Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Problem With Vturo


  • This topic is locked This topic is locked
3 replies to this topic

#1 ziele9333

ziele9333

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:37 PM

Posted 20 December 2007 - 07:17 PM

here is my log..

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:16:13 PM, on 12/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Spybot\SpybotSD.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\DAEMON Tools\daemon .exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol .exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

F3 - REG:win.ini: load=C:\WINDOWS\system32\vturo.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-21-682003330-1659004503-2147005927-1003\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (User '?')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EC4C9E3-EC6A-11CF-8E3B-444553540000} (WaveTab Control) - file://G:\setup\RiffLick.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 3411 bytes

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:12:37 AM

Posted 21 December 2007 - 11:07 AM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum ziele9333
My name is Richie and i'll be helping you to fix your problems.

Please download VundoFix.exe to your desktop.
Double-click VundoFix.exe to run it.
When VundoFix re-opens,click the "Scan for Vundo" button.
Once it's done scanning,click the "Remove Vundo" button.
You will receive a prompt asking if you want to remove the files, click "YES".
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed,it will prompt that it will reboot your computer,click "OK".
Post the contents of C:\vundofix.txt into your next reply.
Note:
It is possible that VundoFix encountered a file it could not remove.
In this case,VundoFix will run on reboot,simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.


If you have previously downloaded ComboFix,please delete that version now.
Warning
You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an expert,not for private use.
Using this tool incorrectly could render your system/pc inoperable.

Now download Combofix and save to your desktop:
Note
It is important that it is saved directly to your desktop

Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note
Do not mouseclick combofix's window while it's running.
That may cause the program to freeze/hang.

Do NOT post the ComboFix-quarantined-files.txt unless I ask.
Note
In case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix,please disable your scanner and redownload Combofix again.
Some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.

Now go to:
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
Right click on Hijackthis.exe and select 'Rename', rename it to abc.bat
Double click on abc.bat(which is still Hijackthis.exe),post that log into your next reply please.
Posted Image
Posted Image

#3 ziele9333

ziele9333
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:37 PM

Posted 21 December 2007 - 02:43 PM

first let me tell you the situation...when i load windows it takes forever and i have no icons on desktop,everything disappears...the only way i can open certain programs is with the task manager...hijack can be opened...but when i try to load VundoFix i get this message..Run-time error'--2147023174 (800706ba)' System Error &H800706BA (-2147023174) The RPC server is unavailable..there are other files that im pretty sure are associated with vturo.exe like vturo.dll/orutv.ini/orutv.ini2 and there might be others..but i can't run VundoFix..

ComboFix 07-12-21.4 - weaz9333 2007-12-21 13:28:30.3 - NTFSx86
Running from: C:\Documents and Settings\weaz9333\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\orutv.ini
C:\WINDOWS\system32\orutv.ini2
C:\WINDOWS\system32\vturo.dll

.
((((((((((((((((((((((((( Files Created from 2007-11-21 to 2007-12-21 )))))))))))))))))))))))))))))))
.

