Help HJT please

**vancek** · 09-08-2007, 11:58 AM

Rootkits

**jholland1964** · 09-08-2007, 02:15 PM

If it is possible this computer is more infected now than it was when we began.
I am going to give you a long list of instructions. PRINT THEM OUT
FOLLOW THEM IN ORDER

#1. Enable Viewing of Hidden Files and Folders
Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab.
Under the Hidden files and folders heading select Show hidden files and folders.
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.

#2. Run this online virus scanner. You will need to use Internet Explorer for this scanner. It`s one of the very few online scanners that will actually disinfect viruses etc. NOTE: If you have any problems with the online scanner, skip it and continue with the rest of the instructions below. If it gives the option of saving a log, please do so. IF IT DOES NOT, please make a note of the name and location of every virus removed.

#3. Download CCleaner
Close all browsers. Run the program and make sure all the boxes are ticked under the Windows and Applications tabs and click the run cleaner button. Do this several times.

#4. Download Deckard's System Scanner to your Desktop.

#5. Update the AVG Anti-spyware Program.
#6. Update your Norton Anti-virus program.
#7. DISCONNECT FROM THE INTERNET. I MEAN ACTUALLY REMOVE THE CONNECTION FROM THE BACK OF THE COMPUTER.
Reboot the computer. Run the AVG ANTI-ROOTKIT program again using the "Perform in-depth search." Allow AVG to complete the scan. The AVG scanner will give the "Rootkit path". Save the log.
# 8. Reboot the computer into SAFE MODE.
# 9. Run the CCleaner once more using the directions above.
#10. Run your Anti-virus program using a Full System Scan.
Allow it to fix/or quarantine everything found. Make a note of all items removed.
#11. Run the AVG Anti-spy program following these directions EXACTLY
Please Launch AVG Anti-Spyware.
-- Click on the Scanner button and choose the Settings Tab.
---> Under How to act?, click on Recommended action and choose Quarantine to set default action for detected malware.
--->Under Reports make sure Automatically generate report after every scan is selected and UNCHECK the Only if threats were found box.
-- Leave everything else at their default settings and Select the Scan tab and CLICK Complete System Scan to scan your machine.
-- Upon completion of the scan, Click Apply all actions to place any detected baddies in Quarantine.
-- AFTER clicking Apply all actions, Click on Save Report and select Save the report to your Desktop.
If your AVG Antispyware log says all items have "No Action Taken" or "Ignored" That`s because you haven`t followed the instructions properly for using AVG Antispyware and will have to read them again and do a fresh AVG Antispyware scan.

There is absolutely no point in attaching an AVG Antispyware log that says items have "NO ACTION TAKEN" or "IGNORED"

Once you have completed the above steps then Reboot the computer to NORMAL MODE.
Now is the time to run the Deckard's System Scanner
Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will be produced - Main.txt(this one will be maximized in Notepad) and Extra.txt (this one will be minimized)
Save both as .txt files.
Shut down the computer. Re-attach the Internet Cable to the computer.
Reboot to normal mode and come back here with the following logs;
Main.txt and Extra.txt from Deckard's System Scanner.
AVG Anti-Rootkit log, AVG Anti-spy log, HouseCall online scanner log if available or a list and location of items removed. I will also need the same info from your Norton scan also.
So that is at least 4 logs and 2 lists I need to see in your next post, as soon as possible. I know you cannot do this in a matter of minutes but I would like to see these by tonight. This computer is TOO infected to wait days in between posts. This computer desperately needs updating but this cannot be done until it is clean so you need to do these steps as rapidly as possible. But do them exactly as instructed.

**vancek** · 09-09-2007, 08:03 PM

I had trouble getting my Norton Anti-Virus updated late yesterday. I apologize for the delay.

A couple of things:

1.)I still can't get AVG to print a report even though I followed your instructions to the letter. I still went into the list it generated under the infections icon and typed those out as best as I could.
2.)I made a mistake. I didn't see the Anti-Rootkit portion of until after I had already run CCleaner, NAV and AVG in Safe Mode. As soon as I came out of Safe Mode I ran Anti-Rootkit. I then ran dss.exe. I hope it didn't mess up too much. I apologize for taking this out of order. I certainly didn't intend to.
3.)I couldn't get that first scanner to load. I tried a couple of times. You said to skip it if I couldn't get it to load, so I did.
4.)My NAV log is far, far too big to attach. I exported it right from the program. I trimmed it down dramatically and still wasn't close to being the right size. Any ideas?

**jholland1964** · 09-10-2007, 01:10 AM

My NAV log is far, far too big to attach

That's ok, don't worry about it right now. Be sure to keep it but we will do another scan later and see if the new one is shorter.

I know this seems to be an unending process but you are doing GREAT. Lots more instructions here so you will want to print these out too because these will involve MANUAL delete of particular files. Meaning you will have to go to it's location and delete that ONE file from the folder. I suggest that you cross out each file on your printed list as you delete it. If you cannot find it or it won't delete then make a note to report that back here.

Your AVG Anti-Rootkit log showed two Rootkits. I cannot promise that these are the only two but for now we are going to work from this log.

DISCONNECT FROM THE INTERNET. I MEAN ACTUALLY REMOVE THE CONNECTION FROM THE BACK OF THE COMPUTER.
Reboot the computer. Run the AVG ANTI-ROOTKIT program again using the "Perform in-depth search." Allow AVG to complete the scan. The AVG scanner will give the "Rootkit path" It IS possible that this time it might show more than two, no matter
Select each item, all of them (even if more than two show) found and click. "Remove selected items"
Remain disconnected from the internet but reboot the computer in Normal Mode.

Next;
Run HiJackThis again.
Once the scan is complete then place a checkmark next to the following entries...I will warn you, the list is LONG so I would advise using your printed list and mark off each item on that printed list as you place the checkmark on the program;

