Solve : Please help ... unrecognized Windows files ... don't know if I

1.	Solve : Please help ... unrecognized Windows files ... don't know if I can reboot?
Answer» I have: Dell Dimension 4100 Intel Pentium III Windows XP I run: Free AVG daily (update daily also) CCleaner Malwarebytes Quick Scan daily Super Anti-Spyware Complete Scan every few DAYS On the morning of the 5th, before I went online, I downloaded updates and ran MALWAREBYTES Quick Scan and it told me I had 1 infection, so I removed it. Then I ran the Quick Scan again, and the same infection showed up again, so I removed it. Then I ran the Complete Scan and 7 infections showed up, so I removed them. THEN a windows box popped up with the heading WINDOWS FILE PROTECTION and inside the box it said: Files that are required for Windows to run properly have been replaced by unrecognized versions. To maintain system stability, Windows must restore the original versions of these files. Insert your Windows XP Professional Service Pack 3 CD now. Well, I don't have the CD. I got this computer second-hand years ago. So I clicked CANCEL and it asked me if I was sure I wanted to keep the unrecognized versions and I said yes. So then I ran Malwarebytes Complete Scan again, and 3 infections showed up (all pertaining to 'restore'), and I deleted them. This time I did not get the WINDOWS FILE PROTECTION warning. Then I downloaded updates and ran Super ANTISPYWARE Complete Scan, and no infections were detected. Then I downloaded updates to AVG and ran 'scan computer' and no threats were detected. Even though all my scans show my computer is clear of infections, I am still very worried about that WINDOWS FILE PROTECTION warning, because now my computer has kept the unrecognized versions of files that are required for Windows to run properly. I am afraid to even try to reboot my computer, fearing it won't boot up again. Here are the Malwarebytes & HJT logs. Any help or advice will be greatly appreciated. Thanks! [attachment deleted by admin]avg runs it-self , ccleaner + malware + sas , would be ok to run every 5/7 days , your avg is out of date , wait for the experts to came along for what its worth , i can not see anything in the 2 logs , but if there is an expert will let me know , harryDownload ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop. Link #1 Link #2 Note: It is important that it is saved directly to your Desktop Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix. Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them. Double click combofix.exe & follow the prompts. When finished ComboFix will produce a log for you. Post the ComboFix log in your next reply. Important: Do not mouseclick ComboFix's window while it is RUNNING. That may cause it to stall. Remember to re-enable your antivirus and antispyware protection when ComboFix is complete. If you have problems with ComboFix usage, see How to use ComboFixhi evil , was i right when i said there was nothing in the 2 logs , if there was could you tell me what it was , harryThere are a few things in the HJT log that need further review, Don't want to post what yet as they could be nothing so don't want anything deleted by mistake.Hi, Thanks so much for your help, I really REALLY appreciate it. Here is a copy of the log: [attachment deleted by admin]Download the OTMoveIt3 by OldTimer Note: If you are running on Vista, right-click on OTMoveIt3.exe and choose Run As Administrator*. Save it to your Desktop. * Double-click OTMoveIt3.exe to run it. * Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy) Code: [Select]:Processes explorer.exe :files c:\windows\Tasks\At1.job c:\windows\system32\R8uV337c.exe c:\windows\Tasks\At3.job