Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Whataboutadog And Doginhispen Virus


  • This topic is locked This topic is locked
22 replies to this topic

#1 PrincessBene

PrincessBene

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Misery (Missouri)
  • Local time:01:27 PM

Posted 16 October 2007 - 04:04 PM

Thanks to some virus that initially logged as the name Movieland and I later found in my trusted sites list as, "*.whataboutadog" and/or "*.doginhispen" I am unable to view webpages, especially secure webpages. I usually get the dreaded DNS Server error or Page not Found error definitely by three pages deep. And yes, I've ran adware, stinger, etc. And I even tried the simpleton thing of merely deleting the dog viruses from the trusted sites list and of course, to my dismay, they resurface within about an hour. My issue is identical to that of fakerone and that is even how I found you wonderful people of (quite appropriately named) bleepingcomputer.com.

I'm willing to bake cookies, barbeque, anything legal, or that allows me to sleep well at night for assistance that makes my life beautiful once more. (Or heck, maybe a sincere thanks will do after all is said and done, eh?)

Damsel In Distress


Here is the HijackThis that was generated as instructed:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:42:53 PM, on 10/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal


Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sun\jstudio_ent8\CollabRuntime\bin\xmppd-jse8.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
C:\Program Files\eFax Messenger 4.1\J2GTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 12 Standard\MiniMavis.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\HP\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\bak\hkcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IE - {0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2} - C:\Program Files\WinBudget\bin\matrix.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] c:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [eFax 4.1] "C:\Program Files\eFax Messenger 4.1\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1149188158\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [LXCICATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCItime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcimon.exe] "C:\Program Files\Lexmark 7300 Series\lxcimon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 7300 Series\ezprint.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [License Manager] "C:\Program Files\License_Manager\license_manager.exe " /silent
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.13.0.12\PlaxoHelper.exe -a
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O4 - Global Startup: eFax 4.1.lnk = C:\Program Files\eFax Messenger 4.1\J2GTray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: MiniMavis.lnk = C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 12 Standard\MiniMavis.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O15 - Trusted Zone: *.whataboutadog.com
O15 - Trusted Zone: http://Download.Windowsupdate.com
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/insta...staller_gmn.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/ru...cat-no-eula.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://onlinedesigner.hgtv.com/images/app/view22rte.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: lxci_device - - C:\WINDOWS\system32\lxcicoms.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Collaboration Runtime (xmppd-jse8) - Unknown owner - C:\Program Files\Sun\jstudio_ent8\CollabRuntime\bin\xmppd-jse8.exe


--
End of file - 17675 bytes

Whatever-or whoever, you do..be good!

BC AdBot (Login to Remove)

 


#2 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:11:27 AM

Posted 16 October 2007 - 06:57 PM

Hello PrincessBene,

I am SifuMike and I will be helping you. :thumbsup:

Lets start removing that stupid whataboutadog and doginhispen from your computer.

Download FindAWF:
http://noahdfear.net/downloads/FindAWF.exe
Save the file to the Desktop
Double-click the FindAWF icon.

If a Security Alert shows, allow the program to run.
As instructed, press any key to continue.
Use the following option: Press 1 then Enter to scan for bak folders
The scan may take a while, please be patient.

When done, a text file, Find AWF report is produced that we need to look at.
Please post it in your reply.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 PrincessBene

PrincessBene
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Misery (Missouri)
  • Local time:01:27 PM

Posted 16 October 2007 - 11:38 PM

Greetings SiFuMike,

Eagerly, :thumbsup: , as instructed here are the results from the AWF text file:


