My HijackLog to determine virus [Windows Update not working]

Delete the following, then empty the recycle bin.

C:\Deckard
C:\WINDOWS\system32\TFTP316

If you're satisfied that the computer is working properly, clear the System Restore points.

Clear past system restore points and create a new one.
Right click My Computer and select Properties. On the System Restore tab, check the box to turn System Restore off. Click Apply. Now, uncheck the box and click Apply. Click OK, then OK to close the System Properties dialog.

Verify a new restore point was created.
Click Start>All Programs>Accessories>System Tools>System Restore
Select 'Restore my computer to an earlier time', then click next.
You should have a newly created System Checkpoint available. If so, click Cancel. If not, click Back and select 'Create a restore point' then click Next. Give the restore point a name and click next.

Now you can continue with Windows Updates.

 

It's not letting me delete the Deckard file, it can't find the specified path.

 

Open your way through the Deckard subfolders and delete all individual files, then back your way out deleting the empty folders as you go.

 

I've done all that, the temporary internet folder wouldn't delete because there are a couple of files contained within which didn't have a delete button when right clicked, they only read open or send to.

 

I've discovered a problem, on other messageboards you can use the mouse to rollover the subject line and get a thread "preview" well, I've just visited a few messageboards that have that enabled and it isn't working for me

 

Hi Funicula

Dave asked me to have you try a tool to delte the Decker folder.

He will be back later tonight, I'll let him address the preview problem.

Download
OTMoveIt by OldTimer to your Desktop.

• Double click OTMoveIt.exe to launch it.
• Copy/Paste the contents of the box below into the left hand pane of OTMoveIt.

• Click the Move It button.
• The list will be processed and the results will appear in the right hand pane.
• If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
• When finished click Exit to exit the programme.
• A log C:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log will be created (where mmddyyyy_hhmmss are numbers giving date and time the log was created).

Thanks
Geri

 

Thanks Geri!

If OTMoveIt works to remove the folder, delete both OTMoveIt.exe and the C:\_OTMoveIt folder, then empty the recycle bin before clearing those System Restore points.

The mouseover feature is used and enabled on this forum as well, does it work for you here? Using Inernet Explorer? Other browsers?

 

OT deleted the Deckard folder but now when I try and delete the OT folder it won't because it contains the Deckard files that won't delete.

The mouseover doesn't work on this messageboard either nor several others, it did work before I ran ATF Cleaner, could cleaning my Java Cache caused it?

I'm using IE version6 I haven't any other browsers installed on my computer.


EDIT: Nevermind, the rollover works now.

 

Download ComboFix by sUBs from Here or Here, saving the file to your Desktop.

Copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)

Code:

Folder::
C:\_OTMoveIt

Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log. See if you can delete the C:\qoobox folder.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

 

After downloading I opened up the ComboFix, it said preparing to run, showed the disclaimer and said type 1 to continue which I did but it didn't go on to anything it just stayed there.

 

That's odd.

Lets do this another way. Download MoveOnBoot to remove the folder on reboot.

Short on time right now, so I can't give you specific how-to .......... I'm sure you can figure it out.

 

Did the Moveonboot. Afterwards I searched for the OT folder to see if was still around, it's still there, so that didn't work either.

Why are these temp files so difficult to delete?

 

Just so we're clear on how it was done, lets give MoveOnBoot another shot.

Open MoveOnBoot and click Delete Actions, then select Delete Folder(s). In the delete folders popup, click the browse button (just to the lower right of the window, three dots on it). Browse to and select the C:\_OTMoveIt folder then click OK. Click OK again. The folder should now show in the main console with an action of DELETE FOLDER ON NEXT REBOOT. Close MoveOnBoot and restart the computer.

 

Yep I did that yesterday, gave it another shot but it still hasn't worked.

 

This is very odd. Would you please navigate to those files and see if you can right click>Send To a compressed folder, then attach that zip file in an email to me

If that fails to work, is there an option to select rename? properties?

Please give me the current exact path to the files.

