 B.whataboutadog And A.adoginhispen Virus |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Forum Guidelines
Read this topic before posting a log. DO NOT post a ComboFix log unless requested to. Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log. When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc. Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  |
 Feb 2 2008, 07:52 PM
Post
#1
|
|
|
Member  Group: Members Posts: 18 Joined: 2-February 08 From: South coast of Mass Member No.: 187,927  |
Below is the log file from HijackThis. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:51:33 PM, on 2/2/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe C:\WINDOWS\Explorer.EXE c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\ehome\bak\ehtray.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\BigFix\bigfix.exe C:\WINDOWS\eHome\ehmsas.exe C:\PROGRA~1\MOZILL~1\THUNDE~1.EXE C:\Program Files\Internet Explorer\iexplore.exe c:\PROGRA~1\mcafee\msc\mcuimgr.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...TP&M=GM5084 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~3\wcescomm.exe" O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [DNA] "C:\Program Files\BitTorrent_DNA\dna.exe" O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe (file missing) O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- End of file - 9308 bytes |
 |
 
|
|
Feb 3 2008, 01:02 PM
Post
#2
|
|
|
Member Group: Members Posts: 18 Joined: 2-February 08 From: South coast of Mass Member No.: 187,927 |
Can anyone lend a hand with this?
|
|
|
|
|
Feb 3 2008, 10:23 PM
Post
#3
|
|
 malware expert Group: HJT Team Posts: 10,743 Joined: 8-January 05 From: Vancouver (not BC) WA (Not DC) USA Member No.: 9,026 |
Hello bionate,
Any idea where you got whataboutadog or adoginhispen from? Whether or not it's helpful, we're interested in knowing where it came from so that we can get it ourselves. We need to further analyze this infection. We've had reports of users becoming infected while looking for Vanessa Anne Hudgens pics. Download FindAWF: http://noahdfear.geekstogo.com/FindAWF.exe Save the file to the Desktop Double-click the FindAWF icon. If a Security Alert shows, allow the program to run. As instructed, press any key to continue. Use the following option: Press 1 then Enter to scan for bak folders The scan may take a while, please be patient. When done, a text file, Find AWF report is produced that I need to look at. Please post it in your reply. -------------------- If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!  Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum. |
|
|
|
|
Feb 3 2008, 10:38 PM
Post
#4
|
|
|
Member Group: Members Posts: 18 Joined: 2-February 08 From: South coast of Mass Member No.: 187,927 |
This is a family computer, so I don't know exactly what's been visited/viewed.
