Spybot has identified Gain.gator. It has said it it needed to remove this when the pc reboots. I have done this 2 times and it scans and finds it again, then restarts the program.

When I run the program again and click on fix, it says some files are in use and must be run on start up again.

I am in a viscuos circle here, any thoughts on what to do?

I have also tried in safe mode.

Hi stardotstar

Please post next spybot report :)

There is nothing to post, this is what it does, it discovers it, tells you it needs to run on startup, you say yes, reboot, it runs, then when it finishes on reboot ot starts soybot full program, you run it again, it finds it, you click fix, it says it must run on startup, you say yes, reboot it runs....................

this is all it does.

Is Spybot 1.6 with latest definitions?

If so, the you will need to take a screenshot of it and post it to like imageshack.

yes current version snad updates

OK. do you need help with screenshot?

You can also do this, please:

Click here (http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe) to download HJTInstall.exe
Save HJTInstall.exe to your desktop.
Doubleclick on the HJTInstall.exe icon on your desktop.
By default it will install to C:\Program Files\Trend Micro\HijackThis .
Click on Install.
It will create a HijackThis icon on the desktop.
Once installed, it will launch Hijackthis.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT use the AnalyseThis button, its findings are dangerous if misinterpreted.
DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

Yes I am familar with this, I will advise.

Thanks

So please then next post screenshot and HijackThis log :)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:43:40 AM, on 8/30/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe
C:\Program Files\Dell Photo AIO Printer 942\memcard.exe
C:\Program Files\Dell Photo AIO Printer 942\dlbubmon.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: IEHlprObj Class - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\WINDOWS\Downloaded Program Files\IDXIEController.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Dell Photo AIO Printer 942] "C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe"
O4 - HKLM\..\Run: [DellMCM] "C:\Program Files\Dell Photo AIO Printer 942\memcard.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {019D5592-3928-4DE4-BAA2-1F2E5EEF4CF6} (Engine Class) - https://www.utpahs.com/Touchworks/AHSCompressionEngine.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1219949925046
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {A325C946-0C71-4098-AC94-46694E46CEB4} (TerminalID Class) - https://www.utpahs.com/ahsweb/IDXWF/Context/IDXTools.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {EECF9899-FC3A-4841-986F-30B874921B36} (BrowserObj Class) - https://www.utpahs.com/ahsweb/IDXWF/Context/IDXBrowser.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: dlbu_device - Dell - C:\WINDOWS\system32\dlbucoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

--
End of file - 9454 bytes

Can you please also take a screenshot of spybot finding and upload it to somewhere and post back link?

http://images39.fotki.com/v1284/photos/7/734253/3414627/spybot-vi.jpg

Please click No for that prompt and click + on left side of GAIN.Gator
that I can see details. After that, take a new screenshot, please.

http://images41.fotki.com/v1308/photos/7/734253/3414627/sb2-vi.jpg

Thank you :)

Please download the OTMoveIt2 by OldTimer (http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe).

Save it to your desktop.
Please double-click OTMoveIt2.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):



C:\Program Files\Common Files\CMEII
C:\Program Files\Common Files\GMT


Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the yellow bar) and choose Paste.

Click the red Moveit! button.
Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTMoveIt2

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08302008_124509

Is that entire contents of that file?

Are those folders still there?

yes it is

sorry answered to quick will look for folders

yes both folders are still there

Are you doing everything from admin account?