 

Opening OT Folder opens to Moved Files Folder, which opens to 2 Text Documents and a folder
09102007_131217.log text document
09102007_131045.log text document
Folder titled Deckard
Opening Deckard goes to System Scanner folder, which opens to 20070908185953 folder, when opened goes to backup folder, WHICH opens to DOCUME ~1 folder, opened goes to User Folder, which opens to LOCALS~1 folder, opens to temp folder, opens to Temporary Internet Files folder, opens to Content.IE5 folder, going to seven folders each entitled

1. U3IN65QZ folder opens

profile;sz=728x90;kch=2354... file
profile;sz=728x90;kch=2365... file
click%3Bh=v5_33d8_3_0_%... file

2. S7HVQ6FH folder opens

profile;sz=728x90;kch2354... file
profile;sz=728x90;kch2354... file

3. KT634DYN folder opens

Type=click&FlightID=50132&
Type=click&FlightID=4915&A... html document

4. AL5AVYH0 folder opens

web[4] file
web[3] file
security worm5 [1] file
search[2] file
profile;sz=728x90;kch=2354.... file
profile;sz=728x90;kch=2354.... file
music;sz=728x90;kch=21798.... file

5. 9VNBH1CE folder opens
profile;sz=728x90;kch=2354.... 37file
profile;sz=728x90;kch=2354.... file

6. 4LENGHEN folder opens
Network=ugo&size=800x600.... file

7. 4LANWDQW folder opens
Type= click&FlightID= 50132&.... file


Theres no other options on the files the only thing that shows when you right click them is Open and Send to. I'm hoping I typed it out alright so it makes sense, I'm sure there was an easier way of typing it out but I always choose the hard way for some reason.

 

See if you can zip the OTMoveIt folder and send me the zip.

 

Unfortunately none of the files made it into the zipped folder for some reason. I can email you the folder though, it just won't be zipped.

 

If they won't zip, they won't get sent successfully anyway. Let's do this.

Copy the contents of the quote box below to a blank notepad. Save it to the desktop as;

Filename: looksee.bat
Save as type: All Files (*.*)

Double click check.bat to run it. It will open looksee.txt when it completes. Please post it's contents.

 

looksee.txt

Volume in drive C has no label.
Volume Serial Number is 28BB-BC6F

Directory of C:\_OTMoveIt

2007-09-10 13:10 <DIR> .
2007-09-10 13:10 <DIR> ..
2007-09-10 13:12 <DIR> MovedFiles
0 File(s) 0 bytes

Directory of C:\_OTMoveIt\MovedFiles

2007-09-10 13:12 <DIR> .
2007-09-10 13:12 <DIR> ..
2007-09-10 13:10 717 09102007_131045.log
2007-09-10 13:12 70 09102007_131217.log
2007-09-10 13:10 <DIR> Deckard
2 File(s) 787 bytes

Directory of C:\_OTMoveIt\MovedFiles\Deckard

2007-09-10 13:10 <DIR> .
2007-09-10 13:10 <DIR> ..
2007-09-10 13:10 <DIR> System Scanner
0 File(s) 0 bytes

Directory of C:\_OTMoveIt\MovedFiles\Deckard\System Scanner

2007-09-10 13:10 <DIR> .
2007-09-10 13:10 <DIR> ..
2007-09-10 13:10 <DIR> 20070908185953
0 File(s) 0 bytes

Directory of C:\_OTMoveIt\MovedFiles\Deckard\System Scanner\20070908185953

2007-09-10 13:10 <DIR> .
2007-09-10 13:10 <DIR> ..
2007-09-10 13:10 <DIR> backup
0 File(s) 0 bytes

Directory of C:\_OTMoveIt\MovedFiles\Deckard\System Scanner\20070908185953\backup

2007-09-10 13:10 <DIR> .
2007-09-10 13:10 <DIR> ..
2007-09-10 13:10 <DIR> DOCUME~1
0 File(s) 0 bytes

Directory of C:\_OTMoveIt\MovedFiles\Deckard\System Scanner\20070908185953\backup\DOCUME~1

2007-09-10 13:10 <DIR> .
2007-09-10 13:10 <DIR> ..
2007-09-10 13:10 <DIR> User
0 File(s) 0 bytes

Directory of C:\_OTMoveIt\MovedFiles\Deckard\System Scanner\20070908185953\backup\DOCUME~1\User

2007-09-10 13:10 <DIR> .
2007-09-10 13:10 <DIR> ..
2007-09-10 13:10 <DIR> LOCALS~1
0 File(s) 0 bytes