Find AWF report by noahdfear 2006
Version 1.40

The current date is: Tue 10/16/2007
The current time is: 23:20:50.06


bak folders found
~~~~~~~~~~~


Directory of C:\HP\KBD\BAK

02/02/2005 05:44 PM 61,440 KBD.EXE
1 File(s) 61,440 bytes

Directory of C:\PROGRA~1\EFAXME~1.1\BAK

12/16/2005 06:59 PM 107,008 J2GDllCmd.exe
1 File(s) 107,008 bytes

Directory of C:\PROGRA~1\ITUNES\BAK

07/31/2007 06:44 PM 271,672 iTunesHelper.exe
1 File(s) 271,672 bytes

Directory of C:\PROGRA~1\LEXMAR~1\BAK

08/01/2005 07:05 AM 94,208 ezprint.exe
09/30/2005 09:47 AM 200,704 lxcimon.exe
2 File(s) 294,912 bytes

Directory of C:\PROGRA~1\MESSEN~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\NORTON~1\BAK

03/29/2005 07:03 PM 22,656 UrlLstCk.exe
1 File(s) 22,656 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

06/29/2007 06:24 AM 286,720 QTTask.exe
1 File(s) 286,720 bytes

Directory of C:\PROGRA~1\REGSHAVE\BAK

02/04/2002 11:32 PM 53,248 REGSHAVE.EXE
1 File(s) 53,248 bytes

Directory of C:\PROGRA~1\SYMNET~1\BAK

04/25/2006 11:50 AM 100,056 SNDMon.exe
1 File(s) 100,056 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

08/04/2004 07:00 AM 15,360 ctfmon.exe
06/08/2005 12:59 PM 77,824 hkcmd.exe
06/08/2005 01:03 PM 114,688 igfxpers.exe
3 File(s) 207,872 bytes

Directory of C:\PROGRA~1\AWS\WEATHE~1\BAK

12/16/2004 04:37 PM 1,601,536 Weather.exe
1 File(s) 1,601,536 bytes

Directory of C:\PROGRA~1\COMMON~1\SYMANT~1\BAK

10/05/2005 06:06 PM 48,752 ccApp.exe
1 File(s) 48,752 bytes

Directory of C:\PROGRA~1\HEWLET~1\HPBOOT~1\BAK

02/26/2005 12:34 AM 245,760 HPBootOp.exe
1 File(s) 245,760 bytes

Directory of C:\PROGRA~1\HP\HPSOFT~1\BAK

05/12/2005 08:12 AM 49,152 HPwuSchd2.exe
1 File(s) 49,152 bytes

Directory of C:\PROGRA~1\LOGMEIN\UPDATE\2-30-555.BAK

07/21/2006 01:15 PM 2,595,281 template.rab
1 File(s) 2,595,281 bytes

Directory of C:\PROGRA~1\LOGMEIN\X86\BAK

04/17/2007 02:03 PM 63,048 LogMeInSystray.exe
1 File(s) 63,048 bytes

Directory of C:\PROGRA~1\PLAXO\2130~1.12\BAK

03/06/2007 11:24 AM 183,367 PlaxoHelper.exe
1 File(s) 183,367 bytes

Directory of C:\PROGRA~1\PURENE~1\PORTMA~1\BAK

04/05/2004 04:33 PM 99,480 PortAOL.exe
1 File(s) 99,480 bytes

Directory of C:\PROGRA~1\SKYPE\PHONE\BAK

12/11/2006 09:41 PM 25,343,016 Skype.exe
1 File(s) 25,343,016 bytes

Directory of C:\PROGRA~1\YAHOO!\MESSEN~1\BAK

08/30/2007 05:43 PM 4,670,704 YahooMessenger.exe
1 File(s) 4,670,704 bytes

Directory of C:\WINDOWS\ASSEMBLY\NATIVE~1.507\SBAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\ADOBE\ACROBA~1.0\DISTILLR\BAK

12/14/2004 02:12 AM 483,328 Acrotray.exe
1 File(s) 483,328 bytes

Directory of C:\PROGRA~1\COMMON~1\AOL\ACS\BAK

04/18/2005 01:38 PM 71,256 AOLDial.exe
1 File(s) 71,256 bytes

Directory of C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\COMMON~1\AOL\IPHSEND\BAK

03/27/2006 10:57 AM 126,104 IPHSend.exe
1 File(s) 126,104 bytes

Directory of C:\PROGRA~1\COMMON~1\REAL\UPDATE~1\BAK

10/06/2005 08:50 PM 180,269 realsched.exe
1 File(s) 180,269 bytes

Directory of C:\PROGRA~1\HP\DIGITA~1\{33D6C~1\BAK

06/02/2005 01:35 AM 49,152 hphupd08.exe
1 File(s) 49,152 bytes

Directory of C:\PROGRA~1\JAVA\JRE15~1.0_1\BIN\BAK

11/09/2006 04:07 PM 49,263 jusched.exe
1 File(s) 49,263 bytes

Directory of C:\PROGRA~1\LOGMEIN\X86\UPDATE\3-00-606.BAK


Directory of C:\PROGRA~1\COMMON~1\AOL\114918~1\EE\BAK

03/08/2006 01:38 PM 48,280 AOLSoftware.exe
1 File(s) 48,280 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

27664 Oct 2 2007 "C:\hp\KBD\KBD.EXE"
61440 Feb 2 2005 "C:\hp\KBD\bak\KBD.EXE"
27664 Oct 2 2007 "C:\Program Files\eFax Messenger 4.1\J2GDllCmd.exe"
107008 Dec 16 2005 "C:\Program Files\eFax Messenger 4.1\bak\J2GDllCmd.exe"
27664 Oct 2 2007 "C:\Program Files\iTunes\iTunesHelper.exe"
271672 Jul 31 2007 "C:\Program Files\iTunes\bak\iTunesHelper.exe"
102400 Aug 17 2007 "C:\WINDOWS\Installer\{E0219810-16E4-437D-9165-93D7B22524F9}\iTunesIco.exe"
116024 Jul 31 2007 "C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes

7.3.2.6\iTunesSetupAdmin.exe"
27664 Oct 2 2007 "C:\Program Files\Lexmark 7300 Series\ezprint.exe"
94208 Aug 1 2005 "C:\Program Files\Lexmark 7300 Series\bak\ezprint.exe"
27664 Oct 2 2007 "C:\Program Files\Lexmark 7300 Series\lxcimon.exe"
200704 Sep 30 2005 "C:\Program Files\Lexmark 7300 Series\bak\lxcimon.exe"
27664 Oct 2 2007 "C:\Program Files\Norton Internet Security\UrlLstCk.exe"
22656 Mar 29 2005 "C:\Program Files\Norton Internet Security\bak\UrlLstCk.exe"
27664 Oct 2 2007 "C:\Program Files\QuickTime\QTTask.exe"
286720 Jun 29 2007 "C:\Program Files\QuickTime\bak\QTTask.exe"
27664 Oct 2 2007 "C:\Program Files\REGSHAVE\REGSHAVE.EXE"
53248 Feb 4 2002 "C:\Program Files\REGSHAVE\bak\REGSHAVE.EXE"
27664 Oct 2 2007 "C:\Program Files\SymNetDrv\SNDMon.exe"
100056 Apr 25 2006 "C:\Program Files\SymNetDrv\bak\SNDMon.exe"
15360 Aug 4 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 Aug 4 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
27664 Oct 2 2007 "C:\WINDOWS\system32\hkcmd.exe"
77824 Jun 8 2005 "C:\hp\drivers\video_Intel\hkcmd.exe"
77824 Jun 8 2005 "C:\WINDOWS\system32\bak\hkcmd.exe"
27664 Oct 2 2007 "C:\WINDOWS\system32\igfxpers.exe"
114688 Jun 8 2005 "C:\hp\drivers\video_Intel\igfxpers.exe"
114688 Jun 8 2005 "C:\WINDOWS\system32\bak\igfxpers.exe"
27664 Oct 2 2007 "C:\Program Files\AWS\WeatherBug\Weather.exe"
1601536 Dec 16 2004 "C:\Program Files\AWS\WeatherBug\bak\Weather.exe"
27664 Oct 2 2007 "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
48752 Oct 5 2005 "C:\Program Files\Common Files\Symantec Shared\bak\ccApp.exe"
27664 Oct 2 2007 "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe"
245760 Feb 26 2005 "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\bak\HPBootOp.exe"
27664 Oct 2 2007 "C:\Program Files\HP\HP Software Update\HPwuSchd2.exe"
49152 May 12 2005 "C:\Program Files\HP\HP Software Update\bak\HPwuSchd2.exe"
3993935 May 25 2007 "C:\Program Files\LogMeIn\template.rab"