c:\windows\Tasks\At4.job c:\windows\Tasks\At5.job c:\windows\Tasks\At6.job c:\windows\Tasks\At7.job c:\windows\Tasks\At8.job c:\windows\Tasks\At9.job c:\windows\Tasks\At10.job c:\windows\Tasks\At11.job c:\windows\Tasks\At12.job c:\windows\Tasks\At13.job c:\windows\Tasks\At14.job c:\windows\Tasks\At15.job c:\windows\Tasks\At16.job c:\windows\Tasks\At17.job c:\windows\Tasks\At18.job c:\windows\Tasks\At19.job c:\windows\Tasks\At20.job c:\windows\Tasks\At21.job c:\windows\Tasks\At22.job c:\windows\Tasks\At23.job c:\windows\Tasks\At24.job :Commands [purity] [emptytemp] [start explorer] [Reboot] * Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste. * Click the red Moveit! button. * Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply. Close OTMoveIt3 Note: If a file or folder cannot be moved immediately you may be asked to reboot your computer in order to finish the move process. If asked to reboot, choose Yes. If not, reboot anyway.Here are the results: ========== PROCESSES ========== Process explorer.exe killed SUCCESSFULLY. ========== FILES ========== c:\windows\Tasks\At1.job moved successfully. File/Folder c:\windows\system32\R8uV337c.exe not found. c:\windows\Tasks\At3.job moved successfully. c:\windows\Tasks\At4.job moved successfully. c:\windows\Tasks\At5.job moved successfully. c:\windows\Tasks\At6.job moved successfully. c:\windows\Tasks\At7.job moved successfully. c:\windows\Tasks\At8.job moved successfully. c:\windows\Tasks\At9.job moved successfully. c:\windows\Tasks\At10.job moved successfully. c:\windows\Tasks\At11.job moved successfully. c:\windows\Tasks\At12.job moved successfully. c:\windows\Tasks\At13.job moved successfully. c:\windows\Tasks\At14.job moved successfully. c:\windows\Tasks\At15.job moved successfully. c:\windows\Tasks\At16.job moved successfully. c:\windows\Tasks\At17.job moved successfully. c:\windows\Tasks\At18.job moved successfully. c:\windows\Tasks\At19.job moved successfully. c:\windows\Tasks\At20.job moved successfully. c:\windows\Tasks\At21.job moved successfully. c:\windows\Tasks\At22.job moved successfully. c:\windows\Tasks\At23.job moved successfully. c:\windows\Tasks\At24.job moved successfully. ========== COMMANDS ========== File DELETE failed. C:\DOCUME~1\Default\LOCALS~1\Temp\~DF7AF7.tmp scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Default\LOCALS~1\Temp\~DF7AFE.tmp scheduled to be deleted on reboot. User's Temp folder emptied. User's Temporary Internet Files folder emptied. User's Internet Explorer cache folder emptied. Local Service Temp folder emptied. File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. Local Service Temporary Internet Files folder emptied. File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_530.dat scheduled to be deleted on reboot. Windows Temp folder emptied. Java cache emptied. Temp folders emptied. Explorer started successfully OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 03132009_153142 Sorry, here is the log that popped up after I rebooted my computer: ========== PROCESSES ========== Process explorer.exe killed successfully. ========== FILES ========== c:\windows\Tasks\At1.job moved successfully. File/Folder c:\windows\system32\R8uV337c.exe not found. c:\windows\Tasks\At3.job moved successfully. c:\windows\Tasks\At4.job moved successfully. c:\windows\Tasks\At5.job moved successfully. c:\windows\Tasks\At6.job moved successfully. c:\windows\Tasks\At7.job moved successfully. c:\windows\Tasks\At8.job moved successfully. c:\windows\Tasks\At9.job moved successfully. c:\windows\Tasks\At10.job moved successfully. c:\windows\Tasks\At11.job moved successfully. c:\windows\Tasks\At12.job moved successfully. c:\windows\Tasks\At13.job moved