Need help - multiple viruses [Archive] - Safer-Networking Forums

View Full Version : Need help - multiple viruses

cwkeen

2008-04-01, 22:04

Hello there,

I've kind of inherited a problem laptop from an co-worker. Apparently she let someone else use her computer and it got infected, then slowly got worse. She has tried to remove the viruses herself before asking me to see what I can do with it (I'm no expert, but she was distraught).

Anyway, I tried running the programs I rely on Lavasoft Adaware, Avast antivirus, and have just tried out Spybot (and hence found these forums). Here's the situation so far:

I have ran scans with Avast and Adaware, though neither program is being allowed to update their definitions. I have updated Adaware manually. Both programs find issues, but upon removal and restart, the removed programs are largely still in place.

I have already run Spybot and had it fix the problems (sorry, didn't come to the forums first). Most of the problems were "fixed" only to show back up. A couple could not be fixed. Included here is the logfiles for both Hijack This and Kaspersky's scan.

Hijack:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 11:42:47 AM, on 4/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\sbwltbxa.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\drivers\spools.exe
C:\Documents and Settings\Administrator\Desktop\HiJackThis_v2.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
F2 - REG:system.ini: UserInit=userinit.exe,C:\WINDOWS\system32\sbwltbxa.exe,C:\WINDOWS\system32\ntos.exe
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
O2 - BHO: (no name) - {2D5796A2-44E0-4E50-A5A0-80BF1EE3EA73} - C:\WINDOWS\system32\urqpomm.dll (file missing)
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
O2 - BHO: (no name) - {59c811fc-1dd2-11b2-be2d-98590a374d16} - C:\WINDOWS\yjwrghkz.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
O2 - BHO: (no name) - {6963C24F-AC49-4BD1-899B-A240161F571B} - C:\WINDOWS\system32\compstu.dll
O2 - BHO: BndFibu7 IE Helper - {8041E642-8CFC-4720-BC9D-D2DB8904286F} - C:\Program Files\QdrDrive\QdrDrive12.dll
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O2 - BHO: (no name) - {B22D617F-42A1-4602-A4FC-4BCFB55E505E} - C:\Program Files\Messenger\hokenoC:\DOCUME~1\Celeste\LOCALS~1\Temp\CEMG555077.exe.dll (file missing)
O2 - BHO: (no name) - {B342A7D4-D29D-4F37-9A21-8A6978C3B175} - C:\WINDOWS\system32\pmnmk.dll (file missing)
O2 - BHO: (no name) - {CAD1E03C-308C-4447-90CD-F06EBC24AB99} - C:\Program Files\Messenger\hokenoC:\WINDOWS\system32\mr9\gyreo83122.exe.dll (file missing)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {eb8ff27b-c75e-4414-9fc7-c10cbf441c51} - C:\WINDOWS\system32\mvpufjk.dll (file missing)
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
O2 - BHO: Microsoft copyright - {FFFFFFFF-F538-4f86-ABAF-E9D94D5C007C} - marwin32.dll (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
O4 - HKLM\..\Run: [BMb78e940f] Rundll32.exe "C:\WINDOWS\system32\sfivopjq.dll",s
O4 - HKLM\..\Run: [vyvkrede] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\vyvkrede.dll"
O4 - HKLM\..\Run: [b4bda793] rundll32.exe "C:\WINDOWS\system32\ppothevm.dll",b
O4 - HKLM\..\Run: [autoload] C:\Documents and Settings\Administrator\cftmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [autoload] C:\Documents and Settings\Administrator\cftmon.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB2271] command /c del "C:\Documents and Settings\Celeste\Start Menu\Programs\Outerinfo\Terms.lnk"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8366] cmd /c del "C:\Documents and Settings\Celeste\Start Menu\Programs\Outerinfo\Terms.lnk"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2443] command /c del "C:\Documents and Settings\Celeste\Start Menu\Programs\Outerinfo\Uninstall.lnk"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6288] cmd /c del "C:\Documents and Settings\Celeste\Start Menu\Programs\Outerinfo\Uninstall.lnk"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4401] command /c del "c:\Program Files\SpySheriff\found.wav"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3951] cmd /c del "c:\Program Files\SpySheriff\found.wav"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6838] command /c del "c:\Program Files\SpySheriff\notfound.wav"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6036] cmd /c del "c:\Program Files\SpySheriff\notfound.wav"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4812] command /c del "c:\Program Files\SpySheriff\removed.wav"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2861] cmd /c del "c:\Program Files\SpySheriff\removed.wav"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6957] command /c del "C:\WINDOWS\system32\imkmwjsf.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6166] cmd /c del "C:\WINDOWS\system32\imkmwjsf.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4817] command /c del "C:\WINDOWS\system32\pmnmk.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3003] cmd /c del "C:\WINDOWS\system32\pmnmk.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB371] command /c del "C:\WINDOWS\nyfwzyfa.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9413] cmd /c del "C:\WINDOWS\nyfwzyfa.dll_old"
O4 - HKLM\..\Policies\Explorer\Run: [NKCkph8M17] rundll32.exe "C:\WINDOWS\nyfwzyfa.dll",DllCleanServer
O4 - HKLM\..\Policies\Explorer\Run: [coAW5QkGFn] rundll32.exe "C:\WINDOWS\nyfwzyfa.dll",DllCleanServer
O4 - HKUS\S-1-5-18\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [autoload] C:\Documents and Settings\LocalService\cftmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O15 - Trusted Zone: *.gomyhit.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.storageguardsoft.com (HKLM)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3685F9C9-E467-43BF-8144-BA4667C4F51C}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{4E48B37F-9052-40F9-A3D8-5809C702B6B3}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{9F69AC28-9A85-4F2F-92A6-ED9AC378DF61}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{A0B5BF85-6ADA-4386-9B70-35E239064B71}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{B6729F9A-DEA0-4E69-90C9-460CDA66B2B2}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O20 - Winlogon Notify: urqpomm - urqpomm.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\spools.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

