[Cold Titanium]

Sure, zip them up and shoot them to me in a PM. I've got a Virtual Machine I can download them in.

[Advertisements]

ok. The second file that was "gathering info" from kaspersky was already put into a zip. I will attempt to zip up the scan log as well.

[Anderwolf]

ok. The second file that was "gathering info" from kaspersky was already put into a zip. I will attempt to zip up the scan log as well.

[Anderwolf]

OK so I can't figure out how to attach a file in the private message window. There is no option for it?

[Cold Titanium]

When the little messenger box pops up click use full editor and at the bottom there is the place to upload files.

[Anderwolf]

I don't see it anywhere. I changed the style/view of the page and after that something showed up at the bottom that says "GZip Disabled" and there is a little picture of a winzip file. So I am guessing that is the reason that I can't upload files. Do you have an email address or something that I can send it to ?

[Cold Titanium]

Just post it here. I'll remove them.

[Anderwolf]

So it allowed me to upload the "system information" file that was already zipped up, but when I tried to upload the kaspersky scan log it would load for a while and then eventually tell me that there was no file selected for upload. I even tried just uploading the original scan log that isn't zipped up. I tried using Internet Explorer to do it as well, as my default is Firefox. Still no luck. I had to go out of town but I will be back later tonight. I didn't send the system information file because I didn't know if it would do you any good without also having the scan log. But if you want the file let me know and I will send it as soon as I get home. I still can't believe that I am unable to send this file, there has to be some way to trick this thing and send it!

[Cold Titanium]

Upload it to Mediafire (you don't have to create an account) and give me the download links.

[Anderwolf]

Wow, it worked! Here are the links:

http://www.mediafire...jipik0259xhpv65

http://www.mediafire...cg35dd9abqaycvn

[Cold Titanium]

Hello Anderwolf,

I don't mean to bail on you, but some stuff came up and I can't make these logs anymore.

RKinner has graciously volunteered to take over for me. You'll be in even better hands than me as he is an Expert.

Again I am sorry I had to bail. Good Luck!

[Anderwolf]

OK thank you very much for your help!! Is there anything I have to do, or should I just wait for him to respond on this post?

[RKinner]

I'm here. Just reading through your thread trying to see what's been going on.

The last scan you did said there was a file: C:\Documents and Settings\Owner\Local Settings\temp\_uninst_09479259.bat

Can you find it and right click and select Edit? Then copy and paste the text.

Do the same for C:\shutdown.bat

1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.

Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.

Start, Run, sfc /scannow, OK

SPACE after sfc. This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.

Start, Run, sigverif, OK

Press Start. This will check your drivers. If you just get a few when it finishes tell me what they are. If you get a lot just look for those with newish dates (since about the time the problem started.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Get Process Explorer

http://live.sysinter...com/procexp.exe

Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator). Click once or twice on the CPU column header to sort things by CPU usage with the big hitters at the top. File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.

Open OTL again and select either the Use SafeList or All option in the Extra Registry group then the Run Scan button. Post the two logs it produces in your next reply.


Ron

[Anderwolf]

So I was unable to find the _uninst file that you listed, I am assuming the virus scan removed it, but I did find the other batch file. This is the text that it contained:

shutdown -f -s

I will continue with the disk check and let it run, however I am going to bed so I will post the rest of my results tomorrow. Thanks for taking this over, it is definitely proving to be a persistent bugger.
Andy

I just realized something after thinking about the text it contained. I am pretty sure the "shutdown" file is something that I created a few years ago as a quick way to shut down my computer. So if you are wondering what it is doing there I think it's harmless. The date does coincide with when I remember creating it. Just thought I would let you know.

Edited by Anderwolf, 16 August 2011 - 11:26 PM.

[Anderwolf]

So I rebooted for the disk check but it literally took no time at all. As soon as the disk check screen came up it was done. It said the disk is NTFS and the drive is clean. There was no progress bar or anything. So should I just continue with the next steps?

[RKinner]

yes please do. If something doesn't work just skip on to the next one.