successfully. c:\windows\Tasks\At14.job moved successfully. c:\windows\Tasks\At15.job moved successfully. c:\windows\Tasks\At16.job moved successfully. c:\windows\Tasks\At17.job moved successfully. c:\windows\Tasks\At18.job moved successfully. c:\windows\Tasks\At19.job moved successfully. c:\windows\Tasks\At20.job moved successfully. c:\windows\Tasks\At21.job moved successfully. c:\windows\Tasks\At22.job moved successfully. c:\windows\Tasks\At23.job moved successfully. c:\windows\Tasks\At24.job moved successfully. ========== COMMANDS ========== File delete failed. C:\DOCUME~1\Default\LOCALS~1\Temp\~DF7AF7.tmp scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Default\LOCALS~1\Temp\~DF7AFE.tmp scheduled to be deleted on reboot. User's Temp folder emptied. User's Temporary Internet Files folder emptied. User's Internet Explorer cache folder emptied. Local Service Temp folder emptied. File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. Local Service Temporary Internet Files folder emptied. File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_530.dat scheduled to be deleted on reboot. Windows Temp folder emptied. Java cache emptied. Temp folders emptied. Explorer started successfully OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 03132009_153142 Files moved on Reboot... File C:\DOCUME~1\Default\LOCALS~1\Temp\~DF7AF7.tmp not found! File C:\DOCUME~1\Default\LOCALS~1\Temp\~DF7AFE.tmp not found! File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot. File C:\WINDOWS\temp\Perflib_Perfdata_530.dat not found! Click START then RUN Now type Combofix /u in the runbox Make sure there's a space between Combofix and /u Then hit Enter. . ---------- Use the Kaspersky Lab Online Scanner In Microsoft Windows Vista, you must open the Web browser using the Run as Administrator command. From the Desktop right click the icon to open the browser and choose Run as Administrator. Click on SCAN NOW Click Accept. The program will then begin downloading the latest definition files. Once the files have been downloaded locate the Scan Settings and have it scan My Computer. The scan will take a while, so be patient and let it finish. When the scan is done, in the Scan is complete window, any infection is displayed. There is no option to clean/disinfect, however, we need to analyze the information on the report. To obtain the report: Click on: Save Report As Next, in the Save as prompt, Save in area, select: Desktop. In the File name area use KScan, or something similar. In Save as type: click the drop arrow and select: *Text file [.txt] Then, click: Save Copy and paste the Kaspersky Online Scanner Report in your next reply. Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.I've been running this Kaspersky scan for a couple hours now. It was scanning slowly, but was scanning. For about the past 40 minutes or so its been stuck at 69% and is stuck at the same number of files scanned 43,232. It says there is one threat, one infected object. I believe this is the point where it stopped but I don't know for certain because I wasn't watching it constantly. It says ... now scanning: HALAPIC.DL_ and location: C:\cmdcons Do you think its stuck and no longer running? Or should I let it run overnight and see what happens? Thanks! If it doesn't continue soon then stop it and use Dr Web instead. Download DrWeb CureIt & save it to your desktop. Scan with DrWeb-CureIt as follows: Double-click on drweb-cureit.exe and then click Start An information notice will appear, click OK. This starts a short scan that will scan the files currently running in memory. If you get a prompt to buy the full version just exit out of the window. The scanner will still work without buying