Here's what the awf.txt file said: Find AWF report by noahdfear ©2006 Version 1.40 The current date is: Sat 02/02/2008 The current time is: 17:56:16.60 bak folders found ~~~~~~~~~~~ Directory of C:\PROGRA~1\AIM\BAK 08/01/2006 02:35 PM 67,112 aim.exe 1 File(s) 67,112 bytes Directory of C:\PROGRA~1\BITTOR~1\BAK 06/04/2007 05:14 PM 216,064 dna.exe 1 File(s) 216,064 bytes Directory of C:\PROGRA~1\BITTOR~2\BAK 09/07/2007 06:01 PM 43,008 bittorrent.exe 1 File(s) 43,008 bytes Directory of C:\PROGRA~1\DIGITA~1\BAK 12/09/2005 08:44 PM 139,264 readericon45G.exe 1 File(s) 139,264 bytes Directory of C:\PROGRA~1\ITUNES\BAK 01/15/2008 03:22 AM 267,048 iTunesHelper.exe 1 File(s) 267,048 bytes Directory of C:\PROGRA~1\MESSEN~1\BAK 0 File(s) 0 bytes Directory of C:\PROGRA~1\MICROS~3\BAK 06/20/2006 10:36 PM 1,207,080 wcescomm.exe 1 File(s) 1,207,080 bytes Directory of C:\PROGRA~1\QUICKT~1\BAK 01/10/2008 03:27 PM 385,024 QTTask.exe 1 File(s) 385,024 bytes Directory of C:\WINDOWS\EHOME\BAK 08/05/2005 11:56 PM 64,512 ehtray.exe 1 File(s) 64,512 bytes Directory of C:\WINDOWS\SYSTEM32\BAK 08/10/2004 02:00 PM 15,360 ctfmon.exe 1 File(s) 15,360 bytes Directory of C:\PROGRA~1\CANON\MYPRIN~1\BAK 03/21/2006 08:30 PM 1,191,936 BJMyPrt.exe 1 File(s) 1,191,936 bytes Directory of C:\PROGRA~1\GOOGLE\GOOGLE~1\BAK 07/21/2007 11:56 AM 68,856 GoogleToolbarNotifier.exe 1 File(s) 68,856 bytes Directory of C:\PROGRA~1\MCAFEE\SPAMKI~1\BAK 09/26/2005 12:26 PM 110,592 MskAgent.exe 08/12/2005 03:16 PM 1,121,792 MSKDetct.exe 2 File(s) 1,232,384 bytes Directory of C:\PROGRA~1\MCAFEE.COM\AGENT\BAK 09/22/2005 05:29 PM 303,104 mcagent.exe 01/11/2006 11:05 AM 212,992 mcupdate.exe 2 File(s) 516,096 bytes Directory of C:\PROGRA~1\MCAFEE.COM\PERSON~1\BAK 11/11/2005 04:00 PM 1,005,096 MpfTray.exe 1 File(s) 1,005,096 bytes Directory of C:\PROGRA~1\SCANSOFT\OMNIPA~1.0\BAK 03/21/2006 12:19 PM 69,632 OpwareSE4.exe 1 File(s) 69,632 bytes Directory of C:\PROGRA~1\ADOBE\ACROBA~1.0\READER\BAK 03/30/2006 03:45 PM 313,472 AdobeUpdateManager.exe 1 File(s) 313,472 bytes Directory of C:\PROGRA~1\COMMON~1\SCANSO~1\SSBKGD~1\BAK 09/29/2003 11:14 PM 155,648 SSBkgdupdate.exe 1 File(s) 155,648 bytes Duplicate files of bak directory contents ~~~~~~~~~~~~~~~~~~~~~~~ 67112 Aug 1 2006 "C:\Program Files\AIM\bak\aim.exe" 61440 Nov 13 2002 "J:\Retrospect Backup\Backup copy of Drive C ©\Program Files\AIM95\aim.exe" 216064 Jun 4 2007 "C:\Program Files\BitTorrent_DNA\bak\dna.exe" 43008 Sep 7 2007 "C:\Program Files\BitTorrent\bak\bittorrent.exe" 139264 Dec 9 2005 "C:\Program Files\Digital Media Reader\bak\readericon45G.exe" 29696 Sep 23 2005 "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" 267048 Jan 15 2008 "C:\Program Files\iTunes\bak\iTunesHelper.exe" 102400 Jan 26 2008 "C:\WINDOWS\Installer\{B85C4D19-6CEB-48CF-BD98-C887AC8C6F94}\iTunesIco.exe" 79144 Jan 15 2008 "C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.6.0.29\iTunesSetupAdmin.exe" 108096 Jan 24 2007 "C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\L0GKIZZB\iTunesSetupAdmin[1].exe" 1207080 Jun 20 2006 "C:\Program Files\Microsoft ActiveSync\bak\wcescomm.exe" 385024 Jan 10 2008 "C:\Program Files\QuickTime\bak\QTTask.exe" 77824 Jan 3 2003 "J:\Retrospect Backup\Backup copy of Drive C ©\Program Files\QuickTime\qttask.exe" 59392 Aug 10 2004 "C:\WINDOWS\$NtUninstallKB900325$\ehtray.exe" 14348 Jan 30 2008 "C:\WINDOWS\ehome\ehtray.exe" 64512 Aug 5 2005 "C:\WINDOWS\ehome\bak\ehtray.exe" 15360 Aug 10 2004 "C:\WINDOWS\system32\ctfmon.exe" 15360 Aug 10 2004 "C:\WINDOWS\system32\bak\ctfmon.exe" 13312 Aug 29 2002 "J:\Retrospect Backup\Backup copy of Drive C ©\WINDOWS\SYSTEM32\ctfmon.exe" 1191936 Mar 21 2006 "C:\Program Files\Canon\MyPrinter\bak\BJMyPrt.exe" 52272 May 