Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Help with Win32/Olmarik.TDL4 trojan


  • Please log in to reply

#31
KillThem

KillThem

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
FSS.txt

Farbar Service Scanner Version: 24-06-2012 01
Ran by Bill Goodwin (administrator) on 25-06-2012 at 12:27:09
Running from "C:\Users\Bill Goodwin\Desktop"
Microsoft Windows 7 Professional Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****
  • 0

Advertisements


#32
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hi KillThem,

How is your computer?

# Step 1 #

Please reopen Posted Image on your desktop.
  • Under the Posted Image box at the bottom, paste in the following

    :Files
    C:\Windows\$NtUninstallKB49837$
    
    :Commands
    [CREATERESTOREPOINT]
    
  • Then click the Posted Image button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

# Step 2 #

Disable your antivirus software
  • Acess the Eset Online Scanner website using Internet Explorer navigator.
    http://www.eset.com/us/online-scanner/
  • Do the scan according the image:

    Posted Image
  • At the end, check the box "Delete Quarantined files" and click in [FINISH]
  • It will be generated a log in C:\Program Files\EsetOnlineScanner\Log.txt
    PS: If you didn't find the log.txt file in \EsetOnlineScanner\, look on \Program Files\Eset\EsetOnlineScanner\log.txt
  • Post that log.

  • 0

#33
KillThem

KillThem

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
OTL Log:

========== FILES ==========
Folder move failed. C:\Windows\$NtUninstallKB49837$\TxR scheduled to be moved on reboot.
C:\Windows\$NtUninstallKB49837$\systemprofile\Contacts folder moved successfully.
C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache folder moved successfully.
C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies folder moved successfully.
C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\Roaming\Microsoft\Windows folder moved successfully.
C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\Roaming\Microsoft\Vault folder moved successfully.
C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs folder moved successfully.
C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs folder moved successfully.
C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates folder moved successfully.
C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My folder moved successfully.
Folder move failed. C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates scheduled to be moved on reboot.
C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\Roaming\Microsoft\Speech\Files\UserLexicons folder moved successfully.
C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\Roaming\Microsoft\Speech\Files folder moved successfully.
C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\Roaming\Microsoft\Speech folder moved successfully.
C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\Roaming\Microsoft\IdentityCRL\production\temp folder moved successfully.
C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\Roaming\Microsoft\IdentityCRL\production folder moved successfully.
C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\Roaming\Microsoft\IdentityCRL folder moved successfully.
Folder move failed. C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312 scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\Roaming\Microsoft\CLR Security Config scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\Roaming\Microsoft scheduled to be moved on reboot.
C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\Roaming\McAfee\sacore folder moved successfully.
C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\Roaming\McAfee folder moved successfully.
Folder move failed. C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\Roaming\Apple Computer\Logs scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\Roaming\Apple Computer scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\Roaming scheduled to be moved on reboot.
C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder moved successfully.
C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\LocalLow\Sun\Java folder moved successfully.
C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\LocalLow\Sun folder moved successfully.
C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\LocalLow\Microsoft\Silverlight folder moved successfully.
C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData folder moved successfully.
C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content folder moved successfully.
C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache folder moved successfully.
C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\LocalLow\Microsoft folder moved successfully.
C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\LocalLow\Apple Computer\QuickTime folder moved successfully.
C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\LocalLow\Apple Computer folder moved successfully.
C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\LocalLow folder moved successfully.
C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\Local\Temp folder moved successfully.
C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\Local\Microsoft\Windows\WER\ERC\ResponseCache folder moved successfully.
C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\Local\Microsoft\Windows\WER\ERC folder moved successfully.
C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\Local\Microsoft\Windows\WER folder moved successfully.
C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder moved successfully.
C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5 folder moved successfully.
C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\Local\Microsoft\Windows\History folder moved successfully.
C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\Local\Microsoft\Windows\Caches folder moved successfully.
C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\Local\Microsoft\Windows folder moved successfully.
C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\Local\Microsoft\Vault\4BF4C442-9B8A-41A0-B380-DD4A704DDB28 folder moved successfully.
C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\Local\Microsoft\Vault folder moved successfully.
C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\Local\Microsoft\Portable Devices folder moved successfully.
C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\Local\Microsoft\IdentityCRL\production\temp folder moved successfully.
C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\Local\Microsoft\IdentityCRL\production folder moved successfully.
C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\Local\Microsoft\IdentityCRL folder moved successfully.
C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\Local\Microsoft folder moved successfully.
C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\Local\Intuit\QuickBooks DB Server Manager folder moved successfully.
C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\Local\Intuit folder moved successfully.
C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\Local\Google\Custom Buttons folder moved successfully.
C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\Local\Google\CrashReports folder moved successfully.
C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\Local\Google folder moved successfully.
C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\Local\ESET\ESET Smart Security\Quarantine folder moved successfully.
C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\Local\ESET\ESET Smart Security\Antispam folder moved successfully.
C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\Local\ESET\ESET Smart Security folder moved successfully.
C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\Local\ESET folder moved successfully.
C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\Local folder moved successfully.
Folder move failed. C:\Windows\$NtUninstallKB49837$\systemprofile\AppData scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB49837$\systemprofile scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB49837$\RegBack scheduled to be moved on reboot.
C:\Windows\$NtUninstallKB49837$\Journal folder moved successfully.
Folder move failed. C:\Windows\$NtUninstallKB49837$ scheduled to be moved on reboot.
========== COMMANDS ==========
Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.49.0 log created on 06272012_154324

