View Full Version : Help!!!!
i cant get rid of virtumonde.dll virus or what ever it is no matter what i do it still there any help you can give would be awsome
Hi mike79
Click here (http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe) to download HJTInstall.exe
Save HJTInstall.exe to your desktop.
Doubleclick on the HJTInstall.exe icon on your desktop.
By default it will install to C:\Program Files\Trend Micro\HijackThis .
Click on Install.
It will create a HijackThis icon on the desktop.
Once installed, it will launch Hijackthis.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT use the AnalyseThis button, its findings are dangerous if misinterpreted.
DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:34:27 PM, on 27/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigpond.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AntiSpywareMaster] C:\Program Files\AntiSpywareMaster\asm.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [0ceb2aa0] rundll32.exe "C:\WINDOWS\system32\mpudglqd.dll",b
O4 - HKLM\..\Run: [BM0fd8193c] Rundll32.exe "C:\WINDOWS\system32\lxtpsrgs.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [rdhbaqab] C:\WINDOWS\system32\rkpwtqti.exe
O4 - HKCU\..\Run: [hhbfvvhq] C:\WINDOWS\system32\vyxklaxk.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKLM\..\Policies\Explorer\Run: [YdRXujFfRq] C:\Documents and Settings\All Users.WINDOWS\Application Data\bmzkhebq\dydkrodq.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 10111 bytes
Hi
I edited out red color and non-default font; much easier to read :)
Are both avast! and AVG up-to-date and does ZA also have an antivirus?
yes both avast and avg are up to date they both on auto update and i check for updates myself every two days and zone alarm (ZA) has up to date antivirus ............ i got all sorts of things going on lol pc runningreally slow say two dll files are missing ill have to get the nmof them for ya .....
yes both avast and avg are up to date they both on auto update and i check for updates myself every two days and zone alarm (ZA) has up to date antivirus ............ i got all sorts of things going on lol pc runningreally slow say two dll files are missing ill have to get the name of them for ya .....
Hi
If ZA has antivirus, then you should uninstall both avast! and AVG.
Only one antivirus should be active.
After that, please post back a fresh HijackThis log :)
my pc keeps telling me that it cant find C:\WINDOWS\system32\mpudglqd.dll
and that the C:\WINDOWS\system32\jkkkjjgg.dll is infected and to delete or rename it im not sure what to do and spybot is saying that a registry change for BM0fd8193c is happening i denie it cause im unsure what the heck it is
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:44:03 PM, on 29/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigpond.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AntiSpywareMaster] C:\Program Files\AntiSpywareMaster\asm.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [0ceb2aa0] rundll32.exe "C:\WINDOWS\system32\mpudglqd.dll",b
O4 - HKLM\..\Run: [BM0fd8193c] Rundll32.exe "C:\WINDOWS\system32\bocqklyu.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [rdhbaqab] C:\WINDOWS\system32\rkpwtqti.exe
O4 - HKCU\..\Run: [hhbfvvhq] C:\WINDOWS\system32\vyxklaxk.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKLM\..\Policies\Explorer\Run: [YdRXujFfRq] C:\Documents and Settings\All Users.WINDOWS\Application Data\bmzkhebq\dydkrodq.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 8695 bytes
Hi
We will handle them next.
We need first to disable TeaTimer that it doesn't interfere with fixes. You can re-enable it when you're clean again:
1. Run Spybot-S&D in Advanced Mode.
2. If it is not already set to do this Go to the Mode menu select "Advanced Mode"
3. On the left hand side, Click on Tools
4. Then click on the Resident Icon in the List
5. Uncheck "Resident TeaTimer" and OK any prompts.
6. Restart your computer.
1. Download combofix from any of these links and save it to Desktop:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
Link 3 (http://subs.geekstogo.com/ComboFix.exe)
**Note: It is important that it is saved directly to your desktop**
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you (C:\ComboFix.txt). Post that log in your next reply
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.
