We will create a new Restore Point right now when we uninstall ComboFix.
- Click START then RUN
- Now type Combofix /u in the runbox
- Make sure there's a space between Combofix and /u
- Then hit Enter.
(http://i154.photobucket.com/albums/s258/evilfantasy69/combofixu-1.jpg)
- The above procedure will:
- Delete the following:
- ComboFix and its associated files and folders.
- Reset the clock settings.
- Hide file extensions, if required.
- Hide System/Hidden files, if required.
- Set a new, clean Restore Point.
.
----------
Now lets try to remove all of those folders/files that are opening.
Log on to the account that has everything bad loading up on it. (be sure you have moved your files to another account before doing this)
Download OTMoveIt2 by OldTimer (http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe)
.
Note: If you are running on Vista, right-click on OTMoveIt2.exe and choose Run As Administrator.
- Double-click OTMoveIt2.exe to run it.
- Copy the lines in the codebox below.
[kill explorer]
C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Start Menu
C:\Documents and Settings\Owner.ANTHONY\Application Data
C:\Documents and Settings\Owner.ANTHONY\Cookies
C:\Documents and Settings\Owner.ANTHONY\Desktop
C:\Documents and Settings\Owner.ANTHONY\Favorites
C:\Documents and Settings\Owner.ANTHONY\Local Settings
C:\Documents and Settings\Owner.ANTHONY\LuResult.txt
C:\Documents and Settings\Owner.ANTHONY\My Documents
C:\Documents and Settings\Owner.ANTHONY\NetHood
C:\Documents and Settings\Owner.ANTHONY\ntuser.dat
C:\Documents and Settings\Owner.ANTHONY\ntuser.dat.LOG
C:\Documents and Settings\Owner.ANTHONY\ntuser.ini
C:\Documents and Settings\Owner.ANTHONY\PrintHood
C:\Documents and Settings\Owner.ANTHONY\Recent
C:\Documents and Settings\Owner.ANTHONY\SendTo
C:\Documents and Settings\Owner.ANTHONY\Start Menu
C:\Documents and Settings\Owner.ANTHONY\Templates
C:\Documents and Settings\Owner.ANTHONY\UserData
C:\Documents and Settings\Owner.ANTHONY\WINDOWS
C:\WINDOWS\system32\tmp.txt
C:\WINDOWS\SYSTEM32\tmp.reg
EmptyTemp
[start explorer]
- Return to OTMoveIt2, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste
- Click the red Moveit! button.
- Copy everything in the Results window (under the green bar) and paste it in your next reply.
- Close OTMoveIt2
.
Note: If a file or folder cannot be moved immediately you may be asked to reboot your computer in order to finish the move process. If asked to reboot, choose Yes. If not, reboot anyway.