Directory of C:\_OTMoveIt\MovedFiles\Deckard\System Scanner\20070908185953\backup\DOCUME~1\User\LOCALS~1

2007-09-10 13:10 <DIR> .
2007-09-10 13:10 <DIR> ..
2007-09-10 13:10 <DIR> Temp
0 File(s) 0 bytes

Directory of C:\_OTMoveIt\MovedFiles\Deckard\System Scanner\20070908185953\backup\DOCUME~1\User\LOCALS~1\Temp

2007-09-10 13:10 <DIR> .
2007-09-10 13:10 <DIR> ..
2004-07-01 14:58 <DIR> Temporary Internet Files
0 File(s) 0 bytes

Directory of C:\_OTMoveIt\MovedFiles\Deckard\System Scanner\20070908185953\backup\DOCUME~1\User\LOCALS~1\Temp\Temporary Internet Files

2004-07-01 14:58 <DIR> .
2004-07-01 14:58 <DIR> ..
2007-09-09 22:46 <DIR> Content.IE5
0 File(s) 0 bytes

Directory of C:\_OTMoveIt\MovedFiles\Deckard\System Scanner\20070908185953\backup\DOCUME~1\User\LOCALS~1\Temp\Temporary Internet Files\Content.IE5

2007-09-09 22:46 <DIR> .
2007-09-09 22:46 <DIR> ..
2007-09-09 22:11 <DIR> 4LANWDQV
2007-09-09 22:29 <DIR> 4LENGHEN
2007-09-09 22:33 <DIR> 9VNBH1CE
2007-09-09 22:35 <DIR> AL5AVYH0
2004-07-01 14:58 67 desktop.ini
2007-09-09 22:40 <DIR> KT634DYN
2007-09-09 22:43 <DIR> S7HVQ6FH
2007-09-09 22:46 <DIR> U3IN65QZ
1 File(s) 67 bytes

Directory of C:\_OTMoveIt\MovedFiles\Deckard\System Scanner\20070908185953\backup\DOCUME~1\User\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\4LANWDQV

2007-09-09 22:11 <DIR> .
2007-09-09 22:11 <DIR> ..
2004-07-01 14:58 67 desktop.ini
2005-06-24 18:20 5,204 Type=click&FlightID=50132&AdID=78613&TargetID=12492&Segments=&Targets=&Values=25,31,43,51,60,72,85,100,110,150,152,198,212,557,598,637,654,730,742,743,1494,1496[1]
2 File(s) 5,271 bytes

Directory of C:\_OTMoveIt\MovedFiles\Deckard\System Scanner\20070908185953\backup\DOCUME~1\User\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\4LENGHEN

2007-09-09 22:29 <DIR> .
2007-09-09 22:29 <DIR> ..
2004-07-01 14:58 67 desktop.ini
2005-06-24 18:20 1,109 Network=ugo&size=800x600&adtype=over&affiliate=musicremedy&suba=musicremedy&channel=music&subchannel=tic&category=tic&PT=hp&CR=ti&pez=tic[1]
2 File(s) 1,176 bytes

Directory of C:\_OTMoveIt\MovedFiles\Deckard\System Scanner\20070908185953\backup\DOCUME~1\User\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\9VNBH1CE

2007-09-09 22:33 <DIR> .
2007-09-09 22:33 <DIR> ..
2006-05-01 00:29 67 desktop.ini
2006-07-13 22:19 97 profile;sz=728x90;kch=2354152811;kbg=FFFFFF;kkw=2005+2006+amv+animation+anime+baby+band+boy+car+cat+comedy+commercial+concert+cool+crazy+cute+dance+episode+fantasy+fight+film[1].37
2006-07-13 22:19 97 profile;sz=728x90;kch=2354152811;kbg=FFFFFF;kkw=2005+2006+amv+animation+anime+baby+band+boy+car+cat+comedy+commercial+concert+cool+crazy+cute+dance+episode+fantasy+fight+fil[1]
3 File(s) 261 bytes

Directory of C:\_OTMoveIt\MovedFiles\Deckard\System Scanner\20070908185953\backup\DOCUME~1\User\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\AL5AVYH0