--
End of file - 13072 bytes

@@@@@@@@@@@@@@@@@@@@

cwkeen

2008-04-01, 22:06

Kaspersky's:

Tuesday, April 01, 2008 11:42:16 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 1/04/2008
Kaspersky Anti-Virus database records: 676019

Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
D:\

Scan Statistics
Total number of scanned objects 69756
Number of viruses found 23
Number of infected objects 104
Number of suspicious objects 14
Duration of the scan process 00:41:32

Infected Object Name Virus Name Last Action
C:\db42wi.exe Infected: not-virus:Hoax.Win32.Renos.bhk skipped

C:\Documents and Settings\Administrator\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Administrator\Local Settings\Temp\~DFDFD4.tmp Object is locked skipped

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Administrator\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Administrator\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Search5.zip/mssvr.exe Suspicious: Password-protected-EXE skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Search5.zip ZIP: suspicious - 1 skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SecondThoughtSTCLoader3.zip/id53.exe Suspicious: Password-protected-EXE skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SecondThoughtSTCLoader3.zip ZIP: suspicious - 1 skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SecondThoughtSTCLoader5.zip/id53.exe Suspicious: Password-protected-EXE skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SecondThoughtSTCLoader5.zip ZIP: suspicious - 1 skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC.zip/bokja.exe Suspicious: Password-protected-EXE skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC.zip ZIP: suspicious - 1 skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCgp3.zip/cftmon.exe Suspicious: Password-protected-EXE skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCgp3.zip ZIP: suspicious - 1 skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SolutionsSearchAssistant16.zip/saap.exe Suspicious: Password-protected-EXE skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SolutionsSearchAssistant16.zip ZIP: suspicious - 1 skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Zango5.zip/zango.exe Suspicious: Password-protected-EXE skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Zango5.zip ZIP: suspicious - 1 skipped

C:\Documents and Settings\Celeste\Application Data\jmauo.exe Infected: not-virus:Hoax.Win32.Renos.bhk skipped

C:\Documents and Settings\Celeste\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-2afc8601-2bdbb4a9.zip/vmain.class Infected: Exploit.Java.Gimsh.b skipped