the full version If or when something is found, click the Yes button when it asks you if you want to cure it. Once the short scan has finished, Click Settings > Change Settings Under the Scanning tab UNcheck Heuristic analysis and click OK Back at the main window, select the Complete scan button and then click the Green Arrow Start Scanning button on the right and the scan will start. Click Yes to all if it asks if you want to cure/move any file(s). When the scan is done. In the Dr.Web CureIt menu on top left, click File and choose Save report list. Save the DrWeb.csv report to your Desktop. Exit Dr.Web Cureit. Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot. [/COLOR] After reboot, Right-click the Dr.Web log on the desktop and choose Open With > Notepad** Copy and paste that log in the next reply [/list]I ran DrWeb last night. It was taking a long time to run and I went to bed at about 3:00 a.m. while it still had about 1/4 of the way to go. I checked it this morning and there was a question of whether or not I wanted to 'move' something. I said YES to all. After it completed its run, I saved a copy of the log to the desktop. Then I rebooted my computer. That was about 3 hours ago. I just went downstairs to check my computer (I'm on my husband's computer right now) and it is still showing the blue Windows screen that says WINDOWS IS SHUTTING DOWN. About an hour ago I tried to help it shut down all the way by pressing CTRL+ALT+DEL but nothing happened. I don't know what to do at this point. Should I hold the on/off button until it shuts down? Or will that undo everything that DrWeb has done in its scan? Please advise. Thanks!Hold the on/off button until it shuts down. The log should still be on the desktop.Here is the DrWeb log: NULL;C:\;Trojan.DownLoader.324;Deleted.; install.htm;C:\;Exploit.DialogArg;Deleted.; uinst_cp.exe;C:\WINDOWS\SYSTEM32;Adware.CasProg;; RxUser.exe;C:\Program Files\Dell\Resolution Assistant\Common\bin;Trojan.Spambot.origin;Incurable.Moved.; Uninstall.exe\SkillJamLoader.dll;C:\Program Files\SkillJam Technologies\Secure Player\Uninstall.exe;Program.PopcapLoader.4;; Uninstall.exe;C:\Program Files\SkillJam Technologies\Secure Player;Archive contains infected objects;Moved.; 01129984.FIL.OLD;C:\$VAULT$.AVG;Adware.Bho;; 08137240.FIL.OLD;C:\$VAULT$.AVG;Trojan.Inject.351;Cured.; 08982035.FIL.OLD;C:\$VAULT$.AVG;Trojan.Inject.351;Cured.; 33135219.FIL;C:\$VAULT$.AVG;Trojan.Inject.380;Deleted.; 33136160.FIL;C:\$VAULT$.AVG;Trojan.Inject.380;Deleted.; 19503571.FIL;C:\$VAULT$.AVG;Trojan.Inject.380;Deleted.; 57809879.FIL;C:\$VAULT$.AVG;Trojan.Virtumod.489;Deleted.; 28995633.FIL;C:\$VAULT$.AVG;Trojan.Virtumod.489;Deleted.; 45116527.FIL;C:\$VAULT$.AVG;Trojan.DownLoad.6098;Deleted.; 45117208.FIL;C:\$VAULT$.AVG;Trojan.DownLoad.6098;Deleted.; 11073900.FIL;C:\$VAULT$.AVG;Trojan.DownLoad.6098;Deleted.; 11074991.FIL;C:\$VAULT$.AVG;Trojan.DownLoad.6098;Deleted.; SkillJamLoader.dll;C:\Documents and Settings\All Users\Application Data\SkillJam\SecurePlayer;Program.PopcapLoader.4;; A0065913.exe;C:\System Volume Information\_restore{D1813AB8-B0C3-49B3-96D2-D8F82859F8EF}\RP1129;Trojan.Spambot.origin;Incurable.Moved.; A0065921.exe\SkillJamLoader.dll;C:\System Volume Information\_restore{D1813AB8-B0C3-49B3-96D2-D8F82859F8EF}\RP1129\A0065921.exe;Program.PopcapLoader.4;; A0065921.exe;C:\System Volume Information\_restore{D1813AB8-B0C3-49B3-96D2-D8F82859F8EF}\RP1129;Archive contains infected objects;Moved.; A0065922.OLD;C:\System Volume Information\_restore{D1813AB8-B0C3-49B3-96D2-D8F82859F8EF}\RP1129;Trojan.Inject.351;Cured.; A0065923.OLD;C:\System Volume Information\_restore{D1813AB8-B0C3-49B3-96D2-D8F82859F8EF}\RP1129;Trojan.Inject.351;Cured.;

Solve : Please help ... unrecognized Windows files ... don't know if I can reboot?

Answer»

I have:

Dell Dimension 4100
Intel Pentium III
Windows XP

I run:

Free AVG daily (update daily also)
CCleaner
Malwarebytes Quick Scan daily
Super Anti-Spyware Complete Scan every few DAYS

On the morning of the 5th, before I went online, I downloaded updates and ran MALWAREBYTES Quick Scan and it told me I had 1 infection, so I removed it.

Then I ran the Quick Scan again, and the same infection showed up again, so I removed it.

Then I ran the Complete Scan and 7 infections showed up, so I removed them.

THEN a windows box popped up with the heading WINDOWS FILE PROTECTION and inside the box it said:

Files that are required for Windows to run properly have been replaced by unrecognized versions. To maintain system stability, Windows must restore the original versions of these files. Insert your Windows XP Professional Service Pack 3 CD now.

Well, I don't have the CD. I got this computer second-hand years ago.

So I clicked CANCEL and it asked me if I was sure I wanted to keep the unrecognized versions and I said yes.

So then I ran Malwarebytes Complete Scan again, and 3 infections showed up (all pertaining to 'restore'), and I deleted them.

This time I did not get the WINDOWS FILE PROTECTION warning.

Then I downloaded updates and ran Super ANTISPYWARE Complete Scan, and no infections were detected.

Then I downloaded updates to AVG and ran 'scan computer' and no threats were detected.

Even though all my scans show my computer is clear of infections, I am still very worried about that WINDOWS FILE PROTECTION warning, because now my computer has kept the unrecognized versions of files that are required for Windows to run properly.

I am afraid to even try to reboot my computer, fearing it won't boot up again.

Here are the Malwarebytes & HJT logs. Any help or advice will be greatly appreciated. Thanks!

[attachment deleted by admin]avg runs it-self , ccleaner + malware + sas , would be ok to run every 5/7 days , your avg is out of date , wait for the experts to came along

for what its worth , i can not see anything in the 2 logs , but if there is an expert will let me know , harryDownload ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note: It is important that it is saved directly to your Desktop

Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Double click combofix.exe & follow the prompts.
When finished ComboFix will produce a log for you.
Post the ComboFix log in your next reply.

Important: Do not mouseclick ComboFix's window while it is RUNNING. That may cause it to stall.

Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.

If you have problems with ComboFix usage, see How to use ComboFixhi evil , was i right when i said there was nothing in the 2 logs , if there was could you tell me what it was , harryThere are a few things in the HJT log that need further review, Don't want to post what yet as they could be nothing so don't want anything deleted by mistake.Hi,

Thanks so much for your help, I really REALLY appreciate it. Here is a copy of the log:

[attachment deleted by admin]Download the OTMoveIt3 by OldTimer

Note: If you are running on Vista, right-click on OTMoveIt3.exe and choose Run As Administrator.

* Save it to your Desktop.
* Double-click OTMoveIt3.exe to run it.
* Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy)

Code: [Select]:Processes
explorer.exe

:files
c:\windows\Tasks\At1.job
c:\windows\system32\R8uV337c.exe
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

* Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
* Click the red Moveit! button.
* Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTMoveIt3

Note: If a file or folder cannot be moved immediately you may be asked to reboot your computer in order to finish the move process. If asked to reboot, choose Yes. If not, reboot anyway.Here are the results:

========== PROCESSES ==========
Process explorer.exe killed SUCCESSFULLY.
========== FILES ==========
c:\windows\Tasks\At1.job moved successfully.
File/Folder c:\windows\system32\R8uV337c.exe not found.
c:\windows\Tasks\At3.job moved successfully.
c:\windows\Tasks\At4.job moved successfully.
c:\windows\Tasks\At5.job moved successfully.
c:\windows\Tasks\At6.job moved successfully.
c:\windows\Tasks\At7.job moved successfully.
c:\windows\Tasks\At8.job moved successfully.
c:\windows\Tasks\At9.job moved successfully.
c:\windows\Tasks\At10.job moved successfully.
c:\windows\Tasks\At11.job moved successfully.
c:\windows\Tasks\At12.job moved successfully.
c:\windows\Tasks\At13.job moved successfully.
c:\windows\Tasks\At14.job moved successfully.
c:\windows\Tasks\At15.job moved successfully.
c:\windows\Tasks\At16.job moved successfully.
c:\windows\Tasks\At17.job moved successfully.
c:\windows\Tasks\At18.job moved successfully.
c:\windows\Tasks\At19.job moved successfully.
c:\windows\Tasks\At20.job moved successfully.
c:\windows\Tasks\At21.job moved successfully.
c:\windows\Tasks\At22.job moved successfully.
c:\windows\Tasks\At23.job moved successfully.
c:\windows\Tasks\At24.job moved successfully.
========== COMMANDS ==========
File DELETE failed. C:\DOCUME~1\Default\LOCALS~1\Temp\~DF7AF7.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Default\LOCALS~1\Temp\~DF7AFE.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_530.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 03132009_153142
Sorry, here is the log that popped up after I rebooted my computer:

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
c:\windows\Tasks\At1.job moved successfully.
File/Folder c:\windows\system32\R8uV337c.exe not found.
c:\windows\Tasks\At3.job moved successfully.
c:\windows\Tasks\At4.job moved successfully.
c:\windows\Tasks\At5.job moved successfully.
c:\windows\Tasks\At6.job moved successfully.
c:\windows\Tasks\At7.job moved successfully.
c:\windows\Tasks\At8.job moved successfully.
c:\windows\Tasks\At9.job moved successfully.
c:\windows\Tasks\At10.job moved successfully.
c:\windows\Tasks\At11.job moved successfully.
c:\windows\Tasks\At12.job moved successfully.
c:\windows\Tasks\At13.job moved successfully.
c:\windows\Tasks\At14.job moved successfully.
c:\windows\Tasks\At15.job moved successfully.
c:\windows\Tasks\At16.job moved successfully.
c:\windows\Tasks\At17.job moved successfully.
c:\windows\Tasks\At18.job moved successfully.
c:\windows\Tasks\At19.job moved successfully.
c:\windows\Tasks\At20.job moved successfully.
c:\windows\Tasks\At21.job moved successfully.
c:\windows\Tasks\At22.job moved successfully.
c:\windows\Tasks\At23.job moved successfully.
c:\windows\Tasks\At24.job moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Default\LOCALS~1\Temp\~DF7AF7.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Default\LOCALS~1\Temp\~DF7AFE.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_530.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 03132009_153142

Files moved on Reboot...
File C:\DOCUME~1\Default\LOCALS~1\Temp\~DF7AF7.tmp not found!
File C:\DOCUME~1\Default\LOCALS~1\Temp\~DF7AFE.tmp not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_530.dat not found!

Click START then RUN
Now type Combofix /u in the runbox
Make sure there's a space between Combofix and /u
Then hit Enter.

Kaspersky Lab Online Scanner

In Microsoft Windows Vista, you must open the Web browser using the Run as Administrator command. From the Desktop right click the icon to open the browser and choose Run as Administrator.

Click on SCAN NOW
Click Accept.
The program will then begin downloading the latest definition files.
Once the files have been downloaded locate the Scan Settings and have it scan My Computer.
The scan will take a while, so be patient and let it finish.

When the scan is done, in the Scan is complete window, any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.

To obtain the report:
Click on: Save Report As

Next, in the Save as prompt, Save in area, select: Desktop.
In the File name area use KScan, or something similar.
In Save as type: click the drop arrow and select: Text file [*.txt]
Then, click: Save

Copy and paste the Kaspersky Online Scanner Report in your next reply.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.I've been running this Kaspersky scan for a couple hours now. It was scanning slowly, but was scanning.

For about the past 40 minutes or so its been stuck at 69% and is stuck at the same number of files scanned 43,232.

It says there is one threat, one infected object. I believe this is the point where it stopped but I don't know for certain because I wasn't watching it constantly.

It says ... now scanning: HALAPIC.DL_ and location: C:\cmdcons

Do you think its stuck and no longer running? Or should I let it run overnight and see what happens?

Thanks!
If it doesn't continue soon then stop it and use Dr Web instead.

Download DrWeb CureIt & save it to your desktop. Scan with DrWeb-CureIt as follows:

Double-click on drweb-cureit.exe and then click Start
An information notice will appear, click OK.
This starts a short scan that will scan the files currently running in memory.
If you get a prompt to buy the full version just exit out of the window. The scanner will still work without buying the full version
If or when something is found, click the Yes button when it asks you if you want to cure it.

Once the short scan has finished, Click Settings > Change Settings
Under the Scanning tab UNcheck Heuristic analysis and click OK
Back at the main window, select the Complete scan button and then click the Green Arrow Start Scanning button on the right and the scan will start.
- Click Yes to all if it asks if you want to cure/move any file(s).
When the scan is done.
In the Dr.Web CureIt menu on top left, click File and choose Save report list.
Save the DrWeb.csv report to your Desktop.
Exit Dr.Web Cureit.

Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.