2595281 Jul 21 2006 "C:\Program Files\LogMeIn\update\2-30-555.bak\template.rab"
57928 Apr 17 2007 "C:\Program Files\LogMeIn\x64\LogMeInSystray.exe"
63048 Apr 17 2007 "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe1191357025"
63048 Apr 17 2007 "C:\Program Files\LogMeIn\x86\bak\LogMeInSystray.exe"
24592 Sep 27 2007 "C:\Program Files\LogMeIn\x86\update\3-00-606.bak\x86\LogMeInSystray.exe"
27664 Oct 2 2007 "C:\Program Files\Plaxo\2.13.0.12\PlaxoHelper.exe"
183367 Mar 6 2007 "C:\Program Files\Plaxo\2.13.0.12\bak\PlaxoHelper.exe"
27664 Oct 2 2007 "C:\Program Files\Pure Networks\Port Magic\PortAOL.exe"
99480 Apr 5 2004 "C:\Program Files\Pure Networks\Port Magic\bak\PortAOL.exe"
27664 Oct 2 2007 "C:\Program Files\Skype\Phone\Skype.exe"
25343016 Dec 11 2006 "C:\Program Files\Skype\Phone\bak\Skype.exe"
27664 Oct 2 2007 "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"
4670704 Aug 30 2007 "C:\Program Files\Yahoo!\Messenger\bak\YahooMessenger.exe"
15360 Aug 28 2007

"C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SBAK\1289629175f8e0b57ccfee2a89ff7129\SBAK.ni.dll"
15360 Jul 12 2007

"C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SBAK\48a15b6baec694b552c36dc9fa75c524\SBAK.ni.dll"
15360 Aug 28 2007

"C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SBAK\1289629175f8e0b57ccfee2a89ff7129\SBAK.ni.dll"
15360 Jul 12 2007

"C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SBAK\48a15b6baec694b552c36dc9fa75c524\SBAK.ni.dll"
27664 Oct 2 2007 "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
217193 May 15 2003 "C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe"
483328 Dec 14 2004 "C:\Program Files\Adobe\Acrobat 7.0\Distillr\bak\Acrotray.exe"
27664 Oct 2 2007 "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"
71256 Apr 18 2005 "C:\Program Files\Common Files\AOL\ACS\bak\AOLDial.exe"
27664 Oct 2 2007 "C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe"
126104 Mar 27 2006 "C:\Program Files\Common Files\AOL\IPHSend\bak\IPHSend.exe"
27664 Oct 2 2007 "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"
180269 Oct 6 2005 "C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
27664 Oct 2 2007 "C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe"
49152 Jun 2 2005 "C:\Program Files\HP\Digital

Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\bak\hphupd08.exe"
36972 Oct 6 2005 "C:\Program Files\Java\jre1.5.0\bin\jusched.exe"
36975 Nov 10 2005 "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
27664 Oct 2 2007 "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
36975 Jun 3 2005 "C:\Program Files\Java\JDK1.5.0_04\jre\bin\jusched.exe"
49263 Nov 9 2006 "C:\Program Files\Java\jre1.5.0_10\bin\bak\jusched.exe"
36975 Nov 10 2005 "C:\Program Files\Sun\Creator2_1\java\jre\bin\jusched.exe"
32881 Feb 23 2004 "C:\Program Files\Sun\Creator2_1\_uninst\_jvm\bin\jusched.exe"
57928 Apr 17 2007 "C:\Program Files\LogMeIn\x64\LogMeInSystray.exe"
63048 Apr 17 2007 "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe1191357025"
63048 Apr 17 2007 "C:\Program Files\LogMeIn\x86\bak\LogMeInSystray.exe"
24592 Sep 27 2007 "C:\Program Files\LogMeIn\x86\update\3-00-606.bak\x86\LogMeInSystray.exe"
27664 Oct 2 2007 "C:\Program Files\Common Files\AOL\1149188158\EE\AOLSoftware.exe"
48280 Mar 8 2006 "C:\Program Files\Common Files\AOL\1149188158\EE\bak\AOLSoftware.exe"


end of report
Whatever-or whoever, you do..be good!

#4 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:11:27 AM

Posted 17 October 2007 - 12:26 AM

Hi PrincessBene,

Please double-click the FindAWF icon once again

If a Security Alert shows, allow the program to run.
As instructed, press any key to continue.
Use the following option: Press 2 then Enter to restore files from bak folders

A text file opens called: files.txt
Click below the line and paste the following list of files to be restored:


"C:\hp\KBD\bak\KBD.EXE"
"C:\Program Files\eFax Messenger 4.1\bak\J2GDllCmd.exe"
"C:\Program Files\iTunes\bak\iTunesHelper.exe"
"C:\Program Files\Lexmark 7300 Series\bak\ezprint.exe"
"C:\Program Files\Lexmark 7300 Series\bak\lxcimon.exe"
"C:\Program Files\Norton Internet Security\bak\UrlLstCk.exe"
"C:\Program Files\QuickTime\bak\QTTask.exe"
"C:\Program Files\REGSHAVE\bak\REGSHAVE.EXE"
"C:\Program Files\SymNetDrv\bak\SNDMon.exe"
"C:\WINDOWS\system32\bak\ctfmon.exe"
"C:\WINDOWS\system32\bak\hkcmd.exe"
"C:\WINDOWS\system32\bak\igfxpers.exe"
"C:\Program Files\AWS\WeatherBug\bak\Weather.exe"
"C:\Program Files\Common Files\Symantec Shared\bak\ccApp.exe"
"C:\Program Files\Hewlett-Packard\HP Boot Optimizer\bak\HPBootOp.exe"
"C:\Program Files\HP\HP Software Update\bak\HPwuSchd2.exe"
"C:\Program Files\LogMeIn\update\2-30-555.bak\template.rab"
"C:\Program Files\LogMeIn\x86\bak\LogMeInSystray.exe"
"C:\Program Files\Plaxo\2.13.0.12\bak\PlaxoHelper.exe"
"C:\Program Files\Pure Networks\Port Magic\bak\PortAOL.exe"
"C:\Program Files\Skype\Phone\bak\Skype.exe"
"C:\Program Files\Yahoo!\Messenger\bak\YahooMessenger.exe"
"C:\Program Files\Adobe\Acrobat 7.0\Distillr\bak\Acrotray.exe"
"C:\Program Files\Common Files\AOL\ACS\bak\AOLDial.exe"
"C:\Program Files\Common Files\AOL\IPHSend\bak\IPHSend.exe"
"C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
"C:\Program Files\HP\Digital
Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\bak\hphupd08.exe"
"C:\Program Files\Java\jre1.5.0_10\bin\bak\jusched.exe"
"C:\Program Files\LogMeIn\x86\bak\LogMeInSystray.exe"
"C:\Program Files\Common Files\AOL\1149188158\EE\bak\AOLSoftware.exe"


Next, close and click Yes to save the changes.

Once files.txt is saved, FindAWF does the following:
-It attempts to terminate the process represented by each filename on the list, if running
-Deletes the rogue file from the parent folder, if present
-Copies the original file to the parent folder

When done with the above, it automatically runs a new scan and opens a new log.
Please provide the new FindAWF log in your reply
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 PrincessBene

PrincessBene
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Misery (Missouri)
  • Local time:01:27 PM

Posted 17 October 2007 - 01:08 PM

SiFuMike,
All went well until the end. Once I closed and saved to allow awf to automatically run a new scan and open a new log, etc...it just disappeared. There is no interface, command window or anything at all. Perhaps I can retrieve this log by picking up again as files.txt? Or start this set of instructions again?
Whatever-or whoever, you do..be good!

#6 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:11:27 AM

Posted 17 October 2007 - 01:28 PM

Hi PrincessBene,

Did you give it some time to run?

Repeat the FindAwf instuctons in my last post and then post the log.

Edited by SifuMike, 17 October 2007 - 01:33 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 PrincessBene

PrincessBene
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Misery (Missouri)
  • Local time:01:27 PM

Posted 17 October 2007 - 01:44 PM

SiFuMike,
Yes, I have given both attempts time to run. As a matter of fact, they ran so quickly in a matter of less than 20 seconds per attempt. I did notice that there was one file that flashed that could not be copied as the list scrolled by. Is there a different avenue in which to get the new log you need because the screen disappears and I'm left staring at my desktop waiting for a new log which never appears.
Whatever-or whoever, you do..be good!

#8 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:11:27 AM

Posted 17 October 2007 - 01:47 PM

Look in your notepad and see if files.txt is there.

Edited by SifuMike, 17 October 2007 - 01:52 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:11:27 AM

Posted 17 October 2007 - 02:00 PM

Hi PrincessBene,

I have changed the files slightly so try running this.

Please double-click the FindAWF icon once again

If a Security Alert shows, allow the program to run.
As instructed, press any key to continue.
Use the following option: Press 2 then Enter to restore files from bak folders

A text file opens called: files.txt
Click below the line and paste the following list of files to be restored:


"C:\hp\KBD\bak\KBD.EXE"
"C:\Program Files\eFax Messenger 4.1\bak\J2GDllCmd.exe"
"C:\Program Files\iTunes\bak\iTunesHelper.exe"
"C:\Program Files\Lexmark 7300 Series\bak\ezprint.exe"
"C:\Program Files\Lexmark 7300 Series\bak\lxcimon.exe"
"C:\Program Files\Norton Internet Security\bak\UrlLstCk.exe"
"C:\Program Files\QuickTime\bak\QTTask.exe"
"C:\Program Files\REGSHAVE\bak\REGSHAVE.EXE"
"C:\Program Files\SymNetDrv\bak\SNDMon.exe"
"C:\WINDOWS\system32\bak\ctfmon.exe"
"C:\WINDOWS\system32\bak\hkcmd.exe"
"C:\WINDOWS\system32\bak\igfxpers.exe"
"C:\Program Files\AWS\WeatherBug\bak\Weather.exe"
"C:\Program Files\Common Files\Symantec Shared\bak\ccApp.exe"
"C:\Program Files\Hewlett-Packard\HP Boot Optimizer\bak\HPBootOp.exe"
"C:\Program Files\HP\HP Software Update\bak\HPwuSchd2.exe"
"C:\Program Files\LogMeIn\update\2-30-555.bak\template.rab"
"C:\Program Files\LogMeIn\x86\bak\LogMeInSystray.exe"
"C:\Program Files\Plaxo\2.13.0.12\bak\PlaxoHelper.exe"
"C:\Program Files\Pure Networks\Port Magic\bak\PortAOL.exe"
"C:\Program Files\Skype\Phone\bak\Skype.exe"
"C:\Program Files\Yahoo!\Messenger\bak\YahooMessenger.exe"
"C:\Program Files\Adobe\Acrobat 7.0\Distillr\bak\Acrotray.exe"
"C:\Program Files\Common Files\AOL\ACS\bak\AOLDial.exe"
"C:\Program Files\Common Files\AOL\IPHSend\bak\IPHSend.exe"
"C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
"C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\bak\hphupd08.exe"
"C:\Program Files\Java\jre1.5.0_10\bin\bak\jusched.exe"
"C:\Program Files\LogMeIn\x86\bak\LogMeInSystray.exe"
"C:\Program Files\Common Files\AOL\1149188158\EE\bak\AOLSoftware.exe"


Next, close and click Yes to save the changes.

Once files.txt is saved, FindAWF does the following:
-It attempts to terminate the process represented by each filename on the list, if running
-Deletes the rogue file from the parent folder, if present
-Copies the original file to the parent folder

When done with the above, it automatically runs a new scan and opens a new log.
Please provide the new FindAWF log in your reply
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#10 PrincessBene

PrincessBene
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Misery (Missouri)
  • Local time:01:27 PM

Posted 17 October 2007 - 02:13 PM

SiFuMike,
::sigh:: I'm defeated. I've ran it 4 times now and not only does it almost instantly disappear after multiple lines scrolling by, although I close and save, the file is nowhere to be found! It's like none of this has ever happened!
Whatever-or whoever, you do..be good!

#11 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:11:27 AM

Posted 17 October 2007 - 02:17 PM

Are you leaving the " around each of the files? You are not removing the
" , are you? :thumbsup:

Are you changing anything when you copy and paste?

This tool has worked many thousands of times with no problems, so I am thinking you are running it incorrectly.

Edited by SifuMike, 17 October 2007 - 02:24 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#12 PrincessBene

PrincessBene
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Misery (Missouri)
  • Local time:01:27 PM

Posted 17 October 2007 - 03:05 PM

SiFuMike,
Amazingly, embarassingly, isn't it funky what does (or doesn't) happen all because of a missing quote mark? :thumbsup: Apparently I didn't capture the very first mark. and by the way, let this be a testament to my world, yes I am the one person who can mess up a system that has worked 1000 times before without error. Thanks for your patience.

At any rate, here's the requested log:


Find AWF report by noahdfear 2006
Version 1.40
Option 2 run successfully

The current date is: Wed 10/17/2007
The current time is: 14:50:30.35


bak folders found
~~~~~~~~~~~


