[Linda68]

Good Afternoon
I will post the results around 8:00 to 8:30 pm EDT tonight.

Are you aware that IE was reinstalled on my computer and it is still active i.e. installed? Should I uninstall it or do we need this program to be there for the scan?

Linda

[Advertisements]

Good Afternoon
I will post the results around 8:00 to 8:30 pm EDT tonight.

Are you aware that IE was reinstalled on my computer and it is still active i.e. installed? Should I uninstall it or do we need this program to be there for the scan?

Linda

No problems.

[JSntgRvr]

Good Afternoon
I will post the results around 8:00 to 8:30 pm EDT tonight.

Are you aware that IE was reinstalled on my computer and it is still active i.e. installed? Should I uninstall it or do we need this program to be there for the scan?

Linda

No problems.

[Linda68]

..the link at bleeping is incorrect, does not have the winpfind3u file on it.
The link was probably changed!!
I don't have it on my system anymore.

[JSntgRvr]

..the link at bleeping is incorrect, does not have the winpfind3u file on it.
The link was probably changed!!
I don't have it on my system anymore.

Mmmm... It works for me. They were doing some type of maintenance this afternoon at BC. Here you go again.

http://download.blee...er/OTScanIt.exe

Follow the instructions on the previous post and perform the Online Scan.

[Linda68]

...that file OTSCANIT.EXE works...but it does not contain the winpfind3u file
The OTSCNIT.EXE file creates a folder with catchme.bat and otscanitIt. Where is the winpfind3u coming from?

[JSntgRvr]

...that file OTSCANIT.EXE works...but it does not contain the winpfind3u file
The OTSCNIT.EXE file creates a folder with catchme.bat and otscanitIt. Where is the winpfind3u coming from?

Sorry. I had an old speech. Is now edited.

Thanks!

[Linda68]

Much quicker than anticipated

Attached Files

•  otscanit.zip   52.1KB   176 downloads

[JSntgRvr]

Nothing out of the ordinary in that log. Lets see what the Trend's Online Scanner has to say:

http://housecall.trendmicro.com/

Download the enclosed folder. It contains a batch file. Run the batch file and post its report.

[Linda68]

Hi,
I have been running Housecall for the past 20 minutes and it is still on Testing platform and browser (and has been since the beginning). The message says that cookies and Active X controls or Java applets must be loaded. I know the use of cookies is a "go", but not sure about the other two.

Here is report.txt from the findfiles batch process

Volume in drive C has no label.
Volume Serial Number is 4864-BB69

Directory of C:\WINDOWS\Downloaded Program Files

04/12/2008 12:32 PM <DIR> .
04/12/2008 12:32 PM <DIR> ..
12/11/2007 10:30 AM 288 CpnMgr.inf
03/05/2006 10:10 PM 65 desktop.ini
05/22/2006 04:37 PM 1,793 erma.inf
05/16/2007 09:22 AM 399 gp.inf
06/06/2007 06:32 PM 377 ImageUploader4.inf
09/25/2007 02:33 AM 1,055 jinstall-6u3.inf
04/16/2007 10:50 PM 295 muweb.inf
06/03/2002 05:53 PM 144 QTPlugin.inf
06/03/2005 01:24 PM 395 SnapfishActivia1000.inf
06/11/2007 01:21 PM 5,021 swflash.inf
08/11/2004 02:22 AM 3,036 wmv9dmo.inf
04/16/2007 10:50 PM 293 wuweb.inf
12 File(s) 13,161 bytes
2 Dir(s) 1,132,109,824 bytes free
Volume in drive C has no label.
Volume Serial Number is 4864-BB69

Directory of C:\Windows\system32\dllcache

08/03/2004 08:07 PM 93,184 iexplore.exe
1 File(s) 93,184 bytes

Total Files Listed:
1 File(s) 93,184 bytes
0 Dir(s) 1,132,109,824 bytes free

[JSntgRvr]

Let the ActiveX and Java Applets to load.

Very strange there is no Iexplore.exe in C:\Program files\Internet Explorer. Does the Internet Explorer folder exists?

[Linda68]

Yes, the folder exists under program files.
The testing platform and browser page states that it should only run for a few seconds. I don't know why it is taking so long to get past this point ... it has been several minutes.

[JSntgRvr]

I would like to get a sample of files imported by Iexplorer.exe when ran.

First download the attached catchme.txt to your desktop.

Next,

Download catchme.exe from thespykiller forum here and save it to your desktop.

Alternate download: http://www2.gmer.net/catchme.exe

Double click the catchme.exe to run it and click on Add. A window will open with a list of files, select the catchme.txt on your desktop and press open. The files listed in it will appear in the catchme window. Now click on Zip to make a copy of these files which will be backed up to catchme.zip on your desktop.

Next, please go to TheSpykiller forum and upload this file so we can examine it. In order to do so, click on New Topic, fill in the needed details and give a link to your post here. ClIck on Browse and navigate to the Catchme.zip on your desktop select the .zip folder and once on the window, click on Post.

Let me know when done.

Afterwards, set Explorer to view Hidden Files and Folders:

• Right-click your Start button and go to "Explore".
• Select Tools from the menu
• Select Folder Options
• Select the View tab
• Click on Show all Files and Folders
• Select Apply to All Folders | Yes | Apply | OK.

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), navigate to the C:\Windows\system32\dllcache folder. Locate the Iexplore.exe file, right click on it and select Copy.

Navigate to the C:\Program files\Internet Explorer folder. Right click on an empty space and select Paste. Overwrite the existing file is any. (Let me know if there is and error)

Set Explorer to Defaults:

• Right-click your Start button and go to "Explore".
• Select Tools from the menu
• Select Folder Options
• Select the View tab
• Click on Restore Defaults
• Select Apply to All Folders | Yes | Apply | OK.

[Linda68]

It's there ...
Sorry, had some problems with the upload
Here is the link ...
http://www.thespykil...=post;board=1.0

[JSntgRvr]

Files received. I like to see also where the registry is running Iexplore.exe from.

Download the enclosed folder. Extract its contents and double click on the batch file. Attach the report it will produce.

I will need some time to revise all this.

[Linda68]

I have something interesting to tell you in a follow-up reply.
Want to get this file to you ASAP though ...
It is about the last step in your previous reply. The report.txt is attached.

Attached Files

•  Report.txt   55.81KB   457 downloads