If you have problems with Combofix usage, see here (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)
Post:
- a fresh HijackThis log
- combofix report
this is the hijackhis log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:09:22 PM, on 30/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigpond.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AntiSpywareMaster] C:\Program Files\AntiSpywareMaster\asm.exe
O4 - HKLM\..\Run: [0ceb2aa0] rundll32.exe "C:\WINDOWS\system32\mpudglqd.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [rdhbaqab] C:\WINDOWS\system32\rkpwtqti.exe
O4 - HKCU\..\Run: [hhbfvvhq] C:\WINDOWS\system32\vyxklaxk.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKLM\..\Policies\Explorer\Run: [YdRXujFfRq] C:\Documents and Settings\All Users.WINDOWS\Application Data\bmzkhebq\dydkrodq.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 7776 bytes
combofix log
ComboFix 08-04-29.3 - rebel 2008-04-30 17:13:17.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1606 [GMT 8:00]
Running from: C:\Documents and Settings\rebel\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\PC-Cleaner
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\bocqklyu.dll
C:\WINDOWS\system32\fhjjmnnn.ini
C:\WINDOWS\system32\fhjjmnnn.ini2
C:\WINDOWS\system32\hkloorqr.ini
C:\WINDOWS\system32\hkloorqr.ini2
C:\WINDOWS\system32\kkidmtli.dll
C:\WINDOWS\system32\lnrimryu.ini
C:\WINDOWS\system32\lxtpsrgs.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mmmpsvut.ini
C:\WINDOWS\system32\mmmpsvut.ini2
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\qrqqqqss.ini
C:\WINDOWS\system32\qrqqqqss.ini2
C:\WINDOWS\system32\rtsrqqru.ini
C:\WINDOWS\system32\rtsrqqru.ini2
C:\WINDOWS\system32\ssqroLDT.dll
C:\WINDOWS\system32\vwvvxyxx.ini
C:\WINDOWS\system32\vwvvxyxx.ini2
C:\WINDOWS\system32\xgtutqje.ini
C:\WINDOWS\system32bdn.com
C:\WINDOWS\system32hxiwlgpm.dat
C:\WINDOWS\system32ssvchost.com
C:\WINDOWS\system32taack.dat
C:\WINDOWS\system32VBIEWER.OCX
.
((((((((((((((((((((((((( Files Created from 2008-03-28 to 2008-04-30 )))))))))))))))))))))))))))))))
.
2008-04-30 17:12 . 2008-04-30 17:13 1,024 --ah----- C:\Documents and Settings\Default User.WINDOWS\ntuser.dat.LOG
2008-04-29 20:36 . 2008-04-29 20:36 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avg7
2008-04-29 20:35 . 2008-04-30 17:13 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\NtUser.dat.LOG
2008-04-27 20:32 . 2008-04-27 20:32 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-25 20:15 . 2008-04-28 17:58 <DIR> d-------- C:\WINDOWS\CAVTemp
2008-04-24 21:43 . 2008-04-24 21:43 <DIR> d-------- C:\Documents and Settings\sheridan.R3B3L\Application Data\MailFrontier
2008-04-24 17:18 . 2008-04-24 17:21 <DIR> d-------- C:\Documents and Settings\rebel\Application Data\MailFrontier
2008-04-24 17:10 . 2008-04-24 17:12 4,212 --ah----- C:\WINDOWS\system32\zllictbl.dat
2008-04-24 17:09 . 2008-04-24 17:09 <DIR> d-------- C:\Program Files\Zone Labs
2008-04-24 17:08 . 2008-04-29 20:27 <DIR> d-------- C:\WINDOWS\Internet Logs