C:\Documents and Settings\Celeste\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-2afc8601-2bdbb4a9.zip ZIP: infected - 1 skipped

C:\Documents and Settings\Celeste\cftmon.exe Infected: Trojan-Downloader.Win32.Small.tra skipped

C:\Documents and Settings\Celeste\ftpdll.dll Infected: Trojan-Downloader.Win32.Small.ths skipped

C:\Documents and Settings\Celeste\Local Settings\Temp\.tt8A.tmp/stream/data0010 Infected: not-a-virus:FraudTool.Win32.AntiVirPro.g skipped

C:\Documents and Settings\Celeste\Local Settings\Temp\.tt8A.tmp/stream/data0012 Infected: not-a-virus:FraudTool.Win32.AntiVirPro.g skipped

C:\Documents and Settings\Celeste\Local Settings\Temp\.tt8A.tmp/stream Infected: not-a-virus:FraudTool.Win32.AntiVirPro.g skipped

C:\Documents and Settings\Celeste\Local Settings\Temp\.tt8A.tmp NSIS: infected - 3 skipped

C:\Documents and Settings\Celeste\Local Settings\Temp\1EAE.tmp Infected: Trojan-Downloader.Win32.Mutant.bu skipped

C:\Documents and Settings\Celeste\Local Settings\Temp\BAK21E.tmp/stream/data0001 Infected: not-a-virus:AdWare.Win32.AdBand.p skipped

C:\Documents and Settings\Celeste\Local Settings\Temp\BAK21E.tmp/stream/data0002 Infected: not-a-virus:AdWare.Win32.AdBand.p skipped

C:\Documents and Settings\Celeste\Local Settings\Temp\BAK21E.tmp/stream/data0004 Infected: not-a-virus:AdWare.Win32.AdBand.p skipped

C:\Documents and Settings\Celeste\Local Settings\Temp\BAK21E.tmp/stream Infected: not-a-virus:AdWare.Win32.AdBand.p skipped

C:\Documents and Settings\Celeste\Local Settings\Temp\BAK21E.tmp NSIS: infected - 4 skipped

C:\Documents and Settings\Celeste\Local Settings\Temp\BAK4D.tmp/stream/data0001 Infected: not-a-virus:AdWare.Win32.AdBand.p skipped

C:\Documents and Settings\Celeste\Local Settings\Temp\BAK4D.tmp/stream/data0002 Infected: not-a-virus:AdWare.Win32.AdBand.p skipped

C:\Documents and Settings\Celeste\Local Settings\Temp\BAK4D.tmp/stream/data0004 Infected: not-a-virus:AdWare.Win32.AdBand.p skipped

C:\Documents and Settings\Celeste\Local Settings\Temp\BAK4D.tmp/stream Infected: not-a-virus:AdWare.Win32.AdBand.p skipped

C:\Documents and Settings\Celeste\Local Settings\Temp\BAK4D.tmp NSIS: infected - 4 skipped

C:\Documents and Settings\Celeste\Local Settings\Temp\BatSetup.exe Infected: not-a-virus:AdWare.Win32.Rabio.m skipped

C:\Documents and Settings\Celeste\Local Settings\Temp\bblatest.exe Infected: not-virus:Hoax.Win32.Renos.bee skipped

C:\Documents and Settings\Celeste\Local Settings\Temp\ismupd24.exe/stream/data0001 Infected: not-a-virus:AdWare.Win32.AdBand.n skipped

C:\Documents and Settings\Celeste\Local Settings\Temp\ismupd24.exe/stream Infected: not-a-virus:AdWare.Win32.AdBand.n skipped

C:\Documents and Settings\Celeste\Local Settings\Temp\ismupd24.exe NSIS: infected - 2 skipped

C:\Documents and Settings\Celeste\Local Settings\Temp\syswcc32.exe/data.rar/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped

C:\Documents and Settings\Celeste\Local Settings\Temp\syswcc32.exe/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped

C:\Documents and Settings\Celeste\Local Settings\Temp\syswcc32.exe/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped

C:\Documents and Settings\Celeste\Local Settings\Temp\syswcc32.exe/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped

C:\Documents and Settings\Celeste\Local Settings\Temp\syswcc32.exe RarSFX: infected - 4 skipped

C:\Documents and Settings\Celeste\Local Settings\Temp\temp.fr06AC\QdrPack14.exe Infected: not-a-virus:AdWare.Win32.AdBand.n skipped

C:\Documents and Settings\Celeste\Local Settings\Temp\temp.frF346\QdrModule13.exe Infected: not-a-virus:AdWare.Win32.AdBand.p skipped

C:\Documents and Settings\Celeste\Local Settings\Temporary Internet Files\Content.IE5\458BCJ4Z\68020[1].exe Infected: Trojan-Downloader.Win32.Small.tra skipped

C:\Documents and Settings\Celeste\Local Settings\Temporary Internet Files\Content.IE5\458BCJ4Z\iddqd[1] Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\Documents and Settings\Celeste\Local Settings\Temporary Internet Files\Content.IE5\6BMNILEN\index[1] Infected: not-a-virus:AdWare.Win32.Virtumonde.lry skipped

C:\Documents and Settings\Celeste\Local Settings\Temporary Internet Files\Content.IE5\6BMNILEN\msiexec[1].exe Infected: Trojan-Clicker.Win32.Agent.tg skipped

C:\Documents and Settings\Celeste\Local Settings\Temporary Internet Files\Content.IE5\89SB8DAF\68020[1].exe Infected: Trojan-Downloader.Win32.Small.tra skipped

C:\Documents and Settings\Celeste\Local Settings\Temporary Internet Files\Content.IE5\G1AVSPQB\ven1v13aid28[1].exe/stream/data0001 Infected: not-a-virus:AdWare.Win32.AdBand.p skipped

C:\Documents and Settings\Celeste\Local Settings\Temporary Internet Files\Content.IE5\G1AVSPQB\ven1v13aid28[1].exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.AdBand.p skipped

C:\Documents and Settings\Celeste\Local Settings\Temporary Internet Files\Content.IE5\G1AVSPQB\ven1v13aid28[1].exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.AdBand.p skipped

C:\Documents and Settings\Celeste\Local Settings\Temporary Internet Files\Content.IE5\G1AVSPQB\ven1v13aid28[1].exe/stream Infected: not-a-virus:AdWare.Win32.AdBand.p skipped

C:\Documents and Settings\Celeste\Local Settings\Temporary Internet Files\Content.IE5\G1AVSPQB\ven1v13aid28[1].exe NSIS: infected - 4 skipped

C:\Documents and Settings\Celeste\Local Settings\Temporary Internet Files\Content.IE5\G1AVSPQB\_bm1fcmlke3JpZH1fbWFfa3cxX21hNHM_bmF2_bm1fNjg2MjhfNWRhMGFkM2FiODViMTFkY2EwNWFmNjg2MDFkZWZmZmZfN2RhN2IzMDIwN2E0NGJmNDkzMDMxYzllODRiM2UwNTM_[1].exe Infected: not-virus:Hoax.Win32.Renos.bej skipped

C:\Documents and Settings\Celeste\Local Settings\Temporary Internet Files\Content.IE5\GXUVOLAJ\syswcc32[1].exe/data.rar/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped

C:\Documents and Settings\Celeste\Local Settings\Temporary Internet Files\Content.IE5\GXUVOLAJ\syswcc32[1].exe/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped

C:\Documents and Settings\Celeste\Local Settings\Temporary Internet Files\Content.IE5\GXUVOLAJ\syswcc32[1].exe/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped

C:\Documents and Settings\Celeste\Local Settings\Temporary Internet Files\Content.IE5\GXUVOLAJ\syswcc32[1].exe/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped

C:\Documents and Settings\Celeste\Local Settings\Temporary Internet Files\Content.IE5\GXUVOLAJ\syswcc32[1].exe RarSFX: infected - 4 skipped

C:\Documents and Settings\Celeste\Local Settings\Temporary Internet Files\Content.IE5\KTYNOXEB\ghjJHGgjh[1].exe Infected: Trojan-Downloader.Win32.Mutant.bu skipped