Files\Folders moved on Reboot...
Folder move failed. C:\Windows\$NtUninstallKB49837$\TxR scheduled to be moved on reboot.
C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs folder moved successfully.
C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs folder moved successfully.
C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates folder moved successfully.
C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My folder moved successfully.
Folder move failed. C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312 scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312 scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\Roaming\Microsoft\CLR Security Config scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates scheduled to be moved on reboot.
C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\Roaming\Microsoft\IdentityCRL\production\temp folder moved successfully.
C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\Roaming\Microsoft\IdentityCRL\production folder moved successfully.
C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\Roaming\Microsoft\IdentityCRL folder moved successfully.
Folder move failed. C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312 scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\Roaming\Microsoft\CLR Security Config scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\Roaming\Microsoft scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\Roaming\Apple Computer\Logs scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\Roaming\Apple Computer\Logs scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\Roaming\Apple Computer scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312 scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\Roaming\Microsoft\CLR Security Config scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\Roaming\Microsoft scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\Roaming\Apple Computer\Logs scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\Roaming\Apple Computer scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\Roaming scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312 scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\Roaming\Microsoft\CLR Security Config scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\Roaming\Microsoft scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\Roaming\Apple Computer\Logs scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\Roaming\Apple Computer scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\Roaming scheduled to be moved on reboot.
C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData folder moved successfully.
C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content folder moved successfully.
Folder move failed. C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\LocalLow\Microsoft scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\LocalLow scheduled to be moved on reboot.
C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\Local\Microsoft\Windows\Caches folder moved successfully.
C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\Local\Microsoft\Windows folder moved successfully.
C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\Local\Microsoft\IdentityCRL\production\temp folder moved successfully.
C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\Local\Microsoft\IdentityCRL\production folder moved successfully.
C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\Local\Microsoft\IdentityCRL folder moved successfully.
C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\Local\Microsoft folder moved successfully.
C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\Local\Intuit\QuickBooks DB Server Manager folder moved successfully.
C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\Local\Intuit folder moved successfully.
C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\Local\ESET\ESET Smart Security\Antispam folder moved successfully.
C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\Local\ESET\ESET Smart Security folder moved successfully.
C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\Local\ESET folder moved successfully.
C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\Local folder moved successfully.
Folder move failed. C:\Windows\$NtUninstallKB49837$\systemprofile\AppData scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312 scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\Roaming\Microsoft\CLR Security Config scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\Roaming\Microsoft scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\Roaming\Apple Computer\Logs scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\Roaming\Apple Computer scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\Roaming scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\LocalLow\Microsoft scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\LocalLow scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB49837$\systemprofile\AppData scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB49837$\systemprofile scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB49837$\RegBack scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB49837$\TxR scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\Roaming\Microsoft\SystemCertificates scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312 scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\Roaming\Microsoft\CLR Security Config scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\Roaming\Microsoft scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\Roaming\Apple Computer\Logs scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\Roaming\Apple Computer scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\Roaming scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\LocalLow\Microsoft scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB49837$\systemprofile\AppData\LocalLow scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB49837$\systemprofile\AppData scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB49837$\systemprofile scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB49837$\RegBack scheduled to be moved on reboot.
Folder move failed. C:\Windows\$NtUninstallKB49837$ scheduled to be moved on reboot.

Registry entries deleted on Reboot...
  • 0

#34
KillThem

KillThem

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
The ESET log was basically empty, but the machine scanned clean:

[email protected] as CAB hook log:
OnlineScanner.ocx - registred OK
  • 0

#35
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hello KillThem,

Just to update, how is your computer?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP