[Dee_Collins]

well the only things which are tcked are the following:

oyumqlmp (whatever that is)
ashDisp
jusched

The only reason I dont have loads is because I have had problems with my other pc and was told from this forum to only have Avast and Java running on startup, hence why only the above running. Have to amit I dont know what the first one is

[Kelly]

If it's running well in Safe Mode, then there's something in the startup routine that's causing the problem. I'm no expert in analyzing HiJackThis logs.

I can suggest going back to msconfig. Turn everything in the STARTUP tab off. In the SERVCES tab, click on HIDE MS SERVICES and disable all the non-MS services. Restart in normal mode and see how it works.

[AdvancedSetup]

Please start Hijackthis and do a Scan Only and place a check mark on the following items.

• R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/c.../uk.docs.yahoo.com/info/bt_side.html
• R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Yahoo! Search - Web Search
• R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = M.O.T. Your PC ! <<>> Intelenet | Intelligent Networking Solutions or email: mot@pdsystems.info
• R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
• O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
• O4 - HKLM\..\Run: [BM8b4abea7] Rundll32.exe "D:\WINDOWS\system32\oyumqlmq.dll",s
• O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
• O4 - HKLM\..\Run: [BM8b4abea7] Rundll32.exe "D:\WINDOWS\system32\oyumqlmq.dll",s
• O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
• O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
  Then click on Fix selected

Then download and run this CureIt 4.44 then restart your computer and let me know how its running.

.

[AdvancedSetup]

After the reboot you need to go into your Control Panel, Add/Remove and uninstall ALL versions of Java found. Then reboot your computer and obtain a new version from here
Java Runtime Environment (JRE) 6 Update 6


The older versions of Java have code that has been compromised and allows your system to get infected very easy.


.

[AdvancedSetup]

Are you still here with us DEE?

[Dee_Collins]

Yes sorry I am still here just trying to do all that you have suggested, hving a few problems doing the java download atm, but getting there slowly, as soon as I have it figured I shall let you know how its running.

[Dee_Collins]

Hi

I have finished doing what you said and the pc seems to be running loads better now, I can log into emails and searcg google etc, one thing though I did have a window appear after java had finished installing saying there was a fatl error and something couldnt be opened but I didnt see what it was as it then disappeared....

Another thing that has happened is I am constantly getting pop ups even though my blockers are enabled, I never used to get any pop ups at all

[AdvancedSetup]

Good glad to hear it's better. Did you download and run the CureIt 4.44 program I linked to above?

Please download and run that program. Let me know what it finds.

Then we will run a FULL scan and clean routine that you need to follow the steps exactly as outlined. I won't post those instructions though until I hear back from you about the CureIt 4.44 program results.

.

[Dee_Collins]

The scanner found the following:

A0148422.exe Probably BACKDOOR Trojan
A0148423.exe Probably BACKDOOR Trojan
A0148424.exe program.mIRC.616

Whilst the scan was running my Avast kept finding Adware, should I press cure on the above items?

[Dee_Collins]

I did do a scan yesterday with that program and it did pull up more and so i clicked cure and it managed to delete a few and the ones it couldnt cure it moved. I had to click yes or no else the scan wouldnt continue. Most of what it found yeaterday were backdoor trojans