hold on i am running again and it is doing something entirely different

C:\Program Files\Common Files\CMEII\apps\PrecisionTime moved successfully.
C:\Program Files\Common Files\CMEII\apps\DateManager moved successfully.
C:\Program Files\Common Files\CMEII\apps moved successfully.
C:\Program Files\Common Files\CMEII moved successfully.
C:\Program Files\Common Files\GMT\scripts moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\31152\34631.0 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\31152 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\31148\35124.1 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\31148 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\31035\34619.0 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\31035 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\30993\34926.0 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\30993 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\30879\34454.1 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\30879 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\30839\34787.0 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\30839 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\30835\34903.8 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\30835 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\30834\34831.3 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\30834 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\30832\34619.0 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\30832 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\30766\34684.0 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\30766 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\30759\34644.0 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\30759 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\30755\35026.0 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\30755 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\30646\33671.1 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\30646 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\30579\32817.0 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\30579 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\30340\34655.1 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\30340\34237.0 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\30340 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\30331\34340.0 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\30331 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\30267\33976.2 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\30267 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\30261\30984.1 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\30261 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\30235\34742.0 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\30235 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\30218\34167.0 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\30218 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\30128\33085.0 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\30128 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\30103\34110.2 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\30103 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\30085\33697.3 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\30085 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\30077\34156.1 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\30077\34156.0 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\30077 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\30050\33834.0 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\30050 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\29992\32671.2 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\29992 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\29987\33696.2 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\29987 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\29741\30824.0 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\29741 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\29740\30823.0 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\29740 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\29672\34634.0 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\29672 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\29665\33410.0 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\29665 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\29479\33877.2 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\29479 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\29272\34500.2 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\29272\32886.0 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\29272 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\29265\34462.0 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\29265\34171.0 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\29265\32829.0 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\29265 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\29261\32885.0 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\29261 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\29257\32828.0 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\29257 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\28829\31793.1 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\28829 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\28796\26635.0 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\28796 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\28010\31816.0 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\28010 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\27968\34496.0 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\27968\33005.0 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\27968\31781.0 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\27968 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\27966\34461.0 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\27966\32827.1 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\27966\32827.0 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\27966\31779.0 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\27966 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\27965\34537.1 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\27965\33004.0 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\27965\31787.0 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\27965 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\27957\32884.1 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\27957\32884.0 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\27957\31782.0 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\27957 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\27910\33603.1 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\27910 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\27858\32979.1 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\27858 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\27037\30679.8 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\27037 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\26783\34460.0 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\26783 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\26549\34456.0 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\26549 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\26513\34378.0 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\26513\28912.0 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\26513 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\26416\30389.2 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\26416 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\24882\28847.9 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\24882\28847.5 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\24882\28847.11 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\24882 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\23545\26204.8 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\23545\26203.10 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\23545\25365.5 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\23545 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\22518\25133.1 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\22518 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\22008\31549.1 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\22008\31549.0 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\22008 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\21191\27863.2 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\21191\25365.5 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\21191 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\20975\26205.7 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\20975\26203.5 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\20975 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\19910\29700.4 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\19910\29700.2 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\19910 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\15175\28365.0 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb\15175 moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6\gb moved successfully.
C:\Program Files\Common Files\GMT\7p7ih868i6 moved successfully.
C:\Program Files\Common Files\GMT moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08302008_125353

folders gone now

Great :)

Does Spybot still find something?

Rescanning now, will advise. What else is the utility good for?

Do you mean protective programs?

I will give you a list of programs a bit later; during my final instructions :)

the moveit program, what else is it good for where can I get more info on other uses? It seems like a good one to hold onto.

It is a program which is not meant to be used unsupervised.

It will get removed during final instructions.

There is no public info available therefore.

all clean now

Great :)

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Next we remove all used tools.

Please download OTCleanIt (http://download.bleepingcomputer.com/oldtimer/OTCleanIt.exe) and save it to desktop.

Double-click OTCleanIt.exe.
Click the CleanUp! button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it by yourself.


Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

Disable and Enable System Restore. - If you are using Windows XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.

You can find instructions on how to enable and re-enable system restore here:

Windows XP System Restore Guide (http://www.bleepingcomputer.com/forums/tutorial56.html)

Re-enable system restore with instructions from tutorial above

Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt

Change the Download unsigned ActiveX controls to Disable

Change the Initialize and script ActiveX controls not marked as safe to Disable

Change the Installation of desktop items to Prompt

Change the Launching programs and files in an IFRAME to Prompt

Change the Navigate sub-frames across different domains to Prompt

When all these settings have been made, click on the OK button.

If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.

Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.


Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com (http://www.windowsupdate.com) regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

Install Malwarebytes' Anti-Malware - Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
totally free but for real-time protection you will have to pay a small one-time fee. Tutorial on installing & using this product can be found below:

Malwarebytes' Anti-Malware Setup Guide (http://www.bfccomputers.com/forum/index.php?showtopic=1644)

Malwarebytes' Anti-Malware Scanning Guide (http://www.bfccomputers.com/forum/index.php?showtopic=1645)


Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

A tutorial on installing & using this product can be found here:

Using SpywareBlaster to protect your computer from Spyware and Malware (http://www.bleepingcomputer.com/tutorials/tutorial49.html)


Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

Here are some additional utilities that will enhance your safety

MVPS Hosts file (http://mvps.org/winhelp2002/hosts.htm) <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
Winpatrol (http://www.winpatrol.com/) <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
Using Winpatrol to protect your computer from malicious software (http://www.winpatrol.com/features.html)

Stand Up and Be Counted ---> Malware Complaints (http://www.malwarecomplaints.info/index.php) <--- where you can make difference!

The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

Also, please read this great article by Tony Klein So How Did I Get Infected In First Place (http://forums.spybot.info/showthread.php?t=279)

Happy surfing and stay clean! :bigthumb:

Thanks for all of your help!

Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.

Note: If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than five days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.