2007-12-21 03:27 . 2007-12-21 13:28 335,360 --a------ C:\WINDOWS\system32\vturo.exe
2007-12-20 19:02 . 2007-12-20 18:39 1,478,778 --a------ C:\ComboFix.exe
2007-12-20 17:15 . 2007-12-20 17:15 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-20 04:37 . 2007-12-20 08:18 <DIR> d-------- C:\hijack
2007-12-20 04:27 . 2007-02-15 03:25 727,279 --a------ C:\SDFix.exe
2007-12-20 04:27 . 2007-02-13 16:46 218,112 --a------ C:\HijackThis.exe
2007-12-20 04:27 . 2007-02-13 18:04 212,849 --a------ C:\hijackthis.zip
2007-12-20 04:27 . 2007-12-20 03:21 132,608 --a------ C:\VundoFix.exe
2007-12-20 04:26 . 2007-02-15 18:31 5,751,184 --a------ C:\drweb-cureit.exe
2007-12-20 04:16 . 2007-12-21 12:56 90,112 --a------ C:\WINDOWS\UpdReg .EXE
2007-12-20 03:56 . 2007-12-20 02:33 2,724,328 --a------ C:\ccsetup203.exe
2007-12-20 03:56 . 2007-12-20 02:33 96,978 --a------ C:\VirtumundoBeGone.exe
2007-12-20 03:56 . 2007-12-21 12:09 73,728 --a------ C:\KillBox.exe
2007-12-20 03:55 . 2007-01-22 16:25 7,718,504 --a------ C:\winzip110.exe
2007-12-20 03:55 . 2007-03-03 03:21 610,304 --a------ C:\TCPOptimizer.exe
2007-12-20 03:55 . 2007-03-07 03:13 39,957 --a------ C:\EvID4226Patch223d-en.zip
2007-12-20 02:53 . 2007-12-20 02:53 <DIR> d-------- C:\Documents and Settings\weaz9333\DoctorWeb
2007-12-19 22:14 . 2007-12-03 03:13 888,832 --a------ C:\WINDOWS\system32\securenet.dll
2007-12-18 21:11 . 2007-12-18 21:11 <DIR> d-------- C:\Program Files\EA Sports
2007-12-15 22:30 . 2007-12-16 06:34 <DIR> d-------- C:\Downloads
2007-12-15 16:50 . 2007-12-15 16:50 155,648 --a------ C:\WINDOWS\system32\libssl32.dll
2007-12-15 14:02 . 2007-12-15 14:04 <DIR> d-------- C:\WINDOWS\vf_hip
2007-12-15 14:02 . 2007-12-15 14:02 32 --a------ C:\WINDOWS\go
2007-12-10 14:19 . 2007-12-10 14:19 23 --a------ C:\WINDOWS\MixBKS.INI
2007-12-05 05:19 . 2007-12-05 05:19 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2007-11-30 06:14 . 2007-11-30 06:14 <DIR> d-------- C:\Program Files\Common Files\Adobe
2007-11-27 10:47 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2007-11-25 19:19 . 2007-11-25 19:19 <DIR> d-------- C:\Program Files\NCH Software
2007-11-25 19:18 . 2007-11-25 19:22 <DIR> d-------- C:\Program Files\NCH Swift Sound
2007-11-25 19:18 . 2007-11-25 19:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2007-11-25 19:01 . 2005-11-25 21:46 421,888 --a------ C:\WINDOWS\system32\RealMediaSplitter.ax
2007-11-25 18:23 . 2004-10-12 14:40 2,255,360 --a------ C:\WINDOWS\system32\libavcodec.dll
2007-11-25 18:23 . 2004-10-12 14:46 1,761,280 --a------ C:\WINDOWS\system32\ffdshow.ax
2007-11-25 18:23 . 2004-10-05 16:16 395,776 --a------ C:\WINDOWS\system32\libmplayer.dll
2007-11-25 18:23 . 2004-10-12 14:42 262,144 --a------ C:\WINDOWS\system32\TomsMoComp_ff.dll
2007-11-25 18:23 . 2004-10-04 01:50 112,640 --a------ C:\WINDOWS\system32\libmpeg2_ff.dll
2007-11-25 18:23 . 2004-09-10 13:50 34,820 --a------ C:\WINDOWS\system32\ffdshow.reg
2007-11-23 10:41 . 2003-06-23 02:44 1,415,680 --a------ C:\WINDOWS\system32\WMV9VCM.dll
2007-11-23 10:41 . 2004-01-27 13:53 1,024,000 --a------ C:\WINDOWS\system32\3ivx.dll
2007-11-23 10:41 . 2002-08-20 01:41 413,760 --a------ C:\WINDOWS\system32\mpg4c32.dll
2007-11-23 10:41 . 2004-07-29 02:23 401,408 --a------ C:\WINDOWS\system32\lameACM.acm
2007-11-23 10:41 . 2003-04-21 15:09 245,408 --a------ C:\WINDOWS\system32\unicows.dll
2007-11-23 10:41 . 2004-01-22 19:06 157,696 --a------ C:\WINDOWS\system32\unrar.dll
2007-11-23 10:41 . 2001-09-17 13:20 19,968 --a------ C:\WINDOWS\system32\cpuinf32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-21 19:28 --------- d-----w C:\Program Files\DAEMON Tools
2007-12-21 19:28 --------- d-----w C:\Program Files\Avast4
2007-12-21 09:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-12-21 09:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-20 14:17 66,927,000 ----a-w C:\weaz.reg
2007-12-20 09:50 --------- d-----w C:\Program Files\Lexmark 2200 Series
2007-12-10 07:54 --------- d-----w C:\Program Files\uTorrent
2007-11-19 13:47 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-17 01:20 --------- d-----w C:\Program Files\Common Files\AOL
2007-11-17 01:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2007-11-13 19:34 --------- d-----w C:\Program Files\Creative
2007-11-12 23:53 --------- d-----w C:\Program Files\Azureus
2007-11-12 03:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-11-07 04:11 --------- d-----w C:\Program Files\ABBYY FineReader 5.0 Sprint
2007-11-07 03:24 --------- d-----w C:\Program Files\MagicISO
2007-10-31 04:24 --------- d-----w C:\Program Files\IrfanView
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-12-21 13:28]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-03 17:56 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2006-05-18 08:56 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-03 17:56 C:\WINDOWS\system32\rundll32.exe]
"SoundMan"="SOUNDMAN.EXE" [2005-12-14 20:06 C:\WINDOWS\soundman.exe]
"avast!"="C:\PROGRA~1\Avast4\ashDisp.exe" [2007-12-21 13:28]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-12-21 13:28]
"CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2007-12-21 13:28]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" []
"P17Helper"="Rundll32 P17.dll" []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Viewpoint Manager Service"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-21 13:36:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-21 13:37:09 - machine was rebooted
C:\ComboFix2.txt ... 2007-12-21 13:19
C:\ComboFix3.txt ... 2007-12-20 19:12

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:40:07 PM, on 12/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\abc.bat

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-21-682003330-1659004503-2147005927-1003\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (User '?')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EC4C9E3-EC6A-11CF-8E3B-444553540000} (WaveTab Control) - file://G:\setup\RiffLick.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 3128 bytes

#4 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:12:37 AM

Posted 21 December 2007 - 06:10 PM

Please download OTMoveIt by OldTimer,save it to your desktop:
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe
Please double-click OTMoveIt.exe to run it.
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose 'Copy'):
C:\WINDOWS\system32\vturo.exe
C:\weaz.reg
C:\Documents and Settings\All Users\Application Data\Viewpoint

Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
Click the red Moveit! button Posted Image
Copy everything on the 'Results' window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose 'Copy'), and paste it into your next reply.
Close OTMoveIt.
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
If you are asked to reboot the machine choose Yes.


Please double-click OTMoveIt.exe again to run it.
Click on the 'Cleanup' button Posted Image
When you do this a text file named cleanup.txt will be downloaded from the internet.
If you get a warning from your firewall or other security programs regarding OTMoveIt attempting to contact the internet you should allow it to do so.
When the 'Confirm' box appears click 'Yes'.
Restart your pc when prompted.

Post a new Hijackthis log.
Let me know whats happening now.
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users