2008-04-23 20:05 . 2008-04-23 20:05 <DIR> d-------- C:\Program Files\Lavasoft
2008-04-21 17:48 . 2008-04-30 17:13 1,024 --ah----- C:\Documents and Settings\Administrator\ntuser.dat.LOG
2008-04-21 17:47 . 2008-04-29 20:36 <DIR> d-------- C:\Documents and Settings\Administrator
2008-04-19 23:43 . 2008-04-19 23:43 <DIR> d-------- C:\Program Files\Common Files\eSellerate
2008-04-19 22:47 . 2008-04-20 21:03 <DIR> d-a------ C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-04-19 13:51 . 2008-04-19 18:52 654 --ahs---- C:\WINDOWS\system32\evoytnni.ini
2008-04-18 14:07 . 2008-04-18 14:07 268 --ah----- C:\sqmdata19.sqm
2008-04-18 14:07 . 2008-04-18 14:07 244 --ah----- C:\sqmnoopt19.sqm
2008-04-18 12:14 . 2008-04-19 13:49 534 --ahs---- C:\WINDOWS\system32\dqlgdupm.ini
2008-04-17 23:19 . 2008-04-17 23:19 268 --ah----- C:\sqmdata18.sqm
2008-04-17 23:19 . 2008-04-17 23:19 244 --ah----- C:\sqmnoopt18.sqm
2008-04-17 12:54 . 2008-04-21 19:02 427 --a------ C:\WINDOWS\wininit.ini
2008-04-17 12:33 . 2008-04-24 22:17 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\bmzkhebq
2008-04-17 09:45 . 2008-04-17 09:45 268 --ah----- C:\sqmdata17.sqm
2008-04-17 09:45 . 2008-04-17 09:45 244 --ah----- C:\sqmnoopt17.sqm
2008-04-17 09:41 . 2008-04-18 12:11 594 --ahs---- C:\WINDOWS\system32\ewkgswaj.ini
2008-04-17 09:38 . 2008-04-29 20:27 109,738 --a------ C:\WINDOWS\BM0fd8193c.xml
2008-04-16 21:35 . 2008-04-16 21:35 374,784 --a------ C:\WINDOWS\system32\xxyxvvwv.dll
2008-04-16 21:27 . 2008-04-16 21:27 <DIR> d-------- C:\WINDOWS\system32\pol3
2008-04-16 21:27 . 2008-04-16 21:27 <DIR> d-------- C:\WINDOWS\system32\dtmp
2008-04-16 21:27 . 2008-04-16 21:27 <DIR> d-------- C:\WINDOWS\system32\BL
2008-04-16 21:26 . 2008-04-16 21:26 <DIR> d-------- C:\WINDOWS\system32\xcsDd05
2008-04-16 21:26 . 2008-04-16 21:27 <DIR> d-------- C:\WINDOWS\system32\MId2
2008-04-16 21:26 . 2008-04-16 21:26 <DIR> d-------- C:\Temp\berDrv11
2008-04-16 21:26 . 2008-04-30 17:13 <DIR> d-------- C:\Temp
2008-04-16 21:26 . 2008-04-16 21:26 476,491 --a------ C:\Temp\xWas0017.exe
2008-04-16 21:26 . 2008-04-16 21:26 30,720 --a------ C:\WINDOWS\system32\jkkkjjgg.dll
2008-04-16 16:59 . 2008-04-16 16:59 268 --ah----- C:\sqmdata16.sqm
2008-04-16 16:59 . 2008-04-16 16:59 244 --ah----- C:\sqmnoopt16.sqm
2008-04-13 19:42 . 2008-04-20 21:15 <DIR> d-------- C:\Program Files\XAimer
2008-04-13 19:42 . 2004-12-06 07:10 192,512 --a------ C:\WINDOWS\system32\ssresources.dll
2008-04-13 19:42 . 2006-05-08 20:59 49,152 --a------ C:\WINDOWS\system32\AIMDL.exe
2008-04-13 19:42 . 2008-04-13 19:46 20,481 --a------ C:\WINDOWS\system32\SystemsHook.dll
2008-04-07 10:57 . 2008-04-07 10:57 <DIR> d-------- C:\Documents and Settings\sheridan.R3B3L\Application Data\Talkback
2008-04-07 10:02 . 2008-04-07 10:02 <DIR> d-------- C:\WINDOWS\Sun
2008-04-05 10:27 . 2004-08-03 23:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-04-02 10:34 . 2008-04-02 10:34 1,158 --a------ C:\WINDOWS\mozver.dat
2008-04-02 10:02 . 2008-04-02 10:02 268 --ah----- C:\sqmdata15.sqm
2008-04-02 10:02 . 2008-04-02 10:02 244 --ah----- C:\sqmnoopt15.sqm
2008-04-02 09:36 . 2008-04-02 09:36 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Emotum
2008-04-02 09:11 . 2008-04-02 09:11 <DIR> d-------- C:\Emotum
2008-04-02 09:11 . 2008-04-02 09:11 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec
2008-04-01 22:38 . 2008-04-01 22:38 268 --ah----- C:\sqmdata14.sqm
2008-04-01 22:38 . 2008-04-01 22:38 244 --ah----- C:\sqmnoopt14.sqm
2008-04-01 22:23 . 2008-04-01 22:23 <DIR> d-------- C:\sr
2008-04-01 10:41 . 2008-04-01 10:41 244 --ah----- C:\sqmnoopt13.sqm
2008-04-01 10:41 . 2008-04-01 10:41 232 --ah----- C:\sqmdata13.sqm
2008-04-01 10:18 . 2008-04-01 10:18 7,873 --a------ C:\WINDOWS\cdplayer.ini
2008-04-01 09:50 . 2008-04-01 10:19 <DIR> d-------- C:\Program Files\Acoustica MP3 CD Burner
2008-04-01 09:50 . 2002-11-05 15:16 57,344 --a------ C:\WINDOWS\system32\Wnaspint.dll
2008-04-01 09:44 . 2008-04-01 09:44 <DIR> d-------- C:\Documents and Settings\rebel\Application Data\Talkback
2008-04-01 09:44 . 2008-04-01 09:44 0 --a------ C:\WINDOWS\nsreg.dat
2008-03-28 18:58 . 2008-03-28 18:58 <DIR> d-------- C:\Documents and Settings\rebel\Application Data\Acreon
2008-03-26 23:02 . 2008-03-26 23:02 <DIR> d-------- C:\Logs
2008-03-26 13:06 . 2008-03-26 15:40 <DIR> d-------- C:\Program Files\Java
2008-03-26 13:06 . 2008-04-17 14:18 <DIR> d-------- C:\Documents and Settings\rebel\Application Data\LimeWire
2008-03-26 13:06 . 2008-02-22 01:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-03-26 13:02 . 2008-03-26 13:06 <DIR> d-------- C:\Program Files\LimeWire
2008-03-26 13:02 . 2008-03-26 13:02 <DIR> d-------- C:\Program Files\Common Files\Java
2008-03-17 22:36 . 2008-03-17 22:36 268 --ah----- C:\sqmdata12.sqm
2008-03-17 22:36 . 2008-03-17 22:36 244 --ah----- C:\sqmnoopt12.sqm
2008-03-17 18:42 . 2008-03-17 18:42 268 --ah----- C:\sqmdata11.sqm
2008-03-17 18:42 . 2008-03-17 18:42 244 --ah----- C:\sqmnoopt11.sqm
2008-03-17 11:12 . 2008-03-17 11:12 268 --ah----- C:\sqmdata10.sqm
2008-03-17 11:12 . 2008-03-17 11:12 244 --ah----- C:\sqmnoopt10.sqm
2008-03-17 10:04 . 2008-03-17 10:04 268 --ah----- C:\sqmdata09.sqm
2008-03-17 10:04 . 2008-03-17 10:04 244 --ah----- C:\sqmnoopt09.sqm
2008-03-16 23:22 . 2008-03-16 23:22 268 --ah----- C:\sqmdata08.sqm
2008-03-16 23:22 . 2008-03-16 23:22 244 --ah----- C:\sqmnoopt08.sqm
2008-03-16 15:02 . 2008-04-22 16:00 268 --ah----- C:\sqmdata07.sqm
2008-03-16 15:02 . 2008-04-22 16:00 244 --ah----- C:\sqmnoopt07.sqm
2008-03-16 11:30 . 2008-04-22 07:56 268 --ah----- C:\sqmdata06.sqm
2008-03-16 11:30 . 2008-04-22 07:56 244 --ah----- C:\sqmnoopt06.sqm
2008-03-16 01:54 . 2008-04-20 18:25 244 --ah----- C:\sqmnoopt05.sqm
2008-03-16 01:54 . 2008-04-20 18:25 232 --ah----- C:\sqmdata05.sqm
2008-03-15 23:20 . 2008-04-20 18:22 244 --ah----- C:\sqmnoopt04.sqm
2008-03-15 23:20 . 2008-04-20 18:22 232 --ah----- C:\sqmdata04.sqm
2008-03-08 14:10 . 2008-03-08 14:10 <DIR> dr-h----- C:\Documents and Settings\rebel\Application Data\yahoo!
