Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

88.80.7.66 A.doginhispen, B.skitttoday These Adresses Keep Appearing On My Internet Explorer History What Do I Do?


  • This topic is locked This topic is locked
28 replies to this topic

#1 hybrid_101

hybrid_101

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dublin Oh, USA
  • Local time:10:28 AM

Posted 07 February 2008 - 06:53 PM

i think the problem is fixed because it doesnt appear on my history anymore but i would still like to post an hijack this log just to make sure
btw i think i fixed it by scanning with ad-aware, spybot search and destroy, mcafee stinger and norton 2007 (i already had the norton)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:51:20 PM, on 2/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Wireless 802.11g USB Adapter\ZDWlan.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie...ton/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://start.earthlink.net/AL/Search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.earthlink.net/AL/Search
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\ElnIE.dll
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: EarthLink ScamBlocker V2 - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - C:\Program Files\EarthLink TotalAccess\Toolbar\EScamBlk.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: EarthLink PopUp Blocker V2 - {512ACF1B-64D9-4928-B382-A80556F28DB4} - C:\Program Files\EarthLink TotalAccess\Toolbar\ElnkPuB.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\EarthLink TotalAccess\Accelerator\prpl_IePopupBlocker.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Oturum Açma Yardim Araci - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Earthlink Protection BHO - {9579D574-D4D8-4335-9560-FE8641A013BD} - C:\Program Files\EarthLink TotalAccess\Toolbar\ProtctIE.dll
O2 - BHO: Uninstall Legacy Earthlink Toolbar - {E713904C-DF05-4C79-BBAD-02DB923253BE} - C:\Program Files\EarthLink TotalAccess\Toolbar\uninsttb.dll
O3 - Toolbar: EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Wireless 802.11g USB Adapter.lnk = C:\Program Files\Wireless 802.11g USB Adapter\ZDWlan.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1193015139875
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5FAF6357-C5DD-457A-8E05-8307A0DBA3E0}: NameServer = 207.69.188.185,207.69.188.186
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: EarthLink Monitor Service (EarthLinkMonitor) - Boingo Wireless, Inc. - C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 12134 bytes

BC AdBot (Login to Remove)

 


#2 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:28 AM

Posted 13 February 2008 - 11:45 PM

Hi hybrid_101,

Download FindAWF:
http://noahdfear.geekstogo.com/FindAWF.exe
Save the file to the Desktop
Double-click the FindAWF icon.

If a Security Alert shows, allow the program to run.
As instructed, press any key to continue.
Use the following option: Press 1 then Enter to scan for bak folders
The scan may take a while, please be patient.

When done, a text file, Find AWF report is produced that we need to look at.
Please post it in your reply.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 hybrid_101

hybrid_101
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dublin Oh, USA
  • Local time:10:28 AM

Posted 18 February 2008 - 09:03 PM

heres awf the log from the scan and srry for not getting back in a long time



Find AWF report by noahdfear ©2006
Version 1.40

The current date is: Mon 02/18/2008
The current time is: 21:00:26.57


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\MESSEN~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

12/11/2007 10:56 AM 286,720 qttask.exe
1 File(s) 286,720 bytes

Directory of C:\PROGRA~1\SYMNET~1\BAK

10/08/2007 12:21 AM 100,056 SNDMon.exe
1 File(s) 100,056 bytes

Directory of C:\PROGRA~1\WIFD1F~1\BAK

11/03/2006 09:20 PM 866,584 MSASCui.exe
1 File(s) 866,584 bytes

Directory of C:\WINDOWS\EHOME\BAK

08/05/2005 04:56 PM 64,512 ehtray.exe
1 File(s) 64,512 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

08/10/2004 03:00 PM 15,360 ctfmon.exe
1 File(s) 15,360 bytes

Directory of C:\ACER\EMPOWE~1\ERECOV~1\BAK

10/31/2005 06:21 PM 393,216 Monitor.exe
1 File(s) 393,216 bytes

Directory of C:\PROGRA~1\COMMON~1\SYMANT~1\BAK

01/09/2007 07:32 PM 58,984 ccApp.exe
1 File(s) 58,984 bytes

Directory of C:\PROGRA~1\CYBERL~1\POWERDVD\BAK

11/02/2004 11:24 PM 32,768 PDVDServ.exe
1 File(s) 32,768 bytes

Directory of C:\PROGRA~1\NEWTEC~1\NTICD&~1\BAK

05/11/2005 09:15 PM 45,056 ntiMUI.exe
1 File(s) 45,056 bytes

Directory of C:\PROGRA~1\WI1F86~1\MESSEN~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\YAHOO!\MESSEN~1\BAK

08/30/2007 07:43 PM 4,670,704 YahooMessenger.exe
1 File(s) 4,670,704 bytes

Directory of C:\PROGRA~1\YAHOO!\SEARCH~1\BAK

06/08/2007 09:59 AM 224,248 SearchProtection.exe
1 File(s) 224,248 bytes

Directory of C:\WINDOWS\IME\IMJP8_1\BAK

08/10/2004 03:00 PM 208,952 IMJPMIG.EXE
1 File(s) 208,952 bytes

Directory of C:\PROGRA~1\ADOBE\ACROBA~1.0\READER\BAK

03/30/2006 04:45 PM 313,472 AdobeUpdateManager.exe
1 File(s) 313,472 bytes

Directory of C:\PROGRA~1\JAVA\JRE16~1.0_0\BIN\BAK

09/25/2007 03:11 AM 132,496 jusched.exe
1 File(s) 132,496 bytes

Directory of C:\WINDOWS\SYSTEM32\IME\PINTLGNT\BAK

08/10/2004 03:00 PM 59,392 ImScInst.exe
1 File(s) 59,392 bytes

Directory of C:\WINDOWS\SYSTEM32\IME\TINTLGNT\BAK

08/10/2004 03:00 PM 455,168 TINTSETP.EXE
1 File(s) 455,168 bytes

Directory of C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\BAK

02/07/2005 10:00 PM 98,304 E_FATIACA.EXE
1 File(s) 98,304 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

286720 Dec 11 2007 "C:\Program Files\QuickTime\bak\qttask.exe"
100056 Oct 8 2007 "C:\Program Files\SymNetDrv\bak\SNDMon.exe"
866584 Nov 3 2006 "C:\Program Files\Windows Defender\bak\MSASCui.exe"
59392 Aug 10 2004 "C:\WINDOWS\$NtUninstallKB900325$\ehtray.exe"
64512 Aug 5 2005 "C:\WINDOWS\ehome\ehtray.exe"
64512 Aug 5 2005 "C:\WINDOWS\ehome\bak\ehtray.exe"
15360 Aug 10 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 Aug 10 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
393216 Oct 31 2005 "C:\Acer\Empowering Technology\eRecovery\bak\Monitor.exe"
115816 Jan 10 2007 "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
58984 Jan 9 2007 "C:\Program Files\Common Files\Symantec Shared\bak\ccApp.exe"
84640 Sep 3 2006 "C:\Documents and Settings\Owner\Local Settings\Temp\NAV14.0.0.89\Support\ccCommon\ccCommon\ccApp.exe"
32768 Nov 2 2004 "C:\Program Files\CyberLink\PowerDVD\bak\PDVDServ.exe"
45056 May 11 2005 "C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\bak\ntiMUI.exe"
4670704 Aug 30 2007 "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"
4670704 Aug 30 2007 "C:\Program Files\Yahoo!\Messenger\bak\YahooMessenger.exe"
224248 Jun 8 2007 "C:\Program Files\Yahoo!\Search Protection\bak\SearchProtection.exe"
208952 Aug 10 2004 "C:\WINDOWS\ime\imjp8_1\imjpmig.exe"
208952 Aug 10 2004 "C:\WINDOWS\ime\imjp8_1\bak\IMJPMIG.EXE"
970752 Apr 4 2007 "C:\Program Files\Common Files\Adobe\Updater\AdobeUpdater.exe"
313472 Mar 30 2006 "C:\Program Files\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe"
36975 Aug 26 2005 "C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe"
132496 Sep 25 2007 "C:\Program Files\Java\jre1.6.0_03\bin\bak\jusched.exe"
59392 Aug 10 2004 "C:\WINDOWS\system32\IME\PINTLGNT\imscinst.exe"
59392 Aug 10 2004 "C:\WINDOWS\system32\IME\PINTLGNT\bak\ImScInst.exe"
455168 Aug 10 2004 "C:\WINDOWS\system32\IME\TINTLGNT\tintsetp.exe"
455168 Aug 10 2004 "C:\WINDOWS\system32\IME\TINTLGNT\bak\TINTSETP.EXE"
98304 Feb 7 2005 "C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_cx380080bf\E_FATIACA.EXE"
98304 Feb 7 2005 "C:\WINDOWS\system32\spool\drivers\w32x86\3\bak\E_FATIACA.EXE"


end of report

Edited by hybrid_101, 18 February 2008 - 09:04 PM.


#4 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:28 AM

Posted 19 February 2008 - 12:33 AM

Hi hybrid_101,

Please double-click the FindAWF icon once again

If a Security Alert shows, allow the program to run.
As instructed, press any key to continue.
Use the following option: Press 2 then Enter to restore files from bak folders

A text file opens called: files.txt
Click below the line and paste the following list of files to be restored:


"C:\Program Files\QuickTime\bak\qttask.exe"
"C:\Program Files\SymNetDrv\bak\SNDMon.exe"
"C:\Program Files\Windows Defender\bak\MSASCui.exe"
"C:\WINDOWS\ehome\bak\ehtray.exe"
"C:\WINDOWS\system32\bak\ctfmon.exe"
"C:\Acer\Empowering Technology\eRecovery\bak\Monitor.exe"
"C:\Program Files\Common Files\Symantec Shared\bak\ccApp.exe"
"C:\Program Files\CyberLink\PowerDVD\bak\PDVDServ.exe"
"C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\bak\ntiMUI.exe"
"C:\Program Files\Yahoo!\Messenger\bak\YahooMessenger.exe"
"C:\Program Files\Yahoo!\Search Protection\bak\SearchProtection.exe"
"C:\WINDOWS\ime\imjp8_1\bak\IMJPMIG.EXE"
"C:\Program Files\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe"
"C:\Program Files\Java\jre1.6.0_03\bin\bak\jusched.exe"
"C:\WINDOWS\system32\IME\PINTLGNT\bak\ImScInst.exe"
"C:\WINDOWS\system32\IME\TINTLGNT\bak\TINTSETP.EXE"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\bak\E_FATIACA.EXE"


Next, close and click Yes to save the changes.

Once files.txt is saved, FindAWF does the following:
-It attempts to terminate the process represented by each filename on the list, if running
-Deletes the rogue file from the parent folder, if present
-Copies the original file to the parent folder

When done with the above, it automatically runs a new scan and opens a new log.
Please provide the new FindAWF log in your reply
.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 hybrid_101

hybrid_101
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dublin Oh, USA
  • Local time:10:28 AM

Posted 19 February 2008 - 03:05 PM

Here is the new FindAWf log



Find AWF report by noahdfear ©2006
Version 1.40
Option 2 run successfully

The current date is: Tue 02/19/2008
The current time is: 15:03:37.17


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\MESSEN~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

12/11/2007 10:56 AM 286,720 qttask.exe
1 File(s) 286,720 bytes

Directory of C:\PROGRA~1\SYMNET~1\BAK

10/08/2007 12:21 AM 100,056 SNDMon.exe
1 File(s) 100,056 bytes

Directory of C:\PROGRA~1\WIFD1F~1\BAK

11/03/2006 09:20 PM 866,584 MSASCui.exe
1 File(s) 866,584 bytes

Directory of C:\WINDOWS\EHOME\BAK

08/05/2005 04:56 PM 64,512 ehtray.exe
1 File(s) 64,512 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

08/10/2004 03:00 PM 15,360 ctfmon.exe
1 File(s) 15,360 bytes

Directory of C:\ACER\EMPOWE~1\ERECOV~1\BAK

10/31/2005 06:21 PM 393,216 Monitor.exe
1 File(s) 393,216 bytes

Directory of C:\PROGRA~1\COMMON~1\SYMANT~1\BAK

01/09/2007 07:32 PM 58,984 ccApp.exe
1 File(s) 58,984 bytes

Directory of C:\PROGRA~1\CYBERL~1\POWERDVD\BAK

11/02/2004 11:24 PM 32,768 PDVDServ.exe
1 File(s) 32,768 bytes

Directory of C:\PROGRA~1\NEWTEC~1\NTICD&~1\BAK

05/11/2005 09:15 PM 45,056 ntiMUI.exe
1 File(s) 45,056 bytes

Directory of C:\PROGRA~1\WI1F86~1\MESSEN~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\YAHOO!\MESSEN~1\BAK

08/30/2007 07:43 PM 4,670,704 YahooMessenger.exe
1 File(s) 4,670,704 bytes

Directory of C:\PROGRA~1\YAHOO!\SEARCH~1\BAK

06/08/2007 09:59 AM 224,248 SearchProtection.exe
1 File(s) 224,248 bytes

Directory of C:\WINDOWS\IME\IMJP8_1\BAK

08/10/2004 03:00 PM 208,952 IMJPMIG.EXE
1 File(s) 208,952 bytes

Directory of C:\PROGRA~1\ADOBE\ACROBA~1.0\READER\BAK

03/30/2006 04:45 PM 313,472 AdobeUpdateManager.exe
1 File(s) 313,472 bytes

Directory of C:\PROGRA~1\JAVA\JRE16~1.0_0\BIN\BAK

09/25/2007 03:11 AM 132,496 jusched.exe
1 File(s) 132,496 bytes

Directory of C:\WINDOWS\SYSTEM32\IME\PINTLGNT\BAK

08/10/2004 03:00 PM 59,392 ImScInst.exe
1 File(s) 59,392 bytes

Directory of C:\WINDOWS\SYSTEM32\IME\TINTLGNT\BAK

08/10/2004 03:00 PM 455,168 TINTSETP.EXE
1 File(s) 455,168 bytes

Directory of C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\BAK

02/07/2005 10:00 PM 98,304 E_FATIACA.EXE
1 File(s) 98,304 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

286720 Dec 11 2007 "C:\Program Files\QuickTime\qttask.exe"
286720 Dec 11 2007 "C:\Program Files\QuickTime\bak\qttask.exe"
100056 Oct 8 2007 "C:\Program Files\SymNetDrv\bak\SNDMon.exe"
866584 Nov 3 2006 "C:\Program Files\Windows Defender\MSASCui.exe"
866584 Nov 3 2006 "C:\Program Files\Windows Defender\bak\MSASCui.exe"
59392 Aug 10 2004 "C:\WINDOWS\$NtUninstallKB900325$\ehtray.exe"
64512 Aug 5 2005 "C:\WINDOWS\ehome\ehtray.exe"
64512 Aug 5 2005 "C:\WINDOWS\ehome\bak\ehtray.exe"
15360 Aug 10 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 Aug 10 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
393216 Oct 31 2005 "C:\Acer\Empowering Technology\eRecovery\Monitor.exe"
393216 Oct 31 2005 "C:\Acer\Empowering Technology\eRecovery\bak\Monitor.exe"
115816 Jan 10 2007 "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
58984 Jan 9 2007 "C:\Program Files\Common Files\Symantec Shared\bak\ccApp.exe"
84640 Sep 3 2006 "C:\Documents and Settings\Owner\Local Settings\Temp\NAV14.0.0.89\Support\ccCommon\ccCommon\ccApp.exe"
32768 Nov 2 2004 "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
32768 Nov 2 2004 "C:\Program Files\CyberLink\PowerDVD\bak\PDVDServ.exe"
45056 May 11 2005 "C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe"
45056 May 11 2005 "C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\bak\ntiMUI.exe"
4670704 Aug 30 2007 "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"
4670704 Aug 30 2007 "C:\Program Files\Yahoo!\Messenger\bak\YahooMessenger.exe"
224248 Jun 8 2007 "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
224248 Jun 8 2007 "C:\Program Files\Yahoo!\Search Protection\bak\SearchProtection.exe"
208952 Aug 10 2004 "C:\WINDOWS\ime\imjp8_1\IMJPMIG.EXE"
208952 Aug 10 2004 "C:\WINDOWS\ime\imjp8_1\bak\IMJPMIG.EXE"
313472 Mar 30 2006 "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe"
970752 Apr 4 2007 "C:\Program Files\Common Files\Adobe\Updater\AdobeUpdater.exe"
313472 Mar 30 2006 "C:\Program Files\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe"
36975 Aug 26 2005 "C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe"
132496 Sep 25 2007 "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
132496 Sep 25 2007 "C:\Program Files\Java\jre1.6.0_03\bin\bak\jusched.exe"
59392 Aug 10 2004 "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe"
59392 Aug 10 2004 "C:\WINDOWS\system32\IME\PINTLGNT\bak\ImScInst.exe"
455168 Aug 10 2004 "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE"
455168 Aug 10 2004 "C:\WINDOWS\system32\IME\TINTLGNT\bak\TINTSETP.EXE"
98304 Feb 7 2005 "C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIACA.EXE"
98304 Feb 7 2005 "C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_cx380080bf\E_FATIACA.EXE"
98304 Feb 7 2005 "C:\WINDOWS\system32\spool\drivers\w32x86\3\bak\E_FATIACA.EXE"


end of report

#6 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:28 AM

Posted 19 February 2008 - 03:30 PM

Hi hybrid_101,

Two files did not get copied to the parent folder, so we will try again.

Please double-click the FindAWF icon once again

If a Security Alert shows, allow the program to run.
As instructed, press any key to continue.
Use the following option: Press 2 then Enter to restore files from bak folders

A text file opens called: files.txt
Click below the line and paste the following list of files to be restored:


"C:\Program Files\SymNetDrv\bak\SNDMon.exe"
"C:\Program Files\Common Files\Symantec Shared\bak\ccApp.exe"


Next, close and click Yes to save the changes.

Once files.txt is saved, FindAWF does the following:
-It attempts to terminate the process represented by each filename on the list, if running
-Deletes the rogue file from the parent folder, if present
-Copies the original file to the parent folder

When done with the above, it automatically runs a new scan and opens a new log.
Please provide the new FindAWF log in your reply.

Edited by SifuMike, 19 February 2008 - 03:31 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 hybrid_101

hybrid_101
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dublin Oh, USA
  • Local time:10:28 AM

Posted 19 February 2008 - 04:42 PM

Hi SifuMike

Here is the newer FindAWF log


Find AWF report by noahdfear ©2006
Version 1.40
Option 2 run successfully

The current date is: Tue 02/19/2008
The current time is: 16:40:03.83


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\MESSEN~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

12/11/2007 10:56 AM 286,720 qttask.exe
1 File(s) 286,720 bytes

Directory of C:\PROGRA~1\SYMNET~1\BAK

10/08/2007 12:21 AM 100,056 SNDMon.exe
1 File(s) 100,056 bytes

Directory of C:\PROGRA~1\WIFD1F~1\BAK

11/03/2006 09:20 PM 866,584 MSASCui.exe
1 File(s) 866,584 bytes

Directory of C:\WINDOWS\EHOME\BAK

08/05/2005 04:56 PM 64,512 ehtray.exe
1 File(s) 64,512 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

08/10/2004 03:00 PM 15,360 ctfmon.exe
1 File(s) 15,360 bytes

Directory of C:\ACER\EMPOWE~1\ERECOV~1\BAK

10/31/2005 06:21 PM 393,216 Monitor.exe
1 File(s) 393,216 bytes

Directory of C:\PROGRA~1\COMMON~1\SYMANT~1\BAK

01/09/2007 07:32 PM 58,984 ccApp.exe
1 File(s) 58,984 bytes

Directory of C:\PROGRA~1\CYBERL~1\POWERDVD\BAK

11/02/2004 11:24 PM 32,768 PDVDServ.exe
1 File(s) 32,768 bytes

Directory of C:\PROGRA~1\NEWTEC~1\NTICD&~1\BAK

05/11/2005 09:15 PM 45,056 ntiMUI.exe
1 File(s) 45,056 bytes

Directory of C:\PROGRA~1\WI1F86~1\MESSEN~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\YAHOO!\MESSEN~1\BAK

08/30/2007 07:43 PM 4,670,704 YahooMessenger.exe
1 File(s) 4,670,704 bytes

Directory of C:\PROGRA~1\YAHOO!\SEARCH~1\BAK

06/08/2007 09:59 AM 224,248 SearchProtection.exe
1 File(s) 224,248 bytes

Directory of C:\WINDOWS\IME\IMJP8_1\BAK

08/10/2004 03:00 PM 208,952 IMJPMIG.EXE
1 File(s) 208,952 bytes

Directory of C:\PROGRA~1\ADOBE\ACROBA~1.0\READER\BAK

03/30/2006 04:45 PM 313,472 AdobeUpdateManager.exe
1 File(s) 313,472 bytes

Directory of C:\PROGRA~1\JAVA\JRE16~1.0_0\BIN\BAK

09/25/2007 03:11 AM 132,496 jusched.exe
1 File(s) 132,496 bytes

Directory of C:\WINDOWS\SYSTEM32\IME\PINTLGNT\BAK

08/10/2004 03:00 PM 59,392 ImScInst.exe
1 File(s) 59,392 bytes

Directory of C:\WINDOWS\SYSTEM32\IME\TINTLGNT\BAK

08/10/2004 03:00 PM 455,168 TINTSETP.EXE
1 File(s) 455,168 bytes

Directory of C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\BAK

02/07/2005 10:00 PM 98,304 E_FATIACA.EXE
1 File(s) 98,304 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

286720 Dec 11 2007 "C:\Program Files\QuickTime\qttask.exe"
286720 Dec 11 2007 "C:\Program Files\QuickTime\bak\qttask.exe"
100056 Oct 8 2007 "C:\Program Files\SymNetDrv\bak\SNDMon.exe"
866584 Nov 3 2006 "C:\Program Files\Windows Defender\MSASCui.exe"
866584 Nov 3 2006 "C:\Program Files\Windows Defender\bak\MSASCui.exe"
59392 Aug 10 2004 "C:\WINDOWS\$NtUninstallKB900325$\ehtray.exe"
64512 Aug 5 2005 "C:\WINDOWS\ehome\ehtray.exe"
64512 Aug 5 2005 "C:\WINDOWS\ehome\bak\ehtray.exe"
15360 Aug 10 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 Aug 10 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
393216 Oct 31 2005 "C:\Acer\Empowering Technology\eRecovery\Monitor.exe"
393216 Oct 31 2005 "C:\Acer\Empowering Technology\eRecovery\bak\Monitor.exe"
115816 Jan 10 2007 "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
58984 Jan 9 2007 "C:\Program Files\Common Files\Symantec Shared\bak\ccApp.exe"
84640 Sep 3 2006 "C:\Documents and Settings\Owner\Local Settings\Temp\NAV14.0.0.89\Support\ccCommon\ccCommon\ccApp.exe"
32768 Nov 2 2004 "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
32768 Nov 2 2004 "C:\Program Files\CyberLink\PowerDVD\bak\PDVDServ.exe"
45056 May 11 2005 "C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe"
45056 May 11 2005 "C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\bak\ntiMUI.exe"
4670704 Aug 30 2007 "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"
4670704 Aug 30 2007 "C:\Program Files\Yahoo!\Messenger\bak\YahooMessenger.exe"
224248 Jun 8 2007 "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
224248 Jun 8 2007 "C:\Program Files\Yahoo!\Search Protection\bak\SearchProtection.exe"
208952 Aug 10 2004 "C:\WINDOWS\ime\imjp8_1\IMJPMIG.EXE"
208952 Aug 10 2004 "C:\WINDOWS\ime\imjp8_1\bak\IMJPMIG.EXE"
313472 Mar 30 2006 "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe"
970752 Apr 4 2007 "C:\Program Files\Common Files\Adobe\Updater\AdobeUpdater.exe"
313472 Mar 30 2006 "C:\Program Files\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe"
36975 Aug 26 2005 "C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe"
132496 Sep 25 2007 "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
132496 Sep 25 2007 "C:\Program Files\Java\jre1.6.0_03\bin\bak\jusched.exe"
59392 Aug 10 2004 "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe"
59392 Aug 10 2004 "C:\WINDOWS\system32\IME\PINTLGNT\bak\ImScInst.exe"
455168 Aug 10 2004 "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE"
455168 Aug 10 2004 "C:\WINDOWS\system32\IME\TINTLGNT\bak\TINTSETP.EXE"
98304 Feb 7 2005 "C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIACA.EXE"
98304 Feb 7 2005 "C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_cx380080bf\E_FATIACA.EXE"
98304 Feb 7 2005 "C:\WINDOWS\system32\spool\drivers\w32x86\3\bak\E_FATIACA.EXE"


end of report

#8 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:28 AM

Posted 19 February 2008 - 05:54 PM

Hi hybrid_101,

Please download ATF Cleaner by Atribune.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Reboot your computer  <==== Important


**************************

Please double-click the FindAWF icon once again
This time we are going to remove some folders.

If a Security Alert shows, allow the program to run.
As instructed, press any key to continue.
Use the following option: Press 3 then Enter to remove bak folders

A text file opens called: folders.txt
Click below the line and paste the following list of folders to be removed:

C:\Program Files\QuickTime\bak
C:\Program Files\SymNetDrv\bak
C:\Program Files\Windows Defender\bak
C:\WINDOWS\ehome\bak
C:\WINDOWS\system32\bak
C:\Acer\Empowering Technology\eRecovery\bak
C:\Program Files\Common Files\Symantec Shared\bak
C:\Program Files\CyberLink\PowerDVD\bak
C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\bak
C:\Program Files\Yahoo!\Messenger\bak
C:\Program Files\Yahoo!\Search Protection\bak
C:\WINDOWS\ime\imjp8_1\bak
C:\Program Files\Adobe\Acrobat 7.0\Reader\bak
C:\Program Files\Java\jre1.6.0_03\bin\bak
C:\WINDOWS\system32\IME\PINTLGNT\bak
C:\WINDOWS\system32\IME\TINTLGNT\bak
C:\WINDOWS\system32\spool\drivers\w32x86\3\bak


Next, close and click Yes to save the changes.

When done with the above, FindAWF automatically runs a new scan and opens a new log that you need to post.
Please provide the new FindAWF log in your reply
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 hybrid_101

hybrid_101
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dublin Oh, USA
  • Local time:10:28 AM

Posted 19 February 2008 - 06:09 PM

Hi SifuMike

heres the find awf log

Find AWF report by noahdfear ©2006
Version 1.40
Option 3 run successfully

The current date is: Tue 02/19/2008
The current time is: 18:06:33.89


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\MESSEN~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\NEWTEC~1\NTICD&~1\BAK

05/11/2005 09:15 PM 45,056 ntiMUI.exe
1 File(s) 45,056 bytes

Directory of C:\PROGRA~1\WI1F86~1\MESSEN~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\ADOBE\ACROBA~1.0\READER\BAK

03/30/2006 04:45 PM 313,472 AdobeUpdateManager.exe
1 File(s) 313,472 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

45056 May 11 2005 "C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe"
45056 May 11 2005 "C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\bak\ntiMUI.exe"
313472 Mar 30 2006 "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe"
970752 Apr 4 2007 "C:\Program Files\Common Files\Adobe\Updater\AdobeUpdater.exe"
313472 Mar 30 2006 "C:\Program Files\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe"


end of report

#10 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:28 AM

Posted 19 February 2008 - 06:45 PM

Hi hybrid_101,

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\bak
    C:\Program Files\Adobe\Acrobat 7.0\Reader\bak


  • Return to OTMoveIt2, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
  • Click the red Moveit! button.
  • Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply.
  • Note : If a reboot was necessary or you needed to Exit before posting the log, you will find a copy of the log at the root of the drive where OTMoveIt is installed, usually at :
    C:\_OTMoveIt2\MovedFiles\********_******.log
    (where "********_******" is the "date_time")
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Caution: Be careful of what you copy and paste with this tool. OTMoveIt2 is a powerful program, designed to move highly persistent files and folders. Not following the directions as instructed or using incorrectly could lead to disastrous problems with your operating system.


Double-click the FindAWF icon.

If a Security Alert shows, allow the program to run.
As instructed, press any key to continue.
Use the following option: Press 1 then Enter to scan for bak folders
The scan may take a while, please be patient.

When done, a text file, Find AWF report is produced that we need to look at.
Please post it in your reply.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#11 hybrid_101

hybrid_101
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dublin Oh, USA
  • Local time:10:28 AM

Posted 19 February 2008 - 08:03 PM

hi sifumike

here's the otmoveit2 result


C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\bak moved successfully.
C:\Program Files\Adobe\Acrobat 7.0\Reader\bak moved successfully.

OTMoveIt2 v1.0.20 log created on 02192008_195517


here's the find awf log



Find AWF report by noahdfear ©2006
Version 1.40

The current date is: Tue 02/19/2008
The current time is: 20:02:32.15


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\MESSEN~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\WI1F86~1\MESSEN~1\BAK

0 File(s) 0 bytes

Directory of C:\_OTMOV~1\MOVEDF~1\021920~1\PROGRA~1\NEWTEC~1\NTICD&~1\BAK

05/11/2005 09:15 PM 45,056 ntiMUI.exe
1 File(s) 45,056 bytes

Directory of C:\_OTMOV~1\MOVEDF~1\021920~1\PROGRA~1\ADOBE\ACROBA~1.0\READER\BAK

03/30/2006 04:45 PM 313,472 AdobeUpdateManager.exe
1 File(s) 313,472 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

45056 May 11 2005 "C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe"
45056 May 11 2005 "C:\_OTMoveIt\MovedFiles\02192008_195517\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\bak\ntiMUI.exe"
313472 Mar 30 2006 "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe"
970752 Apr 4 2007 "C:\Program Files\Common Files\Adobe\Updater\AdobeUpdater.exe"
313472 Mar 30 2006 "C:\_OTMoveIt\MovedFiles\02192008_195517\Program Files\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe"


end of report

#12 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:28 AM

Posted 19 February 2008 - 09:46 PM

Hi hybrid_101,

Double-click the FindAWF icon once again.
Use the following option: Press 4 then Enter to reset domain zones.
When the program returns to the main menu, use the following option:
Press E then Enter to EXIT

Whataboutadog should be gone. :thumbsup:


We will run ComboFix.

You need to disable your Symantec/Norton Antivirus and Spybot Teatimer before running ComboFix, as they will prevent it from running.

To disable Spybot's Teatimer:
Run Spybot-S&D
Go to the Mode menu, and make sure "Advanced Mode" is selected
On the left hand side, choose Tools -> Resident
Uncheck "Resident TeaTimer" and OK any prompts

To disable Norton Antivirus:  
Please navigate to the system tray on the bottom right hand corner and look for a Posted Image sign.
  • right-click it -> chose "Disable Auto-Protect."
  • select a duration of 5 hours (this assures no interference with the cleanup of your pc)
  • click "Ok."
  • a popup will warn that protection will now be disabled and the sign will now look like this: Posted Image
You succesfully disabled the Norton Antivirus Guard.


 
Please visit this webpage for instructions for downloading and running ComboFix:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Be sure to install the Windows XP Recovery Console in case you have not installed it yet. <== IMPORTANT

Post the ComboFix log.

Edited by SifuMike, 19 February 2008 - 09:48 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#13 hybrid_101

hybrid_101
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dublin Oh, USA
  • Local time:10:28 AM

Posted 20 February 2008 - 03:10 PM

those web sites have not appeared on my web history for a long time but the thing is my pc is slower than before it got infected but i will still try the combofix

#14 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:07:28 AM

Posted 20 February 2008 - 03:14 PM

Good. :thumbsup: ComboFix will find any lingering malware on your computer.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#15 hybrid_101

hybrid_101
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dublin Oh, USA
  • Local time:10:28 AM

Posted 20 February 2008 - 03:31 PM

here is the combofix log and i also resetted the domain zones :thumbsup:

ComboFix 08-02-20.2 - Owner 2008-02-20 15:27:18.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.561 [GMT -5:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\WinBudget
C:\Program Files\WinBudget\bin\matrix.dat

.
((((((((((((((((((((((((( Files Created from 2008-01-20 to 2008-02-20 )))))))))))))))))))))))))))))))
.

2008-02-19 19:55 . 2008-02-19 19:55 <DIR> d-------- C:\_OTMoveIt
2008-02-17 10:43 . 2008-02-17 10:43 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-17 10:43 . 2008-02-17 10:43 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-15 08:10 . 2008-02-15 08:10 <DIR> d-------- C:\Documents and Settings\Owner\LimeWire Store Purchased
2008-02-12 09:13 . 2008-02-12 09:13 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2008-02-12 09:10 . 2008-02-12 09:10 3,932,214 --a------ C:\WINDOWS\InvaderDark1280.bmp
2008-02-12 09:07 . 2008-02-12 09:07 5,760,054 --a------ C:\WINDOWS\ALX_1600x1200.bmp
2008-02-12 09:05 . 2003-02-26 22:27 36,864 --a------ C:\WINDOWS\system32\wbsys.dll
2008-02-10 09:13 . 2008-02-10 09:13 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\FoxyTunes
2008-02-06 17:39 . 2008-02-06 17:39 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-06 15:38 . 2008-02-06 15:38 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-06 15:38 . 2008-02-06 15:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-06 15:29 . 2008-02-06 15:29 <DIR> d-------- C:\Program Files\Lavasoft
2008-02-06 15:29 . 2008-02-06 15:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-06 15:28 . 2008-02-06 15:28 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-04 16:36 . 2008-02-04 16:36 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\ScamBlocker
2008-02-04 16:10 . 2008-01-12 18:32 23,904 --a------ C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-02-04 16:10 . 2008-01-15 09:54 10,537 --a------ C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-02-04 16:10 . 2008-01-15 05:28 706 --a------ C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-02-04 15:36 . 2007-03-21 20:33 503,808 --a------ C:\WINDOWS\system32\MSVCP71.DL1
2008-02-04 15:36 . 2007-03-21 20:33 348,160 --a------ C:\WINDOWS\system32\MSVCR71.DL1
2008-02-04 15:18 . 2008-02-04 16:10 <DIR> d-------- C:\Program Files\Norton Internet Security
2008-02-02 09:32 . 2008-02-04 15:33 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-02-02 09:32 . 2008-02-04 15:33 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-02-02 09:02 . 2008-02-02 09:02 16 --a------ C:\WINDOWS\system32\coh.cache
2008-02-02 08:40 . 2008-02-02 08:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-02-01 17:35 . 2008-02-02 08:08 <DIR> d-------- C:\Program Files\Common Files\AOL
2008-02-01 17:35 . 2008-02-02 08:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-02-01 17:35 . 2008-02-01 17:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-02-01 17:35 . 2008-02-01 17:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL
2008-02-01 17:34 . 2008-02-01 17:35 438 --ah----- C:\IPH.PH
2008-01-28 17:22 . 2008-01-28 17:22 7,680 --ahs---- C:\WINDOWS\Thumbs.db
2008-01-27 09:29 . 2008-01-27 09:29 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-01-27 09:23 . 2008-01-27 09:38 <DIR> d-------- C:\Program Files\Windows Live