C:\Documents and Settings\Celeste\Local Settings\Temporary Internet Files\Content.IE5\SX8HEZ0D\hlp[1] Infected: not-a-virus:AdWare.Win32.Virtumonde.lsa skipped

C:\Documents and Settings\Celeste\Local Settings\Temporary Internet Files\Content.IE5\V31FV9WK\CAO1YDFC.htm Infected: Trojan.JS.Pakes.l skipped

C:\Documents and Settings\Celeste\Local Settings\Temporary Internet Files\Content.IE5\Y1ZSD07U\BatSetup[1].exe Infected: not-a-virus:AdWare.Win32.Rabio.m skipped

C:\Documents and Settings\LocalService\cftmon.exe Infected: Trojan-Downloader.Win32.Small.tra skipped

C:\Documents and Settings\LocalService\ftpdll.dll Infected: Trojan-Downloader.Win32.Small.ths skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\JvW.exe Infected: Trojan-Downloader.Win32.Small.tra skipped

C:\Program Files\QdrDrive\QdrDrive12.dll Infected: not-a-virus:AdWare.Win32.AdBand.p skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{B992AC1F-1409-469D-9617-074D63E04B5E}\RP419\A0072505.dll Infected: Trojan-Downloader.Win32.Small.ths skipped

C:\System Volume Information\_restore{B992AC1F-1409-469D-9617-074D63E04B5E}\RP419\A0072506.dll Infected: Trojan-Downloader.Win32.Small.ths skipped

C:\System Volume Information\_restore{B992AC1F-1409-469D-9617-074D63E04B5E}\RP419\A0073481.dll Infected: Trojan-Downloader.Win32.Small.ths skipped

C:\System Volume Information\_restore{B992AC1F-1409-469D-9617-074D63E04B5E}\RP419\A0073490.exe Infected: not-a-virus:AdWare.Win32.AdBand.p skipped

C:\System Volume Information\_restore{B992AC1F-1409-469D-9617-074D63E04B5E}\RP419\A0074477.exe Infected: not-a-virus:AdWare.Win32.AdBand.p skipped

C:\System Volume Information\_restore{B992AC1F-1409-469D-9617-074D63E04B5E}\RP419\A0074478.exe Infected: not-a-virus:AdWare.Win32.AdBand.n skipped

C:\System Volume Information\_restore{B992AC1F-1409-469D-9617-074D63E04B5E}\RP419\A0074489.dll Infected: Trojan-Downloader.Win32.Small.ths skipped

C:\System Volume Information\_restore{B992AC1F-1409-469D-9617-074D63E04B5E}\RP419\A0074490.dll Infected: Trojan-Downloader.Win32.Small.ths skipped

cwkeen

2008-04-01, 22:07

C:\System Volume Information\_restore{B992AC1F-1409-469D-9617-074D63E04B5E}\RP419\A0075481.dll Infected: Trojan-Downloader.Win32.Small.ths skipped

C:\System Volume Information\_restore{B992AC1F-1409-469D-9617-074D63E04B5E}\RP419\A0075482.dll Infected: Trojan-Downloader.Win32.Small.ths skipped

C:\System Volume Information\_restore{B992AC1F-1409-469D-9617-074D63E04B5E}\RP419\A0079514.exe/data0001 Infected: not-a-virus:AdWare.Win32.PurityScan.gp skipped

C:\System Volume Information\_restore{B992AC1F-1409-469D-9617-074D63E04B5E}\RP419\A0079514.exe NSIS: infected - 1 skipped

C:\System Volume Information\_restore{B992AC1F-1409-469D-9617-074D63E04B5E}\RP419\A0079521.dll Infected: not-a-virus:AdWare.Win32.Rabio.m skipped

C:\System Volume Information\_restore{B992AC1F-1409-469D-9617-074D63E04B5E}\RP419\A0081500.dll Infected: Trojan-Downloader.Win32.Small.tra skipped

C:\System Volume Information\_restore{B992AC1F-1409-469D-9617-074D63E04B5E}\RP419\A0081510.exe Infected: Trojan-Downloader.Win32.Small.tra skipped

C:\System Volume Information\_restore{B992AC1F-1409-469D-9617-074D63E04B5E}\RP419\A0081512.exe Infected: not-a-virus:FraudTool.Win32.AntiVirPro.g skipped

C:\System Volume Information\_restore{B992AC1F-1409-469D-9617-074D63E04B5E}\RP419\A0081513.dll Infected: not-a-virus:FraudTool.Win32.AntiVirPro.g skipped

C:\System Volume Information\_restore{B992AC1F-1409-469D-9617-074D63E04B5E}\RP419\A0081531.dll Infected: Trojan-Downloader.Win32.Small.tra skipped

C:\System Volume Information\_restore{B992AC1F-1409-469D-9617-074D63E04B5E}\RP419\A0081646.dll Infected: Trojan-Downloader.Win32.Small.tra skipped

C:\System Volume Information\_restore{B992AC1F-1409-469D-9617-074D63E04B5E}\RP419\A0081660.dll Infected: not-a-virus:AdWare.Win32.Rabio.m skipped

C:\System Volume Information\_restore{B992AC1F-1409-469D-9617-074D63E04B5E}\RP419\A0081661.dll Infected: not-a-virus:AdWare.Win32.Rabio.m skipped

C:\System Volume Information\_restore{B992AC1F-1409-469D-9617-074D63E04B5E}\RP419\A0081662.dll Infected: not-a-virus:AdWare.Win32.Rabio.m skipped

C:\System Volume Information\_restore{B992AC1F-1409-469D-9617-074D63E04B5E}\RP419\A0081680.exe Infected: not-a-virus:AdWare.Win32.AdBand.p skipped

C:\System Volume Information\_restore{B992AC1F-1409-469D-9617-074D63E04B5E}\RP419\A0081682.exe Infected: not-a-virus:AdWare.Win32.AdBand.p skipped

C:\System Volume Information\_restore{B992AC1F-1409-469D-9617-074D63E04B5E}\RP419\A0081683.exe/data0001 Infected: not-a-virus:AdWare.Win32.PurityScan.gp skipped

C:\System Volume Information\_restore{B992AC1F-1409-469D-9617-074D63E04B5E}\RP419\A0081683.exe NSIS: infected - 1 skipped

C:\System Volume Information\_restore{B992AC1F-1409-469D-9617-074D63E04B5E}\RP419\A0081694.dll Infected: Trojan-Downloader.Win32.Small.tra skipped

C:\System Volume Information\_restore{B992AC1F-1409-469D-9617-074D63E04B5E}\RP419\A0081702.exe Infected: not-virus:Hoax.Win32.Renos.bee skipped

C:\System Volume Information\_restore{B992AC1F-1409-469D-9617-074D63E04B5E}\RP419\A0081719.exe Infected: Trojan-Downloader.Win32.Small.tra skipped

C:\System Volume Information\_restore{B992AC1F-1409-469D-9617-074D63E04B5E}\RP419\A0081720.exe Infected: Trojan-Downloader.Win32.Small.tra skipped

C:\System Volume Information\_restore{B992AC1F-1409-469D-9617-074D63E04B5E}\RP419\A0081721.exe Infected: Trojan-Downloader.Win32.Small.tra skipped

C:\System Volume Information\_restore{B992AC1F-1409-469D-9617-074D63E04B5E}\RP419\A0081732.exe/data0001 Infected: not-a-virus:AdWare.Win32.PurityScan.gp skipped

C:\System Volume Information\_restore{B992AC1F-1409-469D-9617-074D63E04B5E}\RP419\A0081732.exe NSIS: infected - 1 skipped

C:\System Volume Information\_restore{B992AC1F-1409-469D-9617-074D63E04B5E}\RP420\A0081781.exe Infected: Trojan-Downloader.Win32.Small.tra skipped

C:\System Volume Information\_restore{B992AC1F-1409-469D-9617-074D63E04B5E}\RP420\A0082781.dll Infected: Trojan-Downloader.Win32.Small.tra skipped

