Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Bho Trojan


  • This topic is locked This topic is locked
4 replies to this topic

#1 alexweis

alexweis

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:15 AM

Posted 04 January 2008 - 03:23 PM

located in c:\windows\system32\datim.dll
(mimicing c:\windows\system32\datimE.dll)

protected by computer's anti-tampering thing.
heres the hijack this log after running spybot search and destroy and ad-aware

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:20:02 PM, on 1/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\AIM\AIMWDI~1.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://channels.aimtoday.com/search/aimtoolbar.jsp
O2 - BHO: (no name) - {4CA853A3-A98B-45FF-B737-57C2EDD04D71} - C:\WINDOWS\system32\datim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AIMWDInstallFilename] C:\PROGRA~1\AIM\AIMWDI~1.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Valve\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin11USA.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1141186942320
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.shockwave.com/content/luxor/mjolauncher.cab
O16 - DPF: {980105AE-6031-4855-98F0-2CBF5A76F700} (PowerFTP Control) - http://file.darkeden.com/download/gameDownload/PowerFTP.CAB
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O20 - Winlogon Notify: host - host.dll (file missing)
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 6962 bytes


any help would be very much appreciated : )

BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:07:15 AM

Posted 04 January 2008 - 07:13 PM

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. :thumbsup:

Please download ComboFix and save it to your desktop.

Prior to running Combofix.exe you should disable your antivirus program and disconnect from the internet.

Double click combofix.exe and follow the prompts.
When it's done running it will produce a log for you. Please post that log in your next reply.

Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 alexweis

alexweis
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:15 AM

Posted 04 January 2008 - 11:04 PM

thanks so much for tellin me to run that combofix program, it seemed to clear up the problem.
heres your log thing you wanted.



ComboFix 08-01-04.1 - Compaq_Owner 2008-01-04 19:43:28.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.655 [GMT -8:00]
Running from: C:\Documents and Settings\Compaq_Owner\Desktop\new computer ops\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\WinBudget
C:\Program Files\WinBudget\bin\crap.1191781008.old
C:\Program Files\WinBudget\bin\crap.1192402433.old
C:\Program Files\WinBudget\bin\crap.1193178523.old
C:\Program Files\WinBudget\bin\crap.1193783584.old
C:\Program Files\WinBudget\bin\crap.1194393831.old
C:\Program Files\WinBudget\bin\crap.1195090456.old
C:\Program Files\WinBudget\bin\matrix.dat
C:\Program Files\WinBudget\bin\matrix.dll
C:\Program Files\WinBudget\bin\matrix.dll.1192402432.old
C:\Program Files\WinBudget\bin\matrix.dll.1193178523.old
C:\Program Files\WinBudget\bin\matrix.dll.1193783583.old
C:\Program Files\WinBudget\bin\matrix.dll.1194393831.old
C:\Program Files\WinBudget\bin\matrix.dll.1195090455.old
C:\WINDOWS\system32\datim.dll
C:\WINDOWS\system32\drivers\eraacgmr.dat
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_RGWHNZLU
-------\rgwhnzlu


((((((((((((((((((((((((( Files Created from 2007-12-05 to 2008-01-05 )))))))))))))))))))))))))))))))
.

2008-01-04 19:42 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-04 11:36 . 2008-01-04 12:19 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-04 11:31 . 2008-01-04 11:31 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-04 11:31 . 2008-01-04 11:31 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-03 18:30 . 2008-01-03 18:52 <DIR> d-------- C:\Program Files\a-squared Free
2008-01-02 18:11 . 2008-01-02 18:11 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-24 13:53 . 2007-12-24 13:54 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Application Data\ArcSoft
2007-12-23 15:02 . 2003-05-07 10:01 8,464 --a------ C:\WINDOWS\system32\sporder.dll
2007-12-23 14:59 . 2008-01-02 00:44 77,379 --a------ C:\WINDOWS\system32\dcads_sidebar_uninstall.exe
2007-12-23 14:56 . 2008-01-02 18:16 <DIR> d-------- C:\Program Files\IntelligentAdvisor
2007-12-23 14:55 . 2007-12-23 14:55 <DIR> d-------- C:\Program Files\PlayMP3z
2007-12-23 14:49 . 2007-12-23 14:49 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Ultima_T15
2007-12-23 14:49 . 2007-12-23 14:49 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\EnterNHelp
2007-12-23 14:49 . 2007-12-23 14:49 20 ---h-c--- C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
2007-12-23 13:28 . 2007-12-23 13:28 <DIR> d-------- C:\Program Files\PictureProject In Touch Downloader
2007-12-23 13:27 . 2007-12-23 13:27 <DIR> d-------- C:\Program Files\Common Files\Nikon
2007-12-23 13:27 . 2007-12-23 13:27 <DIR> d-------- C:\Program Files\Common Files\muvee Technologies
2007-12-23 13:27 . 2007-12-23 13:27 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Application Data\Nikon
2007-12-23 13:26 . 2007-12-23 13:26 <DIR> d-------- C:\Program Files\Nikon
2007-12-23 13:25 . 2007-12-23 13:25 <DIR> d-------- C:\Program Files\ArcSoft
2007-12-23 13:25 . 1995-08-01 04:44 212,480 --a------ C:\WINDOWS\PCDLIB32.DLL
2007-12-18 06:54 . 2007-12-18 06:54 319,488 --a------ C:\WINDOWS\system32\dcads_sidebar.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-04 20:26 --------- d-----w C:\Program Files\Diablo II
2008-01-04 19:30 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-04 08:24 --------- d-----w C:\Program Files\Silkroad
2008-01-04 08:24 --------- d-----w C:\Program Files\Knight Online
2008-01-04 04:44 --------- d-----w C:\Program Files\LimeWire
2007-12-27 05:17 --------- d-----w C:\Program Files\World of Warcraft
2007-12-24 17:48 --------- d-----w C:\Program Files\Cheat Engine
2007-12-24 05:54 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-24 05:54 --------- d-----w C:\Program Files\sXe Injected
2007-12-23 00:16 --------- d-----w C:\Program Files\Darkeden
2007-12-05 06:02 --------- dc----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-05 06:02 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\Grisoft
2007-11-23 02:57 --------- d-----w C:\Program Files\iTunes
2007-11-15 07:49 --------- d-----w C:\Program Files\QuickTime
2007-11-13 23:38 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\uTorrent
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-12 23:38 --------- d-----w C:\Program Files\Counter-Strike 1.6
2007-11-08 08:22 --------- d-----w C:\Program Files\uTorrent
2006-05-10 07:33 32 -c--a-r C:\Documents and Settings\All Users\hash.dat
2005-10-09 00:24 22,531,713 -csha-w C:\WINDOWS\system32\tsoh.dat
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 61,440 2003-02-12 03:02:48 C:\hp\KBD\bak\KBD.EXE

----a-w 67,160 2004-12-08 22:50:04 C:\Program Files\AIM\bak\aim.exe
----a-w 67,160 2004-12-08 22:50:04 C:\Program Files\AIM\aim.exe

----a-w 180,269 2004-08-10 15:04:35 C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe

----a-w 49,152 2004-02-18 17:55:28 C:\Program Files\Hewlett-Packard\HP Software Update\bak\HPWuSchd2.exe

----a-w 241,664 2003-12-22 16:38:42 C:\Program Files\HP\hpcoretech\bak\hpcmpmgr.exe

----a-w 267,064 2007-09-26 21:42:04 C:\Program Files\iTunes\bak\iTunesHelper.exe
----a-w 267,064 2007-09-26 22:42:04 C:\Program Files\iTunes\iTunesHelper.exe

----a-w 132,496 2007-07-12 11:00:36 C:\Program Files\Java\jre1.6.0_02\bin\bak\jusched.exe

----a-w 286,720 2007-06-29 13:24:52 C:\Program Files\QuickTime\bak\qttask.exe

----a-w 1,592 2007-11-06 23:59:07 C:\Program Files\Valve\Steam\bak\ClientRegistry.blob
----a-w 420,136 2008-01-05 03:55:18 C:\Program Files\Valve\Steam\ClientRegistry.blob

----a-w 1,258,744 2007-07-07 22:16:34 C:\Program Files\Valve\Steam\bak\Steam.exe
----a-w 1,266,936 2007-11-29 23:14:25 C:\Program Files\Valve\Steam\Steam.exe

----a-w 29,693 2007-11-06 23:59:07 C:\Program Files\Valve\Steam\bak\Steamexe__237340__2007_11_6T23_59_7C16000.mdmp

----a-w 233,472 2004-04-15 03:43:46 C:\WINDOWS\SMINST\bak\RECGUARD.EXE

----a-w 180 2007-11-15 07:11:31 C:\WINDOWS\system\bak\hpsysdrv.DAT
----a-w 247 2007-10-05 22:35:29 C:\WINDOWS\system\hpsysdrv.dat

----a-w 52,736 1998-05-07 23:04:38 C:\WINDOWS\system\bak\hpsysdrv.exe

----a-w 15,360 2004-08-03 21:00:00 C:\WINDOWS\system32\bak\ctfmon.exe
----a-w 15,360 2004-08-03 21:00:00 C:\WINDOWS\system32\ctfmon.exe

----a-w 172,032 2004-03-04 14:46:24 C:\WINDOWS\system32\spool\drivers\w32x86\3\bak\hpztsb10.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="C:\Program Files\AIM\aim.exe" [2004-12-08 14:50 67160]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 13:00 15360]
"Steam"="C:\Program Files\Valve\Steam\Steam.exe" [2007-11-29 15:14 1266936]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PS2"="C:\WINDOWS\system32\ps2.exe" [ ]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-14 14:51 7323648]
"nwiz"="nwiz.exe" [2005-12-14 14:51 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-12-14 14:51 86016]
"AIMWDInstallFilename"="C:\PROGRA~1\AIM\AIMWDI~1.EXE" [2004-01-12 12:29 102400]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 14:42 267064]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 01:25 6731312]

C:\Documents and Settings\Guest\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2005-03-09 11:49:38]

C:\Documents and Settings\papplesauce\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2005-03-09 11:49:38]

C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2005-03-09 11:49:38]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\host]
host.dll

R1 ewido security suite driver;ewido security suite driver;C:\Program Files\ewido\security suite\guard.sys [2004-11-22 06:15]
S3 XDva009;XDva009;C:\WINDOWS\system32\XDva009.sys []

.
Contents of the 'Scheduled Tasks' folder
"2007-12-29 06:58:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-04 19:53:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-04 19:59:04 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-05 03:59:02
.
2007-12-12 05:54:23 --- E O F ---

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:07:15 AM

Posted 05 January 2008 - 07:09 AM

We're not quite done yet I'm afraid. :thumbsup:


Click HERE to download FindAWF.exe and save it to your desktop.
Double-click on the FindAWF.exe file to run it.
It will open a command prompt and ask you to "Press any key to continue".
You will be presented with a Menu.
Type 1, then press Enter.
FindAWF tool will begin scanning.
It may take a few minutes to complete so be patient.
When the scan is finished, a text file in notepad called AWF.txt will automatically open.
Return to this thread and copy and paste the contents of the AWF.txt file in your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:07:15 AM

Posted 30 January 2008 - 09:40 AM

As there has been no response, this thread will now be closed.

If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you.
Include the address of this thread in your request.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users