O2 - BHO: (no name) - {069853C3-07A6-4BE4-B71D-D8FD53EE25BD} - C:\WINDOWS\System32\ddaya.dll (file missing)
O2 - BHO: (no name) - {0A24DC3F-BE51-4683-A998-CFE84058C66C} - C:\WINDOWS\System32\mljge.dll (file missing)
O2 - BHO: (no name) - {121812DF-DA64-DEEF-1866-F88DCA27D4BA} - C:\WINDOWS\System32\pfc.dll (file missing)
O2 - BHO: (no name) - {1E02A9EA-21BA-4814-AA30-F86822FCA2E9} - C:\WINDOWS\System32\awtsq.dll (file missing)
O2 - BHO: (no name) - {240260AF-44C4-4718-8285-E4A8E8D45247} - C:\WINDOWS\System32\geebx.dll (file missing)
O2 - BHO: (no name) - {265F5DD4-14A3-4D7C-B023-0EB042BF8A7E} - C:\WINDOWS\System32\ddcya.dll (file missing)
O2 - BHO: (no name) - {2AA69A1A-B699-4A6C-ABAF-3C25D7418F9E} - C:\WINDOWS\System32\awtqp.dll (file missing)
O2 - BHO: (no name) - {2DEB3F63-654C-41D6-8B70-37F40A1D91B2} - C:\WINDOWS\System32\ssqpn.dll (file missing)
O2 - BHO: (no name) - {2F654E69-64D7-4AF7-97A5-CF09221141AA} - C:\WINDOWS\System32\pmkhi.dll (file missing)
O2 - BHO: (no name) - {30097AD4-A1FF-48E9-960D-BE5D92D279CB} - C:\WINDOWS\System32\pmnno.dll (file missing)
O2 - BHO: (no name) - {3F821173-314D-49C7-902C-335F18FD9EFD} - C:\WINDOWS\System32\awvvv.dll (file missing)
O2 - BHO: (no name) - {401B4E89-DB68-89EF-1866-F88DCA27D0B8} - C:\WINDOWS\System32\ijkqk.dll (file missing)
O2 - BHO: (no name) - {42111A83-D36C-8FEB-1C66-F88DCA2087EC} - C:\WINDOWS\System32\csl.dll (file missing)
O2 - BHO: (no name) - {4278AE1B-C4A2-4CB1-90F6-1F2EC349BCB9} - C:\WINDOWS\System32\ddayy.dll (file missing)
O2 - BHO: (no name) - {441A8BF0-B0A5-4A5B-ACBA-B5C6047FDC17} - C:\WINDOWS\System32\awtqn.dll (file missing)
O2 - BHO: (no name) - {46699E98-F4D7-4F67-BEB6-E02AFF21D1C7} - C:\Program Files\Windows NT\mevojuli83122.dll (file missing)
O2 - BHO: (no name) - {47F2B6C3-EC08-4E4B-8C14-4F1DE64B6358} - C:\WINDOWS\System32\pmnlm.dll (file missing)
O2 - BHO: (no name) - {61BCF710-9182-4CBF-9673-991DFF404F65} - C:\WINDOWS\System32\awvvt.dll (file missing)
O2 - BHO: (no name) - {6336A76D-AA46-4695-94BE-E9C473263646} - C:\WINDOWS\System32\mljjg.dll (file missing)
O2 - BHO: (no name) - {742E7B57-794A-4E29-95CA-52748EB7680B} - C:\WINDOWS\System32\ddcyw.dll (file missing)
O2 - BHO: (no name) - {7e00f006-1f1e-4e4a-9fd2-fdbe828d385d} - C:\WINDOWS\system32\igf866.dll (file missing)
O2 - BHO: (no name) - {839EE228-049E-472F-BB93-BF49EB463636} - C:\WINDOWS\System32\jkhhe.dll (file missing)
O2 - BHO: (no name) - {86552AA4-26E4-4974-9465-09C8463182FF} - C:\WINDOWS\System32\jkhhi.dll (file missing)
O2 - BHO: (no name) - {8875F88D-67BB-4010-8AEA-649E966C947B} - C:\WINDOWS\System32\vtutr.dll (file missing)
O2 - BHO: (no name) - {922B66BD-A4A7-4F7E-BAE7-B87FCB8DCAC9} - C:\WINDOWS\System32\vtsqp.dll (file missing)
O2 - BHO: (no name) - {96EAAA2C-379F-644C-B929-4C76656B00E3} - C:\WINDOWS\System32\hzligre.dll (file missing)
O2 - BHO: (no name) - {96EB30A8-7856-41AA-880F-8DBC31B9BD54} - C:\WINDOWS\System32\mljjj.dll (file missing)
O2 - BHO: (no name) - {A2C8470F-7A46-427B-B664-2653F515A3C8} - C:\WINDOWS\System32\ddayv.dll (file missing)
O2 - BHO: (no name) - {AA3B1AD6-79CB-4BB0-B506-B739EC3879F5} - C:\WINDOWS\System32\ddccb.dll (file missing)
O2 - BHO: (no name) - {B4F24671-D5B9-4FAB-845D-6402CBD98C3E} - C:\WINDOWS\System32\vtutq.dll (file missing)
O2 - BHO: (no name) - {B594A957-985C-4B36-A0FD-378596643A13} - C:\WINDOWS\System32\gebya.dll (file missing)
O2 - BHO: (no name) - {B6A369C1-F735-4F4B-B02E-FC45D3A7991F} - C:\WINDOWS\System32\jkhfc.dll (file missing)
O2 - BHO: (no name) - {BB481317-FD7F-4298-AA91-01C4CCA72F66} - C:\WINDOWS\System32\ssttt.dll (file missing)
O2 - BHO: (no name) - {BD87CCB8-5D87-46EE-8652-F7F2613DD068} - C:\WINDOWS\System32\gebcb.dll (file missing)
O2 - BHO: (no name) - {C2A74934-5D3D-477C-95C9-0A9B24F4916A} - C:\WINDOWS\System32\ddabc.dll (file missing)
O2 - BHO: (no name) - {D3EB9B19-463F-4797-B050-1D983C635AA6} - C:\WINDOWS\System32\jkhhf.dll (file missing)
O2 - BHO: (no name) - {e28f4a5e-3d88-4cfc-9ba4-cdcdb9340f40} - C:\WINDOWS\System32\pxjtnrw.dll (file missing)
O2 - BHO: (no name) - {FF9DE51A-8EE6-471E-83AF-60E86751D035} - C:\WINDOWS\System32\gebcc.dll (file missing)

O4 - HKEY_LOCAL_MACHINE\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKEY_LOCAL_MACHINE\..\Run: [poolsv] "C:\WINDOWS\poolsv.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [wjkxdrtA] C:\WINDOWS\wjkxdrtA.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [IESet] IExplorer.dll .dbt
O4 - HKEY_LOCAL_MACHINE\..\RunServices: [IESet] IExplorer.dll .dbt
O4 - HKCU\..\Run: [WebBuying] C:\Program Files\Web Buying\v1.7.8\webbuying.exe
O4 - HKCU\..\Run: [IESet] IExplorer.dll

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra 'Tools' menuitem: (no name) - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} () - http://mvnet.xlontech.net/qm/fox/061...ie06101001.cab

O20 - AppInit_DLLs: c:\windows\system32\vtsqnkh.dll
O20 - Winlogon Notify: awtqn - C:\WINDOWS\System32\awtqn.dll (file missing)
O20 - Winlogon Notify: awvvv - C:\WINDOWS\System32\
O20 - Winlogon Notify: ddaya - C:\WINDOWS\System32\
O20 - Winlogon Notify: ddcya - C:\WINDOWS\System32\
O20 - Winlogon Notify: ddcyw - C:\WINDOWS\System32\
O20 - Winlogon Notify: gebcb - C:\WINDOWS\System32\
O20 - Winlogon Notify: gebya - C:\WINDOWS\System32\gebya.dll (file missing)
O20 - Winlogon Notify: geebx - C:\WINDOWS\System32\
O20 - Winlogon Notify: mljge - C:\WINDOWS\System32\mljge.dll (file missing)
O20 - Winlogon Notify: ssqpn - C:\WINDOWS\System32\ssqpn.dll (file missing)
O20 - Winlogon Notify: vtutq - C:\WINDOWS\System32\vtutq.dll (file missing)

O23 - Service: Net Agent - Unknown owner - C:\WINDOWS\dls0523pmw.exe

Once you have all the checkmarks in place then click the Fix Checked Button
Exit HiJackThis.

Now you need to open HiJackThis again. This time you are going to order a service stopped.
To Do this follow these steps;

Open the HiJackThis program. Click on Config, then Misc Tools, and then press the Delete an NT service.. button. When it opens you should then enter the words Net Agent and press OK.
Exit HiJackThis.

Reboot your computer in SAFE MODE.
Go to Start, Control Panel, Add/Remove.
Uninstall the following programs;

Web Buying
PartyGaming
PCFriendly
PC Tools AntiVirus
WinAntiSpyware 2007

If any of the Uninstalls tell you that you need to reboot to complete the uninstall DON'T. Just choose that you will reboot later and go onto the next one.

Without rebooting....
STILL in SAFE MODE you are going to have to do a manual search for the following files and delete the FILE noted in RED, do not delete the entire folder JUST THE NOTED FILE. Any file that you cannot find, Please make a note of it and move onto the next one.

