95072 C:\WINDOWS\system32\FNTCACHE.DAT
- 2006-10-18 19:47:20 . 2006-10-18 19:47:20 295936 C:\WINDOWS\system32\wmpeffects.dll
+ 2006-10-18 19:47:20 . 2008-06-24 16:12:58 295936 C:\WINDOWS\system32\wmpeffects.dll
+ 2004-08-04 01:07:00 . 2007-10-27 15:40:30 222720 C:\WINDOWS\system32\wmasf.dll
+ 2004-08-04 01:07:00 . 2006-12-04 14:21:50 414720 C:\WINDOWS\system32\msscp.dll
+ 2004-08-04 01:07:00 . 2007-10-27 15:40:30 222720 C:\WINDOWS\system32\dllcache\wmasf.dll
+ 2004-08-04 01:07:00 . 2007-06-26 20:10:26 317440 C:\WINDOWS\system32\dllcache\unregmp2.exe
+ 2004-08-04 01:07:00 . 2006-12-04 14:21:50 414720 C:\WINDOWS\system32\dllcache\msscp.dll
+ 2004-08-04 01:07:00 . 2007-06-26 20:10:26 317440 C:\WINDOWS\inf\unregmp2.exe
+ 2004-08-04 01:07:00 . 2008-11-11 16:34:42 10838016 C:\WINDOWS\system32\wmp.dll
+ 2004-08-04 01:07:00 . 2008-11-11 16:34:42 10838016 C:\WINDOWS\system32\dllcache\wmp.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 00:12:16 15360]
"SB Wireless Music"="C:\Program Files\Creative\SB Wireless Music\Media Server\SBWMsvr.exe" [2004-02-19 23:20:00 98304]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2003-10-02 12:06:00 98304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 09:49:04 49152]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-24 16:46:10 63048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2009-04-18 20:47:12 148888]
"Autorun Eater"="C:\Program Files\Autorun Eater\oldmcdonald.exe" [2008-11-27 00:19:54 501768]
"SkyTel"="SkyTel.EXE" - C:\WINDOWS\SkyTel.exe [2007-08-03 05:22:02 1826816]
"RTHDCPL"="RTHDCPL.EXE" - C:\WINDOWS\RTHDCPL.exe [2007-08-20 07:38:02 16384512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-16 18:35:38 87352 ----a-w C:\WINDOWS\system32\LMIinit.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"C:\\Program Files\\Freecom Network Storage Assistant\\FNSA.exe"=
"C:\\Program Files\\Creative\\SB Wireless Music\\Media Server\\SBWMsvr.exe"=
"C:\\Program Files\\Conceptronic\\Conceptronic 54Mbps Wireless Utility\\WlanMon.exe"=

R1 ehdrv;ehdrv;C:\WINDOWS\system32\drivers\ehdrv.sys [3/19/2009 11:44:34 AM 107256]
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\drivers\epfwtdir.sys [3/19/2009 11:45:38 AM 93848]
R1 is-OHF8Qdrv;is-OHF8Qdrv;C:\WINDOWS\system32\drivers\80987497.sys [5/22/2009 10:39:15 AM 148496]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [3/19/2009 11:44:50 AM 731840]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\rainfo.sys [7/24/2008 6:46:12 PM 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [4/18/2009 10:31:28 AM 47640]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;C:\WINDOWS\system32\drivers\AtiHdmi.sys [4/15/2009 10:47:24 PM 93696]
S0 aochxtar;aochxtar;C:\WINDOWS\system32\drivers\amxkzgh.sys --> C:\WINDOWS\system32\drivers\amxkzgh.sys [?]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://uk.yahoo.com/index_narrow.html
FF - ProfilePath - C:\Documents and Settings\PORKY\Application Data\Mozilla\Firefox\Profiles\isfsdvpg.default\
FF - prefs.js: browser.startup.homepage - hxxp://uk.yahoo.com/
FF - plugin: C:\Documents and Settings\PORKY\Application Data\Mozilla\Firefox\Profiles\isfsdvpg.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-23 09:37:05
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(588)
C:\WINDOWS\system32\Ati2evxx.dll
C:\WINDOWS\system32\LMIinit.dll
C:\WINDOWS\system32\LMIRfsClientNP.dll

- - - - - - - > 'explorer.exe'(4044)
C:\WINDOWS\system32\WPDShServiceObj.dll
C:\WINDOWS\system32\PortableDeviceTypes.dll
C:\WINDOWS\system32\PortableDeviceApi.dll
.
Completion time: 2009-05-23 9:37:39
ComboFix-quarantined-files.txt 2009-05-23 07:37:36
ComboFix2.txt 2009-05-20 16:15:06

Pre-Run: 96,182,296,576 bytes free
Post-Run: 96,166,531,072 bytes free

159 --- E O F --- 2009-05-21 10:49:33

hi

Please download OTMoveIt3 by OldTimer

• Save it to your desktop.
• Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
• Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  CODE
  :Processes
  explorer.exe
  
  :Services
  
  :Reg
  
  :Files
  C:\WINDOWS\system32\drivers\80987497.sys
  :Commands
  [purity]
  [emptytemp]
  [start explorer]
  [Reboot]
  
  
• Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  
• Click the red Moveit! button.
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
• Close OTMoveIt3

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.



Please download DrWeb-CureIt & save it to your desktop. DO NOT perform a scan yet.

Reboot your computer in "SAFE MODE" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with DrWeb-CureIt as follows:

• Double-click on drweb-cureit.exe to start the program. An "Express Scan of your PC" notice will appear.
• Under "Start the Express Scan Now", Click "OK" to start. This is a short scan that will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it.
• Once the short scan has finished, Click Options > Change settings
• Choose the "Scan tab" and UNcheck "Heuristic analysis"
• Back at the main window, click "Select drives" (a red dot will show which drives have been chosen)
• Then click the "Start/Stop Scanning" button (green arrow on the right) and the scan will start.
• When done, a message will be displayed at the bottom advising if any viruses were found.
• Click "Yes to all" if it asks if you want to cure/move the file.
• When the scan has finished, look if you can see the icon next to the files found. If so, click it, then click the next icon right below and select "Move incurable".
  (This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)
• Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
• Save the DrWeb.csv report to your desktop.
• Exit Dr.Web Cureit when done.
• Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
• After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)

Hi there here is the OTmove moved files log

I'm just downloading the next stage to run in safe mode
cheers kwisj
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\WINDOWS\system32\drivers\80987497.sys moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\PORKY\LOCALS~1\Temp\JET34DC.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\PORKY\LOCALS~1\Temp\~DF8CFC.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\PORKY\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_4e8.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05232009_133813

Files moved on Reboot...
File C:\DOCUME~1\PORKY\LOCALS~1\Temp\JET34DC.tmp not found!
C:\DOCUME~1\PORKY\LOCALS~1\Temp\~DF8CFC.tmp moved successfully.
C:\WINDOWS\temp\Perflib_Perfdata_4e8.dat moved successfully.

let me know how its running after the next step

Hi trying to run Dr. Web scanner, and so far 2 errors uy657.exe has encountered a problem and needs to close. C:\....exe/data002/32788R22FWJFW\toolbar.sed is where is stopped a second time. 2 uncalled for reboots. Is this likely to be a virus or a hardware problem? The first quick scan reported no problems. These problems are coming from the custom scan of the hard discs C, and E.
thanks for your time.
kwisj

sounds malware relatd

try it in safe mode if its causing your machine to reboot

hi it was running in safe mode as you asked
kwisj

sorry forgot

if you cant scan your C:\ drive properly then leave it and tell me how its running

hi again
still cant activate the anti virus. in the NOD32 control panel it says that it is not updated, and that it is not activated, this is on the main screen. In the submenus it says it is activated. Very confusing. Although in the system tray where the clock is, the antivirus is showing disactivated. It does not appear to be functioning as smooth as it should be. I'm running the dr web utility again, not in safe mode, just as i happened to click on it. will tell yo what happens.
kwisj

Hi dont know if this is relevant. just ran dr web not in safe mode on C, and it found no viruses
kwisj
will run it on the 2nd. hard drive now.
cheers
just ran it on E drive, and no viruses
what next with the antivirus?
is there a report you want to see?

This post has been edited by kwisj: May 23 2009, 01:49 PM