Directory of C:\HP\KBD\BAK

02/02/2005 05:44 PM 61,440 KBD.EXE
1 File(s) 61,440 bytes

Directory of C:\PROGRA~1\EFAXME~1.1\BAK

12/16/2005 06:59 PM 107,008 J2GDllCmd.exe
1 File(s) 107,008 bytes

Directory of C:\PROGRA~1\ITUNES\BAK

07/31/2007 06:44 PM 271,672 iTunesHelper.exe
1 File(s) 271,672 bytes

Directory of C:\PROGRA~1\LEXMAR~1\BAK

08/01/2005 07:05 AM 94,208 ezprint.exe
09/30/2005 09:47 AM 200,704 lxcimon.exe
2 File(s) 294,912 bytes

Directory of C:\PROGRA~1\MESSEN~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\NORTON~1\BAK

03/29/2005 07:03 PM 22,656 UrlLstCk.exe
1 File(s) 22,656 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

06/29/2007 06:24 AM 286,720 QTTask.exe
1 File(s) 286,720 bytes

Directory of C:\PROGRA~1\REGSHAVE\BAK

02/04/2002 11:32 PM 53,248 REGSHAVE.EXE
1 File(s) 53,248 bytes

Directory of C:\PROGRA~1\SYMNET~1\BAK

04/25/2006 11:50 AM 100,056 SNDMon.exe
1 File(s) 100,056 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

08/04/2004 07:00 AM 15,360 ctfmon.exe
06/08/2005 12:59 PM 77,824 hkcmd.exe
06/08/2005 01:03 PM 114,688 igfxpers.exe
3 File(s) 207,872 bytes

Directory of C:\PROGRA~1\AWS\WEATHE~1\BAK

12/16/2004 04:37 PM 1,601,536 Weather.exe
1 File(s) 1,601,536 bytes

Directory of C:\PROGRA~1\COMMON~1\SYMANT~1\BAK

10/05/2005 06:06 PM 48,752 ccApp.exe
1 File(s) 48,752 bytes

Directory of C:\PROGRA~1\HEWLET~1\HPBOOT~1\BAK

02/26/2005 12:34 AM 245,760 HPBootOp.exe
1 File(s) 245,760 bytes

Directory of C:\PROGRA~1\HP\HPSOFT~1\BAK

05/12/2005 08:12 AM 49,152 HPwuSchd2.exe
1 File(s) 49,152 bytes

Directory of C:\PROGRA~1\LOGMEIN\UPDATE\2-30-555.BAK


Directory of C:\PROGRA~1\LOGMEIN\X86\BAK

04/17/2007 02:03 PM 63,048 LogMeInSystray.exe
1 File(s) 63,048 bytes

Directory of C:\PROGRA~1\PLAXO\2130~1.12\BAK

03/06/2007 11:24 AM 183,367 PlaxoHelper.exe
1 File(s) 183,367 bytes

Directory of C:\PROGRA~1\PURENE~1\PORTMA~1\BAK

04/05/2004 04:33 PM 99,480 PortAOL.exe
1 File(s) 99,480 bytes

Directory of C:\PROGRA~1\SKYPE\PHONE\BAK

12/11/2006 09:41 PM 25,343,016 Skype.exe
1 File(s) 25,343,016 bytes

Directory of C:\PROGRA~1\YAHOO!\MESSEN~1\BAK

08/30/2007 05:43 PM 4,670,704 YahooMessenger.exe
1 File(s) 4,670,704 bytes

Directory of C:\WINDOWS\ASSEMBLY\NATIVE~1.507\SBAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\ADOBE\ACROBA~1.0\DISTILLR\BAK

12/14/2004 02:12 AM 483,328 Acrotray.exe
1 File(s) 483,328 bytes

Directory of C:\PROGRA~1\COMMON~1\AOL\ACS\BAK

04/18/2005 01:38 PM 71,256 AOLDial.exe
1 File(s) 71,256 bytes

Directory of C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\COMMON~1\AOL\IPHSEND\BAK

03/27/2006 10:57 AM 126,104 IPHSend.exe
1 File(s) 126,104 bytes

Directory of C:\PROGRA~1\COMMON~1\REAL\UPDATE~1\BAK

10/06/2005 08:50 PM 180,269 realsched.exe
1 File(s) 180,269 bytes

Directory of C:\PROGRA~1\HP\DIGITA~1\{33D6C~1\BAK

06/02/2005 01:35 AM 49,152 hphupd08.exe
1 File(s) 49,152 bytes

Directory of C:\PROGRA~1\JAVA\JRE15~1.0_1\BIN\BAK

11/09/2006 04:07 PM 49,263 jusched.exe
1 File(s) 49,263 bytes

Directory of C:\PROGRA~1\LOGMEIN\X86\UPDATE\3-00-606.BAK


Directory of C:\PROGRA~1\COMMON~1\AOL\114918~1\EE\BAK

03/08/2006 01:38 PM 48,280 AOLSoftware.exe
1 File(s) 48,280 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