2008-03-04 17:11 . 2008-03-04 17:11 <DIR> d-------- C:\Documents and Settings\sheridan.R3B3L\Application Data\MSNInstaller
2008-03-03 08:01 . 2008-03-03 08:01 <DIR> d-------- C:\Documents and Settings\sheridan.R3B3L\Bluetooth Software
2008-03-02 15:08 . 2001-08-17 12:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-03-02 15:08 . 2001-08-17 12:48 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-03-02 15:07 . 2001-08-17 13:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-03-02 15:07 . 2001-08-17 13:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2008-03-01 18:37 . 2008-04-28 18:18 <DIR> d-------- C:\Program Files\World of Warcraft
2008-03-01 18:37 . 2008-03-01 18:37 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-03-01 18:26 . 2005-05-03 17:43 69,632 --a------ C:\WINDOWS\Alcmtr.exe
2008-03-01 18:22 . 2004-08-03 22:08 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2008-03-01 18:22 . 2004-08-03 22:08 60,288 --a--c--- C:\WINDOWS\system32\dllcache\drmk.sys
2008-03-01 18:09 . 2008-03-01 18:09 <DIR> d-------- C:\Documents and Settings\rebel\Bluetooth Software
2008-03-01 17:46 . 2008-03-01 21:06 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-03-01 17:46 . 2007-07-01 11:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-03-01 17:46 . 2007-07-01 11:36 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-03-01 17:46 . 2008-03-01 21:06 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-03-01 17:46 . 2008-03-01 21:06 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-03-01 17:46 . 2008-03-01 21:06 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-03-01 17:46 . 2008-03-01 21:06 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-03-01 17:46 . 2008-03-01 21:06 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-03-01 17:46 . 2008-02-22 18:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-03-01 17:46 . 2008-03-01 17:46 759 --a------ C:\WINDOWS\system32\spupdsvc.inf
2008-03-01 17:32 . 2008-03-01 17:32 <DIR> d--hs---- C:\Documents and Settings\rebel\UserData
2008-03-01 16:33 . 2008-03-01 16:33 <DIR> d-------- C:\Documents and Settings\rebel\Application Data\Digital Asphyxia
2008-03-01 16:33 . 2008-03-01 16:33 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Digital Asphyxia
2008-03-01 16:32 . 2008-03-01 16:32 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Tarma Installer
2008-03-01 16:29 . 2008-04-17 21:34 31 --a------ C:\WINDOWS\YAHVOX_ignore.ini
2008-03-01 16:27 . 2008-04-17 21:34 2,559 --a------ C:\WINDOWS\YAHELITE.INI
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-28 08:43 1,828,864 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2008-04-28 08:43 1,329,152 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2008-04-27 12:20 18,260,791 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_04_27_18_46_00.dmp.zip
2008-04-27 12:20 18,193,281 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_04_27_18_45_50.dmp.zip
2008-04-27 10:33 17,907,703 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_04_25_20_19_30.dmp.zip
2008-04-27 10:33 17,833,489 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_04_25_20_19_22.dmp.zip
2008-04-24 14:15 1,359,360 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-04-24 14:11 68,096 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-04-24 09:21 896,472 ----a-w C:\WINDOWS\system32\drivers\vetmonnt.sys
2008-04-24 09:21 114,856 ----a-w C:\WINDOWS\system32\drivers\vetfddnt.sys
2008-04-24 09:21 1,353,016 ----a-w C:\WINDOWS\system32\vete.dll
2008-04-23 12:04 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-19 14:50 --------- d-----w C:\Program Files\SpywareBlaster
2008-04-19 12:24 --------- d-----w C:\Documents and Settings\sheridan\Application Data\this32iso
2008-04-19 12:24 --------- d-----w C:\Documents and Settings\michael\Application Data\this32iso
2008-04-18 11:48 --------- d-----w C:\Program Files\Y!mLite
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-29 00:03 --------- d--h--r C:\Documents and Settings\sheridan.R3B3L\Application Data\yahoo!
2008-02-28 15:18 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo! Companion
2008-02-28 15:02 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo!
2008-02-28 14:51 --------- d-----w C:\Program Files\Windows Live Favorites
2008-02-28 14:38 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\WLInstaller
2008-02-28 14:05 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-02-28 14:02 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-28 13:36 691,545 ----a-w C:\WINDOWS\unins000.exe
2008-02-28 12:32 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
2008-02-28 12:30 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-02-28 12:30 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2008-02-28 11:40 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-02-28 11:30 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\nView_Profiles
2008-02-28 11:26 --------- d-----w C:\Program Files\Alwil Software
2008-02-28 11:18 --------- d-----w C:\Documents and Settings\rebel\Application Data\InstallShield
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-01 02:11 586,240 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-01-07 11:57 984,576 ----a-w C:\WINDOWS\system32\syssetup.dll
2008-01-07 11:57 1,580,544 ----a-w C:\WINDOWS\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A79F1A0C-86F6-490E-B877-7C30EF576A78}]
2008-04-16 21:35 374784 --a------ C:\WINDOWS\system32\xxyxvvwv.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-14 00:24 1694208]
"rdhbaqab"="C:\WINDOWS\system32\rkpwtqti.exe" [ ]
"hhbfvvhq"="C:\WINDOWS\system32\vyxklaxk.exe" [ ]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 16:36 178712]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 22:25 8491008]
"nwiz"="nwiz.exe" [2007-10-04 22:25 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-04 22:25 81920]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-14 09:29 102400]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 11:38 159744]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-29 18:22 638976]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-16 17:30 16855552 C:\WINDOWS\RTHDCPL.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 03:25 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51 39792]
"AntiSpywareMaster"="C:\Program Files\AntiSpywareMaster\asm.exe" [ ]
"0ceb2aa0"="C:\WINDOWS\system32\mpudglqd.dll" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:56 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"YdRXujFfRq"= C:\Documents and Settings\All Users.WINDOWS\Application Data\bmzkhebq\dydkrodq.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkkjjgg]
jkkkjjgg.dll 2008-04-16 21:26 30720 C:\WINDOWS\system32\jkkkjjgg.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.12.0-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.3.0-enUS-downloader.exe"=
"C:\\Program Files\\Y!mLite\\YmLite.exe"=
"C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Documents and Settings\\rebel\\Desktop\\My Documents\\MY YAHOO SHIT\\CLIENTS\\YahELiteFull\\YahELiteFull\\YahVox.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"6112:TCP"= 6112:TCP:Blizzard Downloader
.
Contents of the 'Scheduled Tasks' folder
"2008-04-30 09:11:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-30 17:21:01
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 1
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\WINDOWS\system32\LIBEAY32_0.9.6l.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-04-30 17:26:38 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-30 09:26:23
Pre-Run: 130,096,492,544 bytes free
Post-Run: 130,923,278,336 bytes free
295 --- E O F --- 2008-04-11 00:18:35
Hi
Open notepad and copy/paste the text in the codebox below into it:
File::
C:\WINDOWS\system32\evoytnni.ini
C:\WINDOWS\system32\dqlgdupm.ini
C:\WINDOWS\system32\ewkgswaj.ini
C:\WINDOWS\BM0fd8193c.xml
C:\WINDOWS\system32\xxyxvvwv.dll
C:\WINDOWS\system32\jkkkjjgg.dll
Folder::
C:\Documents and Settings\All Users.WINDOWS\Application Data\bmzkhebq
C:\WINDOWS\system32\pol3
C:\WINDOWS\system32\dtmp
C:\WINDOWS\system32\BL
C:\WINDOWS\system32\xcsDd05
C:\WINDOWS\system32\MId2
C:\Temp
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A79F1A0C-86F6-490E-B877-7C30EF576A78}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"rdhbaqab"=-
"hhbfvvhq"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AntiSpywareMaster"=-
"0ceb2aa0"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"YdRXujFfRq"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkkjjgg]
Save this as "CFScript"
Then drag the CFScript into ComboFix.exe as you see in the screenshot below.
http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.
Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.
Due to the lack of feedback this Topic is closed.
If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.
If it has been less than five days since your last response and you need the thread re-opened, please send a private message (pm). A valid, working link to the closed topic is required.
Everyone else please begin a New Topic.