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-20 20:26 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-20 20:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-02-19 23:06 --------- d-----w C:\Program Files\Windows Defender
2008-02-19 23:06 --------- d-----w C:\Program Files\SymNetDrv
2008-02-19 23:06 --------- d-----w C:\Program Files\QuickTime
2008-02-18 19:56 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-18 13:39 --------- d-----w C:\Documents and Settings\Owner\Application Data\skypePM
2008-02-18 13:39 --------- d-----w C:\Documents and Settings\Owner\Application Data\Skype
2008-02-15 15:27 --------- d-----w C:\Documents and Settings\Owner\Application Data\LimeWire
2008-02-06 21:49 --------- d-----w C:\Program Files\Coupons
2008-02-04 21:34 --------- d-----w C:\Program Files\Common Files\EarthLink
2008-02-04 20:33 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2008-02-04 20:33 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-02-04 20:33 --------- d-----w C:\Program Files\Symantec
2008-02-02 13:39 --------- d-----w C:\Program Files\Yahoo!
2008-01-27 14:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-27 13:56 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-19 23:26 --------- d-----w C:\Documents and Settings\Owner\Application Data\AdobeUM
2008-01-19 16:04 --------- d-----w C:\Program Files\Disney
2008-01-13 20:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-01-13 20:02 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2008-01-13 20:00 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-11 05:53 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-12-29 18:06 --------- d-----w C:\Documents and Settings\Owner\Application Data\Snapfish
2007-12-29 15:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-29 15:12 --------- d-----w C:\Program Files\Apple Software Update
2007-12-29 15:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-12-27 20:38 --------- d-----w C:\Documents and Settings\Owner\Application Data\PowerChallenge
2007-12-27 15:38 --------- d-----w C:\Program Files\Canon
2007-12-25 13:31 --------- d-----w C:\Program Files\Windows Installer Clean Up
2007-12-23 21:16 --------- d-----w C:\Documents and Settings\Owner\Application Data\Sony
2007-12-23 21:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony
2007-12-23 21:14 --------- d-----w C:\Program Files\Sony
2007-12-23 21:13 --------- d-----w C:\Program Files\Common Files\Sony Shared
2007-12-23 21:13 --------- d-----w C:\Documents and Settings\Owner\Application Data\Sony Corporation
2007-12-23 21:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Corporation
2007-12-23 14:01 --------- d-----w C:\Program Files\Skype
2007-12-23 14:01 --------- d-----w C:\Program Files\Common Files\Skype
2007-12-23 14:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2007-12-22 00:09 --------- d-----w C:\Program Files\MSECACHE
2007-12-19 23:01 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-12-14 16:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-08 05:21 3,592,192 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-12-06 11:01 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-12-06 11:00 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-12-06 11:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-12-06 04:59 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\dllcache\oleaut32.dll
2007-11-24 15:19 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpySweeper"="" []
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 19:43 4670704]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:35 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 15:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-09-22 11:42 90112 C:\WINDOWS\soundman.exe]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 15:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 15:00 455168]
"nwiz"="nwiz.exe" [2007-09-17 03:07 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-09-17 03:07 81920]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-17 03:07 8491008]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 15:00 59392]
"LaunchApp"="Alaunch" []
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-10 15:00 208952]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 16:56 64512]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe" [ ]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 11:29 115816]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-01-14 12:41 771704]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 23:05:56 65588]
Wireless 802.11g USB Adapter.lnk - C:\Program Files\Wireless 802.11g USB Adapter\ZDWlan.exe [2004-11-19 13:34:00 425984]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

R1 UBHelper;UBHelper;C:\WINDOWS\system32\drivers\UBHelper.sys [2004-12-17 20:14]
R2 EarthLinkMonitor;EarthLink Monitor Service;"C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe" [2005-01-26 13:47]
R2 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 16:46]
S3 BW2NDIS5;BW2NDIS5;C:\WINDOWS\system32\Drivers\BW2NDIS5.sys [2004-11-01 16:16]

*Newly Created Service* - COMHOST
*Newly Created Service* - INT15.SYS
.
Contents of the 'Scheduled Tasks' folder
"2008-02-18 15:54:08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-19 01:37:24 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Owner.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-20 15:28:26
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-20 15:28:54
ComboFix-quarantined-files.txt 2008-02-20 20:28:45
.
2008-02-13 18:01:29 --- E O F ---

Edited by hybrid_101, 20 February 2008 - 03:35 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users