21 2007 "C:\Program Files\Google\googletoolbar3user.exe" 138168 May 21 2007 "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" 68856 Jul 21 2007 "C:\Program Files\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe" 110592 Sep 26 2005 "C:\Program Files\McAfee\SpamKiller\bak\MskAgent.exe" 1121792 Aug 12 2005 "C:\Program Files\McAfee\SpamKiller\bak\MSKDetct.exe" 582992 Aug 3 2007 "C:\Program Files\McAfee.com\Agent\mcagent.exe" 303104 Sep 22 2005 "C:\Program Files\McAfee.com\Agent\bak\mcagent.exe" 394576 Aug 18 2007 "C:\Program Files\McAfee.com\Agent\mcupdate.exe" 212992 Jan 11 2006 "C:\Program Files\McAfee.com\Agent\bak\mcupdate.exe" 1005096 Nov 11 2005 "C:\Program Files\McAfee.com\Personal Firewall\bak\MpfTray.exe" 69632 Mar 21 2006 "C:\Program Files\ScanSoft\OmniPageSE4.0\bak\OpwareSE4.exe" 313472 Mar 30 2006 "C:\Program Files\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe" 155648 Sep 29 2003 "C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\bak\SSBkgdupdate.exe" |
|
|
|
|
Feb 3 2008, 11:34 PM
Post
#5
|
|
|
malware expert Group: HJT Team Posts: 10,743 Joined: 8-January 05 From: Vancouver (not BC) WA (Not DC) USA Member No.: 9,026 |
Hi bionate,
Please double-click the FindAWF icon once again If a Security Alert shows, allow the program to run. As instructed, press any key to continue. Use the following option: Press 2 then Enter to restore files from bak folders A text file opens called: files.txt Click below the line and paste the following list of files to be restored: "C:\Program Files\AIM\bak\aim.exe" "C:\Program Files\BitTorrent_DNA\bak\dna.exe" "C:\Program Files\BitTorrent\bak\bittorrent.exe" "C:\Program Files\Digital Media Reader\bak\readericon45G.exe" "C:\Program Files\iTunes\bak\iTunesHelper.exe" "C:\Program Files\Microsoft ActiveSync\bak\wcescomm.exe" "C:\Program Files\QuickTime\bak\QTTask.exe" "C:\WINDOWS\ehome\bak\ehtray.exe" "C:\WINDOWS\system32\bak\ctfmon.exe" "C:\Program Files\Canon\MyPrinter\bak\BJMyPrt.exe" "C:\Program Files\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe" "C:\Program Files\McAfee\SpamKiller\bak\MskAgent.exe" "C:\Program Files\McAfee\SpamKiller\bak\MSKDetct.exe" "C:\Program Files\McAfee.com\Agent\bak\mcagent.exe" "C:\Program Files\McAfee.com\Agent\bak\mcupdate.exe" "C:\Program Files\McAfee.com\Personal Firewall\bak\MpfTray.exe" "C:\Program Files\ScanSoft\OmniPageSE4.0\bak\OpwareSE4.exe" "C:\Program Files\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe" "C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\bak\SSBkgdupdate.exe" Next, close and click Yes to save the changes. Once files.txt is saved, FindAWF does the following: -It attempts to terminate the process represented by each filename on the list, if running -Deletes the rogue file from the parent folder, if present -Copies the original file to the parent folder When done with the above, it automatically runs a new scan and opens a new log. Please provide the new FindAWF log in your reply . -------------------- If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you! Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum. |
|
|
|
|
Feb 4 2008, 06:34 AM
Post
#6
|
|
|
Member Group: Members Posts: 18 Joined: 2-February 08 From: South coast of Mass Member No.: 187,927 |
Thanks! Here's the result.
Find AWF report by noahdfear ©2006 Version 1.40 The current date is: Mon 02/04/2008 The current time is: 6:30:12.23 bak folders found ~~~~~~~~~~~ Directory of C:\PROGRA~1\AIM\BAK 08/01/2006 02:35 PM 67,112 aim.exe 1 File(s) 67,112 bytes Directory of C:\PROGRA~1\BITTOR~1\BAK 06/04/2007 05:14 PM 216,064 dna.exe 1 File(s) 216,064 bytes Directory of C:\PROGRA~1\BITTOR~2\BAK 09/07/2007 06:01 PM 43,008 bittorrent.exe 1 File(s) 43,008 bytes Directory of C:\PROGRA~1\DIGITA~1\BAK 12/09/2005 08:44 PM 139,264 readericon45G.exe 1 File(s) 139,264 bytes Directory of C:\PROGRA~1\ITUNES\BAK 01/15/2008 03:22 AM 267,048 iTunesHelper.exe 1 File(s) 267,048 bytes Directory of C:\PROGRA~1\MESSEN~1\BAK 0 File(s) 0 bytes Directory of C:\PROGRA~1\MICROS~3\BAK 06/20/2006 10:36 PM 1,207,080 wcescomm.exe 1 File(s) 1,207,080 bytes Directory of C:\PROGRA~1\QUICKT~1\BAK 01/10/2008 03:27 PM 385,024 QTTask.exe 1 File(s) 385,024 bytes Directory of C:\WINDOWS\EHOME\BAK 08/05/2005 11:56 PM 64,512 ehtray.exe 1 File(s) 64,512 bytes Directory of C:\WINDOWS\SYSTEM32\BAK 08/10/2004 02:00 PM 15,360 ctfmon.exe 1 File(s) 15,360 bytes Directory of C:\PROGRA~1\CANON\MYPRIN~1\BAK 03/21/2006 08:30 PM 1,191,936 BJMyPrt.exe 1 File(s) 1,191,936 bytes Directory of C:\PROGRA~1\GOOGLE\GOOGLE~1\BAK 07/21/2007 11:56 AM 68,856 GoogleToolbarNotifier.exe 1 File(s) 68,856 bytes Directory of C:\PROGRA~1\MCAFEE\SPAMKI~1\BAK 09/26/2005 12:26 PM 110,592 MskAgent.exe 08/12/2005 03:16 PM 1,121,792 MSKDetct.exe 2 File(s) 1,232,384 bytes Directory of C:\PROGRA~1\MCAFEE.COM\AGENT\BAK 09/22/2005 05:29 PM 303,104 mcagent.exe 01/11/2006 11:05 AM 212,992 mcupdate.exe 2 File(s) 516,096 bytes Directory of C:\PROGRA~1\MCAFEE.COM\PERSON~1\BAK 11/11/2005 04:00 PM 1,005,096 MpfTray.exe 1 File(s) 1,005,096 bytes Directory of C:\PROGRA~1\SCANSOFT\OMNIPA~1.0\BAK 03/21/2006 12:19 PM 69,632 OpwareSE4.exe 1 File(s) 69,632 bytes Directory of C:\PROGRA~1\ADOBE\ACROBA~1.0\READER\BAK 03/30/2006 03:45 PM 313,472 AdobeUpdateManager.exe 1 File(s) 313,472 bytes Directory of C:\PROGRA~1\COMMON~1\SCANSO~1\SSBKGD~1\BAK 09/29/2003 11:14 PM 155,648 SSBkgdupdate.exe 1 File(s) 155,648 bytes Duplicate files of bak directory contents ~~~~~~~~~~~~~~~~~~~~~~~ 67112 Aug 1 2006 "C:\Program Files\AIM\aim.exe" 67112 Aug 1 2006 "C:\Program Files\AIM\bak\aim.exe" 61440 Nov 13 2002 "J:\Retrospect Backup\Backup copy of Drive C ©\Program Files\AIM95\aim.exe" 216064 Jun 4 2007 "C:\Program Files\BitTorrent_DNA\dna.exe" 216064 Jun 4 2007 "C:\Program Files\BitTorrent_DNA\bak\dna.exe" 43008 Sep 7 2007 "C:\Program Files\BitTorrent\bittorrent.exe" 43008 Sep 7 2007 "C:\Program Files\BitTorrent\bak\bittorrent.exe" 139264 Dec 9 2005 "C:\Program Files\Digital Media Reader\readericon45G.exe" 139264 Dec 9 2005 "C:\Program Files\Digital Media Reader\bak\readericon45G.exe" 29696 Sep 23 2005 "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" 267048 Jan 15 2008 "C:\Program Files\iTunes\iTunesHelper.exe" 267048 Jan 15 2008 "C:\Program Files\iTunes\bak\iTunesHelper.exe" 102400 Jan 26 2008 "C:\WINDOWS\Installer\{B85C4D19-6CEB-48CF-BD98-C887AC8C6F94}\iTunesIco.exe" 79144 Jan 15 2008 "C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.6.0.29\iTunesSetupAdmin.exe" 108096 Jan 24 2007 "C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\L0GKIZZB\iTunesSetupAdmin[1].exe" 1207080 Jun 20 2006 "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" 1207080 Jun 20 2006 "C:\Program Files\Microsoft ActiveSync\bak\wcescomm.exe" 385024 Jan 10 2008 "C:\Program Files\QuickTime\QTTask.exe" 385024 Jan 10 2008 "C:\Program Files\QuickTime\bak\QTTask.exe" 77824 Jan 3 2003 "J:\Retrospect Backup\Backup copy of Drive C ©\Program Files\QuickTime\qttask.exe" 59392 Aug 10 2004 "C:\WINDOWS\$NtUninstallKB900325$\ehtray.exe" 64512 Aug 5 2005 "C:\WINDOWS\ehome\ehtray.exe" 64512 Aug 5 2005 "C:\WINDOWS\ehome\bak\ehtray.exe" 15360 Aug 10 2004 "C:\WINDOWS\system32\ctfmon.exe" 15360 Aug 10 2004 "C:\WINDOWS\system32\bak\ctfmon.exe" 13312 Aug 29 2002 "J:\Retrospect Backup\Backup copy of Drive C ©\WINDOWS\SYSTEM32\ctfmon.exe" 1191936 Mar 21 2006 "C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" 1191936 Mar 21 2006 "C:\Program Files\Canon\MyPrinter\bak\BJMyPrt.exe" 52272 May 21 2007 "C:\Program Files\Google\googletoolbar3user.exe" 68856 Jul 21 2007 "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" 138168 May 21 2007 "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" 68856 Jul 21 2007 "C:\Program Files\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe" 110592 Sep 26 2005 "C:\Program Files\McAfee\SpamKiller\MskAgent.exe" 110592 Sep 26 2005 "C:\Program Files\McAfee\SpamKiller\bak\MskAgent.exe" 1121792 Aug 12 2005 "C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" 1121792 Aug 12 2005 "C:\Program Files\McAfee\SpamKiller\bak\MSKDetct.exe" 303104 Sep 22 2005 "C:\Program Files\McAfee.com\Agent\mcagent.exe" 303104 Sep 22 2005 "C:\Program Files\McAfee.com\Agent\bak\mcagent.exe" 212992 Jan 11 2006 "C:\Program Files\McAfee.com\Agent\mcupdate.exe" 212992 Jan 11 2006 "C:\Program Files\McAfee.com\Agent\bak\mcupdate.exe" 1005096 Nov 11 2005 "C:\Program Files\McAfee.com\Personal Firewall\MpfTray.exe" 1005096 Nov 11 2005 "C:\Program Files\McAfee.com\Personal Firewall\bak\MpfTray.exe" 69632 Mar 21 2006 "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" 69632 Mar 21 2006 "C:\Program Files\ScanSoft\OmniPageSE4.0\bak\OpwareSE4.exe" 313472 Mar 30 2006 "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" 313472 Mar 30 2006 "C:\Program Files\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe" 155648 Sep 29 2003 "C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" 155648 Sep 29 2003 "C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\bak\SSBkgdupdate.exe" end of report |
|
|
|
|
Feb 4 2008, 11:27 AM
Post
#7
|
|
|
malware expert Group: HJT Team Posts: 10,743 Joined: 8-January 05 From: Vancouver (not BC) WA (Not DC) USA Member No.: 9,026 |
Hi bionate,
Please double-click the FindAWF icon once again If a Security Alert shows, allow the program to run. As instructed, press any key to continue. Use the following option: Press 2 then Enter to restore files from bak folders A text file opens called: files.txt Click below the line and paste the following list of files to be restored: "C:\Program Files\AIM\bak\aim.exe" "C:\Program Files\BitTorrent_DNA\bak\dna.exe" "C:\Program Files\BitTorrent\bak\bittorrent.exe" "C:\Program Files\Digital Media Reader\bak\readericon45G.exe" "C:\Program Files\iTunes\bak\iTunesHelper.exe" "C:\Program Files\Microsoft ActiveSync\bak\wcescomm.exe" "C:\Program Files\QuickTime\bak\QTTask.exe" "C:\WINDOWS\ehome\bak\ehtray.exe" "C:\WINDOWS\system32\bak\ctfmon.exe" "C:\Program Files\Canon\MyPrinter\bak\BJMyPrt.exe" "C:\Program Files\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe" "C:\Program Files\McAfee\SpamKiller\bak\MskAgent.exe" "C:\Program Files\McAfee\SpamKiller\bak\MSKDetct.exe" "C:\Program Files\McAfee.com\Agent\bak\mcagent.exe" "C:\Program Files\McAfee.com\Agent\bak\mcupdate.exe" "C:\Program Files\McAfee.com\Personal Firewall\bak\MpfTray.exe" "C:\Program Files\ScanSoft\OmniPageSE4.0\bak\OpwareSE4.exe" "C:\Program Files\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe" "C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\bak\SSBkgdupdate.exe" Next, close and click Yes to save the changes. Once files.txt is saved, FindAWF does the following: -It attempts to terminate the process represented by each filename on the list, if running -Deletes the rogue file from the parent folder, if present -Copies the original file to the parent folder When done with the above, it automatically runs a new scan and opens a new log. Please provide the new FindAWF log in your reply. -------------------- If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you! Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum. |
|
|
|
|
Feb 4 2008, 05:14 PM
Post
#8
|
|
|
Member Group: Members Posts: 18 Joined: 2-February 08 From: South coast of Mass Member No.: 187,927 |
Thanks! Here's the response:
Find AWF report by noahdfear ©2006 Version 1.40 Option 2 run successfully The current date is: Mon 02/04/2008 The current time is: 17:09:36.34 bak folders found ~~~~~~~~~~~ Directory of C:\PROGRA~1\AIM\BAK 08/01/2006 02:35 PM 67,112 aim.exe 1 File(s) 67,112 bytes Directory of C:\PROGRA~1\BITTOR~1\BAK 06/04/2007 05:14 PM 216,064 dna.exe 1 File(s) 216,064 bytes Directory of C:\PROGRA~1\BITTOR~2\BAK 09/07/2007 06:01 PM 43,008 bittorrent.exe 1 File(s) 43,008 bytes Directory of C:\PROGRA~1\DIGITA~1\BAK 12/09/2005 08:44 PM 139,264 readericon45G.exe 1 File(s) 139,264 bytes Directory of C:\PROGRA~1\ITUNES\BAK 01/15/2008 03:22 AM 267,048 iTunesHelper.exe 1 File(s) 267,048 bytes Directory of C:\PROGRA~1\MESSEN~1\BAK 0 File(s) 0 bytes Directory of C:\PROGRA~1\MICROS~3\BAK 06/20/2006 10:36 PM 1,207,080 wcescomm.exe 1 File(s) 1,207,080 bytes Directory of C:\PROGRA~1\QUICKT~1\BAK 01/10/2008 03:27 PM 385,024 QTTask.exe 1 File(s) 385,024 bytes Directory of C:\WINDOWS\EHOME\BAK 08/05/2005 11:56 PM 64,512 ehtray.exe 1 File(s) 64,512 bytes Directory of C:\WINDOWS\SYSTEM32\BAK 08/10/2004 02:00 PM 15,360 ctfmon.exe 1 File(s) 15,360 bytes Directory of C:\PROGRA~1\CANON\MYPRIN~1\BAK 03/21/2006 08:30 PM 1,191,936 BJMyPrt.exe 1 File(s) 1,191,936 bytes Directory of C:\PROGRA~1\GOOGLE\GOOGLE~1\BAK 07/21/2007 11:56 AM 68,856 GoogleToolbarNotifier.exe 1 File(s) 68,856 bytes Directory of C:\PROGRA~1\MCAFEE\SPAMKI~1\BAK 09/26/2005 12:26 PM 110,592 MskAgent.exe 08/12/2005 03:16 PM 1,121,792 MSKDetct.exe 2 File(s) 1,232,384 bytes Directory of C:\PROGRA~1\MCAFEE.COM\AGENT\BAK 09/22/2005 05:29 PM 303,104 mcagent.exe 01/11/2006 11:05 AM 212,992 mcupdate.exe 2 File(s) 516,096 bytes Directory of C:\PROGRA~1\MCAFEE.COM\PERSON~1\BAK 11/11/2005 04:00 PM 1,005,096 MpfTray.exe 1 File(s) 1,005,096 bytes Directory of C:\PROGRA~1\SCANSOFT\OMNIPA~1.0\BAK 03/21/2006 12:19 PM 69,632 OpwareSE4.exe 1 File(s) 69,632 bytes Directory of C:\PROGRA~1\ADOBE\ACROBA~1.0\READER\BAK 03/30/2006 03:45 PM 313,472 AdobeUpdateManager.exe 1 File(s) 313,472 bytes Directory of C:\PROGRA~1\COMMON~1\SCANSO~1\SSBKGD~1\BAK 09/29/2003 11:14 PM 155,648 SSBkgdupdate.exe 1 File(s) 155,648 bytes Duplicate files of bak directory contents ~~~~~~~~~~~~~~~~~~~~~~~ 67112 Aug 1 2006 "C:\Program Files\AIM\aim.exe" 67112 Aug 1 2006 "C:\Program Files\AIM\bak\aim.exe" 61440 Nov 13 2002 "J:\Retrospect Backup\Backup copy of Drive C ©\Program Files\AIM95\aim.exe" 216064 Jun 4 2007 "C:\Program Files\BitTorrent_DNA\dna.exe" 216064 Jun 4 