61440 Feb 2 2005 "C:\hp\KBD\KBD.EXE"
61440 Feb 2 2005 "C:\hp\KBD\bak\KBD.EXE"
107008 Dec 16 2005 "C:\Program Files\eFax Messenger 4.1\J2GDllCmd.exe"
107008 Dec 16 2005 "C:\Program Files\eFax Messenger 4.1\bak\J2GDllCmd.exe"
271672 Jul 31 2007 "C:\Program Files\iTunes\iTunesHelper.exe"
271672 Jul 31 2007 "C:\Program Files\iTunes\bak\iTunesHelper.exe"
102400 Aug 17 2007 "C:\WINDOWS\Installer\{E0219810-16E4-437D-9165-93D7B22524F9}\iTunesIco.exe"
116024 Jul 31 2007 "C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.3.2.6\iTunesSetupAdmin.exe"
94208 Aug 1 2005 "C:\Program Files\Lexmark 7300 Series\ezprint.exe"
94208 Aug 1 2005 "C:\Program Files\Lexmark 7300 Series\bak\ezprint.exe"
200704 Sep 30 2005 "C:\Program Files\Lexmark 7300 Series\lxcimon.exe"
200704 Sep 30 2005 "C:\Program Files\Lexmark 7300 Series\bak\lxcimon.exe"
22656 Mar 29 2005 "C:\Program Files\Norton Internet Security\UrlLstCk.exe"
22656 Mar 29 2005 "C:\Program Files\Norton Internet Security\bak\UrlLstCk.exe"
286720 Jun 29 2007 "C:\Program Files\QuickTime\QTTask.exe"
286720 Jun 29 2007 "C:\Program Files\QuickTime\bak\QTTask.exe"
53248 Feb 4 2002 "C:\Program Files\REGSHAVE\REGSHAVE.EXE"
53248 Feb 4 2002 "C:\Program Files\REGSHAVE\bak\REGSHAVE.EXE"
100056 Apr 25 2006 "C:\Program Files\SymNetDrv\SNDMon.exe"
100056 Apr 25 2006 "C:\Program Files\SymNetDrv\bak\SNDMon.exe"
15360 Aug 4 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 Aug 4 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
77824 Jun 8 2005 "C:\WINDOWS\system32\hkcmd.exe"
77824 Jun 8 2005 "C:\hp\drivers\video_Intel\hkcmd.exe"
77824 Jun 8 2005 "C:\WINDOWS\system32\bak\hkcmd.exe"
114688 Jun 8 2005 "C:\WINDOWS\system32\igfxpers.exe"
114688 Jun 8 2005 "C:\hp\drivers\video_Intel\igfxpers.exe"
114688 Jun 8 2005 "C:\WINDOWS\system32\bak\igfxpers.exe"
1601536 Dec 16 2004 "C:\Program Files\AWS\WeatherBug\Weather.exe"
1601536 Dec 16 2004 "C:\Program Files\AWS\WeatherBug\bak\Weather.exe"
48752 Oct 5 2005 "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
48752 Oct 5 2005 "C:\Program Files\Common Files\Symantec Shared\bak\ccApp.exe"
245760 Feb 26 2005 "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe"
245760 Feb 26 2005 "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\bak\HPBootOp.exe"
49152 May 12 2005 "C:\Program Files\HP\HP Software Update\HPwuSchd2.exe"
49152 May 12 2005 "C:\Program Files\HP\HP Software Update\bak\HPwuSchd2.exe"
57928 Apr 17 2007 "C:\Program Files\LogMeIn\x64\LogMeInSystray.exe"
63048 Apr 17 2007 "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe1191357025"
63048 Apr 17 2007 "C:\Program Files\LogMeIn\x86\bak\LogMeInSystray.exe"
24592 Sep 27 2007 "C:\Program Files\LogMeIn\x86\update\3-00-606.bak\x86\LogMeInSystray.exe"
183367 Mar 6 2007 "C:\Program Files\Plaxo\2.13.0.12\PlaxoHelper.exe"
183367 Mar 6 2007 "C:\Program Files\Plaxo\2.13.0.12\bak\PlaxoHelper.exe"
99480 Apr 5 2004 "C:\Program Files\Pure Networks\Port Magic\PortAOL.exe"
99480 Apr 5 2004 "C:\Program Files\Pure Networks\Port Magic\bak\PortAOL.exe"
25343016 Dec 11 2006 "C:\Program Files\Skype\Phone\Skype.exe"
25343016 Dec 11 2006 "C:\Program Files\Skype\Phone\bak\Skype.exe"
4670704 Aug 30 2007 "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"
4670704 Aug 30 2007 "C:\Program Files\Yahoo!\Messenger\bak\YahooMessenger.exe"
15360 Aug 28 2007 "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SBAK\1289629175f8e0b57ccfee2a89ff7129\SBAK.ni.dll"
15360 Jul 12 2007 "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SBAK\48a15b6baec694b552c36dc9fa75c524\SBAK.ni.dll"
15360 Aug 28 2007 "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SBAK\1289629175f8e0b57ccfee2a89ff7129\SBAK.ni.dll"
15360 Jul 12 2007 "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SBAK\48a15b6baec694b552c36dc9fa75c524\SBAK.ni.dll"
483328 Dec 14 2004 "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
217193 May 15 2003 "C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe"
483328 Dec 14 2004 "C:\Program Files\Adobe\Acrobat 7.0\Distillr\bak\Acrotray.exe"
71256 Apr 18 2005 "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"
71256 Apr 18 2005 "C:\Program Files\Common Files\AOL\ACS\bak\AOLDial.exe"
126104 Mar 27 2006 "C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe"
126104 Mar 27 2006 "C:\Program Files\Common Files\AOL\IPHSend\bak\IPHSend.exe"
180269 Oct 6 2005 "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"
180269 Oct 6 2005 "C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
49152 Jun 2 2005 "C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe"
49152 Jun 2 2005 "C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\bak\hphupd08.exe"
36972 Oct 6 2005 "C:\Program Files\Java\jre1.5.0\bin\jusched.exe"
36975 Nov 10 2005 "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
49263 Nov 9 2006 "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
36975 Jun 3 2005 "C:\Program Files\Java\JDK1.5.0_04\jre\bin\jusched.exe"
49263 Nov 9 2006 "C:\Program Files\Java\jre1.5.0_10\bin\bak\jusched.exe"
36975 Nov 10 2005 "C:\Program Files\Sun\Creator2_1\java\jre\bin\jusched.exe"
32881 Feb 23 2004 "C:\Program Files\Sun\Creator2_1\_uninst\_jvm\bin\jusched.exe"
57928 Apr 17 2007 "C:\Program Files\LogMeIn\x64\LogMeInSystray.exe"
63048 Apr 17 2007 "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe1191357025"
63048 Apr 17 2007 "C:\Program Files\LogMeIn\x86\bak\LogMeInSystray.exe"
24592 Sep 27 2007 "C:\Program Files\LogMeIn\x86\update\3-00-606.bak\x86\LogMeInSystray.exe"
48280 Mar 8 2006 "C:\Program Files\Common Files\AOL\1149188158\EE\AOLSoftware.exe"
48280 Mar 8 2006 "C:\Program Files\Common Files\AOL\1149188158\EE\bak\AOLSoftware.exe"


end of report
Whatever-or whoever, you do..be good!

#13 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:11:27 AM

Posted 17 October 2007 - 03:35 PM

Hi PrincessBene,

Please double-click the FindAWF icon once again
This time we are going to remove some folders.

If a Security Alert shows, allow the program to run.
As instructed, press any key to continue.
Use the following option: Press 3 then Enter to remove bak folders

A text file opens called: folders.txt
Click below the line and paste the following list of folders to be removed:

C:\hp\KBD\bak
C:\Program Files\eFax Messenger 4.1\bak
C:\Program Files\iTunes\bak
C:\Program Files\Lexmark 7300 Series\bak
C:\Program Files\Norton Internet Security\bak
C:\Program Files\QuickTime\bak
C:\Program Files\REGSHAVE\bak
C:\Program Files\SymNetDrv\bak
C:\WINDOWS\system32\bak
C:\Program Files\AWS\WeatherBug\bak
C:\Program Files\Common Files\Symantec Shared\bak
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\bak
C:\Program Files\HP\HP Software Update\bak
C:\Program Files\LogMeIn\x86\bak
C:\Program Files\Plaxo\2.13.0.12\bak
C:\Program Files\Pure Networks\Port Magic\bak
C:\Program Files\Skype\Phone\bak
C:\Program Files\Yahoo!\Messenger\bak
C:\Program Files\Adobe\Acrobat 7.0\Distillr\bak
C:\Program Files\Common Files\AOL\ACS\bak
C:\Program Files\Common Files\AOL\IPHSend\bak
C:\Program Files\Common Files\Real\Update_OB\bak
C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\bak
C:\Program Files\Java\jre1.5.0_10\bin\bak
C:\Program Files\LogMeIn\x86\bak
C:\Program Files\Common Files\AOL\1149188158\EE\bak


Next, close and click Yes to save the changes.

When done with the above, FindAWF automatically runs a new scan and opens a new log that you need to post.
Please provide the new FindAWF log in your reply

Edited by SifuMike, 17 October 2007 - 03:58 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#14 PrincessBene

PrincessBene
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Misery (Missouri)
  • Local time:01:27 PM

Posted 17 October 2007 - 05:53 PM

SiFuMike,
Cruising right along. Here's the log generated via option 3:


Find AWF report by noahdfear 2006
Version 1.40
Option 3 run successfully

The current date is: Wed 10/17/2007
The current time is: 17:18:43.73


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\MESSEN~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\LOGMEIN\UPDATE\2-30-555.BAK


Directory of C:\WINDOWS\ASSEMBLY\NATIVE~1.507\SBAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\LOGMEIN\X86\UPDATE\3-00-606.BAK



Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

15360 Aug 28 2007 "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SBAK\1289629175f8e0b57ccfee2a89ff7129\SBAK.ni.dll"
15360 Jul 12 2007 "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SBAK\48a15b6baec694b552c36dc9fa75c524\SBAK.ni.dll"
15360 Aug 28 2007 "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SBAK\1289629175f8e0b57ccfee2a89ff7129\SBAK.ni.dll"
15360 Jul 12 2007 "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SBAK\48a15b6baec694b552c36dc9fa75c524\SBAK.ni.dll"
57928 Apr 17 2007 "C:\Program Files\LogMeIn\x64\LogMeInSystray.exe"
63048 Apr 17 2007 "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe1191357025"
24592 Sep 27 2007 "C:\Program Files\LogMeIn\x86\update\3-00-606.bak\x86\LogMeInSystray.exe"


end of report
Whatever-or whoever, you do..be good!

#15 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:11:27 AM

Posted 17 October 2007 - 06:05 PM

Hi PrincessBene,

Looks good. :thumbsup:

Now run Option 4.

Double-click the FindAWF icon once again.
Use the following option: Press 4 then Enter to reset domain zones


When the program returns to the main menu, use the following option:
Press E then Enter to EXIT




If you have used Combofix before, please delete the version you are having and redownload it again, because Combofix is being updated everyday.

If your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix, please disable your scanner and redownload Combofix again. Because some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.



1. Download this file - combofix.exe to your Desktop.
Note:
It is important that it is saved directly to your desktop

2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you, C:\ComboFix.txt. Post the ComboFix log and a fresh Hijackthis log in your next reply.
Do NOT post the ComboFix-quarantined-files.txt - unless I ask you to.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall
If you have Norton Antivirus installed then disable script blocking so it will not interfere with the fix.

To disable Norton Script blocking Service:

* Disable the Script Blocking Service:
To open Services, click Start, point to Settings, and then click Control Panel.
Double-click Administrative Tools, and then double-click Services.
Find ScriptBlocking services, Right-click the service, and then click and then click Properties.
On the General tab, under Startup, click Disabled.
Under Service Status, click Stop button. Click Apply button.

* Disable the Script Blocking In Norton Settings:
Start Norton Antivirus.
Click Options. If a menu appears when you click Options, then click Norton Antivirus. The Norton Antivirus Options dialog box appears.
Click Script Blocking.
Uncheck Enable Script Blocking (recommended).
Click OK
You can reenable it afterwards when everything is clean again.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users