the reason i am postng under the name goeverywhereman1 is because i accidently posted the wrong information and it said i had to wait 3600 seconds to post again. so i made a new account. im sorry if thats against the forum rules or something. thanks for the help in advance
The volume in drive C does not have a name.
The serial number for the volume is A8AA-34C1
contents of C:\WINDOWS\tasks
13/04/2007 11:48 .
13/04/2007 11:48 ..
18/07/2007 14:11 376 Check Updates for Windows Live Toolbar.job
30/08/2002 12:00 65 desktop.ini
18/07/2007 06:47 6 SA.DAT
3 fichier(s) 447 octets
contents of C:\Documents and Settings\BOULARD BERNARD\Bureau
i am sorry if this is a little hard to understand. the computer that i am running this on is running a french copy of windows.
OK great! The contents of C:\WINDOWS\tasks didn't produce the results I was expecting. That can be a good thing...you have a LOP infection. The Windows Tasks should have shown me a scheduled LOP job that would also need to be removed. Since there is none there, the rest of this clean up should go just fine.
Run a manual update for your on board Panda Antivirus software. Don't scan yet, just update the software and close the application.
Please run HijackThis again and check the box next to the following entries:
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: D:\Install.exe 0
O4 - HKCU\..\Run: C:\DOCUME~1\BOULAR~1\APPLIC~1\NEWLIT~1\Dale Idol.exe
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
Close all windows now except for the HijackThis application's window, then click the
Fix Checked button.
Reboot the computer into
Safe mode. Once in safe mode and logged on as "Administrator", please continue with the instructions below:
Locate and delete the following files/folders indicated in
Bold text:
D:\
Install.exe C:\DOCUMENTS AND SETTINGS\BOULAR~1\APPLICATION DATA\NEWLIT~1\Dale Idol.exe
***note***The folder will have more to the name but it begins with "NEWLIT"
Next, please run a complete system scan using your on board Panda Antivirus application. Allow the software to quarantine what it finds. Save the log.
Reboot back to your normal user mode and post the Panda scan log along with a fresh HijackThis log. Please post your reply under the user ID "goeverywhereman" this time. How is the System running for you now?
1972vet
3.3K Posts
0
July 13th, 2007 02:00
dir %Windir%\tasks /a h > files.txt
notepad files.txt
Save this as findjobs.bat...choose to save it as "all files" and place it on your desktop.
Doubleclick on the findjobs.bat file and post the content of the txtfile that opens in your next reply. Thanks!
goeverywhereman1
1 Message
0
July 18th, 2007 12:00
The volume in drive C does not have a name.
The serial number for the volume is A8AA-34C1
contents of C:\WINDOWS\tasks
13/04/2007 11:48 .
13/04/2007 11:48 ..
18/07/2007 14:11 376 Check Updates for Windows Live Toolbar.job
30/08/2002 12:00 65 desktop.ini
18/07/2007 06:47 6 SA.DAT
3 fichier(s) 447 octets
contents of C:\Documents and Settings\BOULARD BERNARD\Bureau
i am sorry if this is a little hard to understand. the computer that i am running this on is running a french copy of windows.
1972vet
3.3K Posts
0
July 18th, 2007 15:00
Let's make sure you can view all files.
Run a manual update for your on board Panda Antivirus software. Don't scan yet, just update the software and close the application.
Please run HijackThis again and check the box next to the following entries:
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: D:\Install.exe 0
O4 - HKCU\..\Run: C:\DOCUME~1\BOULAR~1\APPLIC~1\NEWLIT~1\Dale Idol.exe
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
Close all windows now except for the HijackThis application's window, then click the Fix Checked button.
Reboot the computer into Safe mode. Once in safe mode and logged on as "Administrator", please continue with the instructions below:
Locate and delete the following files/folders indicated in Bold text:
D:\ Install.exe
C:\DOCUMENTS AND SETTINGS\BOULAR~1\APPLICATION DATA\NEWLIT~1\Dale Idol.exe ***note*** The folder will have more to the name but it begins with "NEWLIT"
Next, please run a complete system scan using your on board Panda Antivirus application. Allow the software to quarantine what it finds. Save the log.
Reboot back to your normal user mode and post the Panda scan log along with a fresh HijackThis log. Please post your reply under the user ID "goeverywhereman" this time. How is the System running for you now?