C:\System Volume Information\_restore{B992AC1F-1409-469D-9617-074D63E04B5E}\RP420\A0083817.dll Infected: Trojan-Downloader.Win32.Small.tra skipped

C:\System Volume Information\_restore{B992AC1F-1409-469D-9617-074D63E04B5E}\RP420\A0084808.exe Infected: Trojan-Downloader.Win32.Agent.kwg skipped

C:\System Volume Information\_restore{B992AC1F-1409-469D-9617-074D63E04B5E}\RP420\change.log Object is locked skipped

C:\W3NG.exe Infected: Trojan-Downloader.Win32.Small.tra skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\NKCkph8M17.exe Infected: not-a-virus:FraudTool.Win32.XPdefender skipped

C:\WINDOWS\system32\000090.exe Infected: Trojan-Downloader.Win32.Small.tod skipped

C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat Object is locked skipped

C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\WINDOWS\system32\drivers\spools.exe Infected: Trojan-Downloader.Win32.Small.tra skipped

C:\WINDOWS\system32\ftp33.dll Infected: Trojan-Downloader.Win32.Small.tra skipped

C:\WINDOWS\system32\ftpdll.dll Infected: Trojan-Downloader.Win32.Small.ths skipped

C:\WINDOWS\system32\khfdcab.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ksm skipped

C:\WINDOWS\system32\LB060.tmp Infected: Trojan-Downloader.Win32.Small.tod skipped

C:\WINDOWS\system32\tuvsttu.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ksm skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\system32\xxyvuuu.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ksm skipped

Scan process completed.

Any help that can be given would be greatly appreciated. I'm afraid that the only recourse at this point is to reformat and reinstall.

pskelley

2008-04-02, 15:01

Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
"BEFORE you POST" (READ this Procedure before Requesting Assistance)
http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.

You are infected, I suggest you keep this computer offline except when troubleshooting, the junk may download more. If you have any tool I use, delete it and download it new from the link I provide. Read and follow the directions carefully, the tools will not work unless you do.
This will be a tough infection to remove so do not expect fast or easy.

Listen up, this is a badly infected computer, if you know how or have someone who can help, you may want to reformat. Let me give you some information and this computer has one of about every infection out there right now.

C:\WINDOWS\system32\drivers\spools.exe
http://www.liutilities.com/products/wintaskspro/processlibrary/spools/

This Trojan allows attackers to access your computer from remote locations, stealing passwords, Internet banking and personal data.
C:\WINDOWS\system32\ntos.exe
http://www.symantec.com/security_response/writeup.jsp?docid=2007-040208-5335-99&tabid=2

The Trojan deletes cookies in the Internet Explorer URL cache so that users will have to re-insert passwords when logging into banking Web sites.
It reads PStore to steal saved passwords on the compromised computer.
C:\WINDOWS\system32\sbwltbxa.exe
http://www.greatis.com/appdata/d/s/sbwltbxa.exe.htm

and that is far from all of the infections, I rarely see a computer more infected than this one.

A Backdoor is a software program that gives an attacker unauthorized access to a machine and the means for remotely controlling the machine without the user's knowledge. A Backdoor compromises system integrity by making changes to the system that allow it to by used by the attacker for malicious purposes unknown to the user.

One or more of the identified infections is a backdoor trojan.
This allows hackers to remotely control your computer, steal critical system information and Download and Execute files
I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.
Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
http://www.dslreports.com/faq/10451

When Should I Format, How Should I Reinstall
http://www.dslreports.com/faq/10063

Let us know what you have decided to do in your next post.

Thanks

cwkeen

2008-04-02, 17:36

For your quick response. I was thinking along the same lines (that a reformat and reinstall is the best route to ensure that all viruses were eliminated).

I've already checked with her about getting her restore or OS disk, but she's been having trouble finding it.

I've been keeping it off the network while attempting to update virus and spyware scanners, unplugging other comps while the laptop was on the network.

I'll pass on the info to her and see how she wants to handle it.

Once again, thank you.

pskelley

2008-04-10, 13:58

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than five days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.

Everyone else please begin a New Topic.