2007 "C:\Program Files\BitTorrent_DNA\bak\dna.exe" 43008 Sep 7 2007 "C:\Program Files\BitTorrent\bittorrent.exe" 43008 Sep 7 2007 "C:\Program Files\BitTorrent\bak\bittorrent.exe" 139264 Dec 9 2005 "C:\Program Files\Digital Media Reader\readericon45G.exe" 139264 Dec 9 2005 "C:\Program Files\Digital Media Reader\bak\readericon45G.exe" 29696 Sep 23 2005 "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" 267048 Jan 15 2008 "C:\Program Files\iTunes\iTunesHelper.exe" 267048 Jan 15 2008 "C:\Program Files\iTunes\bak\iTunesHelper.exe" 102400 Jan 26 2008 "C:\WINDOWS\Installer\{B85C4D19-6CEB-48CF-BD98-C887AC8C6F94}\iTunesIco.exe" 79144 Jan 15 2008 "C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.6.0.29\iTunesSetupAdmin.exe" 108096 Jan 24 2007 "C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\L0GKIZZB\iTunesSetupAdmin[1].exe" 1207080 Jun 20 2006 "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" 1207080 Jun 20 2006 "C:\Program Files\Microsoft ActiveSync\bak\wcescomm.exe" 385024 Jan 10 2008 "C:\Program Files\QuickTime\QTTask.exe" 385024 Jan 10 2008 "C:\Program Files\QuickTime\bak\QTTask.exe" 77824 Jan 3 2003 "J:\Retrospect Backup\Backup copy of Drive C ©\Program Files\QuickTime\qttask.exe" 59392 Aug 10 2004 "C:\WINDOWS\$NtUninstallKB900325$\ehtray.exe" 64512 Aug 5 2005 "C:\WINDOWS\ehome\ehtray.exe" 64512 Aug 5 2005 "C:\WINDOWS\ehome\bak\ehtray.exe" 15360 Aug 10 2004 "C:\WINDOWS\system32\ctfmon.exe" 15360 Aug 10 2004 "C:\WINDOWS\system32\bak\ctfmon.exe" 13312 Aug 29 2002 "J:\Retrospect Backup\Backup copy of Drive C ©\WINDOWS\SYSTEM32\ctfmon.exe" 1191936 Mar 21 2006 "C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" 1191936 Mar 21 2006 "C:\Program Files\Canon\MyPrinter\bak\BJMyPrt.exe" 52272 May 21 2007 "C:\Program Files\Google\googletoolbar3user.exe" 68856 Jul 21 2007 "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" 138168 May 21 2007 "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" 68856 Jul 21 2007 "C:\Program Files\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe" 110592 Sep 26 2005 "C:\Program Files\McAfee\SpamKiller\MskAgent.exe" 110592 Sep 26 2005 "C:\Program Files\McAfee\SpamKiller\bak\MskAgent.exe" 1121792 Aug 12 2005 "C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" 1121792 Aug 12 2005 "C:\Program Files\McAfee\SpamKiller\bak\MSKDetct.exe" 303104 Sep 22 2005 "C:\Program Files\McAfee.com\Agent\mcagent.exe" 303104 Sep 22 2005 "C:\Program Files\McAfee.com\Agent\bak\mcagent.exe" 212992 Jan 11 2006 "C:\Program Files\McAfee.com\Agent\mcupdate.exe" 212992 Jan 11 2006 "C:\Program Files\McAfee.com\Agent\bak\mcupdate.exe" 1005096 Nov 11 2005 "C:\Program Files\McAfee.com\Personal Firewall\MpfTray.exe" 1005096 Nov 11 2005 "C:\Program Files\McAfee.com\Personal Firewall\bak\MpfTray.exe" 69632 Mar 21 2006 "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" 69632 Mar 21 2006 "C:\Program Files\ScanSoft\OmniPageSE4.0\bak\OpwareSE4.exe" 313472 Mar 30 2006 "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" 313472 Mar 30 2006 "C:\Program Files\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe" 155648 Sep 29 2003 "C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" 155648 Sep 29 2003 "C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\bak\SSBkgdupdate.exe" end of report |
|
|
|
|
Feb 4 2008, 05:44 PM
Post
#9
|
|
|
malware expert Group: HJT Team Posts: 10,743 Joined: 8-January 05 From: Vancouver (not BC) WA (Not DC) USA Member No.: 9,026 |
Hi bionate,
Please download ATF Cleaner by Atribune.