Also take special note of the various files with a ? in the name. That is what you need to look for. Some look like names of real files but these WILL have a ? in the name

C:\5a5e2baba5b2633b3cebce
C:\VundoFix Backups
C:\Documents and Settings\Owner\Application Data\?asks
C:\WINDOWS\s?stem32 (Please note here, this DOES NOT SAY system32, but s?stem32)
C:\WINDOWS\system\nusvdcmbwe.dat
C:\WINDOWS\system\sdcmbwe.dat
C:\WINDOWS\system\sctnvdcmbwe.dat
C:\WINDOWS\system\fcnvdcmbwe.dat

C:\WINDOWS\System32\drivers\secdrv.sys
C:\WINDOWS\System32\dn64ced752.dat
C:\WINDOWS\System32\onnmp.ini2
C:\WINDOWS\System32\onnmp.bak2
C:\WINDOWS\System32\onnmp.bak1
C:\WINDOWS\System32\xbeeg.ini2
C:\WINDOWS\System32\xbeeg.bak1
C:\WINDOWS\System32\ayadd.bak1
C:\WINDOWS\System32\??mantec
C:\WINDOWS\System32\wycdd.bak1
C:\WINDOWS\System32\pqstv.bak2
C:\WINDOWS\System32\pqstv.bak1
C:\WINDOWS\System32\vvvwa.bak1
C:\WINDOWS\System32\aycdd.bak1
C:\WINDOWS\System32\bcbeg.bak1

C:\Documents and Settings\Owner\Application Data\tmp10B.tmp.exe
C:\Documents and Settings\Owner\Application Data\tmpF6.tmp.exe
C:\Documents and Settings\Owner\Application Data\tmp281.tmp.exe
C:\Documents and Settings\Owner\Application Data\tmp280.tmp.exe
C:\Documents and Settings\Owner\Application Data\tmp24E.tmp.exe
C:\Documents and Settings\Owner\Application Data\tmp24D.tmp.exe
C:\Documents and Settings\Owner\Application Data\tmp24B.tmp.exe
C:\Documents and Settings\Owner\Application Data\tmp29F.tmp.exe
C:\Documents and Settings\Owner\Application Data\tmp26E.tmp.exe
C:\Documents and Settings\Owner\Application Data\tmp26D.tmp.exe
C:\Documents and Settings\Owner\Application Data\tmpDE.tmp.exe
C:\Documents and Settings\Owner\Application Data\tmpDD.tmp.exe
C:\Documents and Settings\Owner\Application Data\tmpDC.tmp.exe
C:\Documents and Settings\Owner\Application Data\??crosoft.NET

C:\Program Files\poolsv
C:\Program Files\PC Tools AntiVirus
C:\Program Files\PCFriendly
C:\Program Files\F?nts
C:\Program Files\?dobe

C:\Program Files\Common Files\??pPatch
C:\Program Files\Common Files\??stem32
C:\Program Files\Common Files\?dobe
C:\Program Files\Common Files\quha
C:\Program Files\Common Files\?icrosoft.NET
C:\Program Files\Common Files\WinAntiSpyware 2007

Don't Reboot Yet. First;
Once you have completed the above then run AVG Anti-spy once more, have it fix or quarantine anything found and try to save the log. If you still cannot then make a note of the items fixed as you did earlier.

Run your Anti-virus programs again and fix/quarantine everything found.

Reboot to Normal Mode.
Run VundoFix again and tell it to fix on reboot as before.
Once that is complete. Run a new HJT scan and save the log here.
Shut down, re-attach your internet cable. Reboot the computer and come back here and post your results and logs.

I repeat, YOU ARE DOING GREAT. Just take each step one at a time. I know this will take awhile but do all as quickly as possible and DON'T surf the net or play any games until all this is complete.

**vancek** · 09-11-2007, 07:59 AM

Anti-Rootkits only showed two files, I delete both as requested.
VundoFix came up clean. Completely clean.

Below are the items I could not locate. In many instances there were files that were close, but not exact. I was usually the last part of the file that was different.

