[Taco130]

it isn't posting a log?

[Advertisements]

Do you mean it didn't produce a log?

[kahdah]

Do you mean it didn't produce a log?

[Taco130]

yes

[kahdah]

Can you retry it with the same cf scrpt please it seems that combofix was interrupted.
Thanks.

[Taco130]

i get a compress folder name catchme on the desktop after combo fix?

[kahdah]

Did you retry the cf script?

[Taco130]

yes

[Taco130]

should i restall combofix?

[kahdah]

No just do the following:

Please download the OTMoveIt2 by OldTimer.

• Save it to your desktop.
• Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  

  C:\WINDOWS\Downloaded Program Files\gsda.dll 
  C:\WINDOWS\SYSTEM32\edcA01
  C:\VundoFix Backups
  C:\Program Files\QuickTime
  C:\Program Files\McAfee.com

• Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.
• Click the red Moveit! button.
• OTMoveit2 will create a log of moved files in the C:\_OTMoveIt\MovedFiles folder. The log's name will appear as the date and time it was created, with the format mmddyyyy_hhmmss.log. Open this log in Notepad and post its contents in your next reply.
• Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

[Taco130]

here it is

File/Folder C:\WINDOWS\Downloaded Program Files\gsda.dll not found.
File/Folder C:\WINDOWS\SYSTEM32\edcA01 not found.
File/Folder C:\VundoFix Backups not found.
File/Folder C:\Program Files\QuickTime not found.
File/Folder C:\Program Files\McAfee.com not found.

OTMoveIt2 v1.0.20 log created on 02172008_180328

[kahdah]

Ok great.

Please re-open Hijackthis and click on "Do a system scan only"
Then place a check mark next to these entries below: (If present)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
O4 - HKLM\..\Run: [combofix] C:\WINDOWS\system32\kmd.exe /c C:\ComboFix\Combobatch.bat
O8 - Extra context menu item: &Search - http://edits.mywebse...?p=ZJxdm027YYUS
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfar...p1.0.0.15-3.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamesp...nch/alaunch.cab
O16 - DPF: {50BD5CDA-4BA8-4048-8FAA-763F222E41D8} - ms-its:mhtml:file://c:\\nores.mht!http://adxrnet.net/c...::/xpreload.ocx


Now click on Fix Checked and then close Hijackthis.
====================================
Now do the following:

Time for some housekeeping

• Click START then RUN
• Now type Combofix /u in the runbox and click OK
  
  
  
  • 
  
  The above procedure will delete the following:
  
  
  • ComboFix and its associated files and folders.
  • VundoFix backups, if present
  • The C:\Deckard folder, if present
  • The C:_OtMoveIt folder, if present
• Reset the clock settings.
• Hide file extensions, if required.
• Hide System/Hidden files, if required.
• Clean System Restore points.

Also delete anything that we used that is left over.
===================================
Then I suggest Downloading AVG free and install it as you have no antivirus protection.
=============================
After that Your log is clean.

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein ->Here

[Taco130]

ok thanks for every

bye

[kahdah]

You are welcome


Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If your the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

[kahdah]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.