Under Main choose: Select All Click the Empty Selected button.
Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. For Technical Support, double-click the e-mail address located at the bottom of each menu. Reboot your computer <==== Important ****************************** Please double-click the FindAWF icon once again This time we are going to remove some folders. If a Security Alert shows, allow the program to run. As instructed, press any key to continue. Use the following option: Press 3 then Enter to remove bak folders A text file opens called: folders.txt Click below the line and paste the following list of folders to be removed: C:\Program Files\AIM\bak C:\Program Files\BitTorrent_DNA\bak C:\Program Files\BitTorrent\bak C:\Program Files\Digital Media Reader\bak C:\Program Files\iTunes\bak C:\Program Files\Microsoft ActiveSync\bak C:\Program Files\QuickTime\bak C:\WINDOWS\ehome\bak C:\WINDOWS\system32\bak C:\Program Files\Canon\MyPrinter\bak C:\Program Files\Google\GoogleToolbarNotifier\bak C:\Program Files\McAfee\SpamKiller\bak C:\Program Files\McAfee.com\Agent\bak C:\Program Files\McAfee.com\Personal Firewall\bak C:\Program Files\ScanSoft\OmniPageSE4.0\bak C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\bak Next, close and click Yes to save the changes. When done with the above, FindAWF automatically runs a new scan and opens a new log that you need to post. Please provide the new FindAWF log in your reply -------------------- If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you! Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum. |
|
|
|
|
Feb 4 2008, 08:20 PM
Post
#10
|
|
|
Member Group: Members Posts: 18 Joined: 2-February 08 From: South coast of Mass Member No.: 187,927 |
Thanks for all your help! I'm now getting the repeating error "Application resources could not be loaded successfully. Please reinstall McAfee SecurityCenter." Should I do that?
Here's the latest: Find AWF report by noahdfear ©2006 Version 1.40 Option 3 run successfully The current date is: Mon 02/04/2008 The current time is: 20:16:56.26 bak folders found ~~~~~~~~~~~ Directory of C:\PROGRA~1\MESSEN~1\BAK 0 File(s) 0 bytes Directory of C:\PROGRA~1\ADOBE\ACROBA~1.0\READER\BAK 03/30/2006 03:45 PM 313,472 AdobeUpdateManager.exe 1 File(s) 313,472 bytes Directory of C:\PROGRA~1\COMMON~1\SCANSO~1\SSBKGD~1\BAK 09/29/2003 11:14 PM 155,648 SSBkgdupdate.exe 1 File(s) 155,648 bytes Duplicate files of bak directory contents ~~~~~~~~~~~~~~~~~~~~~~~ 313472 Mar 30 2006 "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" 313472 Mar 30 2006 "C:\Program Files\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe" 155648 Sep 29 2003 "C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" 155648 Sep 29 2003 "C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\bak\SSBkgdupdate.exe" end of report |
|
|
|
|
Feb 5 2008, 12:29 AM
Post
#11
|
|
|
malware expert Group: HJT Team Posts: 10,743 Joined: 8-January 05 From: Vancouver (not BC) WA (Not DC) USA Member No.: 9,026 |
Hi bionate,
QUOTE I'm now getting the repeating error "Application resources could not be loaded successfully. Please reinstall McAfee SecurityCenter." Should I do that? Yes, the AWF trojan killed some of the McAfee files, so reinstall McAfee SecurityCenter. Please download the OTMoveIt2 by OldTimer.
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. QUOTE Caution: Be careful of what you copy and paste with this tool. OTMoveIt2 is a powerful program, designed to move highly persistent files and folders. Not following the directions as instructed or using incorrectly could lead to disastrous problems with your operating system. Double-click the FindAWF icon. If a Security Alert shows, allow the program to run. As instructed, press any key to continue. Use the following option: Press 1 then Enter to scan for bak folders The scan may take a while, please be patient. When done, a text file, Find AWF report is produced that I need to look at. Please post it in your reply along with the OTMoveIt2 log. -------------------- If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you! Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum. |
|
|
|