O2 - BHO: (no name) - {47F2B6C3-EC08-4E4B-8C14-4F1DE64B6358} - C:\WINDOWS\System32\pmnlm.dll (file missing)
O4 - HKEY_LOCAL_MACHINE\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKEY_LOCAL_MACHINE\..\Run: [poolsv] "C:\WINDOWS\poolsv.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [wjkxdrtA] C:\WINDOWS\wjkxdrtA.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [IESet] IExplorer.dll .dbt
O4 - HKEY_LOCAL_MACHINE\..\RunServices: [IESet] IExplorer.dll .dbt
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra 'Tools' menuitem: (no name) - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)

Web Buying
PartyGaming
PC Tools AntiVirus
WinAntiSpyware 2007

C:\5a5e2baba5b2633b3cebce Found, but unable to delete. I received an error message that said, "Cannot delete Eula.txt. Access is denied.

I could not find anything with question marks in the name

C:\Documents and Settings\Owner\Application Data\?asks
C:\WINDOWS\s?stem32 (Please note here, this DOES NOT SAY system32, but s?stem32)
C:\WINDOWS\System32\??mantec
C:\Documents and Settings\Owner\Application Data\??crosoft.NET
C:\Program Files\PCFriendly
C:\Program Files\F?nts
C:\Program Files\?dobe
C:\Program Files\Common Files\??pPatch
C:\Program Files\Common Files\??stem32
C:\Program Files\Common Files\?dobe
C:\Program Files\Common Files\?icrosoft.NET

I await more instructions.

**jholland1964** · 09-11-2007, 08:21 AM

Dare I say...and I am always afraid to say it...things look 99.9% better.
Now I want you immediately to go to Add/Remove and Uninstall the old Java version 1.4.2_03 and actually any others you might find there.
Once you have done that go to this link Sun Java Download
Download the newest version which is v.6 update 2. Choose the Offline install which is the 2nd one down. Download and save it to your desktop.
Once you have done that, close all unnecessary programs, including email and browsers, disconnect from the internet and then double click that program you just downloaded to install it. Once it is installed then go back online to this link Verify Installation
Check to see that your new java version is verified as correctly installed.

Then try the Trend Micro Housecall Online Scanner
once more. Have it FIX anything it finds. Save the log if one is offered and post it back here. I will have a few more steps for you.

**vancek** · 09-11-2007, 12:58 PM

I downloaded and verified the new Java. I have v.6 update 2 loaded.

I still can't get Housecall to work. It says that it is scanning. It looks like it is scanning and then it shuts down the browser without warning.

One thing, over the weekend I used IE to download Housecall as you suggested. I tried to use IE today and I now receive an error saying "Windows cannot find iexplore.exe. This program is needed for opening files of type 'File'. Type in the executable file to be used instead:" Then there is a box with the C:\ prompt and it is asking me to fill in or browse for the rest.
Was this supposed to happen? Am I going to get IE back?

I used Firefox to try to download Housecall today. The Housecall website claims to support it, but perhaps it likes IE better.

**jholland1964** · 09-11-2007, 01:53 PM

Go ahead and try it with Firefox. Know there is a problem with your IE. Your entire system is way out of date, but let's get thing cleaned up first before tackling that. Am going through your logs from this morning and will get back to you asap. Have to get the grandkids at school

**jholland1964** · 09-11-2007, 03:54 PM

Also, in SAFE MODE try looking for these two files noted in RED;C:\WINDOWS\System32\IExplorer.dll .dbt
C:\WINDOWS\2.exe
If you find them, delete them.

**vancek** · 09-11-2007, 04:50 PM

Still no luck with the Housecall. It acts like it is scanning and then disappears without warning. I did, however, find a file called .housecall6.6. There doesn't to be any type of logfile or executable file in the folder. It is almost as if the program began to download, erred out and quit. Is there something I need to be looking for?

I located and deleted the IExplorer.dll.dbt file as you requested. I didn't have any luck with the 2.exe that you also had listed.

Thread: Help HJT please

Thread Tools

Display

Thread Information

Users Browsing this Thread

Posting Permissions