my search engines queries get sent to I-X find sites

Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

BleepingComputer.com > Security > HijackThis Logs and Virus/Trojan/Spyware/Malware Removal

Forum Guidelines

Read this topic before posting a log.

DO NOT post a ComboFix log unless requested to.

Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

my search engines queries get sent to I-X find sites, I have uploaded new Live One Care stuff still cant get rid of it

Options

thcbytes View Member Profile	Jun 10 2009, 01:24 PM Post #2
Bleepin' Peaceful Group: HJT Team Posts: 4,479 Joined: 9-December 08 Member No.: 267,653	Hi and welcome to the HijackThis Logs and Virus/Trojan/Spyware/Malware Removal forum, I am and I am here to help you! I ask that you refrain from running tools other than those we suggest to you while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please perform all steps in the order received and do not proceed if you need clarification. In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine. After 5 days if a topic is not replied to we assume it has been abandoned and it is closed. As I am in training an Expert Coach will assist me in your fix. Your benefit will be "four eyes and two brains" but responses may be somewhat delayed so please be patient!!!! I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please be courteous and appreciative for the assistance provided! ******** I need a deeper look at your computer. Please do this....... Download random's system information tool (RSIT) by random/random from here and save it to your desktop. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized) ****** With your next post please provide:** * RSIT log.txt * RSIT info.txt ******** I will review your logs and post instructions forthcoming. Regards, t -------------------- Proud member - Unified Network of Instructors and Trained Eliminators** I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost! http://organdonor.gov/donor/index.htm

seanrisatti View Member Profile	Jun 10 2009, 02:07 PM Post #3
New Member Group: Members Posts: 4 Joined: 10-June 09 Member No.: 340,699	Logfile of random's system information tool 1.06 (written by random/random) Run by Owner at 2009-06-10 13:03:07 Microsoft Windows XP Home Edition Service Pack 3 System drive C: has 140 GB (91%) free of 153 GB Total RAM: 503 MB (20% free) HijackThis download failed ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-05-21 41368] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-05-21 73728] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2004-08-20 155648] "HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2004-08-20 118784] "AlcxMonitor"=C:\WINDOWS\ALCXMNTR.EXE [2004-09-07 57344] "AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2004-06-29 88363] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696] "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-04-02 342312] "OneCareUI"=C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe [2009-03-22 63864] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-05-21 148888] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "EPSON Stylus CX7400 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDA.EXE [2007-02-15 179200] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360] "MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\WINDOWS\system32\igfxsrvc.dll [2004-08-20 344064] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\OneCareMP] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "C:\Documents and Settings\Owner\Desktop\LimeWire\LimeWire.exe"="C:\Documents and Settings\Owner\Desktop\LimeWire\LimeWire.exe::Enabled:LimeWire" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe::Enabled:Bonjour" "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe::Enabled:iTunes" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" ======List of files/folders created in the last 1 months====== 2009-06-10 13:03:09 ----D---- C:\Program Files\trend micro 2009-06-10 13:03:07 ----D---- C:\rsit 2009-06-10 11:33:24 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$ 2009-06-10 11:33:15 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$ 2009-06-10 11:33:07 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$ 2009-06-10 11:32:56 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$ 2009-06-10 11:25:48 ----D---- C:\WINDOWS\system32\XPSViewer 2009-06-10 11:25:41 ----D---- C:\Program Files\MSBuild 2009-06-10 11:25:27 ----D---- C:\Program Files\Reference Assemblies 2009-06-10 11:24:37 ----N---- C:\WINDOWS\system32\xpsshhdr.dll 2009-06-10 11:24:37 ----N---- C:\WINDOWS\system32\prntvpt.dll 2009-06-10 11:24:36 ----N---- C:\WINDOWS\system32\xpssvcs.dll 2009-06-10 11:24:35 ----D---- C:\f7166f7cead627bc0ffef4212ccd8357 2009-06-10 11:21:47 ----SHD---- C:\Config.Msi 2009-06-10 11:07:11 ----A---- C:\WINDOWS\system32\SET281.tmp 2009-06-10 11:07:10 ----A---- C:\WINDOWS\system32\SET27C.tmp 2009-06-10 11:07:09 ----A---- C:\WINDOWS\system32\SET27D.tmp 2009-06-10 11:07:08 ----A---- C:\WINDOWS\system32\SET27E.tmp 2009-06-10 11:07:04 ----A---- C:\WINDOWS\system32\SET282.tmp 2009-06-10 11:04:58 ----D---- C:\WINDOWS\LastGood 2009-06-10 10:25:06 ----A---- C:\WINDOWS\system32\javaws.exe 2009-06-10 10:25:06 ----A---- C:\WINDOWS\system32\javaw.exe 2009-06-10 10:25:06 ----A---- C:\WINDOWS\system32\java.exe 2009-06-09 11:19:14 ----RSD---- C:\WINDOWS\assembly 2009-06-09 11:18:27 ----D---- C:\WINDOWS\Microsoft.NET 2009-06-09 11:03:28 ----D---- C:\Program Files\Microsoft Windows OneCare Live 2009-06-09 10:49:31 ----D---- C:\Program Files\Windows Live Safety Center 2009-06-09 10:38:09 ----D---- C:\WINDOWS\ie8updates 2009-06-09 10:35:46 ----HDC---- C:\WINDOWS\ie8 2009-06-09 08:46:23 ----D---- C:\Program Files\podmena 2009-05-20 19:53:35 ----D---- C:\Program Files\Microsoft ======List of files/folders modified in the last 1 months====== 2009-06-10 13:03:09 ----D---- C:\Program Files 2009-06-10 13:02:46 ----A---- C:\WINDOWS\ModemLog_PANTECH UM175 #3.txt 2009-06-10 11:37:34 ----SHD---- C:\WINDOWS\Installer 2009-06-10 11:34:33 ----D---- C:\WINDOWS\Prefetch 2009-06-10 11:34:15 ----HD---- C:\WINDOWS\inf 2009-06-10 11:34:13 ----D---- C:\WINDOWS 2009-06-10 11:34:04 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-06-10 11:33:59 ----D---- C:\Program Files\Internet Explorer 2009-06-10 11:33:58 ----D---- C:\WINDOWS\system32 2009-06-10 11:33:31 ----HD---- C:\WINDOWS\$hf_mig$ 2009-06-10 11:33:28 ----A---- C:\WINDOWS\imsins.BAK 2009-06-10 11:31:04 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-06-10 11:30:36 ----D---- C:\WINDOWS\WinSxS 2009-06-10 11:25:43 ----D---- C:\WINDOWS\system32\en-us 2009-06-10 11:25:35 ----RSD---- C:\WINDOWS\Fonts 2009-06-10 11:25:05 ----D---- C:\WINDOWS\system32\spool 2009-06-10 11:24:43 ----D---- C:\WINDOWS\system32\CatRoot2 2009-06-10 11:24:22 ----D---- C:\WINDOWS\Temp 2009-06-10 10:50:21 ----HD---- C:\Documents and Settings\Owner\Application Data\Move Networks 2009-06-10 10:46:04 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-06-10 10:45:17 ----D---- C:\Program Files\Common Files 2009-06-10 10:24:50 ----D---- C:\Program Files\Java 2009-06-10 09:42:12 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft 2009-06-09 12:44:46 ----SD---- C:\Documents and Settings\Owner\Application Data\Microsoft 2009-06-09 11:39:17 ----SD---- C:\WINDOWS\system32\Microsoft 2009-06-09 11:34:05 ----D---- C:\WINDOWS\system32\config 2009-06-09 11:23:10 ----D---- C:\WINDOWS\system32\drivers 2009-06-09 11:23:08 ----DC---- C:\WINDOWS\system32\DRVSTORE 2009-06-09 11:18:31 ----D---- C:\WINDOWS\system32\mui 2009-06-09 10:49:32 ----SD---- C:\WINDOWS\Downloaded Program Files 2009-06-09 10:39:23 ----D---- C:\WINDOWS\Media 2009-06-09 10:39:23 ----D---- C:\WINDOWS\Help 2009-06-09 10:35:39 ----D---- C:\WINDOWS\system32\CatRoot 2009-06-09 08:55:53 ----D---- C:\Documents and Settings\All Users\Application Data\NOS 2009-06-09 08:55:51 ----D---- C:\Program Files\NOS 2009-06-02 14:26:27 ----D---- C:\Program Files\MSN 2009-06-01 10:51:12 ----A---- C:\WINDOWS\system32\MRT.exe 2009-05-21 11:33:57 ----A---- C:\WINDOWS\system32\deploytk.dll ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352] R1 MSFWHLPR;MSFWHLPR; C:\WINDOWS\system32\DRIVERS\msfwhlpr.sys [2007-11-27 116416] R1 podmenadrv;podmenadrv; \??\C:\Program Files\podmena\podmena.sys [] R2 MSFWDrv;MSFWDrv; C:\WINDOWS\system32\DRIVERS\msfwdrv.sys [2007-11-27 91328] R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776] R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2008-03-21 1203776] R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-10-01 2279424] R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter; C:\WINDOWS\system32\DRIVERS\AN983.sys [2004-08-03 36224] R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400] R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2004-08-20 737874] R3 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [2008-05-15 53168] R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824] R3 PTDUBus;PANTECH UM175 Composite Device Driver ; C:\WINDOWS\system32\DRIVERS\PTDUBus.sys [2008-03-11 29824] R3 PTDUMdm;PANTECH UM175 Drivers; C:\WINDOWS\system32\DRIVERS\PTDUMdm.sys [2008-03-11 41344] R3 PTDUVsp;PANTECH UM175 Diagnostic Port; C:\WINDOWS\system32\DRIVERS\PTDUVsp.sys [2008-03-11 39936] R3 PTDUWWAN;PANTECH UM175 WWAN Driver; C:\WINDOWS\system32\DRIVERS\PTDUWWAN.sys [2008-03-11 59776] R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] S3 dot4;MS IEEE-1284.4 Driver; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2008-04-13 206976] S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928] S3 dot4usb;Dot4USB Filter Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-08-17 23808] S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160] S3 PTDMBus;PANTECH USB Modem Composite Device Driver ; C:\WINDOWS\system32\DRIVERS\PTDMBus.sys [2007-08-17 29952] S3 PTDMMdm;PANTECH USB Modem Drivers ; C:\WINDOWS\system32\DRIVERS\PTDMMdm.sys [2007-08-17 41856] S3 PTDMVsp;PANTECH USB Modem Serial Port ; C:\WINDOWS\system32\DRIVERS\PTDMVsp.sys [2007-08-17 39936] S3 PTDMWWAN;PANTECH USB Modem WWAN Driver; C:\WINDOWS\system32\DRIVERS\PTDMWWAN.sys [2007-08-17 59520] S3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2008-02-25 105088] S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992] S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552] S3 UNDPX2A;UNDPX2A; \??\C:\WINDOWS\system32\drivers\UNDPX2A.SYS [] S3 USB_RNDIS;USB Remote NDIS Network Device Driver; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2008-04-13 12800] S3 USBCM;Scientific-Atlanta USB Cable Modem Driver; C:\WINDOWS\system32\DRIVERS\Sacm2A.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\WINDOWS\system32\agrsmsvc.exe [2008-03-18 13312] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-26 132424] R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-05-21 152984] R2 msfwsvc;OneCare Firewall; C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe [2007-11-27 755264] R2 OcHealthMon;Windows Live OneCare Health Monitor; C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe [2009-03-22 24936] R2 OneCareMP;OneCare AntiSpyware and AntiVirus; C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe [2008-07-09 18704] R2 podmena;podmena; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336] R2 winss;Windows Live OneCare; C:\Program Files\Microsoft Windows OneCare Live\winss.exe [2009-03-22 1131896] R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-04-02 656168] S2 spupdsvc;Windows Service Pack Installer update service; C:\WINDOWS\system32\spupdsvc.exe [2009-01-07 26144] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF----------------- info.txt logfile of random's system information tool 1.06 2009-06-10 13:03:16 ======Uninstall list====== -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Acrobat.com-->MsiExec.exe /X{287ECFA4-719A-2143-A09B-D6A12DE54E40} Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723} Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Reader 9.1.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001} Agere Systems PCI Soft Modem-->agrsmdel Apple Mobile Device Support-->MsiExec.exe /I{AFA20D47-69C3-4030-8DF8-D37466E70F13} Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B} Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE} EPSON Printer Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r EPSON Stylus CX7400 Series Scanner Driver Update-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{24ADC0E4-8D3E-40C4-9106-F2DE5E9112F1}\Setup.exe" -l0x9 GTOneCare-->MsiExec.exe /X{8B21B9EF-6DBF-4F63-8CC7-9F6A56D1EE8E} Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT="" Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" Intel® Extreme Graphics Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562 iTunes-->MsiExec.exe /I{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3} Java™ 6 Update 14-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF} Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7} Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe" Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe" Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9} Microsoft Protection Service-->MsiExec.exe /I{85CFDC2D-710E-49D5-B799-F3743CA506BA} Microsoft Windows Live OneCare Resources v2.5.2900.24-->MsiExec.exe /I{5660022E-F3F2-4126-8CC5-9726C47150EB} Microsoft Windows OneCare Live AntiSpyware and AntiVirus-->MsiExec.exe /I{E26B83D1-C0BB-41BC-8F44-31D5354DD6AF} Microsoft Windows OneCare Live v2.5.2900.24 Idcrl Install-->MsiExec.exe /I{3851147E-5A91-4469-BA4D-13FFFCC8A920} Microsoft Windows OneCare Live v2.5.2900.24-->MsiExec.exe /I{D07A8E7E-D324-4945-BA8C-E532AD008FF3} Mozilla Sunbird (0.9)-->C:\Program Files\Mozilla Sunbird\uninstall\uninst.exe PANTECH PC USB Modem Software-->C:\Program Files\PANTECH\PANTECH USB Modem\PTDMUninstall.exe PANTECH UM175 Driver-->C:\Program Files\PANTECH\PANTECH UM175\PTDUUninstall.exe PX Engine-->MsiExec.exe /I{6513E869-647F-40FD-A55D-CFC92579B9BA} QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F} Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe" Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe" Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe" Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe" Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe" Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe" Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe" Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe" Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe" Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe" Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe" Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe" Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe" Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe" Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe" Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe" Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe" Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe" Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe" Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe" Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe" Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe" Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe" Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe" Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe" Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe" Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe" Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe" Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe" Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe" Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe" Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe" Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe" Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe" Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe" Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe" Update for Windows Internet Explorer 8 (KB971180)-->"C:\WINDOWS\ie8updates\KB971180-IE8\spuninst\spuninst.exe" Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe" Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe" Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe" Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe" VZAccess Manager-->C:\PROGRA~1\VERIZO~1\VZACCE~1\UNWISE.EXE C:\PROGRA~1\VERIZO~1\VZACCE~1\INSTALL.LOG Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe" Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT Windows Live OneCare-->"C:\Program Files\Microsoft Windows OneCare Live\OCSetup.exe" /u Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe" ======Security center information====== AV: Windows Live OneCare FW: Windows Live OneCare Firewall ======System event log====== Computer Name: HOME-9FE1BF7784 Event Code: 16 Message: Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection. Record Number: 6718 Source Name: Windows Update Agent Time Written: 20090114025525.000000-420 Event Type: error User: Computer Name: HOME-9FE1BF7784 Event Code: 16 Message: Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection. Record Number: 6717 Source Name: Windows Update Agent Time Written: 20090112025524.000000-420 Event Type: error User: Computer Name: HOME-9FE1BF7784 Event Code: 12 Message: The device 'PANTECH UM175 WWAN Driver #3' (USB\VID_106c&PID_3714&MI_03\6&154cfd13&0&8515) disappeared from the system without first being prepared for removal. Record Number: 6715 Source Name: PlugPlayManager Time Written: 20090109121330.000000-420 Event Type: error User: Computer Name: HOME-9FE1BF7784 Event Code: 36 Message: The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized. Record Number: 6704 Source Name: W32Time Time Written: 20090104001713.000000-420 Event Type: warning User: Computer Name: HOME-9FE1BF7784 Event Code: 4226 Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts. Record Number: 6703 Source Name: Tcpip Time Written: 20090103115526.000000-420 Event Type: warning User: =====Application event log===== Computer Name: HOME-9FE1BF7784 Event Code: 1000 Message: Faulting application iexplore.exe, version 6.0.2900.5512, faulting module kernel32.dll, version 5.1.2600.5512, fault address 0x00009e7a. Record Number: 620 Source Name: Application Error Time Written: 20081119112747.000000-420 Event Type: error User: Computer Name: HOME-9FE1BF7784 Event Code: 63 Message: A provider, OffProv12, has been registered in the WMI namespace, Root\MSAPPS12, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Record Number: 505 Source Name: WinMgmt Time Written: 20081001181626.000000-360 Event Type: warning User: NT AUTHORITY\SYSTEM Computer Name: HOME-9FE1BF7784 Event Code: 63 Message: A provider, HiPerfCooker_v1, has been registered in the WMI namespace, Root\WMI, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Record Number: 487 Source Name: WinMgmt Time Written: 20081001171259.000000-360 Event Type: warning User: HOME-9FE1BF7784\Owner Computer Name: HOME-9FE1BF7784 Event Code: 1000 Message: Faulting application vzaccess manager.exe, version 6.8.1.2090, faulting module unknown, version 0.0.0.0, fault address 0x00f65036. Record Number: 480 Source Name: Application Error Time Written: 20080920161812.000000-360 Event Type: error User: Computer Name: HOME-9FE1BF7784 Event Code: 1000 Message: Faulting application vzaccess manager.exe, version 6.8.1.2090, faulting module unknown, version 0.0.0.0, fault address 0x00f65036. Record Number: 478 Source Name: Application Error Time Written: 20080919214346.000000-360 Event Type: error User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\ "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 1, GenuineIntel "PROCESSOR_REVISION"=0401 "NUMBER_OF_PROCESSORS"=1 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip -----------------EOF-----------------

thcbytes View Member Profile	Jun 10 2009, 02:22 PM Post #4
Bleepin' Peaceful Group: HJT Team Posts: 4,479 Joined: 9-December 08 Member No.: 267,653	Hi again, Your infection prevented part of the download. We have other options though. I would like you to do this first...... ******** We need to create an OTL Report Please download OTL from one of the following mirrors: This is THE Mirror Save it to your desktop. Double click on the icon on your desktop. Click the "Scan All Users" checkbox. Push the button. Two reports will open, copy and paste them in a reply here: OTListIt.txt** <-- Will be opened Extra.txt <-- Will be minimized ******** With your next post please provide:** * OTListIt.txt * OTListIt Extra.txt ******** Regards, t -------------------- Proud member - Unified Network of Instructors and Trained Eliminators** I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost! http://organdonor.gov/donor/index.htm

thcbytes View Member Profile	Jun 10 2009, 07:21 PM Post #6
Bleepin' Peaceful Group: HJT Team Posts: 4,479 Joined: 9-December 08 Member No.: 267,653	Let's begin, P2P Warning Your log indicates that you have/had Limewire installed. • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs. - They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. - Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. - The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology. Note: It is pretty much certain that if you continue to use P2P programs, then you will get infected again. I would recommend that you uninstall Limewire, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel>> Add / Remove Programs. If you wish to keep it, please do not use it until your computer is cleaned. ******** We need to execute an OTM script Please download OTM by OldTimer and save it to your desktop. Double click the icon on your desktop. Paste the following code under the area. Do not include the word "Code". CODE :Processes explorer.exe :files C:\Program Files\podmena c:\windows\dk39fi4fe.dat c:\windows\9g2234wesdf3dfgjf23 c:\windows\ro122458.dat c:\windows\ro122390.dat c:\windows\msmark2.dat c:\windows\f23567.dat c:\windows\ro122366.dat :services podmenadrv podmena :commands [EmptyTemp] [Reboot] Push the large button. OTM may ask to reboot the machine. Please do so if asked. Copy/Paste the contents under the line here in your next reply. Please note:** If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter .log and press the Enter key, navigate to the C:\_OTM\MovedFiles* folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post. ******** Please download GMER** from one of the following locations and save it to your desktop: Main Mirror This version will download a randomly named file (Recommended) Zipped Mirror This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop. Disconnect from the Internet and close all running programs. Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver. Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked. Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe. GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress) If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO. Now click the Scan button. If you see a rootkit warning window, click OK. When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log. Click the Copy button and paste the results into your next reply. Exit GMER and re-enable all active protection when done. -- If you encounter any problems, try running GMER in Safe Mode. ******** We need to create a New FULL OTL Report Please download OTL from here if you have not done so already: Main Mirror Save it to your desktop. Double click on the icon on your desktop. Click the "Scan All Users" checkbox. Change the "Extra Registry" option to "SafeList" Push the button. Two reports will open, copy and paste them in a reply here: OTL.txt** <-- Will be opened Extra.txt <-- Will be minimized ******** With your next post please provide:** * OTM.log * Gmer.log * OTL.txt * OTL Extra.txt * How is your computer running now? -------------------- Proud member - Unified Network of Instructors and Trained Eliminators I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost! http://organdonor.gov/donor/index.htm

seanrisatti View Member Profile	Jun 11 2009, 09:29 AM Post #7
New Member Group: Members Posts: 4 Joined: 10-June 09 Member No.: 340,699	everything seems to be working well now- thank you very much for your help!!!!!!!!!

thcbytes View Member Profile	Jun 11 2009, 09:51 AM Post #8
Bleepin' Peaceful Group: HJT Team Posts: 4,479 Joined: 9-December 08 Member No.: 267,653	Hi, I need to take a look at those logs! Although your computer is running better you may very well still be infected!! Please provide: * OTM.log * Gmer.log * OTL.txt * OTL Extra.txt Thanks, t -------------------- Proud member - Unified Network of Instructors and Trained Eliminators I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost! http://organdonor.gov/donor/index.htm

thcbytes View Member Profile	Jun 14 2009, 06:45 PM Post #9
Bleepin' Peaceful Group: HJT Team Posts: 4,479 Joined: 9-December 08 Member No.: 267,653	Hello again, Are you still there? I need to take a look at those logs! Although your computer is running better you may very well still be infected!! Please provide: * OTM.log * Gmer.log * OTL.txt * OTL Extra.txt If I do not hear from you soon this thread will be closed. Thanks, t -------------------- Proud member - Unified Network of Instructors and Trained Eliminators I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost! http://organdonor.gov/donor/index.htm

kahdah View Member Profile	Jun 19 2009, 07:56 AM Post #10
Forum Addict Group: HJT Team Coach Posts: 7,376 Joined: 27-October 06 From: Florida Member No.: 92,376	Due to lack of feedback, this topic has been closed. If you need this topic reopened, please contact a staff member with address of this thread. This applies only to the original topic starter. Everyone else please begin a New Topic. -------------------- Please do not pm for help, post it in the forums instead. If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications. If I have helped you then please consider donating to continue the fight against malware

« Next Oldest · HijackThis Logs and Virus/Trojan/Spyware/Malware Removal · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Lo-Fi Version

Time is now: 9th February 2010 - 03:59 PM

Advertise \| About Us \| Terms of Use \| Privacy Policy \| Contact Us \| Site Map \| Chat \| Tutorials \| Uninstall List
Discussion Forums \| The Computer Glossary \| Resources \| RSS Feeds \| Startups \| The File Database \| Virus Removal Guides