Smithfraud-C CoreService Trojan

[mystyflwr]

UPDATE
I think this is what you wanted.

ComboFix 07-12-12.3 - ofoor 2007-12-21 15:13:24.8 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.101 [GMT -8:00]
Running from: C:\Documents and Settings\ofoor\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\ofoor\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\SYSTEM32\ppqss.bak1
C:\WINDOWS\SYSTEM32\ppqss.bak2
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\SYSTEM32\ppqss.bak1
C:\WINDOWS\SYSTEM32\ppqss.bak2

.
((((((((((((((((((((((((( Files Created from 2007-11-21 to 2007-12-21 )))))))))))))))))))))))))))))))
.

2007-12-07 23:03 . 2007-12-07 23:03 <DIR> d-------- C:\Program Files\MSXML 6.0
2007-12-06 02:41 . 2007-08-20 02:04 6,058,496 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll
2007-12-06 02:41 . 2007-04-17 01:32 2,455,488 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dat
2007-12-06 02:41 . 2007-03-07 21:10 991,232 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll.mui
2007-12-06 02:41 . 2007-08-20 02:04 459,264 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\msfeeds.dll
2007-12-06 02:41 . 2007-08-20 02:04 383,488 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dll
2007-12-06 02:41 . 2007-08-20 02:04 267,776 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\iertutil.dll
2007-12-06 02:41 . 2007-08-20 02:04 63,488 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\icardie.dll
2007-12-06 02:41 . 2007-08-20 02:04 52,224 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\msfeedsbs.dll
2007-12-06 02:41 . 2007-08-17 02:20 13,824 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
2007-12-06 02:28 . 2007-12-06 02:30 <DIR> d-------- C:\de4829dd77365fae207638b3625e35
2007-12-06 02:00 . 2007-12-06 02:00 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-12-06 01:59 . 2007-12-06 01:59 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-12-04 11:49 . 2007-12-04 11:49 <DIR> d-------- C:\WINDOWS\SYSTEM32\Kaspersky Lab
2007-12-04 11:49 . 2007-12-04 11:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-04 10:53 . 2007-12-04 10:53 <DIR> d-------- C:\Program Files\Trend Micro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-21 23:18 4,147,232 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2007-12-20 23:32 48,020 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-12-13 14:45 1,368,052 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2007-12-06 11:17 --------- d-----w C:\Program Files\Yahoo!
2007-12-06 11:17 --------- d-----w C:\Program Files\Common Files\Scanner
2007-12-06 11:17 --------- d-----w C:\Documents and Settings\ofoor\Application Data\Yahoo!
2007-12-06 11:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\yahoo!
2007-12-06 11:15 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-20 21:31 --------- d-----w C:\Program Files\Lavasoft
2007-11-20 21:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-20 21:27 --------- d-----w C:\Documents and Settings\ofoor\Application Data\Lavasoft
2007-11-20 21:24 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-11-19 20:33 --------- d-----w C:\Program Files\The Cleaner Free
2007-11-19 18:54 5,376 ----a-w C:\WINDOWS\system32\drivers\MS1000.sys
2007-11-16 18:27 --------- d-----w C:\Program Files\RogueRemover FREE
2007-11-15 18:14 --------- d-----w C:\Documents and Settings\ofoor\Application Data\AVG7
2007-11-14 21:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7
2007-11-14 21:55 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2007-11-14 20:19 9,216 ----a-w C:\WINDOWS\SYSTEM32\avgwlntf.dll
2007-11-14 20:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-14 18:32 82,432 ----a-w C:\WINDOWS\SYSTEM32\msxml4r.dll
2007-11-14 18:32 44,544 ----a-w C:\WINDOWS\SYSTEM32\msxml4a.dll
2007-11-14 18:32 --------- d-----w C:\Program Files\RealVNC
2007-11-14 18:23 --------- d-----w C:\Program Files\Tektegrity
2007-11-11 02:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-11-11 01:47 --------- d-----w C:\Program Files\iolo
2007-11-07 21:26 --------- d-----w C:\Documents and Settings\ofoor\Application Data\U3
2007-11-07 18:10 117 ----a-w C:\Documents and Settings\ofoor\mit.bat
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\shell32.dll
2005-03-10 18:20 561,152 -c--a-w C:\Documents and Settings\ofoor\chatlnk.exe
.

((((((((((((((((((((((((((((( snapshot_2007-12-06_23.48.15.26 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-11-27 11:58:11 140,288 ----a-w C:\WINDOWS\catchme.exe
+ 2007-12-10 03:04:27 142,336 ----a-w C:\WINDOWS\catchme.exe
+ 2004-08-04 07:56:43 25,088 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mslbui.dll
+ 2004-08-04 07:56:46 43,520 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wbemsvc.dll
- 2007-11-14 20:19:29 3,968 ----a-w C:\WINDOWS\SYSTEM32\DRIVERS\avgclean.sys
+ 2007-12-20 15:02:14 10,760 ----a-w C:\WINDOWS\SYSTEM32\DRIVERS\avgclean.sys
- 2007-11-14 20:38:19 19,904 ----a-w C:\WINDOWS\SYSTEM32\DRIVERS\avgmfx86.sys
+ 2007-12-20 15:01:54 26,952 ----a-w C:\WINDOWS\SYSTEM32\DRIVERS\avgmfx86.sys
+ 2006-12-04 22:37:58 1,317,648 ----a-w C:\WINDOWS\SYSTEM32\msxml6.dll
+ 2006-10-05 12:31:10 79,872 ----a-w C:\WINDOWS\SYSTEM32\msxml6r.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sonic RecordNow!"="" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-20 06:59]
"System Mechanic Popup Stopper"="C:\Program Files\iolo\System Mechanic 5\PopupStopper.exe" [2004-10-26 15:39]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-03 23:56 C:\WINDOWS\SYSTEM32\rundll32.exe]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 17:12]
"StorageGuard"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-12 22:01]
"vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe" [2002-07-30 10:35]
"ADUserMon"="C:\Program Files\Iomega\AutoDisk\ADUserMon.exe" [2002-09-24 15:39]
"Iomega Drive Icons"="C:\Program Files\Iomega\DriveIcons\ImgIcon.exe" [2002-08-13 13:30]
"Deskup"="C:\Program Files\Iomega\DriveIcons\deskup.exe" [2002-07-16 09:55]
"StatusClient 2.6"="C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe" [2005-04-08 10:18]
"TomcatStartup 2.5"="C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe" [2004-05-20 10:37]
"OrderReminder"="C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder\OrderReminder.exe" [2005-03-13 19:21]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-09-06 16:14]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-04-14 23:11]
"Kaseya Agent Service Helper"="c:\Program Files\Tektegrity\Client\Agent\KaUsrTsk.exe" [2007-06-04 20:04]

C:\Documents and Settings\jeff.BILLING_01\Start Menu\Programs\Startup\
Shortcut to MAP F.lnk - C:\MAP F.BAT [2004-04-30 15:55:03]

C:\Documents and Settings\ofoor\Start Menu\Programs\Startup\
LaunchU3.exe.lnk - C:\Documents and Settings\ofoor\Application Data\Microsoft\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe [2006-11-26 12:37:21]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
VPN Client.lnk - C:\WINDOWS\Installer\{D25122BC-A60E-4663-B602-B01718F12044}\Icon3E5562ED7.ico [2006-08-01 15:04:19]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 2007-11-14 12:19 9216 C:\WINDOWS\SYSTEM32\avgwlntf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WildTangent CDA]
RUNDLL32.exe C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll,cdaEngineMain

R2 KaseyaAgent;TekTegrity Agent;"c:\Program Files\Tektegrity\Client\Agent\AgentMon.exe" -s
R2 KaseyaAVService;Kaseya Security Service;"c:\Program Files\Tektegrity\Client\Agent\KasAVSrv.exe" -s
S3 MS1000;MS1000;C:\WINDOWS\system32\DRIVERS\MS1000.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7a432314-4ca7-11db-bf3f-000cf1e4889b}]
\Shell\AutoRun\command - E:\LaunchU3.exe

.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-21 15:18:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\System32\NavLogon.dll
.
Completion time: 2007-12-21 15:20:28
C:\ComboFix2.txt ... 2007-12-21 14:42
C:\ComboFix3.txt ... 2007-12-14 15:13
.
2007-11-14 17:21:55 --- E O F ---

 

[Shaba]

Hi

Yes, latter is correct

Please do an online scan with Kaspersky Online Scanner. You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then start to download the latest definition files.
• Once the scanner is installed and the definitions downloaded, click Next.
• Now click on Scan Settings
• In the scan settings make sure that the following are selected:
  
  o Scan using the following Anti-Virus database:
  
  + Extended (If available otherwise Standard)
  
  o Scan Options:
  
  + Scan Archives
  + Scan Mail Bases
  
• Click OK
• Now under select a target to scan select My Computer
• The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
• Now click on the Save as Text button
• Save the file to your desktop.
• Copy and paste that information in your next post.

Note: This scanner will work with Internet Explorer Only!

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the license, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

Post:

- a fresh HijackThis log
- kaspersky report

 

[mystyflwr]

Kaspersky Report

------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
December 26, 2007 4:08:05 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 26/12/2007
Kaspersky Anti-Virus database records: 494953
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
F:\
R:\
T:\

Scan Statistics:
Total number of scanned objects: 67158
Number of viruses found: 3
Number of infected objects: 8
Number of suspicious objects: 0
Duration of the scan process: 01:25:46

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0EF40000.VBN/core.sys Infected: Rootkit.Win32.Agent.mb skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0EF40000.VBN ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0EF40000.VBN CryptZ: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0EF40001.VBN/core.sys Infected: Rootkit.Win32.Agent.mb skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0EF40001.VBN ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0EF40001.VBN CryptZ: infected - 1 skipped
C:\Documents and Settings\LocalService\Cookies\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\ofoor\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\ofoor\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\ofoor\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\ofoor\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\ofoor\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\ofoor\Local Settings\History\History.IE5\MSHist012007122620071227\index.dat Object is locked skipped
C:\Documents and Settings\ofoor\Local Settings\Temp\jar_cache8657.tmp Object is locked skipped
C:\Documents and Settings\ofoor\Local Settings\Temp\jar_cache8658.tmp Object is locked skipped
C:\Documents and Settings\ofoor\Local Settings\Temp\jar_cache8659.tmp Object is locked skipped
C:\Documents and Settings\ofoor\Local Settings\Temp\jar_cache8660.tmp Object is locked skipped
C:\Documents and Settings\ofoor\Local Settings\Temp\jar_cache8661.tmp Object is locked skipped
C:\Documents and Settings\ofoor\Local Settings\Temp\jar_cache8662.tmp Object is locked skipped
C:\Documents and Settings\ofoor\Local Settings\Temp\jar_cache8663.tmp Object is locked skipped
C:\Documents and Settings\ofoor\Local Settings\Temp\jar_cache8664.tmp Object is locked skipped
C:\Documents and Settings\ofoor\Local Settings\Temp\jar_cache8665.tmp Object is locked skipped
C:\Documents and Settings\ofoor\Local Settings\Temp\jar_cache8667.tmp Object is locked skipped
C:\Documents and Settings\ofoor\Local Settings\Temp\jar_cache8668.tmp Object is locked skipped
C:\Documents and Settings\ofoor\Local Settings\Temp\jar_cache8669.tmp Object is locked skipped
C:\Documents and Settings\ofoor\Local Settings\Temp\jar_cache8670.tmp Object is locked skipped
C:\Documents and Settings\ofoor\Local Settings\Temp\jar_cache8671.tmp Object is locked skipped
C:\Documents and Settings\ofoor\Local Settings\Temp\jar_cache8672.tmp Object is locked skipped
C:\Documents and Settings\ofoor\Local Settings\Temp\jar_cache8673.tmp Object is locked skipped
C:\Documents and Settings\ofoor\Local Settings\Temp\Perflib_Perfdata_a98.dat Object is locked skipped
C:\Documents and Settings\ofoor\Local Settings\Temp\toolbox_healer8666.log Object is locked skipped
C:\Documents and Settings\ofoor\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\ofoor\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\ofoor\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\ofoor\ntuser.dat.LOG Object is locked skipped
C:\Program Files\RealVNC\VNC4\wm_hooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\Program Files\Yahoo!\Messenger\logs\billing_ofoor.log Object is locked skipped
C:\Program Files\Yahoo!\Messenger\logs\client_ofoor.log Object is locked skipped
C:\Program Files\Yahoo!\Messenger\logs\GIPS.log Object is locked skipped
C:\Program Files\Yahoo!\Messenger\logs\network_ofoor.log Object is locked skipped
C:\Program Files\Yahoo!\Messenger\logs\p2pce.log Object is locked skipped
C:\Program Files\Yahoo!\Messenger\logs\voice.log Object is locked skipped
C:\Program Files\Yahoo!\Messenger\logs\YSDP.log Object is locked skipped
C:\Program Files\Yahoo!\Messenger\logs\YSIP.log Object is locked skipped
C:\qoobox\Quarantine\C\Program Files\Online Services\profsyxymi.html.vir Infected: Trojan-Clicker.HTML.IFrame.dn skipped
C:\qoobox\Quarantine\C\WINDOWS\SYSTEM32\PPPATC~1\nοtepad.exe.vir Object is locked skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP22\A0007872.exe Object is locked skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP42\change.log Object is locked skipped
C:\WINDOWS\$NtUninstallKB824141$\user32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB824141$\win32k.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\catsrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\colbact.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comuid.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\es.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\ole32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\rpcss.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\txflog.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB833407$\bssym7.ttf Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\callcont.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\cmdevtgprov.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\h323.tsp Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\msgina.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\mst120.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\schannel.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\xpsp2res.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\dao360.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\expsrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msexch40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msexcl40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjet40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjetoledb40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjint40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjter40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjtes40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msltus40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\mspbde40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msrd2x40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msrd3x40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msrepl40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\mstext40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\mswdat10.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\mswstr10.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msxbde40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\vbajet32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallQ828026$\msdxm.ocx Object is locked skipped
C:\WINDOWS\$NtUninstallQ828026$\wmpcore.dll Object is locked skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\Debug\Netlogon.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\BILLING_01.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\Internet.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\DRIVERS\fidbox.dat Object is locked skipped
C:\WINDOWS\SYSTEM32\DRIVERS\fidbox.idx Object is locked skipped
C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
C:\WINDOWS\SYSTEM32\SPOOL\PRINTERS\00002.SHD Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\ZLT051c1.TMP Object is locked skipped
C:\WINDOWS\Temp\ZLT051c5.TMP Object is locked skipped
C:\WINDOWS\WIADEBUG.LOG Object is locked skipped
C:\WINDOWS\WIASERVC.LOG Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

 

[mystyflwr]

HijackThis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:11:07 PM, on 12/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
c:\Program Files\Tektegrity\Client\Agent\AgentMon.exe
c:\Program Files\Tektegrity\Client\Agent\KasAVSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\mmlweb.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder\OrderReminder.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Tektegrity\Client\Agent\KaUsrTsk.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iolo\System Mechanic 5\PopupStopper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [StatusClient 2.6] C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Kaseya Agent Service Helper] c:\Program Files\Tektegrity\Client\Agent\KaUsrTsk.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [System Mechanic Popup Stopper] "C:\Program Files\iolo\System Mechanic 5\PopupStopper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: LaunchU3.exe.lnk = ?
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1195060347187
O16 - DPF: {AA299E98-6FB5-409F-99D3-D30D749F4864} (kasRmtHlp Class) - http://tsm.tektegrity.com/inc/kaxRemote.dll
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = SurgCenter.local
O17 - HKLM\Software\..\Telephony: DomainName = SurgCenter.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{DD0C18CD-2069-47C8-86C5-827E4183EC34}: NameServer = 192.168.1.20,216.111.116.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = SurgCenter.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = SurgCenter.local
O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: TekTegrity Agent (KaseyaAgent) - Kaseya - c:\Program Files\Tektegrity\Client\Agent\AgentMon.exe
O23 - Service: Kaseya Security Service (KaseyaAVService) - Unknown owner - c:\Program Files\Tektegrity\Client\Agent\KasAVSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\hpzipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

--
End of file - 10813 bytes

 

[Shaba]

Hi

Empty these folders:

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\
C:\qoobox\Quarantine

Empty Recycle Bin.

Still problems?

 

[Shaba]

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

If it had been 10 days or more since your last post, and especially if the helper assisting you posted a response to that post to which you did not reply, the topic will not be reopened.

In that situation, if you still require help, it would be best to start a new topic and include a fresh HijackThis log with a link to your original thread.

Everyone else please begin a New Topic.