2007-09-09 22:35 <DIR> .
2007-09-09 22:35 <DIR> ..
2006-05-01 00:29 67 desktop.ini
2006-07-14 00:13 561 music;sz=728x90;kch=2179803025;kbg=FFFFFF;kkw=Music;ord=9915414197209352[2]
2006-07-14 00:00 457 profile;sz=728x90;kch=2354152811;kbg=FFFFFF;kkw=2005+2006+amv+animation+anime+baby+band+boy+car+cat+comedy+commercial+concert+cool+crazy+cute+dance+episode+fantasy+fight+film+[1].5
2006-07-13 22:19 97 profile;sz=728x90;kch=2354152811;kbg=FFFFFF;kkw=2005+2006+amv+animation+anime+baby+band+boy+car+cat+comedy+commercial+concert+cool+crazy+cute+dance+episode+fantasy+fight+fil[1]
2006-05-01 03:02 18,376 search[2]
2006-05-01 00:45 15,431 securityworm5[1]
2006-05-01 02:59 63,655 web[3]
2006-05-01 03:00 97,190 web[4]
8 File(s) 195,834 bytes

Directory of C:\_OTMoveIt\MovedFiles\Deckard\System Scanner\20070908185953\backup\DOCUME~1\User\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\KT634DYN

2007-09-09 22:40 <DIR> .
2007-09-09 22:40 <DIR> ..
2004-07-01 14:58 67 desktop.ini
2004-12-03 23:09 801 Type=click&FlightID=4915&AdID=7477&TargetID=1266&Segments=59,69,93,226,228,231,233,600,621,647,654,730,748,852,1051,1062,1080,1349,1422,1443,1505,1509&Targets=771,1012,1263,[1].htm
2005-06-24 18:20 1,645 Type=click&FlightID=50132&AdID=78613&TargetID=12492&Segments=&Targets=&Values=25,31,43,51,60,72,85,100,110,150,152,198,212,557,598,637,654,730,742,743,1494,1496,1583,1655,18[1]
3 File(s) 2,513 bytes

Directory of C:\_OTMoveIt\MovedFiles\Deckard\System Scanner\20070908185953\backup\DOCUME~1\User\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\S7HVQ6FH

2007-09-09 22:43 <DIR> .
2007-09-09 22:43 <DIR> ..
2006-05-01 00:29 67 desktop.ini
2006-07-14 00:13 457 profile;sz=728x90;kch=2354152811;kbg=FFFFFF;kkw=2005+2006+amv+animation+anime+baby+band+boy+car+cat+comedy+commercial+concert+cool+crazy+cute+dance+episode+fantasy+fight+fil[1]
2006-07-14 00:13 811 profile;sz=728x90;kch=2354152811;kbg=FFFFFF;kkw=2005+2006+amv+animation+anime+baby+band+boy+car+cat+comedy+commercial+concert+cool+crazy+cute+dance+episode+fantasy+fight+fil[2]
3 File(s) 1,335 bytes

Directory of C:\_OTMoveIt\MovedFiles\Deckard\System Scanner\20070908185953\backup\DOCUME~1\User\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\U3IN65QZ

2007-09-09 22:46 <DIR> .
2007-09-09 22:46 <DIR> ..
2006-05-01 02:56 591 click%3Bh=v5_33d8_3_0_%2a_k%3B31190154%3B0-0%3B0%3B10310753%3B4307-300_250%3B16023796_16041691_1%3B%3B%7Esscs%3D%3f;sz=300x250;ord=6174296[1]
2006-05-01 00:29 67 desktop.ini
2006-07-13 22:09 96 profile;sz=728x90;kch=2354152811;kbg=FFFFFF;kkw=2005+2006+amv+animation+anime+baby+band+boy+car+cat+comedy+commercial+concert+cool+crazy+cute+dance+episode+fantasy+fight+fil[1]
2006-07-13 22:10 96 profile;sz=728x90;kch=2354152811;kbg=FFFFFF;kkw=2005+2006+amv+animation+anime+baby+band+boy+car+cat+comedy+commercial+concert+cool+crazy+cute+dance+episode+fantasy+fight+fil[3]
4 File(s) 850 bytes

Total Files Listed:
28 File(s) 208,094 bytes
56 Dir(s) 6,963,204,096 bytes free