hmmm....again, looks like damage done by the malware.The only different thing is that at start up, the task bar isn't there. it's just an empty dark blue line with no start button, no roaming programs and no clock. When I plug in my WI-FI dongle, turn on my browser, and access this page, it loads up.
looks like a couple of infections sneaked back on which were cleaned off, but we need to clear one registry entry. just want to run one more scan to ensure a certain type of rootkit is gone, and we will fix your file associations. and then, i think we will be done........on cleaning the malware.......i hope.
====STEP 1====
Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
- Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
[kill explorer] HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\braviax HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1036B735-2574-4CCC-93E7-80B84A3C1FB0} EmptyTemp purity [start explorer]
- Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
- Click the red Moveit! button.
- A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
- Close OTMoveIt2
====STEP 2====
Doubleclick the drweb-cureit.exe file and Allow to run the express scan
- This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
- Once the short scan has finished, mark the drives that you want to scan.
- Select all drives. A red dot shows which drives have been chosen.
- Click the green arrow at the right, and the scan will start.
- Click 'Yes to all' if it asks if you want to cure/move the file.
- When the scan has finished, in the menu, click file and choose save report list
- Save the report to your desktop. The report will be called DrWeb.csv
- Close Dr.Web Cureit.
click on Start, click on Run
copy and paste the following in bold in the open window and then click OK
"%userprofile%\desktop\dss.exe" /daft
This will open up Deckard's File Association Tool
- Click on the Scan button.
- Select everything it is displaying there
- Click the Fix button.
- Then rescan with DAFT again - it should say now that "All associations are OK"
- Close DAFT if you receive that message. This means that it is fixed now.
In your next reply could i see:
1. the OTMoveIT log
2. the Dr CureIT log
3. a new hijackthis log
The text from these files may exceed the maximum post length for this forum. Hence, you may need to post the information over 2 or more posts.
andrewuk