[/COLOR]

After reboot, Right-click the Dr.Web log on the desktop and choose Open With > Notepad
Copy and paste that log in the next reply

[/list]I ran DrWeb last night. It was taking a long time to run and I went to bed at about 3:00 a.m. while it still had about 1/4 of the way to go.

I checked it this morning and there was a question of whether or not I wanted to 'move' something. I said YES to all.

After it completed its run, I saved a copy of the log to the desktop.

Then I rebooted my computer.

That was about 3 hours ago. I just went downstairs to check my computer (I'm on my husband's computer right now) and it is still showing the blue Windows screen that says WINDOWS IS SHUTTING DOWN.

About an hour ago I tried to help it shut down all the way by pressing CTRL+ALT+DEL but nothing happened.

I don't know what to do at this point. Should I hold the on/off button until it shuts down? Or will that undo everything that DrWeb has done in its scan?

Please advise.

Thanks!Hold the on/off button until it shuts down. The log should still be on the desktop.Here is the DrWeb log:

NULL;C:\;Trojan.DownLoader.324;Deleted.;
install.htm;C:\;Exploit.DialogArg;Deleted.;
uinst_cp.exe;C:\WINDOWS\SYSTEM32;Adware.CasProg;;
RxUser.exe;C:\Program Files\Dell\Resolution Assistant\Common\bin;Trojan.Spambot.origin;Incurable.Moved.;
Uninstall.exe\SkillJamLoader.dll;C:\Program Files\SkillJam Technologies\Secure Player\Uninstall.exe;Program.PopcapLoader.4;;
Uninstall.exe;C:\Program Files\SkillJam Technologies\Secure Player;Archive contains infected objects;Moved.;
01129984.FIL.OLD;C:\$VAULT$.AVG;Adware.Bho;;
08137240.FIL.OLD;C:\$VAULT$.AVG;Trojan.Inject.351;Cured.;
08982035.FIL.OLD;C:\$VAULT$.AVG;Trojan.Inject.351;Cured.;
33135219.FIL;C:\$VAULT$.AVG;Trojan.Inject.380;Deleted.;
33136160.FIL;C:\$VAULT$.AVG;Trojan.Inject.380;Deleted.;
19503571.FIL;C:\$VAULT$.AVG;Trojan.Inject.380;Deleted.;
57809879.FIL;C:\$VAULT$.AVG;Trojan.Virtumod.489;Deleted.;
28995633.FIL;C:\$VAULT$.AVG;Trojan.Virtumod.489;Deleted.;
45116527.FIL;C:\$VAULT$.AVG;Trojan.DownLoad.6098;Deleted.;
45117208.FIL;C:\$VAULT$.AVG;Trojan.DownLoad.6098;Deleted.;
11073900.FIL;C:\$VAULT$.AVG;Trojan.DownLoad.6098;Deleted.;
11074991.FIL;C:\$VAULT$.AVG;Trojan.DownLoad.6098;Deleted.;
SkillJamLoader.dll;C:\Documents and Settings\All Users\Application Data\SkillJam\SecurePlayer;Program.PopcapLoader.4;;
A0065913.exe;C:\System Volume Information\_restore{D1813AB8-B0C3-49B3-96D2-D8F82859F8EF}\RP1129;Trojan.Spambot.origin;Incurable.Moved.;
A0065921.exe\SkillJamLoader.dll;C:\System Volume Information\_restore{D1813AB8-B0C3-49B3-96D2-D8F82859F8EF}\RP1129\A0065921.exe;Program.PopcapLoader.4;;
A0065921.exe;C:\System Volume Information\_restore{D1813AB8-B0C3-49B3-96D2-D8F82859F8EF}\RP1129;Archive contains infected objects;Moved.;
A0065922.OLD;C:\System Volume Information\_restore{D1813AB8-B0C3-49B3-96D2-D8F82859F8EF}\RP1129;Trojan.Inject.351;Cured.;
A0065923.OLD;C:\System Volume Information\_restore{D1813AB8-B0C3-49B3-96D2-D8F82859F8EF}\RP1129;Trojan.Inject.351;Cured.;

Solve : Please help ... unrecognized Windows files ... don't know if I can reboot?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment