Yeah, i know, everyone seems to be asking about this and it seems that i am having the same problem. I decieded to create a new topic just because of the logs that you are asking me to post. I have also posted on other topics asking about the same question, forgive me if i am clottering up your forum. I am just not real familiar with how all this stuff works. So here are my logs.

You look to have got most of it with combofix

Please download the OTMoveIt2 by OldTimer.

[*] Save it to your desktop.
[*] Please double-click OTMoveIt2.exe to run it.
[*]Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

C:\Program Files\QdrModule

[*] Return to OTMoveIt2, right click in the “Paste List of Files/Folders to be Moved” window (under the light blue bar) and choose Paste.

[*]Click the red Moveit! button.
[*]Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
[*]Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Then to check the rest

Download WinPFind35u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind35u on your desktop.

[*]Close ALL OTHER PROGRAMS.
[*]Open the WinPFind35u folder and double-click on WinPFind35U.exe to start the program.
[*]Under Additional Scans click the checkboxes in front of the following items to select them:

Reg - BotCheck

[*]Now click the Run Scan button on the toolbar.
[*]Let it run unhindered until it finishes.
[*]When the scan is complete Notepad will open with the report file loaded in it.
[*]Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Use the Add Reply button and attach the log. I will review it when it comes in.

Here ya go. Hey thanks for helping by the way. Oh, while i was doing what you told me to, AV poped up with another finding. It found a Win32: Inject-EV {trj}. I moved it to the chest, what else should I do, just keep moving stuff to the chest and then deleting it or what. I’m so confused.

Stay calm. Just move them to the chest for now. They can’t hurt you there. It’s a protected spot and can’t be accessed from outside, nor can the files run from within. After essxboy get your computer cleaned up, you can empty the chest if the file(s), when scanned in the chest still shows infected. Don’t want to delete a good one. (False positive)

Start WinPFind3U. Copy/Paste the information in the quotebox below into the pane where it says “Paste fix here” and then click the Run Fix button.

[Registry - Non-Microsoft Only] < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run YY -> QdrModule12 -> %ProgramFiles%\QdrModule\QdrModule12.exe < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ YN -> WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] [Files/Folders - Created Within 30 days] NY -> 25 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp YY -> sed.exe -> %System32%\sed.exe NY -> 2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp [Files/Folders - Modified Within 30 days] NY -> 25 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp YY -> qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat YY -> qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat [Empty Temp Folders]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. CLick the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new Hijackthis log .

I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Ok so, i inputed the fix into Winpfind35u and it did its thang. Then, it told me that it had to reboot so we did that. I never did get a log from it though.

No problem it will be in the winpfind folder on your drive

If I could now have a new Hijackthis log , plus how is your computer now ?

Here you are. By the way, the computer seems to be running fine. I haven’t any AV warnings pop up since I downloaded all the hijack this stuff and combo fix. Here are the logs you asked for nontheless.

Now the best part of the day ----- Your log now appears clean

Double click Winpfind once again and you should see a CleanUp! button, press that button, you may get prompted by your firewall that OTMoveIt wants to contact the internet, allow this, a cleanup.txt will be downloaded, a message dialog will ask you if you want to proceed with the cleanup process, click Yes. This will delete all the tools you have downloaded plus itself

Now to get you off to a good start we will re-set your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your your restore point but this is my method:

1. Select Start > All Programs > Accessories > System tools > System Restore.
2. On the dialogue box that appears select Create a Restore Point
3. Click NEXT
4. Enter a name e.g. Clean
5. Click CREATE

You now have a clean restore point, to get rid of the bad ones:

1. Select Start > All Programs > Accessories > System tools > Disk Cleanup.
2. In the Drop down box that appears select your main drive e.g. C
3. Click OK
4. The System will do some calculation and the display a dialogue box with TABS
5. Select the More Options Tab.
6. At the bottom will be a system restore box with a CLEANUP button click this
7. Accept the Warning and select OK again, the program will close and you are done

Now that you are clean, to help protect your computer in the future I recommend that you get the following free program:
[*]SpywareBlaster to help prevent spyware from installing in the first place.
It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit
[*]Microsoft Windows Update

To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?

Keep safe

Hey thanks for all your help. I did have one last question though. I also have windows defender, isn’t that a firewall, and do i still need to get the other one that you suggested? If so, i have no problem i was jsut curious. Thanks again for all of the help.